Question 1

How to install BCC on Ubuntu?

Accepted Answer

Follow the steps in INSTALL.md, which typically involve adding the iovisor repository, installing the bcc-tools package, and ensuring kernel headers and LLVM are present. Specific commands vary by Ubuntu version, so check the documentation for details.

Question 2

BCC vs bpftrace: which should I use?

Accepted Answer

BCC offers a full toolkit with Python bindings and pre-built tools for complex, ongoing tracing, while bpftrace is better for quick, ad-hoc eBPF scripts with a simpler syntax. Choose BCC for developing custom tools and bpftrace for one-liner analyses.

Question 3

Can BCC trace user-space applications like MySQL?

Accepted Answer

Yes, BCC includes tools like mysqld_qslower that use USDT probes to trace MySQL queries, as shown in the examples. It can instrument high-level languages through specific probes and syscall tracing.

Question 4

What kernel features does BCC need to work?

Accepted Answer

BCC requires Linux 4.1 or higher for basic eBPF support, with some tools needing newer kernels for advanced features. The README notes that much of BCC uses Linux 4.1+, so verify your kernel version first.

Question 5

Is there a performance overhead with BCC tools?

Accepted Answer

Overhead is generally low due to eBPF's efficient in-kernel execution, but it varies by tool; for instance, sampling-based tools like profile have minimal impact, while high-frequency event tracing might affect system performance in busy environments.

Question 6

How to write a custom BCC program for tracing?

Accepted Answer

Start with the tutorial_bcc_python_developer.md, which guides you through writing C for the BPF program and Python for the frontend. Examples like hello_world.py provide a basic template to build upon.

bcc

What is bcc?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions