# eBPF Originally "Berkeley Packet Filter", a way to run IP packet filters as little programs in kernel: - The original BPF paper: [https://www.tcpdump.org/papers/bpf-usenix93.pdf](https://www.tcpdump.org/papers/bpf-usenix93.pdf) Now much extended as a "general purpose" platform to run little programs inside the kernel, usually for monitoring / metrics gathering, but also (still! again!) for filtering. The different types of BPF programs: ```c enum bpf_prog_type { BPF_PROG_TYPE_UNSPEC, BPF_PROG_TYPE_SOCKET_FILTER, BPF_PROG_TYPE_KPROBE, BPF_PROG_TYPE_SCHED_CLS, BPF_PROG_TYPE_SCHED_ACT, BPF_PROG_TYPE_TRACEPOINT, BPF_PROG_TYPE_XDP, BPF_PROG_TYPE_PERF_EVENT, BPF_PROG_TYPE_CGROUP_SKB, BPF_PROG_TYPE_CGROUP_SOCK, BPF_PROG_TYPE_LWT_IN, BPF_PROG_TYPE_LWT_OUT, BPF_PROG_TYPE_LWT_XMIT, BPF_PROG_TYPE_SOCK_OPS, BPF_PROG_TYPE_SK_SKB, }; ``` ## Books - [[BOOK - BPF Performance Tools - Brendan Gregg]] ## For firewall uses I'm looking a bit more into eBPF uses for firewall rules (ironic) because I think a similar underlying VM for handling automoderation in the [[Fediverse]] (see [[SK - 3d5 - Concrete project ideas around the fediverse#EBPF like language for configuring "firewall" rules]]) could be interesting. But I don't really know too much. - [Why is the kernel community replacing iptables with BPF?](https://cilium.io/blog/2018/04/17/why-is-the-kernel-community-replacing-iptables/) - [Deep Dive into Facebook's BPF edge firewall](https://cilium.io/blog/2018/11/20/fb-bpf-firewall/) - [Optimizing Magic Firewall’s IP lists](https://blog.cloudflare.com/magic-firewall-optimizing-ip-lists/) - [How We Used eBPF to Build Programmable Packet Filtering in Magic Firewall](https://blog.cloudflare.com/programmable-packet-filtering-with-magic-firewall/) ## Links - [Running fast and slow: experiments with BPF programs performance · Erthalion's blog](https://erthalion.info/2022/12/30/bpf-performance/)