By Steven J. Vaughan-Nichols for Linux and Open Source | August 13, 2021 -- 20:16 GMT (13:16 PDT) | Topic: Enterprise Software
Back in 1992, the Berkeley Packet Filter (BPF) was introduced in Unix circles as a new, much faster network packet filter. That was nice, but far from revolutionary. Years later, in 2014, it was modified and brought into the Linux kernel as extended BPF (eBPF). There it would add radical new features to Linux and it's being used for numerous, useful Linux-based projects and eBPF is moving on from Linux into Windows as well.
What's so special about it? Simple, eBPF enables you to run programs in the Linux kernel without changing the kernel source code or adding additional modules. In effect, it acts like a lightweight, sandbox virtual machine (VM) inside the Linux kernel space. There, programs that can run in eBPF run much faster, while taking advantage of kernel features unavailable to other higher-level Linux programs.