Enhancing Security with eBPF: Use Cases Explored
eBPF, short for Extended Berkeley Packet Filter, is a kernel technology that allows programs to run without requiring changes to the kernel source code or the addition of new modules. eBPF was built on top of the Berkeley Packet Filter (cBPF). Notable milestones in its development include the first in-kernel Linux JIT compiler in April 2011 and the first non-networking use case of the classic Berkeley Packet Filter, seccomp-bpf, appearing in January 2012. It can be used for a variety of purposes.