You may have heard of BPF (or eBPF as it's officially, but somewhat less commonly known). BPF is a virtual machine, implemented in the Linux kernel, that allows users to safely and performantly run custom event-driven code in kernelspace with wide-ranging access to kernel data structures (among other super-powers).

While originally intended for the single-purpose of packet filtering, in recent years, BPF has been extended to a number of other use-cases including performance monitoring, security auditing, and even a Linux security module that can be driven by custom BPF programs. The BPF subsystem and associated ecosystem is still relatively immature, and continues to produce new interesting use-cases. In 2021, it’s an exciting technology to be involved in!

This talk will go over the motivation for and the usage of BPF, covering a variety of domains in which it’s useful. There will be a strong focus on concrete examples to back up concepts covered, because nobody likes just being fed theory. Come dip your toes into kernelspace in the most accessible way possible!