1. 04 Oct, 2016 4 commits
    • Sasha Goldshtein's avatar
      argdist, trace: Native tracepoint support (#724) · 376ae5c0
      Sasha Goldshtein authored
      * Remove tracepoint.py
      
      The `Tracepoint` class which implements the necessary
      support for the tracepoint kprobe-based hack is no
      longer needed and can be removed.
      
      * argdist: Native tracepoint support
      
      This commit migrates argdist to use the native bcc/BPF
      tracepoint support instead of the hackish kprobe-
      based approach. The resulting programs are cleaner
      and likely more efficient.
      
      As a result of this change, there is a slight API
      change in how argdist is used with tracepoints. To
      access fields from the tracepoint structure, the user
      is expected to use `args->field` directly. This
      leverages most of the built-in bcc support for
      generating the tracepoint probe function.
      
      * trace: Native tracepoint support
      
      This commit migrates trace to use the native bcc/BPF
      tracepoint support instead of the hackish kprobe-
      based approach. The resulting programs are cleaner
      and likely more efficient.
      
      As with argdist, users are now expected to use the
      `args` structure pointer to access the tracepoint's
      arguments.
      
      For example:
      
      ```
      trace 't:irq:irq_handler_entry (args->irq != 27) "irq %d", args->irq'
      ```
      376ae5c0
    • Sasha Goldshtein's avatar
      argdist: Cumulative mode (-c) (#719) · d2f4762a
      Sasha Goldshtein authored
      By default, argdist now clears the histograms or freq
      count maps after each display interval. The new `-c`
      option enables cumulative mode, where maps are not
      cleared at each interval. This fixes #718.
      d2f4762a
    • Sasha Goldshtein's avatar
      trace: Print USDT arg helpers in verbose mode (#723) · f733cacf
      Sasha Goldshtein authored
      When verbose mode is enabled, ask all USDT helper
      objects to print out the argument helper functions,
      which help retrieve the argument values for each
      individual probe location. This can be useful for
      debugging probes; the helper functions are part of
      the loaded BPF program, so they need to be printed
      in verbose mode.
      f733cacf
    • Sasha Goldshtein's avatar
      argdist, trace: Support naked executable names in probes (#720) · ec679711
      Sasha Goldshtein authored
      Fixes the error message from `BPF._find_exe` which would
      occur if argdist or trace had a naked executable name
      not qualified with a path, such as:
      
      ```
      trace 'r:bash:readline "%s", retval'
      ```
      
      This is now supported again.
      ec679711
  2. 03 Oct, 2016 1 commit
  3. 01 Oct, 2016 1 commit
  4. 30 Sep, 2016 3 commits
  5. 28 Sep, 2016 2 commits
  6. 27 Sep, 2016 2 commits
    • Marco Leogrande's avatar
      Fix or hide a few warnings (#695) · d19e0cb0
      Marco Leogrande authored
      * Flag ${LLVM_INCLUDE_DIRS} as a system include directory
      
      g++ supports a -isystem switch, that can be used to mark a given
      directory as a system include directory. Warnings generated by system
      include directories are ignored by default.
      
      This commit hides a long list of warnings, like the following one,
      generated by llvm header files included from ${LLVM_INCLUDE_DIRS}:
      
       /usr/lib/llvm-3.7/include/clang/AST/APValue.h:373:44: warning:
         dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
      Signed-off-by: default avatarMarco Leogrande <marcol@plumgrid.com>
      
      * Fix 'defined but not used' warning
      
      Remove unused function from the USDT probes test.
      
      The warning was:
      
       tests/cc/test_usdt_probes.cc:59:15: warning:
         ‘size_t countsubs(const string&, const string&)’ defined but not used [-Wunused-function]
      Signed-off-by: default avatarMarco Leogrande <marcol@plumgrid.com>
      d19e0cb0
    • Sasha Goldshtein's avatar
      Fix argdist, trace, tplist to use the libbcc USDT support (#698) · 69e361ac
      Sasha Goldshtein authored
      * Allow argdist to enable USDT probes without a pid
      
      The current code would only pass the pid to the USDT
      class, thereby not allowing USDT probes to be enabled
      from the binary path only. If the probe doesn't have
      a semaphore, it can actually be enabled for all
      processes in a uniform fashion -- which is now
      supported.
      
      * Reintroduce USDT support into tplist
      
      To print USDT probe information, tplist needs an API
      to return the probe data, including the number of
      arguments and locations for each probe. This commit
      introduces this API, called bcc_usdt_foreach, and
      invokes it from the revised tplist implementation.
      
      Although the result is not 100% identical to the
      original tplist, which could also print the probe
      argument information, this is not strictly required
      for users of the argdist and trace tools, which is
      why it was omitted for now.
      
      * Fix trace.py tracepoint support
      
      Somehow, the import of the Perf class was omitted
      from tracepoint.py, which would cause failures when
      trace enables kernel tracepoints.
      
      * trace: Native bcc USDT support
      
      trace now works again by using the new bcc USDT support
      instead of the home-grown Python USDT parser. This
      required an additional change in the BPF Python API
      to allow multiple USDT context objects to be passed to
      the constructor in order to support multiple USDT
      probes in a single invocation of trace. Otherwise, the
      USDT-related code in trace was greatly simplified, and
      uses the `bpf_usdt_readarg` macros to obtain probe
      argument values.
      
      One minor inconvenience that was introduced in the bcc
      USDT API is that USDT probes with multiple locations
      that reside in a shared object *must* have a pid
      specified to enable, even if they don't have an
      associated semaphore. The reason is that the bcc USDT
      code figures out which location invoked the probe by
      inspecting `ctx->ip`, which, for shared objects, can
      only be determined when the specific process context is
      available to figure out where the shared object was
      loaded. This limitation did not previously exist,
      because instead of looking at `ctx->ip`, the Python
      USDT reader generated separate code for each probe
      location with an incrementing identifier. It's not a
      very big deal because it only means that some probes
      can't be enabled without specifying a process id, which
      is almost always desired anyway for USDT probes.
      
      argdist has not yet been retrofitted with support for
      multiple USDT probes, and needs to be updated in a
      separate commit.
      
      * argdist: Support multiple USDT probes
      
      argdist now supports multiple USDT probes, as it did
      before the transition to the native bcc USDT support.
      This requires aggregating the USDT objects from each
      probe and passing them together to the BPF constructor
      when the probes are initialized and attached.
      
      Also add a more descriptive exception message to the
      USDT class when it fails to enable a probe.
      69e361ac
  7. 26 Sep, 2016 4 commits
  8. 16 Sep, 2016 2 commits
    • Brendan Gregg's avatar
      Merge pull request #689 from chantra/tcpconnect_port · 0c8c179f
      Brendan Gregg authored
      [tcpconnect] filter traced connection based on destination ports
      0c8c179f
    • chantra's avatar
      [tcpconnect] filter traced connection based on destination ports · 52938058
      chantra authored
      Test:
      While running:
      while [ 1 ]; do nc -w 1 100.127.0.1 80; nc -w 1 100.127.0.1 81; done
      
      root@vagrant:/mnt/bcc# ./tools/tcpconnect.py
      PID    COMM         IP SADDR            DADDR            DPORT
      19978  nc           4  10.0.2.15        100.127.0.1      80
      19979  nc           4  10.0.2.15        100.127.0.1      81
      19980  nc           4  10.0.2.15        100.127.0.1      80
      19981  nc           4  10.0.2.15        100.127.0.1      81
      root@vagrant:/mnt/bcc# ./tools/tcpconnect.py  -P 80
      PID    COMM         IP SADDR            DADDR            DPORT
      19987  nc           4  10.0.2.15        100.127.0.1      80
      19989  nc           4  10.0.2.15        100.127.0.1      80
      19991  nc           4  10.0.2.15        100.127.0.1      80
      19993  nc           4  10.0.2.15        100.127.0.1      80
      19995  nc           4  10.0.2.15        100.127.0.1      80
      root@vagrant:/mnt/bcc# ./tools/tcpconnect.py  -P 80,81
      PID    COMM         IP SADDR            DADDR            DPORT
      8725   nc           4  10.0.2.15        100.127.0.1      80
      8726   nc           4  10.0.2.15        100.127.0.1      81
      8727   nc           4  10.0.2.15        100.127.0.1      80
      8728   nc           4  10.0.2.15        100.127.0.1      81
      8729   nc           4  10.0.2.15        100.127.0.1      80
      
      Fixes #681
      52938058
  9. 14 Sep, 2016 1 commit
  10. 12 Sep, 2016 1 commit
    • davidefdl's avatar
      Fix bpf log buffer for large bpf program: (#680) · 2dece10a
      davidefdl authored
      Use tempfile module to create a temp file
      
      Fix some review input
      
      Fix style check
      
      Style
      
      Style check
      
      Remove builtin module from python test to run fedora ctest
      
      Let the program calling bpf_prog_load to handle the log buffer
      
      Check max instruction before the syscall. Fix other review comment
      2dece10a
  11. 11 Sep, 2016 2 commits
  12. 10 Sep, 2016 2 commits
  13. 09 Sep, 2016 2 commits
  14. 08 Sep, 2016 2 commits
  15. 30 Aug, 2016 1 commit
  16. 29 Aug, 2016 1 commit
  17. 25 Aug, 2016 1 commit
  18. 24 Aug, 2016 5 commits
    • Brendan Gregg's avatar
      fix biosnoop after kernel change · 0d4d0bff
      Brendan Gregg authored
      0d4d0bff
    • Brendan Gregg's avatar
      Merge pull request #674 from markdrayton/offcputime · 2aefbef9
      Brendan Gregg authored
      offcputime improvements: use less RAM, add PID/TID support
      2aefbef9
    • Mark Drayton's avatar
    • Brenden Blanco's avatar
      Merge pull request #670 from iamkafai/perf_submit_skb · 96483d48
      Brenden Blanco authored
      Add perf_submit_skb
      96483d48
    • Martin KaFai Lau's avatar
      Add perf_submit_skb · bdad3840
      Martin KaFai Lau authored
      For BPF_PROG_TYPE_SCHED_CLS/ACT, the upstream kernel has recently added a
      feature to efficiently output skb + meta data:
      commit 555c8a8623a3 ("bpf: avoid stack copy and use skb ctx for event output")
      
      This patch adds perf_submit_skb to BPF_PERF_OUTPUT macro.  It takes
      an extra u32 argument.  perf_submit_skb will then be expanded to
      bpf_perf_event_output properly to consider the newly added
      u32 argument as the skb's len.
      
      Other than the above described changes, perf_submit_skb is almost
      a carbon copy of the perf_submit except the removal of the 'string name'
      variable since I cannot find a specific use of it.
      
      Note that the 3rd param type of bpf_perf_event_output has also been
      changed from u32 to u64.
      
      Added a sample program tc_perf_event.py.  Here is how the output
      looks like:
      [root@arch-fb-vm1 networking]# ./tc_perf_event.py
      Try: "ping -6 ff02::1%me"
      
      CPU SRC IP                           DST IP       Magic
      0   fe80::982f:5dff:fec1:e52b        ff02::1      0xfaceb00c
      0   fe80::982f:5dff:fec1:e52b        ff02::1      0xfaceb00c
      0   fe80::982f:5dff:fec1:e52b        ff02::1      0xfaceb00c
      1   fe80::982f:5dff:fec1:e52b        ff02::1      0xfaceb00c
      1   fe80::982f:5dff:fec1:e52b        ff02::1      0xfaceb00c
      1   fe80::982f:5dff:fec1:e52b        ff02::1      0xfaceb00c
      bdad3840
  19. 21 Aug, 2016 1 commit
  20. 20 Aug, 2016 2 commits