eBPF (Extended Berkeley Packet Filter)
eBPF (Extended Berkeley Packet Filter) is a revolutionary technology that allows sandboxed programs to run in the Linux kernel without modifying kernel source code or loading kernel modules. It enables developers to safely and efficiently extend kernel functionality for networking, security, observability, and tracing purposes through custom programs that execute in a virtual machine within the kernel.
Companies want eBPF expertise NOW because it's becoming the standard for cloud-native observability and security, enabling real-time monitoring and enforcement without performance overhead. With the rise of microservices and containerized environments, eBPF provides deep visibility into distributed systems while major players like Datadog and Cilium are building entire product ecosystems around this technology.
🎓 Courses
Getting Started with eBPF
Practical eBPF course covering tracing, networking, and security use cases
Linux Internals & Architecture: The Complete Kernel Guide
Comprehensive kernel course covering eBPF, XDP, tracing, kprobes, and networking internals
📖 Books
Learning eBPF
Liz Rice · 2023
Comprehensive guide for developers to start building eBPF programs for observability, networking, and security.
Mastering eBPF : The Professional’s Guide to Linux Performance and Cloud-Native Security
· 2025
Visit Amazon's Mastering eBPF : The Professional’s Guide to Linux Performance and Cloud-Native Security Page and shop for all <s
The eBPF Handbook: Mastering Linux Kernel Observability, Networking, and Security (The Complete eBPF Developer's Library): Brown, Williams D.: 9798294679477
· 2025
The eBPF Handbook is your comprehensive guide to understanding, building, and deploying eBPF applications. Master Linux kernel intros
🛠️ Tutorials & Guides
Episode 445: Thomas Graf on eBPF (extended Berkeley Packet Filter)
Thomas Graf, Co-Founder of Cilium, discusses eBPF and XDP and how they can be leveraged for a wide variety of use cases across networking, observabili
eBPF: Understanding and Implementing eBPF Technology
Join us in this comprehensive video where we dive deep into eBPF (extended Berkeley Packet Filter) technology. We start by understanding what eBPF is,
eBPF in 120 seconds
Welcome to our deep dive into eBPF (Extended Berkeley Packet Filter) in just 120 seconds! In this video, we’ll explore how eBPF is revolutionizing the
What is eBPF?
eBPF (Extended Berkeley Packet FIlter) is a method in which sandbox programs can run within a kernel. Liz Rice, Chief Open Source Off
Getting Started with eBPF for Security
Getting Started with eBPF for SecurityIn this video, we focus on the emerging technology of eBPF (extended Berkeley Packet Filter). We explain its sig
Hands-On Lab: Getting Started with eBPF Using Isovalent
Join me in this hands-on lab session where we dive into eBPF (extended Berkeley Packet Filter) technology using Isovalent's comprehensive
Getting Started with eBPF - Liz Rice (Linux Foundation)
Hands-on lab by Liz Rice exploring eBPF programs, maps, and verification through practical exercises
eBPF Guide - Comprehensive Resource Collection
Complete guide covering eBPF tools and libraries for security, monitoring, and networking
Learning resources last updated: March 17, 2026