Several important updates are available in UEK 8 for the Berkeley Packet Filter (BPF), including:

• Introduction of a dedicated BPF memory allocator is added to improve the reliability of allocations made within BPF programs, which can run in a wide variety of contexts.

• Addition of a new user ring buffer BPF map type for asynchronous message passing and faster data transfer between a BPF program and user space.

• BPF programs can now call kernel functions from a loadable module, can access and store task_struct objects, and can use absolute time values.

• Friendlier helper functions, such as bpf_trace_vprintk, and also destructive helpers such as crash_kexec, are included.

• BPF programs can attach filter functions to kfuncs. The filter can limit the contexts from which the kfunc can be invoked.

• Resilient BPF Type Format (BTF) information for modules is included so that out-of-tree modules can define BTF that works for the lifetime of a UEK release.

• BPF trampoline is now available for aarch64 platforms to provide faster BPF tracing program execution using Fentry and Fexit programs.

• BPF hooks:

  • To see and filter complete packets.

  • To change the requested protocol for a new socket, primarily to transparently cause programs requesting TCP connections to use multipath TCP instead.