139 Open Source Ebpf Software Projects

eBPF-based Networking, Security, and Observability

Web-based Traffic and Security Network Traffic Monitoring

High-level tracing language for Linux eBPF

Cloud Native Runtime Security

An open source real-time network topology and protocols analyzer

Schedule bpftrace programs on your kubernetes cluster using the kubectl

Hubble - Network, Service & Security Observability for Kubernetes using eBPF

A curated list of awesome projects related to eBPF.

Prometheus exporter for custom eBPF metrics

Library to work with eBPF programs from Go

eBPF Library for Go

Framework for running BPF programs with rules on Linux as a daemon. Container aware.

Rust library for building and running BPF/eBPF modules

Performance visualisation tools

Rust virtual machine and JIT compiler for eBPF programs

eBPF Utilities, Maps, and more

eBPF program using kprobes to trace TCP events without run-time compilation dependencies

Data first monitoring agent using (e)BPF, built on RedBPF

A packet oriented Linux kernel function call tracer

Trace a ping packet journey across network interfaces and namespace on recent Linux. Supports IPv4 and IPv6.

Container traffic visibility library based on eBPF

eBPF/XDP-based software framework for fast network services running in the Linux kernel.

Instant Kubernetes-Native Application Observability

Backend for the P4 compiler targeting XDP

XDP project collaboration through a git-repo

traffic control in pure go - it allows to read and alter queues, filters and classes

Tool tracing syscalls in a fast way using eBPF linux kernel feature

[Deplicated] Now we have more sophisticated (and compact) implementation in ipftrace2 repository. Please check it as well.

Observability & Troubleshooting for Kubernetes Services

eBPF Processor for Ghidra

IOVisor OVN integration

A Prometheus exporter which uses eBPF to measure block IO request latency / size

A new eBPF verifier, using abstract interpretation

ebpfpub is a generic function tracing library for Linux that supports tracepoints, kprobes and uprobes.

Velocity SJC 2019 - DDoS mitigation made easy with XDP and eBPF

ebpf.io Website

An #eBPF and #XDP iptables firewall

eBPF programs without a libbcc dependency

Convert network filtering rules from various formats into BPF programs

uprobe-based HTTP tracer for Go binaries

BCC port for MRI - this is unofficial bonsai project.

A toy tool that leverages the super powers of XDP to bring in-kernel IP filtering

A small and efficient web server with 1K lines of C code

eBPF package for Go

A Rust library to write and load bpf programs built on top of libbpf (no bcc dependency).

A BPF-based syscall fault injector

BPFabric implementations. Details about this work are available in the research paper "BPFabric: Data Plane Programmability for Software Defined Networks" published at ANCS 2017

Draft of generic instrumentation tool based on QEMU using eBPF to implement trivial instrumentations with trivial code

Sample project demonstrating how to use eBPF to encap/decap packets with an MPLS label.

Rust bindings to libbpf from the Linux kernel

High-performance passive (a.k.a. reply-only) GRE keepalive support for Linux, written in eBPF/XDP.

Experiemental userspace eBPF library

Minimal and opinionated eBPF tooling for the Rust ecosystem

An XDP firewall that is capable of filtering specific packets based off of filtering rules specified in a config file. IPv6 is supported!

RPM specs for building bpf related tools on CentOS 7

Dataflow-driven data packet processing on Agilio CX SmartNIC 2x10Gbe, aimed at low latency.

A Kubernetes eBPF network monitor

This repository contains a tool which traces syscalls in a fast way using eBPF linux kernel feature

calltop is a tracing tool. It provides a dynamic real-time view of system calls on Linux. It traces also python, java, php and ruby function calls.

Linux Runtime Security and Forensics using eBPF

Aya is an eBPF library for the Rust programming language, built with a focus on developer experience and operability.

In-kernel cache based on eBPF.

Trace Go program execution with uprobes and eBPF

Cloud-native Runtime Security Enforcement System

eBPF based TCP observability.

eBPF library for Go, wrapping libbpf

hBPF = eBPF in hardware

Dump unix domain socket traffic with bpf

netcat using netstack userspace library and eBPF

ebpfkit is a rootkit powered by eBPF

🐝 BPFBox 📦 Exploring process confinement in eBPF

An In-Kernel Solution Based on BPF/XDP for 5G UPF

CLI to install, manage & troubleshoot Kubernetes clusters running Cilium

an experimental suite of applications and APIs for monitoring kernel-level activity on a live Kubernetes cluster

Documents that might help others.

libsinsp, libscap, the kernel module driver, and the eBPF driver sources

BTFHub, together with BTFHub Archive repository, provides BTF files for existing published kernels that don't support embedded BTF.

lightweight cross-platform networking toolkit

eBPF based always-on profiler auto-discovering targets in Kubernetes and systemd, zero code changes or restarts needed!

Erlang interface to eBPF

Making containers more secure with eBPF and Linux Security Modules (LSM)

A library to compile USDT probes into a Rust library

Demos for Pixie: github.com/pixie-io/pixie

Open Source runtime tool which help to detect malware code execution and run time mis-configuration change on a kubernetes cluster

A process level network security monitoring and enforcement project for Kubernetes, using eBPF

Simple project to demonstrate the loading of eBPF programs via florianl/go-tc.

You came here so you could have a base code to serve you as an example on how to develop a BPF application, compatible to BCC and/or LIBBPF, specially LIBBPF, having the userland part made in C or PYTHON.

ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits

A complete subset of SRv6 local function & transit written in XDP

EXPERIMENTAL: Bitcoin Core Prometheus exporter based on User-Space, Statically Defined Tracing and eBPF.

Tool for Preventing Data Exfiltration with eBPF

ebpH (Extended BPF Process Homeostasis) monitors process behavior on your system to establish normal behavioral patterns. ebpH reports anomalous behavior and prevents attacks by denying anoamlous access requests.

An open source framework to easily build and deploy eBPF/XDP network monitoring probes and clusters in order to perform Service Programs Chain efficiently.

Demo for "Auto-instrumentation of Prometheus For RED Monitoring With eBPF" talk performed in Q4 2021

A sample for writing XDP programs in Go

USDT probes in Golang on Linux via libstapsdt

Prometheus exporter for custom eBPF metrics From Kubernetes cluster. (derived from cloudflare/ebpf_exporter)

Sample ebpf programs to analyze

monitor and protect SSH sessions with eBPF