A curated list of awesome eBPF π projects using aya-rs and Rust π¦
eBPF is a technology that allows running user-supplied programs inside the Linux kernel. For more info see https://ebpf.io/what-is-ebpf.
Aya is an eBPF library built with a focus on operability and developer experience. It does not rely on libbpf nor bcc - it's built from the ground up purely in Rust, using only the libc crate to execute syscalls. With BTF support and when linked with musl, it offers a true compile once, run everywhere solution, where a single self-contained binary can be deployed on many linux distributions and kernel versions.
Some of the major features provided include:
- Support for the BPF Type Format (BTF), which is transparently enabled when supported by the target kernel. This allows eBPF programs compiled against one kernel version to run on different kernel versions without the need to recompile.
- Support for function call relocation and global data maps, which allows eBPF programs to make function calls and use global variables and initializers.
- Async support with both tokio and async-std.
- Easy to deploy and fast to build: aya doesn't require a kernel build or compiled headers, and not even a C toolchain; a release build completes in a matter of seconds.
Note: The eBPF ecosystem in general is constantly evolving, including Aya itself. We'd love your help to keep this list up to date. Please feel free to file an issue or make a PR if you would like to make a correction or want to have your awesome project included.
Contributions are welcome! Please see the contributing guide. If you would like to have your project included in this list, please file a pull request.
- Reference Documentation
- Article and Presentations
- Small Tools that Use Aya
- Major Projects that Use Aya
- Aya eBPF-Side Libraries
- Acknowledgements
- The official Aya Discord server - Community support and discussion
- The Aya Book - The official Aya book, currently a work in progress
- Compiled mdbook version is available here
- Some code examples are available here
- The official Aya docs on docs.rs - Up-to-date documentation on the Aya userspace library
- Aya templates for
cargo-generate
- An easy way to generate a new Aya project usingcargo-generate
- The original announcement of the Aya project
- Covers the goals of the project and some early logistics
- Adding BPF target support to the Rust compiler
- eCHO episode 25: eBPF, Rust, and Aya
- Dave Tucker and Alessandro Decina discuss the Aya project and writing eBPF programs in Rust
- suidsnoop - Uses Aya and eBPF LSM programs to implement audit logging and policy enforcement for suid binaries
- Includes examples of:
- Writing LSM programs in aya-bpf
- Getting LSM program arguments in aya-bpf
- Enforcing custom security policy in aya-bpf
- Using
aya::AsyncPerfEventArray
to pass events to userspace
- Includes examples of:
- lockc - An eBPF LSM-based MAC security audit system for container workloads
- Works with Docker and Kubernetes (with containerd CRI)
- Enforcing 3 pre-defined policy levels on containers
- aya-log - A logging library for eBPF programs written using aya-bpf
- This is a fully-reusable logging library for eBPF programs written in aya
- It provides a logging interface for eBPF programs that emulates Rust's standard log crate
The original idea for awesome comes from Sindre Sorhus. The format of this repository is based on zoidbergwill's Awesome eBPF list.
All text in this repository is governed by the Creative Commons Attribution-ShareAlike 4.0 International License.