基礎設施
eBPF Runtime
The Linux kernel contains the eBPF runtime required to run eBPF programs. It implements the bpf(2) system call for interacting with programs, maps, BTF and various attachment points where eBPF programs can be executed from. The kernel contains a eBPF verifier in order to check programs for safety and a JIT compiler to translate programs to native machine code. User space tooling such as bpftool and libbpf are also maintained as part of the upstream kernel.
eBPF Backend
The LLVM compiler infrastructure contains the eBPF backend required to translate programs written in a C-like syntax to eBPF instructions. LLVM generates eBPF ELF files which contain program code, map descriptions, relocation information and BTF meta data. These ELF files contain all necessary information for eBPF loaders such as libbpf to prepare and load programs into the Linux kernel. The LLVM project also contains additional developer tools such as an eBPF object file disassembler.
eBPF Backend
The GCC compiler comes with an eBPF backend starting from GCC 10. Up to that point, LLVM has been the only compiler which supports generating eBPF ELF files. The GCC port is roughly equivalent to the LLVM eBPF support. There are some missing bits of functionality but the GCC community is working to close these gaps over time. GCC also contains eBPF binutils as well as eBPF gdb support for debugging of eBPF code that is traditionally consumed by the Linux kernel. Included as part of this is an eBPF simulator for gdb.
Command-line tool to inspect and manage eBPF objects
Powered by libbpf, bpftool is the reference utility to quickly inspect and manage BPF objects on a Linux system. Use it to list, dump, or load eBPF programs and maps, to generate skeletons for eBPF applications, to statically link eBPF programs from different object files, or to perform various other eBPF-related tasks.
eBPF Runtime
The eBPF for Windows project is a work-in-progress that allows using existing eBPF toolchains and APIs familiar in the eBPF ecosystem to be used on top of Windows. That is, this project takes existing eBPF projects as submodules and adds the layer in between to make them run on top of Windows.
Userspace eBPF Runtime
An eBPF runtime that permits execution of eBPF programs in user mode, with support for an interpreter as well as JIT compilation of eBPF programs on x86-64 and ARM64 architectures. This project supports running on Windows, macOS, and Linux platforms.
eBPF in Hardware
An extended Berkley Packet Filter CPU implemented in hardware on FPGA. In contrast to classic HDL languages like Verilog or VHDL, Migen/LiteX (both based on Python) where used. Supports custom extensions to 'call' opcode and includes full test suite for each opcode for included emulator and simulator as well as for included hardware targets.
eBPF Verifier
A polynomial-time eBPF verifier supporting bounded loops based on abstract interpretation.
![Eunomia]()
Userspace eBPF Runtime
An userspace eBPF runtime that allows existing eBPF applications to operate in unprivileged userspace using the same libraries and toolchains. It offers Uprobe and Syscall tracepoints for eBPF, with significant performance improvements over kernel uprobe and without requiring manual code instrumentation or process restarts. The runtime facilitates interprocess eBPF maps in userspace shared memory, and is also compatible with kernel eBPF maps, allowing for seamless operation with the kernel's eBPF infrastructure. It includes a high-performance LLVM JIT for various architectures, alongside a lightweight JIT for x86 and an interpreter.
eBPF Conformance Testing Framework
A conformance testing framework for eBPF runtime implementations. It provides a set of tests that can be used to verify that an eBPF implementation is compliant with the eBPF specification.
C++
libbpf is a C/C++ based library which is maintained as part of the upstream Linux kernel. It contains an eBPF loader which takes over processing LLVM generated eBPF ELF files for loading into the kernel. libbpf received a major boost in capabilities and sophistication and closed many existing gaps with BCC as a library. It also supports important features not available in BCC such as global variables and BPF skeletons.
Golang
eBPF is designed as a pure Go library that provides utilities for loading, compiling, and debugging eBPF programs. It has minimal external dependencies and is intended to be used in long running processes.
libbpfgo is a Go wrapper around libbpf. It supports BPF CO-RE and its goal is to be a complete implementation of libbpf APIs. It uses CGo to call into linked versions of libbpf.
Rust
aya is an eBPF library built with a focus on operability and developer experience. It allows for both eBPF programs and their userspace programs to be written in Rust.
libbpf-rs is a safe, idiomatic, and opinionated wrapper API around libbpf written in Rust. libbpf-rs, together with libbpf-cargo (libbpf cargo plugin) allows to write 'compile once run everywhere' (CO-RE) eBPF programs.
Utilities for use with XDP
libxdp is an XDP-specific library that sits on top of libbpf and implements a couple of XDP features: it supports loading of multiple programs to run in sequence on the same interface, and it contains helper functions for configuring AF_XDP sockets as well as reading and writing packets from these sockets.
C++ library for capturing, parsing and crafting network packets
PcapPlusPlus is a multi-platform C++ library for capturing, parsing and crafting network packets. It is designed to be efficient, powerful and easy to use. PcapPlusPlus enables capturing and sending network packets through a variaty of packet processing engines, one of them is eBPF AF_XDP sockets. It features an easy-to-use C++ interface for creating AF_XDP sockets, making it easy to send and receive packets through them.
這些項目是否�屬於 eBPF 基金會?
- 本頁列出了一些使用 eBPF 作為底層核心技術的開源項目。 這些項目並非全部屬於 eBPF 基金會,但在此列出以展示當前eBPF項目概況。
添加你的項目
- 確保項目符合列出的要求。 見下文。
- 提交 Pull Request t並提供所需的資訊。 使用一個已列出的項目作為範本。 應用程式的排序基於 Github 星數(從高到低),每季更新一次。
- Pull request將由社群審核並由一位維護者合併。 如果您有任何疑問,請隨時在 Slack 上提問。
您是否在維護一個已列出的項目?
- 如果您正在維護列出的項目之一,並希望調整內容。 在 Slack 上取得聯繫或直接提交一個 Pull Request。
被列出項目的要求
項目可以在此頁面上以「主要」或「新興」的形式列出。 被列為"新興」的要求是:
- 該項目必須是開源的。 所有原始碼必須根據開源許可證獲得許可。 任何文件都必須在開放許可協議下授權。
- 該項目必須使用 eBPF 作為其底層核心技術(換句話說,如果去掉 eBPF 部分,项目將失去其目的)或有助於加速在生產中採用eBPF 。
- 該項目必須積極維護。
- 該項目必須對協作開放,並具有遵循開源最佳實踐的治理模式。
- 該項目必須有超過 50 名貢獻者。
- 該項目必須在生產級別環境中有大量使用者。 由於此資訊可能不容易從項目連結中發現,因此此類資訊應包含在pull request描述中。
要被列為「主要」項目,該項目必須滿足上述所有要求,並且: