bcc
libbpf-bootstrap
Our great sponsors
| bcc | libbpf-bootstrap | |
|---|---|---|
| 55 | 1 | |
| 16,869 | 0 | |
| 2.5% | - | |
| 8.8 | 0.0 | |
| 2 days ago | about 2 years ago | |
| C | C | |
| Apache License 2.0 | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
bcc
-
Sloth – A Mac app that shows all open files, directories, sockets, etc.
On Linux, this can be done using BPF (Berkley Packet Filter). In fact there is a tool in BCC[0] called filetop, which lists reads/writes by process and file[1].
0. https://github.com/iovisor/bcc
1. https://github.com/iovisor/bcc/blob/master/tools/filetop.py
-
Announcing allocscope: a tool for tracking allocations in Rust / C++ / C apps
I recommend you investigate using eBPF hooks in the linux kernel for this allocation tracking, it is measurable much faster. E.g. https://github.com/iovisor/bcc/blob/master/tools/memleak.py
-
Memory Tracing
Hey there! Of course. There are a few good examples here and here. Yes, they're specific tools (which I, by the way, do recommend), but you can have a look at the BPF code here as well.
Thanks for the link :) this one seems pretty much like what I was looking for, with Vxlan encapsulation, will bother you if i face issues on running the script they have there. Looks like couple of years old since the last contribution to that git page: https://github.com/iovisor/bcc/tree/master/examples/networking/tunnel_monitor
-
Can I just have KubeCTL access? I used to have it in my old company
What we saw was stalling in the kernel run queue. One of the other people on our team did some debugging with eBPF. I think they may have used runqlen.py. But as soon as they evicted the one damaging pod from the machine, all the other workloads were no longer starved.
-
Navigate your way to production bliss with Caretta
We set out to look for an additional probe that can help us complete the picture. Even then, we find eBPF useful to explore the linux TCP stack. Tools like stacksnoop or stackcount can be used to understand the flow a network packet is going through when it’s processed and compare different functions to see how “noisy” each function is. Searching for data probing locations consists of a constant trade-off between being too nosy and being blind, and we’re looking for the sweet spot in the middle.
- Name a program that doesn't get enough love!
-
How do I intercept executed commands in user space?
If you're interested specifically in bash, you can look into bcc's bashreadline to output user commands. If you're interested in applying security policies to potential user commands, you can also take a look at Tracee although other open source solutions exist here as well.
-
Dwarf-Based Stack Walking Using eBPF
That's right! There's no "traditional" loops as programs have to be proved to terminate at some point.
That being said, very recently support for bounded loops landed [0]. It's very exciting and useful, and I've seen it reduce verification times significantly, but we can't use this yet as it requires kernel 5.3 or greater, and we would like to support as many users as possible!
[0]: https://lwn.net/Articles/877062/
[1]: https://github.com/iovisor/bcc/commit/38304256c49a02aecbf78f...
libbpf-bootstrap
-
Tips and Tricks for Writing Linux BPF Applications with libbpf
You can see the complete code in hardirqs.bpf.c (built with libbpf-bootstrap).
What are some alternatives?
libbpf - Automated upstream mirror for libbpf stand-alone build.
zfs - OpenZFS on Linux and FreeBSD
linux - Linux kernel source tree
flamegraph - Easy flamegraphs for Rust projects and everything else, without Perl or pipes <3
ebpf-for-windows - eBPF implementation that runs on top of Windows
nokogiri-rust - Ruby FFI wrapper around scraper crate to be used instead of Nokogiri. Status: proof of concept.
bpftrace - High-level tracing language for Linux eBPF
rbspy - Sampling CPU profiler for Ruby
libguestfs - library and tools for accessing and modifying virtual machine disk images. PLEASE DO NOT USE GITHUB FOR ISSUES OR PULL REQUESTS. See the website for how to file a bug or contact us.
lexbor - Lexbor is development of an open source HTML Renderer library. http://lexbor.com
flamescope - FlameScope is a visualization tool for exploring different time ranges as Flame Graphs.