GitHunt
AS

Asphaltt/ebpf

ebpf-go is a pure-Go library to read, modify and load eBPF programs and attach them to various hooks in the Linux kernel.

eBPF

PkgGoDev

HoneyGopher

ebpf-go is a pure Go library that provides utilities for loading, compiling, and
debugging eBPF programs. It has minimal external dependencies and is intended to
be used in long running processes.

See ebpf.io for complementary projects from the wider eBPF
ecosystem.

Getting Started

Please take a look at our Getting Started guide.

Contributions are highly encouraged, as they highlight certain use cases of
eBPF and the library, and help shape the future of the project.

Getting Help

The community actively monitors our GitHub Discussions page.
Please search for existing threads before starting a new one. Refrain from
opening issues on the bug tracker if you're just starting out or if you're not
sure if something is a bug in the library code.

Alternatively, join the
#ebpf-go channel on Slack if you
have other questions regarding the project. Note that this channel is ephemeral
and has its history erased past a certain point, which is less helpful for
others running into the same problem later.

Packages

This library includes the following packages:

  • asm contains a basic
    assembler, allowing you to write eBPF assembly instructions directly
    within your Go code. (You don't need to use this if you prefer to write your eBPF program in C.)
  • cmd/bpf2go allows
    compiling and embedding eBPF programs written in C within Go code. As well as
    compiling the C code, it auto-generates Go code for loading and manipulating
    the eBPF program and map objects.
  • link allows attaching eBPF
    to various hooks
  • perf allows reading from a
    PERF_EVENT_ARRAY
  • ringbuf allows reading from a
    BPF_MAP_TYPE_RINGBUF map
  • features implements the equivalent
    of bpftool feature probe for discovering BPF-related kernel features using native Go.
  • rlimit provides a convenient API to lift
    the RLIMIT_MEMLOCK constraint on kernels before 5.11.
  • btf allows reading the BPF Type Format.
  • pin provides APIs for working with pinned objects on bpffs.

Requirements

  • A version of Go that is supported by
    upstream
  • Linux (amd64, arm64): CI is run against kernel.org LTS releases. >= 4.4 should work but EOL'ed
    versions are not supported.
  • Windows (amd64): CI is run against Windows Server 2022. Only the latest eBPF for Windows
    release is supported.
  • Other architectures are best effort. 32bit arches are not supported.

License

MIT

eBPF Gopher

The eBPF honeygopher is based on the Go gopher designed by Renee French.

Languages

Go98.7%Shell0.4%Go Template0.3%Makefile0.2%Awk0.2%PowerShell0.2%
MIT License
Created March 9, 2023
Updated January 30, 2026
Asphaltt/ebpf | GitHunt