Show HN: Cerberus – Real-time network monitor with eBPF
Show HN (score: 6)Description
I built Cerberus because traditional packet capture tools (tcpdump, Wireshark) have too much overhead for production CNI environments. eBPF lets us filter and classify packets at the kernel level with near-zero performance impact.
Some interesting challenges: - eBPF verifier is strict - every memory access needs bounds checking - Limited to 32 bytes of L7 payload (tradeoff between inspection depth and overhead) - TC vs XDP decision (chose TC for compatibility)
Looking for contributors, especially on: - Redis backend for distributed deployments - Prometheus metrics export - Anomaly detection
Happy to answer questions!
More from Show
Show HN: Control Claude permissions using a cloud-based decision table UI
Show HN: Control Claude permissions using a cloud-based decision table UI We’ve been building visual rule engines (clear interfaces + API endpoints that help map input data to a large number of outcomes) for a while and had the fun idea lately to see what happens when we use our decision table UI with Claude’s PreToolUse hook.<p>The result is a surprisingly useful policy/gating layer– these tables let your team:<p>- Write multi-factor, exception-friendly policies (e.g. deny rm -rf / when --force; allow cleanup only in node_modules; ask on network calls like curl/wget; block kubectl delete or SQL DROP, each with a clear reason)<p>- Roll out policy changes instantly (mid-run, flip a risky operation from allow → ask; the next attempt across devs and agents is gated immediately– no git pull, agent restart, or coordination)<p>- Adopt lightweight governance that is somewhat agent agnostic and survives churn (MCP/skills/etc)- just add columns/rules as new tools and metadata show up<p>- Get a quick central utility to understand which tools are being used, which tools get blocked most often, and why
Show HN: Claude Code Scheduler
Show HN: Claude Code Scheduler I found myself frequently wanting to schedule tasks in Claude Code (both one-time and recurring) so I built a CC plugin to help with that.<p>To install: /plugin marketplace add jshchnz/claude-code-scheduler /plugin install scheduler@claude-code-scheduler<p>Then just tell Claude what you want (some examples):<p>Every Wednesday at 3am find dead code: unused functions, unreachable branches, commented-out code, and unused imports. List by file with line numbers.<p>Schedule a code review every weekday at 9am. Review commits from the last 24 hours, check for bugs, security issues, error handling gaps, and code that needs comments. Summarize with file:line references.
Show HN: Webctl – Browser automation for agents based on CLI instead of MCP
Show HN: Webctl – Browser automation for agents based on CLI instead of MCP
Show HN: Tsonic – A TypeScript to native code compiler via CLR and NativeAOT
Show HN: Tsonic – A TypeScript to native code compiler via CLR and NativeAOT
No other tools from this source yet.