A infraestrutura
eBPF Runtime
The Linux kernel contains the eBPF runtime required to run eBPF programs. It implements the bpf(2) system call for interacting with programs, maps, BTF and various attachment points where eBPF programs can be executed from. The kernel contains a eBPF verifier in order to check programs for safety and a JIT compiler to translate programs to native machine code. User space tooling such as bpftool and libbpf are also maintained as part of the upstream kernel.
eBPF Backend
The LLVM compiler infrastructure contains the eBPF backend required to translate programs written in a C-like syntax to eBPF instructions. LLVM generates eBPF ELF files which contain program code, map descriptions, relocation information and BTF meta data. These ELF files contain all necessary information for eBPF loaders such as libbpf to prepare and load programs into the Linux kernel. The LLVM project also contains additional developer tools such as an eBPF object file disassembler.
eBPF Backend
The GCC compiler comes with an eBPF backend starting from GCC 10. Up to that point, LLVM has been the only compiler which supports generating eBPF ELF files. The GCC port is roughly equivalent to the LLVM eBPF support. There are some missing bits of functionality but the GCC community is working to close these gaps over time. GCC also contains eBPF binutils as well as eBPF gdb support for debugging of eBPF code that is traditionally consumed by the Linux kernel. Included as part of this is an eBPF simulator for gdb.
Command-line tool to inspect and manage eBPF objects
Powered by libbpf, bpftool is the reference utility to quickly inspect and manage BPF objects on a Linux system. Use it to list, dump, or load eBPF programs and maps, to generate skeletons for eBPF applications, to statically link eBPF programs from different object files, or to perform various other eBPF-related tasks.
eBPF Runtime
The eBPF for Windows project is a work-in-progress that allows using existing eBPF toolchains and APIs familiar in the eBPF ecosystem to be used on top of Windows. That is, this project takes existing eBPF projects as submodules and adds the layer in between to make them run on top of Windows.
Userspace eBPF Runtime
An eBPF runtime that permits execution of eBPF programs in user mode, with support for an interpreter as well as JIT compilation of eBPF programs on x86-64 and ARM64 architectures. This project supports running on Windows, macOS, and Linux platforms.
eBPF in Hardware
An extended Berkley Packet Filter CPU implemented in hardware on FPGA. In contrast to classic HDL languages like Verilog or VHDL, Migen/LiteX (both based on Python) where used. Supports custom extensions to 'call' opcode and includes full test suite for each opcode for included emulator and simulator as well as for included hardware targets.
eBPF Verifier
A polynomial-time eBPF verifier supporting bounded loops based on abstract interpretation.
![Eunomia]()
Userspace eBPF Runtime
An userspace eBPF runtime that allows existing eBPF applications to operate in unprivileged userspace using the same libraries and toolchains. It offers Uprobe and Syscall tracepoints for eBPF, with significant performance improvements over kernel uprobe and without requiring manual code instrumentation or process restarts. The runtime facilitates interprocess eBPF maps in userspace shared memory, and is also compatible with kernel eBPF maps, allowing for seamless operation with the kernel's eBPF infrastructure. It includes a high-performance LLVM JIT for various architectures, alongside a lightweight JIT for x86 and an interpreter.
eBPF Conformance Testing Framework
A conformance testing framework for eBPF runtime implementations. It provides a set of tests that can be used to verify that an eBPF implementation is compliant with the eBPF specification.
C++
libbpf is a C/C++ based library which is maintained as part of the upstream Linux kernel. It contains an eBPF loader which takes over processing LLVM generated eBPF ELF files for loading into the kernel. libbpf received a major boost in capabilities and sophistication and closed many existing gaps with BCC as a library. It also supports important features not available in BCC such as global variables and BPF skeletons.
Golang
eBPF is designed as a pure Go library that provides utilities for loading, compiling, and debugging eBPF programs. It has minimal external dependencies and is intended to be used in long running processes.
libbpfgo is a Go wrapper around libbpf. It supports BPF CO-RE and its goal is to be a complete implementation of libbpf APIs. It uses CGo to call into linked versions of libbpf.
Rust
aya is an eBPF library built with a focus on operability and developer experience. It allows for both eBPF programs and their userspace programs to be written in Rust.
libbpf-rs is a safe, idiomatic, and opinionated wrapper API around libbpf written in Rust. libbpf-rs, together with libbpf-cargo (libbpf cargo plugin) allows to write 'compile once run everywhere' (CO-RE) eBPF programs.
Utilities for use with XDP
libxdp is an XDP-specific library that sits on top of libbpf and implements a couple of XDP features: it supports loading of multiple programs to run in sequence on the same interface, and it contains helper functions for configuring AF_XDP sockets as well as reading and writing packets from these sockets.
C++ library for capturing, parsing and crafting network packets
PcapPlusPlus is a multi-platform C++ library for capturing, parsing and crafting network packets. It is designed to be efficient, powerful and easy to use. PcapPlusPlus enables capturing and sending network packets through a variaty of packet processing engines, one of them is eBPF AF_XDP sockets. It features an easy-to-use C++ interface for creating AF_XDP sockets, making it easy to send and receive packets through them.
Esses projetos são da Fundação eBPF?
- Esta página lista vários projetos de código aberto que usam eBPF como tecnologia central subjacente. Esses projetos não estão todos sob a Fundação eBPF, mas estão listados aqui como uma pesquisa do panorama dos projetos eBPF hoje.
Adicione seu projeto
- Certifique-se de que o projeto atenda aos requisitos a serem listados. Veja abaixo.
- Abra uma solicitação pull e forneça as informações necessárias. Use um dos projetos já listados como modelo. A ordenação dos aplicativos é baseada no número de estrelas do Github (maior para menor), atualizado trimestralmente.
- A solicitação pull será revisada pela comunidade e mesclada por um dos mantenedores. Se você tiver alguma dúvida, fique à vontade para perguntar no Slack.
Você está mantendo um projeto listado?
- Se você mantém um dos projetos listados e gostaria de ajustar o conteúdo. Entre em contacto no Slack ou abra uma solicitação pull diretamente.
Requisitos para um projeto ser listado
Os projetos podem ser listados nesta página como "Principais" ou "Emergentes". Os requisitos para ser listado como "Emergente" são:
- O projeto deve ser de código aberto. Todo o código-fonte deve ser licenciado sob uma licença de código aberto. Qualquer documentação deve ser licenciada sob uma licença aberta.
- O projeto deve usar o eBPF como tecnologia central subjacente (em outras palavras, um projeto perderia o seu propósito se as partes do eBPF fossem removidas) ou ajudar a acelerar a adoção do eBPF na produção.
- O projeto deve ser mantido ativamente.
- O projeto deve estar aberto à colaboração e ter um modelo de governança seguindo as melhores práticas de código aberto.
Para ser listado como um projeto “Grande”, um projeto deve atender a todos os requisitos acima, mais:
- O projeto deve ter mais de 50 colaboradores.
- O projeto deve ser utilizado em ambientes de produção com uma quantidade significativa de usuários. Como essas informações podem não ser facilmente descobertas a partir de um link para o projeto, tais informações devem ser incluídas na descrição da solicitação pull.