slackbuilds/development/bcc
Lockywolf 4e66e90807
development/bcc: Added (BPF Compiler Collection).
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
2023-09-23 08:54:43 +07:00
..
README development/bcc: Added (BPF Compiler Collection). 2023-09-23 08:54:43 +07:00
bcc.SlackBuild development/bcc: Added (BPF Compiler Collection). 2023-09-23 08:54:43 +07:00
bcc.info development/bcc: Added (BPF Compiler Collection). 2023-09-23 08:54:43 +07:00
slack-desc development/bcc: Added (BPF Compiler Collection). 2023-09-23 08:54:43 +07:00

README

BPF Compiler Collection (BCC)

BCC is a toolkit for creating efficient kernel tracing and
manipulation programs, and includes several useful tools and examples.
It makes use of extended BPF (Berkeley Packet Filters), formally known
as eBPF, a new feature that was first added to Linux 3.15. Much of
what BCC uses requires Linux 4.1 and above.

eBPF was described by Ingo Molnár as:

One of the more interesting features in this cycle is the ability to
attach eBPF programs (user-defined, sandboxed bytecode executed by the
kernel) to kprobes. This allows user-defined instrumentation on a live
kernel image that can never crash, hang or interfere with the kernel
negatively.

BCC makes BPF programs easier to write, with kernel instrumentation in
C (and includes a C wrapper around LLVM), and front-ends in Python and
lua. It is suited for many tasks, including performance analysis and
network traffic control.