use new tracepoint support (#608)

diff --git a/examples/tracing/urandomread-explicit.py b/examples/tracing/urandomread-explicit.py
new file mode 100755 (executable)
index 0000000..e126192
--- /dev/null
+++ b/examples/tracing/urandomread-explicit.py
@@ -0,0 +1,52 @@
+#!/usr/bin/python
+#
+# urandomread-explicit  Example of instrumenting a kernel tracepoint.
+#                       For Linux, uses BCC, BPF. Embedded C.
+#
+# This is an older example of instrumenting a tracepoint, which defines
+# the argument struct and makes an explicit call to attach_tracepoint().
+# See urandomread for a newer version that uses TRACEPOINT_PROBE().
+#
+# REQUIRES: Linux 4.7+ (BPF_PROG_TYPE_TRACEPOINT support).
+#
+# Test by running this, then in another shell, run:
+#     dd if=/dev/urandom of=/dev/null bs=1k count=5
+#
+# Copyright 2016 Netflix, Inc.
+# Licensed under the Apache License, Version 2.0 (the "License")
+
+from __future__ import print_function
+from bcc import BPF
+
+# define BPF program
+bpf_text = """
+#include <uapi/linux/ptrace.h>
+
+struct urandom_read_args {
+    // from /sys/kernel/debug/tracing/events/random/urandom_read/format
+    u64 __unused__;
+    u32 got_bits;
+    u32 pool_left;
+    u32 input_left;
+};
+
+int printarg(struct urandom_read_args *args) {
+    bpf_trace_printk("%d\\n", args->got_bits);
+    return 0;
+};
+"""
+
+# load BPF program
+b = BPF(text=bpf_text)
+b.attach_tracepoint("random:urandom_read", "printarg")
+
+# header
+print("%-18s %-16s %-6s %s" % ("TIME(s)", "COMM", "PID", "GOTBITS"))
+
+# format output
+while 1:
+    try:
+        (task, pid, cpu, flags, ts, msg) = b.trace_fields()
+    except ValueError:
+        continue
+    print("%-18.9f %-16s %-6d %s" % (ts, task, pid, msg))

diff --git a/examples/tracing/urandomread.py b/examples/tracing/urandomread.py
index b2a58bd..2f46bda 100755 (executable)
--- a/examples/tracing/urandomread.py
+++ b/examples/tracing/urandomread.py
@@ -1,7 +1,7 @@
 #!/usr/bin/python
 #
-# tracepoint  Example of instrumenting a kernel tracepoint.
-#             For Linux, uses BCC, BPF. Embedded C.
+# urandomread  Example of instrumenting a kernel tracepoint.
+#              For Linux, uses BCC, BPF. Embedded C.
 #
 # REQUIRES: Linux 4.7+ (BPF_PROG_TYPE_TRACEPOINT support).
 #
@@ -14,28 +14,14 @@
 from __future__ import print_function
 from bcc import BPF
 
-# define BPF program
-bpf_text = """
-#include <uapi/linux/ptrace.h>
-
-struct urandom_read_args {
-    // from /sys/kernel/debug/tracing/events/random/urandom_read/format
-    // this may be automatically generated in a future bcc version
-    u64 __unused__;
-    u32 got_bits;
-    u32 pool_left;
-    u32 input_left;
-};
-
-int printarg(struct urandom_read_args *args) {
+# load BPF program
+b = BPF(text="""
+TRACEPOINT_PROBE(random, urandom_read) {
+    // args is from /sys/kernel/debug/tracing/events/random/urandom_read/format
     bpf_trace_printk("%d\\n", args->got_bits);
     return 0;
 };
-"""
-
-# load BPF program
-b = BPF(text=bpf_text)
-b.attach_tracepoint("random:urandom_read", "printarg")
+""")
 
 # header
 print("%-18s %-16s %-6s %s" % ("TIME(s)", "COMM", "PID", "GOTBITS"))