eBPF
eBPF is a technology that can run sandboxed programs in a privileged context such as the operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel at runtime without requiring to change kernel source code or load kernel modules.
- GitHub: https://github.com/topics/ebpf
- Wikipedia: https://en.wikipedia.org/wiki/EBPF
- Created by: Alexei Starovoitov, Daniel Borkmann
- Released: 2014
- Last updated: 2026-06-23 00:09:10 UTC
- JSON Representation
https://github.com/jalalmostafa/socktrace
A tool to trace BSD sockets concurrency behavior using eBPF
bsd-sockets ebpf ebpf-programs linux linux-kernel socket-programming sockets
Last synced: 02 Feb 2026
https://github.com/yeet-src/claudefeed
Live audit log of every command, file, and network connection a Claude Code (or any matched) session makes, from the kernel.
ai-agents audit bpf ebpf kernel kprobe linux llm observability provenance security tracepoint tracing yeet
Last synced: 20 Jun 2026
https://github.com/zhuangqh/blog
Share/record valuable experiences/techniques at work.
Last synced: 04 Feb 2026
https://github.com/frank-at-suse/vsphere_cilium_kubeproxy-less
Terraform plan for creating a multi-node kube-proxy -less RKE2 cluster w/ Cilium CNI on VMware vSphere
cilium ebpf haproxy kube-vip kubernetes linux rancher rancher-server rancher2 rke2 terraform vmware-vsphere
Last synced: 03 Sep 2025
https://github.com/SzymonKubica/micro-bpf
µBPF - a framework for microcontroller compartmentalization using eBPF
compartmentalization ebpf embedded-systems fault-isolation internet-of-things microcontrollers middleware virtual-machine
Last synced: 11 Mar 2025
https://github.com/chaostoolkit-incubator/chaostoolkit-pixie
Chaos Toolkit extension for the Pixie/eBPF platform
chaostoolkit chaostoolkit-extension ebpf
Last synced: 14 May 2026
https://github.com/astrid-project/cb-manager
APIs to interact with the Context Broker's database. Through a REST Interface, it exposes data and events stored in the internal storage system in a structured way. It provides uniform access to the capabilities of monitoring agents.
agent beats control data ebpf elasticsearch log logstash management programmability security
Last synced: 30 Jun 2025
https://github.com/devops-360-online/cilium-k8s-cni-guide
A comprehensive guide to deploying and managing Cilium as a CNI provider in Kubernetes, covering eBPF, security, observability, cluster mesh, and routing modes
cilium cloud-native cluster-mesh cni ebpf hubble ip-routing kubernetes network-security networking observability service-mesh
Last synced: 13 Apr 2026
https://github.com/promacanthus/ebpf-docs
本项目基于 isovalent/ebpf-docs ,旨在全面记录 eBPF 相关的信息和知识。
Last synced: 06 Mar 2026
https://github.com/mariosergiosl/sys-inspector
An enterprise-grade Linux forensic analysis and observability tool powered by eBPF. Captures real-time execution, I/O, and network events with storage topology mapping.
bcc ebpf forensics linux monitoring observability python security sysadmin
Last synced: 13 Jan 2026
https://github.com/yairfalse/tapio
Making Kubernetes and eBPF accessible to everyone
debugging devops ebpf kubernetes observability
Last synced: 09 Jul 2025
https://github.com/asphaltt/bpfsyscalldist
An eBPF syscall profiler focused on BPF syscall.
bpf-syscall bpfsyscalldist ebpf linux-syscall
Last synced: 11 May 2026
https://github.com/hywan/sonde-rs
A library to compile USDT probes into a Rust library
dtrace ebpf probe rust rust-lang rust-library usdt
Last synced: 04 Jan 2026
https://github.com/carvilsi/caetra
Linux Phisical Security based on eBPF
canarytokens ebpf ebpf-programs monitoring physical-security security security-tools telegrambot
Last synced: 31 May 2026
https://github.com/silentspike/project-sentinel
Reference testbed for runtime governance of LLM coding agents — per-agent sandboxing (bwrap + Landlock + cgroups + netns), event-sourced audit trails, three control planes, 9/9-passing breakout tests.
agent-runtime agents anthropic bwrap ebpf ecs event-sourcing go governance landlock llm runtime-governance rust sandbox sandbox-isolation
Last synced: 31 May 2026
https://github.com/arivum/dynratelimiter
Rate limiting based on resource usage - either RAM and/or CPU.
ebpf golang kubernetes rate-limiting reliability resilience resource-management
Last synced: 23 Jan 2026
https://github.com/aditya1404sal/vulcanguard
Vulcan Guard is a comprehensive network management tool designed to mitigate DDOS attacks
ebpf golang load-balancer packet-filter ratelimiter reverse-proxy
Last synced: 19 Feb 2026
https://github.com/szymonkubica/micro-bpf
µBPF - a framework for microcontroller compartmentalization using eBPF
compartmentalization ebpf embedded-systems fault-isolation internet-of-things microcontrollers middleware virtual-machine
Last synced: 08 Feb 2026
https://github.com/aibor/netfilter_exporter
OpenMetrics exporter for custom netfilter internal metrics
ebpf go golang linux netfilter openmetrics prometheus-exporter
Last synced: 02 Jan 2026
https://github.com/yeet-src/usbsnoop
Live, system-wide USB transfer sniffer in eBPF — decodes USB traffic inline (control SETUP, SCSI, HID) from two universal URB hooks. No usbmon, no hardware sniffer. CO-RE portable.
bpf co-re ebpf libbpf linux observability reverse-engineering tracing usb usb-sniffer yeet
Last synced: 20 Jun 2026
https://github.com/aibor/cpumap-loop
Example program show casing eBPF cpumap infinite loop
Last synced: 02 Jan 2026
https://github.com/itscheithanya/ebpf-linux-ransomware-detection
A comprehensive overview of a multi-layered approach to ransomware detection integrating eBPF technology and machine learning,
Last synced: 31 Jan 2026
https://github.com/nmicic/compartment
Kernel-enforced sandboxing for untrusted processes. Two zero-dependency core tools, one shared profile format, plus an optional BPF-LSM module.
bpf-lsm defense-in-depth ebpf hardening landlock linux linux-security-module namespace privilege-separation process-isolation sandboxing seccomp security syscall-filtering
Last synced: 21 May 2026
https://github.com/asphaltt/bpfbak
bpfbak is a tiny tool to backup bpf objects under bpffs. Apache 2.0 License
Last synced: 02 Jan 2026
https://github.com/thejokr/ebpf-playground
Collection of small eBPF code examples
ebpf golang-examples linux-kernel observability
Last synced: 09 Feb 2026
https://github.com/rinhizakura/bio-mon
Trace block I/O activity like biosnoop, but using BPF CO-RE
Last synced: 16 Apr 2026
https://github.com/amirhnajafiz/file-access-patterns
eBPF based tool for tracing file access patterns.
bpftrace ebpf filesystem syscall-tracing
Last synced: 01 Nov 2025
https://github.com/fzakaria/rust-ebpf-demo
A simple pure hello world demo of writing an ebpf filter in rust
ebpf ebpf-programs linux linux-kernel rust
Last synced: 15 Apr 2026
https://github.com/mar0ls/bcc_ubuntu22.04_installer
Installer BPF Compiler Collection (BCC) on Ubuntu 22.04 LTS
autoinstaller bash-script ebpf gcc kernel linux python3
Last synced: 02 Jan 2026
https://github.com/fug0/ebpm
Embedded BPF Performance Monitor (ebpm) — is a modern light-weight Observability and Application Performance Monitoring tool powered by eBPF and most suitable for embedded systems.
apm application-performance-monitoring ebpf embedded-systems linux monitoring observability tracing
Last synced: 01 Jan 2026
https://github.com/gukoff/dynamicprobes
USDT probes in .NET on Linux
dotnet dynamic-tracing ebpf linux usdt
Last synced: 16 Feb 2026
https://github.com/bhanuprakasheagala/eTraceGen-eBPFEventTelemetryEngine
A Linux telemetry engine built with eBPF and Modern C++ that captures kernel-level events for processes, files, system calls, and network with a modular pipeline for decoding, enrichment, filtering, and JSON output. It is designed for portability across modern kernels using libbpf/CO-RE with graceful fallback behaviour.
cpp20 ebpf event-logger filesystem linux linux-kernel malware-analysis moderncpp network operating-systems systemcalls systemprogramming
Last synced: 24 Mar 2026
https://github.com/raghu-nandan-bs/cpupeek
Peek into CPU execution time of processes
cpu-monitoring ebpf system-engineering
Last synced: 18 Apr 2026
https://github.com/eminaktas/oom-tracer
[Experimental] OOM Tracer tails the kernel’s global OOM kills, links them to Kubernetes pods, and tags the victims so a descheduler can evict them.
Last synced: 18 May 2026
https://github.com/hidemi-k/maf-ebpf-sase
Autonomous network security and operations framework. Provides eBPF/XDP enforcement, NETCONF–RAG configuration management, and multi-layer fault diagnosis — each independently orchestrated by Microsoft Agent Framework 1.1.0.
agent-framework agentic-ai containerlab ebpf faiss go intent-based-networking ips microsoft-agent-framework netconf netmiko network-security python3 rag rust sase xdp zero-trust ztna
Last synced: 25 Apr 2026
https://github.com/rogercoll/ebpfutil
retrivies basic information of the active BPF programs
Last synced: 05 Mar 2026
https://github.com/vladd12/bpf-program
eBPF program for net traffic filtering
Last synced: 17 Apr 2026
https://github.com/kubedoll-heavy-industries/agentcontainers
Immutable, reproducible, least-privilege runtime environments for AI agents
ai-agents containers devcontainers ebpf oci security slsa
Last synced: 18 Apr 2026
https://github.com/false-systems/syva
Kernel-level eBPF enforcement for existing Kubernetes clusters. 7 LSM hooks watch every open, exec, kill, ptrace, and cgroup move — no runtime replacement needed.
bpf container-security containerd containers ebpf isolation kubernetes linux-security lsm rust
Last synced: 21 Apr 2026
https://github.com/false-systems/jalki
Programmable eBPF fentry/fexit tracing framework for Linux. Hook any kernel function with one Rust trait — structured JSON events out. TCP connects, retransmits, closes, and any function you define.
aya ebpf fentry fexit kubernetes linux-kernel rust
Last synced: 21 Apr 2026
https://github.com/sandro108/ebpf_programs
This repo contains a small but hopefully growing collection of custom eBPF programs
Last synced: 25 Apr 2026
https://github.com/murilochianfa/tc-leakage
Simply Leak some network packets using eBPF-based through Egress Packet Redirection with Traffic Control
ebpf kernel-module qdisc traffic-control tx-queue
Last synced: 23 Feb 2025
https://github.com/rubyonworld/redbpf
The redbpf project is a collection of tools and libraries to build eBPF programs using Rust.
Last synced: 28 Apr 2026
https://github.com/asphaltt/tailcall-issues
A tool to detect tailcall issues.
bpf ebpf tailcall tailcall-issues
Last synced: 01 May 2026
https://github.com/astrid-project/cubebeat
Custom Beat of the Elastic Stack to interact with the Polycube-based eBPF cubes.
beats configuration cube dynamically ebpf ebpf-cubes elasticsearch golang logstash polycube programmability runtime settings
Last synced: 03 May 2026
https://github.com/gamemann/srcip-nexthop-rs
A tool made with Rust that attaches to the TC egress hook using Aya. This tool maps source IPs from outgoing packets to destination MAC address. I'm using this for testing in a specific network setup,
bpf ebpf egress mac mac-address next-hop nexthop outgoing packet-manipulation rust tc traffic-control
Last synced: 22 Jun 2026
https://github.com/keisku/nperf
A Network PERFormance monitor tool
ebpf golang network-programming opentelemetry
Last synced: 09 May 2026
https://github.com/eset/eei-agent-linux-probes
eBPF probes used by ESET Linux products
Last synced: 09 May 2026
https://github.com/asphaltt/syscalldist
A bcc-like tool to analyze syscall's histogram. Apache License 2.0
Last synced: 12 May 2026
https://github.com/multipath-tcp/tcp-in-udp
Lightweight TCP in UDP tunnel 🚇 using eBPF 🐝
Last synced: 17 Jul 2025
https://github.com/asphaltt/pkt-stucker
An experiment to reproduce the issue packet stuck in lockless pfifo_fast qdisc. [FAILED]
Last synced: 09 May 2026
https://github.com/bra1l0r/xdp-loader
Configurable XDP loader in Rust. Supports jump table dispatching and program pinning.
Last synced: 12 Apr 2026
https://github.com/tarosky/gutenberg-efsdebug
This project aims at creating debugging tools for EFS using eBPF.
Last synced: 06 Jul 2025
https://github.com/pjs7678/my-claude-dotfiles
My Claude Code configuration - eBPF + Kubernetes focused setup with superpowers, claude-hud, and context7
claude-code claude-dotfiles dotfiles ebpf kubernetes
Last synced: 08 Mar 2026
https://github.com/vmyroslav/ebpf-cilium-demo
This repository contains demos showcasing the usage of eBPF with Cilium in Go applications
Last synced: 06 Feb 2026
https://github.com/stackroost/aeonix-compiler
Aeonix ebpf linux kernel scripting programming language
ebpf linux-kernel scripting-language zig
Last synced: 29 Dec 2025
https://github.com/hoomaac/bpfsec
basic ebpf playground to work and play a little with it
Last synced: 08 May 2026
https://github.com/saworbit/diffkeeper
DiffKeeper: State-Aware Containers (SACs)
containers diff docker ebpf go kubernetes microservices state-management stateful-containers
Last synced: 15 Apr 2026
https://github.com/o-x-l/ebpf-getting-started-guide
A guide that sums up some information about eBPF for beginners
bpf ebpf getting-started network-analysis network-intelligence tutorial
Last synced: 18 May 2026
https://github.com/l2dy/tcpsynacklat
Analyze TCP handshake latency with BPF (regardless of user space timeout)
Last synced: 08 Feb 2026
https://github.com/yeet-src/airtop
htop for the airwaves — a live 802.11 (Wi-Fi) RF dashboard in your terminal, powered by yeet + eBPF. No monitor mode.
802-11 bpf ebpf network-monitoring rf terminal tui wifi
Last synced: 20 Jun 2026
https://github.com/lorenzosaino/xdp-playground
Development environment for experimenting with XDP on a VM
Last synced: 04 May 2026
https://github.com/guptaachin/tracing-with-open-telemetry
Auto instrumentation of go application with eBPF (Otel Collector)
api docker ebpf golang jaeger observability otel-collector swagger traces
Last synced: 02 Jan 2026
https://github.com/miladhzzzz/linux-epbf-poc
eBPF toolkit for implementing custom logic . Proof of Concept
Last synced: 02 Jan 2026
https://github.com/aleyi17/infrasight-controller
Kubernetes controller for managing and deploying eBPF-based monitoring agents across cluster nodes using custom CRDs. Part of the InfraSight observability stack.
Last synced: 05 May 2026
https://github.com/ayaan4ak/minecraft-bedrock-xdp-ebpf
High-performance eBPF/XDP DDoS-mitigation filter for Minecraft: Bedrock Edition. Protect your RakNet services with fast packet filtering. 🚀🐙
antiddos appfilter bedrock bpf ddos ebpf filter firewall layer7 linux-networking minecraft packet protection raknet udp xdp
Last synced: 22 Jul 2025
https://github.com/capelabs/ebpf-for-dfir
A lightweight, extensible forensic tool that leverages eBPF to collect real-time system events on Windows for Digital Forensics and Incident Response.
dfir ebpf forensics forensics-tools framework windows
Last synced: 05 May 2026
https://github.com/amirhnajafiz/bedrock-bpftrace
Bedrock bpftrace scripts.
bpftrace ebpf jinja2 jinja2-templates python python3
Last synced: 26 Feb 2026
https://github.com/amirhnajafiz/bedrock-tracer
Bedrock ebpf-based file access pattern tracing tool.
bpftrace ebpf go golang kernel-trace syscall-tracing
Last synced: 26 Feb 2026
https://github.com/saidjawad/xdp-tutorial-go
XDP Tutorial with Go user space programs.
Last synced: 02 Apr 2026
https://github.com/joaopedroplinta/tcc_gerenciamento_rede
Comparação de ferramentas de monitoramento de sockets TCP: eBPF vs sysstat/psutil vs Prometheus — coletando as mesmas métricas simultaneamente sobre um socket TCP na porta 9999 e gerando um relatório comparativo ao final.
ebpf network-monitoring observability prometheus sysstat
Last synced: 16 Apr 2026
https://github.com/aleyi17/ebpf_loader
Lightweight agent for running eBPF programs on Linux nodes. Captures system events and streams enriched data to a central server. Supports standalone and Kubernetes modes.
Last synced: 06 May 2026
https://github.com/yeet-src/toolchain
Static, version-pinned build toolchain for yeet scripts
clang ebpf llvm static-binaries toolchain yeet
Last synced: 20 Jun 2026
https://github.com/captainirs/ebpf-tools
A collection of eBPF-based tools
ebpf ebpf-co-re libbpf systems-programming
Last synced: 01 Jul 2025
https://github.com/lawndoc/seccomp-ci-demo
Automate seccomp filter generation in your CI pipeline
ci container-security containers devops devsecops ebpf linux seccomp security security-automation syscalls
Last synced: 07 May 2026
