<!-- Copyright 2024 Leon Hwang. SPDX-License-Identifier: Apache-2.0 -->

bpfsnoop

bpfsnoop is a modernized kernel functions, kernel tracepoints and bpf programs tracing tool for the bpf era.

Features and Usages

Please check bpfsnoop.com for more details.

Acknowledgments

• cilium/ebpf for interacting with bpf subsystem.
• daludaluking/addr2line for translating addresses to file and line number by parsing debug info from vmlinux.
• bpfsnoop/gapstone for disassembling machine native instructions.
• jschwinger233/elibpcap for injecting pcap-filter expressions to bpf stubs.

License

This project is licensed under the Apache-2.0 License - see the LICENSE file for details.