Microsoft launches new open-source project to bring Linux tool eBPF to Windows
Microsoft has launched a new project which has the aim of bringing Linux kernel tool eBPF (Extended Berkeley Packet Filter) to Windows.
The company insists that the move to get the technology working in Windows does not represent creating a fork of eBPF. Instead, it will use existing projects, including the IOVisor uBPF project and the PREVAIL verifier, to run eBPF programs and APIs on top of its own operating systems -- specifically Windows 10 and Windows Server 2016 or above.
See also:
- Microsoft removes all Windows 10 upgrade blocks including Conexant audio driver issues
- Microsoft may have cancelled Windows 10X
- Microsoft withdraws AMD driver that causes INACCESSIBLE_BOOT_DEVICE error in Windows 10
It is very early days for eBPF on Windows as Microsoft has only just launched the project. As such, it is very difficult to get a sense of the speed of development, and no timetable has yet been published. Over on the GitHub page for the project, Microsoft says that the aim is to "create source code compatibility for code that uses common hooks and helpers that apply across OS ecosystems".
With its ability to run sandboxed programs in the Linux kernel without the need to change the kernel source code or loading kernel modules, the technology is perfect for numerous security applications.
Microsoft says:
eBPF is a well-known technology for providing programmability and agility, especially for extending an OS kernel, for use cases such as DoS protection and observability. This project is a work-in-progress that allows using existing eBPF toolchains and APIs familiar in the Linux ecosystem to be used on top of Windows. That is, this project takes existing eBPF projects as submodules and adds the layer in between to make them run on top of Windows.
In an FAQ about the technology, the company points out that "when HVCI is enabled, eBPF programs work fine in interpreted mode, but not when using JIT compilation".
More information about eBPF on Windows is available over on the project's GitHub page.