Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
B
bcc
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
bcc
Commits
29dbddaa
Commit
29dbddaa
authored
Feb 19, 2016
by
mcaleavya
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
migrated to use bpf_perf_events
parent
cfc31503
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
65 additions
and
4 deletions
+65
-4
man/man8/syncsnoop.8
man/man8/syncsnoop.8
+4
-0
tools/old/syncsnoop.py
tools/old/syncsnoop.py
+31
-0
tools/syncsnoop.py
tools/syncsnoop.py
+30
-4
No files found.
man/man8/syncsnoop.8
View file @
29dbddaa
...
@@ -11,6 +11,10 @@ be useful to know if they are happening and how frequently.
...
@@ -11,6 +11,10 @@ be useful to know if they are happening and how frequently.
This works by tracing the kernel sys_sync() function using dynamic tracing, and
This works by tracing the kernel sys_sync() function using dynamic tracing, and
will need updating to match any changes to this function.
will need updating to match any changes to this function.
This makes use of a Linux 4.5 feature (bpf_perf_event_output());
for kernels older than 4.5, see the version under tools/old,
which uses an older mechanism.
This program is also a basic example of eBPF/bcc.
This program is also a basic example of eBPF/bcc.
Since this uses BPF, only the root user can use this tool.
Since this uses BPF, only the root user can use this tool.
...
...
tools/old/syncsnoop.py
0 → 100755
View file @
29dbddaa
#!/usr/bin/python
# @lint-avoid-python-3-compatibility-imports
#
# syncsnoop Trace sync() syscall.
# For Linux, uses BCC, eBPF. Embedded C.
#
# Written as a basic example of BCC trace & reformat. See
# examples/hello_world.py for a BCC trace with default output example.
#
# Copyright (c) 2015 Brendan Gregg.
# Licensed under the Apache License, Version 2.0 (the "License")
#
# 13-Aug-2015 Brendan Gregg Created this.
from
__future__
import
print_function
from
bcc
import
BPF
# load BPF program
b
=
BPF
(
text
=
"""
void kprobe__sys_sync(void *ctx) {
bpf_trace_printk("sync()
\
\
n");
};
"""
)
# header
print
(
"%-18s %s"
%
(
"TIME(s)"
,
"CALL"
))
# format output
while
1
:
(
task
,
pid
,
cpu
,
flags
,
ts
,
msg
)
=
b
.
trace_fields
()
print
(
"%-18.9f %s"
%
(
ts
,
msg
))
tools/syncsnoop.py
View file @
29dbddaa
...
@@ -11,21 +11,47 @@
...
@@ -11,21 +11,47 @@
# Licensed under the Apache License, Version 2.0 (the "License")
# Licensed under the Apache License, Version 2.0 (the "License")
#
#
# 13-Aug-2015 Brendan Gregg Created this.
# 13-Aug-2015 Brendan Gregg Created this.
# 19-Feb-2016 Allan McAleavy migrated to BPF_PERF_OUTPUT
from
__future__
import
print_function
from
__future__
import
print_function
from
bcc
import
BPF
from
bcc
import
BPF
import
ctypes
as
ct
# load BPF program
# load BPF program
b
=
BPF
(
text
=
"""
b
=
BPF
(
text
=
"""
#include <linux/string.h>
struct data_t {
u64 ts;
char msg[6];
};
BPF_PERF_OUTPUT(events);
void kprobe__sys_sync(void *ctx) {
void kprobe__sys_sync(void *ctx) {
bpf_trace_printk("sync()
\
\
n");
struct data_t data = {};
data.ts = bpf_ktime_get_ns();
data.ts = data.ts / 1000;
strcpy(data.msg,"Sync()");
events.perf_submit(ctx, &data, sizeof(data));
};
};
"""
)
"""
)
class
Data
(
ct
.
Structure
):
_fields_
=
[
(
"ts"
,
ct
.
c_ulonglong
),
(
"msg"
,
ct
.
c_char
*
6
)
]
# header
# header
print
(
"%-18s %s"
%
(
"TIME(s)"
,
"CALL"
))
print
(
"%-18s %s"
%
(
"TIME(s)"
,
"CALL"
))
# format output
# process event
def
print_event
(
cpu
,
data
,
size
):
event
=
ct
.
cast
(
data
,
ct
.
POINTER
(
Data
)).
contents
print
(
"%-18.9f %s"
%
(
float
(
event
.
ts
)
/
1000000
,
event
.
msg
))
# loop with callback to print_event
b
[
"events"
].
open_perf_buffer
(
print_event
)
while
1
:
while
1
:
(
task
,
pid
,
cpu
,
flags
,
ts
,
msg
)
=
b
.
trace_fields
()
b
.
kprobe_poll
()
print
(
"%-18.9f %s"
%
(
ts
,
msg
))
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment