import json
import os
import re
-import struct
import errno
import sys
import platform
from .utils import get_online_cpus, printb, _assert_is_bytes, ArgString, StrcmpRewrite
from .version import __version__
from .disassembler import disassemble_prog, decode_map
+from .usdt import USDT, USDTException
try:
basestring
lib.bpf_function_size(self.module, func_name),
lib.bpf_module_license(self.module),
lib.bpf_module_kern_version(self.module),
- log_level, None, 0, device);
+ log_level, None, 0, device)
if fd < 0:
atexit.register(self.donothing)
fd = lib.bpf_attach_raw_tracepoint(fn.fd, tp)
if fd < 0:
raise Exception("Failed to attach BPF to raw tracepoint")
- self.raw_tracepoint_fds[tp] = fd;
+ self.raw_tracepoint_fds[tp] = fd
return self
def detach_raw_tracepoint(self, tp=b""):
def support_kfunc():
# there's no trampoline support for other than x86_64 arch
if platform.machine() != 'x86_64':
- return False;
+ return False
if not lib.bpf_has_kernel_btf():
- return False;
+ return False
# kernel symbol "bpf_trampoline_link_prog" indicates kfunc support
if BPF.ksymname("bpf_trampoline_link_prog") != -1:
return True
fd = lib.bpf_attach_kfunc(fn.fd)
if fd < 0:
raise Exception("Failed to attach BPF to entry kernel func")
- self.kfunc_entry_fds[fn_name] = fd;
+ self.kfunc_entry_fds[fn_name] = fd
return self
def attach_kretfunc(self, fn_name=b""):
fd = lib.bpf_attach_kfunc(fn.fd)
if fd < 0:
raise Exception("Failed to attach BPF to exit kernel func")
- self.kfunc_exit_fds[fn_name] = fd;
+ self.kfunc_exit_fds[fn_name] = fd
return self
def detach_lsm(self, fn_name=b""):
fd = lib.bpf_attach_lsm(fn.fd)
if fd < 0:
raise Exception("Failed to attach LSM")
- self.lsm_fds[fn_name] = fd;
+ self.lsm_fds[fn_name] = fd
return self
@staticmethod
b = bcc_stacktrace_build_id()
b.status = addr.status
b.build_id = addr.build_id
- b.u.offset = addr.offset;
+ b.u.offset = addr.offset
res = lib.bcc_buildsymcache_resolve(BPF._bsymcache,
ct.byref(b),
ct.byref(sym))
def __exit__(self, exc_type, exc_val, exc_tb):
self.cleanup()
-
-
-from .usdt import USDT, USDTException
from os import linesep
import ctypes as ct
from .table import get_table_type_name
-from .libbcc import lib
class OffsetUnion(ct.Union):
_fields_ = [('offsetu', ct.c_uint16), ('offset', ct.c_int16)]
'msg_push_data',
'msg_pop_data',
'rc_pointer_rel']
-
+
opcodes = {0x04: ('add32', 'dstimm', '+=', 32),
0x05: ('ja', 'joff', None, 64),
0x07: ('add', 'dstimm', '+=', 64),
0xd5: ('jsle', 'jdstimmoff', 's<=', 64),
0xdc: ('endian32', 'dstsrc', 'endian', 32),
0xdd: ('jsle', 'jdstimmoff', 's<=', 64),}
-
+
@classmethod
def decode(cls, i, w, w1):
try:
name, opclass, op, bits = cls.opcodes[w.opcode]
if opclass == 'dstimm':
return 'r%d %s %d' % (w.dst, op, w.imm), 0
-
+
elif opclass == 'dstimm_bw':
return 'r%d %s 0x%x' % (w.dst, op, w.immu), 0
-
+
elif opclass == 'joff':
return 'goto %s <%d>' % ('%+d' % (w.offset),
i + w.offset + 1), 0
-
+
elif opclass == 'dstsrc':
return 'r%d %s r%d' % (w.dst, op, w.src), 0
-
+
elif opclass == 'jdstimmoff':
return 'if r%d %s %d goto pc%s <%d>' % (w.dst, op, w.imm,
'%+d' % (w.offset),
i + w.offset + 1), 0
-
+
elif opclass == 'jdstsrcoff':
return 'if r%d %s r%d goto pc%s <%d>' % (w.dst, op, w.src,
'%+d' % (w.offset),
i + w.offset + 1), 0
-
+
elif opclass == 'lddw':
# imm contains the file descriptor (FD) of the map being loaded;
# the kernel will translate this into the proper address
return 'r%d = <map at fd #%d>' % (w.dst, w.imm), 1
imm = (w1.imm << 32) | w.imm
return 'r%d = 0x%x' % (w.dst, imm), 1
-
+
elif opclass == 'ldabs':
return 'r0 = *(u%s*)skb[%s]' % (bits, w.imm), 0
-
+
elif opclass == 'ldind':
return 'r0 = *(u%d*)skb[r%d %s]' % (bits, w.src,
'%+d' % (w.imm)), 0
-
+
elif opclass == 'ldstsrcoff':
return 'r%d = *(u%d*)(r%d %s)' % (w.dst, bits, w.src,
'%+d' % (w.offset)), 0
-
+
elif opclass == 'sdstoffimm':
return '*(u%d*)(r%d %s) = %d' % (bits, w.dst,
'%+d' % (w.offset), w.imm), 0
-
+
elif opclass == 'sdstoffsrc':
return '*(u%d*)(r%d %s) = r%d' % (bits, w.dst,
'%+d' % (w.offset), w.src), 0
-
+
elif opclass == 'dst':
return 'r%d = %s (u%s)r%d' % (w.dst, op, bits, w.dst), 0
-
+
elif opclass == 'call':
if w.src != cls.BPF_PSEUDO_CALL:
try:
def print_map_ctype(cls, t, field_name, sizeinfo):
is_structured = (issubclass(t, ct.Structure) or
issubclass(t, ct.Union))
- type_name = cls.get_ct_name(t);
+ type_name = cls.get_ct_name(t)
if is_structured:
map_lines = [" %s {" % (type_name)]
map_lines += cls.print_ct_map(t, " ", sizeinfo=sizeinfo)
from time import strftime
import ctypes as ct
from functools import reduce
-import multiprocessing
import os
import errno
import re
import sys
from .libbcc import lib, _RAW_CB_TYPE, _LOST_CB_TYPE, _RINGBUF_CB_TYPE
-from .perf import Perf
from .utils import get_online_cpus
from .utils import get_possible_cpus
-from subprocess import check_output
BPF_MAP_TYPE_HASH = 1
BPF_MAP_TYPE_ARRAY = 2
stars = stars_max
if idx_max >= 0:
- print(header % val_type);
+ print(header % val_type)
for i in range(0, idx_max + 1):
val = vals[i]
class HashTable(TableBase):
def __init__(self, *args, **kwargs):
super(HashTable, self).__init__(*args, **kwargs)
-
+
def __len__(self):
i = 0
for k in self: i += 1
class ArrayBase(TableBase):
def __init__(self, *args, **kwargs):
super(ArrayBase, self).__init__(*args, **kwargs)
-
+
def _normalize_key(self, key):
if isinstance(key, int):
if key < 0:
if res < 0:
raise KeyError("Could not peek table")
return leaf
-
+
def itervalues(self):
# to avoid infinite loop, set maximum pops to max_entries
cnt = self.max_entries
tcpstate[12] = 'NEW_SYN_RECV'
# from include/net/tcp.h:
-TCPHDR_FIN = 0x01;
-TCPHDR_SYN = 0x02;
-TCPHDR_RST = 0x04;
-TCPHDR_PSH = 0x08;
-TCPHDR_ACK = 0x10;
-TCPHDR_URG = 0x20;
-TCPHDR_ECE = 0x40;
-TCPHDR_CWR = 0x80;
+TCPHDR_FIN = 0x01
+TCPHDR_SYN = 0x02
+TCPHDR_RST = 0x04
+TCPHDR_PSH = 0x08
+TCPHDR_ACK = 0x10
+TCPHDR_URG = 0x20
+TCPHDR_ECE = 0x40
+TCPHDR_CWR = 0x80
def flags2str(flags):
- arr = [];
+ arr = []
if flags & TCPHDR_FIN:
- arr.append("FIN");
+ arr.append("FIN")
if flags & TCPHDR_SYN:
- arr.append("SYN");
+ arr.append("SYN")
if flags & TCPHDR_RST:
- arr.append("RST");
+ arr.append("RST")
if flags & TCPHDR_PSH:
- arr.append("PSH");
+ arr.append("PSH")
if flags & TCPHDR_ACK:
- arr.append("ACK");
+ arr.append("ACK")
if flags & TCPHDR_URG:
- arr.append("URG");
+ arr.append("URG")
if flags & TCPHDR_ECE:
- arr.append("ECE");
+ arr.append("ECE")
if flags & TCPHDR_CWR:
- arr.append("CWR");
- return "|".join(arr);
+ arr.append("CWR")
+ return "|".join(arr)
from __future__ import print_function
import ctypes as ct
-import os, sys
+import sys
from .libbcc import lib, _USDT_CB, _USDT_PROBE_CB, \
bcc_usdt_location, bcc_usdt_argument, \
BCC_USDT_ARGUMENT_FLAGS