eBPF
← Back to Linux Internals
Extended Berkeley Packet Filter — a technology that allows running sandboxed programs in the Linux kernel without modifying kernel source or loading kernel modules. Used for high-performance networking, observability (tracing, profiling), and security enforcement. Programs are verified for safety before execution.
Key Properties
Related
- Kernel vs User Space (eBPF safely runs user code in kernel space)
- Service Mesh on K8s (Cilium uses eBPF for networking)