Status: Stable
A collection of rpm specs to build eBPF related tools on Centos 7. All tools are available as static binaries to remove the potential runtime dependencies on the used GCC and LLVM/Clang versions
Available tools:
Daily bpftrace builds are available: https://repos.baslab.org/rhel/7/bpftrace-daily/
Install
curl https://repos.baslab.org/rhel/7/bpftrace-daily/bpftrace-daily.repo --output /etc/yum.repos.d/bpftools.repo
curl https://repos.baslab.org/rhel/7/bpftools/bpftools.repo --output /etc/yum.repos.d/bpftrace-daily.repo
yum install bpftrace bpftrace-tools bpftrace-doc
Note that this only tracks bpftrace, the bpftools repo is still required for bcc&bpftool
The repository available at https://repos.baslab.org/rhel/7/bpftools/ tracks offical bpftrace & bcc releases
Install:
curl https://repos.baslab.org/rhel/7/bpftools/bpftools.repo --output /etc/yum.repos.d/bpftools.repo
yum install bpftrace bpftrace-tools bpftrace-doc bcc-static bcc-tools
Tools:
| Tool | Status |
|---|---|
| bashreadline.bt | ✅ |
| biolatency.bt | ✅ |
| biosnoop.bt | ✅ |
| bitesize.bt | ❌ |
| capable.bt | ✅ |
| cpuwalk.bt | ✅ |
| dcsnoop.bt | ✅ |
| execsnoop.bt | ✅ (patched) |
| gethostlatency.bt | ✅ (patched) |
| killsnoop.bt | ✅ |
| loads.bt | ✅ |
| mdflush.bt | ❌ |
| oomkill.bt | ❌ |
| opensnoop.bt | ✅ |
| pidpersec.bt | ✅ |
| runqlat.bt | ✅ |
| runqlen.bt | ✅ |
| statsnoop.bt | ❌ |
| syncsnoop.bt | ✅ |
| syscount.bt | ✅ |
| tcpaccept.bt | ✅ |
| tcpconnect.bt | ✅ |
| tcpdrop.bt | ✅ |
| tcpretrans.bt | ✅ |
| vfscount.bt | ✅ |
| vfsstat.bt | ✅ |
| writeback.bt | ✅ |
| xfsdist.bt | ✅ |
| ext4dist.bt | 🆕 |
Tools marked with an ✅ have been "tested", the tool runs and the output appears valid, but no indepth testing has been done. ❌ indicate tools that are known to be broken and those marked with ❓ have not been tested at all.
Unsupported builtins:
- cgroupid
Tools:
| Tools | Status |
|---|---|
| argdist | ❓ |
| bashreadline | ✅ |
| biolatency | ✅ |
| biosnoop | ✅ |
| biotop | ✅ |
| bitesize | ❓ |
| bpflist | ✅ |
| btrfsdist | ❓ |
| btrfsslower | ❓ |
| cachestat | ✅ |
| cachetop | ✅ |
| capable | ❓ |
| cobjnew | ❓ |
| cpudist | ❓ |
| cpuunclaimed | ❓ |
| criticalstat | ❓ |
| dbslower | ❓ |
| dbstat | ❓ |
| dcsnoop | ❓ |
| dcstat | ❓ |
| deadlock | ❓ |
| drsnoop | ❓ |
| execsnoop | ❓ |
| exitsnoop | ❓ |
| ext4dist | ❓ |
| ext4slower | ❓ |
| filelife | ❓ |
| fileslower | ❓ |
| filetop | ❓ |
| funccount | ❓ |
| funclatency | ❓ |
| funcslower | ❓ |
| gethostlatency | ❓ |
| hardirqs | ❓ |
| inject | ❓ |
| javacalls | ❓ |
| javaflow | ❓ |
| javagc | ❓ |
| javaobjnew | ❓ |
| javastat | ❓ |
| javathreads | ❓ |
| killsnoop | ❓ |
| llcstat | ❓ |
| mdflush | ❓ |
| memleak | ❓ |
| mountsnoop | ❓ |
| mysqld_qslower | ❓ |
| nfsdist | ❓ |
| nfsslower | ❓ |
| nodegc | ❓ |
| nodestat | ❓ |
| offcputime | ❓ |
| offwaketime | ❓ |
| oomkill | ❓ |
| opensnoop | ❓ |
| perlcalls | ❓ |
| perlflow | ❓ |
| perlstat | ❓ |
| phpcalls | ❓ |
| phpflow | ❓ |
| phpstat | ❓ |
| pidpersec | ❓ |
| profile | ❓ |
| pythoncalls | ❓ |
| pythonflow | ❓ |
| pythongc | ❓ |
| pythonstat | ❓ |
| reset-trace | ❓ |
| rubycalls | ❓ |
| rubyflow | ❓ |
| rubygc | ❓ |
| rubyobjnew | ❓ |
| rubystat | ❓ |
| runqlat | ❓ |
| runqlen | ❓ |
| runqslower | ❓ |
| shmsnoop | ❓ |
| slabratetop | ❓ |
| sofdsnoop | ❓ |
| softirqs | ❓ |
| solisten | ❓ |
| sslsniff | ❓ |
| stackcount | ❓ |
| statsnoop | ❓ |
| syncsnoop | ❓ |
| syscount | ❓ |
| tclcalls | ❓ |
| tclflow | ❓ |
| tclobjnew | ❓ |
| tclstat | ❓ |
| tcpaccept | ❓ |
| tcpconnect | ✅ |
| tcpconnlat | ✅ |
| tcpdrop | ✅ |
| tcplife | ❓ |
| tcpretrans | ❓ |
| tcpstates | ❓ |
| tcpsubnet | ❓ |
| tcptop | ❓ |
| tcptracer | ❓ |
| tplist | ❓ |
| trace | ❓ |
| ttysnoop | ✅ |
| vfscount | ❓ |
| vfsstat | ❓ |
| wakeuptime | ❓ |
| xfsdist | ❓ |
| xfsslower | ❓ |
| zfsdist | ❓ |
| zfsslower | ❓ |
Tools marked with an ✅ have been "tested", the tool runs and the output appears valid, but no indepth testing has been done. ❌ indicate tools that are known to be broken and those marked with ❓ have not been tested at all.
*Some builds are done with GCC from devtoolset-8 from software collections
to provide a modern GCC
build-all.sh builds all tools in a docker container and exports the RPMs at
the end. It starts of by building LLVM and Clang and creating a "builder" image
with that, using that image it will build the other RPMs.
As building LLVM & Clang takes a while the process can be sped up by reusing an
earlier built image using the --image-tag flag
A pre-build llvm image can be found here
Alternatively you can build the spec files manually:
The first step is to build llvm-clang to provide a somewhat modern LLVM &
Clang, and to provide static libs. Make sure you install the generated rpms
before you go on the next step.
After that bcc and then bpftrace can be built, bpftrace depends on bcc so make sure you install the version you just compiled. Although it also seems to work with the version currently shipped with CentOS 7.
bpftool is stand alone.