Name: Traceloop: Tracing containers syscalls using BPF
Start: 2020-01-25T17:00:00+0100
End: 2020-01-25T17:25:00+0100

Back To Schedule

Traceloop: Tracing containers syscalls using BPF

Feedback form is now closed.

I will present traceloop, a tracing tool to trace system calls in cgroups or in containers using BPF and overwritable ring buffers.

Many people use the “strace” tool to synchronously trace system calls using ptrace. Traceloop similarly traces system calls but asynchronously in the background, using BPF and tracing per cgroup. I’ll show how it can be integrated with systemd and with Kubernetes via Inspektor Gadget.

Traceloop's traces are recorded in a fast, in-memory, overwritable ring buffer like a flight recorder. As opposed to “strace”, the tracing could be permanently enabled on systemd services or Kubernetes pods and inspected in case of a crash. This is like a always-on “strace in the past”.

Traceloop uses BPF through the gobpf library. Several new features have been added in gobpf for the needs of traceloop: support for overwritable ring buffers and swapping buffers when the userspace utility dumps the buffer.

https://github.com/kinvolk/traceloop

Speakers

Alban Crequy

Co-founder and Director of Kinvolk Labs, Kinvolk

Alban is Co-founder of Kinvolk and director of engineering for Kinvolk Labs. He has a particular interest in integrating BPF into Kubernetes. He’s a maintainer of the gobpf library and has worked on software in the cloud space using BPF with Golang: Weave Scope, Traceleft, Project... Read More →

Inspektor Gadget and traceloop [DevConf.CZ] pdf

Saturday January 25, 2020 5:00pm - 5:25pm CET
E112 Faculty of Information Technology Brno University of Technology, Božetěchova, Brno-Královo Pole, Czechia

Debug / Tracing, Presentation

Level Intermediate

Attendees (69)

M
D
K
H
J
D
j
l
View All →

DevConf.CZ 2020

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Alban Crequy

Attendees (69)