- 10 Sep, 2015 2 commits
-
-
Brenden Blanco authored
This makes the attachment of kprobes to arbitrary events more robust. Issue 1: Functions with '.' characters should not have similarly named probes. Issue 2: Functions in the blacklist should not be attached to. Issue 3: Some functions matched by regex cannot actually be attached to, despite not being in the blacklist...possibly the blacklist is outdated? Instead, warn instead of error during bulk regex attach. Issue 4: Attaching to large numbers of kprobes gets to be very slow. For now, leave this unresolved. For reasonably sized regexes, startup times may be acceptable, and shutdown times are actually the worse part. To speed up shutdown, one could add the following after the last attach_kprobe to disable auto-cleanup: ``` from bcc import open_kprobes open_kprobes = {} ``` Then, once the program is exited, one must manually echo "" > kprobe_events Some numbers: attaching to event_re='tcp_*': 2 sec startup, 15 sec shutdown attaching to event_re='b*': 10 sec startup, 75 sec shutdown attaching to event_re='*': unknown (>20 min) startup, unknown shutdown The slowdowns appear to be exponential, doubtful that '*' will ever complete. Fixes: #199 Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
4ast authored
Autoload kprobes for all types of trace_* functions
-
- 09 Sep, 2015 12 commits
-
-
Brenden Blanco authored
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
Brenden Blanco authored
The previous patch #195 for autoloading of kprobes only did it for trace_print. Turn this feature on for all trace_* functions. This requires that these functions are also no longer staticmethods. Enable the feature in examples/disksnoop.py Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
4ast authored
Fix breakage in bpf_probe_read from #196
-
Brenden Blanco authored
Argument needs to be cast to u64, otherwise it is adding a whole pointer stride. Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
4ast authored
Add debug and fix the inline replace of kprobe args
-
Brenden Blanco authored
The way in which args 1+ were being replaced in the C file was fragile. Instead, assign the registers from ptregs into the function arguments as the first statement(s) in the body of the function. e.g.: int sys_clone(struct ptregs *ctx, struct request *req) { // do something with req } becomes: int sys_clone(struct ptregs *ctx, struct request *req) { req = ctx->di; // do something with req Fixes: #192 Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
Brenden Blanco authored
* Many times it is useful to print out the C file after the BFrontendAction has run. e.g.: BPF("file.c", debug=0x4) Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
4ast authored
Change auto-loading behavior of trace_print
-
Brenden Blanco authored
Since kprobe functions will have a different prototype than the kernel symbols they are attaching to, require that the user prefix the trace function with a kprobe__ name to denote intent. kretprobe__ prefix is also supported. Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
Brenden Blanco authored
* As @brendangregg pointed out, users will probably assume that handily-named C functions that can be auto-loaded will be all the time, rather than just in the singleton case. This is pretty easy to implement, so changing the behavior. Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
4ast authored
Support automatic kprobe event detection in common case
-
Brenden Blanco authored
* In the simple case, a user only creates 1 C function to be used with kprobes. Detect this common case and don't require the user to repeat themselves by passing the fn_name to attach_kprobe(). e.g.: BPF(text='int sys_clone(void *ctx) {/*do stuff*/}').trace_print() Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
- 08 Sep, 2015 4 commits
-
-
4ast authored
Suppress None return when trace_pipe drops lines
-
Brenden Blanco authored
* When a "CPU: X Lost N events" line came on the trace_pipe, trace_fields would return None and cause exceptions in callers that do (a, b, ...) = b.trace_fields() type of calls. Instead, keep reading from trace_pipe when such messages come. Fixes: #187 Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
Brenden Blanco authored
Add BPF_HASH macro with variadic arguments
-
Brenden Blanco authored
print_log2_hist() for #143
-
- 07 Sep, 2015 5 commits
-
-
Brendan Gregg authored
-
Brendan Gregg authored
-
Brendan Gregg authored
-
Brendan Gregg authored
-
Brendan Gregg authored
-
- 06 Sep, 2015 2 commits
-
-
Brenden Blanco authored
* Per suggestion in #149 Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
Brenden Blanco authored
* Usage: BPF_HASH(tablename, key_type=u64, leaf_type=u64) 2nd and 3rd arguments are optional in the C++ default argument style Fixes: #135 Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
- 05 Sep, 2015 4 commits
-
-
4ast authored
Shorten trace_readline_fields to trace_fields
-
Brenden Blanco authored
* Per suggestion in #149 Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
Brenden Blanco authored
simplify code using new features
-
Brendan Gregg authored
-
- 04 Sep, 2015 8 commits
-
-
4ast authored
Reorganize cmake, some cleanups and test fixes.
-
Brenden Blanco authored
* After a kernel update, the binary of schedule function changed offset, and the attachment point updated. Since this is just a test case, pick a different function to test. Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
Brenden Blanco authored
* The c++ exception code was unused, now it is just c macro style "exceptions" Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
Brenden Blanco authored
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
4ast authored
Update README.md and INSTALL.md, specfile dependencies
-
Brenden Blanco authored
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
Brenden Blanco authored
* These files are required to build the test rpm Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
Brenden Blanco authored
* Add some runtime dependencies in INSTALL.md * make and gcc are required at runtime, so add them to libbcc Requires: Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
- 03 Sep, 2015 3 commits
-
-
Brenden Blanco authored
* Some changes to python API examples * Reflect non-rc kernel availability in install doc * Add binary rpm section to install doc * Remove docker build instructions Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
-
4ast authored
Fixes for when using clang/llvm as CC/CXX
-
4ast authored
Enhance check for presence of static-libstdc++
-