v811_spc009/external/bcc/tools/bpflist_example.txt

Demonstrations of bpflist.


bpflist displays information on running BPF programs and optionally also
prints open kprobes and uprobes. It is used to understand which BPF programs
are currently running on the system. For example:

# bpflist
PID    COMM             TYPE     COUNT
4058   fileslower       prog     4   
4058   fileslower       map      2   
4106   bashreadline     map      1   
4106   bashreadline     prog     1   

From the output above, the fileslower and bashreadline tools are running.
fileslower has installed 4 BPF programs (functions) and has opened 2 BPF maps
(such as hashes, histograms, stack trace tables, and so on).

In verbose mode, bpflist also counts the number of kprobes and uprobes opened
by the process. This information is obtained heuristically: bcc-based tools
include the process id in the name of the probe. For example:

# bpflist -v
PID    COMM             TYPE     COUNT
4058   fileslower       prog     4   
4058   fileslower       kprobe   4   
4058   fileslower       map      2   
4106   bashreadline     uprobe   1   
4106   bashreadline     prog     1   
4106   bashreadline     map      1   

In double-verbose mode, the probe definitions are also displayed:

# bpflist -vv
open kprobes:
p:kprobes/p___vfs_read_bcc_4058 __vfs_read
r:kprobes/r___vfs_read_bcc_4058 __vfs_read
p:kprobes/p___vfs_write_bcc_4058 __vfs_write
r:kprobes/r___vfs_write_bcc_4058 __vfs_write

open uprobes:
r:uprobes/r__bin_bash_0xa4dd0_bcc_4106 /bin/bash:0x00000000000a4dd0

PID    COMM             TYPE     COUNT
4058   fileslower       prog     4   
4058   fileslower       kprobe   4   
4058   fileslower       map      2   
4106   bashreadline     uprobe   1   
4106   bashreadline     prog     1   
4106   bashreadline     map      1   


USAGE:
# bpflist -h
usage: bpflist.py [-h] [-v]

Display processes currently using BPF programs and maps

optional arguments:
  -h, --help       show this help message and exit
  -v, --verbosity  count and display kprobes/uprobes as well

examples:
    bpflist     # display all processes currently using BPF
    bpflist -v  # also count kprobes/uprobes
    bpflist -vv # display kprobes/uprobes and count them
v811_spc009_project 7 months ago			`Demonstrations of bpflist.`


			`bpflist displays information on running BPF programs and optionally also`
			`prints open kprobes and uprobes. It is used to understand which BPF programs`
			`are currently running on the system. For example:`

			`# bpflist`
			`PID COMM TYPE COUNT`
			`4058 fileslower prog 4`
			`4058 fileslower map 2`
			`4106 bashreadline map 1`
			`4106 bashreadline prog 1`

			`From the output above, the fileslower and bashreadline tools are running.`
			`fileslower has installed 4 BPF programs (functions) and has opened 2 BPF maps`
			`(such as hashes, histograms, stack trace tables, and so on).`

			`In verbose mode, bpflist also counts the number of kprobes and uprobes opened`
			`by the process. This information is obtained heuristically: bcc-based tools`
			`include the process id in the name of the probe. For example:`

			`# bpflist -v`
			`PID COMM TYPE COUNT`
			`4058 fileslower prog 4`
			`4058 fileslower kprobe 4`
			`4058 fileslower map 2`
			`4106 bashreadline uprobe 1`
			`4106 bashreadline prog 1`
			`4106 bashreadline map 1`

			`In double-verbose mode, the probe definitions are also displayed:`

			`# bpflist -vv`
			`open kprobes:`
			`p:kprobes/p___vfs_read_bcc_4058 __vfs_read`
			`r:kprobes/r___vfs_read_bcc_4058 __vfs_read`
			`p:kprobes/p___vfs_write_bcc_4058 __vfs_write`
			`r:kprobes/r___vfs_write_bcc_4058 __vfs_write`

			`open uprobes:`
			`r:uprobes/r__bin_bash_0xa4dd0_bcc_4106 /bin/bash:0x00000000000a4dd0`

			`PID COMM TYPE COUNT`
			`4058 fileslower prog 4`
			`4058 fileslower kprobe 4`
			`4058 fileslower map 2`
			`4106 bashreadline uprobe 1`
			`4106 bashreadline prog 1`
			`4106 bashreadline map 1`


			`USAGE:`
			`# bpflist -h`
			`usage: bpflist.py [-h] [-v]`

			`Display processes currently using BPF programs and maps`

			`optional arguments:`
			`-h, --help show this help message and exit`
			`-v, --verbosity count and display kprobes/uprobes as well`

			`examples:`
			`bpflist # display all processes currently using BPF`
			`bpflist -v # also count kprobes/uprobes`
			`bpflist -vv # display kprobes/uprobes and count them`