eBPF (Extended Berkeley Packet Filter) is a powerful technology that allows pro- grams to be executed directly in the Linux kernel within a sandbox, in a safe and isolated environment. This capability is crucial because it allows developers to extend kernel functionalities by dynamically inserting custom code, avoiding the lengthy pro- cess required to modify the kernel source code or to add new modules to it and then recompile. Unlike its predecessor BPF, eBPF programs offer great flexibility as they can be attached at many different points in the kernel, called hook points. This al- lows new high-performance networking, observability and security tools to be created.