Shulou(Shulou.com)11/24 Report--

CTOnews.com According to OpenEuler, eBPF is a technology that enables sandboxing programs in the kernel, providing a mechanism for safely injecting code when kernel events and user program events occur, allowing non-kernel developers to control the kernel. With the development of kernel, eBPF has gradually expanded from initial packet filtering to network, kernel, security, tracing, etc., and its functional characteristics are still developing rapidly. The early BPF is called classic BPF, abbreviated as cBPF. It is this functional expansion that makes the current BPF called extended BPF, abbreviated as eBPF.

Today eBPF is widely used in cloud native, observable, performance tuning, security, hardware acceleration, etc., and its application scenarios are rapidly expanding.

Although the application of eBPF technology presents blowout phenomenon, the basic technology related to development, release and installation is fragmented, resulting in technical achievements that cannot be quickly translated to the production environment of industry customers; similar eBPF technology applications are repeated. These problems hinder the popularization and popularization of eBPF technology.

As shown in the figure below, the current development and distribution methods of eBPF can be basically divided into two technical routes:

Separation of development state and operation state (typical representative libbpf)

Advantages: ELF file format (or linked into the application) distribution, run-time lightweight, suitable for large-scale application in production environment.

Disadvantages: High application technology threshold and lack of portability (e.g., higher kernel versions of eBPF programs cannot be ported to lower kernel versions).

Fusion of development state and operation state (typical representative of BCC)

Advantages: The source code form is naturally portable; the abstract runtime is encapsulated, and a high-level language API is provided to reduce the difficulty of development.

Disadvantages: heavy runtime, high requirements for the production environment (need to install a series of development tools); highly abstract, reduce the flexibility of use, not suitable for large-scale application development.

With the development of eBPF technology, BumbleBee, eunomia-bpf and other projects are devoted to integrating the advantages of these two technical routes, but they still lack the overall planning of eBPF basic technology.

eBPF summit 2022 The future of eBPF in the Linux Kernel looks forward to the development direction of eBPF, and the specific evolution direction includes several aspects:

More complete programming capability: The current eBPF programming capability has some limitations (e.g., loops that do not support variable boundaries, limited number of instructions, etc.), and the evolution goal is to provide Turing-complete programming capability.

Stronger security: support for type-safety, enhanced runtime Verifier, evolution to provide secure programming capabilities comparable to Rust.

More extensive portability: enhance CO-RE, strengthen Helper interface portability, and achieve cross-system and platform portability.

Stronger programmability: Support access/modification of arbitrary kernel parameters, return values, and achieve stronger kernel programming capabilities.

In summary, its evolution goal is to build eBPF into a secure programming language for kernel (including hardware) runtime, through which eBPF software is built to carry kernel (or hardware) capabilities. An interesting consequence of this evolution is that it is difficult to classify eBPF software as application software or system software according to the traditional classification of software types. So, simply define it as an independent software form: eBPF as Service.

CTOnews.com understands that openEuler programmable kernel SIG hopes to standardize the basic technologies related to eBPF software (including packaging, distribution, installation, upgrade, etc.), so as to facilitate the promotion of eBPF technology in various industries and scenarios. Therefore, many enterprises/universities advocate to establish industry standards in openEuler community, and provide performance acceleration, security reinforcement, intelligent observation and other services to community users through standardized release of kernel customization capability and hardware unloading capability.

The discussion was divided into three areas:

eBPF runtime: Responsible for providing portable software installation capability, software hot upgrade capability, package management capability, etc.

eBPF Development Kit: Responsible for providing one-stop development, debugging, compilation tools, providing cross-system, platform portability of software package publishing capabilities.

eBPF Service HUB: Responsible for providing bazaar management of eBPF Service, providing eBPF Service push and distribution capabilities.

openEuler Programmable Kernel SIG Goals One of the goals of openEuler Programmable Kernel SIG will promote the standardization of eBPF as Service, turning kernel capabilities and hardware acceleration capabilities into services and markets, benefiting more community users. At the same time, the openEuler community will push some basic software and technical standards in the industry standards to the Linux upstream community to strengthen the eBPF technology ecosystem.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.