Paul Chaignon
LightNews LightNews
pchaigno.bsky.social
Paul Chaignon
@pchaigno.bsky.social
170 followers 32 following 63 posts
System security, eBPF, and programmable networks. Working on Cilium's BPF-based datapath. He/him.
Posts Replies Media Videos
Pinned
pchaigno.bsky.social
Paul Chaignon @pchaigno.bsky.social · Mar 18
It does not make sense to compare the performance of nftables and eBPF.

eBPF can take many different forms. Its performance will largely depend on its hook point, its maps, the algorithm its implementing. That's the point I tried to illustrate in pchaigno.github.io/ebpf/2020/09....
BPF Isn’t About Speed
This post benchmarks various approaches to filter egress traffic in the Linux kernel. It compares iptables, ipset, tc-bpf, and cgroup-bpf. It demonstrates how diverse aspects of the eBPF implementatio...
pchaigno.github.io
pchaigno.bsky.social
Following our talk at Plumbers, we're starting a series of articles with Mahé Tardy on the state pruning optimization in the #eBPF verifier. I'm kicking off this series with a timeline of the main changes: pchaigno.github.io/ebpf/2026/01....
Screenshot of the top of the timeline, showing the first five commits. The timeline has release numbers, years, links to the commits and explanations. Some commits include a "Read more" link to a dedicated blog post.
January 20, 2026 at 4:31 PM
pchaigno.bsky.social
My colleague Mahé Tardy wrote a blog post covering state pruning points in the #eBPF verifier: mtardy.com/posts/prune-....

State pruning is an optimization to the eBPF verifier to help it scale to larger programs. Pruning points are instructions in the program where this optimization is triggered.
Figure from Mahé's blog post showing where pruning points are placed in case of jumps. The pruning points are the instructions with bold borders. They are typically placed on the target instruction for unconditional jumps as well as on the jump itself for conditional jumps.
January 20, 2026 at 4:00 PM
pchaigno.bsky.social
In his latest blog, @vincent.bernat.ch looked at how to load balance uneven traffic flows across multiple workers all listening on the same port: vincent.bernat.ch/en/blog/2026.... And of course, eBPF can help here! As usual, very easy to follow along and with code walkthroughs.
Using eBPF to load-balance traffic across UDP sockets with Go
Learn how to implement eBPF-based load balancing for UDP sockets in Go. The article also covers graceful restarts.
vincent.bernat.ch
January 20, 2026 at 3:31 PM
pchaigno.bsky.social
There's a new eBPF sandbox by David Ventura to learn BPF development with exercises and detailed explanations: ebpf.party. Looks great for a first quick introduction!
Screenshot of the top of the website, showing the first 6 exercises (out of 12).
January 15, 2026 at 11:02 AM
pchaigno.bsky.social
I updated my blog post on the @sigcomm.bsky.social #eBPF workshop with slides for most presentations over the past three years! pchaigno.github.io/ebpf/2025/09...

This was possible thanks to Sebastiano Miano who kept archives from the workshops over the years 🙏
Screenshot of the top of the blog post.
January 14, 2026 at 5:24 PM
pchaigno.bsky.social
Syzkaller has been fuzzing Linux patchsets since August! It already caught more than 100 bugs before they were merged. At #LinuxPlumbers, Aleksandr Nogikh explained why your patchset may not be covered.

Website: ci.syzbot.org
Slides: lpc.events/event/19/con...
Video: www.youtube.com/watch?v=69Pj...
Slide showing some stats on syzbot reporting. It found 105 bugs in patchsets between August and early December. It fails to determine the base tree in 12.5% of cases.
December 23, 2025 at 4:32 PM
pchaigno.bsky.social
After accelerating pod networking with netkit devices, @cilium.io will tackle the challenge of KubeVirt pods. At #LinuxPlumbers, Daniel Borkmann et al. explained what it will look like and the required changes.

Recording: www.youtube.com/watch?v=_Qy4...
Slides: lpc.events/event/19/con...
Slide showing the future packet path for KubeVirt pods with netkit devices.
December 22, 2025 at 6:37 PM
pchaigno.bsky.social
Peilin Ye gave an easy-to-follow introduction to the new BPF_ATOMIC instructions for Load-Acquire and Store-Release in eBPF. Only at #LinuxPlumbers! ;)

Recording: www.youtube.com/watch?v=iF7J...
Slides: lpc.events/event/19/con...
Motivational slide showing a possible concurrency issue with a simple BPF example detected by herd7.
December 18, 2025 at 5:15 PM
pchaigno.bsky.social
Justin Ngai presented a BPF regex engine to be able to match file paths and command lines in the kernel. He explained how it works, its limitations, and some of the challenges involved. #LinuxPlumbers

Recording: youtu.be/n0xMU3XkXYM
Slides: lpc.events/event/19/con...
Slide showing the high-level idea with the different steps involved, from the regex string to the BPF maps and programs.
December 18, 2025 at 5:13 PM
pchaigno.bsky.social
Related to the previous #LinuxPlumbers talk, Raman Shukhau implemented and presented a small DNS server in eBPF!

Recording: www.youtube.com/watch?v=di2R...
Slides: lpc.events/event/19/con...
Slide listing the advantages and limitations of using this BPF-based DNS server to resolve external queries. It includes performance numbers showing it improves the throughput and latency.
December 17, 2025 at 6:11 PM
pchaigno.bsky.social
Cilium can enforce network policies based on FQDNs using a userspace proxy. At #LinuxPlumbers, @hemanthmalla.bsky.social proposed to move this to the kernel by implementing DNS parsing in #eBPF!

Recording: www.youtube.com/watch?v=ecQo...
Demo: youtu.be/0qmQ1bTBLHo
Slides: lpc.events/event/19/con...
Slide showing the overal architecture of parsing DNS over TCP for Cilium using eBPF.
December 17, 2025 at 5:32 PM
pchaigno.bsky.social
Work on the BPF Verifier Visualizer (bpfvv) is continuing! Ihor Solodrai and Jordan Rome presented the many new features at #LinuxPlumbers.

Recording: www.youtube.com/watch?v=-_P1...
Slides: lpc.events/event/19/con...
Screenshot of the bpfvv UI showing the C code, the corresponding BPF bytecode, and the current state of registers and stack slots.
December 16, 2025 at 2:01 PM
pchaigno.bsky.social
After a great recap of how uprobes work, Jiri Olsa presented recent optimizations and discussed how uprobes could overwrite userspace functions. As usual with Jiri, the slides are minimalist but effective #LinuxPlumbers

Recording: www.youtube.com/watch?v=sydT...
Slides: lpc.events/event/19/con...
Slide showing how the trampoline call improves on the basic uprobes hooking using the new uretprobe(2) syscall.
December 16, 2025 at 1:44 PM
pchaigno.bsky.social
At #LinuxPlumbers, @breakawaybilly.bsky.social presented what the eBPF Foundation is doing, where its funds are going, and asked the attendees what should be next.

Recording: www.youtube.com/live/ZLRngpd...
Slides: lpc.events/event/19/con...
Slide showing the $225k grant received by the eBPF Foundation from the Alpha-Omega project and what it will be used for. The slide mentions enabling KASAN, security reviews of the main JIT compilers, checking the verifier-to-JIT integrity, and an assessment of unprivileged surfaces.
December 15, 2025 at 12:01 PM
pchaigno.bsky.social
For the past month, with my colleague @mahe.bsky.social, we've been looking into the BPF verifier's state pruning. Tomorrow, we're giving an introduction to this verification optimization at Linux Plumbers: lpc.events/event/19/con...!
Screenshot of a slide of the presentation, showing the timeline of the main state pruning improvements in the verifier.
December 10, 2025 at 7:08 AM
pchaigno.bsky.social
The HotNets 2025 program and papers are available! Similar mix of topics as SIGCOMM, with lots of AI, some host networking, some LEO, some eBPF...
conferences.sigcomm.org/hotnets/2025...
HotNets 2025: Program
conferences.sigcomm.org
November 18, 2025 at 4:31 PM
pchaigno.bsky.social
The talks for the Networking track of Linux Plumbers 2025 are up! An XDP API redesign, rich packet metadata, XDP offload to AMD GPUs... There are a few #eBPF topics, but also many classic networking talks.
lpc.events/event/19/ses...
Linux Plumbers Conference 2025
The Linux Plumbers Conference (LPC) is a developer conference for the open source community. The LPC brings together the top developers working on the plumbing of Linux - kernel subsys...
lpc.events
October 27, 2025 at 4:01 PM
pchaigno.bsky.social
At GNU Tools Cauldron, Eduard Zingerman presented 4 examples of compiler optimizations that can break #eBPF verification in Linux. The discussion then focused on how to mitigate this in GCC, with a potential -fverifiable flag.

Video: www.youtube.com/watch?v=DgiE...
Article: lwn.net/Articles/103...
Slide presenting the first example in which a compiler optimization breaks eBPF verification.
October 24, 2025 at 3:06 PM
pchaigno.bsky.social
Agni is now able to formally verify core #eBPF verifier logic in ~10 minutes! And all LTS kernels are covered daily!
github.com/bpfverif/agn...
October 16, 2025 at 3:31 PM
pchaigno.bsky.social
At Kernel Recipes, Roman Gushchin presented his work on customizing the Linux out-of-memory handling with #eBPF. It allows you to control when the OOM killer is triggered and how to free memory (typically, what to kill).

Code: lore.kernel.org/bpf/20250818...
Video: www.youtube.com/watch?v=pgDI...
Slide showing a kernel stack trace when using BPF OOM to control what is killed. The blue part is the normal OOM killer being triggered. The green part is the BPF program being called. The yellow part shows the call to the new kfunc to kill a process. And finally, the orange text displays which BPF policy was used for the OOM.
October 15, 2025 at 3:01 PM
pchaigno.bsky.social
The list of talks accepted for the #eBPF track at Linux Plumbers 2025 has been published: lpc.events/event/19/ses...! See you in Tokyo!

(You may need to click on Contribution list to see the talks.)
The Linux Plumbers background picture with giant eBPF bees circling around the Tokyo and Roppongi Hills Mori towers.
October 8, 2025 at 3:31 PM
pchaigno.bsky.social
I've added 6 recent research papers on eBPF to my list, from SIGCOMM'25, SOSP'25, and IEEE S&P'25: pchaigno.github.io/bpf/2025/01/....
Screenshot of the top of the list, showing the interactive selectors and the 6 new papers.
October 6, 2025 at 3:01 PM
pchaigno.bsky.social
I've written a guide on how to test BPF verifier changes using Cilium's collection of #eBPF programs: pchaigno.github.io/ebpf/2025/09...
Test Verifier Changes on Cilium’s BPF Programs
This post describes how to use Cilium’s large BPF programs to test and evaluate your changes to the Linux BPF verifier or to any other aspect of the kernel.
pchaigno.github.io
September 23, 2025 at 3:41 PM
pchaigno.bsky.social
At the eBPF workshop, Panayiotis Gavriil introduced uXDP, a new XDP runtime that allows you to run unmodified XDP programs on top of DPDK or AF_XDP. uXDP was able to improve the performance of an unmodified Katran by 40%!

Slides: drive.google.com/file/d/1xrGE...
Paper: dl.acm.org/doi/pdf/10.1...
Slide showing uXDP's architecture with the BPF runtime, including maps, running in userspace on top of either DPDK or AF_XDP.
September 18, 2025 at 4:54 PM
pchaigno.bsky.social
Traditional profiling tools can introduce a lot of overhead when tracing XDP programs. At the eBPF workshop, Vladimiro Paschali presented a new tool that significantly reduces that overhead.

Slides: drive.google.com/file/d/1qsBS...
Paper: dl.acm.org/doi/pdf/10.1...
Code: github.com/VladimiroPas...
Slide showing how profiling tools like perf and bpftool severely impact the performance of the monitored XDP programs.
September 18, 2025 at 4:50 PM