139 Open Source Ebpf Software Projects

eBPF Utilities, Maps, and more

eBPF programs without a libbcc dependency

A curated list of awesome projects related to eBPF.

USDT probes in Golang on Linux via libstapsdt

A Prometheus exporter which uses eBPF to measure block IO request latency / size

Data first monitoring agent using (e)BPF, built on RedBPF

Prometheus exporter for custom eBPF metrics

A new eBPF verifier, using abstract interpretation

High-level tracing language for Linux eBPF

Framework for running BPF programs with rules on Linux as a daemon. Container aware.

Rust library for building and running BPF/eBPF modules

Dump unix domain socket traffic with bpf

eBPF package for Go

Schedule bpftrace programs on your kubernetes cluster using the kubectl

XDP project collaboration through a git-repo

eBPF/XDP-based software framework for fast network services running in the Linux kernel.

Sample ebpf programs to analyze

Sample project demonstrating how to use eBPF to encap/decap packets with an MPLS label.

Library to work with eBPF programs from Go

An #eBPF and #XDP iptables firewall

Container traffic visibility library based on eBPF

ebpH (Extended BPF Process Homeostasis) monitors process behavior on your system to establish normal behavioral patterns. ebpH reports anomalous behavior and prevents attacks by denying anoamlous access requests.

Dataflow-driven data packet processing on Agilio CX SmartNIC 2x10Gbe, aimed at low latency.

traffic control in pure go - it allows to read and alter queues, filters and classes

Velocity SJC 2019 - DDoS mitigation made easy with XDP and eBPF

Draft of generic instrumentation tool based on QEMU using eBPF to implement trivial instrumentations with trivial code

A toy tool that leverages the super powers of XDP to bring in-kernel IP filtering

RPM specs for building bpf related tools on CentOS 7

Convert network filtering rules from various formats into BPF programs

BCC port for MRI - this is unofficial bonsai project.

eBPF Processor for Ghidra

eBPF Library for Go

Linux Runtime Security and Forensics using eBPF

[Deplicated] Now we have more sophisticated (and compact) implementation in ipftrace2 repository. Please check it as well.

uprobe-based HTTP tracer for Go binaries

Rust bindings to libbpf from the Linux kernel

Hubble - Network, Service & Security Observability for Kubernetes using eBPF

ebpfpub is a generic function tracing library for Linux that supports tracepoints, kprobes and uprobes.

A BPF-based syscall fault injector

calltop is a tracing tool. It provides a dynamic real-time view of system calls on Linux. It traces also python, java, php and ruby function calls.

Trace Go program execution with uprobes and eBPF

A complete subset of SRv6 local function & transit written in XDP

Observability & Troubleshooting for Kubernetes Services

Instant Kubernetes-Native Application Observability

High-performance passive (a.k.a. reply-only) GRE keepalive support for Linux, written in eBPF/XDP.

A packet oriented Linux kernel function call tracer

A Rust library to write and load bpf programs built on top of libbpf (no bcc dependency).

A Kubernetes eBPF network monitor

A small and efficient web server with 1K lines of C code

🐝 BPFBox 📦 Exploring process confinement in eBPF

Minimal and opinionated eBPF tooling for the Rust ecosystem

Prometheus exporter for custom eBPF metrics From Kubernetes cluster. (derived from cloudflare/ebpf_exporter)

A process level network security monitoring and enforcement project for Kubernetes, using eBPF

An XDP firewall that is capable of filtering specific packets based off of filtering rules specified in a config file. IPv6 is supported!

An In-Kernel Solution Based on BPF/XDP for 5G UPF

ebpf.io Website

monitor and protect SSH sessions with eBPF

lightweight cross-platform networking toolkit

an experimental suite of applications and APIs for monitoring kernel-level activity on a live Kubernetes cluster

Cloud-native Runtime Security Enforcement System

Simple project to demonstrate the loading of eBPF programs via florianl/go-tc.

CLI to install, manage & troubleshoot Kubernetes clusters running Cilium

eBPF based TCP observability.

Aya is an eBPF library for the Rust programming language, built with a focus on developer experience and operability.

A sample for writing XDP programs in Go

An open source framework to easily build and deploy eBPF/XDP network monitoring probes and clusters in order to perform Service Programs Chain efficiently.

libsinsp, libscap, the kernel module driver, and the eBPF driver sources

Erlang interface to eBPF

You came here so you could have a base code to serve you as an example on how to develop a BPF application, compatible to BCC and/or LIBBPF, specially LIBBPF, having the userland part made in C or PYTHON.

A library to compile USDT probes into a Rust library

Open Source runtime tool which help to detect malware code execution and run time mis-configuration change on a kubernetes cluster

Web-based Traffic and Security Network Traffic Monitoring

In-kernel cache based on eBPF.

ebpfkit is a rootkit powered by eBPF

hBPF = eBPF in hardware

Demos for Pixie: github.com/pixie-io/pixie

Making containers more secure with eBPF and Linux Security Modules (LSM)

netcat using netstack userspace library and eBPF

eBPF based always-on profiler auto-discovering targets in Kubernetes and systemd, zero code changes or restarts needed!

eBPF library for Go, wrapping libbpf

Experiemental userspace eBPF library

Documents that might help others.

EXPERIMENTAL: Bitcoin Core Prometheus exporter based on User-Space, Statically Defined Tracing and eBPF.

ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits

BTFHub, together with BTFHub Archive repository, provides BTF files for existing published kernels that don't support embedded BTF.

Demo for "Auto-instrumentation of Prometheus For RED Monitoring With eBPF" talk performed in Q4 2021

Tool for Preventing Data Exfiltration with eBPF

An open source real-time network topology and protocols analyzer

eBPF-based Networking, Security, and Observability

Cloud Native Runtime Security

IOVisor OVN integration

This repository contains a tool which traces syscalls in a fast way using eBPF linux kernel feature

Backend for the P4 compiler targeting XDP

BPFabric implementations. Details about this work are available in the research paper "BPFabric: Data Plane Programmability for Software Defined Networks" published at ANCS 2017

Rust virtual machine and JIT compiler for eBPF programs

eBPF program using kprobes to trace TCP events without run-time compilation dependencies

Performance visualisation tools

Tool tracing syscalls in a fast way using eBPF linux kernel feature

Trace a ping packet journey across network interfaces and namespace on recent Linux. Supports IPv4 and IPv6.