eBPF is an emerging Linux kernel technology that allows for user-supplied programs to run inside of the kernel. This enables a bunch of interesting usecases, particularly efficient CPU profiling of the whole Linux system.
For this to work you'll need
- a Linux machine with the kernel version >= 4.9.
- BCC tools installed on the system you want to profile. Visit BCC documentation to find the best way of installing it on your system. There are prebuilt binaries available for most flavors of Linux.
- pyroscope server and agent. Visit our Getting Started guide to learn about that.
Running eBPF profiler
Dealing with [unknowns]
eBPF relies on having debugging symbols available for each program installed in your system. If you don't have those you'll see a lot of stacktraces full of
[unknown]s. On most systems you can get debugging symbols for most packages with
Future of our eBPF integration
One thing we're excited about at Pyroscope is eBPF portability efforts, particularly introduction of BTF (BPF Type Format) technology. You can read more about that here. When kernels with BTF support become more mainstream we're gonna embed libbpf directly into our go binary.