Is it possible to call bcc/tools inside eBPF program?

iovisor / bcc

BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more

Apache License 2.0

20.38k stars 3.86k forks source link

Is it possible to call bcc/tools inside eBPF program? #4037

Closed joelcisnerosss closed 2 years ago

joelcisnerosss commented 2 years ago

I am new to the concept of eBPF and how to write eBPF programs and I was wondering if I could call and capture the output of bcc/tools inside a eBPF program, e.g opensnoop or biosnoop. If so, could someone share a quick example of how to?

chenhengqi commented 2 years ago

Nope.

brendangregg commented 2 years ago

It's true that you can't call programs directly. You wouldn't want to either, as in an interrupts-disabled context you'd quickly wedge the system. You could have the user-space component of a bcc tool launch other bcc tools, triggered by instrumented events. If you are new to eBPF you probably don't want to go down this path for a while -- just start with the existing tools.