/libbpfgo-beginners

Basic eBPF examples in Golang using libbpfgo

Primary LanguageCApache License 2.0Apache-2.0

libbpfgo-beginners

Basic eBPF examples in Golang using libbpfgo.

Install Go

See the Go documentation

Install packages

sudo apt-get update
sudo apt-get install libbpf-dev make clang llvm libelf-dev

Building and running hello

make all
sudo ./hello

This builds two things:

  • dist/hello.bpf.o - an object file for the eBPF program
  • hello - a Go executable

The Go executable reads in the object file at runtime. Take a look at the .o file with readelf if you want to see the sections defined in it.

Docker

To avoid compatibility issues, you can use the Dockerfile provided in this repository.

Build it by your own:

docker build -t hello .

And the run it from the project directory to compile the program:

docker run --rm -v $(pwd)/:/app/:z hello

Notes

I'm using Ubuntu 20.10, kernel 5.8, go 1.15

This approach installs the libbpf-dev package. Another alternative (which is what Tracee does) is to install the libbpf source as a git submodule, build it from source and install it to the expected location (e.g. /usr/lib/x86_64-linux-gnu/libbpf.a on an Intel x86 processor).