eBPF was initially a technology designed for packet filtering but the current use case is vastly more general, and it is used to execute sandboxed programs in a privileged kernel context. This is immensely useful for the fields of networking, and security, as well as general tracing.
Extensibility
If a predefined hook does not exist for a particular event, it is possible to create a kernel probe (kprobe) or user probe (uprobe) to attach eBPF programs.
eBPF programs are compiled with a special C compiler and executed in a sandboxed virtual machine in the kernel.
eBPF programs are verified to be safe for execution.