eBPF (from “extended Berkeley Packet Filter”) is a subsystem introduced in Linux and allowing to load user programs into the kernel, to verify them for safety, possibly to JIT (Just-In-Time) compile them, and to attach them to hook points, where they run on certain events. eBPF's performance and flexibility make it suitable for a wide range of use cases, the most prominent being network packet processing, system monitoring, and security enforcement.
eBPF (from “extended Berkeley Packet Filter”) is a subsystem allowing to load user programs into the kernel, to verify them for safety, possibly to JIT (Just-In-Time) compile them, and to attach them to hook points, where they run on certain events. eBPF's performance and flexibility make it suitable for a wide range of use cases, the most prominent being network packet processing, system monitoring, and security enforcement. Introduced in Linux, eBPF gained support to varying degrees on other systems, including Windows or FreeBSD.
See also https://ebpf.io/ for a more detailed introduction and for additional resources. More assistance can also be found at the following locations:
- On Slack at https://ebpf.io/slack
- On IRC on Freenode, on #iovisor, #bpftrace or #xdp
- On the BPF mailing list (kernel development)
- On the xdp-newbies mailing list (mostly for XDP)
- On the awesome-ebpf repository
When submitting questions related to a specific eBPF piece of code, please consider including a full stand-alone reproducer, it helps a lot for debugging the issues.
