In 1992, the Berkeley Packet Filter (BPF) was introduced in Unix circles as a new, improved network packet filter. Nice, but not that big a deal. Then, in 2014, it was changed and brought into the Linux kernel as extended BPF (eBPF). Again, that was okay. Just okay. Soon thereafter though, developers started using it to run user-space code inside a virtual machine (VM) on the Linux kernel. And, then it was a huge deal. As Netflix computer performance expert Brendan Gregg said, with eBPF, “superpowers have finally come to Linux.”
What superpowers? eBPF gives you the power to run programs in the Linux kernel without changing the kernel source code or adding additional modules. In effect, it acts as a lightweight (VM) inside the Linux kernel space. There, programs that can run in eBPF run much faster, while taking advantage of kernel features unavailable to other higher-level Linux programs.