Source: thenewstack.io
Microsoft Brings eBPF to Windows
If you want to run code to provide observability, security or network functionality, running it in the kernel of your operating system gives you a lot of power because that kernel can see and control everything on the system. That’s powerful, but potentially intrusive or dangerous if you get it wrong, whether that’s introducing a vulnerability or just slowing the system down.
Kubernetes networking security using Calico or Cilium is extremely popular because it provides visibility into HTTP traffic traditional security monitoring can’t see.
Windows uses drivers whereas Linux uses kernel modules and APIs rather than system calls, so eBPF needs to be implemented slightly differently.
Call a network socket or bind to a common protocol like IPv4 or IPv6 and you can recompile Linux eBPF code to run on Windows.
Kubernetes networking security using Calico or Cilium is extremely popular because it provides visibility into HTTP traffic traditional security monitoring can’t see.
Windows uses drivers whereas Linux uses kernel modules and APIs rather than system calls, so eBPF needs to be implemented slightly differently.
Call a network socket or bind to a common protocol like IPv4 or IPv6 and you can recompile Linux eBPF code to run on Windows.
Related Articles
Community Partners
DevOps Careers