eBPF
eBPF is a technology that can run sandboxed programs in a privileged context such as the operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel at runtime without requiring to change kernel source code or load kernel modules.
- GitHub: https://github.com/topics/ebpf
- Wikipedia: https://en.wikipedia.org/wiki/EBPF
- Created by: Alexei Starovoitov, Daniel Borkmann
- Released: 2014
- Last updated: 2026-06-23 00:09:10 UTC
- JSON Representation
https://github.com/multipath-tcp/tcp-in-udp
Lightweight TCP in UDP tunnel 🚇 using eBPF 🐝
Last synced: 17 Jul 2025
https://github.com/murilochianfa/tc-leakage
Simply Leak some network packets using eBPF-based through Egress Packet Redirection with Traffic Control
ebpf kernel-module qdisc traffic-control tx-queue
Last synced: 23 Feb 2025
https://github.com/eminaktas/oom-tracer
[Experimental] OOM Tracer tails the kernel’s global OOM kills, links them to Kubernetes pods, and tags the victims so a descheduler can evict them.
Last synced: 18 May 2026
https://github.com/fug0/ebpm
Embedded BPF Performance Monitor (ebpm) — is a modern light-weight Observability and Application Performance Monitoring tool powered by eBPF and most suitable for embedded systems.
apm application-performance-monitoring ebpf embedded-systems linux monitoring observability tracing
Last synced: 01 Jan 2026
https://github.com/mar0ls/bcc_ubuntu22.04_installer
Installer BPF Compiler Collection (BCC) on Ubuntu 22.04 LTS
autoinstaller bash-script ebpf gcc kernel linux python3
Last synced: 02 Jan 2026
https://github.com/fzakaria/rust-ebpf-demo
A simple pure hello world demo of writing an ebpf filter in rust
ebpf ebpf-programs linux linux-kernel rust
Last synced: 15 Apr 2026
https://github.com/amirhnajafiz/file-access-patterns
eBPF based tool for tracing file access patterns.
bpftrace ebpf filesystem syscall-tracing
Last synced: 01 Nov 2025
https://github.com/asphaltt/bpfbak
bpfbak is a tiny tool to backup bpf objects under bpffs. Apache 2.0 License
Last synced: 02 Jan 2026
https://github.com/asphaltt/bpfsyscalldist
An eBPF syscall profiler focused on BPF syscall.
bpf-syscall bpfsyscalldist ebpf linux-syscall
Last synced: 11 May 2026
https://github.com/nmicic/compartment
Kernel-enforced sandboxing for untrusted processes. Two zero-dependency core tools, one shared profile format, plus an optional BPF-LSM module.
bpf-lsm defense-in-depth ebpf hardening landlock linux linux-security-module namespace privilege-separation process-isolation sandboxing seccomp security syscall-filtering
Last synced: 21 May 2026
https://github.com/yairfalse/tapio
Making Kubernetes and eBPF accessible to everyone
debugging devops ebpf kubernetes observability
Last synced: 09 Jul 2025
https://github.com/aibor/cpumap-loop
Example program show casing eBPF cpumap infinite loop
Last synced: 02 Jan 2026
https://github.com/aibor/netfilter_exporter
OpenMetrics exporter for custom netfilter internal metrics
ebpf go golang linux netfilter openmetrics prometheus-exporter
Last synced: 02 Jan 2026
https://github.com/promacanthus/ebpf-docs
本项目基于 isovalent/ebpf-docs ,旨在全面记录 eBPF 相关的信息和知识。
Last synced: 06 Mar 2026
https://github.com/szymonkubica/micro-bpf
µBPF - a framework for microcontroller compartmentalization using eBPF
compartmentalization ebpf embedded-systems fault-isolation internet-of-things microcontrollers middleware virtual-machine
Last synced: 08 Feb 2026
https://github.com/aditya1404sal/vulcanguard
Vulcan Guard is a comprehensive network management tool designed to mitigate DDOS attacks
ebpf golang load-balancer packet-filter ratelimiter reverse-proxy
Last synced: 19 Feb 2026
https://github.com/hywan/sonde-rs
A library to compile USDT probes into a Rust library
dtrace ebpf probe rust rust-lang rust-library usdt
Last synced: 04 Jan 2026
https://github.com/chaostoolkit-incubator/chaostoolkit-pixie
Chaos Toolkit extension for the Pixie/eBPF platform
chaostoolkit chaostoolkit-extension ebpf
Last synced: 14 May 2026
https://github.com/mariosergiosl/sys-inspector
An enterprise-grade Linux forensic analysis and observability tool powered by eBPF. Captures real-time execution, I/O, and network events with storage topology mapping.
bcc ebpf forensics linux monitoring observability python security sysadmin
Last synced: 13 Jan 2026
https://github.com/astrid-project/cb-manager
APIs to interact with the Context Broker's database. Through a REST Interface, it exposes data and events stored in the internal storage system in a structured way. It provides uniform access to the capabilities of monitoring agents.
agent beats control data ebpf elasticsearch log logstash management programmability security
Last synced: 30 Jun 2025
https://github.com/frank-at-suse/vsphere_cilium_kubeproxy-less
Terraform plan for creating a multi-node kube-proxy -less RKE2 cluster w/ Cilium CNI on VMware vSphere
cilium ebpf haproxy kube-vip kubernetes linux rancher rancher-server rancher2 rke2 terraform vmware-vsphere
Last synced: 03 Sep 2025
https://github.com/zhuangqh/blog
Share/record valuable experiences/techniques at work.
Last synced: 04 Feb 2026
https://github.com/jalalmostafa/socktrace
A tool to trace BSD sockets concurrency behavior using eBPF
bsd-sockets ebpf ebpf-programs linux linux-kernel socket-programming sockets
Last synced: 02 Feb 2026
https://github.com/bra1l0r/xdp-loader
Configurable XDP loader in Rust. Supports jump table dispatching and program pinning.
Last synced: 12 Apr 2026
https://github.com/asphaltt/pkt-stucker
An experiment to reproduce the issue packet stuck in lockless pfifo_fast qdisc. [FAILED]
Last synced: 09 May 2026
https://github.com/SzymonKubica/micro-bpf
µBPF - a framework for microcontroller compartmentalization using eBPF
compartmentalization ebpf embedded-systems fault-isolation internet-of-things microcontrollers middleware virtual-machine
Last synced: 11 Mar 2025
https://github.com/devops-360-online/cilium-k8s-cni-guide
A comprehensive guide to deploying and managing Cilium as a CNI provider in Kubernetes, covering eBPF, security, observability, cluster mesh, and routing modes
cilium cloud-native cluster-mesh cni ebpf hubble ip-routing kubernetes network-security networking observability service-mesh
Last synced: 13 Apr 2026
https://github.com/carvilsi/caetra
Linux Phisical Security based on eBPF
canarytokens ebpf ebpf-programs monitoring physical-security security security-tools telegrambot
Last synced: 31 May 2026
https://github.com/silentspike/project-sentinel
Reference testbed for runtime governance of LLM coding agents — per-agent sandboxing (bwrap + Landlock + cgroups + netns), event-sourced audit trails, three control planes, 9/9-passing breakout tests.
agent-runtime agents anthropic bwrap ebpf ecs event-sourcing go governance landlock llm runtime-governance rust sandbox sandbox-isolation
Last synced: 31 May 2026
https://github.com/arivum/dynratelimiter
Rate limiting based on resource usage - either RAM and/or CPU.
ebpf golang kubernetes rate-limiting reliability resilience resource-management
Last synced: 23 Jan 2026
https://github.com/itscheithanya/ebpf-linux-ransomware-detection
A comprehensive overview of a multi-layered approach to ransomware detection integrating eBPF technology and machine learning,
Last synced: 31 Jan 2026
https://github.com/thejokr/ebpf-playground
Collection of small eBPF code examples
ebpf golang-examples linux-kernel observability
Last synced: 09 Feb 2026
https://github.com/rinhizakura/bio-mon
Trace block I/O activity like biosnoop, but using BPF CO-RE
Last synced: 16 Apr 2026
https://github.com/gukoff/dynamicprobes
USDT probes in .NET on Linux
dotnet dynamic-tracing ebpf linux usdt
Last synced: 16 Feb 2026
https://github.com/bhanuprakasheagala/eTraceGen-eBPFEventTelemetryEngine
A Linux telemetry engine built with eBPF and Modern C++ that captures kernel-level events for processes, files, system calls, and network with a modular pipeline for decoding, enrichment, filtering, and JSON output. It is designed for portability across modern kernels using libbpf/CO-RE with graceful fallback behaviour.
cpp20 ebpf event-logger filesystem linux linux-kernel malware-analysis moderncpp network operating-systems systemcalls systemprogramming
Last synced: 24 Mar 2026
https://github.com/raghu-nandan-bs/cpupeek
Peek into CPU execution time of processes
cpu-monitoring ebpf system-engineering
Last synced: 18 Apr 2026
https://github.com/hidemi-k/maf-ebpf-sase
Autonomous network security and operations framework. Provides eBPF/XDP enforcement, NETCONF–RAG configuration management, and multi-layer fault diagnosis — each independently orchestrated by Microsoft Agent Framework 1.1.0.
agent-framework agentic-ai containerlab ebpf faiss go intent-based-networking ips microsoft-agent-framework netconf netmiko network-security python3 rag rust sase xdp zero-trust ztna
Last synced: 25 Apr 2026
https://github.com/rogercoll/ebpfutil
retrivies basic information of the active BPF programs
Last synced: 05 Mar 2026
https://github.com/vladd12/bpf-program
eBPF program for net traffic filtering
Last synced: 17 Apr 2026
https://github.com/kubedoll-heavy-industries/agentcontainers
Immutable, reproducible, least-privilege runtime environments for AI agents
ai-agents containers devcontainers ebpf oci security slsa
Last synced: 18 Apr 2026
https://github.com/false-systems/syva
Kernel-level eBPF enforcement for existing Kubernetes clusters. 7 LSM hooks watch every open, exec, kill, ptrace, and cgroup move — no runtime replacement needed.
bpf container-security containerd containers ebpf isolation kubernetes linux-security lsm rust
Last synced: 21 Apr 2026
https://github.com/false-systems/jalki
Programmable eBPF fentry/fexit tracing framework for Linux. Hook any kernel function with one Rust trait — structured JSON events out. TCP connects, retransmits, closes, and any function you define.
aya ebpf fentry fexit kubernetes linux-kernel rust
Last synced: 21 Apr 2026
https://github.com/sandro108/ebpf_programs
This repo contains a small but hopefully growing collection of custom eBPF programs
Last synced: 25 Apr 2026
https://github.com/rubyonworld/redbpf
The redbpf project is a collection of tools and libraries to build eBPF programs using Rust.
Last synced: 28 Apr 2026
https://github.com/asphaltt/tailcall-issues
A tool to detect tailcall issues.
bpf ebpf tailcall tailcall-issues
Last synced: 01 May 2026
https://github.com/astrid-project/cubebeat
Custom Beat of the Elastic Stack to interact with the Polycube-based eBPF cubes.
beats configuration cube dynamically ebpf ebpf-cubes elasticsearch golang logstash polycube programmability runtime settings
Last synced: 03 May 2026
https://github.com/keisku/nperf
A Network PERFormance monitor tool
ebpf golang network-programming opentelemetry
Last synced: 09 May 2026
https://github.com/eset/eei-agent-linux-probes
eBPF probes used by ESET Linux products
Last synced: 09 May 2026
https://github.com/asphaltt/syscalldist
A bcc-like tool to analyze syscall's histogram. Apache License 2.0
Last synced: 12 May 2026
https://github.com/yeet-src/claudefeed
Live audit log of every command, file, and network connection a Claude Code (or any matched) session makes, from the kernel.
ai-agents audit bpf ebpf kernel kprobe linux llm observability provenance security tracepoint tracing yeet
Last synced: 20 Jun 2026
https://github.com/yeet-src/usbsnoop
Live, system-wide USB transfer sniffer in eBPF — decodes USB traffic inline (control SETUP, SCSI, HID) from two universal URB hooks. No usbmon, no hardware sniffer. CO-RE portable.
bpf co-re ebpf libbpf linux observability reverse-engineering tracing usb usb-sniffer yeet
Last synced: 20 Jun 2026
https://github.com/githubfoam/k8s-ebpf-sandbox
kubernetes ebpf
ebpf kubernetes network-observability network-security-monitoring pipeline
Last synced: 05 May 2026
https://github.com/zigelboim-misha/kernel-system-enter-write-test
Using eBPF to print each a line every time a system enter write event is executed on the kernel
Last synced: 02 Jan 2026
https://github.com/s5uishida/simple_measurement_of_upf_performance_9
Simple Measurement of UPF Performance 9
5g 5gc dpdk ebpf eupf free5gc latency open5gs performance pfcp proxmox proxmox-ve scapy traffic-generator trex upf upg-vpp vpp xdp
Last synced: 10 Jun 2025
https://github.com/lbirchler/pyflow
BCC based tool to trace function call/return hierarchy of Python scripts and processes
Last synced: 04 Jan 2026
https://github.com/vmyroslav/ebpf-cilium-demo
This repository contains demos showcasing the usage of eBPF with Cilium in Go applications
Last synced: 06 Feb 2026
https://github.com/captainirs/ebpf-tools
A collection of eBPF-based tools
ebpf ebpf-co-re libbpf systems-programming
Last synced: 01 Jul 2025
https://github.com/s5uishida/simple_measurement_of_upf_performance_4
Simple Measurement of UPF Performance 4
5g 5gc dpdk ebpf eupf free5gc open5gs packetrusher performance proxmox proxmox-ve upf upg-vpp vpp xdp
Last synced: 28 Mar 2025
https://github.com/singgel/log-metric-tracing
可观测性(Observability)的三个支柱 日志(Logs):记录离散事件。 指标(Metrics):聚合的数值数据,如 CPU 使用率、请求率。 追踪(Traces):分布式请求的端到端调用链。 现代系统(如微服务)通常将这三者结合,实现全面的可观测性。
dapper ebpf elk logging metrics openresty opentracing prometheus spanner tracing
Last synced: 19 May 2026
https://github.com/saworbit/diffkeeper
DiffKeeper: State-Aware Containers (SACs)
containers diff docker ebpf go kubernetes microservices state-management stateful-containers
Last synced: 15 Apr 2026
https://github.com/stackroost/aeonix-compiler
Aeonix ebpf linux kernel scripting programming language
ebpf linux-kernel scripting-language zig
Last synced: 29 Dec 2025
https://github.com/mbund/dimarchos
eBPF experiments
cni containers ebpf kernel tcx
Last synced: 14 May 2026
https://github.com/marcomannu/simple_measurement_of_upf_performance_9
# Simple Measurement of UPF Performance 9This repository provides simple performance measurements of various open-source UPFs using the TRex traffic generator and the Simple PFCP Client as the simulator. Results may vary based on measurement conditions, and this serves as a basic reference for real-world configurations. 🐙✨
5g 5gc dpdk ebpf eupf free5gc latency open5gs performance pfcp proxmox proxmox-ve scapy traffic-generator trex upf vpp xdp
Last synced: 15 Jun 2025
https://github.com/archisman-mridha/discovering-ebpf
Discovering eBPF | a primitive to my ebpf-based-loadbalancer repo
Last synced: 15 Mar 2025
https://github.com/s5uishida/simple_measurement_of_upf_performance_7
Simple Measurement of UPF Performance 7
5g 5gc dpdk ebpf eupf free5gc open5gs packetrusher performance proxmox proxmox-ve upf upg-vpp vpp xdp
Last synced: 29 Jun 2025
https://github.com/nevinshine/telos-runtime
A closed-loop security runtime preventing "The Great Exfiltration" and Indirect Prompt Injection in Autonomous AI Agents.
agentic-ai ebpf golang linux-security llm-security lsm prompt-injection python runtime-security systems-research taint-tracking xdp zero-trust
Last synced: 01 Feb 2026
https://github.com/ktp0li/epbf-ping-fooler
simple ebpf program for tricking ping's rtt
Last synced: 23 Feb 2025
https://github.com/boratanrikulu/gobee
(WIP) The easiest way to build production eBPF apps in Go. gobee fills the BPF-program gap left by cilium/ebpf and bpf2go.
bpf cilium-ebpf ebpf golang kernel linux transpiler
Last synced: 25 May 2026
https://github.com/yeet-src/runfrom
Live exec-provenance monitor. Flags execs from tmp/shm, fileless binaries, and setuid privilege jumps, all in-kernel.
bpf co-re ebpf exec fileless kernel linux observability provenance security setuid tracepoint tracing yeet
Last synced: 20 Jun 2026
https://github.com/amirhnajafiz/bedrock-bpftrace
Bedrock bpftrace scripts.
bpftrace ebpf jinja2 jinja2-templates python python3
Last synced: 26 Feb 2026
https://github.com/amirhnajafiz/bedrock-tracer
Bedrock ebpf-based file access pattern tracing tool.
bpftrace ebpf go golang kernel-trace syscall-tracing
Last synced: 26 Feb 2026
https://github.com/yairfalse/vaisto_bpf
eBPF backend for the Vaisto programming language — compile typed S-expressions to BPF bytecode
beam bpf compiler ebpf elixir s-expressions type-safety
Last synced: 20 Feb 2026
https://github.com/michaelzheng67/bpf-monitor
Dashboard for monitoring tcp connections in k8s with ebpf
Last synced: 10 Apr 2026
https://github.com/joaopedroplinta/tcc_gerenciamento_rede
Comparação de ferramentas de monitoramento de sockets TCP: eBPF vs sysstat/psutil vs Prometheus — coletando as mesmas métricas simultaneamente sobre um socket TCP na porta 9999 e gerando um relatório comparativo ao final.
ebpf network-monitoring observability prometheus sysstat
Last synced: 16 Apr 2026
https://github.com/piwi3910/novanet
High-performance eBPF-based Kubernetes CNI with identity-based policy, Geneve/VXLAN overlay, native BGP routing, and real-time flow visibility
bgp cni container-networking ebpf geneve kubernetes network-policy networking vxlan
Last synced: 07 Mar 2026
https://github.com/nimishamehta5/tc-pkt-counter
eBPF program that counts TCP, UDP and ICMP egress packets (includes source and destination IPs (pods, nodes, external), ports, protocol and TCP flags or ICMP Echo types)
ebpf ebpf-go go golang kubernetes
Last synced: 10 Apr 2026
https://github.com/ddaskala/udp-multi-threaded
A multi-threaded UDP server with CPU cache affinity
Last synced: 16 Apr 2026
