Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
B
bcc
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
bcc
Commits
0c405db0
Commit
0c405db0
authored
Jan 11, 2018
by
yonghong-song
Committed by
GitHub
Jan 11, 2018
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #1526 from luciang/master
tools: syscount: add --errno=EPERM filter
parents
fe86aee7
5426ef24
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
69 additions
and
3 deletions
+69
-3
man/man8/syscount.8
man/man8/syscount.8
+8
-1
tools/syscount.py
tools/syscount.py
+23
-0
tools/syscount_example.txt
tools/syscount_example.txt
+38
-2
No files found.
man/man8/syscount.8
View file @
0c405db0
...
...
@@ -2,7 +2,7 @@
.SH NAME
syscount \- Summarize syscall counts and latencies.
.SH SYNOPSIS
.B syscount [-h] [-p PID] [-i INTERVAL] [-T TOP] [-x] [-L] [-m] [-P] [-l]
.B syscount [-h] [-p PID] [-i INTERVAL] [-T TOP] [-x] [-
e ERRNO] [-
L] [-m] [-P] [-l]
.SH DESCRIPTION
This tool traces syscall entry and exit tracepoints and summarizes either the
number of syscalls of each type, or the number of syscalls per process. It can
...
...
@@ -29,6 +29,9 @@ Print only this many entries. Default: 10.
\-x
Trace only failed syscalls (i.e., the return value from the syscall was < 0).
.TP
\-e ERRNO
Trace only syscalls that failed with that error (e.g. -e EPERM or -e 1).
.TP
\-m
Display times in milliseconds. Default: microseconds.
.TP
...
...
@@ -53,6 +56,10 @@ Summarize only failed syscalls:
#
.B syscount \-x
.TP
Summarize only syscalls that failed with EPERM:
#
.B syscount \-e EPERM
.TP
Trace PID 181 only:
#
.B syscount \-p 181
...
...
tools/syscount.py
View file @
0c405db0
...
...
@@ -12,6 +12,7 @@
from
bcc
import
BPF
from
time
import
sleep
,
strftime
import
argparse
import
errno
import
itertools
import
subprocess
import
sys
...
...
@@ -368,6 +369,19 @@ except Exception as e:
else
:
raise
Exception
(
"ausyscall: command not found"
)
def
handle_errno
(
errstr
):
try
:
return
abs
(
int
(
errstr
))
except
ValueError
:
pass
try
:
return
getattr
(
errno
,
errstr
)
except
AttributeError
:
raise
argparse
.
ArgumentTypeError
(
"couldn't map %s to an errno"
%
errstr
)
parser
=
argparse
.
ArgumentParser
(
description
=
"Summarize syscall counts and latencies."
)
parser
.
add_argument
(
"-p"
,
"--pid"
,
type
=
int
,
help
=
"trace only this pid"
)
...
...
@@ -377,6 +391,8 @@ parser.add_argument("-T", "--top", type=int, default=10,
help
=
"print only the top syscalls by count or latency"
)
parser
.
add_argument
(
"-x"
,
"--failures"
,
action
=
"store_true"
,
help
=
"trace only failed syscalls (return < 0)"
)
parser
.
add_argument
(
"-e"
,
"--errno"
,
type
=
handle_errno
,
help
=
"trace only syscalls that return this error (numeric or EPERM, etc.)"
)
parser
.
add_argument
(
"-L"
,
"--latency"
,
action
=
"store_true"
,
help
=
"collect syscall latency"
)
parser
.
add_argument
(
"-m"
,
"--milliseconds"
,
action
=
"store_true"
,
...
...
@@ -433,6 +449,11 @@ TRACEPOINT_PROBE(raw_syscalls, sys_exit) {
return 0;
#endif
#ifdef FILTER_ERRNO
if (args->ret != -FILTER_ERRNO)
return 0;
#endif
#ifdef BY_PROCESS
u32 key = pid_tgid >> 32;
#else
...
...
@@ -461,6 +482,8 @@ if args.pid:
text
=
(
"#define FILTER_PID %d
\
n
"
%
args
.
pid
)
+
text
if
args
.
failures
:
text
=
"#define FILTER_FAILED
\
n
"
+
text
if
args
.
errno
:
text
=
"#define FILTER_ERRNO %d
\
n
"
%
abs
(
args
.
errno
)
+
text
if
args
.
latency
:
text
=
"#define LATENCY
\
n
"
+
text
if
args
.
process
:
...
...
tools/syscount_example.txt
View file @
0c405db0
...
...
@@ -106,10 +106,43 @@ access 1
pause 1
^C
Similar to -x/--failures, sometimes you only care about certain syscall
errors like EPERM or ENONET -- these are the ones that might be worth
investigating with follow-up tools like opensnoop, execsnoop, or
trace. Use the -e/--errno switch for this; the following example also
demonstrates the -e switch, for printing ENOENT failures at predefined intervals:
# syscount -e ENOENT -i 5
Tracing syscalls, printing top 10... Ctrl+C to quit.
[13:15:57]
SYSCALL COUNT
stat 4669
open 1951
access 561
lstat 62
openat 42
readlink 8
execve 4
newfstatat 1
[13:16:02]
SYSCALL COUNT
lstat 18506
stat 13087
open 2907
access 412
openat 19
readlink 12
execve 7
connect 6
unlink 1
rmdir 1
^C
USAGE:
# syscount -h
usage: syscount.py [-h] [-p PID] [-i INTERVAL] [-T TOP] [-x] [-
L] [-m] [-P
]
[-l]
usage: syscount.py [-h] [-p PID] [-i INTERVAL] [-T TOP] [-x] [-
e ERRNO] [-L
]
[-
m] [-P] [-
l]
Summarize syscall counts and latencies.
...
...
@@ -120,6 +153,9 @@ optional arguments:
print summary at this interval (seconds)
-T TOP, --top TOP print only the top syscalls by count or latency
-x, --failures trace only failed syscalls (return < 0)
-e ERRNO, --errno ERRNO
trace only syscalls that return this error (numeric or
EPERM, etc.)
-L, --latency collect syscall latency
-m, --milliseconds display latency in milliseconds (default:
microseconds)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment