8 releases
| 0.3.1 | Jan 23, 2024 |
|---|---|
| 0.3.0 | Nov 3, 2022 |
| 0.2.0 | Oct 29, 2022 |
| 0.1.4 | Oct 26, 2022 |
#212 in Operating systems
52KB
1K
SLoC
bpf-api
Idomatic Rust bindings for eBPF programs, probes, and maps.
The motive behind this crate and sister crates: btf, btf-derive, bpf-ins, and bpf-script, aside from learning more about eBPF, was to be able to have a fully Rust eBPF solution. That is, the ability to easily write, compile, and attach BPF programs and use maps without any dependencies on bcc, libbpf or any other non-Rust BPF dependencies.
Usage
For usage examples, see code located in examples/ :
| Examples | Description |
|---|---|
| array | A short example using a BPF array |
| print-programs | A short example that attachs a probe to sched_process_exec and prints program executions |
| user-tracer | Probes a given image path and symbol name using uprobes |
TODO
- Add ARM support.
- Make probe attachment easier / write convenience macros.
License
Dependencies
~0.4–1MB
~20K SLoC