Show HN: Cerberus – Real-time network monitor with eBPF

I built Cerberus because traditional packet capture tools (tcpdump, Wireshark) have too much overhead for production CNI environments. eBPF lets us filter and classify packets at the kernel level with near-zero performance impact.

Some interesting challenges: - eBPF verifier is strict - every memory access needs bounds checking - Limited to 32 bytes of L7 payload (tradeoff between inspection depth and overhead) - TC vs XDP decision (chose TC for compatibility)

Looking for contributors, especially on: - Redis backend for distributed deployments - Prometheus metrics export - Anomaly detection

Happy to answer questions!