eBPF DocumentaryWatch Now


  • Linux Kernel

    eBPF Runtime

    The Linux kernel contains the eBPF runtime required to run eBPF programs. It implements the bpf(2) system call for interacting with programs, maps, BTF and various attachment points where eBPF programs can be executed from. The kernel contains a eBPF verifier in order to check programs for safety and a JIT compiler to translate programs to native machine code. User space tooling such as bpftool and libbpf are also maintained as part of the upstream kernel.

  • LLVM Compiler

    eBPF Backend

    The LLVM compiler infrastructure contains the eBPF backend required to translate programs written in a C-like syntax to eBPF instructions. LLVM generates eBPF ELF files which contain program code, map descriptions, relocation information and BTF meta data. These ELF files contain all necessary information for eBPF loaders such as libbpf to prepare and load programs into the Linux kernel. The LLVM project also contains additional developer tools such as an eBPF object file disassembler.

  • GCC Compiler

    eBPF Backend

    The GCC compiler comes with an eBPF backend starting from GCC 10. Up to that point, LLVM has been the only compiler which supports generating eBPF ELF files. The GCC port is roughly equivalent to the LLVM eBPF support. There are some missing bits of functionality but the GCC community is working to close these gaps over time. GCC also contains eBPF binutils as well as eBPF gdb support for debugging of eBPF code that is traditionally consumed by the Linux kernel. Included as part of this is an eBPF simulator for gdb.

  • bpftool

    Command-line tool to inspect and manage eBPF objects

    Powered by libbpf, bpftool is the reference utility to quickly inspect and manage BPF objects on a Linux system. Use it to list, dump, or load eBPF programs and maps, to generate skeletons for eBPF applications, to statically link eBPF programs from different object files, or to perform various other eBPF-related tasks.

  • C++

    • libbpf

      libbpf is a C/C++ based library which is maintained as part of the upstream Linux kernel. It contains an eBPF loader which takes over processing LLVM generated eBPF ELF files for loading into the kernel. libbpf received a major boost in capabilities and sophistication and closed many existing gaps with BCC as a library. It also supports important features not available in BCC such as global variables and BPF skeletons.

  • Golang

    • eBPF

      eBPF is designed as a pure Go library that provides utilities for loading, compiling, and debugging eBPF programs. It has minimal external dependencies and is intended to be used in long running processes.

    • libbpfgo

      libbpfgo is a Go wrapper around libbpf. It supports BPF CO-RE and its goal is to be a complete implementation of libbpf APIs. It uses CGo to call into linked versions of libbpf.

  • Rust

    • aya

      aya is an eBPF library built with a focus on operability and developer experience. It allows for both eBPF programs and their userspace programs to be written in Rust.

    • libbpf-rs is a safe, idiomatic, and opinionated wrapper API around libbpf written in Rust. libbpf-rs, together with libbpf-cargo (libbpf cargo plugin) allows to write 'compile once run everywhere' (CO-RE) eBPF programs.

  • Utilities for use with XDP

    libxdp is an XDP-specific library that sits on top of libbpf and implements a couple of XDP features: it supports loading of multiple programs to run in sequence on the same interface, and it contains helper functions for configuring AF_XDP sockets as well as reading and writing packets from these sockets.

  • PcapPlusPlus

    C++ library for capturing, parsing and crafting network packets

    PcapPlusPlus is a multi-platform C++ library for capturing, parsing and crafting network packets. It is designed to be efficient, powerful and easy to use. PcapPlusPlus enables capturing and sending network packets through a variaty of packet processing engines, one of them is eBPF AF_XDP sockets. It features an easy-to-use C++ interface for creating AF_XDP sockets, making it easy to send and receive packets through them.

  • 這些項目是否屬於 eBPF 基金會?

    • 本頁列出了一些使用 eBPF 作為底層核心技術的開源項目。 這些項目並非全部屬於 eBPF 基金會,但在此列出以展示當前eBPF項目概況。
  • 添加你的項目

    1. 確保項目符合列出的要求。 見下文。
    2. 提交 Pull Request t並提供所需的資訊。 使用一個已列出的項目作為範本。 應用程式的排序基於 Github 星數(從高到低),每季更新一次。
    3. Pull request將由社群審核並由一位維護者合併。 如果您有任何疑問,請隨時在 Slack 上提問。
  • 您是否在維護一個已列出的項目?

    • 如果您正在維護列出的項目之一,並希望調整內容。 在 Slack 上取得聯繫或直接提交一個 Pull Request。
  • 被列出項目的要求

    項目可以在此頁面上以「主要」或「新興」的形式列出。 被列為"新興」的要求是:

    • 該項目必須是開源的。 所有原始碼必須根據開源許可證獲得許可。 任何文件都必須在開放許可協議下授權。
    • 該項目必須使用 eBPF 作為其底層核心技術(換句話說,如果去掉 eBPF 部分,项目將失去其目的)或有助於加速在生產中採用eBPF 。
    • 該項目必須積極維護。
    • 該項目必須對協作開放,並具有遵循開源最佳實踐的治理模式。
      • 要被列為「主要」項目,該項目必須滿足上述所有要求,並且:

        • 該項目必須有超過 50 名貢獻者。
        • 該項目必須在生產級別環境中有大量使用者。 由於此資訊可能不容易從項目連結中發現,因此此類資訊應包含在pull request描述中。