eBPF programs can extract kernel event data, and tracing programs like kprobes, fprobes, and tracepoints offer rich data for tasks such as performance monitoring and syscall argument tracing. Tracepoints hook to predefined kernel points and remain stable across versions, while raw tracepoints offer performance benefits but need
Table of contents
TracepointRaw TracepointKernel Probe (kprobe)BTF-Enabled Raw TracepointFprobes (fentry/fexit)Code ExamplesSort: