libbpfgo is a Go library for Linux's eBPF project. It was created for Tracee, our open source Runtime Security, and eBPF tracing tool, written in Go. If you are interested in eBPF and its applications, check out Tracee at Github: https://github.com/aquasecurity/tracee.
libbpfgo is built around libbpf - the standard library for interacting with eBPF programs from userspace - which is a C library maintained in Linux upstream. We have created libbpfgo as a thin Go wrapper around the libbpf project.
libbpfgo uses CGO to interop with libbpf and will expect to be linked with libbpf at run or link time. Simply importing libbpfgo is not enough to get started, and you will need to fulfill the required dependency in one of the following ways:
Currently you will find the following GNU Makefile rules:
|all||builds libbpfgo (dynamic)|
|clean||cleans entire tree|
|selftest||builds all selftests (static)|
|selftest-run||runs all selftests (static)|
|helpers-test-run||runs all helpers tests (static)|
|libbpfgo-dynamic||builds dynamic libbpfgo (libbpf)|
|libbpfgo-dynamic-test||'go test' with dynamic libbpfgo|
|selftest-dynamic||build tests with dynamic libbpfgo|
|selftest-dynamic-run||run tests using dynamic libbpfgo|
|helpers-test-dynamic-run||run helpers package unit tests using dynamic libbpfgo|
|libbpfgo-static||builds static libbpfgo (libbpf)|
|libbpfgo-static-test||'go test' with static libbpfgo|
|selftest-static||build tests with static libbpfgo|
|selftest-static-run||run tests using static libbpfgo|
|helpers-test-static-run||run helpers package unit tests using static libbpfgo|
$ make libbpfgo-static => libbpfgo statically linked with libbpf $ make -C selftest/perfbuffers => single selftest build (static libbpf) $ make -C selftest/perfbuffers run-dynamic => single selftest run (dynamic libbpf) $ make selftest-static-run => will build & run all static selftests
Note 01: dynamic builds need your OS to have a recent enough libbpf package (and its headers) installed. Sometimes, recent features might require the use of backported OS packages in order for your OS to contain latest libbpf features (sometimes required by libbpfgo). Note 02: static builds need
git submodule initfirst. Make sure to sync the libbpf git submodule before trying to statically compile or test the libbpfgo repository.
libbpfgo tries to make it natural for Go developers to use, by abstracting away C technicalities. For example, it will translate low level return codes into Go
error, it will organize functionality around Go
struct, and it will use
channel as to let you consume events.
In a high level, this is a typical workflow for working with the library:
Modulestruct - that is a unit of BPF functionality around your compiled object file.
BPFProgto system facilities, for example to "raw tracepoints" or "kprobes" using the
BPFProg's associated functions.
BPFMapstruct and it's associated methods.
RingBufferstruct and it's associated objects.
// initializing import bpf "github.com/aquasecurity/libbpfgo" ... bpfModule := bpf.NewModuleFromFile(bpfObjectPath) bpfModule.BPFLoadObject() // maps mymap, _ := bpfModule.GetMap("mymap") mymap.Update(key, value) // ring buffer rb, _ := bpfModule.InitRingBuffer("events", eventsChannel, buffSize) rb.Poll(300) e := <-eventsChannel
libbpfgo does not yet have a regular schedule for cutting releases. There has not yet been a major release but API backwards compatibility will be maintained for all releases with the same major release number. Milestones are created when preparing for release.
v0.2.1-libbpf-0.4.0means that version 0.2.1 of libbpfgo requires v0.4.0 or newer of libbpf.
Note: some distributions might have local changes to their libbpf package and their version might include backports and/or fixes differently than upstream versions. In those cases we recommend that libbpfgo is used statically compiled.
To better receive you, libbpfgo makes available GNU Makefile rules for vagrant machines (amd64/arm64) that can be used to compile and test on Linux and Darwin hosts:
|vagrant-up||starts and provisions the vagrant environment|
|vagrant-ssh||connects to machine via SSH|
|vagrant-halt||stops the vagrant machine|
|vagrant-destroy||stops and deletes all traces of the vagrant machine|
Once connected to the vagrant box you are ready to build libbpfgo (e.g.
For further information, check Vagrantfile.md.
Please check our github milestones for an idea of the project roadmap. The general goal is to fully implement/expose libbpf's API in Go as seamlessly as possible.
We found that github.com/aquasecurity/libbpfgo demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket installs a GitHub app to automatically flag issues on every pull request and report the health of your dependencies. Find out what is inside your node modules and prevent malicious activity before you update the dependencies.