tools: syscount: add --errno=EPERM filter

Similar to `--filter` which reports all failing syscalls,
`--errno=ENOENT` reports syscalls failing with the specified errno value.

```
$ sudo bcc/tools/syscount.py -e ENOENT
Tracing syscalls, printing top 10... Ctrl+C to quit.
^C[12:07:13]
SYSCALL                   COUNT
open                        330
stat                        240
access                       63
execve                       22
readlink                      3
```
parent fe86aee7
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
.SH NAME .SH NAME
syscount \- Summarize syscall counts and latencies. syscount \- Summarize syscall counts and latencies.
.SH SYNOPSIS .SH SYNOPSIS
.B syscount [-h] [-p PID] [-i INTERVAL] [-T TOP] [-x] [-L] [-m] [-P] [-l] .B syscount [-h] [-p PID] [-i INTERVAL] [-T TOP] [-x] [-e ERRNO] [-L] [-m] [-P] [-l]
.SH DESCRIPTION .SH DESCRIPTION
This tool traces syscall entry and exit tracepoints and summarizes either the This tool traces syscall entry and exit tracepoints and summarizes either the
number of syscalls of each type, or the number of syscalls per process. It can number of syscalls of each type, or the number of syscalls per process. It can
...@@ -29,6 +29,9 @@ Print only this many entries. Default: 10. ...@@ -29,6 +29,9 @@ Print only this many entries. Default: 10.
\-x \-x
Trace only failed syscalls (i.e., the return value from the syscall was < 0). Trace only failed syscalls (i.e., the return value from the syscall was < 0).
.TP .TP
\-e ERRNO
Trace only syscalls that failed with that error (e.g. -e EPERM or -e 1).
.TP
\-m \-m
Display times in milliseconds. Default: microseconds. Display times in milliseconds. Default: microseconds.
.TP .TP
...@@ -53,6 +56,10 @@ Summarize only failed syscalls: ...@@ -53,6 +56,10 @@ Summarize only failed syscalls:
# #
.B syscount \-x .B syscount \-x
.TP .TP
Summarize only syscalls that failed with EPERM:
#
.B syscount \-e EPERM
.TP
Trace PID 181 only: Trace PID 181 only:
# #
.B syscount \-p 181 .B syscount \-p 181
......
...@@ -12,6 +12,7 @@ ...@@ -12,6 +12,7 @@
from bcc import BPF from bcc import BPF
from time import sleep, strftime from time import sleep, strftime
import argparse import argparse
import errno
import itertools import itertools
import subprocess import subprocess
import sys import sys
...@@ -368,6 +369,19 @@ except Exception as e: ...@@ -368,6 +369,19 @@ except Exception as e:
else: else:
raise Exception("ausyscall: command not found") raise Exception("ausyscall: command not found")
def handle_errno(errstr):
try:
return abs(int(errstr))
except ValueError:
pass
try:
return getattr(errno, errstr)
except AttributeError:
raise argparse.ArgumentTypeError("couldn't map %s to an errno" % errstr)
parser = argparse.ArgumentParser( parser = argparse.ArgumentParser(
description="Summarize syscall counts and latencies.") description="Summarize syscall counts and latencies.")
parser.add_argument("-p", "--pid", type=int, help="trace only this pid") parser.add_argument("-p", "--pid", type=int, help="trace only this pid")
...@@ -377,6 +391,8 @@ parser.add_argument("-T", "--top", type=int, default=10, ...@@ -377,6 +391,8 @@ parser.add_argument("-T", "--top", type=int, default=10,
help="print only the top syscalls by count or latency") help="print only the top syscalls by count or latency")
parser.add_argument("-x", "--failures", action="store_true", parser.add_argument("-x", "--failures", action="store_true",
help="trace only failed syscalls (return < 0)") help="trace only failed syscalls (return < 0)")
parser.add_argument("-e", "--errno", type=handle_errno,
help="trace only syscalls that return this error (numeric or EPERM, etc.)")
parser.add_argument("-L", "--latency", action="store_true", parser.add_argument("-L", "--latency", action="store_true",
help="collect syscall latency") help="collect syscall latency")
parser.add_argument("-m", "--milliseconds", action="store_true", parser.add_argument("-m", "--milliseconds", action="store_true",
...@@ -433,6 +449,11 @@ TRACEPOINT_PROBE(raw_syscalls, sys_exit) { ...@@ -433,6 +449,11 @@ TRACEPOINT_PROBE(raw_syscalls, sys_exit) {
return 0; return 0;
#endif #endif
#ifdef FILTER_ERRNO
if (args->ret != -FILTER_ERRNO)
return 0;
#endif
#ifdef BY_PROCESS #ifdef BY_PROCESS
u32 key = pid_tgid >> 32; u32 key = pid_tgid >> 32;
#else #else
...@@ -461,6 +482,8 @@ if args.pid: ...@@ -461,6 +482,8 @@ if args.pid:
text = ("#define FILTER_PID %d\n" % args.pid) + text text = ("#define FILTER_PID %d\n" % args.pid) + text
if args.failures: if args.failures:
text = "#define FILTER_FAILED\n" + text text = "#define FILTER_FAILED\n" + text
if args.errno:
text = "#define FILTER_ERRNO %d\n" % abs(args.errno) + text
if args.latency: if args.latency:
text = "#define LATENCY\n" + text text = "#define LATENCY\n" + text
if args.process: if args.process:
......
...@@ -106,10 +106,43 @@ access 1 ...@@ -106,10 +106,43 @@ access 1
pause 1 pause 1
^C ^C
Similar to -x/--failures, sometimes you only care about certain syscall
errors like EPERM or ENONET -- these are the ones that might be worth
investigating with follow-up tools like opensnoop, execsnoop, or
trace. Use the -e/--errno switch for this; the following example also
demonstrates the -e switch, for printing ENOENT failures at predefined intervals:
# syscount -e ENOENT -i 5
Tracing syscalls, printing top 10... Ctrl+C to quit.
[13:15:57]
SYSCALL COUNT
stat 4669
open 1951
access 561
lstat 62
openat 42
readlink 8
execve 4
newfstatat 1
[13:16:02]
SYSCALL COUNT
lstat 18506
stat 13087
open 2907
access 412
openat 19
readlink 12
execve 7
connect 6
unlink 1
rmdir 1
^C
USAGE: USAGE:
# syscount -h # syscount -h
usage: syscount.py [-h] [-p PID] [-i INTERVAL] [-T TOP] [-x] [-L] [-m] [-P] usage: syscount.py [-h] [-p PID] [-i INTERVAL] [-T TOP] [-x] [-e ERRNO] [-L]
[-l] [-m] [-P] [-l]
Summarize syscall counts and latencies. Summarize syscall counts and latencies.
...@@ -120,6 +153,9 @@ optional arguments: ...@@ -120,6 +153,9 @@ optional arguments:
print summary at this interval (seconds) print summary at this interval (seconds)
-T TOP, --top TOP print only the top syscalls by count or latency -T TOP, --top TOP print only the top syscalls by count or latency
-x, --failures trace only failed syscalls (return < 0) -x, --failures trace only failed syscalls (return < 0)
-e ERRNO, --errno ERRNO
trace only syscalls that return this error (numeric or
EPERM, etc.)
-L, --latency collect syscall latency -L, --latency collect syscall latency
-m, --milliseconds display latency in milliseconds (default: -m, --milliseconds display latency in milliseconds (default:
microseconds) microseconds)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment