Abstract
eBPF is a mechanism for running sandboxed programs in the Linux kernel. It’s used mostly for packet filtering, tracing and implementing security policies. Aya is a library which allows people to use that technology, using Rust as a programming language.
However, there are some areas of eBPF where Aya needs to catch up in terms of feature parity. One of them is BTF (BPF Type Format), which is a compact debug format used by the Linux kernel for accessing structure fields. This way, eBPF programs can be compiled once of all kernel versions, which makes deployment of eBPF-based projects much easier. Last but not least, BTF allows for easier debugging of BPF programs - thanks to it, we can see a stack trace when an eBPF program fails to load.
In this talk, we will delve into the recent advancements made towards supporting the BTF (BPF Type Format) debug format within Aya and bpf-linker. We are going to explain how BTF is generated, what’s the role of LLVM there and what we had to do in order to generate appropriate BTF information for Rust programs.
