diff options
Diffstat (limited to 'development/bcc/README')
-rw-r--r-- | development/bcc/README | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/development/bcc/README b/development/bcc/README new file mode 100644 index 0000000000..ed001ad7fe --- /dev/null +++ b/development/bcc/README @@ -0,0 +1,21 @@ +BPF Compiler Collection (BCC) + +BCC is a toolkit for creating efficient kernel tracing and +manipulation programs, and includes several useful tools and examples. +It makes use of extended BPF (Berkeley Packet Filters), formally known +as eBPF, a new feature that was first added to Linux 3.15. Much of +what BCC uses requires Linux 4.1 and above. + +eBPF was described by Ingo Molnár as: + +One of the more interesting features in this cycle is the ability to +attach eBPF programs (user-defined, sandboxed bytecode executed by the +kernel) to kprobes. This allows user-defined instrumentation on a live +kernel image that can never crash, hang or interfere with the kernel +negatively. + +BCC makes BPF programs easier to write, with kernel instrumentation in +C (and includes a C wrapper around LLVM), and front-ends in Python and +lua. It is suited for many tasks, including performance analysis and +network traffic control. + |