The extended Berkeley Packet Filter (eBPF) is an in-kernel virtual CPU for packet filtering that has been introduced in Linux in 2013. While originally made to capture and process network traffic, eBPF has introduced also the capability to trace and inspect any kernel function, which rapidly became one of the most successful features nowadays, curiously used even more used than traditional network processing capabilities. This Chapter will provide an architectural view of eBPF, it will give an insight on its tracing capabilities, then it will explore in more depth the case for eBPF technology applied to packet processing.
Extended Berkeley Packet Filter
Miano, Sebastiano;
2020-01-01
Abstract
The extended Berkeley Packet Filter (eBPF) is an in-kernel virtual CPU for packet filtering that has been introduced in Linux in 2013. While originally made to capture and process network traffic, eBPF has introduced also the capability to trace and inspect any kernel function, which rapidly became one of the most successful features nowadays, curiously used even more used than traditional network processing capabilities. This Chapter will provide an architectural view of eBPF, it will give an insight on its tracing capabilities, then it will explore in more depth the case for eBPF technology applied to packet processing.| File | Dimensione | Formato | |
|---|---|---|---|
|
20CNITBook-eBPF.pdf
Accesso riservato
Dimensione
580.31 kB
Formato
Adobe PDF
|
580.31 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
