1. 30 May, 2018 2 commits
    • Paul Chaignon's avatar
      tcplife: fix dport filter on tracepoints · 95b3d8c8
      Paul Chaignon authored
      When using tracepoints, the destination port is retrieved in host
      byte order and there is no need to convert it, contrary to the
      kprobe version.
      95b3d8c8
    • smartx-usman's avatar
      Added vlan_filter application. (#1773) · b50c7251
      smartx-usman authored
      * Added vlan_filter application.
      
      * Added demo application and changed timestamp to human readable format.
      
      * changed files to executable and updated README.md file dependencies part.
      
      * Fixed header printout to match actual output and README.
      b50c7251
  2. 29 May, 2018 4 commits
  3. 25 May, 2018 3 commits
  4. 24 May, 2018 2 commits
    • yonghong-song's avatar
      Merge pull request #1752 from pchaigno/fix-unaryop-deref · eee383cf
      yonghong-song authored
      Fix dereference replacements for pointers to pointers
      eee383cf
    • Yonghong Song's avatar
      fix tcplife.py rewriter issue · cb136c15
      Yonghong Song authored
      rewriter tried to rewrite an argument for a user written
      bpf_probe_read and triggers a clang compilation error.
      
        $ tcplife.py
        /virtual/main.c:134:41: error: cannot take the address of an rvalue of type 'typeof(u64)' (aka 'unsigned long long')
          ...&({ typeof(u64) _val; __builtin_memset(&_val, 0, sizeof(_val)); bpf_probe_read(&_val, sizeof(_val), (u64)&tp->bytes_received); _val; }));
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        /virtual/main.c:135:41: error: cannot take the address of an rvalue of type 'typeof(u64)' (aka 'unsigned long long')
          ...&({ typeof(u64) _val; __builtin_memset(&_val, 0, sizeof(_val)); bpf_probe_read(&_val, sizeof(_val), (u64)&tp->bytes_acked); _val; }));
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        2 errors generated.
      
      changing bpf_probe_read to regular pointer access fixed the issue.
      Signed-off-by: default avatarYonghong Song <yhs@fb.com>
      cb136c15
  5. 23 May, 2018 2 commits
    • Paul Chaignon's avatar
      55299115
    • Paul Chaignon's avatar
      Fix dereference replacements for pointers to pointers · 471f1ea1
      Paul Chaignon authored
      Currently, the bcc rewriter is unable to track external pointers if
      there is more than a single level of indirection (e.g., pointer to
      external pointer).  For example, in the following, the rewriter is
      unable to detect that ptr2 doesn't need a call to bpf_probe_read,
      only *ptr2 do.
      
      int test(struct pt_regs *ctx, struct sock *sk) {
          struct sock *ptr1;
          struct sock **ptr2 = &ptr1;
          *ptr2 = sk;
          return ((struct sock *)(*ptr2))->sk_daddr;
      }
      
      This commit fixes this issue by tracking the levels of indirections
      in addition to the variable declarations (identifies each variable).
      When traversing dereferences, the level of indirections is used to
      decide whether the base expression is an external pointer.  The level
      of indirections is inherited when a pointer is assigned to a new
      variable (assignments and function calls).
      471f1ea1
  6. 21 May, 2018 2 commits
  7. 20 May, 2018 2 commits
  8. 18 May, 2018 4 commits
  9. 17 May, 2018 2 commits
  10. 16 May, 2018 3 commits
    • Teng Qin's avatar
      Add extra_flag option to bpf_attach_perf_event_raw · bf2513df
      Teng Qin authored
      The bpf_attach_perf_event_raw API is designed to provide maximum
      flexibility for people to use advanced features of Kernel Perf Events
      with BPF. Some times specifying flags is neccesary, such as if we want
      to use `PERF_FLAG_PID_CGROUP` to profile a container. This commit adds
      `extra_flag` option to C and C++ interface
      bf2513df
    • 4ast's avatar
      Merge pull request #1763 from iovisor/yhs_dev · 683c19a8
      4ast authored
      link with bpf-static library for bps
      683c19a8
    • Teng Qin's avatar
      Misc fixes for C++ USDT class (#1764) · cb5bc0e0
      Teng Qin authored
      * Add stream debug output for C++ USDT class
      
      This commit adds ability to output USDT class debug message to iostream
      
      * USDT::init() as public function
      
      It would be nice for users be able to call init() and see if the probe
      exists / well-formatted before sending them to BPF instance
      cb5bc0e0
  11. 15 May, 2018 2 commits
  12. 14 May, 2018 1 commit
    • Teng Qin's avatar
      Do not calculate syscall prefix proactively in C++ API (#1755) · db6e2931
      Teng Qin authored
      Currently do calculate the syscall prefix in BPF::init, which requires
      loading kallsyms etc. But a lot of times the functionality will not be
      used. This commit changes that we only calculate the syscall prefix the
      first time we call get_syscall_fnname
      
      Also change to use the KSym class directly for better destruct
      production
      db6e2931
  13. 11 May, 2018 2 commits
  14. 10 May, 2018 3 commits
  15. 09 May, 2018 3 commits
  16. 08 May, 2018 3 commits
    • Paul Chaignon's avatar
      Trace all external pointers passed through a first map (#1737) · ad2d0d9f
      Paul Chaignon authored
      * Trace all external pointers going through a first map
      
      Currently, MapVisitor only detects maps with external pointers as
      values if the value was directly passed from a function's argument.
      For example, in the following, the rewriter is currently unable to
      detect currsock has an external pointer as value because an
      intermediate variable is used instead of passing directly sk as the
      map's value.
      
          int test(struct pt_regs *ctx, struct sock *sk) {
              u32 pid = bpf_get_current_pid_tgid();
              struct sock **skp = &sk;
              currsock.update(&pid, skp);
              return 0;
          };
      
      With this commit, MapVisitor is able to trace any external pointer
      derived from the function's argument and used as a map value. This
      commit breaks the ProbeVisitor traversal in two distinct traversals.
      The first rewrites dereferences of external pointers originating
      from function's arguments and helpers, while the second rewrites only
      dereferences of external pointers passed through maps.
      Maps with external pointers as values are identified between the two
      ProbeVisitor traversals.
      
      * New tests for external pointers passed through maps
      
      test_ext_ptr_maps_reverse ensures dereferences are correctly replaced
      even if the update happens after the lookup (in the order of
      MapVisitor traversal).
      test_ext_ptr_maps_indirect ensures the rewriter is able to trace
      external pointers used as map values even if using an intermediate
      variable.
      ad2d0d9f
    • Javier Honduvilla Coto's avatar
      Fix USDT probes arguments' encoding in Python3 (#1736) · 42da08aa
      Javier Honduvilla Coto authored
      * Fix USDT probes arguments' encoding in Python3
      
      Running `trace` on a binary's USDT while fetching some arguments (
      `sudo python3 trace.py -p $(pidof ruby) 'u:ruby:array__create "%d",
      arg1'`) fails with `argument 2: <class 'TypeError'>: wrong type`.
      
      This PR fixes the encoding of the USDT probe name in
      udst.py `get_probe_arg_ctype` function. I've tested this works on Python 2 too.
      42da08aa
    • yonghong-song's avatar
      Merge pull request #1738 from pchaigno/links-circonus · 4139b198
      yonghong-song authored
      Link to article on how Circonus uses bcc
      4139b198