eBPF
eBPF is a technology that can run sandboxed programs in a privileged context such as the operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel at runtime without requiring to change kernel source code or load kernel modules.
- GitHub: https://github.com/topics/ebpf
- Wikipedia: https://en.wikipedia.org/wiki/EBPF
- Created by: Alexei Starovoitov, Daniel Borkmann
- Released: 2014
- Last updated: 2026-06-22 00:09:11 UTC
- JSON Representation
https://github.com/dklesev/slidev-theme-ebpf-vienna
eBPF Vienna theme for slidev
ebpf meetup slidev-theme vienna
Last synced: 02 Mar 2026
https://github.com/alexandrelamarre/otelcol-bpf
Open telemetry collector that integrates eBPF scripts for observability
ebpf observability opentelemetry-collector
Last synced: 10 Apr 2025
https://github.com/koukyosyumei/skimxdp
Elevate your network's defenses with the power of scikit-learn and XDP, the dynamic duo of packet filtering.
ebpf machine-learning packet-filtering xdp
Last synced: 01 May 2025
https://github.com/poonai/cgoleak
A ebpf based memory leak detector for CGO program
cgo cgo-bindings ebpf golang memory-leak
Last synced: 26 Jun 2025
https://github.com/keisku/execve-printer
The eBPF program will execute and print a message when the `execve()` system call is invoked
Last synced: 26 Feb 2026
https://github.com/jklaiber/ebpf-bridge
Linux bridge management with ebpf made simple
Last synced: 05 Sep 2025
https://github.com/eunomia-bpf/c-struct-bindgen
Generate C structs serialization-free bindings and marshal / unmarshal functions for JSON (Can be used for pass structs between Wasm and eBPF/host)
ebpf host marshalling serialization wasm webassembly
Last synced: 19 Jun 2025
https://github.com/containerscrew/nflux
Simple network monitoring tool. Powered by eBPF & Rust 🐝
aya bpf ebpf kernel linux linux-tools networking observability packet-capture rust security sniffing tracing traffic-control
Last synced: 24 Oct 2025
https://github.com/atrosinenko/bpfinst-spec
Generic API for different eBPF-based instrumenter engines
Last synced: 24 Apr 2026
https://github.com/esonhugh/ebpf_cilium_doc
unofficial guide of cilium/ebpf library. 非官方 cilium ebpf 库踩坑指南
Last synced: 07 Mar 2026
https://github.com/lumbrjx/ebpf-nta
A simple, portable eBPF C program for analyzing and filtering network traffic on Linux. With a self-cleaning Go-based user-space program including easy setup and cleanup using a Makefile.
c ebpf filtering golang kernel-space linux monitoring networking observability packet tcp traffic-control user-space
Last synced: 26 Oct 2025
https://github.com/ait-aecid/rootkit-detection-ebpf-time-trace
Detection of rootkit file hiding activities through analysis of shifts in kernel function execution times.
anomaly anomaly-detection ebpf hids intrusion-detection kernel-tracing machine-learning rootkit-detection rootkits semi-supervised
Last synced: 10 Apr 2025
https://github.com/gvencadze/tracing-demo
Manifests for different tracing systems + demo-apps
ebpf kubernetes observability tracing
Last synced: 27 Oct 2025
https://github.com/moolen/skouter
🛡️ cloud-native eBPF node egress firewall
Last synced: 21 Apr 2025
https://github.com/asphaltt/ebpf-tuplemerge
A simplified demo of TupleMerge with pure-bpf. License Apache 2.0 & GPL 2.0
ebpf online-packet-classification tuplemerge
Last synced: 12 Jul 2025
https://github.com/rinhizakura/ebpf-strace
A demonstration to show how to trace syscalls by eBPF
Last synced: 24 Aug 2025
https://github.com/eunomia-bpf/bpf-oci
A lib manage wasm-bpf exec as OCI image
Last synced: 28 Feb 2025
https://github.com/vazw/simple-firewall
simple firewall a simple kernel level firewall using aya-ebpf
aya ebpf ebpf-programs firewall xdp xdp-acl
Last synced: 14 Oct 2025
https://github.com/minj-ae/tinyxdp
Strict traffic overload control XDP program for endpoint, suitable for getting rid of DDoS packets
ddos-mitigation ebpf endpoint-security xdp
Last synced: 20 Feb 2026
https://github.com/astrid-project/lcp
In each local agent, the control plane is responsible for programmability, i.e., changing the behaviour of the data plane at run-time.
agent beats control data ebpf elasticsearch log logstash management programmability security
Last synced: 06 Apr 2025
https://github.com/s5uishida/simple_measurement_of_upf_performance_6
Simple Measurement of UPF Performance 6
5g 5gc dpdk ebpf eupf free5gc open5gs performance pfcp proxmox proxmox-ve scapy traffic-generator trex upf upg-vpp vpp xdp
Last synced: 13 Apr 2025
https://github.com/packetstream-llc/ouroboros
ouroboros is a tool to manage and chain multiple eBPF programs together, simplifying complex program flows with `bpf_tail_call`
Last synced: 18 Nov 2025
https://github.com/buanderie/slfw
audit cilium cilium-ebpf ebpf ebpf-programs firewall golang
Last synced: 10 Aug 2025
https://github.com/asphaltt/ping-latency-injector
Inject latency to ping on server side. BSD-3 License
ebpf ebpf-co-re icmp ping ping-latency-injector
Last synced: 18 May 2026
https://github.com/kioubit/l3mp
Multiplex layer 3 tunnels through another layer 3 tunnel (eBPF)
Last synced: 02 Jan 2026
https://github.com/unpackdev/fdb
The (f)db project focuses on building high-performance transport layers atop key-value databases like MDBX. Supporting protocols like QUIC, UDS, TCP, UDP, and Dummy for testing purposes. It aims for ultra-fast, low-latency data transfers, making it ideal (almost) for real-time applications like high-frequency trading.
ebpf gnet golang mdbx otel quic tcp udp uds
Last synced: 04 Jan 2026
https://github.com/datadog/btfhub-online-go
## Auto-archived due to inactivity. ## Golang client to communicate with the BTFHub online server
Last synced: 17 Apr 2025
https://github.com/jalalmostafa/afxdp_perfeval
Performance Evaluation of AF_XDP Communication Patterns
af-xdp daq ebpf latency low-latency performance performance-analysis rdma userspace-libraries userspace-networking xdp-sockets
Last synced: 30 Apr 2025
https://github.com/githubfoam/k8s-cilium-remote-sandbox
k8s cilium eBPF microservice API network security visibility WAF Helm smoke test(cassandra)
cilium ebpf helm k8s smoke-test waf
Last synced: 27 Apr 2026
https://github.com/akiidjk/styx
Styx is a Next-Generation Firewall (NGFW) project designed to provide advanced protection at both the host and application levels. This design is built using modern technologies such as eBPF and XDP, with the goal of providing high performance, flexibility, and a modular architecture.
Last synced: 27 Oct 2025
https://github.com/amirhnajafiz/packet-exporter
Export your system's network packets by eBPF.
docker ebpf go golang packet-capture prometheus
Last synced: 15 Dec 2025
https://github.com/eunomia-bpf/wasm-bpf-rs
A WebAssembly eBPF runtime based on wasmtime in rust
bpf ebpf libbpf wasm wasmtime webassembly
Last synced: 08 May 2026
https://github.com/raw-phil/litm
litm (Logger In The Middle) is a simple CLI tool that captures and logs HTTP/1.1 traffic of a web server using eBPF.
Last synced: 21 Feb 2026
https://github.com/gma1k/snake-ebpf
A nostalgic terminal Snake game powered by eBPF 🐝
Last synced: 17 Dec 2025
https://github.com/Otsmane-Ahmed/KEIP
Kernel-Enforced Install-Time Policies (KEIP): An eBPF/LSM based security tool that detects and blocks malicious network activity during pip install.Kernel-Enforced Install-Time Policies (KEIP): An eBPF/LSM based security tool that detects and blocks malicious network activity during pip install
cybersecurity ebpf linux lsm malware-analysis python security supply-chain-security
Last synced: 07 Apr 2026
https://github.com/assaf-r/aisir
Named after the beautiful loch Aisir in northen Scotland, Aisir is an Ebpf based tool that logs and filters connection to remote IP addresses
ebpf ebpf-programs firewall linux security security-tools
Last synced: 01 Apr 2026
https://github.com/msaadshabir/pci-segment
Go CLI for PCI-DSS network segmentation. Validates YAML policies, enforces via eBPF (Linux) or pf (macOS), syncs to AWS/Azure, and generates compliance reports.
audit-logging aws azure cli compliance ebpf golang network-policy network-seg pci-dss pf security
Last synced: 05 Apr 2026
https://github.com/xujiajiadexiaokeai/ebpf-kube-agent
A eBPF program deployer for kubernetes clusters
agent cilium-ebpf ebpf kubernetes
Last synced: 28 Jan 2026
https://github.com/isovalent/cilium-up-and-running
This repository contains manifests, scripts, and configurations referenced in the O'Reilly book Cilium Up and Running. These resources are intended to help readers experiment with Cilium features, reproduce demonstrations, and deepen their understanding of Kubernetes networking, security, and observability.
cilium ebpf kubernetes networking observability security
Last synced: 17 Jul 2025
https://github.com/cirocosta/execsnoopvis
visualize system-wide process execution
Last synced: 28 Jun 2025
https://github.com/bpf-endeavor/servant
Servant combines uBPF and AF_XDP. Using it you can write eBPF packet processing programs that run in usersapce.
Last synced: 27 Feb 2026
https://github.com/arindas/memcached-ebpf-proxy-cache
Intercept and serve memcached requests from eBPF.
Last synced: 07 Mar 2026
https://github.com/bombinisecurity/bombini
WIP: eBPF security monitoring agent based on Aya
Last synced: 21 Sep 2025
https://github.com/bpfdeploy-io/bpf-rs
A collection of Rust libraries for inspecting & managing eBPF
bpf ebpf linux linux-kernel rust
Last synced: 09 Apr 2025
https://github.com/murilochianfa/srv6-pot-tlv
Design and implementation of a new SRv6 Proof-of-Transit TLV using SipHash, Poly1305 and BLAKE3 Keyed-hash through eBPF XDP and TC.
blake3 ebpf golang hmac-sha256 ipv6 kernel keyed-hashing linux poly1305 seg6 segment-routing siphash srv6 tc tlv xdp
Last synced: 30 Jul 2025
https://github.com/cirocosta/llb
[wip] The low-level load balancer
bpf ebpf linux load-balancer networking
Last synced: 13 Apr 2026
https://github.com/jugatsu/cilium-cluster-mesh-workshop
🔗 Use Cilium Cluster Mesh for multi-cluster networking.
cilium cilium-cluster-mesh colima ebpf kind kubernetes
Last synced: 15 Apr 2025
https://github.com/theobori/tinyfilter
XDP packet filtering for OSI model layers 2, 3 and 4
Last synced: 07 Feb 2026
https://github.com/ldorau/strace.ebpf
Tool tracing syscalls in a fast way using eBPF linux kernel feature
bcc ebpf ebpf-programs kprobes syscall syscalls tracepoints
Last synced: 12 Apr 2025
https://github.com/gregdel/overseer
Monitor linux traffic with eBPF and expose metrics to prometheus
ebpf golang monitoring-tool prometheus-exporter
Last synced: 07 Jan 2026
https://github.com/madhavan-21/kernalkoala
This project is a minimal eBPF-based network monitor that uses tc (Traffic Control) hooks to trace ingress and egress network traffic in real time. It extracts key metadata like IP addresses, ports, protocol types, and TCP flags from packets and sends this metadata to user space via perf events.
Last synced: 02 Mar 2026
https://github.com/moolen/juno
:satellite: Network Observability for Kubernetes
ebpf kubernetes networking observability tracing
Last synced: 05 May 2026
https://github.com/saiintbrisson/bepeefe
An eBPF VM with support for BTF, maps, a dead simple WIP verifier and more soon™
Last synced: 12 Feb 2026
https://github.com/mmat11/usdt
go package for linking ebpf.Program to USDTs
Last synced: 25 Jul 2025
https://github.com/asphaltt/skbtracer-iptables
skbtracer on iptables based on eBPF. Apache License 2.0
bpf cilium-ebpf ebpf ebpf-co-re golang iptables skbtracer skbtracer-iptables
Last synced: 31 Jan 2026
https://github.com/Mutasem-mk4/procscope
Zero-overhead eBPF process tracer for Linux malware triage and incident response. Traces syscalls, network, and file events per-process without strace overhead.
bpf cli container-security ebpf forensics golang incident-response kali-linux kubernetes-security linux-security malware-analysis monitoring observability process-monitoring reverse-engineering runtime-security security-tools threat-detection threat-hunting tracing
Last synced: 28 Apr 2026
https://github.com/tpapagian/go-ebpf-timer
An example to demonstrate the use of eBPF timers.
Last synced: 16 Mar 2026
https://github.com/rogercoll/learningebpf
Examples of C++ programs that generates BPF bytecodes
Last synced: 08 May 2026
https://github.com/manishklach/sram-inference-kernel-fastpath
Experimental Linux kernel fast-path patches for SRAM-based AI inference servers, targeting io_uring submission, registered buffers, CQ polling, wakeup attribution, and completion latency.
ai-inference ai-infrastructure async-io benchmarking bpftrace ebpf ftrace inference-systems io-uring kernel-development kernel-fastpath kernel-tracing latency linux-kernel low-latency operating-systems performance-analysis sram systems-performance
Last synced: 09 May 2026
https://github.com/jrroman/caza
Analyze network traffic from host to host with eBPF
Last synced: 09 Jun 2026
https://github.com/tonyliu666/trace-your-container
get the details of docker containers running on the host via ebpf technology
Last synced: 29 Jan 2026
https://github.com/aanm-org/cilium
eBPF-based Networking, Security, and Observability
bpf cncf cni containers ebpf k8s kernel kubernetes kubernetes-networking loadbalancing monitoring networking observability security troubleshooting xdp
Last synced: 29 Jun 2025
https://github.com/rimubytes/ebpf-scheduler
Minimal Linux scheduler using sched_ext and eBPF directly in C.
Last synced: 14 Feb 2026
https://github.com/rgolangh/gnome-shell-extension-camera-indicator
A Gnome Shell extension to indicate if a camera device is in use
Last synced: 29 Apr 2026
https://github.com/filipecosta90/redis-bpftoolkit
An aggregation of useful redis BPF-related tooling programs
Last synced: 28 Apr 2026
https://github.com/false-systems/tapio
Edge Intelligence for Kubernetes eBPF-based agent that captures kernel-level events, filters to anomalies at the edge
debugging devops ebpf kubernetes observability
Last synced: 21 Apr 2026
https://github.com/toxy4ny/artaxerxes
Artaxerxes - Adaptive High-Performance Stress Tester v.1.0. Rebuild old version Xerxes DDoS. Supports GPU+io_uring, DPDK, eBPF/XDP with intelligent fallbacks. Educational tool for advanced cybersecurity labs
cuda cuda-programming cybersecurity cybersecurity-education cybersecurity-tools dpdk ebpf educational high-performance network-security network-security-tool penetration-testing penetration-testing-framework penetration-testing-tools security-tools stress-testing
Last synced: 08 Oct 2025
https://github.com/aessecurity/oburix
eBPF-based runtime agent for Endpoint Detection and Response for Linux based operating systems.
agent cybersecurity ebpf edr linux runtime-security xdr
Last synced: 18 Oct 2025
https://github.com/inspektor-gadget/ig-mcp-server
Debug your Container and Kubernetes workloads with an AI interface
ai container ebpf kubernetes linux mcp-server
Last synced: 27 Jun 2025
https://github.com/sonichigo/kubetracer
A security monitoring solution to monitor system events on your cluster nodes.
ebpf k8s-cluster monitoring security
Last synced: 21 Apr 2026
https://github.com/chocholl/xdp_furpf
Pretty fast XDP-based URPF implementation that leverages hierarchical data structures to perform high-speed packet filtering with rate limiting support.
arp-poisoning arp-spoofing cloud-networking ebpf kernel ndp-poisoning ndp-spoofing network-policy networking rate-limiting security spoofing-attack urpf virtual-machine xdp
Last synced: 01 Apr 2026
https://github.com/jamesseeman/bpflan
VXLAN overlay networks managed by ebpf & tc
Last synced: 07 Mar 2026
https://github.com/moolen/neuwerk
🛡️ cloud-native eBPF network egress firewall
cloud-native ebpf firewall kubernetes security
Last synced: 27 Jan 2026
https://github.com/vuvietnguyenit/gpuxray
A lightweight GPU observability tool focused on per-process GPU metrics, with optional deep tracing powered by eBPF.
ebpf gpu gpu-monitoring tracing
Last synced: 04 Apr 2026
https://github.com/caballa/crab-ebpf
A eBPF verifier based on Crab
abstract-interpretation ebpf static-analysis verification
Last synced: 26 Apr 2026
https://github.com/germancoding/segmentist
Rust eBPF program to determine whether hosts respect MSS
Last synced: 14 May 2026
https://github.com/rez0an/lb-xdp-poc
A custom LoadBalancer Using eBPF and xdp
bpf2go docker dockernetworking ebpf ebpf-programs golang kernelmodule load-balancer makefile packet-capture reactjs
Last synced: 16 Apr 2026
https://github.com/eunomia-bpf/kernel-bpf-library
a standalone userspace eBPF runtime and verifier extracted from the Linux kernel
Last synced: 30 Apr 2026
https://github.com/resurfaceio/logger-ebpf
Log API calls with eBPF
api-logger ebpf ebpf-go https logger-ebpf openssl ssl tls
Last synced: 26 May 2026
https://github.com/gamemann/srcip-nexthop-rs
A tool made with Rust that attaches to the TC egress hook using Aya. This tool maps source IPs from outgoing packets to destination MAC address. I'm using this for testing in a specific network setup,
bpf ebpf egress mac mac-address next-hop nexthop outgoing packet-manipulation rust tc traffic-control
Last synced: 22 Jun 2026
