I suggest taking a look at bpftrace ( https://github.com/iovisor/bpftrace ). The features and stability are getting quite good and better over time.

There’s also a kubernetes version of it:


hey! Do you know if anyone is working on getting bpftrace to use BTF yet? Looks like one of the final chunks landed in Linux 5.2

See Bpftrace for Linux 2018:

> https://news.ycombinator.com/item?id=18168137

pzakah asks:

> You've mentioned that we do have BTF now in Linux 4.18. I've tried to find if it was leveraged in bpftrace, but it looks like it isn't yet.

Brendan responds:

> That's the old repo (we should add a note to it pointing people to https://github.com/iovisor/bpftrace instead!)

Alastair added struct support for kprobes yesterday, based on the functionality in bcc (which bpftrace uses). That was the final missing piece, and why I'm posting about it now. See the last example here:


I took a look and according to the last example mentioned they have not added full struct support yet.

Yes, we have an open Pull Request for that: https://github.com/iovisor/bpftrace/pull/734

AFAIK not.

