Skip to main content


Document Type Approved BOF request
Title BPF/eBPF
Last updated 2023-02-16
State Approved
Editors Christoph Hellwig , Dave Thaler
Responsible leadership Erik Kline
Additional resources GitHub Repository
Community website
IETF mailing list
Linux kernel
Linux mailing list
Rust BPF
User-space verifier
eBPF Foundation
eBPF for Windows
eBPF in hardware
Send notices to (None)

Name: BPF/eBPF


eBPF (which is no longer an acronym for anything), also commonly referred to as BPF, is a revolutionary technology with origins in the Linux kernel that can run sandboxed programs in a privileged context such as the operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel without requiring changing kernel source code or load kernel modules.

(e)BPF is increasing being used beyond just the Linux kernel, with implementations in network interface cards, Windows, etc. As such, this effort aims to document and standardize existing (e)BPF use. The IETF should also define processes for future extensions since (e)BPF has constantly been added to over time.

Required Details

  • Status: WG Forming?
  • Responsible AD: Erik Kline
  • BOF proponents: Dave Thaler <>, Christoph Hellwig <>
  • BOF chairs: Suresh Krishnan, Lorenzo Colitti
  • Number of people expected to attend: 80
  • Length of session (1 or 2 hours): 2 hours
  • Conflicts (whole Areas and/or WGs)
  • Chair Conflicts: TBD
  • Technology Overlap: spring, intarea
  • Key Participant Conflict: teep, suit, rats, nfsv4, 6man, v6ops

Information for IAB/IESG

The proposed work is to document existing practice, not define new protocols or mechanisms per se.


  • Problem statement
  • Proposed scope of work
  • Instruction Set Architecture
  • (Time permitting) ELF file format
  • Next steps