.svg){kind=icon}
email
Network Top -- Help you monitor network traffic with bpf.
netop is a terminal command line interface that can customize the
network traffic bpf filter rule 
.
Related contents:
Dynamic Tracing in Linux.
A light-weight dynamic tracer for Linux that leverages the kernel's BPF VM in concert with kprobes and tracepoints to attach probes to arbitrary points in the kernel. Most tracers that generate BPF bytecode are based on the LLVM based BCC toolchain. ply on the other hand has no required external dependencies except for libc. In addition to x86_64, ply also runs on aarch64, arm, loongarch, mips, riscv64, riscv32, and powerpc. Adding support for more ISAs is easy.
Related contents:
Dynamic Tracing for Linux.
bpftrace is a high-level tracing language for Linux and provides a quick and easy way for people to write observability-based eBPF programs, especially those unfamiliar with the complexities of eBPF.
Related contents:
Tools for BPF-based Linux IO analysis, networking, monitoring, and more.
BCC is a toolkit for creating efficient kernel tracing and manipulation programs, and includes several useful tools and examples. It makes use of extended BPF (Berkeley Packet Filters), formally known as eBPF, a new feature that was first added to Linux 3.15. Much of what BCC uses requires Linux 4.1 and above.
Related contents:
Dynamically program the kernel for efficient networking, observability, tracing, and security.
eBPF is a revolutionary technology with origins in the Linux kernel that can run sandboxed programs in a privileged context such as the operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel without requiring to change kernel source code or load kernel modules.
Related contents:
Kmesh is a high-performance service grid data plane software implemented based on the ebpf and programmable kernel. It adopts the sidecarless architecture and does not need to deploy proxy components on the data plane. It implements the service governance function and improves the forwarding performance of service access.
Related contents:
Threat-hunting tool for Linux . Bring your Linux Threat-Hunting capabilities to the next level.
Kunai is a powerful tool designed to bring actionable insights for tasks such as security monitoring and threat hunting on Linux systems. Think of it as the Linux counterpart to Sysmon on Windows, tailored for comprehensive and precise event monitoring.
A KeyLogger using eBPF 
A Simple & Powerful Network Tracing Tool.
Visualize the time packets spend in the kernel, watch & analyze in command line.
Capture http/redis/mysql requests/responses in command line.
Cloud-Native Load-balancer.
loxilb is an open source cloud-native load-balancer based on GoLang/eBPF with the goal of achieving cross-compatibility across a wide range of on-prem, public-cloud or hybrid K8s environments. loxilb is being developed to support the adoption of cloud-native tech in telco, mobility, and edge computing.
High-level tracing language for Linux.
bpftrace is a high-level tracing language for Linux. bpftrace uses LLVM as a backend to compile scripts to eBPF-bytecode and makes use of libbpf and bcc for interacting with the Linux BPF subsystem, as well as existing Linux tracing capabilities: kernel dynamic tracing (kprobes), user-level dynamic tracing (uprobes), tracepoints, etc. The bpftrace language is inspired by awk, C, and predecessor tracers such as DTrace and SystemTap.
sched_ext is a Linux kernel feature which enables implementing kernel thread schedulers in BPF and dynamically loading them. This repository contains various scheduler implementations and support utilities.
bpftune aims to provide lightweight, always-on auto-tuning of system behaviour. The key benefit it provides are
- by using BPF observability features, we can continuously monitor and adjust system behaviour.
- because we can observe system behaviour at a fine grain (rather than using coarse system-wide stats), we can tune at a finer grain too (individual socket policies, individual device policies etc).
Related contents:
eBPF implementation that runs on top of Windows.
eBPF is a well-known technology for providing programmability and agility, especially for extending an OS kernel, for use cases such as DoS protection and observability. This project is a work-in-progress that allows existing eBPF toolchains and APIs familiar in the Linux ecosystem to be used on top of Windows. That is, this project takes existing eBPF projects as submodules and adds the layer in between to make them run on top of Windows.
Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.
An open-source observability platform built for simplicity. Say goodbye to manual analysis of metrics, logs, and traces. Gain actionable insights and focus on remediation.
Coroot is an open-source APM & Observability tool, a DataDog and NewRelic alternative 
, 
, 
. Powered by eBPF for rapid insights into system performance. Monitor, analyze, and optimize your infrastructure effortlessly for peak reliability at any scale.
Linux Native, API-Aware Networking and Security for Containers. eBPF-based Networking, Observability, Security.
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. It provides a simple flat Layer 3 network with the ability to span multiple clusters in either a native routing or overlay mode. It is L7-protocol aware and can enforce network policies on L3-L7 using an identity based security model that is decoupled from network addressing.