Features of one of the advantages of eBPF Trace

[aminaas1576]

How to Install eBPF Trace
To install eBPF, the user will need kernel version 4.9 or lower. If the program is installed on older kernels, some of the good features of the utility will be unavailable.

Next, the user does the following:

Opens the install.md file from the bcc repository.
Check if it contains all the flags needed for installation with the command:
Writes the following commands:
sudo apt-get update;

sudo apt-get install bcc bcc-tools python-bcc.

Next, the user can begin writing their own commands or use a project of 100 ready-made utilities.

The BCC project has given beginners, robots, more iraq email list than a hundred already written programs used for specific needs. This is not just a recently released project and not tested. These programs are used by programmers working at Facebook, Netflix.

The programs are written in Python, which has embedded pseudo-code C. The basis is the libbcc and libbpf libraries. The code in the utilities can be changed, expanded, or new codes can be written for completely new programs.

BPF Trace Tools
BPF Trace contains various tools that are programming examples. For example:

tools/bashreadline.bt: print entered bash commands system-wide;
tools/biolatency.bt: block I/O latency as a histogram;
tools/biosnoop.bt: A block I/O trace tool that shows I/O latency;
tools/biostacks.bt: show disk I/O latency with initialization stacks;
tools/bitesize.bt: Show disk I/O size as a histogram;
tools/cpuwalk.bt: example of which processors perform these procedures;
tools/dcsnoop.bt: search the cache of directory trace entries (dcache);
tools/execsnoop.bt: Trace new processes using exec() system calls;
tools/gethostlatency.bt: show latency for getaddrinfo/gethostbyname calls;
tools/killsnoop.bt: Trace signals emitted by the kill() system call.
There is another program that helps work with tracing. In fact, it is the progenitor of BPF Trace. The utility was written in 2015 by a Swede named Tobias Waldekranz. It is called Ply.

The program features:

minimum dependencies. If you need to cut off all dependencies, it has its own compiler "ply script language - BPF";
support for a language similar to Awk.
This utility is still supported and works. However, no new features appear. It is suitable for testing the kernel assembly on an embedded system or for testing prototypes.

Conclusion
From the above, the user can conclude that tracing events on Linux using eBPF is easy and simple. However, to write code, you still need to have at least a slight understanding of how it is written. Courses and programming training programs from DevEducation will help beginners with this.