// the find
foniod/redbpf
Rust library for building and running BPF/eBPF modules
RedBPF is a Rust toolchain for writing eBPF programs — both the kernel-side probes and the userspace loader — without touching C. It covers the full range of program types (kprobes, XDP, tracepoints, tc actions, socket filters) and map types, with a cargo subcommand that handles the LLVM bitcode pipeline. Target audience is systems engineers who want Rust's type safety in eBPF but don't want to write a custom build system.
The procedural macro API (#[kprobe], #[xdp], #[map]) is genuinely ergonomic — it hides the ELF section naming and attribute boilerplate that makes raw libbpf C painful. BTF support for maps and vmlinux-based binding generation means you can write CO-RE-style probes without hand-maintaining kernel struct definitions. The split between redbpf-probes (kernel side) and redbpf (userspace loader) is architecturally clean. Docker build images for x86-64 and aarch64 across five distros make CI setup tractable.
Dead since June 2023 — the eBPF space moved fast and Aya (pure Rust, no LLVM dependency) has largely eclipsed it; adopting RedBPF today means inheriting a toolchain that requires pinning LLVM 13 and a specific rustc, and nobody is fixing it when it breaks. The LLVM version coupling is a genuine production hazard: if your rustc ships LLVM 16+, cargo-bpf silently produces bad bytecode until something explodes at load time. No async tokio integration in the userspace library — perf event streams exist but wiring them into an async runtime is left to the user. The tutorial and docs reference Ubuntu 20.04 and Fedora 35, which signals how stale the maintenance is.