These are very basic demo files to investigate eBPF at an extremely simple level. Note -- EBPF is really touchy as to exact versions of software and OS. I am using Ubuntu 22.04 LTS
A good way to start (far better than this trivial intro) is the lab here: ']
or the resources here
https://www.brendangregg.com/blog/2019-01-01/learn-ebpf-tracing.html
In recent versions of Ubuntu at least package names and command names have been changing around. I suspect this information will be very different for very different releases of Ubuntu (never mind different distros). In Ubuntu 22.04 I needed
# sudo apt install bpfcc-tools
# sudo apt install linux-tools-generic
# sudo apt install linux-hwe-6.2-tools-common
# sudo apt install libbpf-dev
Also for some reason opensnoop (referred to by a lot of tutorials) is known as opensnoop-bpfcc.
I found it useful to clone: [email protected]:iovisor/bcc.git To get example code to look at.
Also note that on Ubuntu 22.04 programs like opensnoop-bpfcc give a warning (yet still run). iovisor/bcc#3366