Wikipedia

eBPF

eBPFis a technology that can run programs in aprivileged contextsuch as theoperating systemkernel.[5]It is the successor to theBerkeley Packet Filter(BPF, with the "e" originally meaning "extended" ) filtering mechanism in Linux and is also used in non-networking parts of the Linux kernel as well.

eBPF
Original author(s)Alexei Starovoitov,
Daniel Borkmann[1][2]
Developer(s)Open source community,Meta,Google,Isovalent,Microsoft,Netflix[1]
Initial release2014;10 years ago(2014)[3]
RepositoryLinux:git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/
Windows:github.com/Microsoft/ebpf-for-windows/
Written inC
Operating systemLinux,Windows[4]
TypeRuntime system
LicenseLinux:GPL
Windows:MIT License
Websiteebpf.io

It is used to safely and efficiently extend the capabilities of the kernel atruntimewithout requiring changes to kernelsource codeor loadingkernel modules.[6]Safety is provided through an in-kernel verifier which performsstatic code analysisand rejects programs which crash, hang or otherwise interfere with the kernel negatively.[7][8]

This validation model differs fromsandboxedenvironments, where the execution environment is restricted and the runtime has no insight about the program.[9]Examples of programs that are automatically rejected are programs without strong exit guarantees (i.e. for/while loops without exit conditions) and programs dereferencing pointers without safety checks.[10]

Design

edit

Loaded programs which passed the verifier are eitherinterpretedor in-kerneljust-in-time compiled(JIT compiled) for native execution performance. The execution model isevent-drivenand with few exceptionsrun-to-completion,[2]meaning, programs can be attached to varioushookpoints in theoperating systemkernel and are run upon triggering of an event. eBPF use cases include (but are not limited to)networkingsuch asXDP,tracingandsecuritysubsystems.[5]Given eBPF's efficiency and flexibility opened up new possibilities to solve production issues,Brendan Greggfamously dubbed eBPF "superpowers for Linux".[11]Linus Torvaldssaid, "BPF has actually been really useful, and the real power of it is how it allows people to do specialized code that isn't enabled until asked for".[12]Due to its success in Linux, the eBPFruntimehas been ported to other operating systems such asWindows.[4]

History

edit

eBPF evolved from the classic Berkeley Packet Filter (cBPF, a retroactively-applied name). At the most basic level, it introduced the use of ten 64-bit registers (instead of two 32-bit long registers for cBPF), different jump semantics, a call instruction and corresponding register passing convention, new instructions, and a different encoding for these instructions.[13]

Most significant milestones in the evolution of eBPF
Date Event
April 2011 The first in-kernel Linuxjust-in-time compiler(JIT compiler) for the classic Berkeley Packet Filter was merged.[14]
January 2012 The first non-networking use case of the classic Berkeley Packet Filter,seccomp-bpf,[15]appeared; it allows filtering ofsystem callsusing a configurable policy implemented through BPF instructions.
March 2014 David S. Miller,primary maintainer of the Linux networking stack, accepted the rework of the old in-kernel BPFinterpreter.It was replaced by an eBPF interpreter and the Linux kernel internally translates classic BPF (cBPF) into eBPF instructions.[16]It was released in version 3.18 of the Linux kernel.[17]
March 2015 The ability to attach eBPF tokprobesas firsttracinguse case was merged.[19]In the same month, initial infrastructure work got accepted to attach eBPF to the networking traffic control (tc) layer allowing to attach eBPF to the core ingress and later also egress paths of the network stack, later heavily used by projects such asCilium.[20][21][22]
August 2015 The eBPFcompilerbackend got merged intoLLVM3.7.0 release.[23]
September 2015 Brendan Greggannounced a collection of new eBPF-based tracing tools as the bcc project, providing a front-end for eBPF to make it easier to write programs.[24]
July 2016 eBPF got the ability to be attached into network driver's core receive path. This layer is known today aseXpress DataPath(XDP) and was added as a response toDPDKto create a fast data path which works in combination with the Linux kernel rather than bypassing it.[25][26][27]
August 2016 Ciliumwas initially announced duringLinuxConas a project providing fastIPv6container networking with eBPF and XDP. Today, Cilium has been adopted by major cloud provider'sKubernetesofferings and is one of the most widely used CNIs.[28][22][29]
November 2016 Netronomeadded offload of eBPF programs for XDP and tc BPF layer to their NIC.[30]
May 2017 Meta's layer 4 load-balancer, Katran, went live. Every packet towardsfacebook.comsince then has been processed by eBPF & XDP.[31]
November 2017 eBPF becomes its own kernel subsystem to ease the continuously growing kernel patch management. The first pull request by eBPF maintainers was submitted.[32]
September 2017 Bpftool was added to the Linux kernel as a user space utility to introspect the eBPF subsystem.[33]
January 2018 A new socket family called AF_XDP was published, allowing for high performance packet processing with zero-copy semantics at the XDP layer.[34]Today,DPDKhas an official AF_XDP poll-mode driver support.[35]
February 2018 The bpfilter prototype has been published, allowing translation of a subset of iptables rulesets into eBPF via a newly developed user mode driver. The work has caused controversies due to the ongoing nftables development effort and has not been merged into mainline.[36][37]
October 2018 The new bpftrace tool has been announced byBrendan GreggasDTrace2.0 for Linux.[38]
November 2018 eBPF introspection has been added forkTLSin order to support the ability for in-kernel TLS policy enforcement.[39]
November 2018 BTF (BPF Type Format) has been added to the Linux kernel as an efficient meta data format which is approximately 100x smaller in size thanDWARF.[40]
December 2019 The first 880-page long book on BPF, written by Brendan Gregg, was released.[41]
March 2020 Googleupstreamed BPF LSM support into the Linux kernel, enabling programmableLinux Security Modules(LSMs) through eBPF.[42]
September 2020 The eBPF compiler backend forGNU Compiler Collection(GCC) was merged.[43]
July 2022 Microsoft released eBPF for Windows, which runs code in the NT kernel.[4]
October 2024 The eBPFinstruction set architecture(ISA) is published asRFC9669.

Architecture and concepts

edit

eBPF maps

edit

eBPF maps are efficientkey/value storesthat reside inkernel spaceand can be used to share data among multiple eBPF programs or to communicate between a user space application and eBPF code running in the kernel. eBPF programs can leverage eBPF maps to store and retrieve data in a wide set of data structures. Map implementations are provided by the core kernel. There are various types,[44]including hash maps, arrays, and ring buffers.

In practice, eBPF maps are typically used for scenarios such as a user space program writing configuration information to be retrieved by an eBPF program, an eBPF program storing state for later retrieval by another eBPF program (or a future run of the same program), or an eBPF program writing results or metrics into a map for retrieval by a user space program that will present results.[45]

eBPF virtual machine

edit

The eBPFvirtual machineruns within the kernel and takes in a program in the form of eBPFbytecodeinstructions which are converted tonative machine instructionsthat run on the CPU. Early implementations of eBPF saw eBPF bytecode interpreted, but this has now been replaced with aJust-in-Time (JIT) compilationprocess for performance and security-related reasons.[45]

The eBPF virtual machine consists of eleven 64-bit registers with 32-bit subregisters, aprogram counterand a 512-byte large BPF stack space. These general purposeregisterskeep track of state when eBPF programs are executed.[46]

Tail calls

edit

Tail callscan call and execute another eBPF program and replace theexecution context,similar to how theexecve()system call operates for regular processes. This basically allows an eBPF program to call another eBPF program. Tail calls are implemented as a long jump, reusing the samestack frame.Tail calls are particularly useful in eBPF, where the stack is limited to 512 bytes. During runtime, functionality can be added or replaced atomically, thus altering the BPF program’s execution behavior.[46]A popular use case for tail calls is to spread the complexity of eBPF programs over several programs. Another use case is for replacing or extending logic by replacing the contents of the program array while it is in use. For example, to update a program version withoutdowntimeor to enable/disable logic.[47]

BPF to BPF calls

edit

It is generally considered good practice in software development to group common code into afunctionencapsulating logic for reusability. Prior to Linux kernel 4.16 and LLVM 6.0, a typical eBPF C program had to explicitly direct the compiler toinline a functionresulting in a BPF object file that had duplicate functions. This restriction was lifted, and mainstream eBPF compilers now support writing functions naturally in eBPF programs. This reduces the generated eBPF code size making it friendlier to a CPU instruction cache.[45][46]

eBPF verifier

edit

The verifier is a core component of eBPF, and its main responsibility is to ensure that an eBPF program is safe to execute. It performs a static analysis of the eBPF bytecode to guarantee its safety. The verifier analyzes the program to assess all possible execution paths. It steps through the instructions in order and evaluates them. The verification process starts with adepth-firstsearch through all possible paths of the program, the verifier simulates the execution of each instruction, tracking the state of registers and stack if any instruction could lead to an unsafe state, verification fails. This process continues until all paths have been analyzed or a violation is found. Depending on the type of program, the verifier checks for violations of specific rules. These rules can include checking that an eBPF program always terminates within a reasonable amount of time (noinfinite loopsor infiniterecursion),checking that an eBPF program is not allowed to read arbitrary memory because being able to arbitrary read memory could allow a program leak sensitive information, checking that network programs are not allowed to access memory outside ofpacketbounds because adjacent memory could contain sensitive information, checking that programs are not allowed todeadlock,so any heldspinlocksmust be released and only one lock can be held at a time to avoid deadlocks over multiple programs, checking that programs are not allowed to read uninitialized memory. This is not an exhaustive list of the checks the verifier does, and there are exceptions to these rules. An example is that tracing programs have access to helpers that allow them to read memory in a controlled way, but these program types requireroot privilegesand thus do not pose a security risk.[47][45]

Over time the eBPF verifier has evolved to include newer features and optimizations, such as support for bounded loops,dead-code elimination,function-by-function verification, andcallbacks.

eBPF CO-RE (Compile Once - Run Everywhere)

edit

eBPF programs use the memory anddata structuresfrom the kernel. Some structures can be modified between different kernel versions, altering the memory layout. Since the Linux kernel is continuously developed, there is no guarantee that the internal data structures will remain the same across different versions. CO-RE is a fundamental concept in modern eBPF development that allows eBPF programs to be portable across different kernel versions and configurations. It addresses the challenge of kernel structure variations between differentLinux distributionsandversions.CO-RE comprises BTF (BPF Type Format) - ametadataformat that describes the types used in the kernel and eBPF programs and provides detailed information about struct layouts, field offsets, and data types. It enables runtime accessibility of kernel types, which is crucial for BPF program development and verification. BTF is included in the kernel image of BTF-enable kernels. Special relocations are emitted by thecompiler(e.g., LLVM). These relocations capture high-level descriptions of what information the eBPF program intends to access. Thelibbpflibrary adapts eBPF programs to work with the data structure layout on the target kernel where they run, even if this layout is different from the kernel where the code was compiled. To do this, libbpf needs the BPF CO-RE relocation information generated by Clang as part of the compilation process.[45]The compiled eBPF program is stored in anELF (Executable and Linkable Format)object file.This file contains BTF-type information andClang-generated relocations. The ELF format allows the eBPF loader (e.g., libbpf) to process and adjust the BPF program dynamically for the targetkernel.[48]

Branding

edit

The alias eBPF is often interchangeably used with BPF,[2][49]for example by the Linux kernel community. eBPF and BPF is referred to as a technology name likeLLVM.[2]eBPF evolved from the machine language for the filtering virtual machine in theBerkeley Packet Filteras an extended version, but as its use cases outgrew networking, today "eBPF" is preferentially interpreted as apseudo-acronym.[2]

Thebeeis the official logo for eBPF. At the first eBPF Summit there was a vote taken and the beemascotwas named "eBee".[50][51]The logo has originally been created by Vadim Shchekoldin.[51]Earlier unofficial eBPF mascots have existed in the past,[52]but have not seen widespread adoption.

Governance

edit

The eBPF Foundation was created in August 2021 with the goal to expand the contributions being made to extend the powerful capabilities of eBPF and grow beyond Linux.[1]Founding members includeMeta,Google,Isovalent,MicrosoftandNetflix.The purpose is to raise, budget and spend funds in support of various open source, open data and/or open standards projects relating to eBPF technologies[53]to further drive the growth and adoption of the eBPF ecosystem. Since inception,Red Hat,Huawei,Crowdstrike,Tigera, DaoCloud, Datoms, FutureWei also joined.[54]

Adoption

edit

eBPF has been adopted by a number of large-scale production users, for example:

Security

edit

Due to the ease of programmability, eBPF has been used as a tool for implementing microarchitectural timingside-channel attackssuch asSpectreagainst vulnerablemicroprocessors.[99]While unprivileged eBPF implemented mitigations against transient execution attacks,[100]unprivileged use has ultimately been disabled by the kernel community by default to protect from use against future hardware vulnerabilities.[101]

See also

edit

References

edit
  1. ^abc"Meta, Google, Isovalent, Microsoft and Netflix Launch eBPF Foundation as Part of the Linux Foundation".Linux Foundation.12 August 2021.Retrieved1 July2022.
  2. ^abcde"BPF Internals".USENIX LISA 2021 conference.1 June 2021.Retrieved1 July2022.
  3. ^"eBPF and Kubernetes: Little Helper Minions for Scaling Microservices".CNCFKubeCon + CloudNativeCon Europe 2020.19 August 2020.Retrieved1 July2022.
  4. ^abc"Making eBPF work on Windows".MicrosoftOpen Source Blog.10 May 2021.Retrieved1 July2022.
  5. ^ab"eBPF Documentation: What is eBPF?".eBPF.io.Retrieved1 July2022.
  6. ^"eBPF - Rethinking the Linux Kernel".QCon 2020.Retrieved1 July2022.
  7. ^"Safe Programs The Foundation of BPF".eBPF Summit 2021.8 November 2020.Retrieved1 July2022.
  8. ^"BPF and Spectre: Mitigating transient execution attacks".POPL 2022 conference.22 January 2022.Retrieved1 July2022.
  9. ^"eBPF - The Silent Platform Revolution from Cloud Native"(PDF).SIGCOMM 2023, 1st Workshop on eBPF and Kernel Extensions.10 September 2023.Retrieved5 October2023.
  10. ^Hedam, Niclas (26 May 2023)."eBPF - From a Programmer's Perspective"(PDF).doi:10.13140/RG.2.2.33688.11529/4.
  11. ^"Linux BPF Superpowers".Brendan Gregg's Blog.5 March 2016.Retrieved1 July2022.
  12. ^"Linus Torvalds talks about coming back to work on Linux".zdnet Interview with Linus Torvalds.23 October 2018.Retrieved1 July2022.
  13. ^"Classic BPF vs eBPF".LWN.March 2014.Retrieved6 January2023.
  14. ^"net: filter: Just In Time compiler".lore.kernel.org.April 2011.Retrieved1 July2022.
  15. ^"Yet another new approach to seccomp".LWN.1 January 2012.Retrieved1 July2022.
  16. ^"BPF updates".lore.kernel.org.March 2014.Retrieved1 July2022.
  17. ^"Linux kernel 3.18, Section 1.3. bpf() syscall for eBFP [sic] virtual machine programs ".kernelnewbies.org.December 7, 2014.RetrievedSeptember 6,2019.
  18. ^"Happy birthday BPF!".lore.kernel.org.September 2014.Retrieved1 July2022.
  19. ^"tracing: attach eBPF programs to kprobes".lore.kernel.org.March 2015.Retrieved1 July2022.
  20. ^"eBPF support for cls_bpf".lore.kernel.org.March 2015.Retrieved1 July2022.
  21. ^"net, sched: add clsact qdisc".lore.kernel.org.January 2016.Retrieved1 July2022.
  22. ^ab"eBPF-based Networking, Observability, Security".cilium.io.January 2016.Retrieved1 July2022.
  23. ^"LLVM 3.7 Release Notes".releases.llvm.org.August 2015.Retrieved1 July2022.
  24. ^"bcc: Taming Linux 4.3+ Tracing Superpowers".brendangregg.com.September 2015.Retrieved1 July2022.
  25. ^"Add driver bpf hook for early packet drop and forwarding".lore.kernel.org.July 2016.Retrieved1 July2022.
  26. ^"eCHO episode 9: XDP and Load Balancing".youtube.com.June 2021.Retrieved1 July2022.
  27. ^Høiland-Jørgensen, Toke; Brouer, Jesper Dangaard; Borkmann, Daniel; Fastabend, John; Herbert, Tom; Ahern, David; Miller, David (December 2018). "The eXpress data path: Fast programmable packet processing in the operating system kernel".Proceedings of the 14th International Conference on emerging Networking EXperiments and Technologies.pp. 54–66.doi:10.1145/3281411.3281443.ISBN9781450360807.S2CID53779310.
  28. ^"Cilium - Fast IPv6 Container Networking with BPF and XDP".slideshare.net.August 2016.Retrieved1 July2022.
  29. ^ab"New GKE Dataplane V2 increases security and visibility for containers".cloud.google.com.May 2021.Retrieved16 August2022.
  30. ^"nfp ring reconfiguration and XDP support".lore.kernel.org.November 2016.Retrieved1 July2022.
  31. ^ab"XDP 1.5 Years In Production. Evolution and Lessons Learned".lpc.events.November 2018.Retrieved16 August2022.
  32. ^"pull-request: bpf 2017-11-23".lore.kernel.org.November 2017.Retrieved1 July2022.
  33. ^"tools: add bpftool".lore.kernel.org.September 2017.Retrieved1 July2022.
  34. ^"Introducing AF_XDP support".lore.kernel.org.January 2018.Retrieved1 July2022.
  35. ^"AF_XDP Poll Mode Driver".doc.dpdk.org.August 2022.Retrieved16 August2022.
  36. ^"BPF comes to firewalls".lwn.net.February 2018.Retrieved1 July2022.
  37. ^"Why is the kernel community replacing iptables with BPF?".cilium.io.April 2018.Retrieved1 July2022.
  38. ^"bpftrace (DTrace 2.0) for Linux 2018".brendangregg.com.October 2018.Retrieved16 August2022.
  39. ^"Combining kTLS and BPF for Introspection and Policy Enforcement"(PDF).vger.kernel.org.November 2018.Retrieved1 July2022.
  40. ^"BTF deduplication and Linux kernel BTF".nakryiko.com.November 2018.Retrieved1 July2022.
  41. ^"BPF Performance Tools (book)".brendangregg.com.December 2019.Retrieved16 August2022.
  42. ^"MAC and Audit policy using eBPF (KRSI)".lore.kernel.org.March 2020.Retrieved16 August2022.
  43. ^"BPF in GCC".lwn.net.September 2020.Retrieved16 August2022.
  44. ^"bpf.h - include/uapi/linux/bpf.h - Linux source code v5.15.86 - Bootlin".elixir.bootlin.com.Retrieved2024-08-01.
  45. ^abcdeRice, Liz (2023).Learning eBPF: programming the Linux Kernel for enhanced observability, networking, and security(First ed.). Sebastopol, CA: O'Reilly Media.ISBN978-1-0981-3512-6.OCLC1353981026.
  46. ^abc"BPF Architecture — Cilium 1.16.0 documentation".docs.cilium.io.Retrieved2024-08-01.
  47. ^ab"Tail calls - eBPF Docs".ebpf-docs.dylanreimerink.nl.Retrieved2024-08-04.
  48. ^"BPF CO-RE - eBPF Docs".ebpf-docs.dylanreimerink.nl.Retrieved2024-08-07.
  49. ^Brendan Gregg(December 2019).BPF Performance Tools.Addison-Wesley.ISBN978-0136554820.
  50. ^"eBPF Summit Day Two".cilium.io.October 2020.Retrieved1 July2022.
  51. ^ab"What is the bee named?".ebpf.io.Retrieved1 July2022.
  52. ^"eBPF: One Small Step".Brendan Gregg's Blog.May 2015.Retrieved1 July2022.
  53. ^"eBPF Foundation Charter".ebpf.foundation.June 2021.Retrieved16 August2022.
  54. ^"eBPF Foundation Governance".ebpf.foundation.August 2022.Retrieved16 August2022.
  55. ^"Open-sourcing Katran, a scalable network load balancer".fb.com.May 2018.Retrieved16 August2022.
  56. ^"BPF at Facebook".youtube.com.December 2019.Retrieved16 August2022.
  57. ^"From XDP to socket".lpc.events.September 2021.Retrieved16 August2022.
  58. ^"eCHO episode 29: BPF LSM with KP Singh".youtube.com.November 2021.Retrieved16 August2022.
  59. ^"BPF security auditing at Google - Brendan Jackman/KP Singh".youtube.com.November 2021.Retrieved16 August2022.
  60. ^"Replacing HTB with EDT and BPF".netdevconf.info.July 2020.Retrieved16 August2022.
  61. ^"Cloudflare architecture and how BPF eats the world".blog.cloudflare.com.May 2019.Retrieved16 August2022.
  62. ^"It's crowded in here!".blog.cloudflare.com.October 2019.Retrieved16 August2022.
  63. ^"Production ready eBPF, or how we fixed the BSD socket API".blog.cloudflare.com.February 2022.Retrieved16 August2022.
  64. ^"Live-patching security vulnerabilities inside the Linux kernel with eBPF Linux Security Module".blog.cloudflare.com.June 2022.Retrieved16 August2022.
  65. ^"Unimog - Cloudflare's edge load balancer".blog.cloudflare.com.September 2020.Retrieved16 August2022.
  66. ^"How Netflix uses eBPF flow logs at scale for network insight".netflixtechblog.com.June 2021.Retrieved16 August2022.
  67. ^"Extending Vector with eBPF to inspect host and container performance".netflixtechblog.com.February 2019.Retrieved16 August2022.
  68. ^"Dropbox traffic infrastructure: Edge network".dropbox.tech.October 2018.Retrieved16 August2022.
  69. ^"eBPF Traffic Monitoring".source.android.com.August 2022.Retrieved16 August2022.
  70. ^"Extending the Kernel with eBPF".source.android.com.August 2022.Retrieved16 August2022.
  71. ^"NAT46 translation with BPF".lore.kernel.org.April 2022.Retrieved16 August2022.
  72. ^"BPF for Android: How we leverage BPF for our networking solutions - Madhan Raj Kanagarathinam".www.youtube.com.February 2024.Retrieved19 February2022.
  73. ^Software L4 Load Balancing for Kubernetes Services at Yahoo! – Karthikeyan Thangaraj, Verizon Media,19 August 2021,retrieved2024-02-03
  74. ^"Skyfall: eBPF agent for infrastructure observability".www.linkedin.com.Retrieved2024-02-03.
  75. ^"How Does Alibaba Cloud Build High-Performance Cloud-Native Pod Networks in Production Environments?".alibabacloud.com.September 2020.Retrieved16 August2022.
  76. ^"Datadog on eBPF".datadogon.datadoghq.com.February 2021.Retrieved16 August2022.
  77. ^"Runtime Security Monitoring with eBPF"(PDF).sstic.org.February 2021.Retrieved16 August2022.
  78. ^"Our eBPF Journey at Datadog - Laurent Bernaille & Tabitha Sable, Datadog".youtube.com.November 2020.Retrieved16 August2022.
  79. ^"User Story - How Trip.com uses Cilium".cilium.io.February 2020.Retrieved16 August2022.
  80. ^"Trip.com: Stepping into Cloud Native Networking Era with Cilium+BGP".arthurchiao.art.November 2020.Retrieved16 August2022.
  81. ^Keynote: Open Source Intrusion Detection for Containers at Shopify - Shane Lawrence & Kris Nóva,4 September 2020,retrieved2024-02-09
  82. ^Rogers, Patrick (2023-08-15)."BPFAgent: eBPF for Monitoring at DoorDash - DoorDash Engineering Blog".DoorDash Engineering Blog.Retrieved2024-02-09.
  83. ^"Making eBPF work on Windows".cloudblogs.microsoft.com.May 2021.Retrieved16 August2022.
  84. ^"Getting Linux based eBPF programs to run with eBPF for Windows".cloudblogs.microsoft.com.February 2022.Retrieved16 August2022.
  85. ^"Progress on making eBPF work on Windows".cloudblogs.microsoft.com.November 2019.Retrieved16 August2022.
  86. ^"Cilium Standalone Layer 4 Load Balancer XDP".cilium.io.July 2022.Retrieved16 August2022.
  87. ^Rate limiting access to internal services in a virtual network – Nick Bouliane, DigitalOcean,19 August 2021,retrieved2024-02-04
  88. ^"Building a Secure and Maintainable PaaS - Bradley Whitfield, Capital One".youtube.com.November 2020.Retrieved16 August2022.
  89. ^Why eBPF is changing the telco networking space – Daniel Bernier, Bell Canada,31 August 2021,retrieved2024-02-09
  90. ^Elastic Universal Profiling,retrieved2024-02-26
  91. ^"Think eBPF for Kernel Security Monitoring - Falco at Apple- Eric Sage & Melissa Kilby, Apple".youtube.com.October 2021.Retrieved16 August2022.
  92. ^"eBPF & Cilium at Sky – Sebastian Duff, Anthony Comtois, Jospeh [sic] Samuel, Sky".youtube.com.August 2021.Retrieved16 August2022.
  93. ^"Running and orchestrating multiple XDP and TC programs – Brian Merrell, Walmart".youtube.com.August 2021.Retrieved16 August2022.
  94. ^"High Performance Load Balancing @Walmart – Kanthi Pavuluri & Karan Dalal, Walmart".youtube.com.August 2021.Retrieved16 August2022.
  95. ^"DIGLIM eBPF: secure boot at application level with minimal changes to distros - Roberto Sassu".youtube.com.August 2022.Retrieved16 August2022.
  96. ^"IKEA Private Cloud, eBPF Based Networking, Load Balancing, and Observability with... Karsten Nielsen".youtube.com.May 2022.Retrieved16 August2022.
  97. ^Panel Discussion: Is There Actually a Byte Behind All the Buzz? eBPF in Production!,28 October 2022,retrieved2024-02-09
  98. ^Using user-space tracing to solve DNS problems – Andrius Grabauskas, Palantir,19 August 2021,retrieved2024-02-09
  99. ^"Reading privileged memory with a side-channel".googleprojectzero.blogspot.com.3 January 2018.Retrieved16 August2022.
  100. ^"BPF and Spectre: Mitigating transient execution attacks".popl22.sigplan.org.Retrieved16 August2022.
  101. ^"bpf: Disallow unprivileged bpf by default".kernel.org.Retrieved16 August2022.

Further reading

edit
edit
Retrieved from "https://en.wikipedia.org/w/index.php?title=EBPF&oldid=1260745246"