Security News > 2021 > May > Microsoft's new project ports Linux eBPF to Windows 10, Server
Microsoft has launched a new open-source project that aims to add to Windows the benefits of eBPF, a technology first implemented in Linux that allows attaching programs in both kernel and user applications.
Microsoft's effort builds on the work of the eBPF community by adding a compatibility layer that turns existing eBPF open-source projects into submodules that can work on top of Windows 10 and Windows Server 2016 and later.
An architectural view of the project shows that an eBPF program can use toolchains to generate eBPF bytecode in a variety of languages so any application can use it and even be fed into the Windows Netsh command-line tool, with the help of a shared library.
As seen in the image above, Microsoft uses the PREVAIL eBPF verifier hosted in a user-mode protected process, and IO Visor's uBPF running in kernel-mode execution context, to check the legitimacy of the resulting bytecode and to execute an eBPF program on top of Windows.
"Similarly, the eBPF for Windows project exposes Libbpf APIs to provide source code compatibility for applications that interact with eBPF programs" - Microsoft.
The ebpf-for-windows project is still at the beginning and the long-term purpose is to "Bring the power of eBPF to Windows users" and to become part of the larger eBPF community that would also guide its development.
News URL
Related news
- Windows Server August updates fix Microsoft 365 Defender issue (source)
- Microsoft: August updates cause Windows Server boot issues, freezes (source)
- Microsoft fixes Windows Server performance issues from August updates (source)
- Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack (source)
- Microsoft ends development of Windows Server Update Services (WSUS) (source)
- Microsoft: Windows 11 22H2 reaches end of support in 60 days (source)
- Microsoft is killing the Windows Paint 3D app after 8 years (source)
- Windows 10 KB5041580 update released with 14 fixes, security updates (source)
- Microsoft retires Windows updates causing 0x80070643 errors (source)
- Microsoft removes FAT32 partition size limit in Windows 11 (source)