parca-agent
bcc
parca-agent | bcc | |
---|---|---|
10 | 71 | |
484 | 19,499 | |
5.0% | 1.2% | |
9.9 | 9.2 | |
2 days ago | 5 days ago | |
Go | C | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
parca-agent
-
Flameshow: A Terminal Flamegraph Viewer
If that's true, you should probably update the docs. Everything I could find implied dotnet, jvm, python were still unsupported. For example, the roadmap section of the readme mentions most of these but nothing mentions dotnet. However I did find your tickets and a demo being merged in which makes it seem maybe supported?
Ticket: https://github.com/parca-dev/parca-agent/issues/161
Demo: https://github.com/parca-dev/parca-demo/pull/18
-
How to troubleshoot memory leaks in Go with Grafana Pyroscope
Couldn't see any advantages to this over https://github.com/parca-dev/parca-agent. Which uses eBPF so it can be used with non-instrumented apps and code paths.
-
Frame pointers vs. DWARF – my verdict
The pervasive lack of frame pointers is the reason why we've developed a custom format derived from DWARF unwind information thanks to some insights: DWARF unwind information is incredible flexible, it supports many arches and allows restoring any arbitrary register. But we only need 3: the frame pointer, the stack pointer, and in non-x86 the return address.
In addition, this encoding doesn't use that many bytes, but unfortunately reading and parsing that information is quite expensive.
For that reason I've developed a new unwinder that uses custom unwind information derived from DWARF (https://www.polarsignals.com/blog/posts/2022/11/29/profiling..., previously discussed in https://news.ycombinator.com/item?id=33788794) that runs in BPF. This new compact representation can be binary searched easily and each unwind row has a size of 16 bytes. I are currently working on reducing it down to ~10 bytes.
All the code is fully OSS (Apache 2.0 for userspace and GPL for BPF), and part of the Parca project (https://github.com/parca-dev/parca-agent).
We've also given some talks in FOSDEM going deeper into how we made it scale for many big processes.
-
Dwarf-Based Stack Walking Using eBPF
I find this surprising! Was this for off the shelf applications or some custom binaries?
As mentioned above, we see DWARF expressions such as `DW_CFA_def_cfa_expression` on the regular. See the "Test Plan" section and commit messages of the PR that introduced support for this particular opcode [0]
[0]: https://github.com/parca-dev/parca-agent/pull/1058
- Parca Agent rewrites eBPF in-kernel C code in Rust (using Aya-rs)
-
Fantastic Symbols and Where to Find Them - Part 2
Let's see an example perf map file for NodeJS. The runtimes out there output this file with more or less the same format, more or less!
-
Fantastic Symbols and Where to Find Them - Part 1
The good news is we got you covered. If you are using Parca Agent, we already do the heavy lifting for you to symbolize captured stack traces. And we keep extending our support for the different languages and runtimes.
bcc
-
eBPF: Unleashing Kernel Magic for Modern Infrastructure
But wait, there's more! Enter the BCC toolkit and library, your trusty sidekick in simplifying the arcane art of writing eBPF applications. With BCC by your side, you'll be wielding eBPF like a seasoned pro in no time.
-
Linux: Easy Keylogger with eBPF (2018)
Nice - I normally use [bash-readline](https://github.com/iovisor/bcc/blob/master/tools/bashreadlin...) when coworking/co-inhabiting a server or training someone.
-
eBPF Documentary
One of the big wins is not so much “build and run your own stuff” but there are very nice low-cost (in terms of compute) performance utilities built on eBPF
https://github.com/iovisor/bcc
There are so many utilities in that list; there’s a diagram midway down the readme which tries to help show their uses. bcc-tools should be available in any distro.
Also, Brendan Gregg does a ton of performance stuff that is worth knowing about if you check out his other work. Not eBPF only. Flame graphs are useful.
- Bpftop: Streamlining eBPF performance optimization
-
eBPF Tutorial by Example 16: Monitoring Memory Leaks
Reference: https://github.com/iovisor/bcc/blob/master/libbpf-tools/memleak.c
- eBPF Tutorial by Example 9: Capturing Scheduling Latency and Recording as Histogram
-
Uprobes Siblings - Capturing HTTPS Traffic: A Rust and eBPF Odyssey
In this article, we'll build a basic version of an HTTPS sniffer, inspired by bcc-sslsniff.py, but we'll use Rust and Aya. We're going to demonstrate the capabilities of uprobes by employing uprobe and uretprobe along with familiar maps like PerCpuArray, HashMap, and PerEventArray. This will be a straightforward example to help us explore how uprobes function.
-
Issue XDP_REDIRECT on other interface in the same namespace
As xpd program I am using the BCC example xdp_redirect_map.py in skb mode as my NIC does not support native mode, attaching the program to veth2 and a dummy function to veth3
-
Linux runtime security agent powered by eBPF
https://github.com/iovisor/bcc/blob/master/docs/reference_gu...
- eBPF Practical Tutorial: Capturing SSL/TLS Plain Text Data Using uprobe
What are some alternatives?
kubectl-flame - Kubectl plugin for effortless profiling on kubernetes
libbpf - Automated upstream mirror for libbpf stand-alone build.
ebpf - ebpf-go is a pure-Go library to read, modify and load eBPF programs and attach them to various hooks in the Linux kernel.
bpftrace - High-level tracing language for Linux eBPF [Moved to: https://github.com/bpftrace/bpftrace]
perf-map-agent - A java agent to generate method mappings to use with the linux `perf` tool
ebpf-for-windows - eBPF implementation that runs on top of Windows
pwru - Packet, where are you? -- eBPF-based Linux kernel networking debugger
zfs - OpenZFS on Linux and FreeBSD
rbspy - Sampling CPU profiler for Ruby
linux - Linux kernel source tree
go-profiler-notes - felixge's notes on the various go profiling methods that are available.
nokogiri-rust - Ruby FFI wrapper around scraper crate to be used instead of Nokogiri. Status: proof of concept.