Brendan Gregg's Blog

submited by
Style Pass
2021-07-03 21:30:05

For my AWS re:Invent talk on BPF Performance Analysis at Netflix, I began with a demo of "BPF superpowers" (aka eBPF). The video is on youtube and the demo starts at 0:50 (the sildes are on slideshare):

I'm demonstrating a tool I developed to turn my laptop's wifi signal strength into audio (someone described this as a BPF theremin.) I first developed it as this bpftrace one-liner:

This only works for the iwl driver. In the video I explained how I arrived at tracing __iwl_dbg() in this way, and how you can follow a similar approach for tracing unfamiliar code.

Since I wanted to emit audio, I then switched to BCC and rewrote it in Python so I could use an audio library. This is not my best code, since I hacked it in a hurry, but here it is:

If you wish to develop your own BPF observability tools, start with bpftrace and only use BCC when needed. My BPF Performance Tools book has plenty of examples. This is the culmination of five years of work: the BPF kernel runtime, C support, LLVM and Clang support, the BCC front-end, and finally the bpftrace language. Starting with other interfaces is like writing your first Java program in JVM bytecode. You can...but if you're looking for an educational exercise, I'd recommend using BPF tools to find performance wins.

Leave a Comment