awesome-ebpf

OS-level agent harness that compiles a policy DSL to an in-kernel eBPF engine for labeled information-flow control at the syscall boundary, enforcing constraints across any tool or subprocess.

A Linux shell environment for using tracing tools on Android with BPFd.

Zero-instrumentation eBPF observability for LLM and coding agents, capturing syscall-level traces (file, network, process) without modifying the agent.

A high performance and lightweight captive portal solution for wireless networks. It leverages eBPF for traffic control and deep packet inspection capabilities, with plans to gradually replace nftables firewall functionality with eBPF-based solutions.

An accessible introduction providing context, history, and details about the functioning of eBPF.

Details on eBPF, its use for tunneling and encapsulation, direct packet access, and more.

Kernel documentation on the AF_XDP address family.

A description of all existing hooks for BPF program types, and of their interest.

A set of live-coding talks and the accompanying code examples, introducing eBPF programming using a variety of libraries and program types.

Guide from the Cilium project.

Learn how eBPF can speed-up local socket communication up to 30%.

A detailed explanation of methods used to capture DNS requests at the socket filter layer.

A step-by-step walkthrough to integrate tracing capabilities in your C++ applications with the LLVM libraries.

Comes with bcc, but targets the Python bits across seventeen "lessons".

Many incremental steps to start using bcc and eBPF, mostly centered on tracing and monitoring.

Helps generate minimal or advanced templates to bootstrap your own applications (kernel side and user space management for maps and programs) with features like CO-RE, global variables, and ring buffer.

With support for FreeBSD kernel, FreeBSD user space, Linux kernel, Linux user space and macOS user space. Used for the

A pure Rust library for writing, loading, and managing eBPF objects, with a focus on developer experience and operability. It supports writing eBPF programs in Rust and distributing library code over crates.io to share it between eBPF programs. Aya does not depend on libbpf.

Templates for writing BPF applications in Aya that can be used with

Framework and set of tools - One way to handle BPF programs, in particular for tracing and monitoring. Also includes some utilities that may help inspect maps or programs on the system.

A disassembler for both BPF flavors and could be highly useful for JIT debugging.

Frequently Asked Questions on the decisions behind the BPF infrastructure.

Index for BPF-related documentation coming with the Linux kernel.

Examples coming along with the bcc tools, mostly about tracing.

These tools themselves can be seen as example use cases for BPF programs, mostly for tracing and monitoring. bcc tools have been packaged for some Linux distributions.

A fully documented and tested example of an eBPF probe that logs all force-kills and prints them out in user-space.

A collection of compiled (as ELF object files) samples gathered from several projects, primarily intended to serve as test cases for user space verifiers.

Some networking programs to attach to the TC interface.

In the kernel tree: some sample eBPF programs.

About contributions to BPF.