https://github.com/bpfsnoop/bpfsnoop

Modernized kernel functions, kernel tracepoints and bpf progs tracing tool for the bpf era.
https://github.com/bpfsnoop/bpfsnoop

bpf bpflbr bpfsnoop ebpf fgraph funcgraph last-branch-record lbr

Last synced: 1 day ago
JSON representation

Modernized kernel functions, kernel tracepoints and bpf progs tracing tool for the bpf era.

• Host: GitHub
• URL: https://github.com/bpfsnoop/bpfsnoop
• Owner: bpfsnoop
• License: apache-2.0
• Created: 2024-10-23T13:34:52.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2026-02-08T15:49:48.000Z (8 days ago)
• Last Synced: 2026-02-08T21:58:34.614Z (7 days ago)
• Topics: bpf, bpflbr, bpfsnoop, ebpf, fgraph, funcgraph, last-branch-record, lbr
• Language: Go
• Homepage: https://bpfsnoop.com
• Size: 3.66 MB
• Stars: 135
• Watchers: 5
• Forks: 15
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          


# bpfsnoop

![](./img/logo.png)

`bpfsnoop` is a modernized kernel functions, kernel tracepoints and bpf programs tracing tool for the bpf era.

## Features and Usages

Please check [bpfsnoop.com](https://bpfsnoop.com) for more details.

## Acknowledgments

- [cilium/ebpf](https://github.com/cilium/ebpf) for interacting with bpf subsystem.

- [daludaluking/addr2line](https://github.com/daludaluking/addr2line) for translating addresses to file and line number by parsing debug info from vmlinux.

- [bpfsnoop/gapstone](https://github.com/bpfsnoop/gapstone) for disassembling machine native instructions.

- [jschwinger233/elibpcap](github.com/jschwinger233/elibpcap) for injecting pcap-filter expressions to bpf stubs.

## License

This project is licensed under the Apache-2.0 License - see the [LICENSE](LICENSE) file for details.