- 06 Apr, 2017 4 commits
-
-
Teng Qin authored
-
Teng Qin authored
-
Quentin Monnet authored
-
4ast authored
Updates to Lua/BPF code generator
-
- 05 Apr, 2017 9 commits
-
-
Marek Vavruša authored
-
Marek Vavruša authored
the BPF maps and pointers were previously implicitly dereferenced whenever an operation on them required a value and not a pointer. the upside is that accessing map element data didn’t require an explicit operation, the downside is that it wasn’t possible to get the value explicitly. this makes it possible to dereference any pointer and materialize the value in the register as long as it’s shorter than register width using `ptr[0]` element access operator.
-
Marek Vavruša authored
the DW LD_ABS|IND is prohibited, so it is implemented as a double W load with shift. this is slow as it also has to undo the ntohl semantics of W loads, but makes dissection of 64bit fields with absolute addressing possible
-
Marek Vavruša authored
the direct access to packet is implemented as a `load_bytes(off, var)` built-in for basic support, there is no implicit data loader using it yet
-
Marek Vavruša authored
the packet can now use indirect addressing mode using NET_OFF to read from network protocol off it has convenience dissectors for IPv4 and IPv6, that can be used like: ``` local net = pkt.net_off if net.ver == 4 then local ip = net.ip else local ip6 = net.ip6 end ```
-
4ast authored
Free demangle_name after use
-
4ast authored
docs: update list of XDP compatible drivers
-
Quentin Monnet authored
Add missing nfp driver to the list. While we're at it, add name and pointers for other drivers for which XDP support is known to exist, but has not yet been pushed to the main kernel branch. Note that e1000e is not available online at this date, the link points to an email stating that the patch could be provided upon request.
-
Teng Qin authored
-
- 04 Apr, 2017 6 commits
-
-
4ast authored
Extend cpp table API
-
Suchakra Sharma authored
* KVM hypercall analysis example * Update README with KVM analysis example
-
Teng Qin authored
When events were lost, we used to print a message to stderr, which is less useful. Now, we allow attaching an optional callback that would be invoked when events are lost, allowing the user's program to perform some additional processing.
-
Mauricio Vasquez B authored
Signed-off-by: Mauricio Vasquez B <mauricio.vasquez@polito.it>
-
Mauricio Vasquez B authored
Before this commit there was not a specify way to handle a map of type array. A workaround was to use it as a hash table with int as key type. This commit creates a new class (BPFArrayTable) that allows to get and update the value of an element. Signed-off-by: Mauricio Vasquez B <mauricio.vasquez@polito.it>
-
Mauricio Vasquez B authored
This commit extends the api for hash tables allowing to get, update and delete elements Signed-off-by: Mauricio Vasquez B <mauricio.vasquez@polito.it>
-
- 03 Apr, 2017 6 commits
-
-
Brenden Blanco authored
RFC: rework of shared table into multiple classes
-
Brenden Blanco authored
Add table_storage.h to list of installed files for external c++ linking. Signed-off-by: Brenden Blanco <bblanco@gmail.com>
-
Brenden Blanco authored
Adds a reference to the ts_ member, for use by BPF class to access the storage object and perform lookups. Note that get_hash_table/get_stack_table don't have an error return, so failure to lookup the table name will result in undefined behavior (which is actually the case prior to this commit as well). Also update indentation per clang-format Signed-off-by: Brenden Blanco <bblanco@gmail.com>
-
Brenden Blanco authored
Adds a TableStorage class for use by language frontends to store/access references to loaded bpf maps. Includes support for shared and namespaced maps, in a directory-like hierarchy. Add a FileDesc helper class to automatically wrap open file descriptors. The object prevents implicit copying of the fd (allows only rvalue/move()), and takes care of the close() call. Add a reference implementation of a TableStorageImpl that performs the current default behavior expected by BPF_TABLE_PUBLIC, which is to share maps between BPFModules in the same-process only. A stub implementation for bpffs is started. Update b/clang frontends to use this new class. Also included is a framework for extracting the type information of maps in an extensible way. Migrate BMapDeclVisitor to use this as the first consumer. Signed-off-by: Brenden Blanco <bblanco@gmail.com>
-
4ast authored
update tools diagram
-
Brendan Gregg authored
-
- 02 Apr, 2017 3 commits
-
-
Brendan Gregg authored
funcslower: Trace slow kernel or user function calls
-
Paul Chaignon authored
-
Brenden Blanco authored
stacksnoop: Retire and move to examples/tracing
-
- 01 Apr, 2017 8 commits
-
-
Sasha Goldshtein authored
-
Sasha Goldshtein authored
-
Sasha Goldshtein authored
-
Sasha Goldshtein authored
-
Sasha Goldshtein authored
This tool attaches to entry and return points of specified functions and traces function calls slower than a given threshold. Resolves #915.
-
Sasha Goldshtein authored
Move stacksnoop to examples/tracing. Originally we considered leaving a script that redirects to the `trace` tool, but decided not to. Any users of stacksnoop can migrate directly to `trace`. Resolves #737.
-
Paul Chaignon authored
Inserts element in map only if it does not already exist. Throws a warning during rewriter step if used on a BPF array.
-
Teng Qin authored
* Add an option to resolve address without demangling * Expose new no-demangling option to Python
-
- 31 Mar, 2017 2 commits
- 30 Mar, 2017 2 commits
-
-
Iago López Galeiras authored
* tools: add tcptracer This allows tracking TCP connections by tracking TCP connects, closes and accepts. This is different from existing tools like tcpconnect or tcpaccept in that: * It includes more information like network namespace or source ports for tcpconnects or remote ports for tcpaccepts * It traces tcp_close allowing to see when a connection ends * It only shows information about established connections * tcptracer: add to README * tcptracer: add example * tcptracer: add man page
-
Paul Chaignon authored
* cc: bcc function to detect the language of a process bcc_procutils_language looks into /proc/$pid/cmdline, /proc/$pid/exe, and /proc/$pid/maps to determine the language. Python wrapper takes a list of candidate languages; if the detected language is not part of the list, None is returned. * u* tools: automatically detect the language Uses the detect_language bcc helper. -l switch can override the detected language. In uthreads and ucalls, the language can be overwritten to 'none' to trace pthreads and syscalls respectively. All tools use the -l switch to set the language, for consistency.
-