A companion repository with example eBPF programs and a Lima VM configuration for the O'Reilly book 'Learning eBPF'.
Learning eBPF is a companion code repository for the O'Reilly book of the same name. It provides example eBPF programs and a pre-configured virtual machine environment to help developers learn eBPF programming hands-on. The examples cover core eBPF concepts, from basic programs to networking and security applications.
System programmers, DevOps engineers, and security professionals who want to learn eBPF for kernel-level observability, networking, and security. It's ideal for those following the 'Learning eBPF' book.
It offers a curated, book-aligned set of working eBPF examples with a ready-to-run environment, eliminating setup friction and allowing immediate practical experimentation. The examples are tested and cover both BCC and libbpf frameworks.
Learning eBPF, published by O'Reilly - out now! Here's where you'll find a VM config for the examples, and more
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
Each chapter has corresponding eBPF programs, directly supporting the O'Reilly book's concepts, as seen in the directory structure from Chapter 2 to 10.
Includes a Lima VM config with build tools pre-installed, allowing immediate start without manual setup, detailed in the README's running instructions.
Provides examples using both BCC and libbpf frameworks, offering practical comparisons, as highlighted in the key features and chapter listings.
Chapter 6 includes examples modified to trigger eBPF verifier errors, helping users understand kernel constraints through experimentation.
Tested only on Ubuntu 22.04 with kernel 5.15, and the README warns of incompatibilities with other distributions or Clang versions, limiting portability.
Requires building libbpf and possibly bpftool from source, adding complexity and potential for errors, despite the pre-configured VM.
Most examples need root access or CAP_BPF, which can be restrictive in learning environments without administrative rights, as noted in the README.