Idomatic Rust bindings for eBPF programs, probes, and maps.
Idomatic Rust bindings for eBPF programs, probes, and maps.
The motive behind this crate and sister crates: btf
, btf-derive
, bpf-ins
, and bpf-script
, aside from learning more about eBPF, was to be able to have a fully Rust eBPF solution. That is, the ability to easily write, compile, and attach BPF programs and use maps without any dependencies on bcc, libbpf or any other non-Rust BPF dependencies.
For usage examples, see code located in examples/ :
Examples | Description |
---|---|
array | A short example using a BPF array |
print-programs | A short example that attachs a probe to sched_process_exec and prints program executions |
user-tracer | Probes a given image path and symbol name using uprobes |