eBPF stands for enhanced Berkeley Packet Filter, and it is an in-kernel virtual machine that is integrated into the Linux kernel and can be used for Linux tracing. In order to be able to use eBPF, you will need to have a kernel compiled with the CONFIG_BPF_SYSCALL
option, which is automatically activated on Ubuntu Linux.
Note
eBPF works on Linux machines with relatively new kernel versions but does not work on macOS or Mac OS X machines.
You can learn more about eBPF at https://github.com/iovisor/bcc and about eBPF and Go at https://kinvolk.io/blog/2016/11/introducing-gobpf---using-ebpf-from-go/. The gobpf
package can be found at https://github.com/iovisor/gobpf/.
Unfortunately, further discussion of eBPF and Go is beyond the scope of this book.