Basic eBPF examples in Golang using libbpfgo.
- Accompanying slides from my talk at GOTOpia 2021 called Beginner's Guide to eBPF Programming in Go
- See also my original Python examples from my Beginner's Guide to eBPF talk
sudo apt-get update
sudo apt-get install libbpf-dev make clang llvm libelf-devmake all
sudo ./helloThis builds two things:
- dist/hello.bpf.o - an object file for the eBPF program
- hello - a Go executable
The Go executable reads in the object file at runtime. Take a look at the .o file with readelf if you want to see the sections defined in it.
To avoid compatibility issues, you can use the Dockerfile provided in this repository.
Build it by your own:
docker build -t hello .And the run it from the project directory to compile the program:
docker run --rm -v $(pwd)/:/app/:z helloI'm using Ubuntu 20.10, kernel 5.8, go 1.15
This approach installs the libbpf-dev package. Another alternative (which is what Tracee does) is to install the libbpf source as a git submodule, build it from source and install it to the expected location (e.g. /usr/lib/x86_64-linux-gnu/libbpf.a on an Intel x86 processor).