Implementing eBPF for Windows [LWN net] lwn.net - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from lwn.net Daily Mail and Mail on Sunday newspapers.
The extended BPF (eBPF) virtual machine
allows programs to be loaded into and executed with the kernel and,
increasingly, other environments. As the use of BPF grows, so does
interest in defining what the BPF virtual machine actually is. In an
effort to ensure a consistent and fair environment for defining what
constitutes the official BPF language and run-time environment, and to
encourage NVMe vendors to support BPF offloading, a recent effort
has been undertaken to standardize BPF.
This early-stage project is not a fork, Redmond insists Share
Copy
Microsoft on Monday launched an open source project to make a Linux kernel tool known as eBPF, short for Extended Berkeley Packet Filter, work on Windows.
Inspired by network packet filtering and capture software dubbed Berkeley Packet Filter, eBPF is a register-based virtual machine designed to run custom 64-bit RISC-like architecture via just-in-time compilation inside the Linux kernel. As such, eBPF programs are particularly well-situated for debugging and system analysis, such as tracing file system and registry calls.
eBPF s relationship with the Linux kernel has been likened to JavaScript s relationship with web pages – it allows Linux kernel behavior to be modified by loading an eBPF program that s executed, and without changing actual kernel source code or loading a kernel module.