eBPF MCP
A secure MCP server for eBPF, designed for AI integration, kernel introspection, and automation.
๐ ebpf-mcp: AI-Compatible eBPF Control via Model Context Protocol
A secure, minimal, and schema-enforced MCP server for eBPF โ purpose-built for AI integration, kernel introspection, and automation.
๐ง What Is This?
ebpf-mcp is a secure Model Context Protocol (MCP) server that exposes a minimal set of structured tools to interact with eBPF โ optimized for safe AI control, automation agents, and human operators.
It enables loading, attaching, introspecting, and streaming eBPF programs โ all through strict JSON Schema contracts validated at runtime. No REST APIs, no shell escapes, and no bpftool wrappers.
๐ Quick Start
๐ฆ One-liner Installation
# Install ebpf-mcp server
curl -fsSL https://raw.githubusercontent.com/sameehj/ebpf-mcp/main/install.sh | sudo bash
# Start the service (runs on port 8080 by default)
sudo systemctl start ebpf-mcp
sudo systemctl enable ebpf-mcp
# Get your auth token
cat /etc/ebpf-mcp-token
# Check service status
sudo systemctl status ebpf-mcp
# View logs if needed
sudo journalctl -u ebpf-mcp -f
For air-gapped or development environments:
git clone https://github.com/sameehj/ebpf-mcp.git
cd ebpf-mcp
sudo ./install.sh v1.0.2
๐งช Test the Installation
# Run the complete test suite
cd scripts/
chmod +x test-ebpf-mcp-server.sh
./test-ebpf-mcp-server.sh <your-token>
If no token is provided, the script will prompt for it interactively.
๐ค Claude CLI Integration
Once installed, connect Claude to your eBPF server (runs on port 8080):
# Add MCP server to Claude CLI
claude mcp add ebpf http://localhost:8080/mcp \
-t http \
-H "Authorization: Bearer $(cat /etc/ebpf-mcp-token)"
# Start Claude with eBPF tools
claude --debug
# Optional: Test with MCP Inspector (requires Node.js)
npx @modelcontextprotocol/inspector http://localhost:8080/mcp
๐ Tutorials
Looking to get started in specific environments or with Cursor IDE?
๐งฐ VirtualBox Setup Guide
Learn how to configure and run ebpf-mcp inside a VirtualBox VM, with port forwarding, SSH access, and practical tips.
๐ฅ๏ธ Cursor IDE + eBPF-MCP Integration
Step-by-step guide for running the eBPF MCP server with Cursor IDE for AI-driven observability.
Example prompts:
> Get system info and kernel version> Load and attach a kprobe program to monitor sys_execve> Show me all active eBPF programs and their types> Stream events from ringbuffer maps for 10 seconds> Trace kernel errors for the next 5 seconds
๐ฅ Install Options
| Method | Command | Use Case |
|---|---|---|
| One-liner | curl ... | sudo bash | Production systems |
| Manual | git clone && sudo ./install.sh | Development/air-gapped |
| Build from source | make build | Custom modifications |
| Docker | Coming soon | Containerized environments |
๐ง Minimal Toolset
Each tool is designed to be schema-validatable, AI-orchestrable, and safe-by-default. They cover 80%+ of real-world observability and control workflows.
| Tool Name | Status | Description | Capabilities Required |
|---|---|---|---|
info | โ | System introspection: kernel, arch, BTF | CAP_BPF or none (read-only) |
load_program | โ | Load and validate .o files (CO-RE supported) | CAP_BPF or CAP_SYS_ADMIN |
attach_program | โ | Attach program to XDP, kprobe, tracepoint hooks | Depends on type (e.g. CAP_NET_ADMIN for XDP) |
inspect_state | โ | List programs, maps, links, and tool metadata | CAP_BPF (read-only) |
stream_events | โ | Stream events from ringbuf/perfbuf maps | CAP_BPF (read-only) |
trace_errors | โ | Monitor kernel tracepoints for error conditions | CAP_BPF (read-only) |
All tools return structured JSON output โ AI-ready, streaming-compatible, and schema-validated.
๐ See
docs/TOOL_SPECS.mdfor full schema definitions.
๐ What You Can Do
- โ Query kernel version, architecture, and BTF availability
- โ Load programs from disk or inline base64 with optional BTF
- โ Attach to live systems with type-safe constraints
- โ Inspect pinned objects, kernel version, verifier state
- โ Stream real-time events with filtering by pid/comm/cpu
- โ Trace kernel errors and system anomalies
- โ Discover available tools and their schemas
- โ Integrate with Claude, Ollama, or MCP-compatible clients
๐ก๏ธ Security Model
| Layer | Controls |
|---|---|
| eBPF execution | Kernel verifier + resource caps |
| Filesystem | No shell, no exec, path-validated |
| Runtime isolation | Session-scoped cleanup, strict inputs |
| AI safety | Capability-aware schemas + output limits |
| Authentication | Bearer token + HTTPS ready |
๐งผ All resources are automatically cleaned up when a client disconnects (no manual unload/detach required unless pinned).
๐ฆ Project Structure
.
โโโ cmd/ # MCP server + CLI client
โโโ internal/ # Core logic: eBPF, tools, kernel adapters
โโโ pkg/types/ # JSON schema bindings + shared types
โโโ docs/ # Tool specs, design notes, schemas
โโโ scripts/ # Install script + test suite
โโโ schemas/ # JSON Schema files for each tool
๐ง Advanced Design Notes
โ Lifecycle Management
- ๐ No manual detach: Links are closed automatically unless pinned
- ๐งน Auto cleanup: FDs and memory are released on disconnect
- ๐ Pinning: Optional pin paths (
/sys/fs/bpf/...) for maps/programs/links
๐ค AI Tooling Compatibility
- All tools are strictly typed with published schemas and return structured JSON output
- AI-ready: No parsing required โ direct integration with language models
- Streaming-compatible: Real-time data flows for observability workflows
- Responses include:
tool_versionverifier_log(for debugging)- Structured
errorwithcontext
๐ Extensibility
Future optional tools:
pin_object/unpin_objectdetach_linkmap_batch_op
These are omitted from the default for security and simplicity.
๐ References
- Linux Kernel eBPF Docs
- Model Context Protocol
- MCP Inspector Tool
- JSON Schema Spec (2020-12)
- eBPF Security Best Practices
- Cilium for Kubernetes Observability
๐งช See scripts/test-ebpf-mcp-server.sh for full validation suite.
Basic Architecture:
Claude / Ollama / AI Client
โ
MCP JSON-RPC
โ
ebpf-mcp server
โ
Kernel APIs
๐ Licensing
| Component | License |
|---|---|
internal/ebpf/ | GPL-2.0 |
| Everything else | Apache-2.0 |
โ๏ธ Contact
๐ฌ GitHub โ sameehj/ebpf-mcp ๐ Contributions, issues, and PRs welcome!
Structured. Safe. Schema-native.
ebpf-mcpbrings eBPF to the age of AI.
Related Servers
IDA Pro MCP
MCP Server for automated reverse engineering with IDA Pro.
Remote MCP Server (Authless)
An example of a remote MCP server deployable on Cloudflare Workers without authentication.
Claude MCP Tools
An MCP server ecosystem for integrating with Anthropic's Claude Desktop and Claude Code CLI.
Metasploit MCP Server
An MCP server for integrating with the Metasploit Framework. Requires Metasploit Framework to be installed and msfrpcd to be running.
Enkrypt AI
Integrate red-teaming, prompt auditing, and AI safety analysis into any MCP-compatible client.
Bash MCP Server
Execute bash commands on the host machine.
SDD MCP
Provides Seam-Driven Development tools for AI-assisted software development.
Hostname MCP Server
A lightweight server for hostname detection and system context.
WinTerm MCP
Provides programmatic access to the Windows terminal, enabling AI models to interact with the command line interface.
Next.js DevTools MCP
next-devtools-mcp is a MCP server that provides Next.js development tools and utilities for AI coding assistants like Claude and Cursor.