eBPF
eBPF is a technology that can run sandboxed programs in a privileged context such as the operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel at runtime without requiring to change kernel source code or load kernel modules.
- GitHub: https://github.com/topics/ebpf
- Wikipedia: https://en.wikipedia.org/wiki/EBPF
- Created by: Alexei Starovoitov, Daniel Borkmann
- Released: 2014
- Last updated: 2025-04-23 00:08:36 UTC
- JSON Representation
https://github.com/shinoleah/edbg
eBPF-based lightweight debugger for Android
android ebpf reverse-engineering
Last synced: 09 Apr 2025
https://github.com/YutaroHayakawa/ipftrace2
A packet oriented Linux kernel function call tracer
bpf ebpf linux-kernel network tracing
Last synced: 21 Nov 2024
https://github.com/mechpen/sockdump
Dump unix domain socket traffic with bpf
bcc ebpf packet-capture tcpdump unix-domain-socket
Last synced: 05 Apr 2025
https://github.com/eunomia-bpf/wasm-bpf
WebAssembly library, toolchain and runtime for eBPF programs
ebpf golang libbpf network observability rust wasm webassembly
Last synced: 06 Apr 2025
https://github.com/ntop/libebpfflow
Container traffic visibility library based on eBPF
containers docker ebpf kubernetes linux netflow traffic-monitoring
Last synced: 06 Apr 2025
https://github.com/opencloudos/nettrace
nettrace is a eBPF-based tool to trace network packet and diagnose network problem.
Last synced: 08 Apr 2025
https://github.com/coroot/coroot-node-agent
A Prometheus exporter based on eBPF that gathers comprehensive container metrics
ebpf logs monitoring network-metrics node-metrics observability prometheus prometheus-exporter prometheus-metrics
Last synced: 14 Apr 2025
https://github.com/esonhugh/sshd_backdoor
/root/.ssh/authorized_keys evil file watchdog with ebpf tracepoint hook.
backdoor ebpf offensive-security
Last synced: 07 Apr 2025
https://github.com/open-telemetry/opentelemetry-network
eBPF Collector
ebpf open-telemetry opentelemetry
Last synced: 08 Apr 2025
https://github.com/gojue/ebpfmanager
A golang ebpf libary based on cilium/ebpf and datadog/ebpf.
Last synced: 08 Apr 2025
https://github.com/aquasecurity/btfhub
BTFhub, in collaboration with the BTFhub Archive repository, supplies BTF files for all published kernels that lack native support for embedded BTF. This joint effort ensures that even kernels without built-in BTF support can effectively leverage the benefits of eBPF programs, promoting compatibility across various kernel versions.
Last synced: 05 Apr 2025
https://github.com/Esonhugh/sshd_backdoor
/root/.ssh/authorized_keys evil file watchdog with ebpf tracepoint hook.
backdoor ebpf offensive-security
Last synced: 21 Nov 2024
https://github.com/epickrram/grav
Performance visualisation tools
ebpf flamegraph monitoring observability performance
Last synced: 09 Apr 2025
https://github.com/odigos-io/opentelemetry-go-instrumentation
OpenTelemetry auto-instrumentation for Go applications
ebpf go golang kubernetes observability opentelemetry
Last synced: 06 Apr 2025
https://github.com/chriskalix/hades
Hades is a Host-Based Intrusion Detection System based on eBPF(mainly)
agent ebpf ebpf-programs ebpf-sec golang hids libbpf linux netlink runtime-security rust security
Last synced: 09 Apr 2025
https://github.com/chriskaliX/Hades
Hades is a Host-Based Intrusion Detection System based on eBPF(mainly)
agent ebpf ebpf-programs ebpf-sec golang hids libbpf linux netlink runtime-security rust security
Last synced: 21 Nov 2024
https://github.com/clouddetail/apo
APO is a comprehensive observability platform combining OpenTelemetry with eBPF. Leveraging LLM to enable automated analysis and troubleshooting 🚀.
apm ebpf logs metrics microservice monitoring observability opentelemetry tracing
Last synced: 12 Apr 2025
https://github.com/dualhorizon/blackpill
A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs
ebpf hypervisor linux-rootkit rootkit
Last synced: 12 Apr 2025
https://github.com/falcosecurity/libs
libsinsp, libscap, the kernel module driver, and the eBPF driver sources
ebpf falco-drivers kmod libscap libsinsp
Last synced: 15 Apr 2025
https://github.com/OpenCloudOS/nettrace
nettrace is a eBPF-based tool to trace network packet and diagnose network problem.
Last synced: 06 Mar 2025
https://github.com/furkanonder/beetrace
Trace your python process line by line with eBPF!
Last synced: 06 Apr 2025
https://github.com/mehrdadrad/tcpdog
eBPF based TCP observability.
bpf ebpf linux monitoring observability socket tcp tool
Last synced: 10 Jan 2025
https://github.com/newtools/ebpf
eBPF Utilities, Maps, and more
ebpf ebpf-opcode linux network-programming security-tools tracing
Last synced: 17 Nov 2024
https://github.com/yadutaf/tracepkt
Trace a ping packet journey across network interfaces and namespace on recent Linux. Supports IPv4 and IPv6.
Last synced: 17 Nov 2024
https://github.com/CloudDetail/apo
APO is a one-stop observability platform combining OpenTelemetry with eBPF. Leveraging LLM capabilities to enable auto-pilot analyzing and troubleshooting 🚀.
apm ebpf logs metrics microservice monitoring observability opentelemetry tracing
Last synced: 30 Jan 2025
https://github.com/lac-dcc/honey-potion
Writing eBPF programs with Elixir!
bpf bpftool c clang compiler compiler-construction compiler-design compilers ebpf elixir elixir-lang elixir-library framework libbpf linux linux-kernel metaprogramming network-monitoring optimizer tracing
Last synced: 05 Apr 2025
https://github.com/apache/skywalking-rover
Monitor and profiler powered by eBPF to monitor network traffic, and diagnose CPU and network performance.
apm ebpf network observability profile service-mesh skywalking
Last synced: 13 Apr 2025
https://github.com/avilum/secimport
The first open-source eBPF sandbox for Python (macOS/Linux): Secure libraries, block RCE, and enforce precise syscall control. Dive into module & package-level security now.
3rd-party bpftrace dtrace ebpf import linux profiling python rce sandbox seccomp security security-tools tracing
Last synced: 08 Apr 2025
https://github.com/lockc-project/lockc
Making containers more secure with eBPF and Linux Security Modules (LSM)
containers ebpf kubernetes lsm lsm-hooks security
Last synced: 03 Apr 2025
https://github.com/pixie-io/pixie-demos
Demos for Pixie: github.com/pixie-io/pixie
cncf demo ebpf linux-foundation pixie
Last synced: 23 Mar 2025
https://github.com/navarrothiago/upf-bpf
An In-Kernel Solution Based on eBPF / XDP for 5G UPF
3gpp 5g 5g-core 5g-core-network 5gc bpf cmake co-re ebpf flex trex-engine trex-traffic-generator upf
Last synced: 08 Apr 2025
https://github.com/gamemann/xdp-proxy
A stateless, high-performance NAT-like proxy that attaches to the XDP hook in the Linux kernel using (e)BPF for fast packet processing. This proxy forwards packets based on configurable rules and performs source-port mapping, similar to IPTables and NFTables.
bpf drv ebpf forwarding icmp kernel l3 layer3 layer4 linux linux-kernel mapping nat processing proxy routing sourceport tcp udp xdp
Last synced: 04 Apr 2025
https://github.com/gamemann/XDP-Proxy
A stateless, high-performance NAT-like proxy that attaches to the XDP hook in the Linux kernel using (e)BPF for fast packet processing. This proxy forwards packets based on configurable rules and performs source-port mapping, similar to IPTables and NFTables.
bpf drv ebpf forwarding icmp kernel l3 layer3 layer4 linux linux-kernel mapping nat processing proxy routing sourceport tcp udp xdp
Last synced: 16 Mar 2025
https://github.com/vmware-archive/p4c-xdp
Backend for the P4 compiler targeting XDP
Last synced: 22 Apr 2025
https://github.com/furkanonder/dnstrace
Monitor DNS queries by host processes using eBPF!
bcc bpf dns ebpf ebpf-programs
Last synced: 12 Apr 2025
https://github.com/furkanonder/DnsTrace
Monitor DNS queries by host processes using eBPF!
bcc bpf dns ebpf ebpf-programs
Last synced: 06 Feb 2025
https://github.com/mozillazg/hello-libbpfgo
Examples for libbpf, aquasecurity/libbpfgo and cilium/ebpf
Last synced: 05 Apr 2025
https://github.com/tricorder-observability/Starship
Starship: next-generation Observability platform built with eBPF+WASM
ebpf observability opentelemetry prometheus wasm webassembly
Last synced: 11 Mar 2025
https://github.com/tricorder-observability/starship
Starship: next-generation Observability platform built with eBPF+WASM
ebpf observability opentelemetry prometheus wasm webassembly
Last synced: 10 Feb 2025
https://github.com/ddddddo/packemon
Packet monster (っ‘-’)╮=͟͟͞͞◒ ヽ( '-'ヽ) TUI tool for sending packets of arbitrary input and monitoring packets on any network interfaces (default: eth0).
ebpf linux network network-programming networking observability packet packet-analyzer packet-generator packet-monitoring pcap penetration-testing pentesting protocol routing-protocols security socket-programming sockets system-programming
Last synced: 05 Apr 2025
https://github.com/ddddddO/packemon
Packet monster (っ‘-’)╮=͟͟͞͞◒ ヽ( '-'ヽ) TUI tool for sending packets of arbitrary input and monitoring packets on any network interfaces (default: eth0).
ebpf linux network network-programming networking observability packet packet-analyzer packet-generator packet-monitoring pcap penetration-testing pentesting protocol routing-protocols security socket-programming sockets system-programming
Last synced: 28 Mar 2025
https://github.com/netobserv/netobserv-ebpf-agent
Network Observability eBPF Agent
ebpf kubernetes network-observability openshift
Last synced: 12 Apr 2025
https://github.com/alegrey91/harpoon
🔍 Seccomp profiling and function-level tracing tool.
devops devsecops devsecops-pipeline ebpf ebpf-programs golang hacktoberfest hardening seccomp security-audit security-tools syscalls system-calls
Last synced: 05 Apr 2025
https://github.com/linux-lock/bpflock
bpflock - eBPF driven security for locking and auditing Linux machines
bpf containers ebpf iot iot-security kernel kubernetes lsm security
Last synced: 12 Apr 2025
https://github.com/aojea/netkat
netcat using netstack userspace library and eBPF
Last synced: 12 Feb 2025
https://github.com/elastic/bpfcov
Source-code based coverage for eBPF programs actually running in the Linux kernel
bpf c codecoverage coverage cpp ebpf llvm llvm-pass
Last synced: 05 Apr 2025
https://github.com/mozillazg/ptcpdump
Process-aware, eBPF-based tcpdump
bpf ebpf ebpf-go ebpf-tc forensics network-capture packet-capture pcap pcapng process-aware sniffer tcpdump tcpdump-like
Last synced: 09 Apr 2025
https://github.com/polarsignals/kubezonnet
Monitor cross-zone network traffic in Kubernetes.
ebpf gke kubernetes metrics networking prometheus
Last synced: 06 Apr 2025
https://github.com/gui774ume/ebpfkit-monitor
ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits
ebpf kernel linux linux-kernel linux-kernel-hacking rootkit runtime-security security
Last synced: 15 Feb 2025
https://github.com/fuweid/embedshim
Provide task runtime implementation with pidfd and eBPF sched_process_exit tracepoint to manage deamonless container with low overhead.
Last synced: 06 Apr 2025
https://github.com/trailofbits/ebpfpub
ebpfpub is a generic function tracing library for Linux that supports tracepoints, kprobes and uprobes.
bpf ebpf llvm monitoring security tracepoints tracing
Last synced: 15 Apr 2025
https://github.com/redcanaryco/oxidebpf
A Rust library for managing eBPF programs.
Last synced: 21 Jan 2025
https://github.com/redcanaryco/redcanary-ebpf-sensor
Red Canary's eBPF Sensor
Last synced: 13 Apr 2025
https://github.com/trailofbits/ebpfault
A BPF-based syscall fault injector
bpf debugging ebpf fault-injection llvm
Last synced: 15 Apr 2025
https://github.com/pmem/vltrace
Tool tracing syscalls in a fast way using eBPF linux kernel feature
bcc ebpf ebpf-programs kprobes syscall syscalls tracepoints
Last synced: 20 Nov 2024
https://github.com/willfindlay/bpfbox
🐝 BPFBox 📦 Exploring process confinement in eBPF
bcc ebpf linux linux-kernel runtime-security sandbox security
Last synced: 20 Nov 2024
https://github.com/dkorunic/pktstat-bpf
TC, XDP, KProbe and CGroup eBPF based simple Ethernet interface traffic monitor and reporting tool
bpf cgroup-v2 cgroups-v2 ebpf kprobe kprobes linux network networking observability packet packet-capture tcpdump terminal traffic xdp
Last synced: 10 Apr 2025
https://github.com/nullswan/bpfsnitch
Real-time network & syscall monitoring tool for Linux systems and Kubernetes clusters
ebpf kubernetes monitoring network syscall
Last synced: 07 Apr 2025
https://github.com/vbpf/ebpf-samples
Sample ebpf programs to analyze
ebpf ebpf-opcode ebpf-programs
Last synced: 06 Apr 2025
https://github.com/yanivagman/BPFroid
Trace Android framework API, native libraries, system calls and other events using eBPF
Last synced: 11 Mar 2025
https://github.com/0xdeafbeef/jeprofl
Allocations profiler built using ebpf
Last synced: 09 Apr 2025
https://github.com/CN-TU/machine-learning-in-ebpf
This repository contains the code for the paper "A flow-based IDS using Machine Learning in eBPF", Contact: Maximilian Bachl
decision-trees ebpf linux machine-learning tree-based-methods
Last synced: 26 Mar 2025
https://github.com/jschwinger233/skbdump
ebpf-based tcpdump
bpf ebpf network-sniffer tcpdump
Last synced: 31 Mar 2025
https://github.com/yandex-cloud/skbtrace
Helper tool for generating and running BPFTrace scripts which trace and measure timings related to Linux Networking Stack, specifically SocKet Buffer contents
bpftrace ebpf linux network-analysis tracing
Last synced: 15 Apr 2025
https://github.com/davidcoles/vc5
A horizontally scalable Direct Server Return layer 4 load balancer for Linux using XDP/eBPF
bgp dsr ebpf golang l4lb linux load-balancer networking xdp
Last synced: 07 Apr 2025
https://github.com/ebpfdev/explorer
eBPF explorer is Web UI that lets you see all the maps and programs in eBPF subsystem
Last synced: 10 Apr 2025
https://github.com/yanivagman/bpfroid
Trace Android framework API, native libraries, system calls and other events using eBPF
Last synced: 10 Jan 2025
https://github.com/boratanrikulu/durdur
Lightweight packet filtering for Linux: 'durdur' is a high-performance, eBPF-based simple firewall tool that drops packets by IP or DNS domain. Perfect for on-demand network control.
bpf dns ebpf firewall networking xdp
Last synced: 31 Jan 2025
https://github.com/nirmata/kube-netc
A Kubernetes eBPF network monitor
ebpf kubernetes networking prometheus
Last synced: 25 Jan 2025
https://github.com/aya-rs/aya-template
A cargo-generate template for Rust eBPF Projects using Aya
Last synced: 14 Nov 2024
https://github.com/opencloudos/perf-prof
Kernel profiler based on perf_event and ebpf
ebpf linux monitor monitoring perf performance profiling
Last synced: 06 Apr 2025
https://github.com/dswarbrick/ebpf_exporter
A Prometheus exporter which uses eBPF to measure block IO request latency / size
ebpf prometheus prometheus-exporter
Last synced: 17 Mar 2025
https://github.com/mozillazg/cloud-native-security-with-ebpf
《eBPF 云原生安全:原理与实践》书中示例程序的完整源代码
Last synced: 05 Jan 2025
https://github.com/aya-rs/book
The Aya Book is an introductory book about using the Rust Programming Language and Aya library to build extended Berkley Packet Filter (eBPF) programs.
Last synced: 14 Nov 2024
https://aya-rs.github.io/book/
The Aya Book is an introductory book about using the Rust Programming Language and Aya library to build extended Berkley Packet Filter (eBPF) programs.
Last synced: 14 Nov 2024
https://github.com/cycodelabs/cimon-action
Runtime Security Solution for your CI/CD Pipeline
cicd ebpf github-actions hardening linux security security-hardening supply-chain-security
Last synced: 28 Dec 2024
https://github.com/CycodeLabs/cimon-action
Runtime Security Solution for your CI/CD Pipeline
cicd ebpf github-actions hardening linux security security-hardening supply-chain-security
Last synced: 17 Nov 2024
https://github.com/rafaeldtinoco/howtos
Documents that might help others.
books ebpf internals kernel kvm libbpf libbpfgo linux networking programming qemu security tracee virtualization
Last synced: 21 Mar 2025
https://github.com/eunomia-bpf/llvmbpf
Userspace eBPF VM with llvm JIT/AOT compiler
aot ebpf jit llvm runtime virtual-machine
Last synced: 13 Apr 2025
https://github.com/asphaltt/learn-by-example
Learn something interesting by examples.
bpf2bpf ebpf fentry fexit freplace go iptables-nfqueue kprobe nfnetlink nsenter tc-bpf tracepoint xdp xdp-acl
Last synced: 13 Apr 2025
