Commit 06f3b9a7 authored by 4ast's avatar 4ast

Merge pull request #386 from brendangregg/master

inline C in /tools
parents b712c66a b90bbab6
/*
* pidpersec.c Count new processes (via fork).
* For Linux, uses BCC, eBPF. See the Python front-end.
*
* USAGE: pidpersec.py
*
* Copyright (c) 2015 Brendan Gregg.
* This program is free software; you can redistribute it and/or
* modify it under the terms of version 2 of the GNU General Public
* License as published by the Free Software Foundation.
*
* 11-Aug-2015 Brendan Gregg Created this.
*/
#include <uapi/linux/ptrace.h>
enum stat_types {
S_COUNT = 1,
S_MAXSTAT
};
BPF_TABLE("array", int, u64, stats, S_MAXSTAT + 1);
void stats_increment(int key) {
u64 *leaf = stats.lookup(&key);
if (leaf) (*leaf)++;
}
void do_count(struct pt_regs *ctx) { stats_increment(S_COUNT); }
...@@ -18,7 +18,23 @@ from ctypes import c_int ...@@ -18,7 +18,23 @@ from ctypes import c_int
from time import sleep, strftime from time import sleep, strftime
# load BPF program # load BPF program
b = BPF(src_file="pidpersec.c") b = BPF(text="""
#include <uapi/linux/ptrace.h>
enum stat_types {
S_COUNT = 1,
S_MAXSTAT
};
BPF_TABLE("array", int, u64, stats, S_MAXSTAT + 1);
void stats_increment(int key) {
u64 *leaf = stats.lookup(&key);
if (leaf) (*leaf)++;
}
void do_count(struct pt_regs *ctx) { stats_increment(S_COUNT); }
""")
b.attach_kprobe(event="sched_fork", fn_name="do_count") b.attach_kprobe(event="sched_fork", fn_name="do_count")
# stat indexes # stat indexes
......
/*
* vfscount.c Count some VFS calls.
* For Linux, uses BCC, eBPF. See the Python front-end.
*
* USAGE: vfscount.py
*
* Copyright (c) 2015 Brendan Gregg.
* This program is free software; you can redistribute it and/or
* modify it under the terms of version 2 of the GNU General Public
* License as published by the Free Software Foundation.
*
* 14-Aug-2015 Brendan Gregg Created this.
*/
#include <uapi/linux/ptrace.h>
struct key_t {
u64 ip;
};
BPF_TABLE("hash", struct key_t, u64, counts, 256);
int do_count(struct pt_regs *ctx) {
struct key_t key = {};
u64 zero = 0, *val;
key.ip = ctx->ip;
val = counts.lookup_or_init(&key, &zero);
(*val)++;
return 0;
}
...@@ -16,7 +16,24 @@ from bcc import BPF ...@@ -16,7 +16,24 @@ from bcc import BPF
from time import sleep from time import sleep
# load BPF program # load BPF program
b = BPF(src_file="vfscount.c") b = BPF(text="""
#include <uapi/linux/ptrace.h>
struct key_t {
u64 ip;
};
BPF_TABLE("hash", struct key_t, u64, counts, 256);
int do_count(struct pt_regs *ctx) {
struct key_t key = {};
u64 zero = 0, *val;
key.ip = ctx->ip;
val = counts.lookup_or_init(&key, &zero);
(*val)++;
return 0;
}
""")
b.attach_kprobe(event_re="^vfs_.*", fn_name="do_count") b.attach_kprobe(event_re="^vfs_.*", fn_name="do_count")
# header # header
......
/*
* vfsstat.c Count some VFS calls.
* For Linux, uses BCC, eBPF. See the Python front-end.
*
* USAGE: vfsstat.py [interval [count]]
*
* Copyright (c) 2015 Brendan Gregg.
* This program is free software; you can redistribute it and/or
* modify it under the terms of version 2 of the GNU General Public
* License as published by the Free Software Foundation.
*
* 14-Aug-2015 Brendan Gregg Created this.
*/
#include <uapi/linux/ptrace.h>
enum stat_types {
S_READ = 1,
S_WRITE,
S_FSYNC,
S_OPEN,
S_CREATE,
S_MAXSTAT
};
BPF_TABLE("array", int, u64, stats, S_MAXSTAT + 1);
void stats_increment(int key) {
u64 *leaf = stats.lookup(&key);
if (leaf) (*leaf)++;
}
void do_read(struct pt_regs *ctx) { stats_increment(S_READ); }
void do_write(struct pt_regs *ctx) { stats_increment(S_WRITE); }
void do_fsync(struct pt_regs *ctx) { stats_increment(S_FSYNC); }
void do_open(struct pt_regs *ctx) { stats_increment(S_OPEN); }
void do_create(struct pt_regs *ctx) { stats_increment(S_CREATE); }
...@@ -37,7 +37,31 @@ if len(argv) > 1: ...@@ -37,7 +37,31 @@ if len(argv) > 1:
usage() usage()
# load BPF program # load BPF program
b = BPF(src_file="vfsstat.c") b = BPF(text="""
#include <uapi/linux/ptrace.h>
enum stat_types {
S_READ = 1,
S_WRITE,
S_FSYNC,
S_OPEN,
S_CREATE,
S_MAXSTAT
};
BPF_TABLE("array", int, u64, stats, S_MAXSTAT + 1);
void stats_increment(int key) {
u64 *leaf = stats.lookup(&key);
if (leaf) (*leaf)++;
}
void do_read(struct pt_regs *ctx) { stats_increment(S_READ); }
void do_write(struct pt_regs *ctx) { stats_increment(S_WRITE); }
void do_fsync(struct pt_regs *ctx) { stats_increment(S_FSYNC); }
void do_open(struct pt_regs *ctx) { stats_increment(S_OPEN); }
void do_create(struct pt_regs *ctx) { stats_increment(S_CREATE); }
""")
b.attach_kprobe(event="vfs_read", fn_name="do_read") b.attach_kprobe(event="vfs_read", fn_name="do_read")
b.attach_kprobe(event="vfs_write", fn_name="do_write") b.attach_kprobe(event="vfs_write", fn_name="do_write")
b.attach_kprobe(event="vfs_fsync", fn_name="do_fsync") b.attach_kprobe(event="vfs_fsync", fn_name="do_fsync")
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment