Paul Chaignon’s blog focuses essentially on the eBPF technology and its verifiers. Articles may include benchmarks of eBPF aspects, studies of the eBPF verifiers, summaries of academic papers related to eBPF, or comments on eBPF news.| pchaigno
This post describes how to use Cilium's large BPF programs to test and evaluate your changes to the Linux BPF verifier or to any other aspect of the kernel.| pchaigno
This post presents the material (papers and presentation slides) from the third edition of the eBPF workshop at ACM SIGCOMM 2025.| pchaigno
This post aims to be a relatively complete reference guide for the XFRM subsystem in the Linux kernel, when used for IPsec. It covers the basic configuration, the packet flows, the meaning of all state and policy fields, the impact of all XFRM errors, and some performance considerations.| pchaigno
Interactive list of eBPF research papers from top conferences according to CSRankings. The list can be filtered according to types of publications (ex., improving, using) and areas (ex., networking, verifier, offload, security).| pchaigno
Getting started guide on making your first pull request on Cilium.| pchaigno
This post discusses the publication of the first grant dedicated to eBPF research.| pchaigno
In 2021, Microsoft open sourced their eBPF-for-Windows project. They rely on existing open-source projects to JIT-compile, interpret, and verify BPF programs. Interestingly, PREVAIL, the BPF verifier they use, originated from peer-reviewed academic work and contrasts significantly with the Linux verifier.| π · chaingo
Tomorrow, Yoann Ghigoff et al. will present their paper BMC: Accelerating Memcached using Safe In-kernel Caching and Pre-stack Processing at NSDI 2021. In this paper, the authors propose to speed up Memcached using eBPF by implementing a transparent, first-level cache at the XDP hook. It’s not everyday we see BPF being used on application protocols!| π · chaingo
For an upcoming blog post, I wanted to measure the cost of BPF tail calls. Tail calls allow you to jump from one BPF program to another. Their overhead varied a lot in recent kernels, with a first increase caused by Spectre mitigations and a decrease thanks to improvements in Linux 5.5.| π · chaingo
This post summarizes the hXDP paper from OSDI 2020. The hXDP paper discusses the execution of XDP eBPF programs on FPGA-powered NICs.| pchaigno
Not everyone who develops BPF programs knows that several versions of the instruction set exist. This isn’t really surprising given documentation on the subject is scarce. So let’s go through the different eBPF instruction sets, why they exist, and why their choice matters.| π · chaingo