bcc: BPF based kernel analysis utilities

tux_compbcc is a collection of tracing and monitoring tools on Linux written around eBPF (Extended Berkeley Packet Filter), an in-kernel VM. BPF is one of the latest mechanisms of its kind built into the kernel (at the time of writing) and finds its use in networking, tracing, in-kernel optimizations and hardware optimizations. bcc provides both kernel-level and user-level tracing options.

Features

  • kernel instrumentation in C, frontend in python
  • both static and dynamic tracing available
  • many performance analysis tools included
  • show disk I/O latency histogram
  • trace a single process
  • detect new processes
  • per-interval summaries (e.g. VFS statistics)
  • detect show ext4 operations
  • view run-queue latency
  • view TCP connections
  • stack profiling and tracing
  • customized tracing
  • trace node.js USDT probes

The set of utilities in bcc can replace many of the regular kernel and user-space utilities. As the stats come directly from the kernel, the data is near-real time too.

Installation

Many utilities in bcc need at least kernel 4.1 to function properly.

Instructions to install bcc on Ubuntu, Fedora and Arch can be found here. Note that BFC needs to be enabled in the kernel to support bcc utilities.

Rating

Features: 4.5/5
Usability: intended for avanced users and developers

Webpage: bcc

Leave a Reply

Your email address will not be published. Required fields are marked *