• Kernel side
  • either in C or Rust
• userland (more programming languages)
• applications loaded directly into the kernel
• more secure than kernel modules since there is a verifier which does basic checks against the eBPF bytecode
• also Docker uses eBPF technologies under the hood

Resources

• 2024-06-18 ◦ An Applied Introduction to eBPF with Go — Ozan Sazak
• 2023-09-06 ◦ eBPF Offensive Capabilities - Get Ready for Next-gen Malware – Sysdig
• 2022-09-13 ◦ The power of eBPF |> Changelog
• 2022-09-13 ◦ eBPF - Introduction, Tutorials & Community Resources