bpfsnoop

bpfsnoop is a modernized kernel functions, kernel tracepoints and bpf programs tracing tool for the bpf era.

Features and Usages

Please check bpfsnoop.com for more details.

cilium/ebpf for interacting with bpf subsystem.
daludaluking/addr2line for translating addresses to file and line number by parsing debug info from vmlinux.
bpfsnoop/gapstone for disassembling machine native instructions.
jschwinger233/elibpcap for injecting pcap-filter expressions to bpf stubs.

This project is licensed under the Apache-2.0 License - see the LICENSE file for details.

Name		Name	Last commit message	Last commit date
Latest commit History 121 Commits
.github/workflows		.github/workflows
bin		bin
bpf		bpf
img		img
internal		internal
lib		lib
makefiles		makefiles
.gitignore		.gitignore
.gitmodules		.gitmodules
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
go.mod		go.mod
go.sum		go.sum
main.go		main.go