Don't miss the submission deadline on June 19th!

We published the Program Committee for the eBPF'26 workshop at SOSP! It highlights the diverse eBPF research community, with experts from networking, formal verification, OS research, security, and more, across both academia and industry. ebpf.github.io/2026

Btw, did you try the software implementation of tc-flower in place of eBPF? Or maybe it just doesn't support the sw-until-hw-is-ready mode that you need?

Ok, I need to think how I can clarify my rule so it makes sense and stays consistent across papers. It's always been the tricky part. Based on that I can add the paper or not, but it sounds like it should be in.

I considered it, but wasn't sure it was a "key part of solving the research problem" as tc-flower can do the job. Happy to reconsider if that doesn't make sense!

eBPF Research Papers Interactive list of eBPF research papers from top conferences according to CSRankings. The list can be filtered according to types of publications (ex., improving, using) and areas (ex., networking, v...

I've updated the list of academic #eBPF papers with recent papers from SOSP'25, S&P'25, and CCS'25: pchaigno.github.io/bpf/2025/01/.... That makes 19 eBPF papers published in the top conferences in 2025 vs. 17 in 2024.

Screenshot of the workshops page on the SOSP'26 website, showing the 11 accepted workshops, including HotStorage'26, eBPF'26, and PLOS'26.

SOSP'26 published the list of accepted workshops for this year: sigops.org/s/conference...! Looks like the #eBPF workshop is in good company, in between HotStorage and PLOS 😄

Photo of Prague with the castle on the hill, taken by Wikimedia user Tilman2007 and licensed under CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0). Three eBPF bees are added on top, flying over the castle.

The call for papers for the eBPF'26 workshop is open: ebpf.github.io/2026/cfp.html. This year, the workshop will be hosted by the SOSP conference, the top academic conference in OS research! The deadline for submissions is June 19th, in just over 4 months.

As we publish more articles, I'll extend the timeline with new "Read more" links to them.

Screenshot of the top of the timeline, showing the first five commits. The timeline has release numbers, years, links to the commits and explanations. Some commits include a "Read more" link to a dedicated blog post.

Following our talk at Plumbers, we're starting a series of articles with Mahé Tardy on the state pruning optimization in the #eBPF verifier. I'm kicking off this series with a timeline of the main changes: pchaigno.github.io/ebpf/2026/01....

Figure from Mahé's blog post showing where pruning points are placed in case of jumps. The pruning points are the instructions with bold borders. They are typically placed on the target instruction for unconditional jumps as well as on the jump itself for conditional jumps.

My colleague Mahé Tardy wrote a blog post covering state pruning points in the #eBPF verifier: mtardy.com/posts/prune-....

State pruning is an optimization to the eBPF verifier to help it scale to larger programs. Pruning points are instructions in the program where this optimization is triggered.

In his latest blog, @vincent.bernat.ch looked at how to load balance uneven traffic flows across multiple workers all listening on the same port: vincent.bernat.ch/en/blog/2026.... And of course, eBPF can help here! As usual, very easy to follow along and with code walkthroughs.

Screenshot of the top of the website, showing the first 6 exercises (out of 12).

There's a new eBPF sandbox by David Ventura to learn BPF development with exercises and detailed explanations: ebpf.party. Looks great for a first quick introduction!

Screenshot of the top of the blog post.

I updated my blog post on the @sigcomm.bsky.social #eBPF workshop with slides for most presentations over the past three years! pchaigno.github.io/ebpf/2025/09...

This was possible thanks to Sebastiano Miano who kept archives from the workshops over the years 🙏

Yes, on supporte IPv6-only. Et même en tunneling mode depuis v1.18. Et c'est couvert dans le CI bien sûr.

Slide showing some stats on syzbot reporting. It found 105 bugs in patchsets between August and early December. It fails to determine the base tree in 12.5% of cases.

Syzkaller has been fuzzing Linux patchsets since August! It already caught more than 100 bugs before they were merged. At #LinuxPlumbers, Aleksandr Nogikh explained why your patchset may not be covered.

Website: ci.syzbot.org
Slides: lpc.events/event/19/con...
Video: www.youtube.com/watch?v=69Pj...

Slide showing the future packet path for KubeVirt pods with netkit devices.

After accelerating pod networking with netkit devices, @cilium.io will tackle the challenge of KubeVirt pods. At #LinuxPlumbers, Daniel Borkmann et al. explained what it will look like and the required changes.

Recording: www.youtube.com/watch?v=_Qy4...
Slides: lpc.events/event/19/con...

I guess we might be less constrained in userspace, but for me the main advantage would be that we could reuse existing tooling (ex., libfuzzer).

If we use hardware isolation, then there's a strong cost to any crossing. Even runtime checks as done initially in BPF (before direct packet access) have too high a cost for some use cases. Static analysis meets these requirements.

We need some form of memory isolation between the extensions and the kernel and we need some specific data (the ctx) to be able to cross (very often) that boundary.

Motivational slide showing a possible concurrency issue with a simple BPF example detected by herd7.

Peilin Ye gave an easy-to-follow introduction to the new BPF_ATOMIC instructions for Load-Acquire and Store-Release in eBPF. Only at #LinuxPlumbers! ;)

Recording: www.youtube.com/watch?v=iF7J...
Slides: lpc.events/event/19/con...

Slide showing the high-level idea with the different steps involved, from the regex string to the BPF maps and programs.

Justin Ngai presented a BPF regex engine to be able to match file paths and command lines in the kernel. He explained how it works, its limitations, and some of the challenges involved. #LinuxPlumbers

Recording: youtu.be/n0xMU3XkXYM
Slides: lpc.events/event/19/con...

Slide listing the advantages and limitations of using this BPF-based DNS server to resolve external queries. It includes performance numbers showing it improves the throughput and latency.

Related to the previous #LinuxPlumbers talk, Raman Shukhau implemented and presented a small DNS server in eBPF!

Recording: www.youtube.com/watch?v=di2R...
Slides: lpc.events/event/19/con...

Slide showing the overal architecture of parsing DNS over TCP for Cilium using eBPF.

Cilium can enforce network policies based on FQDNs using a userspace proxy. At #LinuxPlumbers, @hemanthmalla.bsky.social proposed to move this to the kernel by implementing DNS parsing in #eBPF!

Recording: www.youtube.com/watch?v=ecQo...
Demo: youtu.be/0qmQ1bTBLHo
Slides: lpc.events/event/19/con...

Screenshot of the bpfvv UI showing the C code, the corresponding BPF bytecode, and the current state of registers and stack slots.

Work on the BPF Verifier Visualizer (bpfvv) is continuing! Ihor Solodrai and Jordan Rome presented the many new features at #LinuxPlumbers.

Recording: www.youtube.com/watch?v=-_P1...
Slides: lpc.events/event/19/con...

Slide showing how the trampoline call improves on the basic uprobes hooking using the new uretprobe(2) syscall.

After a great recap of how uprobes work, Jiri Olsa presented recent optimizations and discussed how uprobes could overwrite userspace functions. As usual with Jiri, the slides are minimalist but effective #LinuxPlumbers

Recording: www.youtube.com/watch?v=sydT...
Slides: lpc.events/event/19/con...

Slide showing the $225k grant received by the eBPF Foundation from the Alpha-Omega project and what it will be used for. The slide mentions enabling KASAN, security reviews of the main JIT compilers, checking the verifier-to-JIT integrity, and an assessment of unprivileged surfaces.

At #LinuxPlumbers, @breakawaybilly.bsky.social presented what the eBPF Foundation is doing, where its funds are going, and asked the attendees what should be next.

Recording: www.youtube.com/live/ZLRngpd...
Slides: lpc.events/event/19/con...

It still very much means OS kernel at Linux Plumbers 😁

Screenshot of a slide of the presentation, showing the timeline of the main state pruning improvements in the verifier.

For the past month, with my colleague @mahe.bsky.social, we've been looking into the BPF verifier's state pruning. Tomorrow, we're giving an introduction to this verification optimization at Linux Plumbers: lpc.events/event/19/con...!

The HotNets 2025 program and papers are available! Similar mix of topics as SIGCOMM, with lots of AI, some host networking, some LEO, some eBPF...
conferences.sigcomm.org/hotnets/2025...