Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
B
bcc
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
bcc
Commits
90a56d14
Commit
90a56d14
authored
Jan 28, 2016
by
Brenden Blanco
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #324 from brendangregg/master
more strlen examples
parents
03c2bc5d
0030d34c
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
113 additions
and
0 deletions
+113
-0
examples/tracing/strlen_count.py
examples/tracing/strlen_count.py
+54
-0
examples/tracing/strlen_snoop.py
examples/tracing/strlen_snoop.py
+59
-0
No files found.
examples/tracing/strlen_count.py
0 → 100755
View file @
90a56d14
#!/usr/bin/python
#
# strlen_count Trace strlen() and print a frequency count of strings.
# For Linux, uses BCC, eBPF. Embedded C.
#
# Written as a basic example of BCC and uprobes.
#
# Also see strlensnoop.
#
# Copyright 2016 Netflix, Inc.
# Licensed under the Apache License, Version 2.0 (the "License")
from
__future__
import
print_function
from
bcc
import
BPF
from
time
import
sleep
# load BPF program
b
=
BPF
(
text
=
"""
#include <uapi/linux/ptrace.h>
struct key_t {
char c[80];
};
BPF_HASH(counts, struct key_t);
int count(struct pt_regs *ctx) {
if (!ctx->si)
return 0;
struct key_t key = {};
u64 zero = 0, *val;
bpf_probe_read(&key.c, sizeof(key.c), (void *)ctx->si);
val = counts.lookup_or_init(&key, &zero);
(*val)++;
return 0;
};
"""
)
b
.
attach_uprobe
(
name
=
"c"
,
sym
=
"strlen"
,
fn_name
=
"count"
)
# header
print
(
"Tracing strlen()... Hit Ctrl-C to end."
)
# sleep until Ctrl-C
try
:
sleep
(
99999999
)
except
KeyboardInterrupt
:
pass
# print output
print
(
"%10s %s"
%
(
"COUNT"
,
"STRING"
))
counts
=
b
.
get_table
(
"counts"
)
for
k
,
v
in
sorted
(
counts
.
items
(),
key
=
lambda
counts
:
counts
[
1
].
value
):
print
(
"%10d
\
"
%s
\
"
"
%
(
v
.
value
,
k
.
c
.
encode
(
'string-escape'
)))
examples/tracing/strlen_snoop.py
0 → 100755
View file @
90a56d14
#!/usr/bin/python
#
# strlen_snoop Trace strlen() library function for a given PID.
# For Linux, uses BCC, eBPF. Embedded C.
#
# USAGE: strlensnoop PID
#
# Try running this on a separate bash shell.
#
# Written as a basic example of BCC and uprobes.
#
# Copyright 2016 Netflix, Inc.
# Licensed under the Apache License, Version 2.0 (the "License")
from
__future__
import
print_function
from
bcc
import
BPF
from
os
import
getpid
import
sys
if
len
(
sys
.
argv
)
<
2
:
print
(
"USAGE: strlensnoop PID"
)
exit
()
pid
=
sys
.
argv
[
1
]
# load BPF program
bpf_text
=
"""
#include <uapi/linux/ptrace.h>
int printarg(struct pt_regs *ctx) {
if (!ctx->si)
return 0;
u32 pid = bpf_get_current_pid_tgid();
if (pid != PID)
return 0;
char str[80] = {};
bpf_probe_read(&str, sizeof(str), (void *)ctx->si);
bpf_trace_printk("%s
\
\
n", &str);
return 0;
};
"""
bpf_text
=
bpf_text
.
replace
(
'PID'
,
pid
)
b
=
BPF
(
text
=
bpf_text
)
b
.
attach_uprobe
(
name
=
"c"
,
sym
=
"strlen"
,
fn_name
=
"printarg"
)
# header
print
(
"%-18s %-16s %-6s %s"
%
(
"TIME(s)"
,
"COMM"
,
"PID"
,
"STRLEN"
))
# format output
me
=
getpid
()
while
1
:
try
:
(
task
,
pid
,
cpu
,
flags
,
ts
,
msg
)
=
b
.
trace_fields
()
except
ValueError
:
continue
if
pid
==
me
or
msg
==
""
:
continue
print
(
"%-18.9f %-16s %-6d %s"
%
(
ts
,
task
,
pid
,
msg
))
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment