By Joab Jackson
Translated by Wang Qiang
Planned by Tina
With the help of the IETF and Microsoft, eBPF is poised to bring cross-platform compatibility to kernel programs for both Linux and Windows.
Atlast month’s virtual eBPF Summit, Thomas Graf, CTO and co-founder of Isovalent, discussed the future of this open-source, filter-turned-kernel engine. He pointed out that this future includes a version for Microsoft Windows. Microsoft researchers have launched a project to create a version of eBPF for Windows, effectively providing a similar programmable interface for the Windows kernel.
Since itsinclusion in the kernel a decade ago, Linux-based eBPF has seen widespread adoption, particularly by observability, security, and compliance tools. These tools leverage its programmable, high-speed nature to analyze and filter packets without the need forcumbersome modules or risky kernel modifications. With its promise of cross-platform compatibility between Windows and Linux, tool developers can write binaries that support both platforms simultaneously.
eBPF for Windows: A Sandbox for Kernel-Level Programming
Similar to Linux eBPF, Windows eBPF will offer a sandbox for executing small programs within thekernel itself. Once verified, eBPF bytecode will be executed using a closed-kernel interpreter. The Microsoft project, published on GitHub, shows 43 contributors with the code primarily written in C, with a small amount of C++. Graf stated that the package will implement bytecode compatibility with Linux eBPF and feature similar interpreters andjust-in-time compilers to execute the bytecode. However, given the differences in Windows system calls, the hook points where eBPF connects to the kernel may vary.
Challenges and Standardization for the Future
Graf indicated that all tools developed for Linux eBPF will also be ported to the Windows environment in thecoming years. He cautioned that this will present further challenges for the community. Moving forward, tool developers will need to ensure their products function correctly in both environments. This necessitates standardization.
Initially, eBPF (which administrators now agree no longer stands for anything) was developed as a set of code without adhering to any predefinedspecifications. As such, the code itself was the standard that tool developers had to follow, he said. The Internet Engineering Task Force (IETF) has embarked on a project to ensure cross-platform compatibility between Windows and Linux as much as possible. Dave Thaler, a technical advisor to the working groupand a key contributor to the Microsoft eBPF project, stated this year that the IETF is working to define a standard for eBPF that will ensure compatibility between different operating systems.
The Impact of eBPF on the Future of Kernel Programming
The arrival of eBPF on Windows marks a significant step forward forkernel programming. It opens up a world of possibilities for developers who can now write code that runs on both Windows and Linux, simplifying development and deployment processes. This cross-platform compatibility will also drive innovation in the field, leading to the development of new and exciting tools that leverage the power of eBPF.
References:
Views: 0