eBPF is a pure Go library that provides utilities for loading, compiling, and debugging eBPF programs. It has minimal external dependencies and is intended to be used in long running processes.
- asm contains a basic assembler
- link allows attaching eBPF to various hooks
- perf allows reading from a
- cmd/bpf2go allows compiling and embedding eBPF programs in Go code
The package is production ready, but the API is explicitly unstable right now. Expect to update your code if you want to follow along.
A small collection of Go and eBPF programs that serve as examples for building your own tools can be found under examples/.
Contributions are highly encouraged, as they highlight certain use cases of eBPF and the library, and help shape the future of the project.
- A version of Go that is supported by upstream
- Linux 4.9, 4.19 or 5.4 (versions in-between should work, but are not tested)
- eBPF.io (recommended)
- Cilium eBPF documentation (recommended)
- Linux documentation on BPF
- eBPF features by Linux version
make in the root of this repository to rebuild testdata in all subpackages. This requires Docker, as it relies on a standardized build environment to keep the build output stable.
The toolchain image build files are kept in testdata/docker/.