Read the article at: https://www.ebpf.top/post/en/bpf_rawtracepoint 1. Common Hook Types in eBPF Trace 2. BPF Rawtracepoint 2.1 Trace Performance Enhanced by 20% 2.2 Rawtracepoint Tracking Event Inspection and Quantity Statistics 2.3 Passing Parameter Changes 3. Example of Using rawtracepoint in BPF Programs 3.1 libbpf Library (Based on CO-RE) 3.2 Bpftrace Sample Code See Also 1. Common Hook Types in eBPF Trace eBPF allows tracing events in various categories within the trace domain as follows: Kernel static trace points tracepoint/rawtracepoint/btf-tracepoint Refer to /sys/kernel/tracing/available_events Kernel dynamic trace points k[ret]probe, fentry/fexit (based on BTF) Kprobe /sys/kernel/tracing/available_filter_functions User-space static trace points USDT Viewing method: readelf -n or bpftrace tool bpftrace -l 'usdt:/home/dave/ebpf/linux-tracing/usdt/main:*' User-space dynamic trace: u[ret]probe, obtainable via nm hello | grep main Performance monitoring counters PMC perf_event This article will focus on rawtracepoint within kernel static tracing, concluding with practical code examples using the libbpf development library and bpftrace.……

Continue reading