October 25, 2017

BPF Updates 12

This is issue 12 of the regular newsletter around BPF written by Alexander Alemayhu. It summarizes ongoing development, presentations, videos and other information related to BPF and XDP. It is released roughly once a week.

The highlights since the last time

  • Generic metadata transfer from XDP into skb via new helper function bpf_xdp_adjust_meta.
  • bpf_perf_event_read_value helper function series got merged.
  • Multiple programs can now be attached to a cgroup.
  • A new map type cpumap for XDP got merged.

The addition of metadata transfer from XDP allows XDP programs to apply early filters to extract metadata from packets and make it available to BPF programs later in the forwarding chain such as programs attached to clsact qdiscs.

The new values available via the perf helper make it easier to normalize measurements. cpumap let's you redirect XDP frames to remote CPU's where these can handle the packet representation and fire up the networking stack.

More interesting topics

  • More fields added to bpf_prog_info.
  • Netronome bpftool upstreamed.
  • LPM performance improvements.
  • 32-bit eBPF encoding support.

The BPF tooling is evolving and introspection is getting better.



All Systems Go! 2017 - A gentle introduction to [e]BPF

Beginner friendly overview of BPF.

All Systems Go! 2017 - High-performance Linux monitoring with eBPF

Intro to BPF and short part on how it's being leveraged in weaveworks.

All Systems Go! 2017 - Using BPF in Kubernetes

Nice talk focusing on some of the use cases in the cloud.

Kernel Recipes 2017 - EBPF and XDP - Eric Leblond

Overview of how Suricata uses BPF Nice to see the version number for the various features / work mentioned. The slides also has some code.

Kernel Recipes 2017 - Performance Analysis with BPF - Brendan Gregg

Introduction to BPF focusing on BCC and tracing.


eBPF cgroup filters for data usage accounting on Android

Interesting work on how to use BPF for wifi data usage.

Cilium – Kernel Native Security & DDOS Mitigation for Microservices with BPF

High level introduction to Cilium with some new ongoing work on Cilium. If you are using / interested in Kafka, worth checking out for the API filtering.

eBPF Implementation for FreeBSD

Interesting slides on eBPF port to FreeBSD.

In case you missed it

Heap Allocation Flamegraphs

Post on using one of the grave tools for tracing JVM processes.

LinuxのBPF : (5) eBPFによるLinux Kernel Tracing

Going through a tracing example using kernel 4.12.

An intro to using eBPF to filter packets in the Linux kernel

Beginner friendly post with a accompanying example for tracing.

IP Accounting and Access Lists with systemd

Simple cgroup/BPF packet counting and blacklist via systemd.

XDP on Power

XDP on the Power architecture.

Cilium v0.10 & v0.11 Released: Double the Fun - Two Updates in One!

Great post on the recent progress made in the Cilium project.


A couple of new GitHub projects. Please star if you like the projects ;)

Cilium client API example

Simple example illustrating use of the Cilium API.


An assembler for eBPF programs written in an Intel-like assembly syntax.


eBPF programs without a libbcc dependency


Generic eBPF VM. Currently support FreeBSD kernel, FreeBSD userspace, Linux kernel, Linux userspace and MacOSX userspace.

Random cool note

Schedule is out! Dont miss this amazing event. Come to the land of Kimchi and Palaces. Hangout with awesome geeks. https://www.netdevconf.org/2.2/schedule.html


Please note that netdev receives a lot of patches and the list above is not meant to be comprehensive.