Hi, I'm new to ebpf. I want to write an ebpf program that can trace the syscall arguments and return values. According to my research, I can do this using `kprobe`, `kretprobe` or `tracepoint` or `raw_tracepoint` type of bpf programs.
- What factors should I consider when choosing one type of program over another? - Is the main difference among them is performance benefits? I'd be great help if one can point me to any documentations about the performance difference among different types of ebpf programs. - How can I benchmark these programs? Thanks!
