bpfvet: analyzes compiled .bpf.o files and reports minimum kernel version, helpers, maps, and portability issues

April 20, 2026
ailawstreaminghardware
Close-up of a person writing in an outdoor logbook on a table.
Photo by Connor Scott McManus on Pexels

What is bpfvet?

bpfvet is a compact static analyzer for compiled eBPF object files that tells you, bluntly, what kernel you actually need. Drop in a .bpf.o and it reports minimum kernel version, required helpers and map types, BTF/CO‑RE usage, data transport (RingBuf, PerfEventArray, etc.), and flags non‑portable direct accesses to kernel structs. It has been reported that the tool runs on macOS, Linux and Windows without root — handy for CI runners and laptops alike.

Key features and example output

The tool works on compiled ELF, not source. That means language-agnostic workflows are supported: C, Rust, Go, Zig — whatever emits BPF ELF with BTF. Example output shows a minimum kernel (e.g., 5.8), helper introduction versions, map summaries, and per-program memory access classification. It will also emit warnings like “Direct access to kernel struct field… Use BPF_CORE_READ()” when CO‑RE relocations are missing. Want machine-readable output? There’s --json for CI gates; you can make a build fail with a one-liner and jq.

Portability, CI and developer relief

Why should you care? Because nothing stings like shipping a perfectly fine eBPF program that silently crashes on older kernels. bpfvet gives you the emotional moment up front: compatibility problems are exposed early, not after deployment. Use it to compare multiple .bpf.o variants side‑by‑side and enforce minimum kernel targets in GitHub Actions, GitLab CI, or Makefiles. Who hasn’t been bitten by surprise kernel incompatibilities? This tool is basically a heads‑up before the pager goes off.

How it works and where it’s headed

Under the hood bpfvet parses the ELF with cilium/ebpf and never loads anything into the kernel — it’s pure static analysis. Prebuilt binaries are available, or you can go the Go 1.24+ build route. The roadmap lists finer-grained source-line mapping via BTF, improved CO‑RE reporting, and broader transport detection. For teams wrestling with multi‑tier kernel support, this looks like a pragmatic, low-friction helper. Check the project on GitHub if you want to try it out or plug it into CI.

Sources: github.com/boratanrikulu, Lobsters