- 05 Oct, 2017 1 commit
-
-
Sandipan Das authored
This fixes 'tools/statsnoop' from failing to attach probes when the expected entry point for a system call cannot be found. This script uses the 'stat', 'statfs' and 'newstat' system calls, all of which must be implemented to be POSIX compliant. However, the names of the actual entry points for their respective implementations in the kernel might vary across architectures. For example, a powerpc64 kernel does not define 'sys_stat' but still provides the 'stat' system call via 'sys_newstat'. This causes the script to fail if it tries to attach a probe at 'sys_stat'. We avoid this by performing some extra checks to see if these entry points exist. Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>
-
- 04 Oct, 2017 3 commits
-
-
yonghong-song authored
examples:dns_matching: make it work as a DNS sniffer
-
Prashant Bhole authored
Accepts arguments from user. This change makes it slightly more interactive. usage is show with -h option, so no extra documentation required for understanding the usage.
-
Prashant Bhole authored
Reason: The intention of initial version of this example was to provide a loop-uprolling example and expected functionality was to drop DNS packets requesting the DNS name contained in the map. But the functionality doesn't work as exepected because the BPF program attached to the raw socket only filters the packets received by the python program. With these modifications, it still serves as a loop-unrolling example, with slightly different functionality. Inverted return values of bpf program. It keeps the packet if the name in DNS packet is also exists in the map. All other packets are dropped. Python program is modified to read packets from raw socket. DNS data from the packet is parsed and printed using dnslib library.
-
- 03 Oct, 2017 2 commits
-
-
yonghong-song authored
Add basic USDT support for powerpc64
-
Yonghong Song authored
The patch adds a new debug option "DEBUG_SOURCE = 8" to dump insns embedded with source. In C++ API, users can change BPF constructor "flag" value to enable debug output. In Python API, users can change "debug" value to enable debug output. For example, for python test program test_usdt.py, the debug output looks like below: ...... Disassembly of section .bpf.fn.do_trace1: do_trace1: ; int do_trace1(struct pt_regs *ctx) { // Line 110 0: bf 16 00 00 00 00 00 00 r6 = r1 1: b7 01 00 00 00 00 00 00 r1 = 0 ; struct probe_result_t1 result = {}; // Line 111 2: 7b 1a f0 ff 00 00 00 00 *(u64 *)(r10 - 16) = r1 ; switch(ctx->ip) { // Line 5 3: 79 61 80 00 00 00 00 00 r1 = *(u64 *)(r6 + 128) 4: 15 01 04 00 d7 06 40 00 if r1 == 4196055 goto 4 5: 55 01 06 00 ce 06 40 00 if r1 != 4196046 goto 6 ; case 0x4006ceULL: *((int8_t *)dest) = ctx->ax; __asm__ __volatile__("": : :"memory"); return 0; // Line 6 6: 79 61 50 00 00 00 00 00 r1 = *(u64 *)(r6 + 80) ...... For asm insns, byte code is also dumped out (similar to objdump). For source codes, only lines in the module file are printed (as expected). The line number is added at the end of source code, which is especially helpful for inlined functions. This functionality is only in llvm 6.x (the trunk version), which provides an public interface to create a dwarf context based on a set of in-memory debug sections. llvm 5.x also provides such a public interface in a different way, and this patch does not support it in bcc yet. llvm 4.x and lower do not have such a public interface and hence will not be supported in bcc. In this patch, the debug output only goes to stderr. A subsequent patch will dump the per-function output into <BCC_PROG_TAG_DIR>/bpf_prog_<tag>/ if it is available. Signed-off-by: Yonghong Song <yhs@fb.com>
-
- 02 Oct, 2017 1 commit
-
-
Prashant Bhole authored
Makes it slightly easier to add more cache entries
-
- 01 Oct, 2017 1 commit
-
-
yonghong-song authored
examples: fix dns_matching
-
- 29 Sep, 2017 1 commit
-
-
Paul Chaignon authored
Partially reverts 80667b7b, "Fix unary operator handling of probe reads with parens", keeping the test case. With 4c6ecb46, "Restrict rewrite of unary operators to dereference operator," only dereferences are rewritten, removing the need for the previous fix. Reverting 80667b7b allows bcc to rewrite more dereferences, as highlighted in the new test case.
-
- 28 Sep, 2017 3 commits
-
-
Prashant Bhole authored
The for loop was copying garbase characters after domain name. Fixed this by adding correct terminating condition. Also removed unnecessary code Signed-off-by: Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp>
-
Prashant Bhole authored
Loop unrolling was not working because of if-condition in the loop. Added #pragma unroll directive. Signed-off-by: Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp>
-
Prashant Bhole authored
Changed key length to 255, maximum length of DNS domain name. Also fixed double increment of loop variable. These both changes fix buffer overrun. Signed-off-by: Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp>
-
- 27 Sep, 2017 1 commit
-
-
yonghong-song authored
bpf_probe_read*: src argument should be const void *.
-
- 26 Sep, 2017 8 commits
-
-
yonghong-song authored
Fix shared library loaded into multiple sections
-
Teng Qin authored
-
Teng Qin authored
-
Teng Qin authored
-
yonghong-song authored
Use ELF load sections in address -> symbol resolution
-
Sandipan Das authored
This adds powerpc64-specific test cases in 'test_usdt_args' and also updates the folly tracing headers to be able to produce compatible USDT markers for 'test_usdt'. The folly tracing ELF header now provides macros for all supported architectures instead of just x86. Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>
-
Sandipan Das authored
This adds basic support for parsing USDT arguments having operands in the powerpc64 format. The following operand formats are supported for now: * iNUM or i-NUM * REG or %rREG * NUM(REG) or -NUM(REG) or NUM(%rREG) or -NUM(%rREG) * REG,REG or %rREG,%rREG Where NUM represents a numeric constant and REG represents a general-purpose register. Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>
-
Paul Chaignon authored
LPM trie maps require the BPF_F_NO_PREALLOC flag on creation. The need for this flag is not obvious at first; this new macro should help avoid the mistake.
-
- 25 Sep, 2017 4 commits
-
-
Teng Qin authored
-
Teng Qin authored
-
yonghong-song authored
Fix edge case when doing symbol name -> address resolution
-
Kirill Smelkov authored
For the following program: #include <linux/interrupt.h> // remember t(last-interrupt) on interface int kprobe__handle_irq_event_percpu(struct pt_regs *ctx, struct irq_desc *desc) { const char *irqname = desc->action->name; char c; bpf_probe_read(&c, 1, &irqname[0]); if (c != 'e') return 0; bpf_probe_read(&c, 1, &irqname[1]); if (c != 't') return 0; ... LLVM gives warnings because irqaction->name is `const char *`: /virtual/main.c:10:27: warning: passing 'const char *' to parameter of type 'void *' discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers] bpf_probe_read(&c, 1, &irqname[0]); ^~~~~~~~~~~ /virtual/main.c:13:27: warning: passing 'const char *' to parameter of type 'void *' discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers] bpf_probe_read(&c, 1, &irqname[1]); ^~~~~~~~~~~ ... Instead of adding casts in source everywhere fix bpf_probe_read* signature to indicate the memory referenced by src won't be modified, as it should be. P.S. bpf_probe_read_str was in fact already marked so in several places in comments but not in actual signature.
-
- 21 Sep, 2017 6 commits
-
-
Teng Qin authored
-
Teng Qin authored
-
Teng Qin authored
-
Sandipan Das authored
In order to run, some test programs depend on the availability of binaries in locations that are part of PATH. So, we add a generic utility to simplify this. Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>
-
Sandipan Das authored
If netperf is not installed or installed at a location that is not in PATH as recognized by Python, then 'test_brb' and 'test_brb2' freeze after an OSError is raised. To avoid this, we proactively check if the 'iperf', 'netserver' and 'netperf' binaries are available before making the corresponding NSPopen() calls. Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>
-
yonghong-song authored
Fix 'test_debuginfo' from failing if a kernel symbol has multiple aliases
-
- 20 Sep, 2017 3 commits
-
-
Brendan Gregg authored
Update LINKS.md
-
Paul Chaignon authored
-
Sandipan Das authored
The first symbol from /proc/kallsyms is read by 'test_debuginfo' and the name obtained here is compared against the name obtained from the BPF.ksym() library call. In some architectures such as powerpc64le, a kernel symbol may have multiple aliases that refer to the same address. So, to avoid the test from failing, we need to compare the name returned by BPF.ksym() against all possible aliases for the given address in /proc/kallsyms and look for a match. Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>
-
- 15 Sep, 2017 2 commits
-
-
Gary Lin authored
Signed-off-by: Gary Lin <glin@suse.com>
-
Teng Qin authored
-
- 13 Sep, 2017 1 commit
-
-
Teng Qin authored
-
- 12 Sep, 2017 2 commits
-
-
Colin Ian King authored
Signed-off-by: Colin Ian King <colin.king@canonical.com>
-
samuelnair authored
nfsdist: trace NFS operation latency distribution, similar to the other *dist tools.
-
- 09 Sep, 2017 1 commit
-
-
Brendan Gregg authored
Fix for incorrect tool arguments in the man pages
-