Date
1 - 3 of 3
BCC integration into Buildroot
|
Jugurtha BELKALEM
Hi, I've been doing some Linux debugging since one year, and I've used BCC to solve multiple issues (like writting a ddos detector : https://github.com/iovisor/bcc/blob/master/examples/tracing/dddos.py). I have made an article : http://www.linuxembedded.fr/2019/03/les-secrets-du-traceur-ebpf/ (to present BCC to french community). But, because my job focuses mainly on embedded systems; I and my colleague "Romain Naour" ported BCC to the Buildroot project and tests were already successful for ARM64 (Raspberry PI 3) as described in this article : http://www.linuxembedded.fr/2019/05/bcc-integration-into-buildroot/. BCC is such a great tool and I'd love to know what you think about running it on tiny devices. Note : sorry if you have received this mail twice, I've just added the mailing list. Regards. -- Jugurtha. --
  Pour la planète, n'imprimez ce mail que si c'est nécessaire |
||
|
|
||
|
Andrii Nakryiko
On Mon, Jun 3, 2019 at 4:52 AM Jugurtha BELKALEM <jugurtha.belkalem@...> wrote:
Have you looked at using libbpf and BPF CO-RE for such use cases? The difference is that you won't have any additional runtime dependencies (no Clang/LLVM, etc), which makes this more suitable for embedded applications. The main requirement for running BPF CO-RE programs would be to compile kernel with CONFIG_DEBUG_INFO_BTF=y for BTF type information. Check out also https://github.com/iovisor/bcc/pull/2755 that adds first BPF CO-RE converted tool to BCC. See few links below for more details.
|
||
|
|
||
|
Jugurtha BELKALEM
Unfortunately, no; I have not used libbpf directly but I was thinking of doing it. My goal for having BCC integrated into buildroot is is that embedded systems are not so limited as they were before. THis brings the following advantages : - We can reuse BCC scripts made for desktops and run them on embedded devices. BCC can fit smoothly to provide us with a clear, easy simple and ease script maintenance (easy even for non C developers who can understand quickly). - Having python parsing returned results opens a bunch of endless possibilities like drawing graphs, saving to a remote database or even hand it them to an IA engine to understand system's behaviour over time (without having to develop another application for that). People used SystemTap in the past for some embedded systems, some others are using LTTng for debugging. So why not BCC (though, It's right that we need more space compared to hard coded ebpf). Thanks for your response, I'm going to try it out. Regards. |
||
|
|
