BPF in Linux is gaining widespread attention as a framework for making the Linux kernel programmable, most notably in tracing, networking and security subsystems. This talk highlights the networking side by providing an overview of what BPF is and how it integrates into tc (traffic control) and the recently introduced XDP (eXpress Data Path). With the latter, the kernel gains a high-performance programmable networking data path that operates directly at the driver layer, suitable for use-cases such as DDoS prevention or load balancing in data centers. The talk will also briefly cover projects such as Cilium which orchestrates BPF for tc and XDP in order to provide security and load balancing for containers. Last but not least, recent advances and improvements in the Linux kernel on BPF and XDP are discussed.
Daniel Borkmann has been hacking on the Linux kernel for more than 7 years, mostly involved in the area of networking. Currently, Daniel is focusing on making the kernel more programmable through BPF and the cilium project.