Status: Stable
A collection of rpm specs to build eBPF related tools on Centos 7. All tools are available as static binaries to remove the potential runtime dependencies on the used GCC and LLVM/Clang versions
Available tools:
Repository available at https://repos.baslab.org/bpftools/
Install:
curl https://repos.baslab.org/bpftools.repo --output /etc/yum.repos.d/bpftools.repo
yum install bpftrace-static bpftrace-tools bpftrace-docs bcc-static bcc-tools
Installing the -static
versions is recommended as the LLVM packages are
terrible.
Tools:
Tool | Status |
---|---|
bashreadline.bt | ✅ |
biolatency.bt | ✅ |
biosnoop.bt | ✅ |
bitesize.bt | ❌ |
capable.bt | ✅ |
cpuwalk.bt | ✅ |
dcsnoop.bt | ✅ |
execsnoop.bt | ✅ (patched) |
gethostlatency.bt | ✅ (patched) |
killsnoop.bt | ✅ |
loads.bt | ✅ |
mdflush.bt | ❌ |
oomkill.bt | ❌ |
opensnoop.bt | ✅ |
pidpersec.bt | ✅ |
runqlat.bt | ✅ |
runqlen.bt | ✅ |
statsnoop.bt | ❌ |
syncsnoop.bt | ✅ |
syscount.bt | ✅ |
tcpaccept.bt | ✅ |
tcpconnect.bt | ✅ |
tcpdrop.bt | ✅ |
tcpretrans.bt | ✅ |
vfscount.bt | ✅ |
vfsstat.bt | ✅ |
writeback.bt | ✅ |
xfsdist.bt | ✅ |
ext4dist.bt | 🆕 |
Tools marked with an ✅ have been "tested", the tool runs and the output appears valid, but no indepth testing has been done. ❌ indicate tools that are known to be broken and those marked with ❓ have not been tested at all.
Unsupported builtins:
- cgroupid
Tools:
Tools | Status |
---|---|
argdist | ❓ |
bashreadline | ✅ |
biolatency | ✅ |
biosnoop | ✅ |
biotop | ✅ |
bitesize | ❓ |
bpflist | ✅ |
btrfsdist | ❓ |
btrfsslower | ❓ |
cachestat | ✅ |
cachetop | ✅ |
capable | ❓ |
cobjnew | ❓ |
cpudist | ❓ |
cpuunclaimed | ❓ |
criticalstat | ❓ |
dbslower | ❓ |
dbstat | ❓ |
dcsnoop | ❓ |
dcstat | ❓ |
deadlock | ❓ |
drsnoop | ❓ |
execsnoop | ❓ |
exitsnoop | ❓ |
ext4dist | ❓ |
ext4slower | ❓ |
filelife | ❓ |
fileslower | ❓ |
filetop | ❓ |
funccount | ❓ |
funclatency | ❓ |
funcslower | ❓ |
gethostlatency | ❓ |
hardirqs | ❓ |
inject | ❓ |
javacalls | ❓ |
javaflow | ❓ |
javagc | ❓ |
javaobjnew | ❓ |
javastat | ❓ |
javathreads | ❓ |
killsnoop | ❓ |
llcstat | ❓ |
mdflush | ❓ |
memleak | ❓ |
mountsnoop | ❓ |
mysqld_qslower | ❓ |
nfsdist | ❓ |
nfsslower | ❓ |
nodegc | ❓ |
nodestat | ❓ |
offcputime | ❓ |
offwaketime | ❓ |
oomkill | ❓ |
opensnoop | ❓ |
perlcalls | ❓ |
perlflow | ❓ |
perlstat | ❓ |
phpcalls | ❓ |
phpflow | ❓ |
phpstat | ❓ |
pidpersec | ❓ |
profile | ❓ |
pythoncalls | ❓ |
pythonflow | ❓ |
pythongc | ❓ |
pythonstat | ❓ |
reset-trace | ❓ |
rubycalls | ❓ |
rubyflow | ❓ |
rubygc | ❓ |
rubyobjnew | ❓ |
rubystat | ❓ |
runqlat | ❓ |
runqlen | ❓ |
runqslower | ❓ |
shmsnoop | ❓ |
slabratetop | ❓ |
sofdsnoop | ❓ |
softirqs | ❓ |
solisten | ❓ |
sslsniff | ❓ |
stackcount | ❓ |
statsnoop | ❓ |
syncsnoop | ❓ |
syscount | ❓ |
tclcalls | ❓ |
tclflow | ❓ |
tclobjnew | ❓ |
tclstat | ❓ |
tcpaccept | ❓ |
tcpconnect | ✅ |
tcpconnlat | ✅ |
tcpdrop | ✅ |
tcplife | ❓ |
tcpretrans | ❓ |
tcpstates | ❓ |
tcpsubnet | ❓ |
tcptop | ❓ |
tcptracer | ❓ |
tplist | ❓ |
trace | ❓ |
ttysnoop | ✅ |
vfscount | ❓ |
vfsstat | ❓ |
wakeuptime | ❓ |
xfsdist | ❓ |
xfsslower | ❓ |
zfsdist | ❓ |
zfsslower | ❓ |
Tools marked with an ✅ have been "tested", the tool runs and the output appears valid, but no indepth testing has been done. ❌ indicate tools that are known to be broken and those marked with ❓ have not been tested at all.
*Some builds are done with GCC from devtoolset-8
from software collections
to provide a modern GCC
build-all.sh
builds all tools in a docker container and exports the RPMs at
the end. It starts of by building LLVM and Clang and creating a "builder" image
with that, using that image it will build the other RPMs.
As building LLVM & Clang takes a while the process can be sped up by reusing an
earlier built image using the --image-tag
flag
Alternatively you can build the spec files manually:
The first step is to build llvm-clang
to provide a somewhat modern LLVM &
Clang, and to provide static libs. Make sure you install the generated rpms
before you go on the next step.
After that bcc and then bpftrace can be built, bpftrace depends on bcc so make sure you install the version you just compiled. Although it also seems to work with the version currently shipped with CentOS 7.
bpftool is stand alone.