Prelude
Who this documentation is for
Most literature on the Internet documents eBPF from a user's perspective. However, for OS developers or someone who just needs to write an eBPF implementation from scratch for whatever reason, they will most likely have to turn to the Linux source code due to a lack of documentation.
This site is an attempt to provide some implementation details of eBPF in Linux, in the hope that it will pick up some hitchhikers on the way.
Prerequisites
I assume that you have already heard about eBPF as well as the following concepts before:
- eBPF instruction set
- eBPF virtual machine
- eBPF byte code
- eBPF helper functions
- eBPF interpreter
- eBPF verifier
- Reduced Instruction Set Computer (RISC)
- Just-In-Time (JIT) compilation
- Ahead-Of-Time (AOT) compilation
- Relocation
We will get to these concepts soon.
JIT or AOT
We are not going to distinguish between JIT and AOT. But it can be fun if you think about it:
- From the user's perspective, the kernel does JIT compilation, since the compilation is done after they request to run the program.
- As for eBPF implementers, it is actually AOT: compilation is done before running the code.
- No, we are not to discuss those complex techniques used by Java or C#.
- It might eventually evolve into a JIT implementation, but personally I think it is just too slow during warm-up and not worth the price.