eBPF
eBPF is a technology that can run sandboxed programs in a privileged context such as the operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel at runtime without requiring to change kernel source code or load kernel modules.
- GitHub: https://github.com/topics/ebpf
- Wikipedia: https://en.wikipedia.org/wiki/EBPF
- Created by: Alexei Starovoitov, Daniel Borkmann
- Released: 2014
- Last updated: 2026-06-23 00:09:10 UTC
- JSON Representation
https://github.com/adithaker/xdp_sfu
🖲️Selective Forwarding Unit Implementation using XDP and TC hooks
c ebpf ebpf-tc ebpf-xdp linux-kernel rtp-streaming webrtc wireshark
Last synced: 02 May 2026
https://github.com/5g-pex/sctptrace
sctptrace is a collection of eBPF-based tools for monitoring and analysing SCTP (Stream Control Transmission Protocol) connections in real-time with minimal overhead. It provides visibility into critical SCTP performance metrics including RTT, buffer utilisation, jitter, and stream usage by instrumenting kernel functions through BCC.
5g 5g-core 6g bcc ebpf performance-metrics sctp
Last synced: 17 Aug 2025
https://github.com/ashishtiwari1993/slides.ashish.one
Collection of all slides presented by Ashish Tiwari
ebpf elastic elasticsearch function-calling genai
Last synced: 14 Feb 2026
https://github.com/h0x0er/ebpf-snippets
Code-snippets for developing eBPF programs
ebpf ebpf-programs snippets-collection vscode-snippets
Last synced: 17 Aug 2025
https://github.com/rimubytes/packetsage
Focused on packet filtering and kernel knowledge.
Last synced: 16 Feb 2026
https://github.com/bendahl/ebpf-evaluation
eBPF Framework Evaluation Project
bpf cpp ebpf go golang linux linux-kernel rust
Last synced: 03 Oct 2025
https://github.com/64j0/starting-ebpf
Starting my journey through eBPF (Extended Berkeley Packet Filter)
Last synced: 14 May 2026
https://github.com/laugharne/keynote__ebpf_-_everything_you_need_to_know_in_5_minutes
eBPF has become the key technology for infrastructure software. This session tells you everything you need to know about eBPF in 5 minutes. Why eBPF matters and why it exists. What it can do. What it can’t do. Who uses it for what. And finally, what the future holds.
Last synced: 16 Feb 2026
https://github.com/scm-probe/scm
Syscall monitoring and auditing tool built using eBPF
ebpf ebpf-exporter golang influxdb security security-audit security-tools
Last synced: 16 Feb 2026
https://github.com/sentinez/quadrum
🗡️ Sentinez Quadrum // Sentinel of the Fourth Layer
Last synced: 10 May 2026
https://github.com/loopholelabs/architect-networking
Architect for Networking
Last synced: 29 Jul 2025
https://github.com/faresargus/artaxerxes
Adaptive high-performance stress tester "artaxerxes" supports GPU, io_uring, DPDK, and eBPF/XDP for advanced cybersecurity labs. Ideal for network testing. 🚀🛠️
cuda cuda-programming cybersecurity cybersecurity-education cybersecurity-tools dpdk ebpf educational github-config high-performance network-security network-security-tool penetration-testing penetration-testing-framework penetration-testing-tools stress-testing
Last synced: 24 Jul 2025
https://github.com/causely-oss/automatic-instrumentation-lab
This repository contains a lab to explore different techniques of automatic instrumentation.
auto-instrumentation bytecode-instrumentation dotnet ebpf golang java lab monkey-patching nodejs observer-api opentelemetry php
Last synced: 06 Apr 2026
https://github.com/digilolnet/pint-c2
eBPF evading C2
av-bypass av-evasion c2 ebpf rat
Last synced: 14 Mar 2025
https://github.com/pyaillet/aya-lb-dr
A minimal example of using aya to build a loadbalancer with direct return
aya ebpf example learning-exercise rust-lang
Last synced: 19 Feb 2026
https://github.com/alvfpinedo/go-prometheus-exporter
📊 Collect system and application metrics seamlessly with this production-ready Prometheus exporter in Go, fully integrated with Docker and Grafana.
aci apic artifactory artifactory-exporter bash cryptowat digitalocean ebpf exporter hue-bridge hue-lights lag linux logstash loss-detection monitoring openmetrics prometheus
Last synced: 07 Apr 2026
https://github.com/rzetelskik/bpf-sanitizer
Linux kernel patch introducing a new eBPF program type for sanitizing writes.
bpf ebpf ebpf-programs linux-kernel
Last synced: 10 May 2026
https://github.com/nudgebee/node-agent
Per-node observability agent for Kubernetes and Linux hosts. Gathers container and host metrics, logs, and L7 traffic via eBPF; exports to Prometheus and OpenTelemetry. Includes LLM API observability.
ebpf golang kubernetes llm-observability monitoring node-agent observability opentelemetry prometheus sre
Last synced: 11 Jun 2026
https://github.com/pjs7678/my-claude-dotfiles
My Claude Code configuration - eBPF + Kubernetes focused setup with superpowers, claude-hud, and context7
claude-code claude-dotfiles dotfiles ebpf kubernetes
Last synced: 08 Mar 2026
https://github.com/sentinalfs/file-monitor
It monitors files
c ebpf ebpf-co-re kernel-programming
Last synced: 20 May 2026
https://github.com/o-x-l/ebpf-getting-started-guide
A guide that sums up some information about eBPF for beginners
bpf ebpf getting-started network-analysis network-intelligence tutorial
Last synced: 18 May 2026
https://github.com/l2dy/tcpsynacklat
Analyze TCP handshake latency with BPF (regardless of user space timeout)
Last synced: 08 Feb 2026
https://github.com/guptaachin/tracing-with-open-telemetry
Auto instrumentation of go application with eBPF (Otel Collector)
api docker ebpf golang jaeger observability otel-collector swagger traces
Last synced: 02 Jan 2026
https://github.com/sandstorm791/flextrace
an ebpf application profiling toolkit
Last synced: 16 Apr 2026
https://github.com/isitobservable/inspektorgadget
A repository containing the files utilized in the Inspektor Gadget tutorial.
ebpf inspektor-gadget kubernetes
Last synced: 04 Mar 2026
https://github.com/miladhzzzz/linux-epbf-poc
eBPF toolkit for implementing custom logic . Proof of Concept
Last synced: 02 Jan 2026
https://github.com/ancat/lutra
Lutra automatically detects and destroys reverse shells.
Last synced: 17 May 2026
https://github.com/danny-yamamoto/lsm
LSM stands for Linux Security Modules which is a framework which allows developers to write security systems on top of the Linux kernel.
Last synced: 05 Mar 2026
https://github.com/yasindce1998/aegis-shadow
A dual-module eBPF security research framework demonstrating offensive rootkit techniques (Shadow) and defensive runtime auditing (Aegis) for Linux kernel exploration.
bpf bpftool cyber-security ebpf ebpf-programs intrusion-detection kernel-hacking linux-kernel offensive-security rootkit runtime-security systemprogramming xdp
Last synced: 21 Jun 2026
https://github.com/ayaan4ak/minecraft-bedrock-xdp-ebpf
High-performance eBPF/XDP DDoS-mitigation filter for Minecraft: Bedrock Edition. Protect your RakNet services with fast packet filtering. 🚀🐙
antiddos appfilter bedrock bpf ddos ebpf filter firewall layer7 linux-networking minecraft packet protection raknet udp xdp
Last synced: 22 Jul 2025
https://github.com/seconize-co/dhi
Dhi - Runtime Intelligence & Protection System. Sanskrit: Intellect | Perception | Clear Vision. Kernel-space eBPF security monitoring for AI agents.
agent-security agentic-ai ai-agents ebpf kernel linux monitoring runtime-protection runtime-security sandboxing security threat-detection
Last synced: 02 Apr 2026
https://github.com/sobolevska/simple_measurement_of_upf_performance_8
Simple Measurement of UPF Performance 8
5g 5gc dpdk ebpf eupf free5gc open5gs performance proxmox proxmox-ve srsran upf upg-vpp vpp
Last synced: 18 Mar 2025
https://github.com/saidjawad/xdp-tutorial-go
XDP Tutorial with Go user space programs.
Last synced: 02 Apr 2026
https://github.com/carlossanchess/observer
Tracing system calls in Linux, using BCC toolkit leveraging eBPF technology.
bcc ebpf linux-kernel systemcalls
Last synced: 17 Apr 2026
https://github.com/samayun/system-monitoring-app
Monitor your operating system and detect anomaly
Last synced: 01 Nov 2025
https://github.com/charlie0129/killsnoop
Find out who sent a kill signal. Useful for debugging mysteriously happened kills.
bpf ebpf kernel linux syscalls tracepoints tracing
Last synced: 07 May 2026
https://github.com/vasilievsv/hw.pki-on-box
Educational PKI server on Radxa Zero (Linux) + STM32H750 TRNG via USB HID. SELinux + eBPF isolation. Python daemon. ISO 26262 ASIL A (educational).
buildroot cryptography ebpf embedded-linux iso26262 pki radxa selinux-policy-lang stm32 trng
Last synced: 12 Apr 2026
https://github.com/kakao/kubectl-cilium
A kubectl plugin to monitor Cilium SNAT usage and detect eviction risks.
Last synced: 17 May 2026
https://github.com/qweralfredo/ebpf-design
eBPF made simple - 🤓 Learn or Die 💀
Last synced: 13 May 2026
https://github.com/jmalicki-ai-slop/xibalba
Xibalba: Chaos Testing Framework for Linux Filesystem Concurrency using eBPF
chaos-engineering concurrency ebpf filesystem filesystem-testing jepsen kernel race-detection testing xibalba
Last synced: 18 Apr 2026
https://github.com/xdp-project/xdp-project.github.io
Static web site for xdp-project
Last synced: 26 Jun 2025
https://github.com/axi0mh1ve/axiom-hive-ddm
Deterministic DNS Defense Module - Replace probabilistic threat detection with cryptographic verification and strict enforcement
cybersecurity deterministic-security dns dns-security ebpf kernel merkle-tree network-security security zero-trust
Last synced: 20 Apr 2026
https://github.com/coonfuuseed-paandaa/awg-mesh
Docker-native encrypted overlay mesh on AmneziaWG. Topology-as-code, two-level ECMP, DSCP policy routing, embedded DNS, anti-DPI obfuscation.
amneziawg docker dscp ebpf ecmp golang mesh-network nftables overlay-network vpn wireguard
Last synced: 20 Apr 2026
https://github.com/alexandreboutrik/bouclier-bleu
A modular Next-Generation Antivirus (NGAV) and Endpoint Detection & Response (EDR) for Linux, leveraging eBPF (LSM) and Rust for memory-safe userland.
bpf-lsm c ebpf edr libbpf linux-security ngav ransomware rust telemetry
Last synced: 21 Apr 2026
https://github.com/sakateka/htb-simulator
Hierachical token bucket simulator
algorithm c ebpf hierarchical-token-bucket htb token-bucket xdp
Last synced: 19 May 2026
https://github.com/kokthay/linkquic
LinkQUIC is a novel framework capable of distinguishing QUIC from normal UDP streams in kernel space without kernel modification, decrypting QUIC payloads, or prior knowledge of QUIC protocol implementations in user space. This framework can identify QUIC in both endpoints and middleboxes.
distinguish ebpf heuristics identify kernel kernel-space linkquic network network-analysis network-monitoring network-traffic privacy protocol quic udp
Last synced: 24 Apr 2026
https://github.com/haolipeng/xdp-tutorial-cn
xdp-tutorial的中文版
beginner-friendly ebpf learning-by-doing tutorial xdp
Last synced: 24 Apr 2026
https://github.com/mikuchi9/ebpf-prefetch-hints
An eBPF-based tool that suggests prefetching hints to the Linux kernel for frequently executed binaries in /usr/bin.
ebpf libbpf performance prefetch system-tools userspace
Last synced: 24 Apr 2026
https://github.com/f18m/ebpf-netflow-tracer
A small eBPF utility to find out active TCP connections and depict them using Graphviz/DOT
Last synced: 24 Apr 2026
https://github.com/feliux/kscope
eBPF-powered offensive runtime discovery and attack surface observability
ebpf kernel linux red-team-tools
Last synced: 06 Jun 2026
https://github.com/bengentil/wiretap
an eBPF utility to capture TLS data
ebpf go golang observability openssl uprobes
Last synced: 24 Apr 2026
https://github.com/roiswd/ebpf-docker-build-monitor
eBPF-based monitor for detecting suspicious activity during Docker image builds
c2-detection container-security dependency-injection devsecops docker-build docker-security ebpf runtime-monitoring syscall
Last synced: 15 May 2026
https://github.com/danielpacak/opentelemetry-collector-ebpf-profiler
OpenTelemetry Collector eBPF Profiling Distribution
ebpf opentelemetry-collector profiling
Last synced: 20 Jun 2026
https://github.com/utibeabasi6/ebpf-practice
A collection of simple scripts i write while learning eBPF
Last synced: 25 Apr 2026
https://github.com/chenhengqi/bpf-network
BPF network library for chaos engineering.
Last synced: 22 Jun 2026
https://github.com/ebpfcca/ebpfcca
🐝 Evaluating eBPF as a Platform for Congestion Control Algorithm Implementation
congestion-control ebpf linux tcp
Last synced: 26 Apr 2026
https://github.com/antonlovesdnb/fishbowl
Containerized credential auditing perimeter for AI coding agents. Wraps Codex/Claude Code in Docker, audits every credential access via eBPF.
ai-agents claude-code codex container-security credential-security devtools docker ebpf rust security
Last synced: 26 Apr 2026
https://github.com/datanoisetv/shannon
Zero-instrumentation L7 observability for Linux via eBPF. See plaintext HTTP/HTTPS, gRPC, Postgres, MySQL, MongoDB, Redis, Kafka, Cassandra from any process — including through TLS — without keys, sidecars, or code changes. Pure Rust (aya), kernel 5.8+.
apm aya bpf cassandra ebpf ebpf-tools grpc http kafka linux mongodb mysql networking observability postgresql redis rust service-mesh tls tracing
Last synced: 27 Apr 2026
https://github.com/ifoxhz/sshdog
利用 ebpf 构建一个ssh 登录,以及操作的监控,主要是用于边缘计算的Linux 平台上,边缘节点总是面临安全威胁
Last synced: 18 May 2026
https://github.com/mranv/sysmon-process
A poc on sysmon for process creation on kernel level!
Last synced: 28 Apr 2026
https://github.com/ar2pi/container-oomkill-probe
A simple container oomkill eBPF probe
Last synced: 28 Apr 2026
https://github.com/yeet-src/md-sentry
eBPF integrity monitor for an LLM agent's markdown brain: CLAUDE.md, skills, memory. Tags AGENT vs EXTERNAL edits.
ai-agents bpf ebpf fentry file-monitoring integrity kernel linux llm observability provenance security yeet
Last synced: 20 Jun 2026
https://github.com/yeet-src/toolchain
Static, version-pinned build toolchain for yeet scripts
clang ebpf llvm static-binaries toolchain yeet
Last synced: 20 Jun 2026
https://github.com/dfrojas/yubarta
🐋 Yubarta is an auto-remediation platform written in Python that reacts to eBPF signals and external alerts with rule-based actions. With AI support on the roadmap to become a self-healing platform.
Last synced: 29 Apr 2026
https://github.com/majeinfo/ebpf_tools
Python scripts that use eBPF to diagnose problems
Last synced: 29 Apr 2026
https://github.com/svssdeva/shastra
Sanskrit-named instruments. WebGPU heat sim (Yantra) + Rust MCP server (Trishul) + WebGPU Shader Sandbox (Naadi) + Local first vision agent (Darshan)
agentic-tools astro claude ebpf finite-element mcp-server preact rust three-js webgpu wgsl
Last synced: 08 Jun 2026
https://github.com/jihye-seren-kim/xdp-time
NTP DDoS defense framework
ddos ebpf time-synchronization xdp
Last synced: 29 Apr 2026
https://github.com/lucasbn/ebpf-lb
Layer 4 hash based load balancer written with eBPF
Last synced: 29 Apr 2026
https://github.com/githubfoam/tracee-githubactions
tracee forensics ebpf githubactions
ebpf forensics githubactions linux
Last synced: 30 Apr 2026
https://github.com/mikuchi9/ebpf-ingress-egress-latency
eBPF-based tool for measuring packet processing latency on a network interface (IPv4, TCP/UDP only)
ebpf latency-measurement network-packets
Last synced: 30 Apr 2026
https://github.com/al-oladko/ebpfilter
A lightweight firewall with stateful session tracking, L2–L4 filtering, DPI-based inspection, connection rate limiting, and NAT support.
dpi ebpf firewall nat rate-limiting xdp
Last synced: 30 Apr 2026
https://gitlab.com/aarcange/rv-ebpf
RV monitor automata models powered by eBPF tracing
Linux Kernel automata ebpf tracing
Last synced: 10 Mar 2025
https://github.com/codeprometheus/starry-observability
learn everything about observability
agent asm byte-buddy ebpf javassist observability skywalking
Last synced: 01 May 2026
https://github.com/knightchaser/hello-ebpf
Example hands-on codes for exercising eBPF(Extended Berkeley Packet Filter) on Linux Kernel via eunomia-bpf/libbpf
Last synced: 16 May 2026
https://github.com/jgalar/linuxcon2022-benchmarks
Suite of benchmarks developed for my presentation at LinuxCon Europe 2022
benchmark ebpf lttng performance
Last synced: 01 May 2026
https://github.com/yeet-src/airtop
htop for the airwaves — a live 802.11 (Wi-Fi) RF dashboard in your terminal, powered by yeet + eBPF. No monitor mode.
802-11 bpf ebpf network-monitoring rf terminal tui wifi
Last synced: 20 Jun 2026