| ▲ | Show HN: Cerberus – Real-time network monitor with eBPF(github.com) | |
| 11 points by zrouga 2 days ago | 3 comments | ||
Hi HN! I'm Mo, a platform engineer at Deltaflare working on critical infrastructure protection. I built Cerberus because traditional packet capture tools (tcpdump, Wireshark) have too much overhead for production CNI environments. eBPF lets us filter and classify packets at the kernel level with near-zero performance impact. Some interesting challenges: - eBPF verifier is strict - every memory access needs bounds checking - Limited to 32 bytes of L7 payload (tradeoff between inspection depth and overhead) - TC vs XDP decision (chose TC for compatibility) Looking for contributors, especially on: - Redis backend for distributed deployments - Prometheus metrics export - Anomaly detection Happy to answer questions! | ||
| ▲ | Joel_LeBlanc 2 days ago | parent | next [-] | |
Hi Mo, it's great to see innovative solutions like Cerberus addressing the challenges of traditional monitoring tools. I'm curious about your experience with eBPF and how it has impacted your team's workflow. It sounds like you're on an exciting journey! | ||
| ▲ | rixed 2 days ago | parent | prev | next [-] | |
Aren't tcpdump and wireshark based on libpcap which itself uses ebpf to compile and run packet filters? How is cerberus different? | ||
| ▲ | exceptione 2 days ago | parent | prev [-] | |
Thanks! Have you considered sysdig/csysdig for your needs, and if so, how do you feel about it? | ||