bcc
bpftrace
Our great sponsors
bcc | bpftrace | |
---|---|---|
71 | 24 | |
19,404 | 7,647 | |
2.2% | - | |
9.2 | 0.0 | |
9 days ago | 3 months ago | |
C | C++ | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
bcc
-
eBPF: Unleashing Kernel Magic for Modern Infrastructure
But wait, there's more! Enter the BCC toolkit and library, your trusty sidekick in simplifying the arcane art of writing eBPF applications. With BCC by your side, you'll be wielding eBPF like a seasoned pro in no time.
-
Linux: Easy Keylogger with eBPF (2018)
Nice - I normally use [bash-readline](https://github.com/iovisor/bcc/blob/master/tools/bashreadlin...) when coworking/co-inhabiting a server or training someone.
-
eBPF Documentary
One of the big wins is not so much “build and run your own stuff” but there are very nice low-cost (in terms of compute) performance utilities built on eBPF
https://github.com/iovisor/bcc
There are so many utilities in that list; there’s a diagram midway down the readme which tries to help show their uses. bcc-tools should be available in any distro.
Also, Brendan Gregg does a ton of performance stuff that is worth knowing about if you check out his other work. Not eBPF only. Flame graphs are useful.
- Bpftop: Streamlining eBPF performance optimization
-
eBPF Tutorial by Example 16: Monitoring Memory Leaks
Reference: https://github.com/iovisor/bcc/blob/master/libbpf-tools/memleak.c
- eBPF Tutorial by Example 9: Capturing Scheduling Latency and Recording as Histogram
-
Uprobes Siblings - Capturing HTTPS Traffic: A Rust and eBPF Odyssey
In this article, we'll build a basic version of an HTTPS sniffer, inspired by bcc-sslsniff.py, but we'll use Rust and Aya. We're going to demonstrate the capabilities of uprobes by employing uprobe and uretprobe along with familiar maps like PerCpuArray, HashMap, and PerEventArray. This will be a straightforward example to help us explore how uprobes function.
-
Issue XDP_REDIRECT on other interface in the same namespace
As xpd program I am using the BCC example xdp_redirect_map.py in skb mode as my NIC does not support native mode, attaching the program to veth2 and a dummy function to veth3
-
Linux runtime security agent powered by eBPF
https://github.com/iovisor/bcc/blob/master/docs/reference_gu...
- eBPF Practical Tutorial: Capturing SSL/TLS Plain Text Data Using uprobe
bpftrace
- Why would you still want to use strace in 2023? [video]
- Ask HN: How to measure the latency numbers every programmer should know?
-
Securing PyTorch Models with eBPF
In this blog, I will present secimport — a toolkit for creating and running sandboxed applications in Python that utilizes eBPF (bpftrace) to secure Python runtimes.
-
Tag Systems
I haven't come across of any project like that, but in case anyone wants to implement this and doesn't know where to start, here's a way to do it on a freedesktop-compatible linux:
Make a userspace daemon process that adds eBPF tracepoints[0] to open{,_at} etc syscalls which match files of your user directories with specific extensions (e.g. .docx).
Associate PIDs that open those files with their .desktop entries[1]
Store results in some database like sqlite3.[2]
Search this database with your favorite interface, like a CLI script or a GNOME shell search provider[3].
I have seen this Rust project on HN which does something similar but with file attribute syscalls, you can use it as reference: https://github.com/javierhonduco/sweeper
[0]: https://github.com/iovisor/bpftrace
- eBGP tracing for newbie
-
[beetrace]Trace your python process line by line with low overhead!
I develop a python tool that allows you to trace a Python process line by line or the functions' entries and returns. It uses USDT(User Statically-Defined Tracing) probes with bpftrace.
-
How to check is a linux server is compromised or rooted?
bpftrace and/or bpfcc-tools can also be useful (dpkg -L bpftrace to see available tools). You can monitor files being opened/written at kernel level (opensnoop*, filelife*, filetop*), connections being established (tcp*bpfcc), etc.
- Beginner questions
-
Getting notified when a process runs
Similar to this method is bpftrace: https://github.com/iovisor/bpftrace/blob/master/tools/execsnoop.bt
-
Regarding bpftrace vfs_unlink, why can't I monitor the uid, and the obtained value is 0
uname -a Linux ying 5.18.5-200.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Jun 16 14:51:11 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
What are some alternatives?
libbpf - Automated upstream mirror for libbpf stand-alone build.
ebpf_exporter - Prometheus exporter for custom eBPF metrics
ebpf-for-windows - eBPF implementation that runs on top of Windows
kubectl-trace - Schedule bpftrace programs on your kubernetes cluster using the kubectl
zfs - OpenZFS on Linux and FreeBSD
el7-bpf-specs - RPM specs for building bpf related tools on CentOS 7
linux - Linux kernel source tree
OpenCSD - OpenCSD: eBPF Computational Storage Device (CSD) for Zoned Namespace (ZNS) SSDs in QEMU
nokogiri-rust - Ruby FFI wrapper around scraper crate to be used instead of Nokogiri. Status: proof of concept.
btrfs-fuzz - Unsupervised coverage-guided btrfs fuzzer
libbpf-bootstrap - Scaffolding for BPF application development with libbpf and BPF CO-RE
streamlit - Streamlit — A faster way to build and share data apps.