BCC

BCC is a toolkit for creating efficient kernel tracing and manipulation programs, and includes several useful tools and examples.

Apart from all the tools and examples, BCC is also widely used because it provides a set of functionalities and helper functions to easily interact with kernel bpf structures, such as maps and arrays. In fact, BCC has been used to build all the eBPF programs used in Polycube and DeChainy.

In June 2020, IOVisor accepted a Pull Request of mine, where I proposed new functions and helpers to interact with the newest kernel data structures that have been introduced in the latest kernel updates. Thus, now it is possible to use in-kernel Queues and Stacks within BCC.

For more information, please visit the project website (Code tag above 🔝)