Chapter 5. BPF Utilities

So far, we’ve talked about how you can write BPF programs to get more visibility within your systems. Over the years, many developers have built tools with BPF for that same purpose. In this chapter we talk about several of the off-the-shelf tools that you can use every day. Many of these tools are advanced versions of some BPF programs that you’ve already seen. Others are tools that will help you gain direct visibility into your own BPF programs.

This chapter covers some tools that will help you in your day-to-day work with BPF. We begin by covering BPFTool, a command-line utility to get more information about your BPF programs. We cover BPFTrace and kubectl-trace, which will help you write BPF programs more efficiently with a concise domain-specific language (DSL). Finally, we talk about eBPF Exporter, an open source project to integrate BPF with Prometheus.


BPFTool is a kernel utility for inspecting of BPF programs and maps. This tool doesn’t come installed by default on any Linux distribution, and it’s in heavy development, so you’ll want to compile the version that best supports your Linux kernel. We cover the version of BPFTool distributed with version 5.1 of the Linux kernel.

In the next sections we discuss how to install BPFTool onto your system and how to use it to observe and change the behavior of your BPF programs and maps from the terminal.


To install BPFTool, you need to download a copy of the kernel’s source code. ...

Get Linux Observability with BPF now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.