This is a 90-minute workshop created by Brendan Gregg, and uses some exercises from the book BPF Performance Tools: Linux System and Application Observability. BPF enables a new class of custom, efficient, and production safe performance analysis tools. Historically BPF stood for Berkeley Packet Filter, but since it has become a general purpose execution environment it is now a technology name and no longer an acronym. BPF is part of the Linux kernel.
This workshop is composed of slides, exercises, discussion, and demos. This repository contains two of those four parts: the slides and exercises, the other two are only available in class.
You can either:
If you choose to setup your own system, here is a script for Ubuntu:
sudo apt-get update sudo apt-get install sysstat bpfcc-tools bpftrace gcc git clone https://github.com/brendangregg/bpf-perf-workshop cd bpf-perf-workshop/src make && cd ..
Just for reference, you can fetch these repos:
git clone https://github.com/iovisor/bcc git clone https://github.com/iovisor/bpftrace
Testing the opensnoop(8) tool from both BCC and bpftrace (Ubuntu package naming scheme: BCC tools end in -bpfcc, and bpftrace .bt):
$ sudo bash # opensnoop-bpfcc [...] # opensnoop.bt [...]
Those should produce output and not error. Ctrl-C to end each.
You may wish to open these in tabs. For labs 1-3 (BCC):
For labs 4-5 (bpftrace):
Copyright Brendan Gregg, 2019. All rights reserved.