eBPF
eBPF is a technology that can run sandboxed programs in a privileged context such as the operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel at runtime without requiring to change kernel source code or load kernel modules.
- GitHub: https://github.com/topics/ebpf
- Wikipedia: https://en.wikipedia.org/wiki/EBPF
- Created by: Alexei Starovoitov, Daniel Borkmann
- Released: 2014
- Last updated: 2026-06-22 00:09:11 UTC
- JSON Representation
https://github.com/aleyi17/infrasight
InfraSight is a modular eBPF-based observability platform for Linux and Kubernetes environments. It provides deep visibility into system activity using custom eBPF programs, a centralized ClickHouse backend, and a Kubernetes-native controller.
Last synced: 12 Oct 2025
https://github.com/xmigrate/blxrep
eBPF based sector level disk replication tool for disaster recovery purpose
backup disaster-recovery ebpf sector-level-recovery
Last synced: 02 Aug 2025
https://github.com/elastiflow/mermin
A Kubernetes-native network observability tool that uses eBPF to auto-instrument network traffic and export it as Flow Traces via OpenTelemetry, providing deep visibility into cluster communications.
cni ebpf kubernetes network observability open-telemetry otel
Last synced: 10 Jun 2026
https://github.com/leodido/demo-cloud-native-ebpf-day
Various eBPF programs for tracing network connections
attack auditing bpf defense demo ebpf enforcement experimentation kernel lsm lsm-hooks prevention security talk tracepoints tracing
Last synced: 17 Jun 2025
https://github.com/fbac/sklookup-go
eBPF sk_lookup program as a golang library
cilium cilium-ebpf ebpf ebpf-programs golang kernel linux linux-kernel networking networking-programmability socket socket-programming
Last synced: 09 Oct 2025
https://github.com/takehaya/goxdp-template
A sample for writing XDP programs in Go
ebpf go golang network-programming vxlan xdp
Last synced: 14 Apr 2025
https://github.com/gamemann/TC-IPIP-Mapper
TC programs aimed to add support for multiple remote hosts in IPIP tunnels.
bpf control ebpf ipip tc traffic traffic-control
Last synced: 10 Mar 2025
https://github.com/gamemann/tc-ipip-mapper
TC programs aimed to add support for multiple remote hosts in IPIP tunnels.
bpf control ebpf ipip tc traffic traffic-control
Last synced: 05 Sep 2025
https://github.com/yfractal/sdb
A Ruby stack profiler without GLV.
dll-injection ebpf observability profiler ruby rust stack-profiling
Last synced: 10 Apr 2025
https://github.com/coder/exectrace
Simple eBPF-based exec snooping on Linux packaged as a Go library.
Last synced: 27 Oct 2025
https://github.com/digitalocean-labs/ebpf_exporter
a pure-Go Prometheus exporter for the eBPF Linux subsystem
Last synced: 07 Feb 2026
https://github.com/santandersecurityresearch/cryptomon
Network Cryptography Monitor - using eBPF, written in python
Last synced: 10 Apr 2025
https://github.com/sipcapture/rtcagent
RTCAgent is an eBPF powered HEP Agent for HOMER/HEPIC
ebpf freeswitch hep hep-agent hepic homer kamailio opensips
Last synced: 10 Jul 2025
https://github.com/shubhampalriwala/networth
eBPF based Network Monitoring using Prometheus and Grafana
ebpf grafana-dashboard prometheus xdp
Last synced: 06 Sep 2025
https://github.com/loxilb-io/loxilb-ebpf
loxilb ebpf sub-module
cloud-native datapath ebpf kernel
Last synced: 27 Oct 2025
https://github.com/opencloudos/fuse-extent
This project is a fuse extent, which contains fuse-crash-recovery framework and fuse-base-ebpf performance improvement.
Last synced: 01 Sep 2025
https://github.com/b1tg/github-hosts-ebpf
Speed up GitHub access by modifying DNS response packets using eBPF
Last synced: 03 May 2025
https://github.com/terassyi/seccamp-xdp
hands-on to implement simple network load balancer using XDP
ebpf load-balancer tutorial xdp
Last synced: 08 May 2025
https://github.com/badouralix/dockerfiles
Dockerfiles everywhere :whale:
blake2s buildx caddy covid-19 curl docker docker-desktop docker-image dockerfile ebpf jq linux-headers lustre nusmv oh-my-zsh-theme rancher-cli toolbox zunit
Last synced: 11 Apr 2025
https://github.com/anoushk1234/zig-ebpf
Zig virtual machine for eBPF programs.
assembler bpf ebpf interpreter packet-filtering zig
Last synced: 12 Apr 2025
https://github.com/acassen/xdp-fw
XDP FW: eXpress Data Path FireWall module
Last synced: 03 May 2025
https://github.com/trailofbits/btfparse
A C++ library that parses debug information encoded in BTF format
Last synced: 15 Apr 2025
https://github.com/JiaHuann/Smart_Fault_Injector_LLM
Intelligent kernel error injection/testing tool based on large model and eBPF.(基于大模型和eBPF的智能化kernel错误注入、测试工具)
ebpf fault-injection kernel security-tools testing-tools
Last synced: 11 Sep 2025
https://github.com/trailofbits/linuxevents
A sample PoC for container-aware exec events for osquery
bpf ebpf linux monitoring runtime-code-generation tracing
Last synced: 15 Apr 2025
https://github.com/jiahuann/smart_fault_injector_llm
Intelligent kernel error injection/testing tool based on large model and eBPF.(基于大模型和eBPF的智能化kernel错误注入、测试工具)
ebpf fault-injection kernel security-tools testing-tools
Last synced: 11 Apr 2025
https://github.com/belwue/flowpipeline
Process network flows using fully configurable pipelines.
ebpf go goflow golang influxdb kafka monitoring netflow network-analysis networking prometheus tcpdump-like
Last synced: 13 Jul 2025
https://github.com/Asphaltt/tcpw
tcpw: An eBPF enhanced tool to capture tcp tuple info of curl,telnet,socat tools. License Apache 2.0
Last synced: 24 Feb 2025
https://github.com/asphaltt/tcpw
tcpw: An eBPF enhanced tool to capture tcp tuple info of curl,telnet,socat tools. License Apache 2.0
Last synced: 30 Oct 2025
https://github.com/rinhizakura/kmemsnoop
Install a hardware breakpoint in Linux kernel for tracing/debugging
Last synced: 04 Oct 2025
https://github.com/acceis/ebpf-hide-pid
This tool have the power to hide any PID/directory in the Linux kernel
Last synced: 10 Apr 2025
https://github.com/BelWue/flowpipeline
Process network flows using fully configurable pipelines.
ebpf go goflow golang influxdb kafka monitoring netflow network-analysis networking prometheus tcpdump-like
Last synced: 31 Oct 2025
https://github.com/msfidelis/eks-with-cilium
:whale: :package: :rocket: - Terraform template for a production ready EKS Cluster and Cilium Service Mesh and eBPF
cilium cloud-native ebpf eks kubernetes service-mesh terraform
Last synced: 19 Jun 2025
https://github.com/hujun-open/etherconn
Package etherconn is a golang pkg that allow user to send/receive Ethernet payload (like IP pkt) or UDP packet ,with custom Ethernet encapsulation like MAC address, VLAN tags, without creating corresponding interface in OS;
Last synced: 27 Mar 2026
https://github.com/asphaltt/vista
An eBPF enhanced Linux kernel skb and socket tracing tool.
ebpf gopacket-pcap linux skb-tracing socket-tracing tcpdump vista
Last synced: 10 Apr 2025
https://github.com/pouriyajamshidi/flat
Measure UDP and TCP connection latency for IPv4 and IPv6 using eBPF and Go
c ebpf go ipv4 ipv6 latency-monitor tcp udp
Last synced: 21 Mar 2025
https://github.com/coranlabs/hexaebpf
The Future of Interoperable eBPF Defined 5G Core (eDC)
Last synced: 05 Oct 2025
https://github.com/jumpbox-event/learn-ebpf
Learning eBPF Event 2024
cilium ebpf grafana-beyla kubernetes-security
Last synced: 13 Aug 2025
https://github.com/dylandreimerink/gobpfld
GoBPFLD is a pure go eBPF loader/userspace library
Last synced: 10 Apr 2025
https://github.com/multikernel/kernelscript
KernelScript is a modern, type-safe, domain-specific programming language for eBPF development
Last synced: 26 Jul 2025
https://github.com/isala404/scale-to-zero-ebpf
Proof of concept for Implementing a scale to zero architecture with ebpf
ebpf kubernetes rust serverless
Last synced: 05 Jul 2025
https://github.com/tigera-solutions/prevent-detect-and-mitigate-container-based-threats
[Free Training Workshop] Learn how to prevent, detect and mitigate container based threats using Calico Cloud
aks calico cloudnative cloudsecurity cnapp containersecurity ebpf eks kubernetes zerotrust
Last synced: 06 Apr 2025
https://github.com/kasd/texporter
texporter is a lightweight, high-performance eBPF-based network traffic exporter for Prometheus.
bpf ebpf ebpf-go monitoring networking observability prometheus prometheus-exporter traffic traffic-control xdp
Last synced: 04 Apr 2025
https://github.com/coranlabs/HEXAeBPF
The Future of Interoperable eBPF Defined 5G Core (eDC)
Last synced: 28 Mar 2026
https://github.com/r-caamano/zfw
An ebpf based firewall for openziti edge-routers/tunnelers
ebpf firewall linux-kernel openziti packet-filtering packet-redirect tc tc-ebpf traffic-control xdp
Last synced: 08 May 2025
https://github.com/gamemann/ipipdirect-tc
Sends outgoing IPIP packets back to the client directly instead of back through the IPIP tunnel/forwarding server. Uses TC egress filter for fast packet processing.
bpf direct ebpf egress ipip linux-tc tc traffic-control
Last synced: 18 Mar 2025
https://github.com/timsaya/bandix
A network traffic monitoring tool based on eBPF technology, written in Rust
Last synced: 10 Feb 2026
https://github.com/yifengyou/ebpf
eBPF学习
ebpf kernel kprobe tracepoint uprobe xdp
Last synced: 22 Apr 2025
https://github.com/atrosinenko/qinst
Draft of generic instrumentation tool based on QEMU using eBPF to implement trivial instrumentations with trivial code
dynamic-instrumentation ebpf instrumentation qemu
Last synced: 01 Jul 2025
https://github.com/kakkoyun/py-perf
A Proof-of-concept, low-overhead, sampling CPU profiler for Python implemented using eBPF.
bpf ebpf ebpf-programs optimization perfomance performance-testing profiler python rust
Last synced: 08 Mar 2026
https://github.com/javierhonduco/lightswitch
CPU profiler as a library for Linux suitable for on-demand and continuous profiling running on BPF
bpf ebpf performance profiling rust
Last synced: 03 Feb 2026
https://github.com/adityaseth777/shieldk8s
A privacy-focused, local-only security dashboard for monitoring Kubernetes cluster security using eBPF and Cilium. All metrics and data stay within your infrastructure.
cilium ebpf k8s-cluster kubernetes
Last synced: 02 Aug 2025
https://github.com/eunomia-bpf/libbpf-rs-starter-template
Template designed to get new developers with libbpf-rs development.
Last synced: 20 Jul 2025
https://github.com/sumerc/gilstats.py
A utility for dumping per-thread statistics for CPython GIL using eBPF
cpython ebpf ebpf-programs multithreading observability python python-gil
Last synced: 14 Apr 2025
https://github.com/tholian-network/firewall
:rainbow: eBPF-based programmable firewall, intended for use in Go backends
Last synced: 15 Apr 2025
https://github.com/thought-machine/falco-probes
Automated build and mirror of eBPF kernel probes for use as a driver with the Falco runtime security agent (https://falco.org/)
Last synced: 22 Apr 2025
https://github.com/hemslo/docker-bpf
Run ebpf programs in docker (e.g., bpftrace)
Last synced: 02 Feb 2026
https://github.com/eunomia-bpf/eunomia-template
Compile eBPF program with GitHub Actions and Run locally in one line!
Last synced: 16 Mar 2026
https://github.com/acassen/dra-guard
Mobile Core-Network routing software
5gc diameter ebpf epc firewall plugin-architecture proxy-server route-optimization router xdp
Last synced: 09 Aug 2025
https://github.com/tricorder-observability/helm-charts
Helm Charts for tricorder observability.
Last synced: 05 May 2025
https://github.com/aanm/enigma
Virtual Enigma and Bombe eBPF simulation for real-time network packet encryption and cryptanalysis on Linux
bombe-machine ebpf enigma-machine
Last synced: 05 Aug 2025
https://github.com/leonhwangprojects/btrace
bpflbr is an eBPF enhanced tool to trace some details of bpf prog with LBR. License Apache 2.0
bpf bpflbr ebpf last-branch-record lbr
Last synced: 01 Mar 2025
https://github.com/s5uishida/simple_measurement_of_upf_performance
Simple Measurement of UPF Performance
5g 5gc dpdk ebpf eupf free5gc open5gs packetrusher performance upf upg-vpp vpp xdp
Last synced: 11 Jul 2025
https://github.com/asphaltt/ebpf-vm-on-ebpf
Build a feature-less eBPF vm on eBPF, just for fun.
Last synced: 06 May 2025
https://github.com/code-cargo/cargowall
ebpf firewall github-actions security
Last synced: 01 Apr 2026
https://github.com/kumkeehyun/perisco
eBPF based, L7 protocols monitoring solution in k8s
cilium-ebpf ebpf http kubernetes microservice observability
Last synced: 07 May 2025
https://github.com/gfx/hello-bpf-core
An example app for BPF CO-RE and CI settings with GitHub Actions
Last synced: 22 Mar 2025
https://github.com/eunomia-bpf/bpf-benchmark
Userspace eBPF Runtime Benchmarking Test Suite and Results
bpf ebpf llvm perfo performance
Last synced: 10 Oct 2025
https://github.com/asphaltt/iptables-bpf
An example of iptables-bpf with Go+eBPF
bpf ebpf go iptables iptables-bpf
Last synced: 06 May 2025
https://github.com/willfindlay/suidsnoop
suidsnoop is a tool based on eBPF LSM programs that logs whenever a suid binary is executed and implements custom allow/deny lists.
aya ebpf linux linux-kernel lsm rust security suid-binaries
Last synced: 07 May 2025
https://github.com/v-thakkar/talks
This repository contains the slides of my talks.
coccinelle ebpf embedded-linux kernel linux security static-code-analysis virtualization xen
Last synced: 17 Mar 2025
https://github.com/gotoolkits/lightmon
lightmon is a lightweight, Docker/K8s container-aware network traffic monitoring tool based on eBPF technology.
Last synced: 16 May 2025
https://github.com/mahendrapaipuri/ceems
A Prometheus exporter and a REST API server to export metrics of compute units of resource managers like SLURM, Openstack, k8s, _etc_
cloud containers dashboards ebpf emissions energy-monitor grafana green-computing hpc json-api kubernetes metrics-server metrics-visualization monitoring observability openstack performance-monitoring prometheus prometheus-exporter slurm
Last synced: 12 Jan 2026
https://github.com/booyaa/vagrant-bcctools
because playing with bcctools on macOS is a PITA
Last synced: 23 Apr 2025
https://github.com/groundcover-com/blog
groundcover's blog materials. Level up your K8s observability game with eBPF.
blog ebpf kubernetes monitoring
Last synced: 11 Mar 2026
https://github.com/masterbpro/argus
Argus is an eBPF-based monitoring and management tool delivering real-time insights into system performance. Designed for flexibility, efficiency, and security, it’s an ideal solution for developers and administrators seeking lightweight tools for event analysis and debugging.
audit bpf ebpf infrastructure kubernetes linux linux-kernel network sdn security
Last synced: 15 Apr 2025
https://github.com/mxcrafts/ltrack
Security Observability Framework for ML/AI Model File Loading
ebpf golang llm ml observable safety
Last synced: 08 Mar 2026
https://github.com/isala404/lazy-koala
A toolkit to apply AIOps to distributed systems
anomaly-detection deep-learning ebpf hacktoberfest kubernetes monitoring root-cause-analysis
Last synced: 26 Aug 2025
https://github.com/ciffelia/tsblock
Prevent tailscale from using specific network interfaces
Last synced: 04 Feb 2026
https://github.com/userspace-xdp/userspace-xdp
XDP Deployments in Userspace eBPF
Last synced: 20 Jul 2025
https://github.com/falcosecurity/kernel-testing
Ansible playbooks to provision firecracker VMs and run Falco kernel tests
ansible ebpf falco firecracker ignite kernel runtime-security tests
Last synced: 26 Apr 2025
https://github.com/containerscrew/rootisnaked
Simple root privilege escalation detection using eBPF 🐝
cilium-ebpf ebpf ebpf-go go golang linux-kernel privilege-escalation security
Last synced: 12 Apr 2025
https://github.com/eunomia-bpf/bpf-compatible
compatible library for ebpf programs to improve BTF portability
Last synced: 07 May 2025
https://github.com/stwind/dockersnoop
Intercept gRPC traffic of dockerd and containerd with eBPF
containerd docker ebpf golang grpc
Last synced: 11 Apr 2025
https://github.com/x86taka/xdp-etherip
Implementation of EtherIP with XDP
ebpf ebpf-programs etherip xdp
Last synced: 04 Jul 2025
https://github.com/markpash/find-bad-middleboxes
This is the proof-of-concept code that accompanies the eBPF Summit lightning talk I gave called Bad middlebox!
bpf bpf2go cilium ebpf ebpf-summit middlebox
Last synced: 15 May 2025
https://github.com/asphaltt/iptables-trace
iptables-trace is an eBPF enhanced iptables-TRACE alternative iptables TRACE. GPL-3.0 license
ebpf ebpf-co-re iptables iptables-trace iptables-tracer kernel-module nf-trace
Last synced: 24 Aug 2025