Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
B
bcc
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
bcc
Commits
44b4b5ff
Commit
44b4b5ff
authored
Jul 13, 2016
by
Mark Drayton
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
dcsnoop: use PERF_EVENT_OUTPUT
parent
1e45e67a
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
59 additions
and
19 deletions
+59
-19
tools/dcsnoop.py
tools/dcsnoop.py
+59
-19
No files found.
tools/dcsnoop.py
View file @
44b4b5ff
...
@@ -23,7 +23,9 @@
...
@@ -23,7 +23,9 @@
from
__future__
import
print_function
from
__future__
import
print_function
from
bcc
import
BPF
from
bcc
import
BPF
import
argparse
import
argparse
import
ctypes
as
ct
import
re
import
re
import
time
# arguments
# arguments
examples
=
"""examples:
examples
=
"""examples:
...
@@ -46,12 +48,26 @@ bpf_text = """
...
@@ -46,12 +48,26 @@ bpf_text = """
#define MAX_FILE_LEN 64
#define MAX_FILE_LEN 64
enum lookup_type {
LOOKUP_MISS,
LOOKUP_REFERENCE,
};
struct entry_t {
struct entry_t {
char name[MAX_FILE_LEN];
char name[MAX_FILE_LEN];
};
};
BPF_HASH(entrybypid, u32, struct entry_t);
BPF_HASH(entrybypid, u32, struct entry_t);
struct data_t {
u32 pid;
enum lookup_type type;
char comm[TASK_COMM_LEN];
char filename[MAX_FILE_LEN];
};
BPF_PERF_OUTPUT(events);
/* from fs/namei.c: */
/* from fs/namei.c: */
struct nameidata {
struct nameidata {
struct path path;
struct path path;
...
@@ -59,9 +75,22 @@ struct nameidata {
...
@@ -59,9 +75,22 @@ struct nameidata {
// [...]
// [...]
};
};
static inline
void submit_event(struct pt_regs *ctx, void *name, int type, u32 pid)
{
struct data_t data = {
.pid = pid,
.type = type,
};
bpf_get_current_comm(&data.comm, sizeof(data.comm));
bpf_probe_read(&data.filename, sizeof(data.filename), name);
events.perf_submit(ctx, &data, sizeof(data));
}
int trace_fast(struct pt_regs *ctx, struct nameidata *nd, struct path *path)
int trace_fast(struct pt_regs *ctx, struct nameidata *nd, struct path *path)
{
{
bpf_trace_printk("R %s
\
\
n", nd->last.name);
u32 pid = bpf_get_current_pid_tgid();
submit_event(ctx, (void *)nd->last.name, LOOKUP_REFERENCE, pid);
return 1;
return 1;
}
}
...
@@ -83,36 +112,47 @@ int kretprobe__d_lookup(struct pt_regs *ctx)
...
@@ -83,36 +112,47 @@ int kretprobe__d_lookup(struct pt_regs *ctx)
u32 pid = bpf_get_current_pid_tgid();
u32 pid = bpf_get_current_pid_tgid();
struct entry_t *ep;
struct entry_t *ep;
ep = entrybypid.lookup(&pid);
ep = entrybypid.lookup(&pid);
if (ep == 0) {
if (ep == 0 || PT_REGS_RC(ctx) != 0) {
return 0; // missed entry
return 0; // missed entry or lookup didn't fail
}
if (PT_REGS_RC(ctx) == 0) {
bpf_trace_printk("M %s
\
\
n", ep->name);
}
}
submit_event(ctx, (void *)ep->name, LOOKUP_MISS, pid);
entrybypid.delete(&pid);
entrybypid.delete(&pid);
return 0;
return 0;
}
}
"""
"""
TASK_COMM_LEN
=
16
# linux/sched.h
MAX_FILE_LEN
=
64
# see inline C
class
Data
(
ct
.
Structure
):
_fields_
=
[
(
"pid"
,
ct
.
c_uint
),
(
"type"
,
ct
.
c_int
),
(
"comm"
,
ct
.
c_char
*
TASK_COMM_LEN
),
(
"filename"
,
ct
.
c_char
*
MAX_FILE_LEN
),
]
# initialize BPF
# initialize BPF
b
=
BPF
(
text
=
bpf_text
)
b
=
BPF
(
text
=
bpf_text
)
if
args
.
all
:
if
args
.
all
:
b
.
attach_kprobe
(
event
=
"lookup_fast"
,
fn_name
=
"trace_fast"
)
b
.
attach_kprobe
(
event
=
"lookup_fast"
,
fn_name
=
"trace_fast"
)
# header
mode_s
=
{
print
(
"%-11s %-6s %-16s %1s %s"
%
(
"TIME(s)"
,
"PID"
,
"COMM"
,
"T"
,
"FILE"
))
0
:
'M'
,
1
:
'R'
,
}
start_ts
=
0
start_ts
=
time
.
time
()
# format output
def
print_event
(
cpu
,
data
,
size
):
while
1
:
event
=
ct
.
cast
(
data
,
ct
.
POINTER
(
Data
)).
contents
(
task
,
pid
,
cpu
,
flags
,
ts
,
msg
)
=
b
.
trace_fields
()
print
(
"%-11.6f %-6d %-16s %1s %s"
%
(
try
:
time
.
time
()
-
start_ts
,
event
.
pid
,
event
.
comm
,
mode_s
[
event
.
type
],
(
type
,
file
)
=
msg
.
split
(
" "
,
1
)
event
.
filename
))
except
ValueError
:
continue
if
start_ts
==
0
:
# header
start_ts
=
ts
print
(
"%-11s %-6s %-16s %1s %s"
%
(
"TIME(s)"
,
"PID"
,
"COMM"
,
"T"
,
"FILE"
))
print
(
"%-11.6f %-6s %-16s %1s %s"
%
(
ts
-
start_ts
,
pid
,
task
,
type
,
file
))
b
[
"events"
].
open_perf_buffer
(
print_event
)
while
1
:
b
.
kprobe_poll
()
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment