Home | History | Annotate | Download | only in tools
      1 Demonstrations of bpflist.
      2 
      3 
      4 bpflist displays information on running BPF programs and optionally also
      5 prints open kprobes and uprobes. It is used to understand which BPF programs
      6 are currently running on the system. For example:
      7 
      8 # bpflist
      9 PID    COMM             TYPE     COUNT
     10 4058   fileslower       prog     4   
     11 4058   fileslower       map      2   
     12 4106   bashreadline     map      1   
     13 4106   bashreadline     prog     1   
     14 
     15 From the output above, the fileslower and bashreadline tools are running.
     16 fileslower has installed 4 BPF programs (functions) and has opened 2 BPF maps
     17 (such as hashes, histograms, stack trace tables, and so on).
     18 
     19 In verbose mode, bpflist also counts the number of kprobes and uprobes opened
     20 by the process. This information is obtained heuristically: bcc-based tools
     21 include the process id in the name of the probe. For example:
     22 
     23 # bpflist -v
     24 PID    COMM             TYPE     COUNT
     25 4058   fileslower       prog     4   
     26 4058   fileslower       kprobe   4   
     27 4058   fileslower       map      2   
     28 4106   bashreadline     uprobe   1   
     29 4106   bashreadline     prog     1   
     30 4106   bashreadline     map      1   
     31 
     32 In double-verbose mode, the probe definitions are also displayed:
     33 
     34 # bpflist -vv
     35 open kprobes:
     36 p:kprobes/p___vfs_read_bcc_4058 __vfs_read
     37 r:kprobes/r___vfs_read_bcc_4058 __vfs_read
     38 p:kprobes/p___vfs_write_bcc_4058 __vfs_write
     39 r:kprobes/r___vfs_write_bcc_4058 __vfs_write
     40 
     41 open uprobes:
     42 r:uprobes/r__bin_bash_0xa4dd0_bcc_4106 /bin/bash:0x00000000000a4dd0
     43 
     44 PID    COMM             TYPE     COUNT
     45 4058   fileslower       prog     4   
     46 4058   fileslower       kprobe   4   
     47 4058   fileslower       map      2   
     48 4106   bashreadline     uprobe   1   
     49 4106   bashreadline     prog     1   
     50 4106   bashreadline     map      1   
     51 
     52 
     53 USAGE:
     54 # bpflist -h
     55 usage: bpflist.py [-h] [-v]
     56 
     57 Display processes currently using BPF programs and maps
     58 
     59 optional arguments:
     60   -h, --help       show this help message and exit
     61   -v, --verbosity  count and display kprobes/uprobes as well
     62 
     63 examples:
     64     bpflist     # display all processes currently using BPF
     65     bpflist -v  # also count kprobes/uprobes
     66     bpflist -vv # display kprobes/uprobes and count them
     67