Kprobe and Kretprobe
Instrument kernel functions at entry and exit for live tracing.
eBPF Probes
Deep dive into tracing hooks so you can watch almost any function run inside the kernel or in user processes.
Uprobes and Uretprobes
Entry and return probes for user-space functions so you can trace any binary or shared library at run time without recompiling or restarting the application.
Tracepoints
Stable versioned hooks inserted by kernel developers for common events.
Raw Tracepoints
Lower level access when you need every byte of the event payload.
Fentry and Fexit
Modern low overhead probes attached directly to function start and return.