InsideCode

Dockerizing ebpf

Responsive image — ebpf and the active projects using ebpf

Intro to ebpf

eBPF is a technology that enables dynamic insertion of user written code to be executed in kernel without changing kernel source code or loading modules. It's widely used for networking, security, observability in the field. For a regular programmer having interest in tinkering or monitoring kernel internals, ebpf is a great tool.

Why libbpf-bootstrap

Setting up an ebpf environment to write a simple hello, world program is an intimidating activity due to the dependencies it has. It has prerequisites of clang as compiler, libbpf library that does lot of heavylifting to load user written program to kernel. libbpf-bootstrap includes all the necessary items under it's umbrella to ease the trouble a user may face to start working in ebpf.

Why Dockerizing libbpf-bootstrap

Dockerizing libbpf-bootstrap brings us all the advantages Docker does by providing a stable and portable environment for us to build ebpf programs. This is an example, I've found from here

    
      FROM ubuntu:latest

      RUN apt-get update && \
          apt-get install -y build-essential git cmake \
                             zlib1g-dev libevent-dev \
                             libelf-dev llvm \
                             clang libc6-dev-i386 curl \
                             nano pkg-config wget
      
      #installing cargo and rustc
      RUN curl https://sh.rustup.rs -sSf | sh -s -- -y
      ENV PATH="/root/.cargo/bin:${PATH}"
      RUN cargo --version && rustc --version
      
      RUN mkdir /src && git init
      WORKDIR /src
      
      RUN wget https://github.com/bpftrace/bpftrace/releases/download/v0.20.4/bpftrace
      RUN chmod +x bpftrace
      
      RUN ln -s /usr/include/x86_64-linux-gnu/asm/ /usr/include/asm
      
      RUN git clone https://github.com/libbpf/libbpf-bootstrap.git && \
          cd libbpf-bootstrap && \
          git submodule update --init --recursive
      
      RUN cd /src/libbpf-bootstrap/blazesym && \
          cargo build --release
      
      RUN cd libbpf-bootstrap/libbpf/src && \
          make BUILD_STATIC_ONLY=y && \
          make install BUILD_STATIC_ONLY=y LIBDIR=/usr/lib/x86_64-linux-gnu/
      
      RUN git clone --recurse-submodules https://github.com/libbpf/bpftool.git && \
          cd bpftool/src && \
          make -j$(nproc) && \
          make install
      
      RUN git clone --depth 1 git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git && \
          cp linux/include/uapi/linux/bpf* /usr/include/linux/

Conclusion:

libbpf-bootstrap has examples here in C and Rust programming language for users to experiment. Enjoy!