def setUp(self):
b = BPF(arg1, arg2, debug=0)
fn1 = b.load_func("probe_blk_start_request", BPF.KPROBE)
fn2 = b.load_func("probe_blk_update_request", BPF.KPROBE)
self.latency = b.get_table("latency", c_uint, c_ulong)
BPF.attach_kprobe(fn1, "blk_start_request", -1, 0)
BPF.attach_kprobe(fn2, "blk_update_request", -1, 0)
def setUp(self):
b = BPF(arg1, arg2, debug=0)
fn1 = b.load_func("probe_blk_start_request", BPF.KPROBE)
fn2 = b.load_func("probe_blk_update_request", BPF.KPROBE)
self.latency = b.get_table("latency", c_uint, c_ulong)
BPF.attach_kprobe(fn1, "blk_start_request", -1, 0)
BPF.attach_kprobe(fn2, "blk_update_request", -1, 0)
def setUp(self):
b = BPF(arg1, arg2, debug=0)
self.latency = b.get_table("latency", c_uint, c_ulong)
b.attach_kprobe(event="blk_start_request",
fn_name="probe_blk_start_request", pid=-1, cpu=0)
b.attach_kprobe(event="blk_update_request",
fn_name="probe_blk_update_request", pid=-1, cpu=0)
def setUp(self):
b = BPF(arg1, arg2, debug=0)
fn1 = b.load_func("sys_wr", BPF.KPROBE)
fn2 = b.load_func("sys_rd", BPF.KPROBE)
fn3 = b.load_func("sys_bpf", BPF.KPROBE)
self.stats = b.get_table("stats", Key, Leaf)
BPF.attach_kprobe(fn1, "sys_write", 0, -1)
BPF.attach_kprobe(fn2, "sys_read", 0, -1)
BPF.attach_kprobe(fn2, "htab_map_get_next_key", 0, -1)
class TestKprobeRgx(TestCase):
def setUp(self):
self.b = BPF(
text="""
typedef struct { int idx; } Key;
typedef struct { u64 val; } Val;
BPF_TABLE("array", Key, Val, stats, 3);
int hello(void *ctx) {
stats.lookup_or_init(&(Key){1}, &(Val){0})->val++;
return 0;
}
int goodbye(void *ctx) {
stats.lookup_or_init(&(Key){2}, &(Val){0})->val++;
return 0;
}
"""
)
self.b.attach_kprobe(event_re="^SyS_bp.*", fn_name="hello")
self.b.attach_kretprobe(event_re="^SyS_bp.*", fn_name="goodbye")
def test_send1(self):
k1 = self.b["stats"].Key(1)
k2 = self.b["stats"].Key(2)
self.assertEqual(self.b["stats"][k1].val, self.b["stats"][k2].val + 1)
def setUp(self):
b = BPF(text=text, debug=0)
self.stats = b.get_table("stats")
b.attach_kprobe(event="schedule+50", fn_name="count_sched", pid=0, cpu=-1)
# arguments
interval = 1
count = -1
if len(argv) > 1:
try:
interval = int(argv[1])
if interval == 0:
raise
if len(argv) > 2:
count = int(argv[2])
except: # also catches -h, --help
usage()
# load BPF program
b = BPF(src_file="vfsstat.c")
BPF.attach_kprobe(b.load_func("do_read", BPF.KPROBE), "vfs_read")
BPF.attach_kprobe(b.load_func("do_write", BPF.KPROBE), "vfs_write")
BPF.attach_kprobe(b.load_func("do_fsync", BPF.KPROBE), "vfs_fsync")
BPF.attach_kprobe(b.load_func("do_open", BPF.KPROBE), "vfs_open")
BPF.attach_kprobe(b.load_func("do_create", BPF.KPROBE), "vfs_create")
stats = b.get_table("stats", c_int, c_ulonglong)
# stat column labels and indexes
stat_types = {"READ": 1, "WRITE": 2, "FSYNC": 3, "OPEN": 4, "CREATE": 5}
# header
print("%-8s " % "TIME", end="")
last = {}
for stype in stat_types.keys():
print(" %8s" % (stype + "/s"), end="")
idx = stat_types[stype]
#!/usr/bin/python
# Copyright (c) PLUMgrid, Inc.
# Licensed under the Apache License, Version 2.0 (the "License")
from bpf import BPF
from time import sleep
b = BPF(src_file="task_switch.c")
fn = b.load_func("count_sched", BPF.KPROBE)
stats = b.get_table("stats")
BPF.attach_kprobe(fn, "finish_task_switch")
# generate many schedule events
for i in range(0, 100):
sleep(0.01)
for k, v in stats.items():
print("task_switch[%5d->%5d]=%u" % (k.prev_pid, k.curr_pid, v.value))
# Written as a basic example of BCC trace & reformat. See hello_world.py
# for a BCC trace with default output example.
#
# 13-Aug-2015 Brendan Gregg Created this.
from bpf import BPF
import sys
# load BPF program
b = BPF(text = """
int do_sync(void *ctx) {
bpf_trace_printk("sync()\\n");
return 0;
};
""")
BPF.attach_kprobe(b.load_func("do_sync", BPF.KPROBE), "sys_sync")
# header
print "%-18s %s" % ("TIME(s)", "CALL")
# open trace pipe
try:
trace = open("/sys/kernel/debug/tracing/trace_pipe", "r")
except:
print >> sys.stderr, "ERROR: opening trace_pipe"
exit(1)
# format output
while 1:
try:
line = trace.readline().rstrip()
# arguments
interval = 5
count = -1
if len(argv) > 1:
try:
interval = int(argv[1])
if interval == 0:
raise
if len(argv) > 2:
count = int(argv[2])
except: # also catches -h, --help
usage()
# load BPF program
b = BPF(src_file = "vfsreadlat.c")
b.attach_kprobe(event="vfs_read", fn_name="do_entry")
b.attach_kretprobe(event="vfs_read", fn_name="do_return")
dist_max = 64
# header
print("Tracing... Hit Ctrl-C to end.")
# functions
stars_max = 38
def stars(val, val_max, width):
i = 0
text = ""
while (1):
if (i > (width * val / val_max) - 1) or (i > width - 1):
break
text += "*"
#!/usr/bin/env python
# Copyright (c) PLUMgrid, Inc.
# Licensed under the Apache License, Version 2.0 (the "License")
# run in project examples directory with:
# sudo ./hello_world.py"
from bpf import BPF
prog = """
int hello(void *ctx) {
bpf_trace_printk("Hello, World!\\n");
return 0;
}
"""
b = BPF(text=prog)
b.attach_kprobe(event="sys_clone", fn_name="hello")
b.trace_print(fmt="{1} {5}")
#!/usr/bin/env python
# Copyright (c) PLUMgrid, Inc.
# Licensed under the Apache License, Version 2.0 (the "License")
# run in project examples directory with:
# sudo ./hello_world.py"
from bpf import BPF
from subprocess import call
prog = """
int hello(void *ctx) {
bpf_trace_printk("Hello, World!\\n");
return 0;
};
"""
b = BPF(text=prog)
fn = b.load_func("hello", BPF.KPROBE)
BPF.attach_kprobe(fn, "sys_clone")
try:
call(["cat", "/sys/kernel/debug/tracing/trace_pipe"])
except KeyboardInterrupt:
pass
#!/usr/bin/python
# Copyright (c) PLUMgrid, Inc.
# Licensed under the Apache License, Version 2.0 (the "License")
from bpf import BPF
from time import sleep
b = BPF(src_file="task_switch.c")
b.attach_kprobe(event="finish_task_switch", fn_name="count_sched")
# generate many schedule events
for i in range(0, 100): sleep(0.01)
for k, v in b["stats"].items():
print("task_switch[%5d->%5d]=%u" % (k.prev_pid, k.curr_pid, v.value))
# arguments
interval = 5
count = -1
if len(argv) > 1:
try:
interval = int(argv[1])
if interval == 0:
raise
if len(argv) > 2:
count = int(argv[2])
except: # also catches -h, --help
usage()
# load BPF program
b = BPF(src_file="bitehist.c")
BPF.attach_kprobe(b.load_func("do_request", BPF.KPROBE), "blk_start_request")
dist = b.get_table("dist", c_int, c_ulonglong)
dist_max = 64
# header
print("Tracing... Hit Ctrl-C to end.")
last = {}
for i in range(1, dist_max + 1):
last[i] = 0
# functions
stars_max = 38
def stars(val, val_max, width):
i = 0
# arguments
interval = 1
count = -1
if len(argv) > 1:
try:
interval = int(argv[1])
if interval == 0:
raise
if len(argv) > 2:
count = int(argv[2])
except: # also catches -h, --help
usage()
# load BPF program
b = BPF(src_file = "vfsstat.c")
BPF.attach_kprobe(b.load_func("do_read", BPF.KPROBE), "vfs_read")
BPF.attach_kprobe(b.load_func("do_write", BPF.KPROBE), "vfs_write")
BPF.attach_kprobe(b.load_func("do_fsync", BPF.KPROBE), "vfs_fsync")
BPF.attach_kprobe(b.load_func("do_open", BPF.KPROBE), "vfs_open")
BPF.attach_kprobe(b.load_func("do_create", BPF.KPROBE), "vfs_create")
stats = b.get_table("stats", c_int, c_ulonglong)
# stat column labels and indexes
stat_types = {
"READ" : 1,
"WRITE" : 2,
"FSYNC" : 3,
"OPEN" : 4,
"CREATE" : 5
}
#!/usr/bin/python
#
# pidpersec.py Count new processes (via fork).
# For Linux, uses BCC, eBPF. See .c file.
#
# Written as a basic example of counting an event.
#
# 11-Aug-2015 Brendan Gregg Created this.
from bpf import BPF
from ctypes import c_ushort, c_int, c_ulonglong
from time import sleep, strftime
# load BPF program
b = BPF(src_file="pidpersec.c")
BPF.attach_kprobe(b.load_func("do_count", BPF.KPROBE), "sched_fork")
stats = b.get_table("stats", c_int, c_ulonglong)
# stat indexes
S_COUNT = 1
# header
print "Tracing... Ctrl-C to end."
# output
last = 0
while 1:
try:
sleep(1)
except KeyboardInterrupt:
pass
#!/usr/bin/python
# Copyright (c) PLUMgrid, Inc.
# Licensed under the Apache License, Version 2.0 (the "License")
from bpf import BPF
from time import sleep
b = BPF(src_file="task_switch.c")
fn = b.load_func("count_sched", BPF.KPROBE)
stats = b.get_table("stats")
BPF.attach_kprobe(fn, "finish_task_switch")
# generate many schedule events
for i in range(0, 100): sleep(0.01)
for k, v in stats.items():
print("task_switch[%5d->%5d]=%u" % (k.prev_pid, k.curr_pid, v.value))
def setUp(self):
b = BPF(text=text, debug=0)
fn = b.load_func("count_sched", BPF.KPROBE)
self.stats = b.get_table("stats")
BPF.attach_kprobe(fn, "schedule+50", 0, -1)
end = len(ksym_addrs)
while end != start + 1:
mid = (start + end) / 2
if addr < ksym_addrs[mid]:
end = mid
else:
start = mid
if start == -1:
return "[unknown]"
return ksym_names[start]
load_kallsyms()
# load BPF program
b = BPF(src_file = "vfscount.c")
fn = b.load_func("do_count", BPF.KPROBE)
BPF.attach_kprobe(fn, "vfs_read")
BPF.attach_kprobe(fn, "vfs_write")
BPF.attach_kprobe(fn, "vfs_fsync")
BPF.attach_kprobe(fn, "vfs_open")
BPF.attach_kprobe(fn, "vfs_create")
counts = b.get_table("counts")
# header
print "Tracing... Ctrl-C to end."
# output
try:
sleep(99999999)
except KeyboardInterrupt:
pass
mid = (start + end) / 2
if addr < ksym_addrs[mid]:
end = mid
else:
start = mid
if start == -1:
return "[unknown]"
return ksym_names[start]
load_kallsyms()
# load BPF program
b = BPF(src_file="vfscount.c")
fn = b.load_func("do_count", BPF.KPROBE)
BPF.attach_kprobe(fn, "vfs_read")
BPF.attach_kprobe(fn, "vfs_write")
BPF.attach_kprobe(fn, "vfs_fsync")
BPF.attach_kprobe(fn, "vfs_open")
BPF.attach_kprobe(fn, "vfs_create")
counts = b.get_table("counts")
# header
print "Tracing... Ctrl-C to end."
# output
try:
sleep(99999999)
except KeyboardInterrupt:
pass
def setUp(self):
b = BPF(arg1, arg2, debug=0)
self.stats = b.get_table("stats", Key, Leaf)
b.attach_kprobe(event="sys_write", fn_name="sys_wr", pid=0, cpu=-1)
b.attach_kprobe(event="sys_read", fn_name="sys_rd", pid=0, cpu=-1)
b.attach_kprobe(event="htab_map_get_next_key", fn_name="sys_rd", pid=0, cpu=-1)
#
# disksnoop.py Trace block device I/O: basic version of iosnoop.
# For Linux, uses BCC, eBPF. See .c file.
#
# Written as a basic example of tracing latency.
#
# 11-Aug-2015 Brendan Gregg Created this.
from bpf import BPF
import sys
REQ_WRITE = 1 # from include/linux/blk_types.h
# load BPF program
b = BPF(src_file="disksnoop.c")
BPF.attach_kprobe(b.load_func("do_request", BPF.KPROBE), "blk_start_request")
BPF.attach_kprobe(b.load_func("do_completion", BPF.KPROBE), "blk_update_request")
# header
print "%-18s %-2s %-7s %8s" % ("TIME(s)", "T", "BYTES", "LAT(ms)")
# open trace pipe
try:
trace = open("/sys/kernel/debug/tracing/trace_pipe", "r")
except:
print >> sys.stderr, "ERROR: opening trace_pipe"
exit(1)
# format output
while 1:
try:
#!/usr/bin/python
#
# pidpersec.py Count new processes (via fork).
# For Linux, uses BCC, eBPF. See .c file.
#
# Written as a basic example of counting an event.
#
# 11-Aug-2015 Brendan Gregg Created this.
from bpf import BPF
from ctypes import c_ushort, c_int, c_ulonglong
from time import sleep, strftime
# load BPF program
b = BPF(src_file="pidpersec.c")
BPF.attach_kprobe(b.load_func("do_count", BPF.KPROBE), "sched_fork")
stats = b.get_table("stats", c_int, c_ulonglong)
# stat indexes
S_COUNT = 1
# header
print "Tracing... Ctrl-C to end."
# output
last = 0
while (1):
try:
sleep(1)
except KeyboardInterrupt:
pass
# arguments
interval = 5
count = -1
if len(argv) > 1:
try:
interval = int(argv[1])
if interval == 0:
raise
if len(argv) > 2:
count = int(argv[2])
except: # also catches -h, --help
usage()
# load BPF program
b = BPF(src_file = "vfsreadlat.c")
BPF.attach_kprobe(b.load_func("do_entry", BPF.KPROBE), "vfs_read")
BPF.attach_kretprobe(b.load_func("do_return", BPF.KPROBE), "vfs_read")
dist = b.get_table("dist", c_int, c_ulonglong)
dist_max = 64
# header
print("Tracing... Hit Ctrl-C to end.")
last = {}
for i in range(1, dist_max + 1):
last[i] = 0
# functions
stars_max = 38
def stars(val, val_max, width):
i = 0
text = ""
# arguments
interval = 5
count = -1
if len(argv) > 1:
try:
interval = int(argv[1])
if interval == 0:
raise
if len(argv) > 2:
count = int(argv[2])
except: # also catches -h, --help
usage()
# load BPF program
b = BPF(src_file = "bitehist.c")
BPF.attach_kprobe(b.load_func("do_request", BPF.KPROBE), "blk_start_request")
dist = b.get_table("dist", c_int, c_ulonglong)
dist_max = 64
# header
print("Tracing... Hit Ctrl-C to end.")
last = {}
for i in range(1, dist_max + 1):
last[i] = 0
# functions
stars_max = 38
def stars(val, val_max, width):
i = 0
text = ""
while (1):
