Need help with ebpf?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

cilium
2.2K Stars 232 Forks MIT License 899 Commits 29 Opened issues

Description

Pure-Go library to read, modify and load eBPF programs and attach them to various hooks in the Linux kernel.

Services available

!
?

Need anything else?

Contributors list

eBPF

PkgGoDev

HoneyGopher

eBPF is a pure Go library that provides utilities for loading, compiling, and debugging eBPF programs. It has minimal external dependencies and is intended to be used in long running processes.

The library is maintained by Cloudflare and Cilium.

See ebpf.io for other projects from the eBPF ecosystem.

Getting Started

A small collection of Go and eBPF programs that serve as examples for building your own tools can be found under examples/.

Contributions are highly encouraged, as they highlight certain use cases of eBPF and the library, and help shape the future of the project.

Getting Help

Please join the #ebpf-go channel on Slack if you have questions regarding the library.

Packages

This library includes the following packages:

  • asm contains a basic assembler, allowing you to write eBPF assembly instructions directly within your Go code. (You don't need to use this if you prefer to write your eBPF program in C.)
  • cmd/bpf2go allows compiling and embedding eBPF programs written in C within Go code. As well as compiling the C code, it auto-generates Go code for loading and manipulating the eBPF program and map objects.
  • link allows attaching eBPF to various hooks
  • perf allows reading from a
    PERF_EVENT_ARRAY
  • ringbuf allows reading from a
    BPF_MAP_TYPE_RINGBUF
    map
  • features implements the equivalent of
    bpftool feature probe
    for discovering BPF-related kernel features using native Go.
  • rlimit provides a convenient API to lift the
    RLIMIT_MEMLOCK
    constraint on kernels before 5.11.

Requirements

Regenerating Testdata

Run

make
in the root of this repository to rebuild testdata in all subpackages. This requires Docker, as it relies on a standardized build environment to keep the build output stable.

It is possible to regenerate data using Podman by overriding the

CONTAINER_*
variables:
CONTAINER_ENGINE=podman CONTAINER_RUN_ARGS= make
.

The toolchain image build files are kept in testdata/docker/.

License

MIT

eBPF Gopher

The eBPF honeygopher is based on the Go gopher designed by Renee French.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.