In the previous post, I wrote about what eBPF is and the network latency tool that we are going to write.

This post will walk you through the tools you need to follow along.

Preliminary Requirements

Let’s quickly discuss what we need to start.

The Operating System And Hardware

I have chosen to go with an Ubuntu 20.04.6 LTS machine with these specs:

  • 4GB RAM
  • Intel CPU with 2 cores

Don’t stress over the hardware. The eBPF programs can run on any hardware as long as it can run Linux.

Ubuntu Packages

Install the following packages to be able to compile and run eBPF programs:

  1. The headers for the Linux kernel, required for building eBPF programs against specific kernel versions.

    sudo apt install linux-headers-$(uname -r)
  2. The libbpfcc library that provides a higher-level interface to write and compile eBPF programs. It includes tools and utilities for eBPF development.

    sudo apt install libbpfcc-dev
  3. The libbpf library that provides a low-level interface to interact with eBPF programs and maps. It offers functions for loading, verifying, and executing eBPF programs.

    sudo apt install libbpf-dev
  4. The llvm that is a collection of modular and reusable compiler and toolchain technologies. It includes the LLVM infrastructure required for eBPF program compilation.

    sudo apt install llvm
  5. The clang compiler front end for the C and C++ programming languages. It includes support for compiling eBPF programs.

    sudo apt install clang
  6. The gcc-multilib package allows you to compile and build software for multiple architectures on a single machine. It provides support for generating executables and libraries for different target architectures. If you plan to develop or build software that targets multiple architectures, you can install this package.

    sudo apt install gcc-multilib
  7. The build-essential package is a collection of essential packages and tools required for building software on Ubuntu. It includes the GCC compiler, essential libraries, and build-related utilities like make. Although not specifically related to eBPF development, it can be handy to have build-essential installed for general development purposes.

    sudo apt install build-essential
  8. The linux-tools provides you access to a range of tools that can be useful for kernel-level development, performance analysis, and troubleshooting on your Ubuntu system. These tools can assist you in working with eBPF programs and other kernel-related tasks. A prime example of one these tools is our beloved perf.

    sudo apt install linux-tools-$(uname -r)
  9. The bpftool is a command line utility that is part of the BPF (Berkeley Packet Filter) subsystem in the Linux kernel. It allows users to interact with and manage eBPF programs, maps, and other BPF-related entities. We will use this tool later on. Read more about it here.

    sudo apt install linux-tools-common \
                     linux-tools-generic \
                     linux-tools-$(uname -r)

Here are all the required commands for your convenience:

sudo apt install linux-headers-$(uname -r) \
                 libbpfcc-dev \
                 libbpf-dev \
                 llvm \
                 clang \
                 gcc-multilib \
                 build-essential \
                 linux-tools-$(uname -r) \
                 linux-tools-common \

Other Software Requirements

We also need to install the Go or Golang language. My favorite and recommended way to install it is as follows:

sudo add-apt-repository ppa:longsleep/golang-backports
sudo apt update
sudo apt install golang-go

This way, we can always stay up-to-date with the new releases whenever we use a tool like sysupdate.

We are all set. You also need an IDE or text editor. Although I personally use vscode, you are welcome to use whatever makes you most productive.

Go packages

Throughout our project, we will use these Go packages:

  1. netlink: netlink is the interface a user space program in Linux uses to communicate with the kernel. It can be used to add and remove interfaces, set IP addresses and routes, and configure IPsec. Netlink communication requires elevated privileges, so in most cases, the code using this library needs to be run as root.

  2. gopacket: gopacket allows you to efficiently capture, decode, and analyze network packets. This package is useful for network monitoring, packet crafting, and network security applications.

  3. gopacket/layers: layers provides functions for creating and manipulating network layer headers, as well as utility functions for working with IP addresses, IP protocol numbers, and other network-related data.

  4. ebpf: ebpf offers a high-level API to eBPF programs and maps, which allows us to interact with them from our Go application. It includes functions for loading, compiling and also attaching eBPF programs to various hooks in the kernel, as well as accessing eBPF maps. Additionally, it ships bpf2go which is a command line utility that generates Go bindings for eBPF programs. It compiles the C code into eBPF bytecode and then embeds it in a Go file.

  5. ebpf/perf: perf provides a set of tools for submitting custom perf_events to a ring-buffer set up by user space enabling us to send and receive data from the kernel space program and user space program using eBPF maps.

  6. unix: unix includes packages for working with Unix domain sockets, process management, and other Unix-specific features. These packages are useful when we need to interact with Unix systems or when porting Unix-specific code to Go.

They can be installed using:

go get github.com/vishvananda/netlink
go get github.com/google/gopacket
go get github.com/google/gopacket/layers
go get github.com/cilium/ebpf
go get github.com/cilium/ebpf/perf
go get golang.org/x/sys/unix

You do not need to install them just yet. I will cover these in the next post.

The eBPF Ecosystem

The eBPF ecosystem is constantly evolving and there is a probable chance that an exact replica of what I demonstrate here would not work some time down the line.

I will list the OS, software versions and libraries at the time of this writing here:

  • OS: Ubuntu 20.04.6 Focal LTS
  • Kernel: 5.15.0-1038
  • Go: 1.20.6 linux/amd64
  • eBPF package: v0.11.0
  • gopacket package: v1.1.19
  • netlink package: v1.1.0
  • bpftool: v5.15.98
  • LLVM: 10.0.0
  • Clang: 10.0.0 x86_64-pc-linux-gnu
  • GCC: 9.4.0

Nonetheless, don’t let that discourage you into thinking what you will learn today is going to be obsolete in the future. The principals remain the same.

What’s next?

In the next post, I will show you how to structure your eBPF project and then we will start writing some code!

Stay tuned and thanks for reading