PythonBPF Documentation

Welcome to PythonBPF - a Python frontend for writing eBPF programs without embedding C code. PythonBPF uses llvmlite to generate LLVM IR and compiles directly to eBPF object files that can be loaded into the Linux kernel.

Note

This project is under active development.

What is PythonBPF?

PythonBPF is an LLVM IR generator for eBPF programs written in Python. It provides:

• Pure Python syntax - Write eBPF programs in Python using familiar decorators and type annotations

• Direct compilation - Compile to LLVM object files without relying on BCC

• Full eBPF features - Support for maps, helpers, global definitions, and more

• Integration with libbpf - Works with pylibbpf for object loading and execution

Quick Example

Here’s a simple “Hello World” BPF program that traces process creation:

from pythonbpf import bpf, section, bpfglobal, BPF, trace_pipe
from ctypes import c_void_p, c_int64

@bpf
@section("tracepoint/syscalls/sys_enter_execve")
def hello_world(ctx: c_void_p) -> c_int64:
    print("Hello, World!")
    return 0

@bpf
@bpfglobal
def LICENSE() -> str:
    return "GPL"

b = BPF()
b.load()
b.attach_all()
trace_pipe()

Features

• Generate eBPF programs directly using Python syntax

• Compile to LLVM object files for kernel execution

• Built with llvmlite for IR generation

• Supports maps, helpers, and global definitions for BPF

• Companion project: pylibbpf, which provides bindings for libbpf

Table of Contents

Getting Started

• Getting Started
  • What You’ll Learn
  • Prerequisites
  • Next Steps
  • Need Help?
• Installation
  • Prerequisites
  • Installing PythonBPF
  • Generating vmlinux.py
  • Verifying Installation
  • Troubleshooting
  • Next Steps
• Quick Start
  • Your First BPF Program
  • Understanding the Code
  • Next Example: Tracking Process IDs
  • Common Patterns
  • Best Practices
  • Common Issues
  • Next Steps

User Guide

• User Guide
  • Overview
  • Core Concepts
  • Code Organization
  • Type System
  • Example Structure
  • Next Steps
• Decorators
  • @bpf
  • @section
  • @map
  • @struct
  • @bpfglobal
  • Combining Decorators
  • Best Practices
  • Common Errors
  • Next Steps
• BPF Maps
  • Map Types
  • Using Maps with Structs
  • Accessing Maps from Userspace
  • Common Patterns
  • Troubleshooting
  • Examples
  • Next Steps
• BPF Structs
  • Defining Structs
  • Field Types
  • Using Structs
  • Field Access and Modification
  • StructType Class
  • Complex Examples
  • Troubleshooting
  • Reading Struct Data in Userspace
  • Next Steps
• Compilation
  • Overview
  • Compilation Functions
  • Complete Example
  • Compilation Pipeline Details
  • Debugging Compilation
  • Compilation Options
  • Working with Compiled Objects
  • Troubleshooting
  • Next Steps
• Helper Functions and Utilities
  • BPF Helper Functions
  • Userspace Utilities
  • Helper Function Examples
  • Troubleshooting
  • Examples
  • Next Steps

API Reference

• API Reference
  • Module Overview
  • Public API
  • Decorators
  • Compilation Functions
  • Utilities
  • Map Types
  • Helper Functions
  • Type System
  • Examples
  • See Also

Links

• GitHub Repository: pythonbpf/Python-BPF

• PyPI Package: pythonbpf

• Video Demo: YouTube

License

PythonBPF is licensed under the Apache License 2.0.

Indices and tables

• Index

• Module Index

• Search Page