インフラストラクチャ
eBPF Runtime
The Linux kernel contains the eBPF runtime required to run eBPF programs. It implements the bpf(2) system call for interacting with programs, maps, BTF and various attachment points where eBPF programs can be executed from. The kernel contains a eBPF verifier in order to check programs for safety and a JIT compiler to translate programs to native machine code. User space tooling such as bpftool and libbpf are also maintained as part of the upstream kernel.
eBPF Backend
The LLVM compiler infrastructure contains the eBPF backend required to translate programs written in a C-like syntax to eBPF instructions. LLVM generates eBPF ELF files which contain program code, map descriptions, relocation information and BTF meta data. These ELF files contain all necessary information for eBPF loaders such as libbpf to prepare and load programs into the Linux kernel. The LLVM project also contains additional developer tools such as an eBPF object file disassembler.
eBPF Backend
The GCC compiler comes with an eBPF backend starting from GCC 10. Up to that point, LLVM has been the only compiler which supports generating eBPF ELF files. The GCC port is roughly equivalent to the LLVM eBPF support. There are some missing bits of functionality but the GCC community is working to close these gaps over time. GCC also contains eBPF binutils as well as eBPF gdb support for debugging of eBPF code that is traditionally consumed by the Linux kernel. Included as part of this is an eBPF simulator for gdb.
Command-line tool to inspect and manage eBPF objects
Powered by libbpf, bpftool is the reference utility to quickly inspect and manage BPF objects on a Linux system. Use it to list, dump, or load eBPF programs and maps, to generate skeletons for eBPF applications, to statically link eBPF programs from different object files, or to perform various other eBPF-related tasks.
eBPF Runtime
The eBPF for Windows project is a work-in-progress that allows using existing eBPF toolchains and APIs familiar in the eBPF ecosystem to be used on top of Windows. That is, this project takes existing eBPF projects as submodules and adds the layer in between to make them run on top of Windows.
Userspace eBPF Runtime
An eBPF runtime that permits execution of eBPF programs in user mode, with support for an interpreter as well as JIT compilation of eBPF programs on x86-64 and ARM64 architectures. This project supports running on Windows, macOS, and Linux platforms.
eBPF in Hardware
An extended Berkley Packet Filter CPU implemented in hardware on FPGA. In contrast to classic HDL languages like Verilog or VHDL, Migen/LiteX (both based on Python) where used. Supports custom extensions to 'call' opcode and includes full test suite for each opcode for included emulator and simulator as well as for included hardware targets.
eBPF Verifier
A polynomial-time eBPF verifier supporting bounded loops based on abstract interpretation.
![Eunomia]()
Userspace eBPF Runtime
An userspace eBPF runtime that allows existing eBPF applications to operate in unprivileged userspace using the same libraries and toolchains. It offers Uprobe and Syscall tracepoints for eBPF, with significant performance improvements over kernel uprobe and without requiring manual code instrumentation or process restarts. The runtime facilitates interprocess eBPF maps in userspace shared memory, and is also compatible with kernel eBPF maps, allowing for seamless operation with the kernel's eBPF infrastructure. It includes a high-performance LLVM JIT for various architectures, alongside a lightweight JIT for x86 and an interpreter.
eBPF Conformance Testing Framework
A conformance testing framework for eBPF runtime implementations. It provides a set of tests that can be used to verify that an eBPF implementation is compliant with the eBPF specification.
C++
libbpf is a C/C++ based library which is maintained as part of the upstream Linux kernel. It contains an eBPF loader which takes over processing LLVM generated eBPF ELF files for loading into the kernel. libbpf received a major boost in capabilities and sophistication and closed many existing gaps with BCC as a library. It also supports important features not available in BCC such as global variables and BPF skeletons.
Golang
eBPF is designed as a pure Go library that provides utilities for loading, compiling, and debugging eBPF programs. It has minimal external dependencies and is intended to be used in long running processes.
libbpfgo is a Go wrapper around libbpf. It supports BPF CO-RE and its goal is to be a complete implementation of libbpf APIs. It uses CGo to call into linked versions of libbpf.
Rust
aya is an eBPF library built with a focus on operability and developer experience. It allows for both eBPF programs and their userspace programs to be written in Rust.
libbpf-rs is a safe, idiomatic, and opinionated wrapper API around libbpf written in Rust. libbpf-rs, together with libbpf-cargo (libbpf cargo plugin) allows to write 'compile once run everywhere' (CO-RE) eBPF programs.
Utilities for use with XDP
libxdp is an XDP-specific library that sits on top of libbpf and implements a couple of XDP features: it supports loading of multiple programs to run in sequence on the same interface, and it contains helper functions for configuring AF_XDP sockets as well as reading and writing packets from these sockets.
C++ library for capturing, parsing and crafting network packets
PcapPlusPlus is a multi-platform C++ library for capturing, parsing and crafting network packets. It is designed to be efficient, powerful and easy to use. PcapPlusPlus enables capturing and sending network packets through a variaty of packet processing engines, one of them is eBPF AF_XDP sockets. It features an easy-to-use C++ interface for creating AF_XDP sockets, making it easy to send and receive packets through them.
これらは eBPF Foundation 傘下のプロジェクトですか?
- このページは eBPF を基幹技術として利用している OSS を並べています。これらのプロジェクトはすべて eBPF Foundation 傘下のプロジェクトでありませんが、今日の eBPF プロジェクトの状況の調査としてリストアップされています。
あなたのプロジェクトを追加する
あなたはリストされているプロジェクトを管理していますか?
- もしもあなたがリストされているプロジェクトを管理していて、内容を更新したい場合、Slack で連絡するか、直接プルリクエストを提出してください。
プロジェクトがリストされる条件
プロジェクトはこのページ上で「主要」または「新規」として一覧に追加できます。「新規」として追加される条件は以下です。
- プロジェクトがオープンソースである。すべてのソースコードがオープンソースライセンスの元でライセンスされている。すべてのドキュメントもオープンライセンスの元でなければならない。
- プロジェクトは基幹技術として eBPF を利用していなければならない(言い換えると、eBPF の部分が削除された場合、そのプロジェクトが成り立たなくなる)。もしくは、本番環境での eBPF 導入の促進に役立っていなければならない。
- プロジェクトが積極的に管理されている。
- プロジェクトはコラボレーションのために開かれており、オープンソースのベストプラクティスに従ったガバナンスモデルがある。
「主要」プロジェクトとして追加されるためには上記の条件をすべて満たしており、かつ以下の条件も満たす必要がある。
- プロジェクトに50以上のコントリビューターが存在している
- プロジェクトが大勢の利用者がいる本番に相当する環境で利用されていなければならない。この情報はプロジェクトへのリンクから容易に取得できないので、そのような情報はプルリクエストに含められなければならない。