eBPF (extended Berkeley Packet Filter)

Extended, general-purpose, version of the Linux kernel's BPF.

(ebpf.io) eBPF - Introduction, Tutorials & Community Resources   website

ROAM_REFS: https://ebpf.io/

(en.wikipedia.org) eBPF - Wikipedia   website

ROAM_REFS: https://en.wikipedia.org/wiki/EBPF

eBPF is a technology that can run programs in a privileged context such as the operating system kernel. It is the successor to the Berkeley Packet Filter (BPF, with the "e" originally meaning "extended") filtering mechanism in Linux and is also used in non-networking parts of the Linux kernel as well.

It is used to safely and efficiently extend the capabilities of the kernel at runtime without requiring changes to kernel source code or loading kernel modules. Safety is provided through an in-kernel verifier which performs static code analysis and rejects programs which crash, hang or otherwise interfere with the kernel negatively.

This validation model differs from sandboxed environments, where the execution environment is restricted and the runtime has no insight about the program. Examples of programs that are automatically rejected are programs without strong exit guarantees (i.e. for/while loops without exit conditions) and programs dereferencing pointers without safety checks.

Local Graph

org-roam b7fe46b5-84f5-494e-9442-b356d8a44c15 BPF (Berkeley Packet Filter) db8ba741-6ba2-4abc-9d8d-2b56cde53985 eBPF (extended Berkeley Packet Filter) b7fe46b5-84f5-494e-9442-b356d8a44c15->db8ba741-6ba2-4abc-9d8d-2b56cde53985 db8ba741-6ba2-4abc-9d8d-2b56cde53985->b7fe46b5-84f5-494e-9442-b356d8a44c15 bf0bc2d7-17df-413c-823b-93904faffc58 Linux db8ba741-6ba2-4abc-9d8d-2b56cde53985->bf0bc2d7-17df-413c-823b-93904faffc58