eBPF is a pure Go library that provides utilities for loading, compiling, and debugging eBPF programs. It has minimal external dependencies and is intended to be used in long running processes.
- asm contains a basic assembler
- link allows attaching eBPF to various hooks
- perf allows reading from a
PERF_EVENT_ARRAY - cmd/bpf2go allows compiling and embedding eBPF programs in Go code
The library is maintained by Cloudflare and Cilium. Feel free to join the #ebpf-go channel on Slack.
See ebpf.io for other projects from the eBPF ecosystem.
A small collection of Go and eBPF programs that serve as examples for building your own tools can be found under examples/.
Contributions are highly encouraged, as they highlight certain use cases of eBPF and the library, and help shape the future of the project.
- A version of Go that is supported by upstream
- Linux >= 4.9. CI is run against LTS releases.
Run make in the root of this repository to rebuild testdata in all
subpackages. This requires Docker, as it relies on a standardized build
environment to keep the build output stable.
The toolchain image build files are kept in testdata/docker/.
MIT