I had in my to-try list BPF. After reading this link, I realised that it was quite straightforward to get a vagrant box with all the requirements.
As per link recommends, watch the video. I didnt know Brendan Gregg worked for Netflix and that Facebook was pushing very hard in BPF development.
You can find all the documentation here:
So as per the main link:
git clone https://github.com/codeboten/bpftracing.git && cd bpftracing vagrant up
Once you have installed the vagrant box (it takes a while) you can “vagrant halt” and start again:
~/storage/technology/linux/bpftracing master$ vagrant status Current machine states: default poweroff (virtualbox) The VM is powered off. To restart the VM, simply runvagrant up~/storage/technology/linux/bpftracing master$ vagrant up Bringing machine 'default' up with 'virtualbox' provider… ==> default: Checking if box 'ubuntu/bionic64' version '20200525.0.0' is up to date… ==> default: Clearing any previously set forwarded ports… ==> default: Clearing any previously set network interfaces… ==> default: Preparing network interfaces based on configuration… default: Adapter 1: nat ==> default: Forwarding ports… default: 22 (guest) => 2222 (host) (adapter 1) ==> default: Running 'pre-boot' VM customizations… ==> default: Booting VM… ==> default: Waiting for machine to boot. This may take a few minutes… default: SSH address: 127.0.0.1:2222 default: SSH username: vagrant default: SSH auth method: private key ==> default: Machine booted and ready! ==> default: Checking for guest additions in VM… default: The guest additions on this VM do not match the installed version of default: VirtualBox! In most cases this is fine, but in rare cases it can default: prevent things such as shared folders from working properly. If you see default: shared folder errors, please make sure the guest additions within the default: virtual machine match the version of VirtualBox you have installed on default: your host and reload your VM. default: default: Guest Additions Version: 5.2.34 default: VirtualBox Version: 6.1 ==> default: Mounting shared folders… default: /vagrant => /home/xxx/storage/technology/linux/bpftracing ==> default: Machine already provisioned. Runvagrant provisionor use the--provision==> default: flag to force provisioning. Provisioners marked to run always will still run. ~/storage/technology/linux/bpftracing master$ vagrant ssh Welcome to Ubuntu 18.04.4 LTS (GNU/Linux 4.15.0-106-generic x86_64) Documentation: https://help.ubuntu.com Management: https://landscape.canonical.com Support: https://ubuntu.com/advantage System information as of Sun Jun 21 19:25:26 UTC 2020 System load: 0.35 Processes: 99 Usage of /: 32.2% of 9.63GB Users logged in: 0 Memory usage: 12% IP address for enp0s3: 10.0.2.15 Swap usage: 0% 0 packages can be updated. 0 updates are security updates. Last login: Sun Jun 21 19:22:37 2020 from 10.0.2.2 vagrant@ubuntu-bionic:~$ vagrant@ubuntu-bionic:~$ cd /vagrant/ vagrant@ubuntu-bionic:/vagrant$ ls Makefile Vagrantfile bpf_program.o monitor-exec README.md bpf_program.c loader.c ubuntu-bionic-18.04-cloudimg-console.log vagrant@ubuntu-bionic:/vagrant$
You can find tools (under /usr/sbin)(already compiled and ready to use) or examples (under /usr/share/doc/bpfcc-tools/examples)
These are the tools you can find in the system:
vagrant@ubuntu-bionic:~$ ls -ltr /usr/sbin | grep -i bpfcc -rwxr-xr-x 1 root root 3496 Nov 29 2017 reset-trace-bpfcc -rwxr-xr-x 1 root root 7105 Nov 29 2017 deadlock_detector.c-bpfcc -rwxr-xr-x 1 root root 9029 Mar 27 2018 zfsslower-bpfcc -rwxr-xr-x 1 root root 5131 Mar 27 2018 zfsdist-bpfcc -rwxr-xr-x 1 root root 8184 Mar 27 2018 xfsslower-bpfcc -rwxr-xr-x 1 root root 4431 Mar 27 2018 xfsdist-bpfcc -rwxr-xr-x 1 root root 6825 Mar 27 2018 wakeuptime-bpfcc -rwxr-xr-x 1 root root 2636 Mar 27 2018 vfsstat-bpfcc -rwxr-xr-x 1 root root 1177 Mar 27 2018 vfscount-bpfcc -rwxr-xr-x 1 root root 2978 Mar 27 2018 ttysnoop-bpfcc -rwxr-xr-x 1 root root 31977 Mar 27 2018 trace-bpfcc -rwxr-xr-x 1 root root 4159 Mar 27 2018 tplist-bpfcc -rwxr-xr-x 1 root root 17766 Mar 27 2018 tcptracer-bpfcc -rwxr-xr-x 1 root root 9327 Mar 27 2018 tcptop-bpfcc -rwxr-xr-x 1 root root 5631 Mar 27 2018 tcpretrans-bpfcc -rwxr-xr-x 1 root root 11996 Mar 27 2018 tcplife-bpfcc -rwxr-xr-x 1 root root 6858 Mar 27 2018 tcpconnlat-bpfcc -rwxr-xr-x 1 root root 6963 Mar 27 2018 tcpconnect-bpfcc -rwxr-xr-x 1 root root 5782 Mar 27 2018 tcpaccept-bpfcc -rwxr-xr-x 1 root root 12809 Mar 27 2018 syscount-bpfcc -rwxr-xr-x 1 root root 1231 Mar 27 2018 syncsnoop-bpfcc -rwxr-xr-x 1 root root 4560 Mar 27 2018 statsnoop-bpfcc -rwxr-xr-x 1 root root 15860 Mar 27 2018 stackcount-bpfcc -rwxr-xr-x 1 root root 6244 Mar 27 2018 sslsniff-bpfcc -rwxr-xr-x 1 root root 6277 Mar 27 2018 solisten-bpfcc -rwxr-xr-x 1 root root 4048 Mar 27 2018 softirqs-bpfcc -rwxr-xr-x 1 root root 3409 Mar 27 2018 slabratetop-bpfcc -rwxr-xr-x 1 root root 5643 Mar 27 2018 runqlen-bpfcc -rwxr-xr-x 1 root root 5998 Mar 27 2018 runqlat-bpfcc -rwxr-xr-x 1 root root 58 Mar 27 2018 rubystat-bpfcc -rwxr-xr-x 1 root root 60 Mar 27 2018 rubyobjnew-bpfcc -rwxr-xr-x 1 root root 56 Mar 27 2018 rubygc-bpfcc -rwxr-xr-x 1 root root 58 Mar 27 2018 rubyflow-bpfcc -rwxr-xr-x 1 root root 59 Mar 27 2018 rubycalls-bpfcc -rwxr-xr-x 1 root root 60 Mar 27 2018 pythonstat-bpfcc -rwxr-xr-x 1 root root 58 Mar 27 2018 pythongc-bpfcc -rwxr-xr-x 1 root root 60 Mar 27 2018 pythonflow-bpfcc -rwxr-xr-x 1 root root 61 Mar 27 2018 pythoncalls-bpfcc -rwxr-xr-x 1 root root 9831 Mar 27 2018 profile-bpfcc -rwxr-xr-x 1 root root 1139 Mar 27 2018 pidpersec-bpfcc -rwxr-xr-x 1 root root 57 Mar 27 2018 phpstat-bpfcc -rwxr-xr-x 1 root root 57 Mar 27 2018 phpflow-bpfcc -rwxr-xr-x 1 root root 58 Mar 27 2018 phpcalls-bpfcc -rwxr-xr-x 1 root root 4858 Mar 27 2018 opensnoop-bpfcc -rwxr-xr-x 1 root root 2337 Mar 27 2018 oomkill-bpfcc -rwxr-xr-x 1 root root 11141 Mar 27 2018 offwaketime-bpfcc -rwxr-xr-x 1 root root 10464 Mar 27 2018 offcputime-bpfcc -rwxr-xr-x 1 root root 58 Mar 27 2018 nodestat-bpfcc -rwxr-xr-x 1 root root 56 Mar 27 2018 nodegc-bpfcc -rwxr-xr-x 1 root root 9289 Mar 27 2018 nfsslower-bpfcc -rwxr-xr-x 1 root root 4587 Mar 27 2018 nfsdist-bpfcc -rwxr-xr-x 1 root root 3221 Mar 27 2018 mysqld_qslower-bpfcc -rwxr-xr-x 1 root root 12023 Mar 27 2018 mountsnoop-bpfcc -rwxr-xr-x 1 root root 17963 Mar 27 2018 memleak-bpfcc -rwxr-xr-x 1 root root 2262 Mar 27 2018 mdflush-bpfcc -rwxr-xr-x 1 root root 3429 Mar 27 2018 llcstat-bpfcc -rwxr-xr-x 1 root root 3295 Mar 27 2018 killsnoop-bpfcc -rwxr-xr-x 1 root root 61 Mar 27 2018 javathreads-bpfcc -rwxr-xr-x 1 root root 58 Mar 27 2018 javastat-bpfcc -rwxr-xr-x 1 root root 60 Mar 27 2018 javaobjnew-bpfcc -rwxr-xr-x 1 root root 56 Mar 27 2018 javagc-bpfcc -rwxr-xr-x 1 root root 58 Mar 27 2018 javaflow-bpfcc -rwxr-xr-x 1 root root 59 Mar 27 2018 javacalls-bpfcc -rwxr-xr-x 1 root root 5154 Mar 27 2018 hardirqs-bpfcc -rwxr-xr-x 1 root root 3852 Mar 27 2018 gethostlatency-bpfcc -rwxr-xr-x 1 root root 7124 Mar 27 2018 funcslower-bpfcc -rwxr-xr-x 1 root root 7442 Mar 27 2018 funclatency-bpfcc -rwxr-xr-x 1 root root 12448 Mar 27 2018 funccount-bpfcc -rwxr-xr-x 1 root root 5847 Mar 27 2018 filetop-bpfcc -rwxr-xr-x 1 root root 7235 Mar 27 2018 fileslower-bpfcc -rwxr-xr-x 1 root root 3718 Mar 27 2018 filelife-bpfcc -rwxr-xr-x 1 root root 9605 Mar 27 2018 ext4slower-bpfcc -rwxr-xr-x 1 root root 5674 Mar 27 2018 ext4dist-bpfcc -rwxr-xr-x 1 root root 5944 Mar 27 2018 execsnoop-bpfcc -rwxr-xr-x 1 root root 20036 Mar 27 2018 deadlock_detector-bpfcc -rwxr-xr-x 1 root root 3920 Mar 27 2018 dcstat-bpfcc -rwxr-xr-x 1 root root 4009 Mar 27 2018 dcsnoop-bpfcc -rwxr-xr-x 1 root root 3780 Mar 27 2018 dbstat-bpfcc -rwxr-xr-x 1 root root 7130 Mar 27 2018 dbslower-bpfcc -rwxr-xr-x 1 root root 12614 Mar 27 2018 cpuunclaimed-bpfcc -rwxr-xr-x 1 root root 4975 Mar 27 2018 cpudist-bpfcc -rwxr-xr-x 1 root root 57 Mar 27 2018 cobjnew-bpfcc -rwxr-xr-x 1 root root 4142 Mar 27 2018 capable-bpfcc -rwxr-xr-x 1 root root 6960 Mar 27 2018 cachetop-bpfcc -rwxr-xr-x 1 root root 4932 Mar 27 2018 cachestat-bpfcc -rwxr-xr-x 1 root root 9887 Mar 27 2018 btrfsslower-bpfcc -rwxr-xr-x 1 root root 6214 Mar 27 2018 btrfsdist-bpfcc -rwxr-xr-x 1 root root 2392 Mar 27 2018 bpflist-bpfcc -rwxr-xr-x 1 root root 1721 Mar 27 2018 bitesize-bpfcc -rwxr-xr-x 1 root root 6171 Mar 27 2018 biotop-bpfcc -rwxr-xr-x 1 root root 4869 Mar 27 2018 biosnoop-bpfcc -rwxr-xr-x 1 root root 4023 Mar 27 2018 biolatency-bpfcc -rwxr-xr-x 1 root root 1567 Mar 27 2018 bashreadline-bpfcc -rwxr-xr-x 1 root root 33534 Mar 27 2018 argdist-bpfcc vagrant@ubuntu-bionic:~$
You can run them like this:
root@ubuntu-bionic:/# cpudist-bpfcc Tracing on-CPU time… Hit Ctrl-C to end. ^C usecs : count distribution 0 -> 1 : 4 | | 2 -> 3 : 0 | | 4 -> 7 : 33 |* | 8 -> 15 : 24 | | 16 -> 31 : 49 |* | 32 -> 63 : 74 |** | 64 -> 127 : 161 |* | 128 -> 255 : 101 | | 256 -> 511 : 76 | | 512 -> 1023 : 116 |* | 1024 -> 2047 : 64 |** | 2048 -> 4095 : 178 |* | 4096 -> 8191 : 558 | | 8192 -> 16383 : 191 | | 16384 -> 32767 : 288 | | 32768 -> 65535 : 338 | | 65536 -> 131071 : 756 |* | 131072 -> 262143 : 1025 || 262144 -> 524287 : 950 |*** | root@ubuntu-bionic:/#
This link is a bit old (you need to add -bpfcc to all commands) but I think it can give you some more details for some tools.
In general, this is quite beyond my knowledge. But I would like to be able to set it up in Debian and obviously use it.