A Rust eBPF toolchain.
The RedBPF project is a collection of Rust libraries to work with eBPF programs. It includes:
redbpf-probes
- an idiomatic Rust API to write programs that can be
compiled to eBPF bytecode and executed by the linux in-kernel eBPF virtual
machine.
redbpf-macros
- companion crate to redbpf-probes
which provides
procedural macros to reduce the amount of boilerplate needed to produce eBPF
programs.
redbpf
- a user space library that can be used to parse and load eBPF
programs written using redbpf-probes
and redbpf-macros
.
cargo-bpf
- a cargo subcommand for creating, developing and building eBPF
programs in Rust using the RedBPF APIs.
The easiest way to get started is to install cargo-bpf
, see the
cargo bpf
documentation
for more info.
The
rust-tools
directory also contains examples of using redbpf in real life.
To see how and what RedBPF can be used for, check out the ingraind project.
In order to build some of the code here, you will need the following:
KERNEL_SOURCE
environment variable.It's easiest to get started by installing cargo-bpf
using cargo.
cargo install cargo-bpf
cargo bpf --help
If you would like to go the git way, clone this repository then make sure you sync the git submodules necessary to build redbpf:
git submodule sync
git submodule update --init
Then install the dependencies for your distro before running the usual ritual.
cargo install --path cargo-bpf
Install the following dependencies:
apt-get install -y curl \
wget \
gnupg2 \
software-properties-common \
build-essential \
clang-10 \
llvm-10 \
libelf-dev \
linux-headers-$(uname -r) \
zlib1g \
ca-certificates
yum install -y clang-10.0.0 \
llvm-10.0.0 \
llvm-libs-10.0.0 \
llvm-devel-10.0.0 \
llvm-static-10.0.0 \
kernel \
kernel-devel \
elfutils-libelf-devel \
ca-certificates
This repository contains code from other software in the following directories, licensed under their own particular licenses:
bpf-sys/libelf/*
: GPL2 + LGPL3 bpf-sys/bcc/*
: Apache2, public domaininclude/bpf_helpers.h
LGPL2 + BSD-2include/bpf_helper_defs.h
: LGPL2 + BSD-2bpf-sys/libbpf
: LGPL2 + BSD-2Where '+' means they are dual licensed.
RedBPF and its components, unless otherwise stated, are licensed under either of
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.