22 lines
914 B
Plaintext
22 lines
914 B
Plaintext
BPF Compiler Collection (BCC)
|
|
|
|
BCC is a toolkit for creating efficient kernel tracing and
|
|
manipulation programs, and includes several useful tools and examples.
|
|
It makes use of extended BPF (Berkeley Packet Filters), formally known
|
|
as eBPF, a new feature that was first added to Linux 3.15. Much of
|
|
what BCC uses requires Linux 4.1 and above.
|
|
|
|
eBPF was described by Ingo Molnár as:
|
|
|
|
One of the more interesting features in this cycle is the ability to
|
|
attach eBPF programs (user-defined, sandboxed bytecode executed by the
|
|
kernel) to kprobes. This allows user-defined instrumentation on a live
|
|
kernel image that can never crash, hang or interfere with the kernel
|
|
negatively.
|
|
|
|
BCC makes BPF programs easier to write, with kernel instrumentation in
|
|
C (and includes a C wrapper around LLVM), and front-ends in Python and
|
|
lua. It is suited for many tasks, including performance analysis and
|
|
network traffic control.
|
|
|