30 open-source projects similar to eunomia-bpf/bpf-developer-tutorial, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Bpf Developer Tutorial alternative.
Aya is a Rust-native framework for writing, compiling, and loading eBPF programs into the Linux kernel. It provides a complete development environment that eliminates the need for a C toolchain or libbpf, allowing developers to work entirely within the Rust ecosystem. The framework manages the full lifecycle of eBPF programs, including async runtime integration, CO-RE BTF resolution for kernel version portability, ELF-based program loading, and safe kernel memory access. The framework distinguishes itself through its pure Rust compilation pipeline, which compiles Rust source code directly int
Tetragon is an eBPF-based runtime security and observability toolset designed for Linux and Kubernetes environments. It functions as a security policy manager, observability agent, and enforcement engine that hooks into kernel functions and tracepoints to detect privilege escalation, container escapes, and unauthorized system activity. The project distinguishes itself through its ability to perform real-time, in-kernel enforcement, allowing it to synchronously terminate malicious processes or modify function return values before a system call completes. It provides deep Kubernetes integration
This project is a Go library and runtime for loading and managing eBPF programs and maps. It provides a bytecode loader and kernel interface to inject instructions into kernel hooks for system-level execution and observability across both Linux and Windows operating systems. The library features a relocation engine and tooling to ensure program compatibility across different kernel versions and distributions. It supports portable deployment by embedding compiled objects for multiple CPU architectures into a single binary and provides the ability to load signed system drivers on Windows. The
FRRouting is an internet routing suite comprising a collection of daemons that implement standard IPv4 and IPv6 routing protocols. It provides a protocol engine for BGP, an EVPN network virtualizer, and an MPLS label manager, alongside a gRPC routing interface for programmatic configuration and data retrieval using YANG models. The suite is distinguished by its extensibility through a Lua scripting framework that executes custom scripts at internal hooks to modify routing behavior. It also features a transactional configuration model that uses separate candidate and running databases to ensur
Inspektor Gadget is an eBPF observability toolset and program framework designed for tracing Linux systems and debugging Kubernetes nodes. It provides a suite of tools to collect kernel-level telemetry and export system metrics via the OpenTelemetry standard. The project distinguishes itself by packaging inspection tools as OCI-compliant container images, allowing for standardized distribution and deployment across clusters and hosts. It employs a modular data processing pipeline that utilizes WebAssembly modules to transform and filter telemetry, and leverages Compile Once Run Everywhere for
Keepalived is a high availability manager and virtual IP failover tool that ensures continuous service availability. It coordinates the migration of floating IP addresses between master and backup nodes using the Virtual Router Redundancy Protocol to manage router redundancy and seamless failover. The project distinguishes itself by integrating with the Linux kernel IPVS module to function as a transport-layer load balancer. It distributes network traffic across backend servers using various scheduling algorithms and forwarding methods such as NAT, direct routing, or tunneling. The system in
Katran is an eBPF-based Layer 4 load balancer designed for high-performance network packet forwarding directly within the Linux kernel. It utilizes an XDP network packet processor to bypass the standard kernel network stack, minimizing latency and maximizing throughput for incoming traffic. The system implements weighted consistent hashing to distribute network loads and maintain session persistence across backend servers. It further optimizes the return path through a direct server return gateway, which allows backends to respond directly to clients and removes the load balancer from the out
This project is a comprehensive computer networking textbook and instructional resource. It serves as a technical guide for the design and implementation of network layers, protocols, and hardware architecture, covering the spectrum from physical links to application-layer protocols. The content provides a detailed study of standards for congestion control, reliable data delivery, and internetwork routing. It includes specialized technical material on network security, public-key infrastructure, and the operation of modern cloud infrastructure and data centers. The material covers a broad ra
BCC is an eBPF development toolkit and tracing framework used for monitoring and analyzing the Linux kernel. It functions as a performance analysis tool and debugging utility to capture system events, measure kernel latency, and provide network observability. The project distinguishes itself by providing a build system that integrates with LLVM to compile C-like code into BPF bytecode at runtime. It utilizes BPF Type Format data for relocations to maintain cross-kernel compatibility and extracts kernel headers to ensure the generated programs match the specific kernel version. The toolkit co
This project is a front-end interview study guide and a collection of structured notes designed for technical job preparation. It serves as a comprehensive reference for web technologies, common technical interview questions, and JavaScript algorithm implementation. The notebook distinguishes itself by integrating specialized guides for web performance optimization, browser API documentation, and JavaScript algorithm references. It provides a structured approach to solving coding challenges involving data structures like binary trees, linked lists, and array manipulation. The content covers
This project is a collection of structured study notes and conceptual breakdowns designed for the AWS Certified Cloud Practitioner exam. It serves as a technical reference and study guide, organizing cloud service details and architectural principles to assist in certification preparation. The knowledge base is built using markdown files and includes curated cheat sheets and interactive mind-map visualizations. These tools map complex certification topics into visual hierarchies to enable drill-down study paths and rapid revision. The materials cover a wide range of cloud capabilities, inclu
Falco is an eBPF runtime security monitor and cloud native detection engine that identifies abnormal behavior and security threats across hosts and containers. It functions as a Linux kernel event auditor, capturing system calls and kernel events in real-time to detect malicious activity. The system distinguishes itself through a rule-based threat detection model that evaluates system activity against a library of community-maintained rules and custom security definitions. It enriches raw kernel events with container and Kubernetes metadata to provide observability into isolated environments
Pixie is an open-source observability platform for Kubernetes that uses eBPF to automatically capture telemetry data from clusters without requiring any manual instrumentation or code changes. It functions as an eBPF telemetry collector, a continuous application profiler, a network traffic analyzer, and a scriptable telemetry query engine, all within a single Kubernetes-native tool. The platform distinguishes itself through several integrated capabilities. It continuously samples stack traces from compiled-language code to identify CPU performance bottlenecks, visualizing the results as inter
Binsider is a collection of specialized toolsets for hexadecimal editing, ELF structural analysis, system call tracing, and execution performance profiling. It provides a suite of utilities designed for binary reverse engineering, encompassing both static structural analysis and dynamic runtime monitoring of compiled binaries. The project distinguishes itself by combining low-level binary manipulation, such as a hex editor for raw byte modification, with an ELF binary analysis tool for inspecting file structures and metadata. It also includes a Linux system call tracer for observing dynamic b
KubeArmor is a runtime security enforcement system designed to protect containerized workloads and host infrastructure by restricting unauthorized process, file, and network activity. It operates by deploying lightweight agents across nodes that utilize kernel-level interception and Linux Security Modules to monitor and block system operations in real time. By mapping these enforcement actions to specific container and pod identities, the platform maintains granular access control within multi-tenant environments. The project distinguishes itself through a declarative policy orchestration fra
ProcMon-for-Linux is an eBPF-based system observability tool and process monitor for Linux. It functions as a system call tracer and activity logger, capturing real-time kernel and user-space events to analyze operating system behavior. The project features a text user interface for inspecting recorded trace files. It separates high-performance headless event recording from the analysis interface to prevent data loss during heavy system loads. The tool provides capabilities for system call tracing and activity monitoring, including the ability to filter events by process identifiers or speci
Perfetto is a platform for system-level performance tracing and analysis on Linux and Android. It combines a high-throughput trace recorder, a SQL-based query engine, and a browser-based visualizer into a single toolchain. The platform covers CPU scheduling and call-stack profiling, native and Java heap memory allocation tracking, GPU and graphics events, and system-wide counters such as CPU frequency and power consumption. The architecture decouples trace recording from offline analysis, using a compact protobuf format for event encoding and columnar storage for efficient SQL queries. The we
Seesaw is a traffic distribution platform based on Linux Virtual Server technology. It functions as a load balancer for managing high-availability network clusters, utilizing a BGP anycast routing controller to advertise and withdraw virtual IP addresses to direct traffic to the nearest available node. The system includes a direct server return orchestrator that allows backend servers to send outbound traffic directly to clients. It also provides a cluster management command line interface for controlling reload configurations and triggering failovers between nodes. The platform covers backe
Tracee is a cloud-native runtime security and forensics tool that uses eBPF to capture system calls and kernel events in real time. It operates as a standalone binary or a Helm-deployable agent for Kubernetes, normalizing system calls, network events, and container activities into a unified event pipeline for consistent analysis. The tool distinguishes itself through policy-driven event filtering using YAML-based rules, allowing users to target specific workloads and reduce noise during monitoring. It includes built-in threat detection signatures that flag suspicious behavioral patterns witho
linux-cachyos is a performance-tuned Arch Linux kernel distribution that combines advanced compiler optimizations with multiple CPU scheduler options to enhance system responsiveness and throughput. The project provides kernel variants supporting BORE, EEVDF, and BMQ schedulers, enabling users to match scheduling behavior to interactive, general-purpose, or throughput-oriented workloads, alongside real-time preemption capabilities for time-sensitive applications. The kernel is compiled using Clang with Thin Link-Time Optimization and incorporates AutoFDO profile-guided optimization, which use
Sysdig is a Linux system observability tool and kernel event analyzer designed for capturing and analyzing kernel-level system calls and operating system events. It functions as a system call tracer and container security monitor, providing deep visibility into the activity of machines, virtual machines, and containers. The project specializes in non-invasive container inspection, allowing for the monitoring of container activity and resource usage without modifying the container environment or adding instrumentation. It enables the recording of detailed system traces into binary files for re
Kyanos is a diagnostic toolset for network analysis that uses eBPF to measure packet latency and trace traffic from the network card to the application. It functions as a kernel latency profiler and network performance monitor, providing capabilities to map external dependencies and capture network traffic. The project is distinguished by its ability to perform automatic SSL traffic decryption, converting encrypted requests and responses into plaintext for analysis. It further isolates bottlenecks by attributing latency across multiple stages, specifically tracing the time packets spend withi
brpc is a high-performance C++ RPC framework and network programming library designed for building distributed systems. It functions as a multi-protocol RPC server capable of hosting and detecting multiple communication protocols, including gRPC, Thrift, HTTP, Redis, and Memcached, on a single TCP port. The project distinguishes itself through high-throughput data transport and memory efficiency, utilizing RDMA-based transport to bypass the kernel TCP stack and zero-copy memory management to eliminate data duplication. It also implements the Raft algorithm for consensus-based state replicatio
3proxy is a multi-protocol proxy server and network access control gateway. It functions as a network traffic forwarder capable of routing TCP and UDP traffic across HTTP, SOCKS, and various email and file protocols. The project provides specialized capabilities for secure traffic inspection, including the decryption and analysis of HTTPS and TLS streams through certificate spoofing and mutual authentication. It further supports client identity anonymization by routing outbound traffic through recursive upstream proxy chains. The software covers a broad range of network management functions,
This project is a specialized toolset for profiling kernel latency, analyzing tracepoint frequency, and monitoring system-wide performance data. It functions as a kernel performance profiler, tracepoint analyzer, and a collection of utilities for the Linux ftrace and perf_events subsystems. The toolkit provides high-level abstractions via shell-scripted wrappers to manage complex kernel tracing interfaces. It distinguishes itself through the use of bucket-based event histograms to visualize the distribution of kernel events and the ability to identify functions exceeding specific latency thre
ufw-docker is a network security tool and firewall manager designed to enforce UFW security policies on Docker container traffic. It functions as a Linux firewall orchestrator that modifies routing and filter rules to prevent container traffic from bypassing system firewall policies via iptables. The tool provides capabilities for isolated port exposure, allowing specific ports or protocols to be opened for containers without exposing them on the host machine. It also manages network subnet security for IPv4 and IPv6 through automatic detection and custom CIDR ranges. The system includes aut
WindowsSpyBlocker is a suite of utilities designed to stop operating system data collection and tracking by applying firewall rules, hosts file blocks, and telemetry restrictions. It functions as a telemetry blocker and firewall manager that prevents the operating system from sending usage data to remote servers. The project features a specialized connectivity modifier for adjusting the network connectivity status indicator to prevent external reporting. It includes a network traffic auditor to capture and analyze system traffic to identify spying activities, alongside a manager for DNS and h
AdguardFilters is a collection of curated adblock filter lists, content blocking rulesets, and DNS blocklists. Its primary purpose is to provide the rules necessary to identify and remove advertisements, tracking scripts, and intrusive elements across web browsers and applications. The project includes specialized rules for cosmetic filtering to hide layout gaps and a malware domain database to block phishing and spyware destinations. It provides distinct filtering sets for different regions and purposes, such as social media blocking. The repository covers broad capability areas including m
Zapret is a deep packet inspection bypass tool and packet manipulation framework designed to circumvent network censorship. It operates as a transparent network proxy and TCP traffic obfuscator that modifies packets to deceive network inspection systems. The project distinguishes itself through advanced desynchronization strategies, including the modification of TLS client hello handshakes and the use of fake packet injection. It utilizes a combination of TCP stream segmentation, sequence overlapping, and TTL adjustment to hide prohibited requests from firewalls while ensuring the destination
Coroot is an observability platform and Kubernetes performance monitor that utilizes eBPF to automatically collect metrics, logs, and traces without requiring manual code instrumentation. It functions as an OpenTelemetry trace analyzer and an LLM observability gateway, exposing system health data to large language models through the Model Context Protocol. The platform differentiates itself by combining automated root cause analysis and AI-driven diagnostics to investigate performance regressions. It also includes a cloud cost monitoring tool that attributes infrastructure spending to specifi