Linux BPF Tracing with BPFtrace
BPFtrace is a high level tracing language for Linux Berkeley Packet Filter (BPF) available in recent Linux kernels. Built on top of LLVM and BCC (https://github.com/iovisor/bcc), BPFtrace provides an easier way of writing BPF programs for interacting with Linux tracing capabilites, such as kprobes, uprobes, kernel tracepoints, USDT and hardware events.
We'll go over Linux BPF itself and how BPFtrace fits in, followed by some demonstrations of new performance and monitoring tools written with BPFtrace.
- People interested in learning more about BPF powered tracing,
- BCC users who would like an easier way to write ad-hoc tracing scripts.
Alastair Robertson is the creator of bpftrace and has been working on it in his own time for the past two years after discovering the new tracing capabilities of Linux BPF.