bpftrace
el7-bpf-specs
bpftrace | el7-bpf-specs | |
---|---|---|
24 | 1 | |
7,647 | 66 | |
- | - | |
0.0 | 0.0 | |
about 1 year ago | about 3 years ago | |
C++ | Shell | |
Apache License 2.0 | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
bpftrace
- Why would you still want to use strace in 2023? [video]
- Ask HN: How to measure the latency numbers every programmer should know?
-
Securing PyTorch Models with eBPF
In this blog, I will present secimport — a toolkit for creating and running sandboxed applications in Python that utilizes eBPF (bpftrace) to secure Python runtimes.
-
Tag Systems
I haven't come across of any project like that, but in case anyone wants to implement this and doesn't know where to start, here's a way to do it on a freedesktop-compatible linux:
Make a userspace daemon process that adds eBPF tracepoints[0] to open{,_at} etc syscalls which match files of your user directories with specific extensions (e.g. .docx).
Associate PIDs that open those files with their .desktop entries[1]
Store results in some database like sqlite3.[2]
Search this database with your favorite interface, like a CLI script or a GNOME shell search provider[3].
I have seen this Rust project on HN which does something similar but with file attribute syscalls, you can use it as reference: https://github.com/javierhonduco/sweeper
[0]: https://github.com/iovisor/bpftrace
- eBGP tracing for newbie
-
[beetrace]Trace your python process line by line with low overhead!
I develop a python tool that allows you to trace a Python process line by line or the functions' entries and returns. It uses USDT(User Statically-Defined Tracing) probes with bpftrace.
-
How to check is a linux server is compromised or rooted?
bpftrace and/or bpfcc-tools can also be useful (dpkg -L bpftrace to see available tools). You can monitor files being opened/written at kernel level (opensnoop*, filelife*, filetop*), connections being established (tcp*bpfcc), etc.
- Beginner questions
-
Getting notified when a process runs
Similar to this method is bpftrace: https://github.com/iovisor/bpftrace/blob/master/tools/execsnoop.bt
-
Regarding bpftrace vfs_unlink, why can't I monitor the uid, and the obtained value is 0
uname -a Linux ying 5.18.5-200.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Jun 16 14:51:11 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
el7-bpf-specs
What are some alternatives?
bcc - BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more
ungoogled-chromium-fedora - dnf install chromium-browser-privacy
ebpf_exporter - Prometheus exporter for custom eBPF metrics
bpftrace - High-level tracing language for Linux
gyeeta - Gyeeta - An Open Source eBPF based Observability Product for your Infrastructure, Services and Processes. This repository is for the Agent and Server C++ code.
spotify-easyrpm - Download, convert and install the Spotify for Linux package
OpenCSD - OpenCSD: eBPF Computational Storage Device (CSD) for Zoned Namespace (ZNS) SSDs in QEMU
awesome-ebpf - A curated list of awesome projects related to eBPF.
ungoogled-chromium-fedora - RPM build for ungoogled-chromium
kubectl-trace - Schedule bpftrace programs on your kubernetes cluster using the kubectl