BPF from Scratch in Rust
a year ago
- #Linux Kernel
- #BPF
- #Rust
- Yeet is a dynamic runtime for BPF programs on the Linux kernel.
- BPF (Berkeley Packet Filter) is a virtual machine that allows safe kernel behavior modification.
- The article demonstrates writing a minimal BPF program in Rust without macros or frameworks.
- The BPF program hooks into a tracepoint (sys_enter_nanosleep), increments a counter, and prints a message.
- The Rust toolchain is configured to target BPF with specific flags for debug info and BTF support.
- The example includes inline BPF assembly to interact with the kernel directly.
- Yeet provides a CLI and daemon (yeetd) to manage and run BPF programs dynamically.
- The program is registered and started using yeet commands, with output visible via trace logs.
- The article explains the BPF verifier and how the program passes its checks.
- Yeet offers a sandbox for safe BPF experimentation and a package manager for pre-made BPF packages.