Home

eBPF is a technology that allows running user-supplied programs inside the Linux kernel. For more info see the "What is eBPF?" documentation.

Aya is an eBPF library built with a focus on operability and developer experience. It does not rely on libbpf nor bcc - it's built from the ground up purely in Rust, using only the libc crate to execute syscalls. With BTF support and when linked with musl, it offers a true compile once, run everywhere solution, where a single self-contained binary can be deployed on many linux distributions and kernel versions.

Some of the major features provided include:

• Support for the BPF Type Format (BTF), which is transparently enabled when supported by the target kernel. This allows eBPF programs compiled against one kernel version to run on different kernel versions without the need to recompile.
• Support for function call relocation and global data maps, which allows eBPF programs to make function calls and use global variables and initializers.
• Async support with both tokio and async-std.
• Easy to deploy and fast to build: aya doesn't require a kernel build or compiled headers, and not even a C toolchain; a release build completes in a matter of seconds.

Who's Using Aya

Deepfence is using Aya with XDP/TC as their packet filtering stack. See more here.

Exein is using Aya in Pulsar, a Runtime Security Observability Tool for IoT. See more here.

The Kubernetes Special Interest Groups (SIGs) are using Aya to develop Blixt, a load-balancer that supports the development and maintenance of the Gateway API project.

Red Hat is using Aya to develop bpfman, an eBPF program loading daemon.