Skip to main content
bpfsnoop

bpfsnoop

A modernized kernel functions, kernel tracepoints and bpf programs tracing tool for the bpf era.

DownloadStar me at GitHub!

Advanced features

Trace kernel with ease.

Trace kernel functions

Trace kernel functions with fentry, fexit

Trace kernel tracepoints

Trace kernel tracepoints with tp_btf

Trace bpf programs

Trace kernel bpf programs with fentry, fexit

Output LBR

Output Last Branch Record (LBR) for each tracee

Filter kernel functions

Filter kernel functions with glob, arguments name w/ or w/o arguments type

Filter kernel tracepoints

Filter kernel tracepoints with glob, arguments name w/ or w/o arguments type

Filter bpf programs

Filter bpf programs with glob, arguments name w/ or w/o arguments type, ids, tags, pid, etc.

Output function stack

Output function stack for each tracee

Output args and retval

Output typed arguments and typed return value for each tracee

Filter args

Filter arguments' attributes with C expression

Output args

Output arguments' attributes with C expression

Output flame graph

Output flame graph of function stack

Filter packets

Filter packets with pcap-filter(7) if tracee has skb or xdp argument

Output packets

Output packets' tuple info if tracee has skb or xdp argument

Release under the Apache-2.0 & GPL-2.0 Licenses, Copyright © 2025-present Leon Hwang