- 15 Sep, 2015 6 commits
-
-
Brenden Blanco authored
This commit adds support for multiple consecutive and nested pointer dereference of function arguments that should be converted to bpf_probe_read. The logic works by marking variables as needing a probe_read if they come from the register argument, and then applying this property transitively. Supported syntax: ``` int trace_entry(struct pt_regs *ctx, struct file *file) { struct vfsmount *mnt = file->f_path.mnt; struct super_block *k = mnt->mnt_sb; const char *name = file->f_path.dentry->d_name.name; ``` Not supported: probe reads from map leaves, probe reads after explicit casts. Fixes: #188 Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
Brenden Blanco authored
add ebpf method to retrieve bytecode
-
Rich Lane authored
-
Rich Lane authored
-
Rich Lane authored
This is useful if you want to use bcc as a compiler without running the program.
-
Brenden Blanco authored
updated mainline version to support bridge
-
- 14 Sep, 2015 1 commit
-
-
affansyed authored
-
- 13 Sep, 2015 3 commits
-
-
4ast authored
Change test_xlate1 to use act_bpf instead of cls_bpf
-
Brenden Blanco authored
Support for act_bpf is available for testing in https://github.com/drzaeus77/pyroute2Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
affansyed authored
-
- 12 Sep, 2015 1 commit
-
-
4ast authored
Don't include git tag in .so suffix
-
- 11 Sep, 2015 5 commits
-
-
Brenden Blanco authored
The git hash was being include in the shared library name. This leads to polution of the /usr/lib directory. Instead, just use the latest tag in the library suffix. As a developer, you will need to clean up the /usr/lib/libbcc* files whenever a new tag is created. Fixes: #207 Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
Brenden Blanco authored
sync readme hello_world.py example with actual implementation
-
Yonghong Song authored
Signed-off-by: Yonghong Song <yhs@plumgrid.com>
-
4ast authored
Add clang command line invocation to debug=0x4
-
Brenden Blanco authored
This adds the command line arguments of clang to debug flag 0x4 in the clang frontend. Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
- 10 Sep, 2015 17 commits
-
-
Brenden Blanco authored
some README rework
-
Brendan Gregg authored
-
Brendan Gregg authored
-
Brendan Gregg authored
-
Brendan Gregg authored
-
Brenden Blanco authored
funccount and BPF_HASH updates
-
Brendan Gregg authored
-
Brendan Gregg authored
-
Brendan Gregg authored
-
Brendan Gregg authored
-
Brendan Gregg authored
-
4ast authored
Always autoload k[ret]probe__ prefixed functions
-
Brenden Blanco authored
This will shorten some examples, no longer requiring them to call attach_kprobe. Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
4ast authored
Improve coverage for kprobe event_re
-
affansyed authored
This version of the mainline kernel supports the bridge and vlan learning examples (i.e. the additional APIs). Will allow new users to run all examples provided.
-
Brenden Blanco authored
This makes the attachment of kprobes to arbitrary events more robust. Issue 1: Functions with '.' characters should not have similarly named probes. Issue 2: Functions in the blacklist should not be attached to. Issue 3: Some functions matched by regex cannot actually be attached to, despite not being in the blacklist...possibly the blacklist is outdated? Instead, warn instead of error during bulk regex attach. Issue 4: Attaching to large numbers of kprobes gets to be very slow. For now, leave this unresolved. For reasonably sized regexes, startup times may be acceptable, and shutdown times are actually the worse part. To speed up shutdown, one could add the following after the last attach_kprobe to disable auto-cleanup: ``` from bcc import open_kprobes open_kprobes = {} ``` Then, once the program is exited, one must manually echo "" > kprobe_events Some numbers: attaching to event_re='tcp_*': 2 sec startup, 15 sec shutdown attaching to event_re='b*': 10 sec startup, 75 sec shutdown attaching to event_re='*': unknown (>20 min) startup, unknown shutdown The slowdowns appear to be exponential, doubtful that '*' will ever complete. Fixes: #199 Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
4ast authored
Autoload kprobes for all types of trace_* functions
-
- 09 Sep, 2015 7 commits
-
-
Brenden Blanco authored
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
Brenden Blanco authored
The previous patch #195 for autoloading of kprobes only did it for trace_print. Turn this feature on for all trace_* functions. This requires that these functions are also no longer staticmethods. Enable the feature in examples/disksnoop.py Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
4ast authored
Fix breakage in bpf_probe_read from #196
-
Brenden Blanco authored
Argument needs to be cast to u64, otherwise it is adding a whole pointer stride. Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
4ast authored
Add debug and fix the inline replace of kprobe args
-
Brenden Blanco authored
The way in which args 1+ were being replaced in the C file was fragile. Instead, assign the registers from ptregs into the function arguments as the first statement(s) in the body of the function. e.g.: int sys_clone(struct ptregs *ctx, struct request *req) { // do something with req } becomes: int sys_clone(struct ptregs *ctx, struct request *req) { req = ctx->di; // do something with req Fixes: #192 Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
Brenden Blanco authored
* Many times it is useful to print out the C file after the BFrontendAction has run. e.g.: BPF("file.c", debug=0x4) Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-