explaingit

aya-rs/aya

4,542RustAudience · developerComplexity · 4/5LicenseSetup · hard

TLDR

A Rust library for writing Linux kernel programs using eBPF, letting you observe system activity, filter network packets, or enforce security policies without modifying the kernel or rebooting, with no C compiler required.

Mindmap

mindmap
  root((Aya eBPF))
    What it does
      Kernel programming
      No C required
    Capabilities
      Network packet filter
      Syscall monitoring
      Security policies
    Key features
      Compile once run anywhere
      Async with tokio
      BTF support
    Audience
      Rust developers
      Systems programmers
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Build a network packet filter that inspects or drops traffic at the kernel level without writing any C code.

USE CASE 2

Monitor system calls and kernel events in real time using eBPF probes written entirely in Rust.

USE CASE 3

Create a security enforcement tool that restricts process behavior using eBPF hooks compiled once and deployed across many kernel versions.

USE CASE 4

Attach an async event handler to kernel activity using Rust's tokio runtime for high-throughput eBPF programs.

Tech stack

RusteBPFtokioasync-stdmusl

Getting it running

Difficulty · hard Time to first run · 1h+

Requires a Linux environment with eBPF support, no C compiler needed, but familiarity with Linux kernel concepts is assumed.

Dual-licensed MIT or Apache 2.0, choose either, both allow commercial use and redistribution with minimal restrictions.

In plain English

Aya is a Rust library for writing programs that run inside the Linux kernel using a technology called eBPF. eBPF lets you attach small programs to points in the kernel to observe system activity, filter network packets, or enforce security policies, all without modifying the kernel itself or rebooting. The library is aimed at Rust developers who want to build these kinds of tools without dealing with the C-based toolchains that most eBPF workflows normally require. Unlike similar tools, Aya does not depend on existing C libraries such as libbpf or bcc. It is written entirely in Rust, using only the operating system's own interface layer to communicate with the kernel. One practical benefit is that a program compiled with Aya and linked against musl (a small C standard library alternative) can be built once and then deployed on many different Linux kernel versions without recompiling, a feature the project calls compile once, run everywhere. The library supports several notable capabilities. BPF Type Format (BTF) lets programs compiled against one kernel version run on a different kernel version transparently. There is support for function calls and global variables inside eBPF programs. Aya also integrates with Rust's async runtimes, specifically tokio and async-std, for programs that need to handle events asynchronously. Build times are kept short because there is no requirement for kernel headers or a C compiler. A short code example in the README shows how to load a compiled eBPF object file, retrieve a specific program from it, load that program into the kernel, and attach it to a network control group to inspect incoming packets. This pattern covers the typical workflow for most eBPF-based tools built with the library. Aya is licensed under either the MIT license or the Apache License 2.0, and contributors can choose either when submitting code. A Discord community and a curated list of projects built with the library are both linked from the repository.

Copy-paste prompts

Prompt 1
Using the Aya Rust library, write an eBPF program that logs every TCP connection attempt on a Linux system.
Prompt 2
Help me set up an Aya Rust project and load a compiled eBPF object file to attach it to a network control group.
Prompt 3
Write a Rust program with Aya that counts syscalls per process and exposes the counts to user space via a BPF map.
Prompt 4
How do I use Aya with tokio to receive async notifications from an eBPF program when specific kernel events occur?
Prompt 5
Build a minimal Aya example that blocks incoming packets on a specific port using an XDP program.
Open on GitHub → Explain another repo

← aya-rs on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.