bpf() syscall
Single entry point the kernel exposes for loading programs, creating maps any more.
eBPF Taking off
Core building blocks that let you load your first working tool and understand how data moves between user space and the kernel.
eBPF Maps
Kernel-resident hash tables arrays LRU caches and ring buffers that store data shared between eBPF programs and user processes making stateful tasks possible.
eBPF Map Operations
Create read update delete batch pin freeze everything you need to manage maps.
eBPF Program Types
Menu of hook kinds such as XDP kprobe tracepoint LSM and many more.