Microsoft wants to get eBPF tools for Linux kernel working on Windows 10

Spread the love

Microsoft has started an open source project to get eBPF working on Windows 10 and Windows Server 2016 and newer. The goal is to make the eBPF toolchains and APIs on Windows available to developers.

The project is still in its early stages and going according to Microsoft not to fork. The company reports that while eBPF support came to the Linux kernel first, there is growing interest in bringing the technology to other operating systems.

The abbreviation eBPF stands for extended Berkeley Packet Filter. Berkeley Packet Filter was originally intended for analyzing network traffic through low-level packet interception. With eBPF, thanks to a virtual machine, much more is possible, both at kernel level and in user space. The Linux support allows modifications to the behavior of the software, for example through eBPF tools, without actually having to modify the kernel source code or load a kernel module.

Among other things, Microsoft’s project will leverage the work of existing open source projects such as the one for IOVisor uBPF and Prevail and adapt its code for the Windows hosting environment. Some tools are so specific to Linux that they cannot be used by other operating systems.

EnvironmentFilterGoalKernelLinuxMachineMicrosoftModificationsSoftwareToolsTrafficWindowsWindows 10Windows Server