This early-stage project is not a fork, Redmond insists
Microsoft on Monday launched an open source project to make a Linux kernel tool known as eBPF, short for Extended Berkeley Packet Filter, work on Windows. Inspired by network packet filtering and capture software dubbed Berkeley Packet Filter, eBPF is a register-based virtual machine designed to run custom 64-bit RISC-like architecture via just-in-time compilation inside the Linux kernel. As such, eBPF programs are particularly well-situated for debugging and system analysis, such as tracing file system and registry calls. eBPF’s relationship with the Linux kernel has been likened to JavaScript’s relationship with web pages – it allows Linux kernel behavior to be modified by loading an eBPF program that’s executed, and without changing actual kernel source code or loading a kernel module. Microsoft, having force fed Windows with Linux supplements in recent years, has moved on to embracing and extending Linux tooling. eBPF programs have proven useful on Linux for denial-of-service defense and system observability.
