Goya is an eBPF framework which uses Aya Framework for kernel space (In Rust) and Cilium library (In Go) for user space.

You need an Aya environment, go lang and task cli installed. You also can test on an online lab.

If you want to test with docker, you can type:

docker run --rm -it --name goya \
                    --privileged \
                    --network host \
                    -w /host/root/ \
                    -v /:/host \
                    -v /sys/kernel/debug:/sys/kernel/debug \
                    littlejo/aya:goya bash

• More info in Dockerfile

Now generate a new XDP project:

cargo generate --name goya-xdp \
               -d program_type=xdp \
               -d default_iface=veth0 \
               https://github.com/goya-rs/goya-template

Compile and install the XDP "hello world" program:

cd goya-xdp/
task

If you need to attach the program to another interface, you can run:

task HOOK=veth1

If you want to test with docker, you can type:

docker run --rm -it --name goya \
                    --privileged \
                    --network host \
                    -w /host/root/ \
                    -v /:/host \
                    -v /sys/kernel/debug:/sys/kernel/debug \
                    littlejo/aya:goya bash

• More info in Dockerfile

cargo generate --name goya-ebpf \
               https://github.com/goya-rs/goya-template

• Select the eBPF program and hooks:

• Once code generated, Compile and install the eBPF "hello world" program:

cd goya-ebpf/
task

There are two important directories:

• $project-ebpf (e.g. goya-xdp-ebpf): This directory contains the Rust Aya code that generates the eBPF kernel-space program. For more information, you can read the Aya book.
• $project-go (e.g. goya-xdp-go): This directory contains the Go code (using Cilium libraries) that loads the eBPF binary into the Linux kernel.

• Currently works only with:
  • XDP programs
  • classifier programs
  • kprobe and kretprobe programs
  • btf tracepoint programs
  • tracepoint programs
  • uprobe and uretprobe programs
  • LSM programs
• You can't use bpf_probe_read_user_str_bytes helper function (load program: invalid argument: Global function memcpy() doesn't return scalar. Only those are supported. (2 line(s) omitted)) (ISSUE: 35)
• You can't use bpf_probe_read_kernel_str_bytes helper function (load program: invalid argument: Global function memcpy() doesn't return scalar. Only those are supported. (2 line(s) omitted)) (ISSUE: 35)

The cargo generate command comes from the cargo-generate crate. It uses boilerplates (see the templating documentation) to generate code.

This project uses the Goya template, which is a fork of the original Aya template.

With Aya, you normally just need to run cargo run to create your eBPF program. However, since this project involves both Rust and Go, I need a different solution to compile everything in a single command.

Taskfile is a modern replacement for Makefile.

The task command mainly performs the following steps:

• Runs cargo run to generate the kernel-space eBPF program and copies it into the $project-go/.ebpf directory.
• Runs go run . inside the $project-go directory to load the eBPF binary into the kernel (with cilium go library) and retrieve Aya logs (using a ring buffer map).

For more details, see the Taskfile.