Unit Definition

The unit keyword is used to define a BPF program unit (eBPF program). Each unit represents a single eBPF program that can be attached to various kernel hooks.

Basic Syntax

unit program_name {
    // program body
}

Complete Example

unit example_program {
    section: "tracepoint/syscalls/sys_enter_execve";
    license: "GPL";

    // program logic here
    reg result = 0;
    return result;
}