bcc-bpflist man page

bpflist ā€” Display processes currently using BPF programs and maps.

Synopsis

bpflist [-v]

Description

This tool displays processes currently using BPF programs and maps, and optionally also kprobes and uprobes on the system. This is useful to understand which BPF programs are loaded on the system.

Currently, for lack of a better alternative, this tool pipes into 'ls' and parses its output to snoop for BPF file descriptors in all running processes. In the future, when BPF accounting is provided by the kernel, this tool should use these accounting features.

Only the root user can use this tool, because it accesses debugfs.

Requirements

bcc, debugfs

Options

-h Print usage message.

-v

Count kprobes and uprobes as well as BPF programs. Repeating verbose mode twice also prints the kprobe and uprobe definitions in addition to counting them.

Examples

Display processes currently using BPF programs:

# bpflist

Also count kprobes and uprobes:

# bpflist -v

Fields

PID

Process ID.

COMM

Process comm.

TYPE

The type of the data displayed: BPF program, BPF map, kprobe, or uprobe.

COUNT

The number of items of this type that belong to the specified process.

Source

This is from bcc.

https://github.com/iovisor/bcc

Also look in the bcc distribution for a companion _examples.txt file containing example usage, output, and commentary for this tool.

OS

Linux

Stability

Unstable - in development.

Author

Sasha Goldshtein

Info

2017-03-09 USER COMMANDS