This is a modified port of the Berkeley Packet Filter (BPF) infrastructure from the Linux kernel to the userspace as a shared library. It is derived from early stages of the RFC patchset and hence may have a few bugs. The goal of this library is pure experimentation and performance analysis for tracing tools only. Support for maps and packet filtering specific instructions has been removed. Before using the library, please make sure your use-case allows GPLv2 licenses.
This library used CMake build system. Make sure you have cmake
version > 2.8
installed on your system. This can usually be done on Fedora by a simple,
$ dnf install cmake
Proceed to your build
directory and then,
$ cd build
$ cmake ../
$ make
You can either give raw BPF instructions inside your target program or use the compiled
filter binary. The examples
directory contains a simple C-style BPF filter.c
file which
is compiled to filter.bpf
binary. The target program can use a similar style as shown in
filter_test.c
to load and use the filter binary. Over the time this will probably be made easier,
with BPF being generated by a script invoking a small compiler and verifying the generated bytecode.
LLVM BPF backend developed by Alexei is provided in the tools
directory. A BPF target for LLVM
has been upstreamed already but the backend is provided here as well.