8 repositorios
Tools for analyzing active BPF programs and maps to facilitate loading and interaction.
Distinct from BPF Map Management: Focuses on analyzing existing kernel-resident BPF resources and generating skeletons, whereas Map Management focuses on the data transport and manipulation of the maps themselves.
Explore 8 awesome GitHub repositories matching operating systems & systems programming · BPF Program Introspection. Refine with filters or upvote what's useful.
BCC is an eBPF development toolkit and tracing framework used for monitoring and analyzing the Linux kernel. It functions as a performance analysis tool and debugging utility to capture system events, measure kernel latency, and provide network observability. The project distinguishes itself by providing a build system that integrates with LLVM to compile C-like code into BPF bytecode at runtime. It utilizes BPF Type Format data for relocations to maintain cross-kernel compatibility and extracts kernel headers to ensure the generated programs match the specific kernel version. The toolkit co
BCC analyzes active programs and maps and generates skeletons to facilitate loading and interaction.
kops is a Kubernetes cluster provisioner and lifecycle manager designed to automate the creation, maintenance, and destruction of production-grade clusters on cloud infrastructure. It functions as a declarative infrastructure manager, synchronizing the live state of a cluster with versioned manifests stored in remote object storage to ensure idempotent operations. The project distinguishes itself by offering comprehensive automation for the entire cluster lifecycle, including high-availability control plane deployment, incremental rolling updates, and automated version upgrades. It also serve
Replaces standard NodePort implementations with BPF to improve network performance and efficiency.
pwndbg is a GDB plugin and binary analysis framework designed for reverse engineering, exploit development, and low-level program analysis. It extends the core functionality of the debugger to provide advanced memory inspection and automation tools. The project distinguishes itself with specialized capabilities for heap analysis across glibc, jemalloc, and musl, as well as a comprehensive kernel debugging toolkit for inspecting Linux kernel tasks and slab allocators. It includes an integrated ROP gadget searcher for constructing exploit chains and an LLM-powered debugging assistant that provi
Implements tools for analyzing active eBPF programs and maps within the kernel.
LXD is a unified platform for managing both system containers and virtual machines through a single REST API and command-line interface. It provides a programmatic HTTP interface for controlling the full lifecycle of instances, enabling automation and integration with external tools. The system runs unprivileged containers with per-instance UID/GID mappings, seccomp filters, and AppArmor profiles for kernel-level isolation, while supporting multiple storage backends including directory, Btrfs, LVM, ZFS, Ceph, LINSTOR, and TrueNAS through a unified driver interface. The platform distinguishes
Grants unprivileged containers signed tokens to load and manage BPF programs.
Incus is a unified orchestration platform for managing system containers, OCI application containers, and virtual machines through a single control plane. It brings together cluster infrastructure management, secure multi-tenancy, software-defined networking, and pluggable storage backend orchestration into one cohesive system exposed via a full REST API and command-line interface. What distinguishes Incus is its ability to run multiple instance types side by side—full Linux system containers, OCI application containers, and QEMU virtual machines—all managed with consistent tooling. Networkin
Mounts a BPF filesystem inside a container and delegates selected BPF commands, map types, and program types to unprivileged instances.
Tetragon es un conjunto de herramientas de observabilidad y seguridad en tiempo de ejecución basado en eBPF, diseñado para entornos Linux y Kubernetes. Funciona como un gestor de políticas de seguridad, agente de observabilidad y motor de cumplimiento que se conecta a funciones del kernel y tracepoints para detectar escalada de privilegios, escapes de contenedores y actividad no autorizada en el sistema. El proyecto se distingue por su capacidad de realizar cumplimiento en tiempo de ejecución dentro del kernel, lo que le permite terminar procesos maliciosos de forma síncrona o modificar los valores de retorno de funciones antes de que se complete una llamada al sistema. Ofrece una integración profunda con Kubernetes al sincronizar las identidades de los contenedores y mapear eventos de bajo nivel del kernel directamente a pods y namespaces. Sus capacidades más amplias cubren la auditoría integral de llamadas al sistema, el seguimiento de conexiones de red y el monitoreo de la integridad de archivos. El sistema admite la gestión dinámica de políticas y proporciona herramientas de diagnóstico para monitorear el rendimiento y la utilización de recursos de BPF. El despliegue es compatible con clústeres de Kubernetes mediante Helm charts, así como a través de contenedores independientes y paquetes nativos del sistema operativo.
Extracts metadata from BPF programs and maps to monitor the deployment and execution of BPF code.
Este proyecto es un recurso educativo que proporciona un tutorial de desarrollo integral para escribir y cargar programas eBPF utilizando C, Go y Rust dentro del kernel de Linux. Sirve como una guía técnica para desarrollar lógica personalizada para ejecutar directamente en el kernel. Los materiales cubren dominios especializados incluyendo observabilidad y rastreo del kernel, implementación de seguridad para detección de intrusiones e ingeniería de red de alto rendimiento para filtrado de paquetes y balanceo de carga. También incluye manuales dedicados para el rastreo del kernel de Linux y el uso de kprobes, uprobes y tracepoints. El proyecto abarca una amplia gama de áreas de capacidad, como instrumentación del kernel, monitoreo y observabilidad del sistema, análisis de red y aplicación de seguridad. Además, se extiende a la depuración a nivel de hardware para GPUs y controladores, así como a la manipulación de sistemas de bajo nivel y gestión de recursos.
Controls available BPF commands and map types via a bitmask-based delegation policy.
pwru is a tooling implementation for tracing, filtering, and debugging network packet movements and transformations within the Linux kernel. It functions as an eBPF network packet tracer and debugger used to analyze kernel state and identify where network packets are dropped or redirected. The project provides specialized capabilities for monitoring the packet lifecycle, including tracking packets through NAT transformations and tunnel decapsulation. It includes an eBPF traffic filter that reduces noise by restricting traced packets based on namespaces, interfaces, and kernel function names.
Analyzes active BPF networking programs and helper functions to monitor internal logic.