Package bpftrace

High-level tracing language for Linux eBPF

https://github.com/iovisor/bpftrace

BPFtrace is a high-level tracing language for Linux enhanced Berkeley Packet
Filter (eBPF) available in recent Linux kernels (4.x). BPFtrace uses LLVM as a
backend to compile scripts to BPF-bytecode and makes use of BCC for
interacting with the Linux BPF system, as well as existing Linux tracing
capabilities: kernel dynamic tracing (kprobes), user-level dynamic tracing
(uprobes), and tracepoints. The BPFtrace language is inspired by awk and C,
and predecessor tracers such as DTrace and SystemTap

Version: 0.24.0

System Administration
bashreadline.bt Print bash commands system wide. Uses bpftrace/eBPF.
biolatency.bt Block I/O latency as a histogram. Uses bpftrace/eBPF.
biosnoop.bt Block I/O tracing tool, showing per I/O latency. Uses bpftrace/eBPF.
biostacks.bt Show disk I/O latency with initialization stacks. Uses bpftrace/eBPF.
bitesize.bt Show disk I/O size as a histogram. Uses bpftrace/eBPF.
bpftrace a high-level tracing language
capable.bt Trace security capability checks (cap_capable()).
cpuwalk.bt Sample which CPUs are executing processes.. Uses bpftrace/eBPF.
dcsnoop.bt Trace directory entry cache (dcache) lookups. Uses bpftrace/eBPF.
execsnoop.bt Trace new processes via exec() syscalls. Uses bpftrace/eBPF.
gethostlatency.bt Show latency for getaddrinfo/gethostbyname[2] calls. Uses bpftrace/eBPF.
killsnoop.bt Trace signals issued by the kill(),tkill(),tgkill() syscall. Uses bpftrace/eBPF.
loads.bt Prints load averages. Uses bpftrace/eBPF.
mdflush.bt Trace md flush events. Uses bpftrace/eBPF.
naptime.bt Trace voluntary sleep calls. Uses bpftrace/eBPF.
oomkill.bt Trace OOM killer. Uses bpftrace/eBPF.
opensnoop.bt Trace open() syscalls. Uses bpftrace/eBPF.
pidpersec.bt Count new processes (via fork()). Uses bpftrace/eBPF.
runqlat.bt CPU scheduler run queue latency as a histogram. Uses bpftrace/eBPF.
runqlen.bt CPU scheduler run queue length as a histogram. Uses bpftrace/eBPF.
setuids.bt Trace setuid family of syscalls. Uses bpftrace/eBPF.
ssllatency.bt Show SSL/TLS handshake latency histogram. Uses bpftrace/eBPF.
sslsnoop.bt Show SSL/TLS handshake events. Uses bpftrace/eBPF.
statsnoop.bt Trace stat() syscalls. Uses bpftrace/eBPF.
swapin.bt Count swapins by process. Uses bpftrace/eBPF.
syncsnoop.bt Trace the sync() variety of syscalls. Uses bpftrace/eBPF.
syscount.bt Count system calls. Uses bpftrace/eBPF.
tcpaccept.bt Trace TCP passive connections (accept()). Uses bpftrace/eBPF
tcpconnect.bt Trace TCP active connections (connect()). Uses Linux bpftrace/eBPF
tcpdrop.bt Trace kernel-based TCP packet drops with details. Uses Linux bpftrace/eBPF
tcplife.bt Trace TCP session lifespans with connection details. Uses bpftrace/eBPF.
tcpretrans.bt Trace or count TCP retransmits. Uses Linux bpftrace/eBPF
tcpsynbl.bt Show the TCP SYN backlog as a histogram. Uses bpftrace/eBPF.
threadsnoop.bt Trace thread creation via pthread_create(). Uses bpftrace/eBPF.
undump.bt Catch UNIX domain socket packages. Uses bpftrace/eBPF.
vfscount.bt Count VFS calls ("vfs_*"). Uses bpftrace/eBPF.
vfsstat.bt Count key VFS calls. Uses bpftrace/eBPF.
writeback.bt Trace file system writeback events with details. Uses bpftrace/eBPF.
xfsdist.bt Summarize XFS operation latency. Uses bpftrace/eBPF.