Reduced Python frontend for eBPF

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for varun-r-mallya from gravatar.com varun-r-mallya

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache-2.0
  • Author: r41k0u
  • Requires: Python >=3.8
Report project as malware

Project description

Python-BPF

This is an LLVM IR generator for eBPF programs in Python. We use llvmlite to generate LLVM IR from pure Python. This is then compiled to LLVM object files, which can be loaded into the kernel for execution. We do not rely on BCC to do our compilation.

DO NOT USE IN PRODUCTION. IN DEVELOPMENT.

Video Demo

Video demo for code under demo/

Slide Deck

Slide deck explaining the project

Installation

  • Have clang installed.
  • pip install pythonbpf

Usage

# pythonbpf_example.py
from pythonbpf import bpf, map, bpfglobal, section, compile
from pythonbpf.helpers import bpf_ktime_get_ns
from pythonbpf.maps import HashMap

from ctypes import c_void_p, c_int64, c_int32, c_uint64

@bpf
@map
def last() -> HashMap:
    return HashMap(key=c_uint64, value=c_uint64, max_entries=1)

@bpf
@section("tracepoint/syscalls/sys_enter_execve")
def hello(ctx: c_void_p) -> c_int32:
    print("entered")
    return c_int32(0)

@bpf
@section("tracepoint/syscalls/sys_exit_execve")
def hello_again(ctx: c_void_p) -> c_int64:
    print("exited")
    key = 0
    tsp = last().lookup(key)
    print(tsp)
    ts = bpf_ktime_get_ns()
    return c_int64(0)

@bpf
@bpfglobal
def LICENSE() -> str:
    return "GPL"

def some_normal_function():
    print("normal function")

# compiles and dumps object file in the same directory
compile()
  • Run python pythonbpf_example.py to get the compiled object file that can be then loaded into the kernel.

Development

  • Make a virtual environment and activate it using python3 -m venv .venv && source .venv/bin/activate.
  • Run make install to install the required dependencies.
  • Run make to see the compilation output of the example.
  • Run check.sh to check if generated object file passes through the verifier inside the examples directory.
  • Run make in the examples/c-form directory to modify the example C BPF program to check the actual LLVM IR generated by clang.

Development Notes

  • Run ./check.sh check execve2.o; in examples folder to check if the object code passes the verifier.
  • Run ./check.sh run execve2.o; in examples folder to run the object code using bpftool.

Authors

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for varun-r-mallya from gravatar.com varun-r-mallya

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache-2.0
  • Author: r41k0u
  • Requires: Python >=3.8

Release history Release notifications | RSS feed

0.1.8

0.1.7

0.1.6

0.1.5

0.1.4

This version

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pythonbpf-0.1.3.tar.gz (28.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pythonbpf-0.1.3-py3-none-any.whl (31.9 kB view details)

Uploaded Python 3

File details

Details for the file pythonbpf-0.1.3.tar.gz.

File metadata

  • Download URL: pythonbpf-0.1.3.tar.gz
  • Upload date:
  • Size: 28.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for pythonbpf-0.1.3.tar.gz
Algorithm Hash digest
SHA256 89ef2291ee808ea594e3fa8d302854e4b1710fcea4540353d80dab129c9434d5
MD5 6afe8d15ccbb4f16a18fc5d8efe056a9
BLAKE2b-256 1aca5342263ca61bbbd87aee08c4e2ac8e5ea2636e6e383f28636aa715eefa64

See more details on using hashes here.

Provenance

The following attestation bundles were made for pythonbpf-0.1.3.tar.gz:

Publisher: python-publish.yml on varun-r-mallya/Python-BPF

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file pythonbpf-0.1.3-py3-none-any.whl.

File metadata

  • Download URL: pythonbpf-0.1.3-py3-none-any.whl
  • Upload date:
  • Size: 31.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for pythonbpf-0.1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 63917df8f5364ccc76ad4c993f1ef6e0968f314f19470f417813683da28fffc0
MD5 a42d798061c9d252265e8d7091fa2954
BLAKE2b-256 48dca6307d55a389d96d4628db3ffa59bae389f30a113e0e4389388f2d8d89d2

See more details on using hashes here.

Provenance

The following attestation bundles were made for pythonbpf-0.1.3-py3-none-any.whl:

Publisher: python-publish.yml on varun-r-mallya/Python-BPF

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page