Tuesday, January 28, 2025

Setting up an eBPF Programming Environment using Python

 This is a short article that describes how we can quickly set up a Python development environment on Linux that can allow us to write and run eBPF programs. I assume you already know about the powerful paradigm of eBPF on Linux that allows us  to write a variety of hooks in the Linux kernel which help us debug, profile, and modify the behavior of various kinds of system actions. More details are just a web search away, and I would highly recommend the book Learning eBPF Programming by Liz Rice.

On an RPM-based system (Fedora / CentOS / Rocky types), you have to first ensure that your kernel supports eBPF and eBPF features are enabled. Usually a 5.10 or above stock kernel has adequate support.

Then you need to install certain packages.

sudo yum install bcc python3-bcc libbpf

Next you set up the Python virtual environment and ensure that the necessary packages are present. For example:

python3 -m venv myenv
cd myenv/
source bin/activate
python3 -m pip install --upgrade pip
python3 -m pip install bcc
python3 -m pip install requests
python3 -m pip install flask
pip install markupsafe==2.0.1
pip install psutil
python3 -m pip install numba
python3 -m pip install pytest

Now write your eBPF code using Python and run it as root:

sudo su                         # you have to run the programs as root
source myenv/bin/activate
export PYTHONPATH=$(dirname `find /usr/lib -name bcc`):$PYTHONPATH    # last thing before we run the bpf script
python3 <pyfile>


Posted by Arindam Mukherjee at 1:07 am

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)