How to use the command 'bpftool' (with examples)
- Linux
- December 25, 2023
The ‘bpftool’ command is a tool for inspection and simple manipulation of eBPF programs and maps. It provides various subcommands to perform different operations related to eBPF programs, maps, networking, and more. This article will illustrate several use cases of the ‘bpftool’ command with examples.
Use case 1: List information about loaded eBPF programs
Code:
bpftool prog list
Motivation: This use case allows you to retrieve information about the eBPF programs that are currently loaded into the kernel. This information can be useful for debugging or monitoring purposes.
Explanation: The ‘bpftool prog list’ command lists information about loaded eBPF programs. It does not accept any arguments.
Example output:
4: prog_type: XDP insn_cnt: 7 imm_len: 0 xlated: 3 load_time: 75.294u
Use case 2: List eBPF program attachments in the kernel networking subsystem
Code:
bpftool net list
Motivation: With this use case, you can obtain a list of eBPF program attachments in the kernel networking subsystem. This can be helpful to understand the eBPF programs that are active in the networking stack.
Explanation: The ‘bpftool net list’ command lists eBPF program attachments in the kernel networking subsystem. It does not require any arguments.
Example output:
11: attachment_type: GPLINK prog_id: 4 ifindex: 0 flags: X refcnt: 0 locked: 0
Use case 3: List all active links
Code:
bpftool link list
Motivation: This use case allows you to retrieve a list of all active links. It can be useful to obtain information about the network interfaces on your system.
Explanation: The ‘bpftool link list’ command lists all active links. It does not accept any arguments.
Example output:
idx 0: ifindex 1, link-netnsid 0
Use case 4: List all raw_tracepoint, tracepoint, kprobe attachments in the system
Code:
bpftool perf list
Motivation: This use case provides a way to list all raw_tracepoint, tracepoint, and kprobe attachments in the system. It helps in understanding the eBPF programs that are attached to these events.
Explanation: The ‘bpftool perf list’ command lists all raw_tracepoint, tracepoint, and kprobe attachments in the system. It does not require any arguments.
Example output:
btf_id: 1 prog_id: 2 fd: 6 name: sched_process_fork events_count: 5
Use case 5: List BPF Type Format (BTF) data
Code:
bpftool btf list
Motivation: This use case allows you to retrieve the BPF Type Format (BTF) data. BTF provides type information for eBPF programs, helping with debugging and verification.
Explanation: The ‘bpftool btf list’ command lists the BPF Type Format (BTF) data. It does not accept any arguments.
Example output:
Id In_use Type
1 1 btf
2 1 btf
Use case 6: List information about loaded maps
Code:
bpftool map list
Motivation: With this use case, you can obtain information about the loaded maps. Maps are data structures used by eBPF programs to store and retrieve data.
Explanation: The ‘bpftool map list’ command lists information about loaded maps. It does not require any arguments.
Example output:
2: name: mymap id: 129 type: ARRAY key_s: 8 value_s: 8 max_entries: 1024 flags:
Use case 7: Probe a network device “eth0” for supported eBPF features
Code:
bpftool feature probe dev eth0
Motivation: This use case allows you to probe a specific network device (e.g., “eth0”) for supported eBPF features. It helps to determine if a particular device supports eBPF offloading or other features.
Explanation: The ‘bpftool feature probe dev eth0’ command probes the network device “eth0” for supported eBPF features. “eth0” is the name of the network device you want to probe.
Example output:
eth0: supported eBPF features: cgroup_attach, tracex1, perf_event
Use case 8: Run commands in batch mode from a file
Code:
bpftool batch file myfile
Motivation: This use case allows you to run ‘bpftool’ commands in batch mode by specifying a file containing a series of commands. It is useful when you have a set of commands that you want to execute together.
Explanation: The ‘bpftool batch file myfile’ command runs commands in batch mode from the specified file (“myfile” in this example). The file should contain one command per line.
Example output: (assuming “myfile” contains valid commands)
Command 1 output
Command 2 output
...
