Ricardo Delfín
Ricardo Delfín

## eBPF and bcc: An Introduction

Created at 2019-08-28 22:09:14 UTC
Let's talk a little bit about how you would get started on eBPF. Everything related to eBPF goes back to the bpf() syscall. Give that man page a quick read (or even better, read the one on your linux system), but note that most development for eBPF does not use the syscall. Most users who don't feel a sudden urge of masochism will use bcc. bcc, or the BPF Compiler Collection, is a set of tools that let you write eBPF bytecode by writing C-style code and compiling it down to eBPF bytecode. It also provides a lot of tooling and wrappers to make it easier to manage your code, and control how you'll get the data back. Overall, it makes eBPF development a breeze. It has multi-language support, including both C++ and Python, making it very versatile. I recommend taking a look at the GitHub repo, as well as at some of the examples, to get an idea of what you can do with bcc.