#ebpf #linux #bytecode #api-bindings #instructions #symbol-name

bpf-api

Idomatic Rust bindings for eBPF programs, probes, and maps

8 releases

0.3.1 Jan 23, 2024
0.3.0 Nov 3, 2022
0.2.0 Oct 29, 2022
0.1.4 Oct 26, 2022

#210 in Operating systems

MIT license

52KB
1K SLoC

bpf-api

Build Status crates.io mio Lines of Code

Idomatic Rust bindings for eBPF programs, probes, and maps.

The motive behind this crate and sister crates: btf, btf-derive, bpf-ins, and bpf-script, aside from learning more about eBPF, was to be able to have a fully Rust eBPF solution. That is, the ability to easily write, compile, and attach BPF programs and use maps without any dependencies on bcc, libbpf or any other non-Rust BPF dependencies.

Usage

For usage examples, see code located in examples/ :

Examples Description
array A short example using a BPF array
print-programs A short example that attachs a probe to sched_process_exec and prints program executions
user-tracer Probes a given image path and symbol name using uprobes

TODO

  • Add ARM support.
  • Make probe attachment easier / write convenience macros.

License

Dependencies

~0.3–0.9MB
~20K SLoC