Skip to content

feat(examples): ebpf-go validation recipe — loader example + cookbook#72

Merged
ErenAri merged 1 commit into
mainfrom
feat/ebpf-go-recipe
Jul 1, 2026
Merged

feat(examples): ebpf-go validation recipe — loader example + cookbook#72
ErenAri merged 1 commit into
mainfrom
feat/ebpf-go-recipe

Conversation

@ErenAri

@ErenAri ErenAri commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Turns the "test ELFs against ebpf-go" caveat into a first-class recipe. ebpf-go is libbpf-compatible for the features it supports but is a separate loader implementation that trails libbpf — so a libbpf load-pass does not guarantee an ebpf-go load-pass. Projects shipping with ebpf-go should validate through ebpf-go; command mode makes that a one-binary recipe.

What's included

  • examples/ebpf-go-loader — ~50-line static loader (CGO_ENABLED=0): loads a .bpf.o via ebpf.NewCollection, prints the full verifier log on rejection, exit code = verdict. Standalone Go module, so cilium/ebpf stays out of the main module's govulncheck/license surface.
  • docs/ebpf-go-validation.md — cookbook: static build, test-command CLI + GitHub Action snippets, real-run matrix, how to extend the loader with project invariants.
  • README: linked from the command-mode section + doc map.
  • CI: compiles the standalone module (root go build ./... skips it).

Verified with a real run

test-command shipping this loader with ringbuf_modern.bpf.o across the version-lies trio (real QEMU/KVM):

Kernel ebpf-go verdict
ubuntu-20.04-5.4 ❌ exit 1 — map events: map create: invalid argument
almalinux-8-4.18 ✅ exit 0 — loaded 1 program, 1 map (RHEL ringbuf backport)
ubuntu-22.04-5.15 ✅ exit 0

libbpf load/attach reported skipped on all three — the verdict is entirely ebpf-go's.

🤖 Generated with Claude Code

ebpf-go (cilium/ebpf) is a separate loader implementation that trails
libbpf's feature set, so a libbpf load-pass does not guarantee an
ebpf-go load-pass on the same kernel. Projects that ship with ebpf-go
should validate through ebpf-go — command mode makes that a one-binary
recipe.

- examples/ebpf-go-loader: ~50-line static loader (CGO_ENABLED=0) that
  loads a .bpf.o via ebpf.NewCollection, prints the verifier log on
  rejection, exit code = verdict. Standalone Go module so cilium/ebpf
  stays out of the main module's dependency surface.
- docs/ebpf-go-validation.md: cookbook (build static, test-command CLI
  + GitHub Action snippets, real-run matrix, extension notes).
- README: recipe linked from the command-mode section + doc map.
- ci.yml: compile the standalone example module (root go build ./...
  does not see it).

VERIFIED with a real run (3 VMs, test-command, ringbuf_modern.bpf.o):
ubuntu-20.04-5.4 exit 1 ("map events: map create: invalid argument"),
almalinux-8-4.18 exit 0, ubuntu-22.04-5.15 exit 0 — the version-lies
contrast through the ebpf-go loader path, libbpf phase skipped.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings July 1, 2026 23:39

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

@ErenAri ErenAri merged commit 7eed351 into main Jul 1, 2026
8 of 9 checks passed
@ErenAri ErenAri deleted the feat/ebpf-go-recipe branch July 1, 2026 23:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants