Please note that eBPF is supported only by Linux, it will not work on MacOS!

• SocketFilter: Simple Packet Counter
• XDP: Simple packets protocol counter
• XDP: Basic Firewall
• XDP: FIB lookup and bpf_redirect example
• PerfEvents: XDP Dump
• Kprobes: Exec Dump

All examples actually contain 2 parts:

• The eBPF program written in C
• go application which acts as a control plane

You need to build both to make example work.

# Install clang/llvm to be able to compile C files into bpf arch
$ apt-get install clang llvm make

# Install goebpf package
$ go get github.com/dropbox/goebpf

Compile both parts

$ make
clang -I../../.. -O2 -target bpf -c ebpf_prog/xdp.c  -o ebpf_prog/xdp.elf
go build -v -o main

Run it!

$ sudo ./main [optional args]

You must use sudo or CAP_SYS_ADMIN / CAP_NET_ADMIN capabilities because of it creates kernel objects.

$ cd [path_to_example]
$ make build_bpf

Compiled binary will be under ebpf_prog folder, e.g.:

$ ls -l ebpf_prog
total 8
-rw-r--r-- 1 root root 1524 May 15 21:20 xdp.c
-rw-r--r-- 1 root root 1104 May 15 21:20 xdp.elf