Download
BCC is a toolkit that simplifies creating efficient kernel tracing, monitoring, and manipulation programs by leveraging extended Berkeley Packet Filters (eBPF). It includes a rich set of example tools and scripting interfaces in C, Python, and Lua. BCC makes BPF programs easier to write, with kernel instrumentation in C (and includes a C wrapper around LLVM), and front-ends in Python and lua. It is suited for many tasks, including performance analysis and network traffic control. With a BPF-specific frontend, one should be able to write in a language and receive feedback from the compiler on the validity as it pertains to a BPF backend. This toolkit aims to provide a frontend that can only create valid BPF programs while still harnessing its full flexibility.
Features
- Toolchain to write, compile, and load eBPF programs into the Linux kernel
- Ready-to-use example tracing tools for I/O, networking, and system monitoring
- Supports C, Python, and Lua scripting for flexible instrumentation
- No external kernel modules needed—eBPF runs safely in-kernel
- Works with kernels version 4.x and newer
- Well-documented with tutorials and reference guides
Project Samples
