High-level tracing language for Linux eBPF
jiffies
builtin for advanced usages
execsnoop.bt
strftime
instead of elapsed
in execsnoop.bt
strftime
instead of elapsed
in threadsnoop.bt
threadsnoop.bt
runnable_weight
field from cfs_rq struct.
killsnoop.bt
args
a structure (instead of a pointer)
-c
CLOCK_MONOTONIC
with nsecs(monotonic)
iter:task_vma
iterators detection
offsetof
, get the offset of the element in the struct
strcontains
builtin function, find a substring in a string