Goby: A Simple CLI to Bootstrap Your eBPF Projects
When getting started with eBPF, learning the concepts is just one part of the challenge—the other is setting up your development environment and run some code.
And after working with eBPF for a while, I noticed that many small eBPF projects follow the same repetitive pattern.
There’s kernel code, there’s user space code and there’s a Makefile to ease the compile, load and attachment of my eBPF project.
So I thought, why not automate this? Why make newcomers deal with boilerplate just to run a simple 5-line eBPF program?
And this is exactly what I did with Goby and now you can too.
Goby was born from the idea that most small eBPF projects always include some code that rarely changes and remains the same across example projects.
Automating this process wouldn’t just save me time by eliminating the need to rewrite boilerplate code—it could also help newcomers.
With any project, you want to get up and running quickly.
The reality is that most of us do it this way—get some code running first, then work backward to understand how it works, refine it, and learn from mistakes.
Goby removes many of these hurdles, letting you focus on your program logic rather than debugging boilerplate issues while trying to achieve a simple goal—running an eBPF program.
That’s exactly why I created Goby.
So what does Goby really do?
While Goby is simple and currently supports only a single command, I figured sharing it wouldn’t hurt.
Essentially, it generates a set of files to speed up the initial setup of an eBPF Golang project.
I hope I don’t disappoint too many people, but the tool simply bootstraps an eBPF project structure using the ebpf-go library.
Namely, it generates:
program.bpf.c: A file where you can add your eBPF kernel code.main.go: A Golang main program to load and attach your eBPF programs.vmlinux.h: A header file generated with bpftool, used in the eBPF kernel program for interacting with various kernel structs.Makefile: A wrapper around Go commands to easily initialize, generate, build, and run your eBPF programs.
These files aren’t empty—they contain just enough code so you can focus on your application logic, whether that’s attaching a tracepoint or reading kernel event data through the eBPF ring buffer.
The use case is up to you, but I’ve made it a bit easier by including helpful code comments to guide you to the right places for different scenarios.
If you’d like to try it out, check out my GitHub repository, where I’ve also included an example project generated with Goby, supplemented with eBPF tracepoint code.
Getting started with eBPF really shouldn’t be that hard!
⏪ Did you miss the previous issues? I'm sure you wouldn't, but JUST in case:
I hope you find this resource helpful. Keep an eye out for more updates and developments in eBPF in next week's newsletter.
Until then, keep 🐝-ing!
Warm regards, Teodor