hngopher.com

       [HN Gopher] Show HN: Xcapture-BPF - like Linux top, but with Xra...
       ___________________________________________________________________
        
       Show HN: Xcapture-BPF - like Linux top, but with Xray vision
        
       Author : tanelpoder
       Score  : 93 points
       Date   : 2024-07-03 20:52 UTC (2 hours ago)
        
 (HTM) web link (0x.tools)
 (TXT) w3m dump (0x.tools)
        
       | jamesy0ung wrote:
       | I've never used eBPF, does anyone have some good resources for
       | learning it?
        
         | tanelpoder wrote:
         | Brendan Gregg's site (and book) is probably the best starting
         | point (he was involved in DTrace work & rollout 20 years ago
         | when at Sun) and was/is instrumental in pushing eBPF in Linux
         | even further than DTrace ever went:
         | 
         | https://brendangregg.com/ebpf.html
        
         | mgaunard wrote:
         | It lets you hook into various points in the kernel; ultimately
         | you need to learn how the Linux kernel is structured to make
         | the most of it.
         | 
         | Unlike a module, it can only really read data, not modify data
         | structures, so it's nice for things like tracing kernel events.
         | 
         | The XDP subsystem is particularly designed for you to apply
         | filters to network data before it makes it to the network
         | stack, but it still doesn't give you the same level of control
         | or performance as DPDK, since you still need the data to go to
         | the kernel.
        
           | tanelpoder wrote:
           | Yep (the 0x.tools author here). If you look into my code,
           | you'll see that I'm _not_ a good developer :-) But I have a
           | decent understanding of Linux kernel flow and kernel /app
           | interaction dynamics, thanks to many years of troubleshooting
           | large (Oracle) database workloads. So I knew exactly what I
           | wanted to measure and how, just had to learn the eBPF parts.
           | That's why I picked BCC instead of libbpf as I was somewhat
           | familiar with it already, but fully dynamic and "self-
           | updating" libbpf loading approach is the goal for v3 (help
           | appreciated!)
        
             | mgaunard wrote:
             | Myself I've only built simple things, like tracing sched
             | switch events for certain threads, and killing the process
             | if they happen (specifically designed as a safety for
             | pinned threads).
        
               | tanelpoder wrote:
               | Same here, until now. I built the earlier xcapture v1
               | (also in the repo) about 5 years ago and it just samples
               | various /proc/PID/task/TID pseudofiles regularly, it also
               | allows you get pretty far with the thread-level activity
               | measurement approach, especially when combined with
               | always-on low frequency on-CPU sampling with perf.
        
         | jiripospisil wrote:
         | There's a bunch of examples over at
         | https://github.com/iovisor/bcc
        
         | rascul wrote:
         | You might find some interesting stuff here
         | 
         | https://ebpf.io/
        
       ___________________________________________________________________
       (page generated 2024-07-03 23:00 UTC)