[转帖]BPF Compiler Collection (BCC)

bpf,compiler,collection,bcc · 浏览次数 : 0

小编点评

**Bcc Tools Introduction** **Overview** Bcc (Bytecode Compiler) is a tool that allows programmers to perform various operations on the kernel, including memory manipulation, network programming, and system call invocation. The bcc toolkit provides various tools and functionalities to help programmers write, debug, and analyze BPF programs. **Features** * End-to-end BPF workflow in a shared library * Modified C language for BPF backends * Integration with llvm-bpf backend for JITDynamic * Support for BPF kernel hooks * Binding for Python * Tutorials and resources for learning about Bcc **Getting Started** * Install the bcc toolkit and its dependencies. * Set up a BPF environment, including the kernel and kernel modules. * Write a BPF program using the Python interface. * Run the program and observe its behavior. **Tools and Functions** * `bbf` - BPF compiler * `bcppy` - BPF memory bpper * `bcore` - BPF kernel hooks and functions * `bpy` - Python bindings for BPF * `bvt` - BPF virtual machine * `bp` - BPF kernel plugin **Usage** * Write BPF programs using the `bbf` compiler. * Run the compiled program. * Use the BPF tools and functions to manipulate memory, network, and system calls. * Write and run Python programs to interact with BPF programs. **Example** ```python # Create a BPF virtual machine bvt = bvt.new() # Get the kernel and kernel modules kernel = bvt.kernel modules = kernel.modules # Load the BPF program bbf = bbf.new() bbf.load(kernel, modules, 'myprogram.bbf') # Execute the program bbf.run() ``` **Benefits** * Bcc provides a powerful and flexible tool for programmers to solve performance, troubleshooting, and networking issues. * It integrates with various tools and libraries, making it easy to write and execute BPF programs. * The toolkit offers tutorials and resources to help beginners get started with Bcc. **Additional Resources** * Bcc Documentation: `tutorial.md` * Bcc Tutorial: `tutorial_bcc_python_developer.md` * IOVisor Community: `Mailing List` * GitHub Issues: `Links` **Note:** This is a high-level overview of Bcc tools. For more detailed information and specific examples, refer to the documentation and tutorials provided.

正文

https://github.com/iovisor/bcc

 

BCC is a toolkit for creating efficient kernel tracing and manipulation programs, and includes several useful tools and examples. It makes use of extended BPF (Berkeley Packet Filters), formally known as eBPF, a new feature that was first added to Linux 3.15. Much of what BCC uses requires Linux 4.1 and above.

eBPF was described by Ingo Molnár as:

One of the more interesting features in this cycle is the ability to attach eBPF programs (user-defined, sandboxed bytecode executed by the kernel) to kprobes. This allows user-defined instrumentation on a live kernel image that can never crash, hang or interfere with the kernel negatively.

BCC makes BPF programs easier to write, with kernel instrumentation in C (and includes a C wrapper around LLVM), and front-ends in Python and lua. It is suited for many tasks, including performance analysis and network traffic control.

Screenshot

This example traces a disk I/O kernel function, and populates an in-kernel power-of-2 histogram of the I/O size. For efficiency, only the histogram summary is returned to user-level.

# ./bitehist.py
Tracing... Hit Ctrl-C to end.
^C
     kbytes          : count     distribution
       0 -> 1        : 3        |                                      |
       2 -> 3        : 0        |                                      |
       4 -> 7        : 211      |**********                            |
       8 -> 15       : 0        |                                      |
      16 -> 31       : 0        |                                      |
      32 -> 63       : 0        |                                      |
      64 -> 127      : 1        |                                      |
     128 -> 255      : 800      |**************************************|

The above output shows a bimodal distribution, where the largest mode of 800 I/O was between 128 and 255 Kbytes in size.

See the source: bitehist.py. What this traces, what this stores, and how the data is presented, can be entirely customized. This shows only some of many possible capabilities.

Installing

See INSTALL.md for installation steps on your platform.

FAQ

See FAQ.txt for the most common troubleshoot questions.

Reference guide

See docs/reference_guide.md for the reference guide to the bcc and bcc/BPF APIs.

Contents

Some of these are single files that contain both C and Python, others have a pair of .c and .py files, and some are directories of files.

Tracing

Examples:

Tools:

Networking

Examples:

BPF Introspection:

Tools that help to introspect BPF programs.

  • introspection/bps.c: List all BPF programs loaded into the kernel. 'ps' for BPF programs. Examples.

Motivation

BPF guarantees that the programs loaded into the kernel cannot crash, and cannot run forever, but yet BPF is general purpose enough to perform many arbitrary types of computation. Currently, it is possible to write a program in C that will compile into a valid BPF program, yet it is vastly easier to write a C program that will compile into invalid BPF (C is like that). The user won't know until trying to run the program whether it was valid or not.

With a BPF-specific frontend, one should be able to write in a language and receive feedback from the compiler on the validity as it pertains to a BPF backend. This toolkit aims to provide a frontend that can only create valid BPF programs while still harnessing its full flexibility.

Furthermore, current integrations with BPF have a kludgy workflow, sometimes involving compiling directly in a linux kernel source tree. This toolchain aims to minimize the time that a developer spends getting BPF compiled, and instead focus on the applications that can be written and the problems that can be solved with BPF.

The features of this toolkit include:

  • End-to-end BPF workflow in a shared library
    • A modified C language for BPF backends
    • Integration with llvm-bpf backend for JIT
    • Dynamic (un)loading of JITed programs
    • Support for BPF kernel hooks: socket filters, tc classifiers, tc actions, and kprobes
  • Bindings for Python
  • Examples for socket filters, tc classifiers, and kprobes
  • Self-contained tools for tracing a running system

In the future, more bindings besides python will likely be supported. Feel free to add support for the language of your choice and send a pull request!

Tutorials

Networking

At Red Hat Summit 2015, BCC was presented as part of a session on BPF. A multi-host vxlan environment is simulated and a BPF program used to monitor one of the physical interfaces. The BPF program keeps statistics on the inner and outer IP addresses traversing the interface, and the userspace component turns those statistics into a graph showing the traffic distribution at multiple granularities. See the code here.

Contributing

Already pumped up to commit some code? Here are some resources to join the discussions in the IOVisor community and see what you want to work on.

External links

Looking for more information on BCC and how it's being used? You can find links to other BCC content on the web in LINKS.md.

与[转帖]BPF Compiler Collection (BCC)相似的内容:

[转帖]BPF Compiler Collection (BCC)

https://github.com/iovisor/bcc BCC is a toolkit for creating efficient kernel tracing and manipulation programs, and includes several useful tools and

[转帖]BPF Compiler Collection (BCC)

https://github.com/iovisor/bcc BCC is a toolkit for creating efficient kernel tracing and manipulation programs, and includes several useful tools and

[转帖][译] 使用 bcc/BPF 分析 Go 程序

https://toutiao.io/posts/089ydx/preview BCC 是基于 BPF 的 Linux IO 分析、监控、网络工具集合。BPF Compiler Collection (BCC) 是创建高效内核追踪和处理程序的工具包,包含几个有用的工具和用例。BCC 扩展了 BPF

[转帖]7 个使用 bcc/BPF 的性能分析神器

https://linux.cn/article-9139-1.html 使用伯克利包过滤器Berkeley Packet Filter(BPF)编译器集合Compiler Collection(BCC)工具深度探查你的 Linux 代码。 在 Linux 中出现的一种新技术能够为系统管理员和开发者

[转帖]eBPF监控工具bcc系列一启航

https://blog.51cto.com/u_15333820/3453313 在eBPF篇中,我们知道虽然可用 C 来实现 BPF,但编译出来的却仍然是 ELF 文件,开发者需要手动析出真正可以注入内核的代码。工作有些麻烦,于是就有人设计了 BPF Compiler Collection(BC

[转帖]eBPF文章翻译(2)——BCC介绍(附实验环境)

nevermosby eBPF学习计划可以看这里。 该篇为入门文章翻译系列第二篇,第一篇看这里。 原文名称:An introduction to the BPF Compiler Collection,原文地址:https://lwn.net/Articles/742082/ 目录 BCC是什么 一

[转帖]BPF的可移植性和CO-RE (Compile Once – Run Everywhere)

https://www.cnblogs.com/charlieroro/p/14206214.html 在上一篇文章中介绍了提高socket性能的几个socket选项,其中给出了几个源于内核源码树中的例子,如果选择使用内核树中的Makefile进行编译的话,可能会出现与本地头文件冲突的情况,如重复定

[转帖]eBPF系列学习(4)了解libbpf、CO-RE (Compile Once – Run Everywhe) | 使用go开发ebpf程序(云原生利器cilium ebpf )

文章目录 一、了解libbpf1. BPF的可移植性CO-RE (Compile Once – Run Everywhere)BPF 可移植性面临的问题BPF的可移植性CO-RE (Compile Once – Run Everywhere) 2. libbpf和bcc性能对比3. 了解libbpf

[转帖]BPF 进阶笔记(五):几种 TCP 相关的 BPF(sockops、struct_ops、header options)

http://arthurchiao.art/blog/bpf-advanced-notes-5-zh/ 整理一些 TCP 相关的 BPF 内容,主要来自 Facebook 和 Google 的分享。 关于 “BPF 进阶笔记” 系列 平时学习和使用 BPF 时所整理。由于是笔记而非教程,因此内容不

[转帖]BPF 拓荒者 —— Brendan Gregg 与 Netflix 的故事

https://www.modb.pro/db/421308 译者写在开头 在我的上一篇文章:Brendan@Intel.com[1] 中,我翻译了他与 Intel 的故事。这次,我们时光倒流一下,说说前传:Brendan Gregg 与 Netflix 的故事。 我写博客的出发点是想把自己所学所思