Show HN: XCapture v3: Linux Performance Analysis with Modern eBPF and DuckDB
tanelpoder.comHello, I just released the (eventually) final version of my xcapture eBPF performance tool that now uses modern eBPF (libbpf, BTF, CO-RE, passive sampling using task iterators, task-local storage, etc).
The previous BCC-based v2 version got a good discussion here last year [1], but due to BCC being less flexible and now deprecated, I decided to pull the plug and start from scratch with the latest eBPF features available. I'm targeting Linux kernels 5.14 and up. So Ubuntu 20 with HWE kernel (5.15) already works, RHEL9 works, Oracle's RHEL8 clone OEL8 with Oracle's UEK7 kernel (5.15) also works. Supporting 64-bit x86 and ARM for now (I'm tempted to try it out on RISC-V too).
How this approach and method differs from traditional eBPF tracing and systemwide metric collection tools is that xcapture "tracks (not traces) plus samples" all threads' activity in the entire system. This way you can get a systemwide summary of activity (who's spending time on what) and drill down into an individual thread if you want to. Thanks to this method, it is feasible to track+sample all activity all the time, which is not realistic with tracing and not detailed enough with systemwide utilization metrics monitoring.
I managed to explain this method in just 10 minutes at last year's eBPF Summit, the 10-minute video is the 1st one you see on 0xtools website [2].
Thanks for reading, waiting for feedback!