{"id":13466045,"url":"https://github.com/lizrice/learning-ebpf","last_synced_at":"2025-04-07T23:13:00.574Z","repository":{"id":53095051,"uuid":"520421101","full_name":"lizrice/learning-ebpf","owner":"lizrice","description":"Learning eBPF, published by O'Reilly - out now! Here's where you'll find a VM config for the examples, and more","archived":false,"fork":false,"pushed_at":"2024-08-19T17:28:09.000Z","size":2063,"stargazers_count":1238,"open_issues_count":5,"forks_count":260,"subscribers_count":29,"default_branch":"main","last_synced_at":"2024-10-30T00:33:12.562Z","etag":null,"topics":["ebpf","ebpf-co-re","linux-kernel"],"latest_commit_sha":null,"homepage":"https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lizrice.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-08-02T08:50:26.000Z","updated_at":"2024-10-25T09:22:41.000Z","dependencies_parsed_at":"2023-02-16T10:16:17.593Z","dependency_job_id":"cbbb0edd-671c-461a-997b-1ab0f2efbd57","html_url":"https://github.com/lizrice/learning-ebpf","commit_stats":{"total_commits":74,"total_committers":9,"mean_commits":8.222222222222221,"dds":"0.14864864864864868","last_synced_commit":"fcdc627ea0ce80a328ce23c2e8544ff0316f14a8"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lizrice%2Flearning-ebpf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lizrice%2Flearning-ebpf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lizrice%2Flearning-ebpf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lizrice%2Flearning-ebpf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lizrice","download_url":"https://codeload.github.com/lizrice/learning-ebpf/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247744335,"owners_count":20988783,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ebpf","ebpf-co-re","linux-kernel"],"created_at":"2024-07-31T15:00:38.494Z","updated_at":"2025-04-07T23:13:00.554Z","avatar_url":"https://github.com/lizrice.png","language":"C","readme":"# Learning eBPF\n\nThis repo accompanies my new book [Learning\neBPF](https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121)\n(published by O'Reilly).\n\n\u003cimg src=\"learning-ebpf-cover.png\" height=250 \nalt=\"Learning eBPF cover features an image of an Early\nBumblebee\" /\u003e\n\nBuy your copy of the book from\n[Bookshop.org](https://bookshop.org/p/books/learning-ebpf-programming-the-linux-kernel-for-enhanced-observability-networking-and-security-liz-rice/19244244?ean=9781098135126)\nor\n[Amazon](https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121),\nview it on the [O'Reilly platform](https://www.oreilly.com/library/view/learning-ebpf/9781098135119/), or download a copy from [Isovalent](https://isovalent.com/learning-ebpf). \n\n## Running the example code\n\nThe repo includes the example eBPF programs discussed in the book.\n\nI've also provided a [Lima](https://github.com/lima-vm/lima) config file with\nthe packages you need for building the code pre-installed.\n\nIf you have a Linux machine or VM to hand, feel free to use that instead of\nLima, using the `learning-ebpf.yaml` file as a guide for the packages you'll \nneed to install. The minimum kernel version required varies from chapter to chapter. All\nthese examples have been tested on an Ubuntu 22.04 distribution using a 5.15 kernel. \n\n\n\n### Install this repo\n\n```sh\ngit clone --recurse-submodules https://github.com/lizrice/learning-ebpf\ncd learning-ebpf\n```\n\n### Lima VM\n\n```sh\nlimactl start learning-ebpf.yaml\nlimactl shell learning-ebpf\n\n# You'll need to be root for most of the examples\nsudo -s\n```\n\n### Building libbpf and installing header files\n\nLibbpf is included as a submodule in this repo. You'll need to build and install\nit for the C-based examples to build correctly. (See libbpf/README.md for more\ndetails.)\n\n```sh\ncd libbpf/src\nmake install \ncd ../..\n```\n\n### Building bpftool\n\nThere are several examples using `bpftool` throughout the book. To get a version\nwith libbfd support (which you'll need if you want to see the jited code in the \nChapter 3 examples) you might need to build it from source:\n\n```sh\ncd ..\ngit clone --recurse-submodules https://github.com/libbpf/bpftool.git\ncd bpftool/src \nmake install \n```\n\n`bpftool` binaries are now also available from https://github.com/libbpf/bpftool/releases these days.\n\n## Examples\n\nYou won't be surprised to learn that the directories correspond to chapters in\nthe book. Here are the different examples that accompany each chapter.\n\n* Chapter 1: What Is eBPF and Why Is It Important?\n* [Chapter 2: eBPF's \"Hello World\"](chapter2/README.md) - Basic examples using the BCC framework.\n* [Chapter 3: Anatomy of an eBPF Program](chapter3/README.md) - C-based XDP\n  examples, used in the book to explore how the source code gets transformed to eBPF bytecode and\n  machine code. There's also an example of BPF to BPF function calls.\n* [Chapter 4: The bpf() System Call](chapter4/README.md) - More BCC-based examples, used in the book to\n  illustrate what's happening at the syscall level when you use eBPF.\n* [Chapter 5: CO-RE, BTF and Libbpf](chapter5/README.md) - Libbpf-based C\n  example code.\n* [Chapter 6: The eBPF Verifier](chapter6/README.md) - Make small edits to the\n  example code to cause a variety of verifier errors!\n* [Chapter 7: eBPF Program and Attachment Types](chapter7/README.md) - Examples\n  of different eBPF program types.\n* [Chapter 8: eBPF for Networking](chapter8/README.md) - Example code that\n  attaches to various points in the network stack to interfere with ping and\n  curl requests. *Coming soon, load balancer example*\n* Chapter 9: eBPF for Security - *coming soon*\n* [Chapter 10: eBPF Programming](chapter10/README.md) - The book explores examples from various eBPF\n  libraries.\n* Chapter 11: The Future Evolution of eBPF\n\nThere are no code examples for Chapters 1 and 11.\n\n### Privileges\n\nYou'll need root privileges (well, strictly CAP_BPF and [additional\nprivileges](https://mdaverde.com/posts/cap-bpf/)) to be able to load BPF\nprograms into the kernel. `sudo -s` is your friend.\n\n### View eBPF trace output\n\nA couple of ways to see the output from the kernel's trace pipe where eBPF\ntracing gets written:\n\n* `cat /sys/kernel/debug/tracing/trace_pipe`\n* `bpftool prog tracelog`\n\n## Installing on other Linux distributions\n\nAs noted above, I've tested these examples using Ubuntu 22.04 and a 5.15 kernel. If you're using a different distribution and / or kernel version you might run into incompatibilities between various packages and dependencies. For example: \n\n - My installation uses Clang 14. If you're using Clang 15 or later (which you can check with `clang --version` you'll need [BCC version 0.27.0](https://github.com/iovisor/bcc/releases) or later\n\n## Corrections\n\nI'd love to hear if you find corrections and improvements for\nthese examples. Issues and PRs are welcome!\n","funding_links":[],"categories":["C","Cilium related projects"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flizrice%2Flearning-ebpf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flizrice%2Flearning-ebpf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flizrice%2Flearning-ebpf/lists"}