
Full-system dynamic tracing on Linux using eBPF and bpftrace - signa11
https://www.joyfulbikeshedding.com/blog/2019-01-31-full-system-dynamic-tracing-on-linux-using-ebpf-and-bpftrace.html
======
eatonphil
This is a great post! Brendan Greg's perf page [0] is another interesting
collections page. And the best introduction to using kprobes I've seen is by
WindRiver [1] where they do it all manually in a tutorial.

[0]
[http://www.brendangregg.com/perf.html](http://www.brendangregg.com/perf.html)

[1]
[https://docs.windriver.com/bundle/Wind_River_Linux_Tutorial_...](https://docs.windriver.com/bundle/Wind_River_Linux_Tutorial_Dynamic_Kernel_Debugging_with_ftrace_and_kprobes_9_1/page/1668683.html)

------
saagarjha
> the macOS version is as good as defunct because System Integrity Protection
> broke many aspects of DTrace

Of course, DTrace works on macOS if you disable the parts of System Integrity
Protection that block it (csrutil enable --without dtrace).

~~~
Birch-san
That used to be enough, but Mojave has broken DTrace further. I find it
completely unusable now.

~~~
EdwardCoffin
Could you give a concrete example of something that broke in Mojave? I used it
a lot in High Sierra, and was preparing to return now under Mojave, would like
to know what to keep my eyes open for.

------
cryptonector
This. Is. Beautiful.

"The dark days before eBPF" indeed.

------
dekhn
sad to see this still has to be compiled from scratch on ubuntu 18.04.

~~~
agumonkey
same for archlinux

