Reduced Python frontend for eBPF

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for varun-r-mallya from gravatar.com varun-r-mallya

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache-2.0
  • Author: r41k0u
  • Requires: Python >=3.8
Report project as malware

Project description

Python-BPF

This is an LLVM IR generator for eBPF programs in Python. We use llvmlite to generate LLVM IR from pure Python. This is then compiled to LLVM object files, which can be loaded into the kernel for execution. We do not rely on BCC to do our compilation.

DO NOT USE IN PRODUCTION. IN DEVELOPMENT.

Video Demo

Video demo for code under demo/

Slide Deck

Slide deck explaining the project

Installation

  • Have clang installed.
  • pip install pythonbpf

Usage

# pythonbpf_example.py
from pythonbpf import bpf, map, bpfglobal, section, compile
from pythonbpf.helpers import bpf_ktime_get_ns
from pythonbpf.maps import HashMap

from ctypes import c_void_p, c_int64, c_int32, c_uint64

@bpf
@map
def last() -> HashMap:
    return HashMap(key=c_uint64, value=c_uint64, max_entries=1)

@bpf
@section("tracepoint/syscalls/sys_enter_execve")
def hello(ctx: c_void_p) -> c_int32:
    print("entered")
    return c_int32(0)

@bpf
@section("tracepoint/syscalls/sys_exit_execve")
def hello_again(ctx: c_void_p) -> c_int64:
    print("exited")
    key = 0
    tsp = last().lookup(key)
    print(tsp)
    ts = bpf_ktime_get_ns()
    return c_int64(0)

@bpf
@bpfglobal
def LICENSE() -> str:
    return "GPL"

def some_normal_function():
    print("normal function")

# compiles and dumps object file in the same directory
compile()
  • Run python pythonbpf_example.py to get the compiled object file that can be then loaded into the kernel.

Development

  • Make a virtual environment and activate it using python3 -m venv .venv && source .venv/bin/activate.
  • Run make install to install the required dependencies.
  • Run make to see the compilation output of the example.
  • Run check.sh to check if generated object file passes through the verifier inside the examples directory.
  • Run make in the examples/c-form directory to modify the example C BPF program to check the actual LLVM IR generated by clang.

Development Notes

  • Run ./check.sh check execve2.o; in examples folder to check if the object code passes the verifier.
  • Run ./check.sh run execve2.o; in examples folder to run the object code using bpftool.

Authors

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for varun-r-mallya from gravatar.com varun-r-mallya

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache-2.0
  • Author: r41k0u
  • Requires: Python >=3.8

Release history Release notifications | RSS feed

0.1.8

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

This version

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pythonbpf-0.1.2.tar.gz (26.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pythonbpf-0.1.2-py3-none-any.whl (29.9 kB view details)

Uploaded Python 3

File details

Details for the file pythonbpf-0.1.2.tar.gz.

File metadata

  • Download URL: pythonbpf-0.1.2.tar.gz
  • Upload date:
  • Size: 26.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for pythonbpf-0.1.2.tar.gz
Algorithm Hash digest
SHA256 c52b0eae99ac4a9fd4c71b8c243f2be4ae85e22f1729704fd88ba5545c08306c
MD5 10b3f5928ce3553dd37f2dff90ba9498
BLAKE2b-256 34611018fd41e9da1cdfe4727d3b292f1bd2f7d7777e42811fe623861e485c8b

See more details on using hashes here.

Provenance

The following attestation bundles were made for pythonbpf-0.1.2.tar.gz:

Publisher: python-publish.yml on varun-r-mallya/Python-BPF

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file pythonbpf-0.1.2-py3-none-any.whl.

File metadata

  • Download URL: pythonbpf-0.1.2-py3-none-any.whl
  • Upload date:
  • Size: 29.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for pythonbpf-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 33f54e3e47d9436cdae1310b96efe518e88a6f343a844d3dbd72b8a288a3e109
MD5 3bdce7e9d17b5a4fb1269430adf3d816
BLAKE2b-256 faea03a42434123e76f4f3f4b90730baa3631201d18e366557c81a21f7507c90

See more details on using hashes here.

Provenance

The following attestation bundles were made for pythonbpf-0.1.2-py3-none-any.whl:

Publisher: python-publish.yml on varun-r-mallya/Python-BPF

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page