• Stars
    star
    518
  • Rank 85,414 (Top 2 %)
  • Language
    C
  • License
    Apache License 2.0
  • Created over 2 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Learning eBPF, published by O'Reilly - out now! Here's where you'll find a VM config for the examples, and more

Learning eBPF

This repo accompanies my new book Learning eBPF (published by O'Reilly).

Learning eBPF cover features an image of an Early
Bumblebee

Buy your copy of the book from Bookshop.org or Amazon, view it on the O'Reilly platform, or download a copy from Isovalent.

Running the example code

The repo includes the example eBPF programs discussed in the book.

I've also provided a Lima config file with the packages you need for building the code pre-installed.

If you have a Linux machine or VM to hand, feel free to use that instead of Lima, using the learning-ebpf.yaml file as a guide for the packages you'll need to install. The minimum kernel version required varies from chapter to chapter. All these examples have been tested on an Ubuntu 22.04 distribution using a 5.15 kernel.

Install this repo

git clone --recurse-submodules https://github.com/lizrice/learning-ebpf
cd learning-ebpf

Lima VM

limactl start learning-ebpf.yaml
limactl shell learning-ebpf

# You'll need to be root for most of the examples
sudo -s

Building libbpf and installing header files

Libbpf is included as a submodule in this repo. You'll need to build and install it for the C-based examples to build correctly. (See libbpf/README.md for more details.)

cd libbpf/src
make install 
cd ../..

Building bpftool

There are several examples using bpftool throughout the book. To get a version with libbfd support (which you'll need if you want to see the jited code in the Chapter 3 examples) you might need to build it from source:

cd ..
git clone --recurse-submodules https://github.com/libbpf/bpftool.git
cd bpftool/src 
make install 

bpftool binaries are now also available from https://github.com/libbpf/bpftool/releases these days.

Examples

You won't be surprised to learn that the directories correspond to chapters in the book. Here are the different examples that accompany each chapter.

There are no code examples for Chapters 1 and 11.

Privileges

You'll need root privileges (well, strictly CAP_BPF and additional privileges) to be able to load BPF programs into the kernel. sudo -s is your friend.

View eBPF trace output

A couple of ways to see the output from the kernel's trace pipe where eBPF tracing gets written:

  • cat /sys/kernel/debug/tracing/trace_pipe
  • bpftool prog tracelog

Installing on other Linux distributions

As noted above, I've tested these examples using Ubuntu 22.04 and a 5.15 kernel. If you're using a different distribution and / or kernel version you might run into incompatibilities between various packages and dependencies. For example:

  • My installation uses Clang 14. If you're using Clang 15 or later (which you can check with clang --version you'll need BCC version 0.27.0 or later

Corrections

I'd love to hear if you find corrections and improvements for these examples. Issues and PRs are welcome!

More Repositories

1

containers-from-scratch

Writing a container in a few lines of Go code, as seen at DockerCon 2017 and on O'Reilly Safari
Go
1,445
star
2

ebpf-beginners

The beginner's guide to eBPF
Python
1,175
star
3

strace-from-scratch

As seen at Gophercon 2017
Go
300
star
4

lb-from-scratch

A very basic eBPF Load Balancer in a few lines of C
C
203
star
5

libbpfgo-beginners

Basic eBPF examples in Golang using libbpfgo
C
188
star
6

debugger-from-scratch

Go
145
star
7

secure-connections

Simple client and server for showing what's happening with certificates during TLS setup
Go
92
star
8

ebpf-networking

The Beginner's Guide to eBPF Programming for Networking
C
83
star
9

container-security

Resources for the O'Reilly Container Security book
78
star
10

running-with-scissors

Resources from my KubeCon + CloudNativeCon keynote
48
star
11

no-meltdown

Resources for "Don't Have A Meltdown"
Go
36
star
12

hello-container-world

Simple examples for containerizing golang code
Go
18
star
13

containers-and-go

An introduction to containers for Go programmers
17
star
14

kubecon-seattle

KubeCon + CloudNativeCon Seattle
Go
14
star
15

dockerregistry

Gets some Docker registry data and has a look at the layers
Python
8
star
16

force-awakens

Config files for KubeCon Amsterdam demo
Shell
5
star
17

katacoda-scenarios

Katacoda Scenarios
Shell
5
star
18

ebpf-advent

Advent of code in eBPF
C
4
star
19

download-shopify-theme

Command line tool to download Liquid files from a Shopify store's theme
Python
3
star
20

whoisinthehouse

Alexa skill for keeping track of the people in the house
Python
2
star
21

hello-cloudevents

A very quick demonstration of CloudEvents
Go
2
star
22

adventofcode

Can't throw them away!
Go
1
star