{"id":13546132,"url":"https://github.com/foniod/redbpf","last_synced_at":"2025-09-29T00:32:39.223Z","repository":{"id":37355324,"uuid":"150129388","full_name":"foniod/redbpf","owner":"foniod","description":"Rust library for building and running BPF/eBPF modules","archived":true,"fork":false,"pushed_at":"2023-06-30T10:23:27.000Z","size":1129,"stargazers_count":1718,"open_issues_count":63,"forks_count":139,"subscribers_count":28,"default_branch":"main","last_synced_at":"2025-09-23T20:51:37.423Z","etag":null,"topics":["ebpf","ffi-bindings","rust-ffi","rust-library"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/foniod.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2018-09-24T15:58:55.000Z","updated_at":"2025-09-15T13:15:25.000Z","dependencies_parsed_at":"2024-01-02T20:52:14.533Z","dependency_job_id":null,"html_url":"https://github.com/foniod/redbpf","commit_stats":{"total_commits":574,"total_committers":48,"mean_commits":"11.958333333333334","dds":0.6829268292682926,"last_synced_commit":"55331987dc31a26feb192e4a668bf9bfc336e1e0"},"previous_names":["redsift/redbpf"],"tags_count":36,"template":false,"template_full_name":null,"purl":"pkg:github/foniod/redbpf","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foniod%2Fredbpf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foniod%2Fredbpf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foniod%2Fredbpf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foniod%2Fredbpf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/foniod","download_url":"https://codeload.github.com/foniod/redbpf/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/foniod%2Fredbpf/sbom","scorecard":{"id":406283,"data":{"date":"2025-08-11","repo":{"name":"github.com/foniod/redbpf","commit":"55331987dc31a26feb192e4a668bf9bfc336e1e0"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.7,"checks":[{"name":"Code-Review","score":9,"reason":"Found 13/14 approved changesets -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"project is archived","details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build-test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:238: update your workflow using https://app.stepsecurity.io/secureworkflow/foniod/redbpf/build-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:402: update your workflow using https://app.stepsecurity.io/secureworkflow/foniod/redbpf/build-test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-test.yml:413: update your workflow using https://app.stepsecurity.io/secureworkflow/foniod/redbpf/build-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/foniod/redbpf/build-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/foniod/redbpf/build-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:211: update your workflow using https://app.stepsecurity.io/secureworkflow/foniod/redbpf/build-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:314: update your workflow using https://app.stepsecurity.io/secureworkflow/foniod/redbpf/build-test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-test.yml:325: update your workflow using https://app.stepsecurity.io/secureworkflow/foniod/redbpf/build-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:478: update your workflow using https://app.stepsecurity.io/secureworkflow/foniod/redbpf/build-test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-test.yml:487: update your workflow using https://app.stepsecurity.io/secureworkflow/foniod/redbpf/build-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/foniod/redbpf/build-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/foniod/redbpf/build-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:526: update your workflow using https://app.stepsecurity.io/secureworkflow/foniod/redbpf/build-test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-test.yml:529: update your workflow using https://app.stepsecurity.io/secureworkflow/foniod/redbpf/build-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:555: update your workflow using https://app.stepsecurity.io/secureworkflow/foniod/redbpf/build-test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-test.yml:558: update your workflow using https://app.stepsecurity.io/secureworkflow/foniod/redbpf/build-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:265: update your workflow using https://app.stepsecurity.io/secureworkflow/foniod/redbpf/build-test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-test.yml:276: update your workflow using https://app.stepsecurity.io/secureworkflow/foniod/redbpf/build-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:365: update your workflow using https://app.stepsecurity.io/secureworkflow/foniod/redbpf/build-test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-test.yml:376: update your workflow using https://app.stepsecurity.io/secureworkflow/foniod/redbpf/build-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:440: update your workflow using https://app.stepsecurity.io/secureworkflow/foniod/redbpf/build-test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-test.yml:451: update your workflow using https://app.stepsecurity.io/secureworkflow/foniod/redbpf/build-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:515: update your workflow using https://app.stepsecurity.io/secureworkflow/foniod/redbpf/build-test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-test.yml:518: update your workflow using https://app.stepsecurity.io/secureworkflow/foniod/redbpf/build-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/foniod/redbpf/build-test.yml/main?enable=pin","Info:   0 out of  16 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   9 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE-APACHE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE-APACHE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"18 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: RUSTSEC-2021-0139","Warn: Project is vulnerable to: RUSTSEC-2021-0145 / GHSA-g98v-hv3f-hcfr","Warn: Project is vulnerable to: RUSTSEC-2024-0375","Warn: Project is vulnerable to: RUSTSEC-2022-0078 / GHSA-f85w-wvc7-crwc","Warn: Project is vulnerable to: RUSTSEC-2020-0159","Warn: Project is vulnerable to: RUSTSEC-2024-0384","Warn: Project is vulnerable to: RUSTSEC-2024-0019 / GHSA-r8w9-5wcg-vfj7","Warn: Project is vulnerable to: RUSTSEC-2023-0018 / GHSA-mc8h-8q98-g5hr","Warn: Project is vulnerable to: RUSTSEC-2025-0010","Warn: Project is vulnerable to: GHSA-4p46-pwfr-66x6","Warn: Project is vulnerable to: RUSTSEC-2025-0009","Warn: Project is vulnerable to: GHSA-c86p-w88r-qvqr","Warn: Project is vulnerable to: RUSTSEC-2024-0006 / GHSA-r7qv-8r2h-pg27","Warn: Project is vulnerable to: RUSTSEC-2020-0071 / GHSA-wcg3-cvx6-7396","Warn: Project is vulnerable to: RUSTSEC-2023-0001 / GHSA-7rrj-xr53-82p7","Warn: Project is vulnerable to: RUSTSEC-2023-0005 / GHSA-4q83-7cq4-p6wg","Warn: Project is vulnerable to: GHSA-rr8g-9fpq-6wmg","Warn: Project is vulnerable to: RUSTSEC-2025-0023"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T21:20:50.944Z","repository_id":37355324,"created_at":"2025-08-18T21:20:50.944Z","updated_at":"2025-08-18T21:20:50.944Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":277450939,"owners_count":25819971,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-28T02:00:08.834Z","response_time":79,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ebpf","ffi-bindings","rust-ffi","rust-library"],"created_at":"2024-08-01T12:00:32.353Z","updated_at":"2025-09-29T00:32:38.913Z","avatar_url":"https://github.com/foniod.png","language":"Rust","funding_links":[],"categories":["Projects Related to eBPF","Threat Detection and Forensics","Rust","eBPF 相关项目"],"sub_categories":["Tools","Packing, Obfuscation, Encryption, Anti-analysis","工具"],"readme":"RedBPF\n======\n\n![LICENSE](https://img.shields.io/badge/license-MIT%2FApache--2.0-blue.svg)\n[![element](https://img.shields.io/matrix/redbpf:rustch.at?server_fqdn=rustch.at)](https://app.element.io/#/room/!vCJcBZDeGUXaqSvPpL:rustch.at?via=rustch.at)\n\nA Rust eBPF toolchain.\n\n# Overview\n\nThe redbpf project is a collection of tools and libraries to build eBPF\nprograms using Rust. It includes:\n\n- [redbpf](https://docs.rs/redbpf/latest/redbpf/) - a user space library that can be\n  used to load eBPF programs or access eBPF maps.\n\n- [redbpf-probes](https://docs.rs/redbpf-probes/latest/redbpf_probes/) - an idiomatic Rust\n  API to write eBPF programs that can be loaded by the linux kernel\n\n- [redbpf-macros](https://docs.rs/redbpf-macros/latest/redbpf_macros/) - companion crate to\n  `redbpf-probes` which provides convenient procedural macros useful when\n  writing eBPF programs. For example, `#[map]` for defining a map, `#[kprobe]`\n  for defining a BPF program that can be attached to kernel functions.\n\n- [cargo-bpf](./cargo-bpf/src/main.rs) - a cargo subcommand for creating,\n  building and debugging eBPF programs\n\n# Features\n\n- Allows users to write both BPF programs and userspace programs in Rust\n- Offers many BPF map types\n  1. `HashMap`, `PerCpuHashMap`, `LruHashMap`, `LruPerCpuHashMap`, `Array`,\n     `PerCpuArray`, `PerfMap`, `TcHashMap`, `StackTrace`, `ProgramArray`,\n     `SockMap`, `DevMap`, `RingBuf`\n- Offers several BPF program types\n  1. `KProbe`, `KRetProbe`, `UProbe`, `URetProbe`, `SocketFilter`, `XDP`,\n     `StreamParser`, `StreamVerdict`, `TaskIter`, `SkLookup`, `Tracepoint`\n- Provides attribute macros that define various kind of BPF programs and BPF\n  maps in a declarative way.\n  1. `#[kprobe]`, `#[kretprobe]`, `#[uprobe]`, `#[uretprobe]`, `#[xdp]`,\n     `#[tc_action]`, `#[socket_filter]`, `#[stream_parser]`,\n     `#[stream_verdict]`, `#[task_iter]`, `#[tracepoint]`\n  2. `#[map]`\n- Can generate Rust bindings from the Linux kernel headers or from the BTF of\n  `vmlinux`\n- Provides API for both BPF programs and userspace programs to help users write\n  Rust idiomatic code\n- Supports BTF for maps\n- Supports pinning maps and loading maps from pins\n- Supports BPF iterator for `task`\n- Enables users to write BPF programs for `tc` action and RedBPF compiles the\n  programs into the ELF object file that is compatible with `tc` command\n- Provides wrappers of BPF helper functions\n- Offers asynchronous stream of `perf events` for userspace programs\n- Supports multiple versions of LLVM\n- Shows BPF verifier logs when loading BPF programs, BPF maps or BTF fails\n- Has several example programs that are separated into two parts: BPF programs\n  and userspace programs\n\n# Install\n\n## Requirements\n\n`LLVM` is required in your build system to compile BPF bytecode using RedBPF.\n\n- **LLVM 13**  \n  It is needed to compile BPF bytecode.\n\n- One of the followings:\n  1. The Linux kernel headers\n  2. `vmlinux`, the Linux kernel image that contains `.BTF` section\n  3. Raw BTF data i.e. `/sys/kernel/btf/vmlinux`  \n  These are needed to generate Rust bindings of the data structures of the Linux kernel.\n\n### On Ubuntu 20.04 LTS\n\nInstall LLVM 13 and the Linux kernel headers\n```console\n# apt-get update \\\n  \u0026\u0026 apt-get -y install \\\n       wget \\\n       build-essential \\\n       software-properties-common \\\n       lsb-release \\\n       libelf-dev \\\n       linux-headers-generic \\\n       pkg-config \\\n  \u0026\u0026 wget https://apt.llvm.org/llvm.sh \u0026\u0026 chmod +x llvm.sh \u0026\u0026 ./llvm.sh 13 \u0026\u0026 rm -f ./llvm.sh\n# llvm-config-13 --version | grep 13\n```\n\n### On Fedora 35\n\nInstall LLVM 13 and the Linux kernel headers\n```console\n# dnf install -y \\\n    clang-13.0.0 \\\n\tllvm-13.0.0 \\\n\tllvm-libs-13.0.0 \\\n\tllvm-devel-13.0.0 \\\n\tllvm-static-13.0.0 \\\n\tkernel \\\n\tkernel-devel \\\n\telfutils-libelf-devel \\\n\tmake \\\n    pkg-config \\\n    zstd\n# llvm-config --version | grep 13\n```\n\n### On Arch Linux\n\nInstall LLVM 13 and the Linux kernel headers\n\n```console\n# pacman --noconfirm -Syu \\\n  \u0026\u0026 pacman -S --noconfirm \\\n       llvm \\\n       llvm-libs \\\n       libffi \\\n       clang \\\n       make \\\n       pkg-config \\\n       linux-headers \\\n       linux\n# llvm-config --version | grep -q '^13'\n```\n\n### Building LLVM from source\n\nIf your Linux distro does not support the latest LLVM as pre-built packages\nyet, you may build LLVM from the LLVM source code.\n\n```console\n$ tar -xaf llvm-13.0.0.src.tar.xz\n$ mkdir -p llvm-13.0.0.src/build\n$ cd llvm-13.0.0.src/build\n$ cmake .. -DCMAKE_INSTALL_PREFIX=$HOME/llvm-13-release -DCMAKE_BUILD_TYPE=Release -DLLVM_BUILD_LLVM_DYLIB=1\n$ cmake --build . --target install\n```\n\nThen you can use your LLVM by specifying the custom installation path when\ninstalling `cargo-bpf` or building RedBPF like this:\n\n```console\n$ LLVM_SYS_130_PREFIX=$HOME/llvm-13-release/ cargo install cargo-bpf\n$ LLVM_SYS_130_PREFIX=$HOME/llvm-13-release/ cargo build\n```\n\nMake sure correct `-DCMAKE_BUILD_TYPE` is specified. Typically `Debug` type is\nnot recommended if you are not going to debug LLVM itself.\n\n\n## Installing `cargo-bpf`\n\n`cargo-bpf` is a command line tool for compiling BPF program written in Rust\ninto BPF bytecode.\n\n```console\n$ cargo install cargo-bpf\n$ cargo bpf --version\n```\n\nYou can learn how to use this from [tutorial](TUTORIAL.md).\n\n## Building RedBPF from source\n\nIf you want to build RedBPF from source to fix something, you can do as follows:\n\n```console\n$ git clone https://github.com/foniod/redbpf.git\n$ cd redbpf\n$ git submodule sync\n$ git submodule update --init\n$ cargo build\n$ cargo build --examples\n```\n\n# Getting started\n\nThe easiest way to get started is reading a [basic tutorial](TUTORIAL.md).\n\nYou can find several examples in this [directory](examples/). All example\nprograms are splitted into two parts: `example-probes` and\n`example-userspace`. `example-probes` contains BPF programs that execute in\nkernel context. `example-userspace` includes userspace programs that load BPF\nprograms into kernel space and communicate with BPF programs through BPF maps.\n\nSee also [documentation](./cargo-bpf/src/main.rs) of `cargo-bpf`. It provides a\nCLI tool for compiling BPF programs easily.\n\n[redbpf-tools](https://github.com/foniod/redbpf/tree/master/redbpf-tools) is a\n`cargo-bpf` generated crate that includes simple examples you can use to\nunderstand how to structure your programs.\n\nFinally, check the [foniod project](https://github.com/foniod/foniod) that\nincludes more advanced, concrete production ready examples of redbpf programs.\n\n## Valid combinations of Rust and LLVM versions\n\n`rustc` is linked to its own bundled version of LLVM. And `cargo-bpf` also uses\nits own version of LLVM that is statically linked into `cargo-bpf` itself. But\nnote that users can control the LLVM version of `cargo-bpf` by providing other\nversions of LLVM in their system when building `cargo-bpf`.\n\nWhy do we care about two LLVM versions?  \nBecause both two versions of LLVMs are all participating in the process of\ncompiling BPF programs.\n\n1. RedBPF executes `rustc` to compile BPF programs. And `rustc` calls LLVM\n   functions to emit LLVM bitcode.\n2. And then RedBPF parses the emitted LLVM bitcode to convert it into BPF\n   bytecode. To do so, it calls LLVM functions that are statically linked into\n   `cargo-bpf`.\n\nWhat happens if LLVM of `rustc` is newer than the LLVM of `cargo-bpf`? You\nalready feel it. BAM!  Typically older version of LLVM can not properly handle\nthe bitcode that is generated by newer version of LLVM. i.e., `cargo-bpf` with\nolder LLVM can not properly handle what `rustc` with newer LLVM emits.\n\nWhat happens if LLVM of `rustc` is older than the LLVM of `cargo-bpf`? Normally\nLLVM is likely to support backward compatibility for intermediate\nrepresentation.\n\nLet's put things together.\n\nThere are two LLVM versions involved in compiling BPF programs:\n\n1. the version of LLVM**(1)** that `cargo-bpf` is statically linked to when\n   `cargo-bpf` is built.\n2. the version of LLVM**(2)** that `rustc` is linked to.\n\n*And*, **(1)** should be greater than or equal to **(2)**.  \n*It is the best case if `(1) == (2)` but `(1) \u003e (2)` is also okay.*\n\n| Rust version | LLVM version of the rustc | Valid LLVM version of system |\n|:-------------|:-------------------------:|:-----------------------------|\n| 1.56 ~       | LLVM 13                   | LLVM 13 and newer            |\n\n## Docker images for RedBPF build test\n\nYou can refer to various `Dockerfile`s that contain minimal necessary packages\nto build `RedBPF` properly: [Dockerfiles for\nRedBPF](https://github.com/foniod/build-images/redbpf)\n\nThese docker images are pushed to ghcr.io:\n\nx86_64\n- `ghcr.io/foniod/redbpf-build:latest-x86_64-ubuntu21.04`\n- `ghcr.io/foniod/redbpf-build:latest-x86_64-fedora35`\n- `ghcr.io/foniod/redbpf-build:latest-x86_64-alpine3.15`\n- `ghcr.io/foniod/redbpf-build:latest-x86_64-debian11`\n- `ghcr.io/foniod/redbpf-build:latest-x86_64-archlinux`\n\nARM64\n- `ghcr.io/foniod/redbpf-build:latest-aarch64-ubuntu21.04`\n- `ghcr.io/foniod/redbpf-build:latest-aarch64-fedora35`\n- `ghcr.io/foniod/redbpf-build:latest-aarch64-alpine3.15`\n- `ghcr.io/foniod/redbpf-build:latest-aarch64-debian11`\n\nSee [build-test.yml](.github/workflows/build-test.yml) for more information.\nIt describes build tests of RedBPF that run inside docker containers.\n\nIf you want docker images that are prepared to build `foniod` then refer to\nthis: [Dockerfiles for foniod](https://github.com/foniod/build-images)\n\n## Note for building RedBPF inside docker containers\n\nYou need to specify `KERNEL_SOURCE` or `KERNEL_VERSION` environment variables\nthat indicate kernel headers. The headers should be found inside the\ncontainer. For example, inside the Ubuntu 21.04 container that contains the\nLinux `5.11.0-25-generic` kernel headers, you should specify `KERNEL_VERSION`\nenvironment variable as follows:\n\n```console\n# KERNEL_VERSION=5.11.0-25-generic cargo build --examples\n```\n\nIf your container has `vmlinux`, the Linux kernel image that contains `.BTF`\nsection in it, you can specify it instead of the Linux kernel headers.\n\n```console\n# REDBPF_VMLINUX=/boot/vmlinux cargo build --examples\n```\n\nSee [build-test.yml](.github/workflows/build-test.yml) for more information.\nIt describes build tests of RedBPF that run inside docker containers.\n\n## Supported Architectures\n\nCurrently, `x86-64` and `aarch64` architectures are supported.\n\n\n# License\n\nThis repository contains code from other software in the following\ndirectories, licensed under their own particular licenses:\n\n * `bpf-sys/libbpf`: LGPL2 + BSD-2\n\nWhere '+' means they are dual licensed.\n\nRedBPF and its components, unless otherwise stated, are licensed under either of\n\n * Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or\n\thttp://www.apache.org/licenses/LICENSE-2.0)\n * MIT license ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT)\n\nat your option.\n\n# Contribution\n\nThis project is for everyone. We ask that our users and contributors\ntake a few minutes to review our [code of conduct](https://github.com/foniod/project/blob/main/CODE_OF_CONDUCT.md).\n\nUnless you explicitly state otherwise, any contribution intentionally submitted\nfor inclusion in the work by you, as defined in the Apache-2.0 license, shall\nbe dual licensed as above, without any additional terms or conditions.\n\nFor further advice on getting started, please consult the [Contributor's\nGuide](https://github.com/foniod/project/blob/main/CONTRIBUTING.md). Please\nnote that all contributions MUST contain a [Developer Certificate of\nOrigin](https://github.com/foniod/project/blob/developer-certificate-of-origin/CONTRIBUTING.md#developer-certificate-of-origin)\nsign-off line.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffoniod%2Fredbpf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffoniod%2Fredbpf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffoniod%2Fredbpf/lists"}