An easy-to-Understand Overview of Popular extended BPF Tools – BCC, Falco, and More
Jul 19, 2022
55
An easy-to-Understand Overview of Popular extended BPF Tools – BCC, Falco, and More
An in-kernel virtual machine BPF, or Berkeley Packet Filter, is known for running programs passed from user space. It was first implemented on BSD and then Linux, followed by the classic BPF (cBPF). In recent times, the BPF infrastructure in Linux has undergone a major transition and has given birth to the extended BPF – or eBPF as it is popularly called. Some of the popular use-cases where extended BPF has brought about flexibility and high performance include tracing and monitoring events on the system, enforcing access control over cgroups, and processing packets at a very low level (XDP).