eBPF 101 Tooling and API

eBPF can be programmed using one of many frontends available, e.g., LLVM, BCC and bpftrace, from lowest- to highest-level languages.

The LLVM compiler supports BPF as the target and higher-level languages, like C can be compiled into BPF. BCC and bpftrace internally using LLVM to compile C or its own higher-level language into BFP.

Viewing BPF instructions

bpftool(8) is a command-line tool that included in the Linux kernel for viewing and manipulating the BPF objects.

bpftool perf: lists BPF programs that been attached to perf_event_open().
bpftool prog show: lists all BPF programs.
bpftool prog dump xlated: dumps BPF program instructions in BPF assembly format.
bpftool prog dump jited: dumps BPF program instructions in machine code format.
……

The bpftrace can also be used to viewing the BPF program with the -v command-line option:

bpftrace -v biolatency.bt

Viewing BPF instructions

Comments: