|Linux| eBPF – BCC config and test

BCC := BPF Compiler Collection (ref. https://lwn.net/Articles/742082/ )

Originally, BPF is a tool for analyzing network traffic. After years, eBPF has been improved to be used for non-networking purposes, such as for attaching eBPF programs to various tracepoints. wiki

Comparing with XDP (driver layer tool for network, XDP test), BCC provides a tool chain for high level languages.
With this tool, developers can implement their own analyzing tools to manage BPF tools by Python, Lua or other high level languages.

This article will show how to config and run a test code.

Environment:
Ubuntu 18.04
Kernel 4.15

Install: (note, using Python3 not 2)
# dependency libraries:
sudo apt-get -y install bison build-essential cmake flex git libedit-dev \
libllvm6.0 llvm-6.0-dev libclang-6.0-dev python zlib1g-dev libelf-dev

# for install and compile BCC
git clone https://github.com/iovisor/bcc.git
mkdir bcc/build; cd bcc/build
cmake ..
make
sudo make install
cmake -DPYTHON_CMD=python3 .. # build python3 binding
pushd src/python/
make
sudo make install
popd


There are many tools samples you can try:
https://github.com/iovisor/bcc/tree/master/tools
https://github.com/iovisor/bcc/tree/master/examples
https://github.com/iovisor/bcc/blob/master/INSTALL.md#ubuntu—source


Test your BCC and BPF:
cd bcc/examples
sudo python3 hello_world.py

#!/usr/bin/python
# Copyright (c) PLUMgrid, Inc.
# Licensed under the Apache License, Version 2.0 (the "License")

# run in project examples directory with:
# sudo ./hello_world.py"
# see trace_fields.py for a longer example

from bcc import BPF

# This may not work for 4.17 on x64, you need replace kprobe__sys_clone with kprobe____x64_sys_clone
BPF(text='int kprobe__sys_clone(void *ctx) { bpf_trace_printk("Hello, World!\\n"); return 0; }').trace_print()

https://github.com/iovisor/bcc/blob/master/docs/tutorial_bcc_python_developer.md



BCC:
https://davidlovezoe.club/wordpress/archives/874
https://github.com/iovisor/bcc/blob/master/INSTALL.md#ubuntu—source
https://github.com/iovisor/bcc/blob/master/docs/tutorial_bcc_python_developer.md