tools/bpflist_example.txt - platform/external/bcc - Gitiles

 Demonstrations of bpflist.


 bpflist displays information on running BPF programs and optionally also
 prints open kprobes and uprobes. It is used to understand which BPF programs
 are currently running on the system. For example:

 # bpflist
 PID    COMM             TYPE     COUNT
 4058   fileslower       prog     4
 4058   fileslower       map      2
 4106   bashreadline     map      1
 4106   bashreadline     prog     1

 From the output above, the fileslower and bashreadline tools are running.
 fileslower has installed 4 BPF programs (functions) and has opened 2 BPF maps
 (such as hashes, histograms, stack trace tables, and so on).

 In verbose mode, bpflist also counts the number of kprobes and uprobes opened
 by the process. This information is obtained heuristically: bcc-based tools
 include the process id in the name of the probe. For example:

 # bpflist -v
 PID    COMM             TYPE     COUNT
 4058   fileslower       prog     4
 4058   fileslower       kprobe   4
 4058   fileslower       map      2
 4106   bashreadline     uprobe   1
 4106   bashreadline     prog     1
 4106   bashreadline     map      1

 In double-verbose mode, the probe definitions are also displayed:

 # bpflist -vv
 open kprobes:
 p:kprobes/p___vfs_read_bcc_4058 __vfs_read
 r:kprobes/r___vfs_read_bcc_4058 __vfs_read
 p:kprobes/p___vfs_write_bcc_4058 __vfs_write
 r:kprobes/r___vfs_write_bcc_4058 __vfs_write

 open uprobes:
 r:uprobes/r__bin_bash_0xa4dd0_bcc_4106 /bin/bash:0x00000000000a4dd0

 PID    COMM             TYPE     COUNT
 4058   fileslower       prog     4
 4058   fileslower       kprobe   4
 4058   fileslower       map      2
 4106   bashreadline     uprobe   1
 4106   bashreadline     prog     1
 4106   bashreadline     map      1


 USAGE:
 # bpflist -h
 usage: bpflist.py [-h] [-v]

 Display processes currently using BPF programs and maps

 optional arguments:
   -h, --help       show this help message and exit
   -v, --verbosity  count and display kprobes/uprobes as well

 examples:
     bpflist     # display all processes currently using BPF
     bpflist -v  # also count kprobes/uprobes
     bpflist -vv # display kprobes/uprobes and count them
	Demonstrations of bpflist.


	bpflist displays information on running BPF programs and optionally also
	prints open kprobes and uprobes. It is used to understand which BPF programs
	are currently running on the system. For example:

	# bpflist
	PID COMM TYPE COUNT
	4058 fileslower prog 4
	4058 fileslower map 2
	4106 bashreadline map 1
	4106 bashreadline prog 1

	From the output above, the fileslower and bashreadline tools are running.
	fileslower has installed 4 BPF programs (functions) and has opened 2 BPF maps
	(such as hashes, histograms, stack trace tables, and so on).

	In verbose mode, bpflist also counts the number of kprobes and uprobes opened
	by the process. This information is obtained heuristically: bcc-based tools
	include the process id in the name of the probe. For example:

	# bpflist -v
	PID COMM TYPE COUNT
	4058 fileslower prog 4
	4058 fileslower kprobe 4
	4058 fileslower map 2
	4106 bashreadline uprobe 1
	4106 bashreadline prog 1
	4106 bashreadline map 1

	In double-verbose mode, the probe definitions are also displayed:

	# bpflist -vv
	open kprobes:
	p:kprobes/p___vfs_read_bcc_4058 __vfs_read
	r:kprobes/r___vfs_read_bcc_4058 __vfs_read
	p:kprobes/p___vfs_write_bcc_4058 __vfs_write
	r:kprobes/r___vfs_write_bcc_4058 __vfs_write

	open uprobes:
	r:uprobes/r__bin_bash_0xa4dd0_bcc_4106 /bin/bash:0x00000000000a4dd0

	PID COMM TYPE COUNT
	4058 fileslower prog 4
	4058 fileslower kprobe 4
	4058 fileslower map 2
	4106 bashreadline uprobe 1
	4106 bashreadline prog 1
	4106 bashreadline map 1


	USAGE:
	# bpflist -h
	usage: bpflist.py [-h] [-v]

	Display processes currently using BPF programs and maps

	optional arguments:
	-h, --help show this help message and exit
	-v, --verbosity count and display kprobes/uprobes as well

	examples:
	bpflist # display all processes currently using BPF
	bpflist -v # also count kprobes/uprobes
	bpflist -vv # display kprobes/uprobes and count them