인프라
eBPF Runtime
The Linux kernel contains the eBPF runtime required to run eBPF programs. It implements the bpf(2) system call for interacting with programs, maps, BTF and various attachment points where eBPF programs can be executed from. The kernel contains a eBPF verifier in order to check programs for safety and a JIT compiler to translate programs to native machine code. User space tooling such as bpftool and libbpf are also maintained as part of the upstream kernel.
eBPF Backend
The LLVM compiler infrastructure contains the eBPF backend required to translate programs written in a C-like syntax to eBPF instructions. LLVM generates eBPF ELF files which contain program code, map descriptions, relocation information and BTF meta data. These ELF files contain all necessary information for eBPF loaders such as libbpf to prepare and load programs into the Linux kernel. The LLVM project also contains additional developer tools such as an eBPF object file disassembler.
eBPF Backend
The GCC compiler comes with an eBPF backend starting from GCC 10. Up to that point, LLVM has been the only compiler which supports generating eBPF ELF files. The GCC port is roughly equivalent to the LLVM eBPF support. There are some missing bits of functionality but the GCC community is working to close these gaps over time. GCC also contains eBPF binutils as well as eBPF gdb support for debugging of eBPF code that is traditionally consumed by the Linux kernel. Included as part of this is an eBPF simulator for gdb.
Command-line tool to inspect and manage eBPF objects
Powered by libbpf, bpftool is the reference utility to quickly inspect and manage BPF objects on a Linux system. Use it to list, dump, or load eBPF programs and maps, to generate skeletons for eBPF applications, to statically link eBPF programs from different object files, or to perform various other eBPF-related tasks.
eBPF Runtime
The eBPF for Windows project is a work-in-progress that allows using existing eBPF toolchains and APIs familiar in the eBPF ecosystem to be used on top of Windows. That is, this project takes existing eBPF projects as submodules and adds the layer in between to make them run on top of Windows.
Userspace eBPF Runtime
An eBPF runtime that permits execution of eBPF programs in user mode, with support for an interpreter as well as JIT compilation of eBPF programs on x86-64 and ARM64 architectures. This project supports running on Windows, macOS, and Linux platforms.
eBPF in Hardware
An extended Berkley Packet Filter CPU implemented in hardware on FPGA. In contrast to classic HDL languages like Verilog or VHDL, Migen/LiteX (both based on Python) where used. Supports custom extensions to 'call' opcode and includes full test suite for each opcode for included emulator and simulator as well as for included hardware targets.
eBPF Verifier
A polynomial-time eBPF verifier supporting bounded loops based on abstract interpretation.
Userspace eBPF Runtime
An userspace eBPF runtime that allows existing eBPF applications to operate in unprivileged userspace using the same libraries and toolchains. It offers Uprobe and Syscall tracepoints for eBPF, with significant performance improvements over kernel uprobe and without requiring manual code instrumentation or process restarts. The runtime facilitates interprocess eBPF maps in userspace shared memory, and is also compatible with kernel eBPF maps, allowing for seamless operation with the kernel's eBPF infrastructure. It includes a high-performance LLVM JIT for various architectures, alongside a lightweight JIT for x86 and an interpreter.
eBPF Conformance Testing Framework
A conformance testing framework for eBPF runtime implementations. It provides a set of tests that can be used to verify that an eBPF implementation is compliant with the eBPF specification.
C++
libbpf is a C/C++ based library which is maintained as part of the upstream Linux kernel. It contains an eBPF loader which takes over processing LLVM generated eBPF ELF files for loading into the kernel. libbpf received a major boost in capabilities and sophistication and closed many existing gaps with BCC as a library. It also supports important features not available in BCC such as global variables and BPF skeletons.
Golang
eBPF is designed as a pure Go library that provides utilities for loading, compiling, and debugging eBPF programs. It has minimal external dependencies and is intended to be used in long running processes.
libbpfgo is a Go wrapper around libbpf. It supports BPF CO-RE and its goal is to be a complete implementation of libbpf APIs. It uses CGo to call into linked versions of libbpf.
Rust
aya is an eBPF library built with a focus on operability and developer experience. It allows for both eBPF programs and their userspace programs to be written in Rust.
libbpf-rs is a safe, idiomatic, and opinionated wrapper API around libbpf written in Rust. libbpf-rs, together with libbpf-cargo (libbpf cargo plugin) allows to write 'compile once run everywhere' (CO-RE) eBPF programs.
Utilities for use with XDP
libxdp is an XDP-specific library that sits on top of libbpf and implements a couple of XDP features: it supports loading of multiple programs to run in sequence on the same interface, and it contains helper functions for configuring AF_XDP sockets as well as reading and writing packets from these sockets.
C++ library for capturing, parsing and crafting network packets
PcapPlusPlus is a multi-platform C++ library for capturing, parsing and crafting network packets. It is designed to be efficient, powerful and easy to use. PcapPlusPlus enables capturing and sending network packets through a variaty of packet processing engines, one of them is eBPF AF_XDP sockets. It features an easy-to-use C++ interface for creating AF_XDP sockets, making it easy to send and receive packets through them.
이러한 프로젝트들은 eBPF Foundation 소속인가요?
- 이 페이지는 eBPF를 코어 기술로 사용하는 오픈 소스 프로젝트를 나열하고 있습니다. 이러한 프로젝트들이 모두 eBPF 재단 에서 관리하는 프로젝트는 아니지만, eBPF 프로젝트 큰그림에 대한 조사의 일부로 나열되어있습니다.
여러분의 프로젝트를 추가하세요
- 해당 프로젝트가 후술되는 요구사항을 만족하는지에 대해 확인해주세요, 다음의 내용을 확인해주세요.
- Pull request 를 열어주시고 필수 정보를 제공해주세요. 나열된 프로젝트를 예시로 삼아서 사용해주세요. 후술되는 애플리케이션의 순서는 GitHub의 스타 (높은순)으로 나열되어있으며, 이는 매 분기마다 업데이트됩니다.
- Pull request는 커뮤니티에서 검토를 진행하며, eBPF 프로젝트 관리자에 의해서 merge 될 것입니다. 만일 질문이 있으시다면, Slack 에 자유롭게 질문해주세요.
나열된 프로젝트를 관리하고 계신가요?
- 만일 나열된 프로젝트 중 하나를 관리하고 계시고, 내용을 수정하고 싶으시다면 Slack 을 통해 연락하시거나, pull request를 직접적으로 열어주세요.
프로젝트가 목록에 등재되기 위한 요구사항들
프로젝트들은 현 페이지에서 "Major" 또는 "Emerging" 상태로 등재될 수 있습니다. "Emerging" 으로 등재되기 위해서는 다음의 요구사항을 만족해야합니다:
- 해당 프로젝트는 오픈소스여야 합니다. 모든 오픈소스 코드는 오픈소스 라이센스에 의해 라이센싱 되어야합니다. 모든 공식 문서 또한 공개 라이센스에 의해 라이센싱 되어야합니다.
- 해당 프로젝트는 반드시 eBPF를 해당 프로젝트의 근간이 되는 주요 기술로 사용해야하거나 (즉, 만일 eBPF가 사용되는 부분이 없어진다면, 해당 프로젝트의 목적이 없어집니다) eBPF를 프로덕션 환경에서 사용하는 것에
- 도움을 주어야 합니다.
- 해당 프로젝트는 반드시 협력을 할 수 있는 구조여야 하며 좋은 오픈소스 관행(best-practices)들을 따르는 관리 모델을 채택해야합니다.
"Major" 프로젝트로 등재되기 위해서는, 해당 프로젝트는 상술된 모든 요구사항을 만족해야하며, 추가적으로 다음의 사항을 만족해야합니다:
- T해당 프로젝트는 50명 이상의 기여자가 있어야 합니다.
- 해당 프로젝트는 반드시 수많은 유저를 가진 프로덕션과 같은 환경에서 사용하고 있어야 합니다. 이러한 정보는 프로젝트의 링크만을 통해서 확인하기는 어려운 정보이기에, 해당 정보는 pull request 설명에 포함되어야합니다.