Package bpftrace

High-level tracing language for Linux eBPF

https://github.com/iovisor/bpftrace

BPFtrace is a high-level tracing language for Linux enhanced Berkeley Packet
Filter (eBPF) available in recent Linux kernels (4.x). BPFtrace uses LLVM as a
backend to compile scripts to BPF-bytecode and makes use of BCC for
interacting with the Linux BPF system, as well as existing Linux tracing
capabilities: kernel dynamic tracing (kprobes), user-level dynamic tracing
(uprobes), and tracepoints. The BPFtrace language is inspired by awk and C,
and predecessor tracers such as DTrace and SystemTap

Version: 0.20.1

System Administration
bashreadline.bt	Print bash commands system wide. Uses bpftrace/eBPF.
biolatency.bt	Block I/O latency as a histogram. Uses bpftrace/eBPF.
biosnoop.bt	Block I/O tracing tool, showing per I/O latency. Uses bpftrace/eBPF.
biostacks.bt	Show disk I/O latency with initialization stacks. Uses bpftrace/eBPF.
bitesize.bt	Show disk I/O size as a histogram. Uses bpftrace/eBPF.
bpftrace	a high-level tracing language
capable.bt	Trace security capability checks (cap_capable()).
cpuwalk.bt	Sample which CPUs are executing processes.. Uses bpftrace/eBPF.
dcsnoop.bt	Trace directory entry cache (dcache) lookups. Uses bpftrace/eBPF.
execsnoop.bt	Trace new processes via exec() syscalls. Uses bpftrace/eBPF.
gethostlatency.bt	Show latency for getaddrinfo/gethostbyname[2] calls. Uses bpftrace/eBPF.
killsnoop.bt	Trace signals issued by the kill() syscall. Uses bpftrace/eBPF.
loads.bt	Prints load averages. Uses bpftrace/eBPF.
mdflush.bt	Trace md flush events. Uses bpftrace/eBPF.
naptime.bt	Trace voluntary sleep calls. Uses bpftrace/eBPF.
oomkill.bt	Trace OOM killer. Uses bpftrace/eBPF.
opensnoop.bt	Trace open() syscalls. Uses bpftrace/eBPF.
pidpersec.bt	Count new processes (via fork()). Uses bpftrace/eBPF.
runqlat.bt	CPU scheduler run queue latency as a histogram. Uses bpftrace/eBPF.
runqlen.bt	CPU scheduler run queue length as a histogram. Uses bpftrace/eBPF.
setuids.bt	Trace setuid family of syscalls. Uses bpftrace/eBPF.
ssllatency.bt	Show SSL/TLS handshake latency histogram. Uses bpftrace/eBPF.
sslsnoop.bt	Show SSL/TLS handshake events. Uses bpftrace/eBPF.
statsnoop.bt	Trace stat() syscalls. Uses bpftrace/eBPF.
swapin.bt	Count swapins by process. Uses bpftrace/eBPF.
syncsnoop.bt	Trace the sync() variety of syscalls. Uses bpftrace/eBPF.
syscount.bt	Count system calls. Uses bpftrace/eBPF.
tcpaccept.bt	Trace TCP passive connections (accept()). Uses bpftrace/eBPF
tcpconnect.bt	Trace TCP active connections (connect()). Uses Linux bpftrace/eBPF
tcpdrop.bt	Trace kernel-based TCP packet drops with details. Uses Linux bpftrace/eBPF
tcplife.bt	Trace TCP session lifespans with connection details. Uses bpftrace/eBPF.
tcpretrans.bt	Trace or count TCP retransmits. Uses Linux bpftrace/eBPF
tcpsynbl.bt	Show the TCP SYN backlog as a histogram. Uses bpftrace/eBPF.
threadsnoop.bt	Trace thread creation via pthread_create(). Uses bpftrace/eBPF.
undump.bt	Catch UNIX domain socket packages. Uses bpftrace/eBPF.
vfscount.bt	Count VFS calls ("vfs_*"). Uses bpftrace/eBPF.
vfsstat.bt	Count key VFS calls. Uses bpftrace/eBPF.
writeback.bt	Trace file system writeback events with details. Uses bpftrace/eBPF.
xfsdist.bt	Summarize XFS operation latency. Uses bpftrace/eBPF.