qmonnet
commented
1 year ago Hi, no it does not support kprobes or uprobes. This project is a Rust implementation of an eBPF runtime, but it does not include any attach point. To run a program, you need to explicitly call the library function, and to pass it the memory you want to use as a context.
This is different from what Linux does, for example. The kernel has an eBPF interpreter and a JIT-compilers, which rbpf tries to replicate; but the kernel also has access to all the memory of the system and can attach probes to kernel or user space function. You would have to implement something similar to handle the probes, likely as a kernel module to have access to kernel context, if you wanted to replicate kprobes/uprobes with rbpf.
Similarly, rbpf does not attach programs to network interfaces. You could write a program that receives packets from a socket and run an eBPF program on them, for example. But rbpf itself is just a library to run user programs on a memory area provided by the user.
liyan-ah
I'm new in BPF. Does this rbpf support kprobe and uprobe? If support uprobe, does it has context switch issues?