Linux eBPF Tracing Tools
brendangregg.comLinux eBPF tracing tools, showing static and dynamic tracing with extended BPF and the open source BCC collection of tools.
Interested in learning more about low-level specifics of the eBPF stack? Read on as we take a deep dive, from its VM mechanisms and tools, to running traces on remote, resource-constrained embedded devices.
A blog about programming, technology and open-source stuff.
A curated list of awesome projects related to eBPF. - qmonnet/awesome-ebpf
A curated list of awesome projects related to eBPF. - qmonnet/awesome-ebpf
eBPFs are fun. They present an easy way to insert pieces of code in the kernel which are compiled to opcodes which are guaranteed to not crash it: The instructions allowed are limited, backward jumps are not allowed (so no indefinite looping!) and you can’t dereference pointers, but can instead do checked reads from pointers which can fail without panicking the entire system. You can attach an eBPF to thousands of hooks in the Linux kernel - uprobes, kprobes, tracepoints, even things like page faults. They have a lot of exciting features and are very actively developed on - you can see a list of features that are supported per kernel version at https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md.
Summary: It is useful to trace files accessed by a command. Shake and FSATrace provide some tools to do that. When writing a build system, i...
How Pixie uses eBPF to automatically collect data