[][src]Crate redbpf_probes

Rust API to write eBPF programs.

Overview

redbpf-probes is part of the redbpf project. It provides an idiomatic Rust API to write programs that can be compiled to eBPF bytecode and executed by the linux in-kernel eBPF virtual machine.

This crate is expected to be used with the companion redbpf-macros crate - a collection of procedural macros used to reduce the amount of boilerplate needed to produce eBPF programs.

To streamline the process of working with eBPF programs even further, redbpf also provides cargo-bpf - a cargo subcommand to simplify creating and building eBPF programs.

Example

This is what redbpf_probes and redbpf_macros look like in action:

#![no_std]
#![no_main]
use redbpf_probes::xdp::prelude::*;

program!(0xFFFFFFFE, "GPL");

#[xdp]
pub fn block_port_80(ctx: XdpContext) -> XdpResult {
    if let Ok(transport) = ctx.transport() {
        if transport.dest() == 80 {
            return Ok(XdpAction::Drop);
        }
    }

    Ok(XdpAction::Pass)
}

Modules

bindings

Generated, low level bindings to bpf types and constants.

helpers

Wrappers for the helper functions provided by the BPF subsystem.

kprobe

KProbes

maps

eBPF maps.

net

Types and traits for working with networking data.

socket_filter

Linux Socket Filtering API.

uprobe
xdp

XDP (eXpress Data Path).