Recently Extended Berkeley Packet Filter (eBPF) has emerged as a technology which can provide programmability in the linux kernel by running sandboxed programs within the kernel safely. eBPF programs can be attached at several points in the kernel (syscalls, kprobes) and network data-path like sockets, traffic control (TC) and Express data path (XDP). eBPF is well accepted in industry with several network applications being developed such as Facebook's katran load-balancer, AWS's eBPF based microservice observability, etc.
The hands-on will cover basics of eBPF. We will dive into some use cases followed by a hands-on on compiling and running some eBPF modules. As part of the tutorial we will also understand how eBPF can be leveraged for network monitoring.