1Demonstrations of bpflist. 2 3 4bpflist displays information on running BPF programs and optionally also 5prints open kprobes and uprobes. It is used to understand which BPF programs 6are currently running on the system. For example: 7 8# bpflist 9PID COMM TYPE COUNT 104058 fileslower prog 4 114058 fileslower map 2 124106 bashreadline map 1 134106 bashreadline prog 1 14 15From the output above, the fileslower and bashreadline tools are running. 16fileslower has installed 4 BPF programs (functions) and has opened 2 BPF maps 17(such as hashes, histograms, stack trace tables, and so on). 18 19In verbose mode, bpflist also counts the number of kprobes and uprobes opened 20by the process. This information is obtained heuristically: bcc-based tools 21include the process id in the name of the probe. For example: 22 23# bpflist -v 24PID COMM TYPE COUNT 254058 fileslower prog 4 264058 fileslower kprobe 4 274058 fileslower map 2 284106 bashreadline uprobe 1 294106 bashreadline prog 1 304106 bashreadline map 1 31 32In double-verbose mode, the probe definitions are also displayed: 33 34# bpflist -vv 35open kprobes: 36p:kprobes/p___vfs_read_bcc_4058 __vfs_read 37r:kprobes/r___vfs_read_bcc_4058 __vfs_read 38p:kprobes/p___vfs_write_bcc_4058 __vfs_write 39r:kprobes/r___vfs_write_bcc_4058 __vfs_write 40 41open uprobes: 42r:uprobes/r__bin_bash_0xa4dd0_bcc_4106 /bin/bash:0x00000000000a4dd0 43 44PID COMM TYPE COUNT 454058 fileslower prog 4 464058 fileslower kprobe 4 474058 fileslower map 2 484106 bashreadline uprobe 1 494106 bashreadline prog 1 504106 bashreadline map 1 51 52 53USAGE: 54# bpflist -h 55usage: bpflist.py [-h] [-v] 56 57Display processes currently using BPF programs and maps 58 59optional arguments: 60 -h, --help show this help message and exit 61 -v, --verbosity count and display kprobes/uprobes as well 62 63examples: 64 bpflist # display all processes currently using BPF 65 bpflist -v # also count kprobes/uprobes 66 bpflist -vv # display kprobes/uprobes and count them 67