eBPF Tools and Concepts

Development Environment and bpftool

eBPF development environment setup and essential tools.

eBPFHub Platform

Browser-based, no installation needed.

What you can do:

  • All Chapter 2-3 eBPFHub exercises
  • Compile and run real BPF programs on a real kernel
  • Debug with macros
  • Automatic answer validation

Development Environment

Source: Cilium BPF Toolchain

This document covers development environment setup:

  • LLVM/Clang BPF backend
  • iproute2 compilation
  • bpftool compilation
  • Kernel config (CONFIG_BPF, CONFIG_BPF_SYSCALL, etc.)
  • Running BPF selftests

When to read: Refer to this if you get stuck in labs or want to set up your own environment. Since eBPFHub and iximiuz labs run in the browser, you do not need this at first.

Linux VM Setup

# Ubuntu 22.04+ recommended
sudo apt install clang llvm libbpf-dev linux-tools-common linux-headers-$(uname -r)

# bpftool
sudo apt install linux-tools-$(uname -r)

# Go (for cilium/ebpf)
go install github.com/cilium/ebpf/cmd/bpf2go@latest

# xdp-tutorial dependencies
sudo apt install libxdp-dev xdp-tools

Linux VM Options

  • AWS EC2 - t3.medium is sufficient
  • Multipass - lightweight Ubuntu VM on macOS
  • UTM/Parallels - for ARM Mac

macOS (C Learning and Compilation Only)

What you CAN do on macOS:

  • Learn C and write small programs
  • iximiuz labs (browser-based)
  • eBPFHub exercises (browser-based)
  • Compile BPF code (with Docker)

What you CANNOT do on macOS:

  • Run xdp-tutorial
  • Attach BPF programs
  • Debug with bpftool

First eBPF Program

Lab: My First eBPF Program

What you will learn in this lab:

  • The two parts of an eBPF program: kernel (C) + userspace (Go)
  • SEC() macro for specifying the program type
  • License definition (GPL)
  • Compilation with bpf2go
  • Debugging with bpf_printk

eBPF Maps

Lab: eBPF Maps Tutorial

What you will learn in this lab:

  • BPF_MAP_TYPE_HASH definition
  • bpf_map_lookup_elem, bpf_map_update_elem
  • Key/value structure
  • Accessing maps from userspace

bpftool Usage

Lab: Inspecting eBPF using bpftool

What you will learn in this lab:

  • bpftool prog list/show - list loaded programs
  • bpftool map list/dump - inspect maps
  • bpftool prog trace - read bpf_printk logs
  • bpftool btf dump - generate vmlinux.h
  • Monitoring with bpftop

Reading: How to find supported eBPF helper

Reading: libbpf Concepts

Note - xdp-tutorial common folder: Inspect common/README.org and the shared code (parsing_helpers.h, common_libbpf.c, xdp_stats_*). basic03 and packet01 use this shared code; review common first.