Top 14 C++ Ebpf Projects

Ebpf

• Add a project

1. bpftrace

   1 9 10,146 9.8 C++

   High-level tracing language for Linux

   

   Project mention: Kafka on Kubernetes: Performance Lessons for Any Disk-Heavy Data Service | dev.to | 2026-05-10

   bpftrace

2. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

3. falco

   2 55 9,022 9.3 C++

   Cloud Native Runtime Security

   

   Project mention: Postmortem: Supply Chain Attack via Compromised NPM Package 11 Caused a Production Data Leak | dev.to | 2026-04-28

   Static scanning tools like Snyk and Dependabot will always lag behind zero-day supply chain attacks – our malicious package 11.2.4 was in the wild for 72 hours before any static tool flagged it. You need runtime monitoring to catch exfiltration attempts in real time, even if a malicious package slips past your CI checks. For Node.js projects, use the runtime-exfil-monitor.js script (Code Example 3) which hooks process.env access and network requests via JS Proxies to block unauthorized access to sensitive environment variables and C2 communication. We deployed this to all production ECS tasks and reduced mean time to detection (MTTD) for supply chain incidents from 72 hours to 11 seconds. For lower-level monitoring across all workloads, use Falco (https://github.com/falcosecurity/falco), an eBPF-based tool that detects suspicious network connections, file writes, and process executions from containerized workloads. In our benchmarks, Falco detected the malicious postinstall script's network request to c2-leak-metrics.xyz in 400ms, vs 11 seconds for the JS proxy (due to Node.js startup time). A common concern is performance overhead: our JS proxy added 0.2% CPU overhead and 12MB of memory per Node.js process, which is negligible for production workloads. Falco adds <1% CPU overhead for most workloads. Never rely solely on static scans – the 2024 Verizon Data Breach Investigations Report found that 68% of supply chain attacks that caused data leaks bypassed static SCA tools entirely. Runtime monitoring is the only way to catch these zero-day exploits before data is exfiltrated.

4. pixie

   3 22 6,460 8.0 C++

   Instant Kubernetes-Native Application Observability

   

   Project mention: CI/CD Observability with OpenTelemetry Step by Step Guide | news.ycombinator.com | 2025-06-15

   A child comment mentioned k8s but I also have been chomping at the bit to try out the eBPF hooks in https://github.com/pixie-io/pixie (or even https://github.com/coroot/coroot or https://github.com/parca-dev/parca ) all of which are Apache 2 licensed

   The demo for https://github.com/draios/sysdig was also just amazing, but I don't have any idea what the storage requirements would be for leaving it running

5. perforator

   4 7 3,403 10.0 C++

   Perforator is a cluster-wide continuous profiling tool designed for large data centers

   

   Project mention: OpenTelemetry Profiles Enters Public Alpha | news.ycombinator.com | 2026-03-26

   We had reached out to y'all last year to explore taking ideas from your format, but IIRC nobody from your team ended up making it to one of our SIG meetings?

   https://github.com/yandex/perforator/issues/13

6. PcapPlusPlus

   5 34 3,099 9.2 C++

   PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use. It provides C++ wrappers for the most popular packet processing engines such as libpcap, Npcap, WinPcap, DPDK, AF_XDP and PF_RING.

   

   Project mention: PcapPlusPlus: Your New Secret Weapon for Network Packet Mastery | dev.to | 2025-08-02

   View the Project on GitHub

7. loongcollector

   6 2 2,153 9.3 C++

   Fast and Lightweight Observability Data Collector

   

   Project mention: Alibaba Cloud Open-Sources LoongSuite: Crafting A High-Performance, Low-cost Observable Data Collection Suite for the AI Era | dev.to | 2025-10-16

   LoongCollector: https://github.com/alibaba/loongcollector LoongSuite Python Agent: https://github.com/alibaba/loongsuite-python-agent LoongSuite Go Agent: https://github.com/alibaba/loongsuite-go-agent LoongSuite Java Agent: https://github.com/alibaba/loongsuite-java-agent

8. bpftime

   7 15 1,491 8.7 C++

   Userspace eBPF runtime for Observability, Network, GPU & General Extensions Framework

   

   Project mention: A Taxonomy of GPU Bugs: 19 Defect Classes for CUDA Verification | dev.to | 2026-02-10

   Just as eBPF enables safe, verified extension code to run inside the Linux kernel, bpftime gpu_ext (The arxiv, previous name eGPU) bring eBPF to GPUs, allowing user-defined policy code (for observability, scheduling, or resource control) to be injected into GPU drivers and kernels with static verification guarantees. Such a GPU extension framework must ensure that policy code cannot introduce crashes, hangs, data races, or unbounded overhead. A critical concern in modern GPU deployments is performance interference in multi-tenant environments: contention for shared resources makes execution time unpredictable. "Making Powerful Enemies on NVIDIA GPUs" studies how adversarial kernels can amplify slowdowns, arguing that performance interference is a system-level safety property when GPUs are shared. This motivates treating bounded overhead as a correctness property, not merely an optimization goal.

9. polycube

   8 3 530 0.0 C++

   eBPF/XDP-based software framework for fast network services running in the Linux kernel.

   

10. prevail

    9 2 466 9.3 C++

    eBPF verifier based on abstract interpretation

    

11. opentelemetry-network

    10 1 405 9.0 C++

    eBPF Collector

    

12. llvmbpf

    11 1 134 6.3 C++

    Userspace/GPU eBPF VM with llvm JIT/AOT compiler

    

13. OpenCSD

    12 1 67 4.0 C++

    OpenCSD: eBPF Computational Storage Device (CSD) for Zoned Namespace (ZNS) SSDs in QEMU

    

14. ebpf-assembler

    13 10 23 6.3 C++

    eBPF bytecode assembler and compiler

    

15. gyeeta

    14 2 12 8.6 C++

    Gyeeta - An Open Source eBPF based Observability Product for your Infrastructure, Services and Processes. This repository is for the Agent and Server C++ code.

    

C++ Ebpf related posts

• Kafka on Kubernetes: Performance Lessons for Any Disk-Heavy Data Service

  1 project | dev.to | 10 May 2026

• Malicious litellm 1.82.8: Credential Theft and Persistent Backdoor in AI Workflows

  1 project | dev.to | 25 Mar 2026

• A Taxonomy of GPU Bugs: 19 Defect Classes for CUDA Verification

  2 projects | dev.to | 10 Feb 2026

• eBPF Tutorial: Tracing CUDA GPU Operations

  2 projects | dev.to | 29 Dec 2025

• eBPF Tutorial by Example: Tracing Intel NPU Kernel Driver Operations

  4 projects | dev.to | 8 Dec 2025

• eBPF Tutorial by Example: Monitoring GPU Driver Activity with Kernel Tracepoints

  1 project | dev.to | 3 Nov 2025

• The GPU Observability Gap: Why We Need eBPF on GPUs

  2 projects | dev.to | 21 Oct 2025
• A note from our sponsor - SaaSHub
  www.saashub.com | 6 Jun 2026

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending C++ projects with our weekly report!