eBPF is a technology that allows running user-supplied programs inside the Linux kernel. For more info see the "What is eBPF?" documentation.
Aya is an eBPF library built with a focus on operability and developer experience. It does not rely on libbpf nor bcc - it's built from the ground up purely in Rust, using only the libc crate to execute syscalls. With BTF support and when linked with musl, it offers a true compile once, run everywhere solution, where a single self-contained binary can be deployed on many linux distributions and kernel versions.
Some of the major features provided include:
- Support for the BPF Type Format (BTF), which is transparently enabled when supported by the target kernel. This allows eBPF programs compiled against one kernel version to run on different kernel versions without the need to recompile.
- Support for function call relocation and global data maps, which allows eBPF programs to make function calls and use global variables and initializers.
- Async support with both tokio and async-std.
- Easy to deploy and fast to build: aya doesn't require a kernel build or compiled headers, and not even a C toolchain; a release build completes in a matter of seconds.
Who's Using Aya
Deepfence are using Aya with XDP/TC as their packet filtering stack. See more here.
Exein are using Aya in Pulsar, a Runtime Security Observability Tool for IoT. See more here.
Parca are using Aya to write the BPF component of their profiler. See more here.
Red Hat are using Aya to develop bpfd, an eBPF program loading daemon.