GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → aquasecurity → btfhub

aquasecurity / btfhub

Licence: Apache-2.0 License
BTFHub, together with BTFHub Archive repository, provides BTF files for existing published kernels that don't support embedded BTF.

Programming Languages

shell
77523 projects
c
50402 projects - #5 most used programming language
Makefile
30231 projects
go
31211 projects - #10 most used programming language

Labels

linuxkernelebpfbtf

Projects that are alternatives of or similar to btfhub

Bpfd
Framework for running BPF programs with rules on Linux as a daemon. Container aware.
Stars: ✭ 396 (+296%)
Mutual labels:  kernel, ebpf
bpflock
bpflock - eBPF driven security for locking and auditing Linux machines
Stars: ✭ 54 (-46%)
Mutual labels:  kernel, ebpf
KubeArmor
Cloud-native Runtime Security Enforcement System
Stars: ✭ 434 (+334%)
Mutual labels:  kernel, ebpf
pwru
Packet, where are you? -- Linux kernel networking debugger
Stars: ✭ 694 (+594%)
Mutual labels:  kernel, ebpf
Cilium
eBPF-based Networking, Security, and Observability
Stars: ✭ 10,256 (+10156%)
Mutual labels:  kernel, ebpf
sqredirect
Redirection and filtering Source Engine game traffic in bundle with sqproxy
Stars: ✭ 21 (-79%)
Mutual labels:  kernel, ebpf
oxdpus
A toy tool that leverages the super powers of XDP to bring in-kernel IP filtering
Stars: ✭ 59 (-41%)
Mutual labels:  kernel, ebpf
operating-systems-usac-course
Operating Systems & Cloud Native Theory, Workshops, Guides, Cool Cloud Native Projects and students contribution area
Stars: ✭ 73 (-27%)
Mutual labels:  kernel
rnk
rnk is a RTOS targeting ARM architecture.
Stars: ✭ 22 (-78%)
Mutual labels:  kernel
KnutOS
An x86_64 hobbyist OS written in C and Assembly
Stars: ✭ 16 (-84%)
Mutual labels:  kernel
Understanding Linux Kernel Vulnerability
Understanding Linux Kernel Vulnerability
Stars: ✭ 21 (-79%)
Mutual labels:  kernel
execmon
Advanced process execution monitoring utility for linux (procmon like)
Stars: ✭ 77 (-23%)
Mutual labels:  kernel
slabdbg
GDB plug-in that helps exploiting the Linux kernel's SLUB allocator
Stars: ✭ 55 (-45%)
Mutual labels:  kernel
Sigma
Abandoned overcomplicated Microkernel using modern x86_64 features
Stars: ✭ 36 (-64%)
Mutual labels:  kernel
memfd-examples
Sample usage of the new memfd_create(2) Linux system call.
Stars: ✭ 64 (-36%)
Mutual labels:  kernel
spylon-kernel
Jupyter kernel for scala and spark
Stars: ✭ 160 (+60%)
Mutual labels:  kernel
sockdump
Dump unix domain socket traffic with bpf
Stars: ✭ 160 (+60%)
Mutual labels:  ebpf
SanderOSUSB
32 bit singletasking C kernel
Stars: ✭ 52 (-48%)
Mutual labels:  kernel
imongo
A MongoDB kernel for Jupyter
Stars: ✭ 51 (-49%)
Mutual labels:  kernel
infinity
A secure, modern and intelligent operative system
Stars: ✭ 27 (-73%)
Mutual labels:  kernel
View All Similar Projects ➔

While BTFhub main repository contains documentation, tooling and examples on how to use the BTF files, the BTF files exist in the BTFhub-Archive repository.

What is BTF ?

BTF is one of the things that make eBPF portable.

Before CO-RE existed, eBPF developers had to compile one eBPF object per supported kernel. This made eBPF toolkits, such as iovisor/bcc, to rely on runtime compilations.

With CO-RE, the same eBPF object can be loaded into multiple different kernels. The libbpf loader will allow CO-RE by arranging needed infrastructure for a given eBPF object, such as eBPF maps creation, code relocation, eBPF probes, links and their attachments, etc.

The eBPF Type Format (BTF) is a data format to store debug information about eBPF objects OR about the kernels they will be loaded into.

The idea is this: Both, the eBPF object AND the target kernel, have BTF information available, usually embedded into their ELF files. The libbpf loader uses the embedded BTF information to calculate needed changes (relocations, map creations, probe attachments, ...) for an eBPF object to be loaded and have its programs executed in any kernel, without modifications to the object.

What is BTFhub ?

Unfortunately the BTF format wasn't always available and, because of missing kernel support, or because of the lack of userland tools, capable of understanding the BTF format, distributions release(ed) kernels without the embedded BTF information.

That is why BTFhub exists: to provide BTF information for Linux distributions released kernels that don't have embedded BTF information. Instead of recompiling your eBPF code to each existing Linux kernel that does not support BTF information, your code will be relocated - by libbpf - according to available BTF information from the BTFhub files.

After libbpf started supporting external (raw) BTF files, we're able to feed libbpf with this external BTF file for a kernel you want to run your eBPF code into. Each kernel needs its own BTF file.

Note: You won't need BTFhub if you're willing to support your eBPF CO-RE application only in the latest kernels. Now, if you are willing to support ALL released kernels, including some Long Term Support Linux distribution versions, then you may need to use BTFhub.

Supported Kernels and Distributions

This is a list of existing distributions and their current status on eBPF and BTF support.

How can I use it ?

  1. This is a code example of how you should use BTFhub to add support to legacy kernels to your eBPF project. The uncompressed full BTF files, from the BTFhub-Archive repository, should feed libbpf used by your eBPF project, just like showed in this C example or this Go example.

  2. You may use the BTFgen tool to create smaller BTF files, so you can embed them into your eBPF application and make it support all kernels supported by BTFhub.

Where can I find more information ?

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].