A presentation about BPF, with a focus on the Linux tracing aspects, made at Sqreen offices in May 2019.
This workshop was prepared on a machine running Ubuntu 18.04 server edition (kernel 4.15). It should work on other distributions as well. A recent kernel is required (4.15 works, a few versions before that may work, but it is recommended to use the newest kernel available).
If you do not have access to a suitable machine, a virtual image is made available for duration of the workshop, see vm.md.
This workshop revolves around three tools:
- bpftool
- bcc
- bpftrace
The first step consists in installing them. Please refer to quick_install.md for instructions.
The provided VM already has all three tools installed.
Note that most of the work will require admin privileges. If in a suitable environment, you may want to work as root.
-
Finished early? Just play around with the tools! Try creating a flame graph with
profileoroffcputimefrom bcc for example?