- 13 Sep, 2015 1 commit
-
-
Brenden Blanco authored
Support for act_bpf is available for testing in https://github.com/drzaeus77/pyroute2Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
- 12 Sep, 2015 1 commit
-
-
4ast authored
Don't include git tag in .so suffix
-
- 11 Sep, 2015 5 commits
-
-
Brenden Blanco authored
The git hash was being include in the shared library name. This leads to polution of the /usr/lib directory. Instead, just use the latest tag in the library suffix. As a developer, you will need to clean up the /usr/lib/libbcc* files whenever a new tag is created. Fixes: #207 Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
Brenden Blanco authored
sync readme hello_world.py example with actual implementation
-
Yonghong Song authored
Signed-off-by: Yonghong Song <yhs@plumgrid.com>
-
4ast authored
Add clang command line invocation to debug=0x4
-
Brenden Blanco authored
This adds the command line arguments of clang to debug flag 0x4 in the clang frontend. Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
- 10 Sep, 2015 16 commits
-
-
Brenden Blanco authored
some README rework
-
Brendan Gregg authored
-
Brendan Gregg authored
-
Brendan Gregg authored
-
Brendan Gregg authored
-
Brenden Blanco authored
funccount and BPF_HASH updates
-
Brendan Gregg authored
-
Brendan Gregg authored
-
Brendan Gregg authored
-
Brendan Gregg authored
-
Brendan Gregg authored
-
4ast authored
Always autoload k[ret]probe__ prefixed functions
-
Brenden Blanco authored
This will shorten some examples, no longer requiring them to call attach_kprobe. Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
4ast authored
Improve coverage for kprobe event_re
-
Brenden Blanco authored
This makes the attachment of kprobes to arbitrary events more robust. Issue 1: Functions with '.' characters should not have similarly named probes. Issue 2: Functions in the blacklist should not be attached to. Issue 3: Some functions matched by regex cannot actually be attached to, despite not being in the blacklist...possibly the blacklist is outdated? Instead, warn instead of error during bulk regex attach. Issue 4: Attaching to large numbers of kprobes gets to be very slow. For now, leave this unresolved. For reasonably sized regexes, startup times may be acceptable, and shutdown times are actually the worse part. To speed up shutdown, one could add the following after the last attach_kprobe to disable auto-cleanup: ``` from bcc import open_kprobes open_kprobes = {} ``` Then, once the program is exited, one must manually echo "" > kprobe_events Some numbers: attaching to event_re='tcp_*': 2 sec startup, 15 sec shutdown attaching to event_re='b*': 10 sec startup, 75 sec shutdown attaching to event_re='*': unknown (>20 min) startup, unknown shutdown The slowdowns appear to be exponential, doubtful that '*' will ever complete. Fixes: #199 Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
4ast authored
Autoload kprobes for all types of trace_* functions
-
- 09 Sep, 2015 12 commits
-
-
Brenden Blanco authored
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
Brenden Blanco authored
The previous patch #195 for autoloading of kprobes only did it for trace_print. Turn this feature on for all trace_* functions. This requires that these functions are also no longer staticmethods. Enable the feature in examples/disksnoop.py Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
4ast authored
Fix breakage in bpf_probe_read from #196
-
Brenden Blanco authored
Argument needs to be cast to u64, otherwise it is adding a whole pointer stride. Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
4ast authored
Add debug and fix the inline replace of kprobe args
-
Brenden Blanco authored
The way in which args 1+ were being replaced in the C file was fragile. Instead, assign the registers from ptregs into the function arguments as the first statement(s) in the body of the function. e.g.: int sys_clone(struct ptregs *ctx, struct request *req) { // do something with req } becomes: int sys_clone(struct ptregs *ctx, struct request *req) { req = ctx->di; // do something with req Fixes: #192 Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
Brenden Blanco authored
* Many times it is useful to print out the C file after the BFrontendAction has run. e.g.: BPF("file.c", debug=0x4) Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
4ast authored
Change auto-loading behavior of trace_print
-
Brenden Blanco authored
Since kprobe functions will have a different prototype than the kernel symbols they are attaching to, require that the user prefix the trace function with a kprobe__ name to denote intent. kretprobe__ prefix is also supported. Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
Brenden Blanco authored
* As @brendangregg pointed out, users will probably assume that handily-named C functions that can be auto-loaded will be all the time, rather than just in the singleton case. This is pretty easy to implement, so changing the behavior. Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
4ast authored
Support automatic kprobe event detection in common case
-
Brenden Blanco authored
* In the simple case, a user only creates 1 C function to be used with kprobes. Detect this common case and don't require the user to repeat themselves by passing the fn_name to attach_kprobe(). e.g.: BPF(text='int sys_clone(void *ctx) {/*do stuff*/}').trace_print() Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
- 08 Sep, 2015 4 commits
-
-
4ast authored
Suppress None return when trace_pipe drops lines
-
Brenden Blanco authored
* When a "CPU: X Lost N events" line came on the trace_pipe, trace_fields would return None and cause exceptions in callers that do (a, b, ...) = b.trace_fields() type of calls. Instead, keep reading from trace_pipe when such messages come. Fixes: #187 Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
Brenden Blanco authored
Add BPF_HASH macro with variadic arguments
-
Brenden Blanco authored
print_log2_hist() for #143
-
- 07 Sep, 2015 1 commit
-
-
Brendan Gregg authored
-