Skip to content
/ badfd Public

A simple eBPF tool to discover leaks in file descriptors

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

scale03/badfd

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
c
c
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

badfd

badfd is a simple eBPF tool designed to detect file descriptors leaks by tracing the openat syscall. Allowing you to observe ENOENT errors (file not found) , EACCES (permission denied) and IO latency.

You can use it to:

  • Hunt misconfigurations.
  • Debug Runtime and IO problems.
  • Discover potential leaks in real-time.

Requirements

  • Linux Kernel 5.8+ (BTF support enabled)
  • Root privileges
  • Go 1.20+

Installation

# Clone the repo
git clone https://github.com/scale03/badfd
cd badfd


make

Usage

Default mode, real time Error hunting


sudo ./badfd --err

Launch a command and trace only its anomalies (and its children):

sudo ./badfd --err -- python3 my_broken_script.py

JSON Output (Pipeline Mode)

Emit structured JSON for logging pipelines (Elastic, Fluentd, etc.):

sudo ./badfd --json --ms 50

License

MIT / GPL Dual Licensed

About

A simple eBPF tool to discover leaks in file descriptors

Topics

linux file-descriptors ebpf-co-re

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

1 fork
Report repository

Releases 1

v.0.1.0 Latest
Nov 24, 2025

Packages

No packages published

Contributors 2

  •  
  •  

Languages