bcc-bpflist - Man Page

bpflist [-v]

This tool displays processes currently using BPF programs and maps, and optionally also kprobes and uprobes on the system. This is useful to understand which BPF programs are loaded on the system.

Currently, for lack of a better alternative, this tool pipes into 'ls' and parses its output to snoop for BPF file descriptors in all running processes. In the future, when BPF accounting is provided by the kernel, this tool should use these accounting features.

Only the root user can use this tool, because it accesses debugfs.

bcc, debugfs

-h Print usage message.

-v

Count kprobes and uprobes as well as BPF programs. Repeating verbose mode twice also prints the kprobe and uprobe definitions in addition to counting them.

Display processes currently using BPF programs:

# bpflist

Also count kprobes and uprobes:

# bpflist -v

PID

Process ID.

COMM

Process comm.

TYPE

The type of the data displayed: BPF program, BPF map, kprobe, or uprobe.

COUNT

The number of items of this type that belong to the specified process.

This is from bcc.

https://github.com/iovisor/bcc

Also look in the bcc distribution for a companion _examples.txt file containing example usage, output, and commentary for this tool.

Linux

Unstable - in development.

Sasha Goldshtein