Reduced Python frontend for eBPF

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for varun-r-mallya from gravatar.com varun-r-mallya

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache-2.0
  • Author: r41k0u
  • Requires: Python >=3.8
Report project as malware

Project description

Python-BPF

This is an LLVM IR generator for eBPF programs in Python. We use llvmlite to generate LLVM IR from pure Python. This is then compiled to LLVM object files, which can be loaded into the kernel for execution. We do not rely on BCC to do our compilation.

DO NOT USE IN PRODUCTION. IN DEVELOPMENT.

Installation

  • Have clang installed.
  • pip install pythonbpf

Usage

# pythonbpf_example.py
from pythonbpf import bpf, map, bpfglobal, section, compile
from pythonbpf.helpers import bpf_ktime_get_ns
from pythonbpf.maps import HashMap

from ctypes import c_void_p, c_int64, c_int32, c_uint64

@bpf
@map
def last() -> HashMap:
    return HashMap(key_type=c_uint64, value_type=c_uint64, max_entries=1)

@bpf
@section("tracepoint/syscalls/sys_enter_execve")
def hello(ctx: c_void_p) -> c_int32:
    print("entered")
    return c_int32(0)

@bpf
@section("tracepoint/syscalls/sys_exit_execve")
def hello_again(ctx: c_void_p) -> c_int64:
    print("exited")
    key = 0
    tsp = last().lookup(key)
    print(tsp)
    ts = bpf_ktime_get_ns()
    return c_int64(0)

@bpf
@bpfglobal
def LICENSE() -> str:
    return "GPL"

def some_normal_function():
    print("normal function")

# compiles and dumps object file in the same directory
compile()
  • Run python pythonbpf_example.py to get the compiled object file that can be then loaded into the kernel.

Development

  • Make a virtual environment and activate it using python3 -m venv .venv && source .venv/bin/activate.
  • Run make install to install the required dependencies.
  • Run make to see the compilation output of the example.
  • Run check.sh to check if generated object file passes through the verifier inside the examples directory.
  • Run make in the examples/c-form directory to modify the example C BPF program to check the actual LLVM IR generated by clang.

Development Notes

  • Run ./check.sh check execve2.o; in examples folder to check if the object code passes the verifier.
  • Run ./check.sh run execve2.o; in examples folder to run the object code using bpftool.

Authors

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for varun-r-mallya from gravatar.com varun-r-mallya

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache-2.0
  • Author: r41k0u
  • Requires: Python >=3.8

Release history Release notifications | RSS feed

0.1.8

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

This version

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pythonbpf-0.1.1.tar.gz (24.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pythonbpf-0.1.1-py3-none-any.whl (26.8 kB view details)

Uploaded Python 3

File details

Details for the file pythonbpf-0.1.1.tar.gz.

File metadata

  • Download URL: pythonbpf-0.1.1.tar.gz
  • Upload date:
  • Size: 24.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for pythonbpf-0.1.1.tar.gz
Algorithm Hash digest
SHA256 f88b2f386b3c83ba38b74c1dfb58ec2b2df1d2daf602485d4f69b96d559a9b06
MD5 e8b7aae6052c3da9a96fa3de5044c56c
BLAKE2b-256 6e370aac2c33b780f658fa1d395e154ec4a55abebda7076bf7c0d8f5f49b9ed1

See more details on using hashes here.

Provenance

The following attestation bundles were made for pythonbpf-0.1.1.tar.gz:

Publisher: python-publish.yml on varun-r-mallya/Python-BPF

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file pythonbpf-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: pythonbpf-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 26.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for pythonbpf-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 30796e7de1b42e7250915c862cd75ecfadab3a958aed774b99095840bbe46b77
MD5 e9dd7a56202bd91dcaf14d5052db58c8
BLAKE2b-256 9f4d543eba9f8ff3133d8c2f162981f5b863074949e8035cca0cc280c9ee68d7

See more details on using hashes here.

Provenance

The following attestation bundles were made for pythonbpf-0.1.1-py3-none-any.whl:

Publisher: python-publish.yml on varun-r-mallya/Python-BPF

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page