LLMpediaThe first transparent, open encyclopedia generated by LLMs

bcc (software)

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: eBPF Hop 5
Expansion Funnel Raw 42 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted42
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
bcc (software)
Namebcc
DeveloperIovisor Project; contributions from Intel Corporation, Netflix, Facebook, Google
Released2014
Programming languageC (programming language), Python (programming language)
Operating systemLinux
GenreSystem software
LicenseApache License

bcc (software)

bcc is a toolkit for extended Berkeley Packet Filter tracing and Linux performance analysis. It provides a set of high-level tools, libraries, and Python bindings to author, compile, and run eBPF programs for observability and networking tasks on Linux kernel platforms. bcc bridges kernel introspection with user-space workflows, enabling developers and operators at organizations such as Netflix, Facebook, Google, Intel Corporation to perform low-overhead tracing and monitoring.

Overview

bcc originated as a collection of front-end utilities and helpers for writing eBPF code in C (programming language), with Python wrappers and command-line tools for common tasks. It exposes interfaces to attach probes to kprobe/uprobes, tracepoints, and cgroup or socket hooks, integrating with kernel subsystems like perf_events and XDP. bcc complements projects such as bpftrace and the Linux kernel's native tooling, fitting into observability stacks alongside platforms like Prometheus, Grafana, and Fluentd.

History and development

bcc began within the Iovisor Project and received input from contributors at Intel Corporation and cloud companies including Netflix and Facebook. Development tracks involved upstream collaboration with the Linux kernel community and coordination with initiatives like XDP and the eBPF ecosystem. bcc was shaped by performance needs observed in production at organizations such as Netflix and research groups at University of California, Berkeley. Over time, it evolved alongside tools such as bcc-tools and influenced derivative projects maintained by the Cloud Native Computing Foundation and vendors including Red Hat.

Architecture and components

bcc comprises multiple layers: user-space libraries in C (programming language) and Python (programming language), a compiler pipeline leveraging the Clang/LLVM toolchain, and runtime helpers that interact with the Linux kernel. The toolset includes individual programs (for example, those for tracing syscall latency, TCP stack behavior, or file I/O) and reusable APIs for map management and event parsing. It integrates with kernel mechanisms like kprobe, uprobe, tracepoint, perf_events, and cgroups, and can emit data consumable by systems such as systemd and observability suites used at Facebook and Google.

Features and functionality

bcc offers prebuilt utilities for tasks such as latency profiling, network packet filtering, and syscall counting, and provides libraries to author custom eBPF programs using C (programming language) with Python-driven orchestration. Common features include attaching to kprobe/kretprobe and uprobes for dynamic instrumentation, using per-CPU and hash maps for aggregation, and delivering sampled or streaming events through perf buffers. bcc supports integration with monitoring systems used by Netflix and Uber Technologies and can be embedded in workflows alongside Kubernetes clusters and telemetry tools like Prometheus.

Use cases and adoption

bcc has been used for performance troubleshooting in production at companies such as Netflix, Facebook, Google, and Intel Corporation and in academic settings like University of California, Berkeley. Typical use cases include latency root-cause analysis for services deployed via Kubernetes, network performance debugging for XDP-based datapaths, and security auditing where low-overhead kernel tracing complements SELinux and AppArmor controls. Its adoption spans cloud providers, CDN operators, and observability vendors integrating eBPF-derived telemetry into platforms like Grafana and Fluentd.

Reception and performance

Practitioners have praised bcc for enabling powerful, low-overhead instrumentation compared to traditional userspace profilers and heavyweight kernel patches, citing deployments at scale at Netflix and Facebook. Benchmarks reported in vendor and community blogs often compare bcc's overhead favorably against sampling profilers and legacy tracing frameworks, with particular strengths for high-frequency event capture and per-CPU aggregation. Criticisms have centered on maintenance burden, the learning curve of eBPF semantics, and portability across Linux kernel versions; these concerns have been addressed progressively through upstream kernel work and ecosystem tools from the Iovisor Project and Cloud Native Computing Foundation.

Licensing and availability

bcc is distributed under the Apache License and is available via source repositories maintained by the Iovisor Project and mirrored by contributors such as Intel Corporation and Netflix. Binary packages and distribution-specific builds are provided by vendors like Red Hat and community package maintainers for major Linux distributions. Development activity and issue tracking occur on public platforms used by projects in the open source ecosystem, with contributions from both corporate and academic stakeholders.

Category:Linux software