Forrest logo
tool overview
On this page you find all important commands for the CLI tool bpftool. If the command you are looking for is missing please ask our AI.

bpftool

bpftool is a versatile and powerful command line tool used for managing and troubleshooting eBPF (extended Berkeley Packet Filter) programs in Linux kernels. It provides a user-friendly interface for interacting with eBPF programs and querying their various aspects.

First introduced in Linux kernel 3.15, bpftool has evolved over time to become an essential utility for eBPF developers and administrators. It allows users to load, attach, detach, and unload eBPF programs dynamically in the kernel, without requiring a kernel recompile or reload.

The tool provides several operations, such as showing information about loaded eBPF programs, listing available maps and their properties, inspecting maps to view their current contents, and retrieving eBPF bytecode to analyze or debug the programs. It also allows users to monitor eBPF program execution and trace kernel events using the perf infrastructure.

The bpftool command syntax is comprehensive, enabling users to perform a wide range of tasks. It supports options and subcommands for actions like listing, showing, loading, attaching, detaching, and deleting eBPF programs and maps. It can be integrated with other command line tools and scripts to achieve complex eBPF workflows.

To assist the users in understanding and navigating the eBPF functionality, bpftool provides concise and clear output formats. It presents information about loaded programs and maps in a human-readable manner, enhancing their visibility and usability.

The tool also facilitates eBPF program debugging by allowing users to attach tracepoints, verify eBPF program syntax, and display execution statistics. It gives developers insights into program behavior, helping them analyze and optimize their eBPF code.

Furthermore, bpftool supports offline analysis of eBPF programs by allowing users to disassemble, dump, and generate C code representations of compiled eBPF bytecode. This functionality aids in reverse engineering and studying complex eBPF programs.

In summary, bpftool is a valuable tool for managing and troubleshooting eBPF programs in Linux kernels. It offers a comprehensive set of features, simplifying eBPF program manipulation, monitoring, and analysis.

List of commands for bpftool:

  • bpftool:tldr:06dff bpftool: Probe a network device "eth0" for supported `eBPF` features.
    $ bpftool feature probe dev ${eth0}
    try on your machine
    explain this command
  • bpftool:tldr:18dd8 bpftool: List all `raw_tracepoint`, `tracepoint`, `kprobe` attachments in the system.
    $ bpftool perf list
    try on your machine
    explain this command
  • bpftool:tldr:6c4b0 bpftool: List `eBPF` program attachments in the kernel networking subsystem.
    $ bpftool net list
    try on your machine
    explain this command
  • bpftool:tldr:7642a bpftool: List information about loaded maps.
    $ bpftool map list
    try on your machine
    explain this command
  • bpftool:tldr:905b6 bpftool: Run commands in batch mode from a file.
    $ bpftool batch file ${myfile}
    try on your machine
    explain this command
  • bpftool:tldr:b3d23 bpftool: List all active links.
    $ bpftool link list
    try on your machine
    explain this command
  • bpftool:tldr:d480d bpftool: List `BPF Type Format (BTF)` data.
    $ bpftool btf list
    try on your machine
    explain this command
tool overview