EBPF

Last updated
eBPF
Original author(s) Alexei Starovoitov,
Daniel Borkmann [1] [2]
Developer(s) Open source community, Meta, Google, Isovalent, Microsoft, Netflix [1]
Initial release2014;10 years ago (2014) [3]
Repository Linux: git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/
Windows: github.com/Microsoft/ebpf-for-windows/
Written in C
Operating system Linux, Windows [4]
Type Runtime system
License Linux: GPL
Windows: MIT License
Website ebpf.io

eBPF is a technology that can run programs in a privileged context such as the operating system kernel. [5] It is the successor to the Berkeley Packet Filter (BPF) filtering mechanism in Linux, and is also used in other parts of the Linux kernel as well.

Contents

It is used to safely and efficiently extend the capabilities of the kernel at runtime without requiring changes to kernel source code or loading kernel modules. [6] Safety is provided through an in-kernel verifier which performs static code analysis and rejects programs which crash, hang or otherwise interfere with the kernel negatively. [7] [8]

This validation model differs from sandboxed environments, where the execution environment is restricted and the runtime has no insight about the program. [9] Examples of programs that are automatically rejected are programs without strong exit guarantees (i.e. for/while loops without exit conditions) and programs dereferencing pointers without safety checks. [10]

Design

Loaded programs which passed the verifier are either interpreted or in-kernel just-in-time compiled (JIT compiled) for native execution performance. The execution model is event-driven and with few exceptions run-to-completion, [2] meaning, programs can be attached to various hook points in the operating system kernel and are run upon triggering of an event. eBPF use cases include (but are not limited to) networking such as XDP, tracing and security subsystems. [5] Given eBPF's efficiency and flexibility opened up new possibilities to solve production issues, Brendan Gregg famously dubbed eBPF "superpowers for Linux". [11] Linus Torvalds said, "BPF has actually been really useful, and the real power of it is how it allows people to do specialized code that isn't enabled until asked for". [12] Due to its success in Linux, the eBPF runtime has been ported to other operating systems such as Windows. [4]

History

eBPF was built on top of the Berkeley Packet Filter (cBPF). At the lowest level, it introduced the use of ten 64-bit registers (instead of two 32-bit long registers for cBPF), different jump semantics, a call instruction and corresponding register passing convention, new instructions, and a different encoding for these instructions. [13]

Most significant milestones in the evolution of eBPF
DateEvent
April 2011The first in-kernel Linux just-in-time compiler (JIT compiler) for the classic Berkeley Packet Filter got merged. [14]
January 2012The first non-networking use case of the classic Berkeley Packet Filter, seccomp-bpf, [15] appeared; it allows filtering of system calls using a configurable policy implemented through BPF instructions.
March 2014 David S. Miller, primary maintainer of the Linux networking stack, accepted the rework of the old in-kernel BPF interpreter. It was replaced by an eBPF interpreter and the Linux kernel internally translates classic BPF (cBPF) into eBPF instructions. [16]
March 2015The ability to attach eBPF to kprobes as first tracing use case was merged. [18] In the same month, initial infrastructure work got accepted to attach eBPF to the networking traffic control (tc) layer allowing to attach eBPF to the core ingress and later also egress paths of the network stack, later heavily used by projects such as Cilium. [19] [20] [21]
August 2015The eBPF compiler backend got merged into LLVM 3.7.0 release. [22]
September 2015 Brendan Gregg announced a collection of new eBPF-based tracing tools as the bcc project, providing a front-end for eBPF to make it easier to write programs. [23]
July 2016eBPF got the ability to be attached into network driver's core receive path. This layer is known today as eXpress DataPath (XDP) and was added as a response to DPDK to create a fast data path which works in combination with the Linux kernel rather than bypassing it. [24] [25] [26]
August 2016Cilium was initially announced during LinuxCon as a project providing fast IPv6 container networking with eBPF and XDP. Today, Cilium has been adopted by major cloud provider's Kubernetes offerings and is one of the most widely used CNIs. [27] [21] [28]
November 2016 Netronome added offload of eBPF programs for XDP and tc BPF layer to their NIC. [29]
May 2017 Meta's layer 4 load-balancer, Katran, went live. Every packet towards facebook.com since then has been processed by eBPF & XDP. [30]
November 2017eBPF becomes its own kernel subsystem to ease the continuously growing kernel patch management. The first pull request by eBPF maintainers was submitted. [31]
September 2017Bpftool was added to the Linux kernel as a user space utility to introspect the eBPF subsystem. [32]
January 2018A new socket family called AF_XDP was published, allowing for high performance packet processing with zero-copy semantics at the XDP layer. [33] Today, DPDK has an official AF_XDP poll-mode driver support. [34]
February 2018The bpfilter prototype has been published, allowing translation of a subset of iptables rulesets into eBPF via a newly developed user mode driver. The work has caused controversies due to the ongoing nftables development effort and has not been merged into mainline. [35] [36]
October 2018The new bpftrace tool has been announced by Brendan Gregg as DTrace 2.0 for Linux. [37]
November 2018eBPF introspection has been added for kTLS in order to support the ability for in-kernel TLS policy enforcement. [38]
November 2018BTF (BPF Type Format) has been added to the Linux kernel as an efficient meta data format which is approximately 100x smaller in size than DWARF. [39]
December 2019The first 880-page long book on BPF, written by Brendan Gregg, was released. [40]
March 2020 Google upstreamed BPF LSM support into the Linux kernel, enabling programmable Linux Security Modules (LSMs) through eBPF. [41]
September 2020The eBPF compiler backend for GNU Compiler Collection (GCC) was merged. [42]

Branding

The alias eBPF is often interchangeably used with BPF, [2] [43] for example by the Linux kernel community. eBPF and BPF is referred to as a technology name like LLVM. [2] eBPF evolved from the Berkeley Packet Filter as an extended version, but its use case outgrew networking, and today eBPF as a pseudo-acronym is preferred. [2]

The bee is the official logo for eBPF. At the first eBPF Summit there was a vote taken and the bee mascot was named "eBee". [44] [45] The logo has originally been created by Vadim Shchekoldin. [45] Earlier unofficial eBPF mascots have existed in the past, [46] but haven't seen widespread adoption.

Governance

The eBPF Foundation was created in August 2021 with the goal to expand the contributions being made to extend the powerful capabilities of eBPF and grow beyond Linux. [1] Founding members include Meta, Google, Isovalent, Microsoft and Netflix. The purpose is to raise, budget and spend funds in support of various open source, open data and/or open standards projects relating to eBPF technologies [47] to further drive the growth and adoption of the eBPF ecosystem. Since inception, Red Hat, Huawei, Crowdstrike, Tigera, DaoCloud, Datoms, FutureWei also joined. [48]

Adoption

eBPF has been adopted by a number of large-scale production users, for example:

Security

Due to the ease of programmability, eBPF has been used as a tool for implementing microarchitectural timing side-channel attacks such as Spectre against vulnerable microprocessors. [93] While unprivileged eBPF implemented mitigations against transient execution attacks, [94] unprivileged use has ultimately been disabled by the kernel community by default to protect from use against future hardware vulnerabilities. [95]

See also

Related Research Articles

<span class="mw-page-title-main">UEFI</span> Operating system and firmware specification

Unified Extensible Firmware Interface is a specification that defines the architecture of the platform firmware used for booting the computer hardware and its interface for interaction with the operating system. Examples of firmware that implement the specification are AMI Aptio, Phoenix SecureCore, TianoCore EDK II, InsydeH2O. UEFI replaces the BIOS which was present in the boot ROM of all personal computers that are IBM PC compatible, although it can provide backwards compatibility with the BIOS using CSM booting. Intel developed the original Extensible Firmware Interface (EFI) specification. Some of the EFI's practices and data formats mirror those of Microsoft Windows. In 2005, UEFI deprecated EFI 1.10.

<span class="mw-page-title-main">Linux Virtual Server</span> Load-balancing software

Linux Virtual Server (LVS) is load balancing software for Linux kernel–based operating systems.

seccomp is a computer security facility in the Linux kernel. seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit , sigreturn , read and write to already-open file descriptors. Should it attempt any other system calls, the kernel will either just log the event or terminate the process with SIGKILL or SIGSYS. In this sense, it does not virtualize the system's resources but isolates the process from them entirely.

OS-level virtualization is an operating system (OS) virtualization paradigm in which the kernel allows the existence of multiple isolated user space instances, called containers, zones, virtual private servers (OpenVZ), partitions, virtual environments (VEs), virtual kernels, or jails. Such instances may look like real computers from the point of view of programs running in them. A computer program running on an ordinary operating system can see all resources of that computer. However, programs running inside of a container can only see the container's contents and devices assigned to the container.

The Berkeley Packet Filter is a network tap and packet filter which permits computer network packets to be captured and filtered at the operating system level. It provides a raw interface to data link layers, permitting raw link-layer packets to be sent and received, and allows a userspace process to supply a filter program that specifies which packets it wants to receive. For example, a tcpdump process may want to receive only packets that initiate a TCP connection. BPF returns only packets that pass the filter that the process supplies. This avoids copying unwanted packets from the operating system kernel to the process, greatly improving performance. The filter program is in the form of instructions for a virtual machine, which are interpreted, or compiled into machine code by a just-in-time (JIT) mechanism and executed, in the kernel.

<span class="mw-page-title-main">Microsoft Azure</span> Cloud computing platform by Microsoft

Microsoft Azure, often referred to as Azure, is a cloud computing platform run by Microsoft. It offers access, management, and the development of applications and services through global data centers. It also provides a range of capabilities, including software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS). Microsoft Azure supports many programming languages, tools, and frameworks, including Microsoft-specific and third-party software and systems.

<span class="mw-page-title-main">Linux kernel</span> Operating system kernel

The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally written in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU operating system, which was written to be a free (libre) replacement for Unix.

cgroups is a Linux kernel feature that limits, accounts for, and isolates the resource usage of a collection of processes.

netsniff-ng Linux networking toolkit

netsniff-ng is a free Linux network analyzer and networking toolkit originally written by Daniel Borkmann. Its gain of performance is reached by zero-copy mechanisms for network packets, so that the Linux kernel does not need to copy packets from kernel space to user space via system calls such as recvmsg . libpcap, starting with release 1.0.0, also supports the zero-copy mechanism on Linux for capturing (RX_RING), so programs using libpcap also use that mechanism on Linux.

<span class="mw-page-title-main">Network scheduler</span> Arbiter on a node in packet switching communication network

A network scheduler, also called packet scheduler, queueing discipline (qdisc) or queueing algorithm, is an arbiter on a node in a packet switching communication network. It manages the sequence of network packets in the transmit and receive queues of the protocol stack and network interface controller. There are several network schedulers available for the different operating systems, that implement many of the existing network scheduling algorithms.

Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management. Originally designed by Google, the project is now maintained by a worldwide community of contributors, and the trademark is held by the Cloud Native Computing Foundation.

Container Linux is a discontinued open-source lightweight operating system based on the Linux kernel and designed for providing infrastructure for clustered deployments while focusing on automation, ease of application deployment, security, reliability, and scalability. As an operating system, Container Linux provided only the minimal functionality required for deploying applications inside software containers, together with built-in mechanisms for service discovery and configuration sharing.

gVisor Linux software project developed by Google

gVisor is a container sandbox developed by Google that focuses on security, efficiency and ease of use. gVisor implements around 200 of the Linux system calls in userspace, for additional security compared to Docker containers that run directly on top of the Linux kernel and are isolated with namespaces. Unlike the Linux kernel, gVisor is written in the memory-safe programming language Go to prevent common pitfalls which frequently occur in software written in C.

Microsoft, a technology company historically known for its opposition to the open source software paradigm, turned to embrace the approach in the 2010s. From the 1970s through 2000s under CEOs Bill Gates and Steve Ballmer, Microsoft viewed the community creation and sharing of communal code, later to be known as free and open source software, as a threat to its business, and both executives spoke negatively against it. In the 2010s, as the industry turned towards cloud, embedded, and mobile computing—technologies powered by open source advances—CEO Satya Nadella led Microsoft towards open source adoption although Microsoft's traditional Windows business continued to grow throughout this period generating revenues of 26.8 billion in the third quarter of 2018, while Microsoft's Azure cloud revenues nearly doubled.

XDP is an eBPF-based high-performance data path used to send and receive network packets at high rates by bypassing most of the operating system networking stack. It is merged in the Linux kernel since version 4.8. This implementation is licensed under GPL. Large technology firms including Amazon, Google and Intel support its development. Microsoft released their free and open source implementation XDP for Windows in May 2022. It is licensed under MIT License.

This article documents the version history of the Linux kernel. The Linux kernel is a free and open-source, monolithic, Unix-like operating system kernel. It was conceived and created in 1991 by Linus Torvalds.

The Cloud Native Computing Foundation (CNCF) is a Linux Foundation project that was founded in 2015 to help advance container technology and align the tech industry around its evolution.

io_uring is a Linux kernel system call interface for storage device asynchronous I/O operations addressing performance issues with similar interfaces provided by functions like read /write or aio_read /aio_write etc. for operations on data accessed by file descriptors.

<span class="mw-page-title-main">CBL-Mariner</span> Microsoft open source operating system

CBL-Mariner is a free and open-source Linux distribution that Microsoft has developed. It is the base container OS for Microsoft Azure services and the graphical component of WSL 2.

<span class="mw-page-title-main">Cilium (computing)</span>

Cilium is a cloud native technology for networking, observability, and security. It is based on the kernel technology eBPF, originally for better networking performance, and now leverages many additional features for different use cases. The core networking component has evolved from only providing a flat Layer 3 network for containers to including advanced networking features, like BGP and Service mesh, within a Kubernetes cluster, across multiple clusters, and connecting with the world outside Kubernetes. Hubble was created as the network observability component and Tetragon was later added for security observability and runtime enforcement. Cilium runs on Linux and is one of the first eBPF applications being ported to Microsoft Windows through the eBPF on Windows project.

References

  1. 1 2 3 "Meta, Google, Isovalent, Microsoft and Netflix Launch eBPF Foundation as Part of the Linux Foundation". Linux Foundation . 12 August 2021. Retrieved 1 July 2022.
  2. 1 2 3 4 5 "BPF Internals". USENIX LISA 2021 conference. 1 June 2021. Retrieved 1 July 2022.
  3. "eBPF and Kubernetes: Little Helper Minions for Scaling Microservices". CNCF KubeCon + CloudNativeCon Europe 2020. 19 August 2020. Retrieved 1 July 2022.
  4. 1 2 "Making eBPF work on Windows". Microsoft Open Source Blog. 10 May 2021. Retrieved 1 July 2022.
  5. 1 2 "eBPF Documentation: What is eBPF?". eBPF.io. Retrieved 1 July 2022.
  6. "eBPF - Rethinking the Linux Kernel". QCon 2020. Retrieved 1 July 2022.
  7. "Safe Programs The Foundation of BPF". eBPF Summit 2021. 8 November 2020. Retrieved 1 July 2022.
  8. "BPF and Spectre: Mitigating transient execution attacks". POPL 2022 conference. 22 January 2022. Retrieved 1 July 2022.
  9. "eBPF - The Silent Platform Revolution from Cloud Native" (PDF). SIGCOMM 2023, 1st Workshop on eBPF and Kernel Extensions. 10 September 2023. Retrieved 5 October 2023.
  10. Hedam, Niclas (26 May 2023). "eBPF - From a Programmer's Perspective" (PDF). doi:10.13140/RG.2.2.33688.11529/4.
  11. "Linux BPF Superpowers". Brendan Gregg's Blog. 5 March 2016. Retrieved 1 July 2022.
  12. "Linus Torvalds talks about coming back to work on Linux". zdnet Interview with Linus Torvalds. 23 October 2018. Retrieved 1 July 2022.
  13. "Classic BPF vs eBPF". LWN. March 2014. Retrieved 6 January 2023.
  14. "net: filter: Just In Time compiler". lore.kernel.org. April 2011. Retrieved 1 July 2022.
  15. "Yet another new approach to seccomp". LWN. 1 January 2012. Retrieved 1 July 2022.
  16. "BPF updates". lore.kernel.org. March 2014. Retrieved 1 July 2022.
  17. "Happy birthday BPF!". lore.kernel.org. September 2014. Retrieved 1 July 2022.
  18. "tracing: attach eBPF programs to kprobes". lore.kernel.org. March 2015. Retrieved 1 July 2022.
  19. "eBPF support for cls_bpf". lore.kernel.org. March 2015. Retrieved 1 July 2022.
  20. "net, sched: add clsact qdisc". lore.kernel.org. January 2016. Retrieved 1 July 2022.
  21. 1 2 "eBPF-based Networking, Observability, Security". cilium.io. January 2016. Retrieved 1 July 2022.
  22. "LLVM 3.7 Release Notes". releases.llvm.org. August 2015. Retrieved 1 July 2022.
  23. "bcc: Taming Linux 4.3+ Tracing Superpowers". brendangregg.com. September 2015. Retrieved 1 July 2022.
  24. "Add driver bpf hook for early packet drop and forwarding". lore.kernel.org. July 2016. Retrieved 1 July 2022.
  25. "eCHO episode 9: XDP and Load Balancing". youtube.com. June 2021. Retrieved 1 July 2022.
  26. Høiland-Jørgensen, Toke; Brouer, Jesper Dangaard; Borkmann, Daniel; Fastabend, John; Herbert, Tom; Ahern, David; Miller, David (December 2018). "The eXpress data path: Fast programmable packet processing in the operating system kernel". Proceedings of the 14th International Conference on emerging Networking EXperiments and Technologies. acm.org. pp. 54–66. doi: 10.1145/3281411.3281443 . ISBN   9781450360807. S2CID   53779310 . Retrieved 1 July 2022.
  27. "Cilium - Fast IPv6 Container Networking with BPF and XDP". slideshare.net. August 2016. Retrieved 1 July 2022.
  28. 1 2 "New GKE Dataplane V2 increases security and visibility for containers". cloud.google.com. May 2021. Retrieved 16 August 2022.
  29. "nfp ring reconfiguration and XDP support". lore.kernel.org. November 2016. Retrieved 1 July 2022.
  30. 1 2 "XDP 1.5 Years In Production. Evolution and Lessons Learned". lpc.events. November 2018. Retrieved 16 August 2022.
  31. "pull-request: bpf 2017-11-23". lore.kernel.org. November 2017. Retrieved 1 July 2022.
  32. "tools: add bpftool". lore.kernel.org. September 2017. Retrieved 1 July 2022.
  33. "Introducing AF_XDP support". lore.kernel.org. January 2018. Retrieved 1 July 2022.
  34. "AF_XDP Poll Mode Driver". doc.dpdk.org. August 2022. Retrieved 16 August 2022.
  35. "BPF comes to firewalls". lwn.net. February 2018. Retrieved 1 July 2022.
  36. "Why is the kernel community replacing iptables with BPF?". cilium.io. April 2018. Retrieved 1 July 2022.
  37. "bpftrace (DTrace 2.0) for Linux 2018". brendangregg.com. October 2018. Retrieved 16 August 2022.
  38. "Combining kTLS and BPF for Introspection and Policy Enforcement" (PDF). vger.kernel.org. November 2018. Retrieved 1 July 2022.
  39. "BTF deduplication and Linux kernel BTF". nakryiko.com. November 2018. Retrieved 1 July 2022.
  40. "BPF Performance Tools (book)". brendangregg.com. December 2019. Retrieved 16 August 2022.
  41. "MAC and Audit policy using eBPF (KRSI)". lore.kernel.org. March 2020. Retrieved 16 August 2022.
  42. "BPF in GCC". lwn.net. September 2020. Retrieved 16 August 2022.
  43. Brendan Gregg (December 2019). BPF Performance Tools. Addison-Wesley. ISBN   978-0136554820.
  44. "eBPF Summit Day Two". cilium.io. October 2020. Retrieved 1 July 2022.
  45. 1 2 "What is the bee named?". ebpf.io. Retrieved 1 July 2022.
  46. "eBPF: One Small Step". Brendan Gregg's Blog. May 2015. Retrieved 1 July 2022.
  47. "eBPF Foundation Charter". ebpf.foundation. June 2021. Retrieved 16 August 2022.
  48. "eBPF Foundation Governance". ebpf.foundation. August 2022. Retrieved 16 August 2022.
  49. "Open-sourcing Katran, a scalable network load balancer". fb.com. May 2018. Retrieved 16 August 2022.
  50. "BPF at Facebook". youtube.com. December 2019. Retrieved 16 August 2022.
  51. "From XDP to socket". lpc.events. September 2021. Retrieved 16 August 2022.
  52. "eCHO episode 29: BPF LSM with KP Singh". youtube.com. November 2021. Retrieved 16 August 2022.
  53. "BPF security auditing at Google - Brendan Jackman/KP Singh". youtube.com. November 2021. Retrieved 16 August 2022.
  54. "Replacing HTB with EDT and BPF". netdevconf.info. July 2020. Retrieved 16 August 2022.
  55. "Cloudflare architecture and how BPF eats the world". blog.cloudflare.com. May 2019. Retrieved 16 August 2022.
  56. "It's crowded in here!". blog.cloudflare.com. October 2019. Retrieved 16 August 2022.
  57. "Production ready eBPF, or how we fixed the BSD socket API". blog.cloudflare.com. February 2022. Retrieved 16 August 2022.
  58. "Live-patching security vulnerabilities inside the Linux kernel with eBPF Linux Security Module". blog.cloudflare.com. June 2022. Retrieved 16 August 2022.
  59. "Unimog - Cloudflare's edge load balancer". blog.cloudflare.com. September 2020. Retrieved 16 August 2022.
  60. "How Netflix uses eBPF flow logs at scale for network insight". netflixtechblog.com. June 2021. Retrieved 16 August 2022.
  61. "Extending Vector with eBPF to inspect host and container performance". netflixtechblog.com. February 2019. Retrieved 16 August 2022.
  62. "Dropbox traffic infrastructure: Edge network". dropbox.tech. October 2018. Retrieved 16 August 2022.
  63. "eBPF Traffic Monitoring". source.android.com. August 2022. Retrieved 16 August 2022.
  64. "Extending the Kernel with eBPF". source.android.com. August 2022. Retrieved 16 August 2022.
  65. "NAT46 translation with BPF". lore.kernel.org. April 2022. Retrieved 16 August 2022.
  66. "BPF for Android: How we leverage BPF for our networking solutions - Madhan Raj Kanagarathinam". www.youtube.com. February 2024. Retrieved 19 February 2022.
  67. Software L4 Load Balancing for Kubernetes Services at Yahoo! – Karthikeyan Thangaraj, Verizon Media , retrieved 2024-02-03
  68. "Skyfall: eBPF agent for infrastructure observability". www.linkedin.com. Retrieved 2024-02-03.
  69. "How Does Alibaba Cloud Build High-Performance Cloud-Native Pod Networks in Production Environments?". alibabacloud.com. September 2020. Retrieved 16 August 2022.
  70. "Datadog on eBPF". datadogon.datadoghq.com. February 2021. Retrieved 16 August 2022.
  71. "Runtime Security Monitoring with eBPF" (PDF). sstic.org. February 2021. Retrieved 16 August 2022.
  72. "Our eBPF Journey at Datadog - Laurent Bernaille & Tabitha Sable, Datadog". youtube.com. November 2020. Retrieved 16 August 2022.
  73. "User Story - How Trip.com uses Cilium". cilium.io. February 2020. Retrieved 16 August 2022.
  74. "Trip.com: Stepping into Cloud Native Networking Era with Cilium+BGP". arthurchiao.art. November 2020. Retrieved 16 August 2022.
  75. Keynote: Open Source Intrusion Detection for Containers at Shopify - Shane Lawrence & Kris Nóva , retrieved 2024-02-09
  76. Rogers, Patrick (2023-08-15). "BPFAgent: eBPF for Monitoring at DoorDash - DoorDash Engineering Blog". DoorDash Engineering Blog. Retrieved 2024-02-09.
  77. "Making eBPF work on Windows". cloudblogs.microsoft.com. May 2021. Retrieved 16 August 2022.
  78. "Getting Linux based eBPF programs to run with eBPF for Windows". cloudblogs.microsoft.com. February 2022. Retrieved 16 August 2022.
  79. "Progress on making eBPF work on Windows". cloudblogs.microsoft.com. November 2019. Retrieved 16 August 2022.
  80. "Cilium Standalone Layer 4 Load Balancer XDP". cilium.io. July 2022. Retrieved 16 August 2022.
  81. Rate limiting access to internal services in a virtual network – Nick Bouliane, DigitalOcean , retrieved 2024-02-04
  82. "Building a Secure and Maintainable PaaS - Bradley Whitfield, Capital One". youtube.com. November 2020. Retrieved 16 August 2022.
  83. Why eBPF is changing the telco networking space – Daniel Bernier, Bell Canada , retrieved 2024-02-09
  84. Elastic Universal Profiling , retrieved 2024-02-26
  85. "Think eBPF for Kernel Security Monitoring - Falco at Apple- Eric Sage & Melissa Kilby, Apple". youtube.com. October 2021. Retrieved 16 August 2022.
  86. "eBPF & Cilium at Sky – Sebastian Duff, Anthony Comtois, Jospeh Samuel, Sky". youtube.com. August 2021. Retrieved 16 August 2022.
  87. "Running and orchestrating multiple XDP and TC programs – Brian Merrell, Walmart". youtube.com. August 2021. Retrieved 16 August 2022.
  88. "High Performance Load Balancing @Walmart – Kanthi Pavuluri & Karan Dalal, Walmart". youtube.com. August 2021. Retrieved 16 August 2022.
  89. "DIGLIM eBPF: secure boot at application level with minimal changes to distros - Roberto Sassu". youtube.com. August 2022. Retrieved 16 August 2022.
  90. "IKEA Private Cloud, eBPF Based Networking, Load Balancing, and Observability with... Karsten Nielsen". youtube.com. May 2022. Retrieved 16 August 2022.
  91. Panel Disucssion: Is There Actually a Byte Behind All the Buzz? eBPF in Production! , retrieved 2024-02-09
  92. Using user-space tracing to solve DNS problems – Andrius Grabauskas, Palantir , retrieved 2024-02-09
  93. "Reading privileged memory with a side-channel". googleprojectzero.blogspot.com. 3 January 2018. Retrieved 16 August 2022.
  94. "BPF and Spectre: Mitigating transient execution attacks". popl22.sigplan.org. Retrieved 16 August 2022.
  95. "bpf: Disallow unprivileged bpf by default". kernel.org. Retrieved 16 August 2022.

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.