Session

BPF is used in multiple layers of networking stack, in security, tracing and even task scheduling. Over the last 10 years BPF developers extended the kernel countless times. Sometimes well, sometimes not. This talk summarizes the lessons learned and proposes a framework on how to think and design new kernel extensions with and without BPF. It starts by taking a look in the design of modularity of TCP congestion control, how BPF got bolted into it, then into struct_ops mechanism, the mistakes in XDP design, and finally into practical considerations for future kernel extensions.