Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News The eBPF Foundation Aims to Further Advance eBPF Features and Adoption

The eBPF Foundation Aims to Further Advance eBPF Features and Adoption

This item in japanese

eBPF, a technology used to extend the Linux kernel capabilities without requiring to change its code or reload kernel modules, now has its own foundation hosted within the Linux Foundation, announce Facebook, Google, Isovalent, and other founding members.

eBPF introduces a bridging layer between the kernel space and user space and makes it possible to reprogram the kernel behaviour at runtime through a number of predefined hooks the programmer can tap into. To ensure secure operation, eBPF programs are defined using custom bytecode that can be validated at runtime and is executed inside a sandbox. This makes eBPF programs more secure than Linux kernel modules themselves, which can be loaded into memory at runtime but have the potential of making the kernel crash. Furthermore, kernel modules are strictly tied to specific kernel versions, thus requiring a higher maintenance cost.

According to eBPF co-creator and maintainer Alexei Starovoitov, eBPF brings about a new way to iterate quickly on otherwise risky or expensive kernel features, including networking, security, and virtualization.

An example of eBPF use to improve the security of Kubernetes and Docker deployments is Google's Cilium, which is often called "iptables on steroids" and provides features typical of a service mesh. eBPF is also used to patch 0-days exploits at Facebook, Google, and other companies. On a related note, it is worth noting that Microsoft is actively working to bring eBPF to Windows.

The creation of the eBPF Foundation is a sign of eBPF's growing adoption, especially due to its relevance in the cloud native world, says Daniel Borkmann, also co-creator and maintainer of eBPF.

The goal of the eBPF Foundation will be expanding contributions to eBPF and make it grow beyond Linux. Additionally, the foundation will organize events and collaborations to drive eBPF further adoption. In fact, the foundation was announced shortly in advance to the eBPF 2021 Summit, where a number of key use cases for eBPF where presented including observability, load balancing, and mitigating transient execution attacks.

Rate this Article