Adding new features to the Linux kernel is a slow and complex process, creating a bottleneck for developers who need new observability or security capabilities.
eBPF allows running custom programs in a sandboxed virtual machine inside the kernel, enabling new features without changing kernel source code.
eBPF programs are triggered by kernel events called hooks, and they are typically written in C or Python using libraries like BCC and compiled with LLVM.
A simple program demonstrates how to write an eBPF function in C and use a Python script to load it and attach it to the execve system call.
Before execution, eBPF bytecode is validated by a verifier for safety and then compiled by a Just-In-Time (JIT) compiler into native machine code for performance.
eBPF maps are key-value data structures that enable efficient data sharing between eBPF programs in the kernel and applications in user space.
Major open-source projects like Cilium, Falco, and Pixie leverage eBPF for networking and observability, and it is widely adopted by large tech companies.
Bitpanda
Vienna, Austria
28:20Mohammed Aboullaite
26:48Ozan Sazak
28:26Igor Todorovski
44:00Dimitrij Klesev & Andreas Zeissner
21:49Reinhard Kugler
42:45Marc Nimmerrichter
46:36Andrew Martin
28:47Mathias Tausig
Jobs that call for the skills explored in this talk.
Information Service Center WBF
Bay Systems
Berkeley, United States of America
