Making Use Of eBPF In The Mainline Linux Kernel

Written by Michael Larabel in Linux Kernel on 27 August 2016 at 10:02 AM EDT. Add A Comment
One of the exciting innovations within the Linux kernel in the past few years has been extending the Berkeley Packet Filter (BPF) to become a more generalized in-kernel virtual machine. The eBPF work with recent versions of the Linux kernel allow it to be used by more than just networking so that these programs can be used for tracing, security, and more.

eBPF is quite exciting and all of its potential is likely not yet fully realized as a universal in-kernel virtual machine. The eBPF programs can be compiled for the kernel via LLVM Clang to make it easy to write these programs to be interpreted by this VM.

For developers not yet fully up to speed on (e)BPF, Brenden Blanco of the IOvisor project spoke at this week's LinuxCon 2016 Toronto conference about all of the possibilities and writing a few demos.

If you missed out on the event, the 33 page slide deck can be found in PDF form to learn more about Linux eBPF programs this weekend.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week