def printEvent(event):
printb(b"%-9s" % strftime("%H:%M:%S").encode('ascii'), nl="")
ppid = event.ppid if event.ppid > 0 else -1
ppid = b"%d" % ppid if ppid > 0 else b"?"
argv_text = b' '.join(argv[event.pid]).replace(b'\n', b'\\n')
printb(b"%-16s %-6d %-6s %3d %s" %
(event.comm, event.pid, ppid, event.retval, argv_text))
def print_event(cpu, data, size):
event = b["events"].event(data)
global initial_ts
# split return value into FD and errno columns
if event.ret >= 0:
fd_s = event.ret
err = 0
else:
fd_s = -1
err = - event.ret
if not initial_ts:
initial_ts = event.ts
printb(b"%-6d %-16s %4d %3d " %
(event.id & event.id >> 32,
event.comm, fd_s, err), nl="")
printb(b'%s' % event.fname)
def print_event(cpu, data, size):
event = b["events"].event(data)
global start_ts
if start_ts == 0:
start_ts = event.ts
if event.rwflag == 1:
rwflg = "W"
else:
rwflg = "R"
delta = float(event.ts) - start_ts
# print(event.pid)
if event.pid != 0:
if args.time:
printb(b"%-9s" % strftime("%H:%M:%S").encode('ascii'), nl="")
print("%-11.6f %-14.14s %-6s %-7s %-1s %-10s %-7s" % (
delta / 1000000, event.name.decode('utf-8', 'replace'), event.pid,
event.disk_name.decode('utf-8', 'replace'), rwflg, event.sector,
event.len), end="")
if args.queue:
print("%7.2f " % (float(event.qdelta) / 1000000), end="")
if args.netns:
print("%-8d" % event.netns, end="")
print("%7.2f" % (float(event.delta) / 1000000))
def process_netevent(cpu, data, size):
global lists
global args
event = b["events"].event(data)
ip_address = socket.inet_ntoa(struct.pack("I", event.address))
if args.verbose:
printb(b"\t%s (%d) %s:%d" %
(event.comm, event.pid, ip_address, socket.htons(event.port)))
for feed in lists:
if feed.check_membership(ip_address):
if args.action == "print":
print("{} ({}) touched a bad IP ({})".format(
event.comm, event.pid, ip_address))
elif args.action == "dump":
os.kill(event.pid, 19)
os.system(
"gcore -o /tmp/meatball-{}.core {} 2>/dev/null".format(
event.ts, event.pid))
os.kill(event.pid, 9)
print("{} ({}) Meatball took a dump in /tmp/ ({})".format(
event.comm, event.pid, ip_address))
elif args.action == "suspend":
os.kill(event.pid, 19)
print("{} ({}) was suspended ({}) ".format(
event.comm, event.pid, ip_address))
elif args.action == "kill":
os.kill(event.pid, 9)
print("{} ({}) was killed by Meatball ({}) ".format(
event.comm, event.pid, ip_address))
def print_event(cpu, data, size):
# Decode event
event = b["listen_evt"].event(data)
pid = event.pid_tgid & 0xffffffff
proto_family = event.proto & 0xff
proto_type = event.proto >> 16 & 0xff
if proto_family == SOCK_STREAM:
protocol = "TCP"
elif proto_family == SOCK_DGRAM:
protocol = "UDP"
else:
protocol = "UNK"
address = ""
if proto_type == AF_INET:
protocol += "v4"
address = inet_ntop(AF_INET, pack("I", event.laddr[0]))
elif proto_type == AF_INET6:
address = inet_ntop(AF_INET6, event.laddr)
protocol += "v6"
# Display
if show_netns:
printb(b"%-6d %-12.12s %-12s %-6s %-8s %-5s %-39s" % (
pid, event.task, event.netns, protocol, event.backlog,
event.lport, address,
))
else:
printb(b"%-6d %-12.12s %-6s %-8s %-5s %-39s" % (
pid, event.task, protocol, event.backlog,
event.lport, address,
))
def print_event(cpu, data, size):
event = ct.cast(data, ct.POINTER(Data)).contents
skip = False
if event.type == EventType.EVENT_ARG:
argv[event.pid].append(event.argv)
elif event.type == EventType.EVENT_RET:
if event.retval != 0 and not args.fails:
skip = True
if args.name and not re.search(bytes(args.name), event.comm):
skip = True
if args.line and not re.search(bytes(args.line),
b' '.join(argv[event.pid])):
skip = True
if args.quote:
argv[event.pid] = [
"\"" + arg.replace("\"", "\\\"") + "\""
for arg in argv[event.pid]
]
if not skip:
if args.timestamp:
print("%-8.3f" % (time.time() - start_ts), end="")
ppid = get_ppid(event.pid)
ppid = b"%d" % ppid if ppid > 0 else b"?"
printb(b"%-16s %-6d %-6s %3d %s" % (event.comm, event.pid,
ppid, event.retval, b' '.join(argv[event.pid])))
try:
del(argv[event.pid])
except Exception:
pass
def print_event(cpu, data, size):
event = ct.cast(data, ct.POINTER(Data)).contents
global initial_ts
# split return value into FD and errno columns
if event.ret >= 0:
fd_s = event.ret
err = 0
else:
fd_s = -1
err = -event.ret
if not initial_ts:
initial_ts = event.ts
if args.failed and (event.ret >= 0):
return
if args.name and bytes(args.name) not in event.comm:
return
if args.timestamp:
delta = event.ts - initial_ts
print("%-14.9f" % (float(delta) / 1000000), end="")
print("%-6d %-16s %4d %3d " %
(event.id & 0xffffffff if args.tid else event.id >> 32,
event.comm.decode('utf-8', 'replace'), fd_s, err),
end="")
if args.extended_fields:
print("%08o " % event.flags, end="")
printb(b'%s' % event.fname.decode('utf-8', 'replace'))
def print_event(cpu, data, size):
event = ct.cast(data, ct.POINTER(Data)).contents
skip = False
if event.type == EventType.EVENT_ARG:
argv[event.pid].append(event.argv)
elif event.type == EventType.EVENT_RET:
if event.retval != 0 and not args.fails:
skip = True
if args.name and not re.search(bytes(args.name), event.comm):
skip = True
if args.line and not re.search(bytes(args.line),
b' '.join(argv[event.pid])):
skip = True
if args.quote:
argv[event.pid] = [
"\"" + arg.replace("\"", "\\\"") + "\""
for arg in argv[event.pid]
]
if not skip:
if args.timestamp:
print("%-8.3f" % (time.time() - start_ts), end="")
ppid = get_ppid(event.pid)
ppid = b"%d" % ppid if ppid > 0 else b"?"
printb(b"%-16s %-6d %-6s %3d %s" % (event.comm, event.pid,
ppid, event.retval, b' '.join(argv[event.pid])))
try:
del(argv[event.pid])
except Exception:
pass
def print_event(cpu, data, size):
event = b["events"].event(data)
skip = False
if event.type == EventType.EVENT_ARG:
argv[event.pid].append(event.argv)
elif event.type == EventType.EVENT_RET:
if event.retval != 0 and not args.fails:
skip = True
if args.name and not re.search(bytes(args.name), event.comm):
skip = True
if args.line and not re.search(bytes(args.line),
b' '.join(argv[event.pid])):
skip = True
if args.quote:
argv[event.pid] = [
b"\"" + arg.replace(b"\"", b"\\\"") + b"\""
for arg in argv[event.pid]
]
if not skip:
if args.timestamp:
printb(b"%-8.3f" % (time.time() - start_ts), nl="")
ppid = event.ppid if event.ppid > 0 else get_ppid(event.pid)
ppid = b"%d" % ppid if ppid > 0 else b"?"
argv_text = b' '.join(argv[event.pid]).replace(b'\n', b'\\n')
printb(b"%-16s %-6d %-6s %3d %s" % (event.comm, event.pid,
ppid, event.retval, argv_text))
try:
del(argv[event.pid])
except Exception:
pass
def print_ipv6_event(cpu, data, size):
event = b["tcp_ipv6_event"].event(data)
global start_ts
if args.time:
printb(b"%-9s" % strftime("%H:%M:%S").encode('ascii'), nl="")
if args.timestamp:
if start_ts == 0:
start_ts = event.ts_ns
if args.verbose:
print("%-14d" % (event.ts_ns - start_ts), end="")
else:
print("%-9.3f" % ((event.ts_ns - start_ts) / 1000000000.0), end="")
if event.type == 1:
type_str = "C"
elif event.type == 2:
type_str = "A"
elif event.type == 3:
type_str = "X"
else:
type_str = "U"
if args.verbose:
print("%-12s " % (verbose_types[type_str]), end="")
else:
print("%-2s " % (type_str), end="")
print("%-6d %-16s %-2d %-16s %-16s %-6d %-6d" %
(event.pid, event.comm.decode('utf-8', 'replace'), event.ip,
"[" + inet_ntop(AF_INET6, event.saddr) + "]", "[" +
inet_ntop(AF_INET6, event.daddr) + "]", event.sport, event.dport),
end="")
if args.verbose and not args.netns:
print(" %-8d" % event.netns)
else:
print()
def print_ipv4_event(cpu, data, size):
event = b["ipv4_events"].event(data)
state = tcpstate2str(event.state).encode()
dest_ip = inet_ntop(AF_INET, pack("I", event.daddr)).encode()
printb(b"%-6d %-6d %-12.12s %-2d %-16s %-6d %-16s %-6d %-12.12s" %
(event.pid, event.tgid, event.task, event.ip,
inet_ntop(AF_INET, pack("I", event.saddr)).encode(), event.lport,
dest_ip, event.dport, state))
def print_stream_event(cpu, data, size):
event = b["stream_recvmsg_events"].event(data)
global start_ts
if args.timestamp:
if start_ts == 0:
start_ts = event.ts_us
printb(b"%-9.3f" % ((float(event.ts_us) - start_ts) / 1000000), nl="")
printb(b"%-6s %-12s" % (event.pid, event.task))
def print_event(cpu, data, size):
event = ct.cast(data, ct.POINTER(Data)).contents
if cpu == int(args.cpu) and event.type == 0:
printb(
b"%-9s %d %d %d %d %d %d" %
(strftime("%H:%M:%S").encode('ascii'), event.pid, event.vruntime,
event.load_sum, event.util_sum, event.load_avg, event.util_avg))
def print_event(cpu, data, size):
global start
event = b["events"].event(data)
if start == 0:
start = event.ts
time_s = (float(event.ts - start)) / 1000000000
printb(b"%-18.9f %-16s %-6d %s" %
(time_s, event.comm, event.pid, b"Hello, perf_output!"))
def print_event(cpu, data, size):
event = ct.cast(data, ct.POINTER(Data)).contents
if (args.failed and (event.ret >= 0)):
return
printb(b"%-9s %-6d %-16s %-4d %-6d %d" % (strftime("%H:%M:%S"),
event.pid, event.comm, event.sig, event.tpid, event.ret))
def print_event(cpu, data, size):
event = b["events"].event(data)
if (args.failed and (event.ret >= 0)):
return
printb(b"%-9s %-6d %-16s %-4d %-6d %d" % (strftime("%H:%M:%S").encode('ascii'),
event.pid, event.comm, event.sig, event.tpid, event.ret))
def print_event(cpu, data, size):
event = bpf["events"].event(data)
printb(
b"%-16s %-8s %-8s %-8s %-12s" %
(dec2ip(event.ip_src_addr), parse_ip_protocol(event.trans_proto),
str(event.src_port) if event.src_port != 0 else '-',
str(event.dst_port) if event.dst_port != 0 else '-',
parse_xdp_action(event.action)))
def print_event(cpu, data, size):
event = bpf["events"].event(data)
printb(b"%-8d %-8d %-8s %-8s" % (
event.pid,
event.argc,
event.argv_1 if event.argv_1 != '' else '-',
event.argv_2 if event.argv_2 != '' else '-',
))
def print_event(cpu, data, size):
event = b["events"].event(data)
if (args.failed and (event.ret >= 0)):
return
printb(b"%-9s %-6d %-16s %-4d %-6d %d" %
(strftime("%H:%M:%S").encode('ascii'), event.pid, event.comm,
event.sig, event.tpid, event.ret))
def print_reaper_stats():
print("Reaper stats:")
count_by_ns = bpf["count_by_ns"]
for k, v in sorted(count_by_ns.items(), key=lambda kv: -kv[1].value):
if k.value == 0xffffffff:
continue
printb(b"%-6d %-15s %8d" % (k.value, comm_for_pid(k.value), v.value))
print("")
count_by_ns.clear()
def print_data(cpu, data, size):
global start
event = b["result"].event(data)
if start == 0:
start = event.ts
ts = event.ts - start
printb(
b"At time %.2f s: multiple syncs detected, last %s ms ago, count %d" %
(ts, event.delta, event.count))
def format_printer(queue, num, interval):
#global tx_queue, rx_queue, print_interval
# duration = (end_time - start_time)
duration = interval + 0.0
if duration == 0.0:
exit()
# --- format ---
COL_WIDTH = 10
LEN1 = 64
LEN2 = 512
LEN3 = 2048
LEN4 = 16384
#---------------- table for tx ---------------
# table header
headers = [
"QueueID", "BPS", "PPS", "avg_size", "[0, 64)", "[64, 512)",
"[512, 2K)", "[2K, 16K)", "[16K, 64K)"
]
for hd in headers:
print(hd.center(COL_WIDTH)),
print
# contents
tlen = 0
tpkg = 0
t_groups = [0] * LENs
for i in range(num):
len_cnt = queue['len_cnt'][i]
pkg = queue['pkg_cnt'][i]
group = queue['size_group'][i]
t_groups = [(t_groups[k] + group[k]) for k in range(LENs)]
tlen += len_cnt
tpkg += pkg
if pkg != 0:
avg_size = len_cnt / pkg
else:
avg_size = 0
printb(b"%5d %11.2f %10.2f %10d %10d %10d %10d %10d %10d" %
(i, len_cnt / duration, pkg / duration, avg_size, group[0],
group[1], group[2], group[3], group[4]))
if tpkg > 0:
t_avg = tlen / tpkg
else:
t_avg = 0
printb(b" Total %10.2f %10.2f %10d %10d %10d %10d %10d %10d" %
(tlen / duration, tpkg / duration, t_avg, t_groups[0], t_groups[1],
t_groups[2], t_groups[3], t_groups[4]))
print
def print_tcpreset_event(cpu, data, size):
event = b["tcpreset_ipv4_events"].event(data)
printb(b"%-6d %-6d %-16s %-6d %-16s %-6d" % (
event.uid,
event.pid,
inet_ntop(AF_INET, pack("I", event.daddr)).encode(),
event.dport,
inet_ntop(AF_INET, pack("I", event.saddr)).encode(),
event.sport,
))
def print_count_stats():
data = bpf["data"]
print("[%s]" % strftime("%H:%M:%S"))
print("%-22s %8s" % (agg_colname, "COUNT"))
for k, v in sorted(data.items(), key=lambda kv: -kv[1].value)[:args.top]:
if k.value == 0xFFFFFFFF:
continue # happens occasionally, we don't need it
printb(b"%-22s %8d" % (agg_colval(k), v.value))
print("")
data.clear()
def print_count_stats():
data = bpf["data"]
print("[%s]" % strftime("%H:%M:%S"))
print("%-22s %8s" % ("SYSCALL", "COUNT"))
for k, v in sorted(data.items(), key=lambda kv: -kv[1].value)[:args.top]:
if k.value == 0xFFFFFFFF:
continue # happens occasionally, we don't need it
printb(b"%-22s %8d" % (syscall_name(k.value % 10000), v.value))
print("")
data.clear()
def print_latency_stats():
data = b["data"]
print("[%s]" % strftime("%H:%M:%S"))
print("%-22s %8s" % (agg_colname, "COUNT"))
for k, v in sorted(data.items(), key=lambda kv: -kv[1].total_ns):
if k.value == 0xFFFFFFFF:
continue
printb(b"%-22s %8d %16.3f" %
(agg_colval(k), v.count, v.total_ns / 1e3))
print("")
data.clear()
def print_ipv6_event(cpu, data, size):
event = b["ipv6_events"].event(data)
global start_ts
if args.timestamp:
if start_ts == 0:
start_ts = event.ts_us
print("%-9.3f" % ((float(event.ts_us) - start_ts) / 1000000), end="")
printb(b"%-6d %-12.12s %-2d %-16s %-16s %-4d" %
(event.pid, event.task, event.ip, inet_ntop(
AF_INET6, event.daddr).encode(), inet_ntop(
AF_INET6, event.saddr).encode(), event.lport))
def print_ipv6_event(cpu, data, size):
event = ct.cast(data, ct.POINTER(Data_ipv6)).contents
global start_ts
if args.timestamp:
if start_ts == 0:
start_ts = event.ts_us
print("%-9.3f" % ((float(event.ts_us) - start_ts) / 1000000), end="")
printb(b"%-6d %-12.12s %-2d %-16s %-16s %-4d" %
(event.pid, event.task.decode('utf-8', 'replace'), event.ip,
inet_ntop(AF_INET6, event.daddr), inet_ntop(
AF_INET6, event.saddr), event.lport))
def print_event(cpu, data, size):
wrapper_obj = ct.cast(data, ct.POINTER(wrapper_class)).contents
data += ct.sizeof(ct.c_ulong) + ct.sizeof(ct.c_int)
event = b["events"].event(data)
event.__raw_bpf_ts = wrapper_obj.__raw_bpf_ts
printb(b"%-18d %-18d %-16s %-6d %s" %
(event.__raw_bpf_ts, event.ts, event.comm, event.pid,
b"Hello, perf_output!"))
def print_event(cpu, data, size):
global initial_ts
event = b["events"].event(data)
if not initial_ts:
initial_ts = event.ts
delta = event.ts - initial_ts
print("%-18.2f" % (float(delta) / 1000000), end="")
print("%-30lx" % event.dev, end="")
printb(b'%s' % event.name)
def print_ipv6_event(cpu, data, size):
event = b["ipv6_events"].event(data)
global start_ts
if args.timestamp:
if start_ts == 0:
start_ts = event.ts_us
print("%-9.3f" % ((float(event.ts_us) - start_ts) / 1000000), end="")
printb(b"%-6d %-12.12s %-2d %-16s %-16s %-4d" % (event.pid,
event.task, event.ip,
inet_ntop(AF_INET6, event.daddr).encode(),
inet_ntop(AF_INET6, event.saddr).encode(),
event.lport))
def print_ipv6_event(cpu, data, size):
event = ct.cast(data, ct.POINTER(Data_ipv6)).contents
global start_ts
if args.timestamp:
if start_ts == 0:
start_ts = event.ts_us
print("%-9.3f" % ((float(event.ts_us) - start_ts) / 1000000), end="")
printb(b"%-6d %-12.12s %-2d %-16s %-16s %-6d %-8d %-11d" %
(event.pid, event.task, event.ip, inet_ntop(
AF_INET6, event.daddr).encode(), inet_ntop(
AF_INET6, event.saddr).encode(), event.lport, event.backlog,
event.max_backlog))
def print_ipv4_event(cpu, data, size):
event = ct.cast(data, ct.POINTER(Data_ipv4)).contents
global start_ts
if args.timestamp:
if start_ts == 0:
start_ts = event.ts_us
print("%-9.3f" % ((float(event.ts_us) - start_ts) / 1000000), end="")
if args.print_uid:
print("%-6d" % event.uid, end="")
printb(b"%-6d %-12.12s %-2d %-16s %-16s %-4d" % (event.pid,
event.task, event.ip,
inet_ntop(AF_INET, pack("I", event.saddr)).encode(),
inet_ntop(AF_INET, pack("I", event.daddr)).encode(), event.dport))
def print_latency_stats():
data = bpf["data"]
print("[%s]" % strftime("%H:%M:%S"))
print("%-22s %8s %16s" % (agg_colname, "COUNT", time_colname))
for k, v in sorted(data.items(),
key=lambda kv: -kv[1].total_ns)[:args.top]:
if k.value == 0xFFFFFFFF:
continue # happens occasionally, we don't need it
printb((b"%-22s %8d " + (b"%16.6f" if args.milliseconds else b"%16.3f")) %
(agg_colval(k), v.count,
v.total_ns / (1e6 if args.milliseconds else 1e3)))
print("")
data.clear()
def print_latency_stats():
data = bpf["data"]
print("[%s]" % strftime("%H:%M:%S"))
print("%-22s %8s %16s" % (agg_colname, "COUNT", time_colname))
for k, v in sorted(data.items(),
key=lambda kv: -kv[1].total_ns)[:args.top]:
if k.value == 0xFFFFFFFF:
continue # happens occasionally, we don't need it
printb((b"%-22s %8d " + (b"%16.6f" if args.milliseconds else b"%16.3f")) %
(agg_colval(k), v.count,
v.total_ns / (1e6 if args.milliseconds else 1e3)))
print("")
data.clear()
def print_ipv4_event(cpu, data, size):
event = b["ipv4_events"].event(data)
global start_ts
if args.time:
print("%-9s" % strftime("%H:%M:%S"), end="")
if args.timestamp:
if start_ts == 0:
start_ts = event.ts_us
print("%-9.3f" % ((float(event.ts_us) - start_ts) / 1000000), end="")
printb(b"%-7d %-12.12s %-2d %-16s %-5d %-16s %-5d" % (event.pid,
event.task, event.ip,
inet_ntop(AF_INET, pack("I", event.daddr)).encode(),
event.dport,
inet_ntop(AF_INET, pack("I", event.saddr)).encode(),
event.lport))
def print_event(cpu, data, size):
event = b["events"].event(data)
global initial_ts
# split return value into FD and errno columns
if event.ret >= 0:
fd_s = event.ret
err = 0
else:
fd_s = -1
err = - event.ret
if not initial_ts:
initial_ts = event.ts
if args.failed and (event.ret >= 0):
return
if args.name and bytes(args.name) not in event.comm:
return
if args.timestamp:
delta = event.ts - initial_ts
print("%-14.9f" % (float(delta) / 1000000), end="")
if args.print_uid:
print("%-6d" % event.uid, end="")
print("%-6d %-16s %4d %3d " %
(event.id & 0xffffffff if args.tid else event.id >> 32,
event.comm.decode('utf-8', 'replace'), fd_s, err), end="")
if args.extended_fields:
print("%08o " % event.flags, end="")
printb(b'%s' % event.fname)
def print_ipv4_event(cpu, data, size):
event = b["ipv4_events"].event(data)
global start_ts
if args.timestamp:
if start_ts == 0:
start_ts = event.ts_us
printb(b"%-9.3f" % ((float(event.ts_us) - start_ts) / 1000000), nl="")
if args.print_uid:
printb(b"%-6d" % event.uid, nl="")
printb(b"%-6d %-12.12s %-2d %-16s %-16s %-4d" % (event.pid,
event.task, event.ip,
inet_ntop(AF_INET, pack("I", event.saddr)).encode(),
inet_ntop(AF_INET, pack("I", event.daddr)).encode(), event.dport))
req->cmd_flags, delta / 1000);
start.delete(&req);
}
}
""")
b.attach_kprobe(event="blk_start_request", fn_name="trace_start")
b.attach_kprobe(event="blk_mq_start_request", fn_name="trace_start")
b.attach_kprobe(event="blk_account_io_completion", fn_name="trace_completion")
# header
print("%-18s %-2s %-7s %8s" % ("TIME(s)", "T", "BYTES", "LAT(ms)"))
# format output
while 1:
try:
(task, pid, cpu, flags, ts, msg) = b.trace_fields()
(bytes_s, bflags_s, us_s) = msg.split()
if int(bflags_s, 16) & REQ_WRITE:
type_s = b"W"
elif bytes_s == "0": # see blk_fill_rwbs() for logic
type_s = b"M"
else:
type_s = b"R"
ms = float(int(us_s, 10)) / 1000
printb(b"%-18.9f %-2s %-7s %8.2f" % (ts, type_s, bytes_s, ms))
except KeyboardInterrupt:
exit()
# check for an ENOMEM error
if k.w_k_stack_id == -errno.ENOMEM:
missing_stacks += 1
continue
waker_kernel_stack = [] if k.w_k_stack_id < 1 else \
reversed(list(stack_traces.walk(k.w_k_stack_id))[1:])
if folded:
# print folded stack output
line = \
[k.waker] + \
[b.ksym(addr)
for addr in reversed(list(waker_kernel_stack))] + \
[k.target]
printb(b"%s %d" % (b";".join(line), v.value))
else:
# print default multi-line stack output
printb(b" %-16s %s" % (b"target:", k.target))
for addr in waker_kernel_stack:
printb(b" %-16x %s" % (addr, b.ksym(addr)))
printb(b" %-16s %s" % (b"waker:", k.waker))
print(" %d\n" % v.value)
counts.clear()
if missing_stacks > 0:
enomem_str = " Consider increasing --stack-storage-size."
print("WARNING: %d stack traces could not be displayed.%s" %
(missing_stacks, enomem_str),
file=stderr)
#
# This is a Hello World example that formats output as fields.
from bcc import BPF
from bcc.utils import printb
# define BPF program
prog = """
int hello(void *ctx) {
bpf_trace_printk("Hello, World!\\n");
return 0;
}
"""
# load BPF program
b = BPF(text=prog)
b.attach_kprobe(event=b.get_syscall_fnname("clone"), fn_name="hello")
# header
print("%-18s %-16s %-6s %s" % ("TIME(s)", "COMM", "PID", "MESSAGE"))
# format output
while 1:
try:
(task, pid, cpu, flags, ts, msg) = b.trace_fields()
except ValueError:
continue
except KeyboardInterrupt:
exit()
printb(b"%-18.9f %-16s %-6d %s" % (ts, task, pid, msg))
if (tsp != 0) {
delta = bpf_ktime_get_ns() - *tsp;
if (delta < 1000000000) {
// output if time is less than 1 second
bpf_trace_printk("%d\\n", delta / 1000000);
}
last.delete(&key);
}
// update stored timestamp
ts = bpf_ktime_get_ns();
last.update(&key, &ts);
return 0;
}
""")
b.attach_kprobe(event=b.get_syscall_fnname("sync"), fn_name="do_trace")
print("Tracing for quick sync's... Ctrl-C to end")
# format output
start = 0
while 1:
try:
(task, pid, cpu, flags, ts, ms) = b.trace_fields()
if start == 0:
start = ts
ts = ts - start
printb(b"At time %.2f s: multiple syncs detected, last %s ms ago" % (ts, ms))
except KeyboardInterrupt:
exit()
try:
sleep(interval)
except KeyboardInterrupt:
exiting = 1
# header
if clear:
call("clear")
else:
print()
with open(loadavg) as stats:
print("%-8s loadavg: %s" % (strftime("%H:%M:%S"), stats.read()))
print("%-32s %6s %10s" % ("CACHE", "ALLOCS", "BYTES"))
# by-TID output
counts = b.get_table("counts")
line = 0
for k, v in reversed(sorted(counts.items(),
key=lambda counts: counts[1].size)):
printb(b"%-32s %6d %10d" % (k.name, v.count, v.size))
line += 1
if line >= maxrows:
break
counts.clear()
countdown -= 1
if exiting or countdown == 0:
print("Detaching...")
exit()
def inet_ntoa(addr): dq = b'' for i in range(0, 4): dq = dq + str(addr & 0xff).encode() if (i != 3): dq = dq + b'.' addr = addr >> 8 return dq # filter and format output while 1: # Read messages from kernel pipe try: (task, pid, cpu, flags, ts, msg) = b.trace_fields() (_tag, saddr_hs, daddr_hs, dport_s) = msg.split(b" ") except ValueError: # Ignore messages from other tracers continue except KeyboardInterrupt: exit() # Ignore messages from other tracers if _tag != "trace_tcp4connect": continue printb(b"%-6d %-12.12s %-16s %-16s %-4s" % (pid, task, inet_ntoa(int(saddr_hs, 16)), inet_ntoa(int(daddr_hs, 16)), dport_s))
