cilium / ebpf
ebpf-go is a pure-Go library to read, modify and load eBPF programs and attach them to various hooks in the Linux kernel.
AI Architecture Analysis
This repository is indexed by RepoMind. By analyzing cilium/ebpf in our AI interface, you can instantly generate complete architecture diagrams, visualize control flows, and perform automated security audits across the entire codebase.
Our Agentic Context Augmented Generation (Agentic CAG) engine loads full source files into context on-demand, avoiding the fragmentation of traditional RAG systems. Ask questions about the architecture, dependencies, or specific features to see it in action.
Embed this Badge
Showcase RepoMind's analysis directly in your repository's README.
Repository Overview (README excerpt)
Crawler vieweBPF ebpf-go is a pure Go library that provides utilities for loading, compiling, and debugging eBPF programs. It has minimal external dependencies and is intended to be used in long running processes. See ebpf.io for complementary projects from the wider eBPF ecosystem. Getting Started Please take a look at our [Getting Started] guide. Contributions are highly encouraged, as they highlight certain use cases of eBPF and the library, and help shape the future of the project. Getting Help The community actively monitors our GitHub Discussions page. Please search for existing threads before starting a new one. Refrain from opening issues on the bug tracker if you're just starting out or if you're not sure if something is a bug in the library code. Alternatively, join the #ebpf-go channel on Slack if you have other questions regarding the project. Note that this channel is ephemeral and has its history erased past a certain point, which is less helpful for others running into the same problem later. Packages This library includes the following packages: • asm contains a basic assembler, allowing you to write eBPF assembly instructions directly within your Go code. (You don't need to use this if you prefer to write your eBPF program in C.) • cmd/bpf2go allows compiling and embedding eBPF programs written in C within Go code. As well as compiling the C code, it auto-generates Go code for loading and manipulating the eBPF program and map objects. • link allows attaching eBPF to various hooks • perf allows reading from a • ringbuf allows reading from a map • features implements the equivalent of for discovering BPF-related kernel features using native Go. • rlimit provides a convenient API to lift the constraint on kernels before 5.11. • btf allows reading the BPF Type Format. • pin provides APIs for working with pinned objects on bpffs. Requirements • A version of Go that is supported by upstream • Linux (amd64, arm64): CI is run against kernel.org LTS releases. >= 4.4 should work but EOL'ed versions are not supported. • Windows (amd64): CI is run against Windows Server 2022. Only the latest eBPF for Windows release is supported. • Other architectures are best effort. 32bit arches are not supported. License MIT eBPF Gopher The eBPF honeygopher is based on the Go gopher designed by Renee French. [Getting Started]: https://ebpf-go.dev/guides/getting-started/