Cannabis Ruderalis

thcscience_admin
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Citation bot (talk | contribs)
Bots
4,910,208 edits
Alter: template type. Add: s2cid, isbn, doi, pages. | Use this bot. Report bugs. | Suggested by Eastmain | Category:Software | #UCB_Category 28/29
Mattledo (talk | contribs)
1 edit
m convert to article link
(37 intermediate revisions by 17 users not shown)
Line 12: Line 12:
| programming language = [[C (programming language)|C]]
| programming language = [[C (programming language)|C]]
| operating_system = [[Linux]], [[Microsoft Windows|Windows]]<ref name=":3">{{cite web|url=https://cloudblogs.microsoft.com/opensource/2021/05/10/making-ebpf-work-on-windows/|title=Making eBPF work on Windows|date=10 May 2021|website=[[Microsoft]] Open Source Blog|access-date=1 July 2022}}</ref>
| operating_system = [[Linux]], [[Microsoft Windows|Windows]]<ref name=":3">{{cite web|url=https://cloudblogs.microsoft.com/opensource/2021/05/10/making-ebpf-work-on-windows/|title=Making eBPF work on Windows|date=10 May 2021|website=[[Microsoft]] Open Source Blog|access-date=1 July 2022}}</ref>
| genre = [[Runtime system]], [[Sandbox (computer security)|Sandboxing]]
| genre = [[Runtime system]]
| license = Linux: [[GNU General Public License|GPL]]<br />Windows: [[MIT License]]
| license = Linux: [[GNU General Public License|GPL]]<br />Windows: [[MIT License]]
| website = {{URL|https://www.ebpf.io/|ebpf.io}}
| website = {{URL|https://www.ebpf.io/|ebpf.io}}
}}
}}
'''eBPF''' (sometimes referred to by the [[Acronym|acronym]] '''BPF''', standing for [[Berkeley Packet Filter]])<ref name=":4" /><ref name=":11">{{cite book|author = [[Brendan Gregg]]|date = December 2019|title = BPF Performance Tools|isbn = 978-0136554820}}</ref> is a technology that can run [[Sandbox (computer security)|sandboxed]] programs in a [[Privilege (computing)|privileged context]] such as the [[operating system]] [[Kernel (operating system)|kernel]].<ref name=":8">{{cite web|url=https://ebpf.io/what-is-ebpf|title=eBPF Documentation: What is eBPF?|website=eBPF.io|access-date=1 July 2022}}</ref> It is used to safely and efficiently extend the capabilities of the kernel at [[Runtime (program lifecycle phase)|runtime]] without requiring to change kernel [[source code]] or load [[Loadable kernel module|kernel modules]].<ref name=":9">{{cite web|url=https://www.infoq.com/presentations/facebook-google-bpf-linux-kernel/|title=eBPF - Rethinking the Linux Kernel|website=QCon 2020|access-date=1 July 2022}}</ref> Safety is provided through an in-kernel verifier which performs [[static code analysis]] and rejects programs which crash, hang or otherwise interfere with the kernel negatively.<ref name=":6">{{cite web|url=https://www.youtube.com/watch?v=AV8xY318rtc|title=Safe Programs The Foundation of BPF.|date=8 November 2020|website=eBPF Summit 2021|access-date=1 July 2022}}</ref><ref name=":7">{{cite web|url=https://popl22.sigplan.org/details/prisc-2022-papers/11/BPF-and-Spectre-Mitigating-transient-execution-attacks|title=BPF and Spectre: Mitigating transient execution attacks|date=22 January 2022|website=POPL 2022 conference|access-date=1 July 2022}}</ref> Examples of programs that are automatically rejected are programs without strong exit guarantees (i.e. for/while loops without exit conditions) and programs dereferencing pointers without safety-checks.<ref>{{Cite journal |last=Hedam |first=Niclas |date=2021 |title=eBPF - From a Programmer's Perspective |url=https://hed.am/papers/2021-EBPF.pdf |journal= |language=en |doi=10.13140/RG.2.2.33688.11529/3}}</ref> Loaded programs which passed the verifier are either [[Interpreter (computing)|interpreted]] or in-kernel [[Just-in-time compilation|JIT compiled]] for native execution performance. The execution model is [[event-driven programming|event-driven]] and with few exceptions [[run-to-completion]],<ref name=":4" /> meaning, programs can be attached to various [[Hooking|hook]] points in the [[operating system]] kernel and are run upon triggering of an event. eBPF use cases include (but are not limited to) [[Packet processing|networking]] such as [[Express Data Path|XDP]], [[Tracing (software)|tracing]] and [[Computer security software|security]] subsystems.<ref name=":8" /> Given eBPF's efficiency and flexibility opened up new possibilities to solve production issues, [[Brendan Gregg]] famously coined eBPF as "superpowers for Linux".<ref name=":5">{{cite web|url=https://www.brendangregg.com/blog/2016-03-05/linux-bpf-superpowers.html|title=Linux BPF Superpowers|date=5 March 2016|website=[[Brendan Gregg]]'s Blog|access-date=1 July 2022}}</ref> [[Linus Torvalds]] expressed that "BPF has actually been really useful, and the real power of it is how it allows people to do specialized code that isn't enabled until asked for".<ref name=":12">{{cite web|url=https://www.zdnet.com/article/linus-torvalds-talks-about-coming-back-to-work-on-linux/|title=Linus Torvalds talks about coming back to work on Linux|date=23 October 2018|website=zdnet Interview with Linus Torvalds|access-date=1 July 2022}}</ref> Due to its success in Linux, the eBPF [[Runtime system|runtime]] has been ported to other operating systems such as [[Windows]].<ref name=":3" />


'''eBPF''' is a technology that can run programs in a [[privilege (computing)|privileged context]] such as the [[operating system]] [[kernel (operating system)|kernel]].<ref name=":8">{{cite web|url=https://ebpf.io/what-is-ebpf|title=eBPF Documentation: What is eBPF?|website=eBPF.io|access-date=1 July 2022}}</ref> It is the successor to the [[Berkeley Packet Filter]] (BPF) filtering mechanism in Linux, and is also used in other parts of the Linux kernel as well.
== History ==
=== Evolution from classic BPF ===


It is used to safely and efficiently extend the capabilities of the kernel at [[runtime (program lifecycle phase)|runtime]] without requiring changes to kernel [[source code]] or loading [[loadable kernel module|kernel modules]].<ref name=":9">{{cite web|url=https://www.infoq.com/presentations/facebook-google-bpf-linux-kernel/|title=eBPF - Rethinking the Linux Kernel|website=QCon 2020|access-date=1 July 2022}}</ref> Safety is provided through an in-kernel verifier which performs [[static code analysis]] and rejects programs which crash, hang or otherwise interfere with the kernel negatively.<ref name=":6">{{cite web|url=https://www.youtube.com/watch?v=AV8xY318rtc|title=Safe Programs The Foundation of BPF.|date=8 November 2020|website=eBPF Summit 2021|access-date=1 July 2022}}</ref><ref name=":7">{{cite web|url=https://popl22.sigplan.org/details/prisc-2022-papers/11/BPF-and-Spectre-Mitigating-transient-execution-attacks|title=BPF and Spectre: Mitigating transient execution attacks|date=22 January 2022|website=POPL 2022 conference|access-date=1 July 2022}}</ref>
eBPF was built on top of the [[Berkeley Packet Filter]] (cBPF). At the lowest level, it introduced the use of ten 64-bit registers (instead of two 32-bit long registers for cBPF), different jump semantics, a call instruction and corresponding register passing convention, new instructions, and a different encoding for these instructions.<ref name="diff-cbpf">{{cite web|url=https://www.kernel.org/doc/html/v6.1/bpf/classic_vs_extended.html|title=Classic BPF vs eBPF|date=March 2014|website=LWN|access-date=6 January 2023}}</ref> A number of additional features were subsequently added. The evolution of eBPF took many years and a large community of contributors, and is still ongoing. The table below summarizes some of the most significant milestones of this evolution:

This validation model differs from [[sandboxed]] environments, where the execution environment is restricted and the runtime has no insight about the program.<ref name=":94">{{cite web|url=https://conferences.sigcomm.org/sigcomm/2023/files/workshop-ebpf/1-CloudNative.pdf#page=20|title=eBPF - The Silent Platform Revolution from Cloud Native|date=10 September 2023|website=SIGCOMM 2023, 1st Workshop on eBPF and Kernel Extensions|access-date=5 October 2023}}</ref> Examples of programs that are automatically rejected are programs without strong exit guarantees (i.e. for/while loops without exit conditions) and programs dereferencing pointers without safety checks.<ref>{{Cite web |last=Hedam |first=Niclas |date=26 May 2023 |title=eBPF - From a Programmer's Perspective |url=https://hed.am/papers/2021-EBPF.pdf |language=en |doi=10.13140/RG.2.2.33688.11529/4}}</ref>

== Design ==
Loaded programs which passed the verifier are either [[interpreter (computing)|interpreted]] or in-kernel [[just-in-time compiled]] (JIT compiled) for native execution performance. The execution model is [[event-driven programming|event-driven]] and with few exceptions [[run-to-completion]],<ref name=":4" /> meaning, programs can be attached to various [[Hooking|hook]] points in the [[operating system]] kernel and are run upon triggering of an event. eBPF use cases include (but are not limited to) [[Packet processing|networking]] such as [[Express Data Path|XDP]], [[Tracing (software)|tracing]] and [[Computer security software|security]] subsystems.<ref name=":8" /> Given eBPF's efficiency and flexibility opened up new possibilities to solve production issues, [[Brendan Gregg]] famously dubbed eBPF "superpowers for Linux".<ref name=":5">{{cite web|url=https://www.brendangregg.com/blog/2016-03-05/linux-bpf-superpowers.html|title=Linux BPF Superpowers|date=5 March 2016|website=[[Brendan Gregg]]'s Blog|access-date=1 July 2022}}</ref> [[Linus Torvalds]] said, "BPF has actually been really useful, and the real power of it is how it allows people to do specialized code that isn't enabled until asked for".<ref name=":12">{{cite web|url=https://www.zdnet.com/article/linus-torvalds-talks-about-coming-back-to-work-on-linux/|title=Linus Torvalds talks about coming back to work on Linux|date=23 October 2018|website=zdnet Interview with Linus Torvalds|access-date=1 July 2022}}</ref> Due to its success in Linux, the eBPF [[Runtime system|runtime]] has been ported to other operating systems such as [[Windows]].<ref name=":3" />

== History ==
eBPF was built on top of the Berkeley Packet Filter (cBPF). At the lowest level, it introduced the use of ten 64-bit registers (instead of two 32-bit long registers for cBPF), different jump semantics, a call instruction and corresponding register passing convention, new instructions, and a different encoding for these instructions.<ref name="diff-cbpf">{{cite web|url=https://www.kernel.org/doc/html/v6.1/bpf/classic_vs_extended.html|title=Classic BPF vs eBPF|date=March 2014|website=LWN|access-date=6 January 2023}}</ref>


{| class="wikitable"
{| class="wikitable"
Line 28: Line 34:
! Date !! Event
! Date !! Event
|-
|-
| April 2011 || The first in-kernel Linux [[Just-in-time compilation|JIT compiler]] for the classic Berkeley Packet Filter got merged.<ref name=":69">{{cite web|url=https://lore.kernel.org/netdev/1301838968.2837.200.camel@edumazet-laptop/|title=net: filter: Just In Time compiler|date=April 2011|website=lore.kernel.org|access-date=1 July 2022}}</ref>
| April 2011 || The first in-kernel Linux [[just-in-time compiler]] (JIT compiler) for the classic Berkeley Packet Filter got merged.<ref name=":69">{{cite web|url=https://lore.kernel.org/netdev/1301838968.2837.200.camel@edumazet-laptop/|title=net: filter: Just In Time compiler|date=April 2011|website=lore.kernel.org|access-date=1 July 2022}}</ref>
|-
|-
| January 2012 || The first non-networking use case of the classic Berkeley Packet Filter, [[seccomp|seccomp-bpf]],<ref name=":68">{{cite web|url=https://lwn.net/Articles/475043/|title=Yet another new approach to seccomp|date=1 January 2012|website=LWN|access-date=1 July 2022}}</ref> appeared; it allows filtering of [[system calls]] using a configurable policy implemented through BPF instructions.
| January 2012 || The first non-networking use case of the classic Berkeley Packet Filter, [[seccomp|seccomp-bpf]],<ref name=":68">{{cite web|url=https://lwn.net/Articles/475043/|title=Yet another new approach to seccomp|date=1 January 2012|website=LWN|access-date=1 July 2022}}</ref> appeared; it allows filtering of [[system calls]] using a configurable policy implemented through BPF instructions.
|-
|-
| March 2014 || [[David S. Miller]], primary maintainer of the Linux networking stack, accepted the rework of the old in-kernel BPF [[Interpreter (computing)|interpreter]]. It was replaced by an eBPF interpreter and the Linux kernel internally translates classic BPF (cBPF) into eBPF instructions.<ref name=":70">{{cite web|url=https://lore.kernel.org/netdev/1396029506-16776-1-git-send-email-dborkman@redhat.com/|title=BPF updates|date=March 2014|website=lore.kernel.org|access-date=1 July 2022}}</ref>
| March 2014 || [[David S. Miller]], primary maintainer of the Linux networking stack, accepted the rework of the old in-kernel BPF [[interpreter (computing)|interpreter]]. It was replaced by an eBPF interpreter and the Linux kernel internally translates classic BPF (cBPF) into eBPF instructions.<ref name=":70">{{cite web|url=https://lore.kernel.org/netdev/1396029506-16776-1-git-send-email-dborkman@redhat.com/|title=BPF updates|date=March 2014|website=lore.kernel.org|access-date=1 July 2022}}</ref>
|-
|-
|- September 2014 | The bpf [[system call]] was introduced into the Linux kernel, exposing the eBPF instruction set to user space.<ref name=":102">{{cite web|url=https://lore.kernel.org/bpf/20210926203409.kn3gzz2eaodflels@ast-mbp.dhcp.thefacebook.com/|title=Happy birthday BPF!|date=September 2014|website=lore.kernel.org|access-date=1 July 2022}}</ref>
|- September 2014 | The bpf [[system call]] was introduced into the Linux kernel, exposing the eBPF instruction set to user space.<ref name=":102">{{cite web|url=https://lore.kernel.org/bpf/20210926203409.kn3gzz2eaodflels@ast-mbp.dhcp.thefacebook.com/|title=Happy birthday BPF!|date=September 2014|website=lore.kernel.org|access-date=1 July 2022}}</ref>
|-
|-
| March 2015 || The ability to attach eBPF to kprobes as first [[Tracing (software)|tracing]] use case was merged.<ref name=":71">{{cite web|url=https://lore.kernel.org/netdev/1425252465-27527-1-git-send-email-ast@plumgrid.com/|title=tracing: attach eBPF programs to kprobes|date=March 2015|website=lore.kernel.org|access-date=1 July 2022}}</ref> In the same month, initial infrastructure work got accepted to attach eBPF to the networking traffic control (tc) layer allowing to attach eBPF to the core ingress and later also egress paths of the network stack, later heavily used by projects such as Cilium.<ref name=":72">{{cite web|url=https://lore.kernel.org/netdev/cover.1425208501.git.daniel@iogearbox.net/|title=eBPF support for cls_bpf|date=March 2015|website=lore.kernel.org|access-date=1 July 2022}}</ref><ref name=":73">{{cite web|url=https://lore.kernel.org/netdev/61198814638d88ce3555dbecf8ef875523b95743.1452197856.git.daniel@iogearbox.net/|title=net, sched: add clsact qdisc|date=January 2016|website=lore.kernel.org|access-date=1 July 2022}}</ref><ref name=":110">{{cite web|url=https://cilium.io/|title=eBPF-based Networking, Observability, Security|date=January 2016|website=cilium.io|access-date=1 July 2022}}</ref>
| March 2015 || The ability to attach eBPF to [[kprobe]]s as first [[tracing (software)|tracing]] use case was merged.<ref name=":71">{{cite web|url=https://lore.kernel.org/netdev/1425252465-27527-1-git-send-email-ast@plumgrid.com/|title=tracing: attach eBPF programs to kprobes|date=March 2015|website=lore.kernel.org|access-date=1 July 2022}}</ref> In the same month, initial infrastructure work got accepted to attach eBPF to the networking traffic control (tc) layer allowing to attach eBPF to the core ingress and later also egress paths of the network stack, later heavily used by projects such as [[Cilium (computing)|Cilium]].<ref name=":72">{{cite web|url=https://lore.kernel.org/netdev/cover.1425208501.git.daniel@iogearbox.net/|title=eBPF support for cls_bpf|date=March 2015|website=lore.kernel.org|access-date=1 July 2022}}</ref><ref name=":73">{{cite web|url=https://lore.kernel.org/netdev/61198814638d88ce3555dbecf8ef875523b95743.1452197856.git.daniel@iogearbox.net/|title=net, sched: add clsact qdisc|date=January 2016|website=lore.kernel.org|access-date=1 July 2022}}</ref><ref name=":110">{{cite web|url=https://cilium.io/|title=eBPF-based Networking, Observability, Security|date=January 2016|website=cilium.io|access-date=1 July 2022}}</ref>
|-
|-
| August 2015 || The eBPF [[compiler]] backend got merged into [[LLVM]] 3.7.0 release.<ref name=":74">{{cite web|url=https://releases.llvm.org/3.7.0/docs/ReleaseNotes.html#non-comprehensive-list-of-changes-in-this-release|title=LLVM 3.7 Release Notes|date=August 2015|website=releases.llvm.org|access-date=1 July 2022}}</ref>
| August 2015 || The eBPF [[compiler]] backend got merged into [[LLVM]] 3.7.0 release.<ref name=":74">{{cite web|url=https://releases.llvm.org/3.7.0/docs/ReleaseNotes.html#non-comprehensive-list-of-changes-in-this-release|title=LLVM 3.7 Release Notes|date=August 2015|website=releases.llvm.org|access-date=1 July 2022}}</ref>
Line 42: Line 48:
| September 2015 || [[Brendan Gregg]] announced a collection of new eBPF-based tracing tools as the bcc project, providing a front-end for eBPF to make it easier to write programs.<ref name=":75">{{cite web|url=https://www.brendangregg.com/blog/2015-09-22/bcc-linux-4.3-tracing.html|title=bcc: Taming Linux 4.3+ Tracing Superpowers|date=September 2015|website=brendangregg.com|access-date=1 July 2022}}</ref>
| September 2015 || [[Brendan Gregg]] announced a collection of new eBPF-based tracing tools as the bcc project, providing a front-end for eBPF to make it easier to write programs.<ref name=":75">{{cite web|url=https://www.brendangregg.com/blog/2015-09-22/bcc-linux-4.3-tracing.html|title=bcc: Taming Linux 4.3+ Tracing Superpowers|date=September 2015|website=brendangregg.com|access-date=1 July 2022}}</ref>
|-
|-
| July 2016 || eBPF got the ability to be attached into network driver's core receive path. This layer is known today as [[Express Data Path|eXpress DataPath]] (XDP) and was added as a response to [[DPDK]] to create a fast data path which works in combination with the Linux kernel rather than bypassing it.<ref name=":76">{{cite web|url=https://lore.kernel.org/netdev/1468955817-10604-1-git-send-email-bblanco@plumgrid.com/|title=Add driver bpf hook for early packet drop and forwarding|date=July 2016|website=lore.kernel.org|access-date=1 July 2022}}</ref><ref name=":77">{{cite web|url=https://www.youtube.com/watch?v=OIyPm6K4ooY|title=eCHO episode 9: XDP and Load Balancing|date=June 2021|website=youtube.com|access-date=1 July 2022}}</ref><ref name=":78">{{cite book|url=https://dl.acm.org/doi/pdf/10.1145/3281411.3281443|title=The eXpress Data Path: Fast Programmable Packet Processing in the Operating System Kernel|date=December 2018|website=acm.org|pages=54–66 |doi=10.1145/3281411.3281443 |isbn=9781450360807 |s2cid=53779310 |access-date=1 July 2022}}</ref>
| July 2016 || eBPF got the ability to be attached into network driver's core receive path. This layer is known today as [[Express Data Path|eXpress DataPath]] (XDP) and was added as a response to [[DPDK]] to create a fast data path which works in combination with the Linux kernel rather than bypassing it.<ref name=":76">{{cite web|url=https://lore.kernel.org/netdev/1468955817-10604-1-git-send-email-bblanco@plumgrid.com/|title=Add driver bpf hook for early packet drop and forwarding|date=July 2016|website=lore.kernel.org|access-date=1 July 2022}}</ref><ref name=":77">{{cite web|url=https://www.youtube.com/watch?v=OIyPm6K4ooY|title=eCHO episode 9: XDP and Load Balancing|date=June 2021|website=youtube.com|access-date=1 July 2022}}</ref><ref name=":78">{{cite conference|url=https://dl.acm.org/doi/pdf/10.1145/3281411.3281443|date=December 2018|website=acm.org|pages=54–66 |doi=10.1145/3281411.3281443 |isbn=9781450360807 |s2cid=53779310 |access-date=1 July 2022 |title=The eXpress data path: Fast programmable packet processing in the operating system kernel |book-title=Proceedings of the 14th International Conference on emerging Networking EXperiments and Technologies |last1=Høiland-Jørgensen |first1=Toke |last2=Brouer |first2=Jesper Dangaard |last3=Borkmann |first3=Daniel |last4=Fastabend |first4=John |last5=Herbert |first5=Tom |last6=Ahern |first6=David |last7=Miller |first7=David |doi-access=free }}</ref>
|-
|-
| August 2016 || Cilium was initially announced during [[LinuxCon]] as a project providing fast [[IPv6]] container networking with eBPF and XDP. Today, Cilium has been adopted by major cloud provider's [[Kubernetes]] offerings and is one of the most widely used CNIs.<ref name=":80">{{cite web|url=https://www.slideshare.net/ThomasGraf5/cilium-fast-ipv6-container-networking-with-bpf-and-xdp|title=Cilium - Fast IPv6 Container Networking with BPF and XDP|date=August 2016|website=slideshare.net|access-date=1 July 2022}}</ref><ref name=":110" /><ref name=":33" />
| August 2016 || [[Cilium (computing)|Cilium]] was initially announced during [[LinuxCon]] as a project providing fast [[IPv6]] container networking with eBPF and XDP. Today, Cilium has been adopted by major cloud provider's [[Kubernetes]] offerings and is one of the most widely used CNIs.<ref name=":80">{{cite web|url=https://www.slideshare.net/ThomasGraf5/cilium-fast-ipv6-container-networking-with-bpf-and-xdp|title=Cilium - Fast IPv6 Container Networking with BPF and XDP|date=August 2016|website=slideshare.net|access-date=1 July 2022}}</ref><ref name=":110" /><ref name=":33" />
|-
|-
| November 2016 || [[Netronome]] added offload of eBPF programs for XDP and tc BPF layer to their NIC.<ref name=":79">{{cite web|url=https://lore.kernel.org/netdev/1478193129-23476-1-git-send-email-jakub.kicinski@netronome.com/|title=nfp ring reconfiguration and XDP support|date=November 2016|website=lore.kernel.org|access-date=1 July 2022}}</ref>
| November 2016 || [[Netronome]] added offload of eBPF programs for XDP and tc BPF layer to their NIC.<ref name=":79">{{cite web|url=https://lore.kernel.org/netdev/1478193129-23476-1-git-send-email-jakub.kicinski@netronome.com/|title=nfp ring reconfiguration and XDP support|date=November 2016|website=lore.kernel.org|access-date=1 July 2022}}</ref>
|-
|-
| May 2017 || [[Meta Platforms|Meta]]'s layer 4 load-balancer, Katran, went live. Every packet towards facebook.com since then has been processed by eBPF & XDP.<ref name=":32" />
| May 2017 || [[Meta Platforms|Meta]]'s layer 4 load-balancer, Katran, went live. Every packet towards [[facebook.com]] since then has been processed by eBPF & XDP.<ref name=":32" />
|-
|-
| November 2017 || eBPF becomes its own kernel subsystem to ease the continuously growing kernel patch management. The first pull request by eBPF maintainers was submitted.<ref name=":81">{{cite web|url=https://lore.kernel.org/netdev/20171123120135.8371-1-daniel@iogearbox.net/|title=pull-request: bpf 2017-11-23|date=November 2017|website=lore.kernel.org|access-date=1 July 2022}}</ref>
| November 2017 || eBPF becomes its own kernel subsystem to ease the continuously growing kernel patch management. The first pull request by eBPF maintainers was submitted.<ref name=":81">{{cite web|url=https://lore.kernel.org/netdev/20171123120135.8371-1-daniel@iogearbox.net/|title=pull-request: bpf 2017-11-23|date=November 2017|website=lore.kernel.org|access-date=1 July 2022}}</ref>
Line 64: Line 70:
| November 2018 || BTF (BPF Type Format) has been added to the Linux kernel as an efficient meta data format which is approximately 100x smaller in size than [[DWARF]].<ref name=":831">{{cite web|url=https://nakryiko.com/posts/btf-dedup/|title=BTF deduplication and Linux kernel BTF|date=November 2018|website=nakryiko.com|access-date=1 July 2022}}</ref>
| November 2018 || BTF (BPF Type Format) has been added to the Linux kernel as an efficient meta data format which is approximately 100x smaller in size than [[DWARF]].<ref name=":831">{{cite web|url=https://nakryiko.com/posts/btf-dedup/|title=BTF deduplication and Linux kernel BTF|date=November 2018|website=nakryiko.com|access-date=1 July 2022}}</ref>
|-
|-
| December 2019 || The first 880-page long book on BPF, written by [[Brendan Gregg]], was released.<ref name=":90">{{cite web|url=https://www.brendangregg.com/bpf-performance-tools-book.html|title=BPF Performance Tools (book)|date=December 2019|website=brendangregg.com|access-date=16 August 2022}}</ref>
| December 2019 || The first 880-page long book on BPF, written by Brendan Gregg, was released.<ref name=":90">{{cite web|url=https://www.brendangregg.com/bpf-performance-tools-book.html|title=BPF Performance Tools (book)|date=December 2019|website=brendangregg.com|access-date=16 August 2022}}</ref>
|-
|-
| March 2020 || [[Google]] upstreamed BPF LSM support into the Linux kernel, enabling programmable [[Linux Security Modules|LSMs]] through eBPF.<ref name=":92">{{cite web|url=https://lore.kernel.org/bpf/20200329004356.27286-1-kpsingh@chromium.org/|title=MAC and Audit policy using eBPF (KRSI)|date=March 2020|website=lore.kernel.org|access-date=16 August 2022}}</ref>
| March 2020 || [[Google]] upstreamed BPF LSM support into the Linux kernel, enabling programmable [[Linux Security Modules]] (LSMs) through eBPF.<ref name=":92">{{cite web|url=https://lore.kernel.org/bpf/20200329004356.27286-1-kpsingh@chromium.org/|title=MAC and Audit policy using eBPF (KRSI)|date=March 2020|website=lore.kernel.org|access-date=16 August 2022}}</ref>
|-
|-
| September 2020 || The eBPF compiler backend for [[GNU Compiler Collection|GCC]] was merged.<ref name=":91">{{cite web|url=https://lwn.net/Articles/831402/|title=BPF in GCC
| September 2020 || The eBPF compiler backend for [[GNU Compiler Collection]] (GCC) was merged.<ref name=":91">{{cite web|url=https://lwn.net/Articles/831402/|title=BPF in GCC
|date=September 2020|website=lwn.net|access-date=16 August 2022}}</ref>
|date=September 2020|website=lwn.net|access-date=16 August 2022}}</ref>
|}
|}


=== Adoption ===
== Branding ==
The alias eBPF is often interchangeably used with BPF,<ref name=":4" /><ref name=":11">{{cite book|author = [[Brendan Gregg]]|date = December 2019|title = BPF Performance Tools| publisher=Addison-Wesley |isbn = 978-0136554820}}</ref> for example by the Linux kernel community. eBPF and BPF is referred to as a technology name like [[LLVM]].<ref name=":4" /> eBPF evolved from the [[Berkeley Packet Filter]] as an extended version, but its use case outgrew networking, and today eBPF as a [[Acronym#Pseudo-acronyms|pseudo-acronym]] is preferred.<ref name=":4" />

The [[bee]] is the official logo for eBPF. At the first eBPF Summit there was a vote taken and the bee [[mascot]] was named "eBee".<ref name=":26">{{cite web|url=https://cilium.io/blog/2020/10/29/ebpf-summit-day-2|title=eBPF Summit Day Two|date=October 2020|website=cilium.io|access-date=1 July 2022}}</ref><ref name=":27">{{cite web|url=https://ebpf.io/what-is-ebpf#what-is-the-bee-named|title=What is the bee named?|website=ebpf.io|access-date=1 July 2022}}</ref> The logo has originally been created by Vadim Shchekoldin.<ref name=":27" /> Earlier unofficial eBPF mascots have existed in the past,<ref name=":291">{{cite web|url=https://www.brendangregg.com/blog/2015-05-15/ebpf-one-small-step.html|title=eBPF: One Small Step|website=Brendan Gregg's Blog|date=May 2015|access-date=1 July 2022}}</ref> but haven't seen widespread adoption.

== Governance ==
The eBPF Foundation was created in August 2021 with the goal to expand the contributions being made to extend the powerful capabilities of eBPF and grow beyond Linux.<ref name=":1" /> Founding members include [[Meta Platforms|Meta]], [[Google]], Isovalent, [[Microsoft]] and [[Netflix]]. The purpose is to raise, budget and spend funds in support of various open source, open data and/or open standards projects relating to eBPF technologies<ref name=":28">{{cite web|url=https://ebpf.foundation/charter/|title=eBPF Foundation Charter|date=June 2021|website=ebpf.foundation|access-date=16 August 2022}}</ref> to further drive the growth and adoption of the eBPF ecosystem. Since inception, [[Red Hat]], [[Huawei]], [[Crowdstrike]], Tigera, DaoCloud, Datoms, FutureWei also joined.<ref name=":64">{{cite web|url=https://ebpf.foundation/governance/|title=eBPF Foundation Governance|date=August 2022|website=ebpf.foundation|access-date=16 August 2022}}</ref>

== Adoption ==
eBPF has been adopted by a number of large-scale production users, for example:
eBPF has been adopted by a number of large-scale production users, for example:


Line 78: Line 92:
* [[Google]] uses eBPF in [[Google Cloud Platform|GKE]], developed and uses BPF LSM to replace audit and it uses eBPF for networking<ref name=":33">{{cite web|url=https://cloud.google.com/blog/products/containers-kubernetes/bringing-ebpf-and-cilium-to-google-kubernetes-engine|title=New GKE Dataplane V2 increases security and visibility for containers|date=May 2021|website=cloud.google.com|access-date=16 August 2022}}</ref><ref name=":34">{{cite web|url=https://www.youtube.com/watch?v=OBFYMBHrstI|title=eCHO episode 29: BPF LSM with KP Singh|date=November 2021|website=youtube.com|access-date=16 August 2022}}</ref><ref name=":35">{{cite web|url=https://www.youtube.com/watch?v=URm_q9ylxBk|title=BPF security auditing at Google - Brendan Jackman/KP Singh|date=November 2021|website=youtube.com|access-date=16 August 2022}}</ref><ref name=":36">{{cite web|url=https://legacy.netdevconf.info/0x14/session.html?talk-replacing-HTB-with-EDT-and-BPF|title=Replacing HTB with EDT and BPF|date=July 2020|website=netdevconf.info|access-date=16 August 2022}}</ref>
* [[Google]] uses eBPF in [[Google Cloud Platform|GKE]], developed and uses BPF LSM to replace audit and it uses eBPF for networking<ref name=":33">{{cite web|url=https://cloud.google.com/blog/products/containers-kubernetes/bringing-ebpf-and-cilium-to-google-kubernetes-engine|title=New GKE Dataplane V2 increases security and visibility for containers|date=May 2021|website=cloud.google.com|access-date=16 August 2022}}</ref><ref name=":34">{{cite web|url=https://www.youtube.com/watch?v=OBFYMBHrstI|title=eCHO episode 29: BPF LSM with KP Singh|date=November 2021|website=youtube.com|access-date=16 August 2022}}</ref><ref name=":35">{{cite web|url=https://www.youtube.com/watch?v=URm_q9ylxBk|title=BPF security auditing at Google - Brendan Jackman/KP Singh|date=November 2021|website=youtube.com|access-date=16 August 2022}}</ref><ref name=":36">{{cite web|url=https://legacy.netdevconf.info/0x14/session.html?talk-replacing-HTB-with-EDT-and-BPF|title=Replacing HTB with EDT and BPF|date=July 2020|website=netdevconf.info|access-date=16 August 2022}}</ref>
* [[Cloudflare]] uses eBPF for load-balancing and DDoS protection and security enforcement<ref name=":37">{{cite web|url=https://blog.cloudflare.com/cloudflare-architecture-and-how-bpf-eats-the-world/|title=Cloudflare architecture and how BPF eats the world|date=May 2019|website=blog.cloudflare.com|access-date=16 August 2022}}</ref><ref name=":38">{{cite web|url=https://blog.cloudflare.com/its-crowded-in-here/|title=It's crowded in here!|date=October 2019|website=blog.cloudflare.com|access-date=16 August 2022}}</ref><ref name=":39">{{cite web|url=https://blog.cloudflare.com/tubular-fixing-the-socket-api-with-ebpf/|title=Production ready eBPF, or how we fixed the BSD socket API|date=February 2022|website=blog.cloudflare.com|access-date=16 August 2022}}</ref><ref name=":63">{{cite web|url=https://blog.cloudflare.com/live-patch-security-vulnerabilities-with-ebpf-lsm/|title=Live-patching security vulnerabilities inside the Linux kernel with eBPF Linux Security Module|date=June 2022|website=blog.cloudflare.com|access-date=16 August 2022}}</ref><ref name=":88">{{cite web|url=https://blog.cloudflare.com/unimog-cloudflares-edge-load-balancer/|title=Unimog - Cloudflare's edge load balancer|date=September 2020|website=blog.cloudflare.com|access-date=16 August 2022}}</ref>
* [[Cloudflare]] uses eBPF for load-balancing and DDoS protection and security enforcement<ref name=":37">{{cite web|url=https://blog.cloudflare.com/cloudflare-architecture-and-how-bpf-eats-the-world/|title=Cloudflare architecture and how BPF eats the world|date=May 2019|website=blog.cloudflare.com|access-date=16 August 2022}}</ref><ref name=":38">{{cite web|url=https://blog.cloudflare.com/its-crowded-in-here/|title=It's crowded in here!|date=October 2019|website=blog.cloudflare.com|access-date=16 August 2022}}</ref><ref name=":39">{{cite web|url=https://blog.cloudflare.com/tubular-fixing-the-socket-api-with-ebpf/|title=Production ready eBPF, or how we fixed the BSD socket API|date=February 2022|website=blog.cloudflare.com|access-date=16 August 2022}}</ref><ref name=":63">{{cite web|url=https://blog.cloudflare.com/live-patch-security-vulnerabilities-with-ebpf-lsm/|title=Live-patching security vulnerabilities inside the Linux kernel with eBPF Linux Security Module|date=June 2022|website=blog.cloudflare.com|access-date=16 August 2022}}</ref><ref name=":88">{{cite web|url=https://blog.cloudflare.com/unimog-cloudflares-edge-load-balancer/|title=Unimog - Cloudflare's edge load balancer|date=September 2020|website=blog.cloudflare.com|access-date=16 August 2022}}</ref>
* [[Netflix]] uses eBPF for fleet-wide network observability and performance diagnosis<ref name=":40">{{cite web|url=https://netflixtechblog.com/how-netflix-uses-ebpf-flow-logs-at-scale-for-network-insight-e3ea997dca96|title=How Netflix uses eBPF flow logs at scale for network insight|date=June 2021|website=netflixtechblog.com|access-date=16 August 2022}}</ref><ref name=":41">{{cite web|url=https://netflixtechblog.com/extending-vector-with-ebpf-to-inspect-host-and-container-performance-5da3af4c584b|title=Extending Vector with eBPF to inspect host and container performance|date=February 2019|website=netflixtechblog.com|access-date=16 August 2022}}</ref>
* [[Netflix]] uses eBPF for fleet-wide network [[Observability (software)|observability]] and performance diagnosis<ref name=":40">{{cite web|url=https://netflixtechblog.com/how-netflix-uses-ebpf-flow-logs-at-scale-for-network-insight-e3ea997dca96|title=How Netflix uses eBPF flow logs at scale for network insight|date=June 2021|website=netflixtechblog.com|access-date=16 August 2022}}</ref><ref name=":41">{{cite web|url=https://netflixtechblog.com/extending-vector-with-ebpf-to-inspect-host-and-container-performance-5da3af4c584b|title=Extending Vector with eBPF to inspect host and container performance|date=February 2019|website=netflixtechblog.com|access-date=16 August 2022}}</ref>
* [[Dropbox]] uses eBPF through Katran for layer 4 load-balancing<ref name=":42">{{cite web|url=https://dropbox.tech/infrastructure/dropbox-traffic-infrastructure-edge-network|title=Dropbox traffic infrastructure: Edge network|date=October 2018|website=dropbox.tech|access-date=16 August 2022}}</ref>
* [[Dropbox]] uses eBPF through Katran for layer 4 load-balancing<ref name=":42">{{cite web|url=https://dropbox.tech/infrastructure/dropbox-traffic-infrastructure-edge-network|title=Dropbox traffic infrastructure: Edge network|date=October 2018|website=dropbox.tech|access-date=16 August 2022}}</ref>
* [[Android (operating system)|Android]] uses eBPF for NAT46 and traffic monitoring<ref name=":43">{{cite web|url=https://source.android.com/docs/core/datausage/ebpf-traffic-monitor|title=eBPF Traffic Monitoring|date=August 2022|website=source.android.com|access-date=16 August 2022}}</ref><ref name=":44">{{cite web|url=https://source.android.com/docs/core/architecture/kernel/bpf|title=Extending the Kernel with eBPF|date=August 2022|website=source.android.com|access-date=16 August 2022}}</ref><ref name=":45">{{cite web|url=https://lore.kernel.org/bpf/20220407084727.10241-1-lina.wang@mediatek.com/|title=NAT46 translation with BPF|date=April 2022|website=lore.kernel.org|access-date=16 August 2022}}</ref>
* [[Android (operating system)|Android]] uses eBPF for NAT46 and traffic monitoring<ref name=":43">{{cite web|url=https://source.android.com/docs/core/datausage/ebpf-traffic-monitor|title=eBPF Traffic Monitoring|date=August 2022|website=source.android.com|access-date=16 August 2022}}</ref><ref name=":44">{{cite web|url=https://source.android.com/docs/core/architecture/kernel/bpf|title=Extending the Kernel with eBPF|date=August 2022|website=source.android.com|access-date=16 August 2022}}</ref><ref name=":45">{{cite web|url=https://lore.kernel.org/bpf/20220407084727.10241-1-lina.wang@mediatek.com/|title=NAT46 translation with BPF|date=April 2022|website=lore.kernel.org|access-date=16 August 2022}}</ref>
* [[Samsung Galaxy]] uses eBPF for Networking solutions <ref name=":Samsung">{{cite web|url=https://www.youtube.com/watch?v=unnVlwyevmU|title=BPF for Android: How we leverage BPF for our networking solutions - Madhan Raj Kanagarathinam|date=February 2024|website=www.youtube.com|access-date=19 February 2022}}</ref>
* [[Yahoo! Inc. (2017–present)|Yahoo! Inc]] uses eBPF through Cilium for layer 4 load balancing<ref>{{Citation |title=Software L4 Load Balancing for Kubernetes Services at Yahoo! – Karthikeyan Thangaraj, Verizon Media |url=https://www.youtube.com/watch?v=-C86fBMcp5Q |access-date=2024-02-03 |language=en}}</ref>
* [[LinkedIn]] uses eBPF for infrastructure observability<ref>{{Cite web |title=Skyfall: eBPF agent for infrastructure observability |url=https://www.linkedin.com/blog/engineering/infrastructure/skyfall-ebpf-agent-for-infrastructure-observability |access-date=2024-02-03 |website=www.linkedin.com |language=en}}</ref>
* [[Alibaba Group|Alibaba]] uses eBPF for [[Kubernetes]] Pod load-balancing<ref name=":46">{{cite web|url=https://www.alibabacloud.com/blog/how-does-alibaba-cloud-build-high-performance-cloud-native-pod-networks-in-production-environments_596590|title=How Does Alibaba Cloud Build High-Performance Cloud-Native Pod Networks in Production Environments?|date=September 2020|website=alibabacloud.com|access-date=16 August 2022}}</ref>
* [[Alibaba Group|Alibaba]] uses eBPF for [[Kubernetes]] Pod load-balancing<ref name=":46">{{cite web|url=https://www.alibabacloud.com/blog/how-does-alibaba-cloud-build-high-performance-cloud-native-pod-networks-in-production-environments_596590|title=How Does Alibaba Cloud Build High-Performance Cloud-Native Pod Networks in Production Environments?|date=September 2020|website=alibabacloud.com|access-date=16 August 2022}}</ref>
* [[Datadog]] uses eBPF for [[Kubernetes]] Pod networking and security enforcement<ref name=":47">{{cite web|url=https://datadogon.datadoghq.com/episodes/datadog-on-ebpf/|title=Datadog on eBPF|date=February 2021|website=datadogon.datadoghq.com|access-date=16 August 2022}}</ref><ref name=":48">{{cite web|url=https://www.sstic.org/media/SSTIC2021/SSTIC-actes/runtime_security_with_ebpf/SSTIC2021-Article-runtime_security_with_ebpf-fournier_afchain_baubeau.pdf|title=Runtime Security Monitoring with eBPF|date=February 2021|website=sstic.org|access-date=16 August 2022}}</ref><ref name=":49">{{cite web|url=https://www.youtube.com/watch?v=6mTVuZUHLBg|title=Our eBPF Journey at Datadog - Laurent Bernaille & Tabitha Sable, Datadog|date=November 2020|website=youtube.com|access-date=16 August 2022}}</ref>
* [[Datadog]] uses eBPF for [[Kubernetes]] Pod networking and security enforcement<ref name=":47">{{cite web|url=https://datadogon.datadoghq.com/episodes/datadog-on-ebpf/|title=Datadog on eBPF|date=February 2021|website=datadogon.datadoghq.com|access-date=16 August 2022}}</ref><ref name=":48">{{cite web|url=https://www.sstic.org/media/SSTIC2021/SSTIC-actes/runtime_security_with_ebpf/SSTIC2021-Article-runtime_security_with_ebpf-fournier_afchain_baubeau.pdf|title=Runtime Security Monitoring with eBPF|date=February 2021|website=sstic.org|access-date=16 August 2022}}</ref><ref name=":49">{{cite web|url=https://www.youtube.com/watch?v=6mTVuZUHLBg|title=Our eBPF Journey at Datadog - Laurent Bernaille & Tabitha Sable, Datadog|date=November 2020|website=youtube.com|access-date=16 August 2022}}</ref>
* [[Trip.com]] uses eBPF for [[Kubernetes]] Pod networking<ref name=":50">{{cite web|url=https://cilium.io/blog/2020/02/05/how-trip-com-uses-cilium/|title=User Story - How Trip.com uses Cilium|date=February 2020|website=cilium.io|access-date=16 August 2022}}</ref><ref name=":51">{{cite web|url=https://arthurchiao.art/blog/trip-stepping-into-cloud-native-networking-era/|title=Trip.com: Stepping into Cloud Native Networking Era with Cilium+BGP|date=November 2020|website=arthurchiao.art|access-date=16 August 2022}}</ref>
* [[Trip.com]] uses eBPF for [[Kubernetes]] Pod networking<ref name=":50">{{cite web|url=https://cilium.io/blog/2020/02/05/how-trip-com-uses-cilium/|title=User Story - How Trip.com uses Cilium|date=February 2020|website=cilium.io|access-date=16 August 2022}}</ref><ref name=":51">{{cite web|url=https://arthurchiao.art/blog/trip-stepping-into-cloud-native-networking-era/|title=Trip.com: Stepping into Cloud Native Networking Era with Cilium+BGP|date=November 2020|website=arthurchiao.art|access-date=16 August 2022}}</ref>
* [[Shopify]] uses eBPF for intrusion detection through Falco<ref>{{Citation |title=Keynote: Open Source Intrusion Detection for Containers at Shopify - Shane Lawrence & Kris Nóva |url=https://www.youtube.com/watch?v=6pVci31Mb6Q |access-date=2024-02-09 |language=en}}</ref>
* [[DoorDash]] uses eBPF through BPFAgent for kernel level monitoring<ref>{{Cite news |last=Rogers |first=Patrick |date=2023-08-15 |title=BPFAgent: eBPF for Monitoring at DoorDash - DoorDash Engineering Blog |url=https://doordash.engineering/2023/08/15/bpfagent-ebpf-for-monitoring-at-doordash/ |access-date=2024-02-09 |work=DoorDash Engineering Blog |language=en-US}}</ref>
* [[Microsoft]] ported eBPF and XDP to Windows<ref name=":52">{{cite web|url=https://cloudblogs.microsoft.com/opensource/2021/05/10/making-ebpf-work-on-windows/|title=Making eBPF work on Windows|date=May 2021|website=cloudblogs.microsoft.com|access-date=16 August 2022}}</ref><ref name=":53">{{cite web|url=https://cloudblogs.microsoft.com/opensource/2022/02/22/getting-linux-based-ebpf-programs-to-run-with-ebpf-for-windows/|title=Getting Linux based eBPF programs to run with eBPF for Windows|date=February 2022|website=cloudblogs.microsoft.com|access-date=16 August 2022}}</ref><ref name=":54">{{cite web|url=https://cloudblogs.microsoft.com/opensource/2021/11/29/progress-on-making-ebpf-work-on-windows/|title=Progress on making eBPF work on Windows|date=November 2019|website=cloudblogs.microsoft.com|access-date=16 August 2022}}</ref>
* [[Microsoft]] ported eBPF and XDP to Windows<ref name=":52">{{cite web|url=https://cloudblogs.microsoft.com/opensource/2021/05/10/making-ebpf-work-on-windows/|title=Making eBPF work on Windows|date=May 2021|website=cloudblogs.microsoft.com|access-date=16 August 2022}}</ref><ref name=":53">{{cite web|url=https://cloudblogs.microsoft.com/opensource/2022/02/22/getting-linux-based-ebpf-programs-to-run-with-ebpf-for-windows/|title=Getting Linux based eBPF programs to run with eBPF for Windows|date=February 2022|website=cloudblogs.microsoft.com|access-date=16 August 2022}}</ref><ref name=":54">{{cite web|url=https://cloudblogs.microsoft.com/opensource/2021/11/29/progress-on-making-ebpf-work-on-windows/|title=Progress on making eBPF work on Windows|date=November 2019|website=cloudblogs.microsoft.com|access-date=16 August 2022}}</ref>
* [[Seznam]] uses eBPF through Cilium for layer 4 load-balancing<ref name=":55">{{cite web|url=https://cilium.io/blog/2022/04/12/cilium-standalone-L4LB-XDP/|title=Cilium Standalone Layer 4 Load Balancer XDP|date=July 2022|website=cilium.io|access-date=16 August 2022}}</ref>
* [[Seznam]] uses eBPF through Cilium for layer 4 load-balancing<ref name=":55">{{cite web|url=https://cilium.io/blog/2022/04/12/cilium-standalone-L4LB-XDP/|title=Cilium Standalone Layer 4 Load Balancer XDP|date=July 2022|website=cilium.io|access-date=16 August 2022}}</ref>
* [[DigitalOcean]] uses eBPF and XDP to rate limit access to internal services in their virtual network<ref>{{Citation |title=Rate limiting access to internal services in a virtual network – Nick Bouliane, DigitalOcean |url=https://www.youtube.com/watch?v=gcHxfhDT-I4 |access-date=2024-02-04 |language=en}}</ref>
* [[CapitalOne]] uses eBPF for [[Kubernetes]] Pod networking<ref name=":56">{{cite web|url=https://www.youtube.com/watch?v=hwOpCKBaJ-w|title=Building a Secure and Maintainable PaaS - Bradley Whitfield, Capital One|date=November 2020|website=youtube.com|access-date=16 August 2022}}</ref>
* [[CapitalOne]] uses eBPF for [[Kubernetes]] Pod networking<ref name=":56">{{cite web|url=https://www.youtube.com/watch?v=hwOpCKBaJ-w|title=Building a Secure and Maintainable PaaS - Bradley Whitfield, Capital One|date=November 2020|website=youtube.com|access-date=16 August 2022}}</ref>
* [[Bell Canada]] uses eBPF to moderize telco networking with SRv6<ref>{{Citation |title=Why eBPF is changing the telco networking space – Daniel Bernier, Bell Canada |url=https://www.youtube.com/watch?v=fNtG0iHYne4 |access-date=2024-02-09 |language=en}}</ref>
* [[Elastic_NV]] uses eBPF for code profiling as part of their observability offering <ref>{{Citation |title=Elastic Universal Profiling |url=https://www.elastic.co/observability/universal-profiling |access-date=2024-02-26 |language=en}}</ref>
* [[Apple Inc.|Apple]] uses eBPF for [[Kubernetes]] Pod security<ref name=":57">{{cite web|url=https://www.youtube.com/watch?v=ZBlJSr6XkN8|title=Think eBPF for Kernel Security Monitoring - Falco at Apple- Eric Sage & Melissa Kilby, Apple|date=October 2021|website=youtube.com|access-date=16 August 2022}}</ref>
* [[Apple Inc.|Apple]] uses eBPF for [[Kubernetes]] Pod security<ref name=":57">{{cite web|url=https://www.youtube.com/watch?v=ZBlJSr6XkN8|title=Think eBPF for Kernel Security Monitoring - Falco at Apple- Eric Sage & Melissa Kilby, Apple|date=October 2021|website=youtube.com|access-date=16 August 2022}}</ref>
* [[Sky UK|Sky]] uses eBPF for [[Kubernetes]] Pod networking<ref name=":58">{{cite web|url=https://www.youtube.com/watch?v=u-4naOMfs_w|title=eBPF & Cilium at Sky – Sebastian Duff, Anthony Comtois, Jospeh Samuel, Sky|date=August 2021|website=youtube.com|access-date=16 August 2022}}</ref>
* [[Sky UK|Sky]] uses eBPF for [[Kubernetes]] Pod networking<ref name=":58">{{cite web|url=https://www.youtube.com/watch?v=u-4naOMfs_w|title=eBPF & Cilium at Sky – Sebastian Duff, Anthony Comtois, Jospeh Samuel, Sky|date=August 2021|website=youtube.com|access-date=16 August 2022}}</ref>
Line 92: Line 114:
* [[Huawei]] uses eBPF through their DIGLIM secure boot system<ref name=":61">{{cite web|url=https://www.youtube.com/watch?v=iA7T4MAqKUc|title=DIGLIM eBPF: secure boot at application level with minimal changes to distros - Roberto Sassu|date=August 2022|website=youtube.com|access-date=16 August 2022}}</ref>
* [[Huawei]] uses eBPF through their DIGLIM secure boot system<ref name=":61">{{cite web|url=https://www.youtube.com/watch?v=iA7T4MAqKUc|title=DIGLIM eBPF: secure boot at application level with minimal changes to distros - Roberto Sassu|date=August 2022|website=youtube.com|access-date=16 August 2022}}</ref>
* [[Ikea]] uses eBPF for [[Kubernetes]] Pod networking<ref name=":62">{{cite web|url=https://www.youtube.com/watch?v=sg-F_R-ZVNc|title=IKEA Private Cloud, eBPF Based Networking, Load Balancing, and Observability with... Karsten Nielsen|date=May 2022|website=youtube.com|access-date=16 August 2022}}</ref>
* [[Ikea]] uses eBPF for [[Kubernetes]] Pod networking<ref name=":62">{{cite web|url=https://www.youtube.com/watch?v=sg-F_R-ZVNc|title=IKEA Private Cloud, eBPF Based Networking, Load Balancing, and Observability with... Karsten Nielsen|date=May 2022|website=youtube.com|access-date=16 August 2022}}</ref>
* [[The New York Times]] uses eBPF for networking<ref>{{Citation |title=Panel Disucssion: Is There Actually a Byte Behind All the Buzz? eBPF in Production! |url=https://www.youtube.com/watch?v=qmrHONqsV2M |access-date=2024-02-09 |language=en}}</ref>
* [[Red Hat]] uses eBPF at scale for load balancing and tracing in their private cloud
* [[Palantir Technologies]] uses eBPF to debug networking problems in large scale Kubernetes clusters<ref>{{Citation |title=Using user-space tracing to solve DNS problems – Andrius Grabauskas, Palantir |url=https://www.youtube.com/watch?v=0RDp1IPxbg0 |access-date=2024-02-09 |language=en}}</ref>


=== Logo ===
== Security ==
The [[bee]] is the official logo for eBPF. At the first eBPF Summit there was a vote taken and the bee [[mascot]] was named "eBee".<ref name=":26">{{cite web|url=https://cilium.io/blog/2020/10/29/ebpf-summit-day-2|title=eBPF Summit Day Two|date=October 2020|website=cilium.io|access-date=1 July 2022}}</ref><ref name=":27">{{cite web|url=https://ebpf.io/what-is-ebpf#what-is-the-bee-named|title=What is the bee named?|website=ebpf.io|access-date=1 July 2022}}</ref> The logo has originally been created by Vadim Shchekoldin.<ref name=":27" /> Earlier unofficial eBPF mascots have existed in the past,<ref name=":291">{{cite web|url=https://www.brendangregg.com/blog/2015-05-15/ebpf-one-small-step.html|title=eBPF: One Small Step|website=Brendan Gregg's Blog|date=May 2015|access-date=1 July 2022}}</ref> but haven't seen widespread adoption.
=== Naming ===
There has been controversy around the naming of eBPF. The alias eBPF is often interchangeably used with BPF, for example by the Linux kernel community. eBPF and BPF is referred to as a technology name like [[LLVM]].<ref name=":4" /> eBPF evolved from the [[Berkeley Packet Filter]] as an extended version, but its use case outgrew networking, and today eBPF as a [[Acronym#Pseudo-acronyms|pseudo-acronym]] is preferred.<ref name=":4" />

== eBPF Foundation ==
The eBPF Foundation was created in August 2021 with the goal to expand the contributions being made to extend the powerful capabilities of eBPF and grow beyond Linux.<ref name=":1" /> Founding members include [[Meta Platforms|Meta]], [[Google]], Isovalent, [[Microsoft]] and [[Netflix]]. The purpose is to raise, budget and spend funds in support of various open source, open data and/or open standards projects relating to eBPF technologies<ref name=":28">{{cite web|url=https://ebpf.foundation/charter/|title=eBPF Foundation Charter|date=June 2021|website=ebpf.foundation|access-date=16 August 2022}}</ref> to further drive the growth and adoption of the eBPF ecosystem. Since inception, [[Red Hat]], [[Huawei]], [[Crowdstrike]], Tigera, DaoCloud, Datoms, FutureWei also joined.<ref name=":64">{{cite web|url=https://ebpf.foundation/governance/|title=eBPF Foundation Governance|date=August 2022|website=ebpf.foundation|access-date=16 August 2022}}</ref>

=== Steering committee ===
With the creation of the eBPF Foundation,<ref name=":1" /> an eBPF [[steering committee]] (BSC) was established in order to take care of the technical direction and vision of eBPF.<ref name=":24">{{cite web|url=https://ebpf.foundation/governance/|title=eBPF Steering Committee (BSC), eBPF Foundation|website=[[Linux Foundation]]|access-date=1 July 2022}}</ref> Tasks include the collaboration among projects, defining the minimal requirements of eBPF runtimes, overseeing community events, maintaining eBPF technical [[project lifecycle]] procedures, and communicating on behalf of the eBPF community.

Active members include:<ref name=":24" />
* Alexei Starovoitov, [[Meta Platforms|Meta]]
* Andrii Nakryiko, [[Meta Platforms|Meta]]
* [[Brendan Gregg]], [[Intel]]
* Daniel Borkmann, Isovalent
* Dave Thaler, [[Microsoft]]
* Joe Stringer, Isovalent
* KP Singh, [[Google]]
* Lorenz Bauer, formerly [[Cloudflare]]

There are currently no emeritus members.

=== eBPF standardization ===
Although eBPF is supported, to various degrees, on multiple platforms, there is no standard specification (as of January 2023) to formally define its components. However, there is currently some work in progress to define and publish a standard for the instruction set, under the auspices of the eBPF Foundation.<ref name="ebpf-std">{{cite web|url=https://lpc.events/event/16/contributions/1355/|title=eBPF Standardization|date=September 2022|website=lpc.events|access-date=6 January 2023}}</ref>

== Security concerns ==
Due to the ease of programmability, eBPF has been used as a tool for implementing microarchitectural timing [[side-channel attacks]] such as [[Spectre (security vulnerability)|Spectre]] against vulnerable [[microprocessors]].<ref name=":65">{{cite web|url=https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html|title=Reading privileged memory with a side-channel|website=googleprojectzero.blogspot.com|access-date=16 August 2022}}</ref> While unprivileged eBPF implemented mitigations against transient execution attacks,<ref name=":66">{{cite web|url=https://popl22.sigplan.org/details/prisc-2022-papers/11/BPF-and-Spectre-Mitigating-transient-execution-attacks|title=BPF and Spectre: Mitigating transient execution attacks|website=popl22.sigplan.org|access-date=16 August 2022}}</ref> unprivileged use has ultimately been disabled by the kernel community by default to protect from use against future hardware vulnerabilities.<ref name=":67">{{cite web|url=https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8a03e56b253e9691c90bc52ca199323d71b96204|title=bpf: Disallow unprivileged bpf by default|website=kernel.org|access-date=16 August 2022}}</ref>

== Conferences ==
The eBPF community organises a number of technical workshops and conferences to discuss ongoing research, development efforts, and use cases around eBPF. They can broadly be categorised into user-focused conferences and more developer-focused conferences.

User-focused conferences:

* '''eBPF Summit''', a user conference around eBPF production users and projects building upon eBPF<ref name=":13">{{cite web|url=https://ebpf.io/summit-2020/|title=eBPF Summit 2020|date=August 2020|website=eBPF.io|access-date=1 July 2022}}</ref><ref name=":14">{{cite web|url=https://ebpf.io/summit-2021/|title=eBPF Summit 2021|date=August 2021|website=eBPF.io|access-date=1 July 2022}}</ref><ref name=":93">{{cite web|url=https://ebpf.io/summit-2022/|title=eBPF Summit 2022|date=August 2022|website=eBPF.io|access-date=1 August 2022}}</ref>
* '''Cloud Native eBPF Day''', a [[Cloud Native Computing Foundation|CNCF]] event co-located with [[Cloud_Native_Computing_Foundation#Events|KubeCon]] for the [[Cloud native computing|cloud native]] community<ref name=":22">{{cite web|url=https://events.linuxfoundation.org/cloud-native-ebpf-day-north-america/program/schedule/|title=Cloud Native eBPF Day North America 2021|date=October 2021|website=linuxfoundation.org|access-date=1 January 2022}}</ref><ref name=":23">{{cite web|url=https://events.linuxfoundation.org/cloud-native-ebpf-day-europe/program/schedule/|title=Cloud Native eBPF Day Europe 2022|date=May 2022|website=linuxfoundation.org|access-date=1 July 2022}}</ref>

Developer-focused conferences:


Due to the ease of programmability, eBPF has been used as a tool for implementing microarchitectural timing [[side-channel attacks]] such as [[Spectre (security vulnerability)|Spectre]] against vulnerable [[microprocessors]].<ref name=":65">{{cite web|url=https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html|title=Reading privileged memory with a side-channel|website=googleprojectzero.blogspot.com|date=3 January 2018 |access-date=16 August 2022}}</ref> While unprivileged eBPF implemented mitigations against transient execution attacks,<ref name=":66">{{cite web|url=https://popl22.sigplan.org/details/prisc-2022-papers/11/BPF-and-Spectre-Mitigating-transient-execution-attacks|title=BPF and Spectre: Mitigating transient execution attacks|website=popl22.sigplan.org|access-date=16 August 2022}}</ref> unprivileged use has ultimately been disabled by the kernel community by default to protect from use against future hardware vulnerabilities.<ref name=":67">{{cite web|url=https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8a03e56b253e9691c90bc52ca199323d71b96204|title=bpf: Disallow unprivileged bpf by default|website=kernel.org|access-date=16 August 2022}}</ref>
* '''LSF/MM/BPF workshop''', an annual technical workshop for the BPF Linux kernel community<ref name=":15">{{cite web|url=http://vger.kernel.org/bpfconf2019.html|title=LSF/MM/BPF, bpfconf 2019|date=April 2019|website=kernel.org|access-date=1 July 2022}}</ref><ref name=":16">{{cite web|url=http://vger.kernel.org/bpfconf2022.html|title=LSF/MM/BPF, bpfconf 2022|date=May 2022|website=kernel.org|access-date=1 July 2022}}</ref>
* '''BPF track''' at [[Linux_Foundation#Community_stewardship|Linux Plumbers conference]], a technical track for the BPF Linux kernel community and surrounding user space libraries and tooling<ref name=":17">{{cite web|url=https://blog.linuxplumbersconf.org/2017/ocw/events/LPC2017/schedule.html#day_2017_09_15|title=LPC 2017, Tracing & BPF micro-conference|date=September 2017|website=lpc.events|access-date=1 July 2022}}</ref><ref name=":18">{{cite web|url=http://vger.kernel.org/lpc-bpf2018.html|title=LPC 2018, BPF micro-conference|date=November 2018|website=kernel.org|access-date=1 July 2022}}</ref><ref name=":19">{{cite web|url=https://lpc.events/event/4/sessions/62/#20190911|title=LPC 2019, BPF micro-conference|date=September 2019|website=lpc.events|access-date=1 July 2022}}</ref><ref name=":20">{{cite web|url=https://lpc.events/event/7/sessions/91/#all|title=LPC 2020, Networking and BPF Summit|date=August 2020|website=lpc.events|access-date=1 July 2022}}</ref><ref name=":21">{{cite web|url=https://lpc.events/event/11/sessions/120/#all|title=LPC 2021, BPF & Networking Summit|date=September 2021|website=lpc.events|access-date=1 July 2022}}</ref><ref name=":101">{{cite web|url=https://lpc.events/event/16/sessions/131/#all|title=LPC 2022, eBPF & Networking Summit|date=September 2022|website=lpc.events|access-date=16 August 2022}}</ref>


== See also ==
== See also ==
Line 142: Line 129:


==Further reading==
==Further reading==
*{{cite book |author=Gregg |first=Brendan |date=December 2019 |title=BPF Performance Tools |isbn=978-0136554820 |author-link=Brendan Gregg}}
*{{cite book |author=Gregg |first=Brendan |date=December 2019 |title=BPF Performance Tools |publisher=Addison-Wesley |isbn=978-0136554820 |author-link=Brendan Gregg}}
*{{cite book
*{{cite book
| author = David Calavera, Lorenzo Fontana
| author = David Calavera, Lorenzo Fontana
| date = December 2019
| date = December 2019
| title = Linux Observability With BPF
| title = Linux Observability With BPF
| publisher = O'Reilly Media, Incorporated
| isbn = 978-1492050209
| isbn = 978-1492050209
}}
}}
*{{cite book |author=Gregg |first=Brendan |date=December 2020 |title=Systems Performance, Second edition |isbn=978-0136820154 |author-link=Brendan Gregg}}
*{{cite book |author=Gregg |first=Brendan |date=December 2020 |title=Systems Performance, Second edition |isbn=978-0136820154 |author-link=Brendan Gregg}}
*{{cite book |author=Rice |first=Liz |date=April 2022 |title=What Is eBPF? |isbn=978-1492097259 |author-link=OpenUK}}
*{{cite book |author=Rice |first=Liz |date=April 2022 |title=What Is eBPF? |isbn=978-1492097259 |author-link=OpenUK}}
*{{cite book |author=Rice |first=Liz |date=April 2023 |title=Learning eBPF: Programming the Linux Kernel for Enhanced Observability, Networking, and Security |isbn=978-1098135126 |author-link=OpenUK}}
*{{cite book |author=Rice |first=Liz |date=April 2023 |title=Learning eBPF: Programming the Linux Kernel for Enhanced Observability, Networking, and Security |publisher=O'Reilly Media |isbn=978-1098135126 |author-link=OpenUK}}


== External links ==
== External links ==
Line 157: Line 145:
* [https://ebpf.foundation/ eBPF.foundation - Linux Foundation's eBPF Foundation site]
* [https://ebpf.foundation/ eBPF.foundation - Linux Foundation's eBPF Foundation site]


[[Category:Software]]
[[Category:Free software programmed in C]]
[[Category:Free system software]]
[[Category:Software using the GPL license]]
[[Category:Software using the MIT license]]

Revision as of 06:39, 9 April 2024

eBPF
Original author(s)Alexei Starovoitov,
Daniel Borkmann[1][2]
Developer(s)Open source community, Meta, Google, Isovalent, Microsoft, Netflix[1]
Initial release2014; 10 years ago (2014)[3]
RepositoryLinux: git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/
Windows: github.com/Microsoft/ebpf-for-windows/
Written inC
Operating systemLinux, Windows[4]
TypeRuntime system
LicenseLinux: GPL
Windows: MIT License
Websiteebpf.io

eBPF is a technology that can run programs in a privileged context such as the operating system kernel.[5] It is the successor to the Berkeley Packet Filter (BPF) filtering mechanism in Linux, and is also used in other parts of the Linux kernel as well.

It is used to safely and efficiently extend the capabilities of the kernel at runtime without requiring changes to kernel source code or loading kernel modules.[6] Safety is provided through an in-kernel verifier which performs static code analysis and rejects programs which crash, hang or otherwise interfere with the kernel negatively.[7][8]

This validation model differs from sandboxed environments, where the execution environment is restricted and the runtime has no insight about the program.[9] Examples of programs that are automatically rejected are programs without strong exit guarantees (i.e. for/while loops without exit conditions) and programs dereferencing pointers without safety checks.[10]

Design

Loaded programs which passed the verifier are either interpreted or in-kernel just-in-time compiled (JIT compiled) for native execution performance. The execution model is event-driven and with few exceptions run-to-completion,[2] meaning, programs can be attached to various hook points in the operating system kernel and are run upon triggering of an event. eBPF use cases include (but are not limited to) networking such as XDP, tracing and security subsystems.[5] Given eBPF's efficiency and flexibility opened up new possibilities to solve production issues, Brendan Gregg famously dubbed eBPF "superpowers for Linux".[11] Linus Torvalds said, "BPF has actually been really useful, and the real power of it is how it allows people to do specialized code that isn't enabled until asked for".[12] Due to its success in Linux, the eBPF runtime has been ported to other operating systems such as Windows.[4]

History

eBPF was built on top of the Berkeley Packet Filter (cBPF). At the lowest level, it introduced the use of ten 64-bit registers (instead of two 32-bit long registers for cBPF), different jump semantics, a call instruction and corresponding register passing convention, new instructions, and a different encoding for these instructions.[13]

Most significant milestones in the evolution of eBPF
Date Event
April 2011 The first in-kernel Linux just-in-time compiler (JIT compiler) for the classic Berkeley Packet Filter got merged.[14]
January 2012 The first non-networking use case of the classic Berkeley Packet Filter, seccomp-bpf,[15] appeared; it allows filtering of system calls using a configurable policy implemented through BPF instructions.
March 2014 David S. Miller, primary maintainer of the Linux networking stack, accepted the rework of the old in-kernel BPF interpreter. It was replaced by an eBPF interpreter and the Linux kernel internally translates classic BPF (cBPF) into eBPF instructions.[16]
March 2015 The ability to attach eBPF to kprobes as first tracing use case was merged.[18] In the same month, initial infrastructure work got accepted to attach eBPF to the networking traffic control (tc) layer allowing to attach eBPF to the core ingress and later also egress paths of the network stack, later heavily used by projects such as Cilium.[19][20][21]
August 2015 The eBPF compiler backend got merged into LLVM 3.7.0 release.[22]
September 2015 Brendan Gregg announced a collection of new eBPF-based tracing tools as the bcc project, providing a front-end for eBPF to make it easier to write programs.[23]
July 2016 eBPF got the ability to be attached into network driver's core receive path. This layer is known today as eXpress DataPath (XDP) and was added as a response to DPDK to create a fast data path which works in combination with the Linux kernel rather than bypassing it.[24][25][26]
August 2016 Cilium was initially announced during LinuxCon as a project providing fast IPv6 container networking with eBPF and XDP. Today, Cilium has been adopted by major cloud provider's Kubernetes offerings and is one of the most widely used CNIs.[27][21][28]
November 2016 Netronome added offload of eBPF programs for XDP and tc BPF layer to their NIC.[29]
May 2017 Meta's layer 4 load-balancer, Katran, went live. Every packet towards facebook.com since then has been processed by eBPF & XDP.[30]
November 2017 eBPF becomes its own kernel subsystem to ease the continuously growing kernel patch management. The first pull request by eBPF maintainers was submitted.[31]
September 2017 Bpftool was added to the Linux kernel as a user space utility to introspect the eBPF subsystem.[32]
January 2018 A new socket family called AF_XDP was published, allowing for high performance packet processing with zero-copy semantics at the XDP layer.[33] Today, DPDK has an official AF_XDP poll-mode driver support.[34]
February 2018 The bpfilter prototype has been published, allowing translation of a subset of iptables rulesets into eBPF via a newly developed user mode driver. The work has caused controversies due to the ongoing nftables development effort and has not been merged into mainline.[35][36]
October 2018 The new bpftrace tool has been announced by Brendan Gregg as DTrace 2.0 for Linux.[37]
November 2018 eBPF introspection has been added for kTLS in order to support the ability for in-kernel TLS policy enforcement.[38]
November 2018 BTF (BPF Type Format) has been added to the Linux kernel as an efficient meta data format which is approximately 100x smaller in size than DWARF.[39]
December 2019 The first 880-page long book on BPF, written by Brendan Gregg, was released.[40]
March 2020 Google upstreamed BPF LSM support into the Linux kernel, enabling programmable Linux Security Modules (LSMs) through eBPF.[41]
September 2020 The eBPF compiler backend for GNU Compiler Collection (GCC) was merged.[42]

Branding

The alias eBPF is often interchangeably used with BPF,[2][43] for example by the Linux kernel community. eBPF and BPF is referred to as a technology name like LLVM.[2] eBPF evolved from the Berkeley Packet Filter as an extended version, but its use case outgrew networking, and today eBPF as a pseudo-acronym is preferred.[2]

The bee is the official logo for eBPF. At the first eBPF Summit there was a vote taken and the bee mascot was named "eBee".[44][45] The logo has originally been created by Vadim Shchekoldin.[45] Earlier unofficial eBPF mascots have existed in the past,[46] but haven't seen widespread adoption.

Governance

The eBPF Foundation was created in August 2021 with the goal to expand the contributions being made to extend the powerful capabilities of eBPF and grow beyond Linux.[1] Founding members include Meta, Google, Isovalent, Microsoft and Netflix. The purpose is to raise, budget and spend funds in support of various open source, open data and/or open standards projects relating to eBPF technologies[47] to further drive the growth and adoption of the eBPF ecosystem. Since inception, Red Hat, Huawei, Crowdstrike, Tigera, DaoCloud, Datoms, FutureWei also joined.[48]

Adoption

eBPF has been adopted by a number of large-scale production users, for example:

Security

Due to the ease of programmability, eBPF has been used as a tool for implementing microarchitectural timing side-channel attacks such as Spectre against vulnerable microprocessors.[93] While unprivileged eBPF implemented mitigations against transient execution attacks,[94] unprivileged use has ultimately been disabled by the kernel community by default to protect from use against future hardware vulnerabilities.[95]

See also

References

  1. ^ a b c "Meta, Google, Isovalent, Microsoft and Netflix Launch eBPF Foundation as Part of the Linux Foundation". Linux Foundation. 12 August 2021. Retrieved 1 July 2022.
  2. ^ a b c d e "BPF Internals". USENIX LISA 2021 conference. 1 June 2021. Retrieved 1 July 2022.
  3. ^ "eBPF and Kubernetes: Little Helper Minions for Scaling Microservices". CNCF KubeCon + CloudNativeCon Europe 2020. 19 August 2020. Retrieved 1 July 2022.
  4. ^ a b "Making eBPF work on Windows". Microsoft Open Source Blog. 10 May 2021. Retrieved 1 July 2022.
  5. ^ a b "eBPF Documentation: What is eBPF?". eBPF.io. Retrieved 1 July 2022.
  6. ^ "eBPF - Rethinking the Linux Kernel". QCon 2020. Retrieved 1 July 2022.
  7. ^ "Safe Programs The Foundation of BPF". eBPF Summit 2021. 8 November 2020. Retrieved 1 July 2022.
  8. ^ "BPF and Spectre: Mitigating transient execution attacks". POPL 2022 conference. 22 January 2022. Retrieved 1 July 2022.
  9. ^ "eBPF - The Silent Platform Revolution from Cloud Native" (PDF). SIGCOMM 2023, 1st Workshop on eBPF and Kernel Extensions. 10 September 2023. Retrieved 5 October 2023.
  10. ^ Hedam, Niclas (26 May 2023). "eBPF - From a Programmer's Perspective" (PDF). doi:10.13140/RG.2.2.33688.11529/4.
  11. ^ "Linux BPF Superpowers". Brendan Gregg's Blog. 5 March 2016. Retrieved 1 July 2022.
  12. ^ "Linus Torvalds talks about coming back to work on Linux". zdnet Interview with Linus Torvalds. 23 October 2018. Retrieved 1 July 2022.
  13. ^ "Classic BPF vs eBPF". LWN. March 2014. Retrieved 6 January 2023.
  14. ^ "net: filter: Just In Time compiler". lore.kernel.org. April 2011. Retrieved 1 July 2022.
  15. ^ "Yet another new approach to seccomp". LWN. 1 January 2012. Retrieved 1 July 2022.
  16. ^ "BPF updates". lore.kernel.org. March 2014. Retrieved 1 July 2022.
  17. ^ "Happy birthday BPF!". lore.kernel.org. September 2014. Retrieved 1 July 2022.
  18. ^ "tracing: attach eBPF programs to kprobes". lore.kernel.org. March 2015. Retrieved 1 July 2022.
  19. ^ "eBPF support for cls_bpf". lore.kernel.org. March 2015. Retrieved 1 July 2022.
  20. ^ "net, sched: add clsact qdisc". lore.kernel.org. January 2016. Retrieved 1 July 2022.
  21. ^ a b "eBPF-based Networking, Observability, Security". cilium.io. January 2016. Retrieved 1 July 2022.
  22. ^ "LLVM 3.7 Release Notes". releases.llvm.org. August 2015. Retrieved 1 July 2022.
  23. ^ "bcc: Taming Linux 4.3+ Tracing Superpowers". brendangregg.com. September 2015. Retrieved 1 July 2022.
  24. ^ "Add driver bpf hook for early packet drop and forwarding". lore.kernel.org. July 2016. Retrieved 1 July 2022.
  25. ^ "eCHO episode 9: XDP and Load Balancing". youtube.com. June 2021. Retrieved 1 July 2022.
  26. ^ Høiland-Jørgensen, Toke; Brouer, Jesper Dangaard; Borkmann, Daniel; Fastabend, John; Herbert, Tom; Ahern, David; Miller, David (December 2018). "The eXpress data path: Fast programmable packet processing in the operating system kernel". Proceedings of the 14th International Conference on emerging Networking EXperiments and Technologies. acm.org. pp. 54–66. doi:10.1145/3281411.3281443. ISBN 9781450360807. S2CID 53779310. Retrieved 1 July 2022.
  27. ^ "Cilium - Fast IPv6 Container Networking with BPF and XDP". slideshare.net. August 2016. Retrieved 1 July 2022.
  28. ^ a b "New GKE Dataplane V2 increases security and visibility for containers". cloud.google.com. May 2021. Retrieved 16 August 2022.
  29. ^ "nfp ring reconfiguration and XDP support". lore.kernel.org. November 2016. Retrieved 1 July 2022.
  30. ^ a b "XDP 1.5 Years In Production. Evolution and Lessons Learned". lpc.events. November 2018. Retrieved 16 August 2022.
  31. ^ "pull-request: bpf 2017-11-23". lore.kernel.org. November 2017. Retrieved 1 July 2022.
  32. ^ "tools: add bpftool". lore.kernel.org. September 2017. Retrieved 1 July 2022.
  33. ^ "Introducing AF_XDP support". lore.kernel.org. January 2018. Retrieved 1 July 2022.
  34. ^ "AF_XDP Poll Mode Driver". doc.dpdk.org. August 2022. Retrieved 16 August 2022.
  35. ^ "BPF comes to firewalls". lwn.net. February 2018. Retrieved 1 July 2022.
  36. ^ "Why is the kernel community replacing iptables with BPF?". cilium.io. April 2018. Retrieved 1 July 2022.
  37. ^ "bpftrace (DTrace 2.0) for Linux 2018". brendangregg.com. October 2018. Retrieved 16 August 2022.
  38. ^ "Combining kTLS and BPF for Introspection and Policy Enforcement" (PDF). vger.kernel.org. November 2018. Retrieved 1 July 2022.
  39. ^ "BTF deduplication and Linux kernel BTF". nakryiko.com. November 2018. Retrieved 1 July 2022.
  40. ^ "BPF Performance Tools (book)". brendangregg.com. December 2019. Retrieved 16 August 2022.
  41. ^ "MAC and Audit policy using eBPF (KRSI)". lore.kernel.org. March 2020. Retrieved 16 August 2022.
  42. ^ "BPF in GCC". lwn.net. September 2020. Retrieved 16 August 2022.
  43. ^ Brendan Gregg (December 2019). BPF Performance Tools. Addison-Wesley. ISBN 978-0136554820.
  44. ^ "eBPF Summit Day Two". cilium.io. October 2020. Retrieved 1 July 2022.
  45. ^ a b "What is the bee named?". ebpf.io. Retrieved 1 July 2022.
  46. ^ "eBPF: One Small Step". Brendan Gregg's Blog. May 2015. Retrieved 1 July 2022.
  47. ^ "eBPF Foundation Charter". ebpf.foundation. June 2021. Retrieved 16 August 2022.
  48. ^ "eBPF Foundation Governance". ebpf.foundation. August 2022. Retrieved 16 August 2022.
  49. ^ "Open-sourcing Katran, a scalable network load balancer". fb.com. May 2018. Retrieved 16 August 2022.
  50. ^ "BPF at Facebook". youtube.com. December 2019. Retrieved 16 August 2022.
  51. ^ "From XDP to socket". lpc.events. September 2021. Retrieved 16 August 2022.
  52. ^ "eCHO episode 29: BPF LSM with KP Singh". youtube.com. November 2021. Retrieved 16 August 2022.
  53. ^ "BPF security auditing at Google - Brendan Jackman/KP Singh". youtube.com. November 2021. Retrieved 16 August 2022.
  54. ^ "Replacing HTB with EDT and BPF". netdevconf.info. July 2020. Retrieved 16 August 2022.
  55. ^ "Cloudflare architecture and how BPF eats the world". blog.cloudflare.com. May 2019. Retrieved 16 August 2022.
  56. ^ "It's crowded in here!". blog.cloudflare.com. October 2019. Retrieved 16 August 2022.
  57. ^ "Production ready eBPF, or how we fixed the BSD socket API". blog.cloudflare.com. February 2022. Retrieved 16 August 2022.
  58. ^ "Live-patching security vulnerabilities inside the Linux kernel with eBPF Linux Security Module". blog.cloudflare.com. June 2022. Retrieved 16 August 2022.
  59. ^ "Unimog - Cloudflare's edge load balancer". blog.cloudflare.com. September 2020. Retrieved 16 August 2022.
  60. ^ "How Netflix uses eBPF flow logs at scale for network insight". netflixtechblog.com. June 2021. Retrieved 16 August 2022.
  61. ^ "Extending Vector with eBPF to inspect host and container performance". netflixtechblog.com. February 2019. Retrieved 16 August 2022.
  62. ^ "Dropbox traffic infrastructure: Edge network". dropbox.tech. October 2018. Retrieved 16 August 2022.
  63. ^ "eBPF Traffic Monitoring". source.android.com. August 2022. Retrieved 16 August 2022.
  64. ^ "Extending the Kernel with eBPF". source.android.com. August 2022. Retrieved 16 August 2022.
  65. ^ "NAT46 translation with BPF". lore.kernel.org. April 2022. Retrieved 16 August 2022.
  66. ^ "BPF for Android: How we leverage BPF for our networking solutions - Madhan Raj Kanagarathinam". www.youtube.com. February 2024. Retrieved 19 February 2022.
  67. ^ Software L4 Load Balancing for Kubernetes Services at Yahoo! – Karthikeyan Thangaraj, Verizon Media, retrieved 2024-02-03
  68. ^ "Skyfall: eBPF agent for infrastructure observability". www.linkedin.com. Retrieved 2024-02-03.
  69. ^ "How Does Alibaba Cloud Build High-Performance Cloud-Native Pod Networks in Production Environments?". alibabacloud.com. September 2020. Retrieved 16 August 2022.
  70. ^ "Datadog on eBPF". datadogon.datadoghq.com. February 2021. Retrieved 16 August 2022.
  71. ^ "Runtime Security Monitoring with eBPF" (PDF). sstic.org. February 2021. Retrieved 16 August 2022.
  72. ^ "Our eBPF Journey at Datadog - Laurent Bernaille & Tabitha Sable, Datadog". youtube.com. November 2020. Retrieved 16 August 2022.
  73. ^ "User Story - How Trip.com uses Cilium". cilium.io. February 2020. Retrieved 16 August 2022.
  74. ^ "Trip.com: Stepping into Cloud Native Networking Era with Cilium+BGP". arthurchiao.art. November 2020. Retrieved 16 August 2022.
  75. ^ Keynote: Open Source Intrusion Detection for Containers at Shopify - Shane Lawrence & Kris Nóva, retrieved 2024-02-09
  76. ^ Rogers, Patrick (2023-08-15). "BPFAgent: eBPF for Monitoring at DoorDash - DoorDash Engineering Blog". DoorDash Engineering Blog. Retrieved 2024-02-09.
  77. ^ "Making eBPF work on Windows". cloudblogs.microsoft.com. May 2021. Retrieved 16 August 2022.
  78. ^ "Getting Linux based eBPF programs to run with eBPF for Windows". cloudblogs.microsoft.com. February 2022. Retrieved 16 August 2022.
  79. ^ "Progress on making eBPF work on Windows". cloudblogs.microsoft.com. November 2019. Retrieved 16 August 2022.
  80. ^ "Cilium Standalone Layer 4 Load Balancer XDP". cilium.io. July 2022. Retrieved 16 August 2022.
  81. ^ Rate limiting access to internal services in a virtual network – Nick Bouliane, DigitalOcean, retrieved 2024-02-04
  82. ^ "Building a Secure and Maintainable PaaS - Bradley Whitfield, Capital One". youtube.com. November 2020. Retrieved 16 August 2022.
  83. ^ Why eBPF is changing the telco networking space – Daniel Bernier, Bell Canada, retrieved 2024-02-09
  84. ^ Elastic Universal Profiling, retrieved 2024-02-26
  85. ^ "Think eBPF for Kernel Security Monitoring - Falco at Apple- Eric Sage & Melissa Kilby, Apple". youtube.com. October 2021. Retrieved 16 August 2022.
  86. ^ "eBPF & Cilium at Sky – Sebastian Duff, Anthony Comtois, Jospeh Samuel, Sky". youtube.com. August 2021. Retrieved 16 August 2022.
  87. ^ "Running and orchestrating multiple XDP and TC programs – Brian Merrell, Walmart". youtube.com. August 2021. Retrieved 16 August 2022.
  88. ^ "High Performance Load Balancing @Walmart – Kanthi Pavuluri & Karan Dalal, Walmart". youtube.com. August 2021. Retrieved 16 August 2022.
  89. ^ "DIGLIM eBPF: secure boot at application level with minimal changes to distros - Roberto Sassu". youtube.com. August 2022. Retrieved 16 August 2022.
  90. ^ "IKEA Private Cloud, eBPF Based Networking, Load Balancing, and Observability with... Karsten Nielsen". youtube.com. May 2022. Retrieved 16 August 2022.
  91. ^ Panel Disucssion: Is There Actually a Byte Behind All the Buzz? eBPF in Production!, retrieved 2024-02-09
  92. ^ Using user-space tracing to solve DNS problems – Andrius Grabauskas, Palantir, retrieved 2024-02-09
  93. ^ "Reading privileged memory with a side-channel". googleprojectzero.blogspot.com. 3 January 2018. Retrieved 16 August 2022.
  94. ^ "BPF and Spectre: Mitigating transient execution attacks". popl22.sigplan.org. Retrieved 16 August 2022.
  95. ^ "bpf: Disallow unprivileged bpf by default". kernel.org. Retrieved 16 August 2022.

Further reading

  • Gregg, Brendan (December 2019). BPF Performance Tools. Addison-Wesley. ISBN 978-0136554820.
  • David Calavera, Lorenzo Fontana (December 2019). Linux Observability With BPF. O'Reilly Media, Incorporated. ISBN 978-1492050209.
  • Gregg, Brendan (December 2020). Systems Performance, Second edition. ISBN 978-0136820154.
  • Rice, Liz (April 2022). What Is eBPF?. ISBN 978-1492097259.
  • Rice, Liz (April 2023). Learning eBPF: Programming the Linux Kernel for Enhanced Observability, Networking, and Security. O'Reilly Media. ISBN 978-1098135126.

External links

source: https://en.wikipedia.org/w/index.php?title=EBPF&diff=1218013021&oldid=1173184316

Leave a Reply