Part of the GCC compiler suite code for compiling programs for the bytecode interpreter built into the Linux kernel . Thanks to the use of JIT compilation, bytecode is translated into machine instructions on the fly in the kernel and executed with the performance of native code. Patches with eBPF support to the branch from which the GCC 10 release is being developed.
In addition to the backend for generating bytecode, GCC includes a port of libgcc for eBPF and tools for generating ELF files, which make it possible to execute code in the eBPF virtual machine using the loaders provided by the kernel. Patches to support eBPF in GCC are prepared by engineers from Oracle, who have already eBPF support in GNU binutils. A simulator and patches for GDB are also in development, which will allow debugging eBPF programs without loading into the kernel.
eBPF programs can be defined in a subset of the C language, compiled, and loaded into the kernel. Before execution, the eBPF interpreter checks the bytecode for allowed instructions and imposes certain rules on the code (for example, no loops).
Initially, LLVM-based tools were used to compile eBPF on Linux. eBPF support in GCC is interesting because it allows you to use one toolkit to build the Linux kernel and eBPF programs without installing additional dependencies.
In the form of eBPF programs, you can create network operations handlers, filter traffic, manage bandwidth, monitor systems, intercept system calls, control access, calculate the frequency and time of operations, and perform tracing using kprobes/uprobes/tracepoints.
Source: opennet.ru