ContextQMD
Back to Bpftrace

README

README.md

0.25.19.8 KB
Original Source
<p align="center"> <picture> <source media="(prefers-color-scheme: dark)" srcset="images/bpftrace_Full_Logo-White.svg"/> </picture> </p>

bpftrace is a general purpose tracing tool and language for Linux. It leverages eBPF to provide powerful, efficient tracing capabilities with minimal overhead. bpftrace uses LLVM as a compiler backend, and libbpf for interacting with the Linux BPF subsystem, including kernel dynamic tracing (kprobes, hardware and software perf events), user-level dynamic tracing (USDT, uprobes), tracepoints (regular, raw), and more. The bpftrace language is inspired by awk, C, and predecessor tracers such as DTrace and SystemTap.

Visit bpftrace.org for tutorials, documentation, and labs!

This respository also contains some canonical tools.

For migrating from older versions, see the migration guide.

Quick Start

Get started with bpftrace in just a few minutes! To build from source, see the building section below. However, you can often install it using your distribution's package manager.

[!IMPORTANT] When using a distribution package, be sure to verify bpftrace --version when referencing documentation.

<table> <tr> <td valign="middle">Distributions</td> <td valign="middle">Command</td> </tr> <tr> <td valign="middle"> <a href="https://packages.ubuntu.com/jammy/bpftrace"></a> <a href="https://packages.ubuntu.com/noble/bpftrace"></a> <a href="https://packages.ubuntu.com/plucky/bpftrace"></a> <a href="https://packages.ubuntu.com/questing/bpftrace"></a> <a href="https://packages.debian.org/trixie/bpftrace"></a> <a href="https://packages.debian.org/forky/bpftrace"></a> <a href="https://packages.debian.org/sid/bpftrace"></a> </td> <td valign="middle"> <pre lang="bash">sudo apt install bpftrace<pre> </td> </tr> <tr> <td valign="middle"> <a href="https://packages.fedoraproject.org/pkgs/bpftrace/bpftrace/fedora-42-updates.html"></a> <a href="https://packages.fedoraproject.org/pkgs/bpftrace/bpftrace/fedora-43.html"></a> <a href="https://packages.fedoraproject.org/pkgs/bpftrace/bpftrace/fedora-rawhide.html"></a> <a href="https://centos.pkgs.org/9/centos-crb-x86_64/"></a> <a href="https://centos.pkgs.org/10/centos-crb-x86_64/"></a> </td> <td valign="middle"> <pre lang="bash">sudo dnf install bpftrace</pre> </td> </tr> <tr> <td valign="middle"> <a href="https://pkgs.alpinelinux.org/packages?name=bpftrace&branch=v3.21"></a> <a href="https://pkgs.alpinelinux.org/packages?name=bpftrace&branch=v3.22"></a> <a href="https://pkgs.alpinelinux.org/packages?name=bpftrace&branch=edge"></a> </td> <td valign="middle"> <pre lang="bash">sudo apk add bpftrace</pre> </td> </tr> <tr> <td valign="middle"> <a href="https://archlinux.org/packages/extra/x86_64/bpftrace/"></a> </td> <td valign="middle"> <pre lang="bash">sudo pacman -S bpftrace</pre> </td> </tr> <tr> <td valign="middle"> <a href="https://packages.gentoo.org/packages/dev-util/bpftrace"></a> </td> <td valign="middle"> <pre lang="bash">sudo emerge -av bpftrace</pre> </td> </tr> <tr> <td valign="middle"> <a href="https://search.nixos.org/packages?query=bpftrace"></a> </td> <td valign="middle"> <pre lang="bash">nix-shell -p bpftrace</pre> </td> </tr> <tr> <td valign="middle"> <a href="https://software.opensuse.org/package/bpftrace"></a> </td> <td valign="middle"> <pre lang="bash">sudo zypper install bpftrace</pre> </td> </tr> <tr> <td valign="middle"> <a href="https://github.com/bpftrace/bpftrace/actions/workflows/binary.yml"></a> </td> <td valign="middle"> <pre lang="bash">declare -A suffixes=([x86_64]="X64" [amd64]="AMD64"); declare prefix="bpftrace/bpftrace/workflows/binary/master/bpftrace"; declare url="https://nightly.link/${prefix}-${suffixes[$(uname -m)]}.zip"; curl -L -o bpftrace.zip "${url}" && unzip bpftrace.zip</pre> </td> </tr> </table>

Contributing

See our contributing guide for details on how to contribute, and our governance document for details on how the project is run.

If you have tools built with bpftrace that you'd like to submit, please contribute to the user-tools repository.

Building

For minimum kernel version requirements, see our dependency support policy. Your kernel should be built with the necessary BPF options enabled. Verify this by running the check_kernel_features script from the scripts directory.

bpftrace also uses git submodules, so ensure they are initialized when checking out the code. See dependency support for details.

bash
git clone --recurse-submodules https://github.com/bpftrace/bpftrace
cd bpftrace

bpftrace provides a Nix flake, which is recommended for building and testing.

bash
nix develop

For a suitable build environment without Nix, see our Dockerfiles for detailed build examples:

If all dependencies are installed correctly, you should be able to configure and build using CMake.

bash
cmake -DCMAKE_BUILD_TYPE=Release -B build .
make -C build -j$(nproc)
<details> <summary>Troubleshooting</summary>

Kernel Lockdown: If your system has kernel lockdown enabled (often with Secure Boot), bpftrace will be blocked. To disable:

  • Disable Secure Boot in UEFI, or
  • Run sudo mokutil --disable-validation and reboot, or
  • Temporarily lift lockdown with SysRQ+x (until next boot)
</details>

Community & Support

bpftrace is built and maintained by a diverse community of contributors, users, and organizations who rely on it for production tracing and debugging.

Get help or get involved: