An object library that contains several utilities to develop BPF utilities in C++.
Repository URL: https://github.com/trailofbits/ebpf-common
A Linux library that can be used to record system call activity. It works by generating eBPF programs that are then attached to the system tracepoints.
Comes with a small command line utility that can be used to directly trace system call tracepoints.
Repository URL: https://github.com/trailofbits/ebpfpub
This tool is a syscall fault injector built on top of eBPF that has no requirements on the target machine other than a kernel version good enough to support the required features.
Repository URL: https://github.com/trailofbits/ebpfault