platform/upstream/bcc.git
8 years agoMerge pull request #637 from oujunli/ojl_dev
Brendan Gregg [Fri, 29 Jul 2016 16:58:12 +0000 (09:58 -0700)]
Merge pull request #637 from oujunli/ojl_dev

fix reference_guide.md bpf_get_current_comm search

8 years agofix reference_guide.md bpf_get_current_comm search
Junli Ou [Fri, 29 Jul 2016 08:36:04 +0000 (16:36 +0800)]
fix reference_guide.md bpf_get_current_comm search

8 years agoMerge pull request #636 from iovisor/xdp-drop
Brenden Blanco [Fri, 29 Jul 2016 00:09:15 +0000 (17:09 -0700)]
Merge pull request #636 from iovisor/xdp-drop

Add xdp_drop_count example

8 years agoAdd support to xdp_drop_count for clsact mode
Brenden Blanco [Thu, 28 Jul 2016 23:33:46 +0000 (16:33 -0700)]
Add support to xdp_drop_count for clsact mode

Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
8 years agoAdd xdp_drop_count example
Brenden Blanco [Thu, 28 Jul 2016 22:30:54 +0000 (15:30 -0700)]
Add xdp_drop_count example

This adds the xdp drop count example relicensed under ASL2, along with
some minor modifications to print pkt/s.

Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
8 years agoMerge pull request #634 from Eichhoernchen/xdp_net-next
Brenden Blanco [Thu, 28 Jul 2016 20:46:48 +0000 (13:46 -0700)]
Merge pull request #634 from Eichhoernchen/xdp_net-next

Added XDP support to BCC

8 years agoThis adds XDP support to BCC as currently supported in net-next.
Jan Rüth [Thu, 28 Jul 2016 20:32:46 +0000 (22:32 +0200)]
This adds XDP support to BCC as currently supported in net-next.

Concretely, it adds two functions to bcc, namely:
`attach_xdp` and `remove_xdp`
which allows to attach an XDP program to a device (given via its name, e.g., en0) (in the future this might change to a specific queue on a device once the kernel offers this interface)
and `remove_xdp` removes a XDP program from a device. Please note that there can currently be only one program attached to the device and attaching another program replaces the previous.

One example is available to test XDP, in networking/xdp which drops all packets an counts for which protocol a packet was dropped (this is taken from the kernel xdp1 example). Please note that you cannot use the network headers defined in <bcc/proto.h> as they cause llvm/clang to generate instructions not available on XDP layer. On XDP layer you do not have an skb yet, so you are operating on the bare packet data.

XDP support is currently limited to only some network adapters, there is the `mlx4` and there is also a patch available for the `e1000` driver.

8 years agoMerge pull request #632 from markdrayton/probe-strings
Brenden Blanco [Wed, 27 Jul 2016 20:07:33 +0000 (13:07 -0700)]
Merge pull request #632 from markdrayton/probe-strings

Probe registration fixes

8 years agoRemove asserts on str probe names
Mark Drayton [Wed, 27 Jul 2016 02:08:20 +0000 (03:08 +0100)]
Remove asserts on str probe names

`open_kprobes` is a dict of open kprobes. Its keys are strings for normal
probes and a tuple for perf buffers. Normal probes need unregistering on script
exit; perf buffers do not. `cleanup` currently looks for string keys
(specifically type `str`) when working out what to unregister, which is a bit
brittle -- in Python2 strings can be both native `str` and `unicode`, depending
what exactly was passed to `attach-*/detach_*` and whether `from __future__
import unicode_literals` is used (e.g. #623).

This diff makes the API more relaxed by casting the probe name to `str` to
match the expectations of `cleanup`. This works in py2 (with and without
unicode_literals) and py3.

8 years agopy3 probe registration compatibility fixes
Mark Drayton [Wed, 27 Jul 2016 04:10:15 +0000 (05:10 +0100)]
py3 probe registration compatibility fixes

* rework `_get_kprobe_functions` to avoid unclosed blacklist warning
* rework `cleanup` to avoid changing size of dict while iterating
* make handling return of `bpf_function_name` work in py2 and py3

8 years agoMerge pull request #630 from chantra/cachetop_sort_ui
Brenden Blanco [Wed, 27 Jul 2016 17:44:10 +0000 (10:44 -0700)]
Merge pull request #630 from chantra/cachetop_sort_ui

[cachetop] Display sorting field and order.

8 years agoMerge pull request #631 from brendangregg/refguide
Brenden Blanco [Wed, 27 Jul 2016 01:12:51 +0000 (18:12 -0700)]
Merge pull request #631 from brendangregg/refguide

add a reference guide

8 years agotypos
Brendan Gregg [Tue, 26 Jul 2016 20:44:30 +0000 (13:44 -0700)]
typos

8 years agofix local links
Brendan Gregg [Tue, 26 Jul 2016 20:38:39 +0000 (13:38 -0700)]
fix local links

8 years agoadd a reference guide
Brendan Gregg [Tue, 26 Jul 2016 20:25:53 +0000 (13:25 -0700)]
add a reference guide

8 years agoMerge pull request #628 from brendangregg/master
Brenden Blanco [Tue, 26 Jul 2016 14:49:06 +0000 (07:49 -0700)]
Merge pull request #628 from brendangregg/master

tutorials: end-user, and python developer

8 years ago[cachetop] Display sorting field and order.
chantra [Tue, 26 Jul 2016 01:32:46 +0000 (18:32 -0700)]
[cachetop] Display sorting field and order.

This will make it easier to visualize what is the sorting field
and order

8 years agoremove unused MSG_MAX
Brendan Gregg [Mon, 25 Jul 2016 23:58:37 +0000 (16:58 -0700)]
remove unused MSG_MAX

8 years agoadd uprobe lesson to tutorial
Brendan Gregg [Mon, 25 Jul 2016 23:13:51 +0000 (16:13 -0700)]
add uprobe lesson to tutorial

8 years agofix uprobe examples to read correct argument
Brendan Gregg [Mon, 25 Jul 2016 23:13:35 +0000 (16:13 -0700)]
fix uprobe examples to read correct argument

8 years agotutorials: end-user, and python developer
Brendan Gregg [Mon, 25 Jul 2016 22:02:32 +0000 (15:02 -0700)]
tutorials: end-user, and python developer

8 years agoMerge pull request #627 from brendangregg/master
Brenden Blanco [Mon, 25 Jul 2016 21:18:54 +0000 (14:18 -0700)]
Merge pull request #627 from brendangregg/master

merge most .c and .py examples

8 years agoreturn 0 on hello_worlds
Brendan Gregg [Sun, 24 Jul 2016 23:19:20 +0000 (16:19 -0700)]
return 0 on hello_worlds

8 years agoadd nodejs_http_server.py to README list
Brendan Gregg [Sun, 24 Jul 2016 20:42:47 +0000 (13:42 -0700)]
add nodejs_http_server.py to README list

8 years agomerge task_switch example
Brendan Gregg [Sun, 24 Jul 2016 20:40:25 +0000 (13:40 -0700)]
merge task_switch example

8 years agomerge disksnoop example
Brendan Gregg [Sun, 24 Jul 2016 20:37:20 +0000 (13:37 -0700)]
merge disksnoop example

8 years agomerge bitehist example
Brendan Gregg [Sun, 24 Jul 2016 20:34:40 +0000 (13:34 -0700)]
merge bitehist example

8 years agoMerge pull request #615 from chantra/cachetop
Brendan Gregg [Sun, 24 Jul 2016 17:01:46 +0000 (10:01 -0700)]
Merge pull request #615 from chantra/cachetop

[cachetop] top-like cachestat

8 years ago[cachetop] fix and doc
chantra [Sat, 23 Jul 2016 13:33:11 +0000 (15:33 +0200)]
[cachetop] fix and doc

* pass -fno-color-diagnostics to clang
* remove unicode import (#623)
* add time to cachetop output
* add keybindings to cachetop.8
* add cachetop links to README.md

8 years ago[cachetop] add example and man page.
chantra [Mon, 18 Jul 2016 22:17:45 +0000 (00:17 +0200)]
[cachetop] add example and man page.

make interval a positional parameter.

8 years ago[cachetop] top-like cachestat
Emmanuel Bretelle [Thu, 14 Jul 2016 20:04:57 +0000 (13:04 -0700)]
[cachetop] top-like cachestat

Alike cachestat.py but providing cache stats at the process level.

8 years agoUSDT Python API and example (#624)
Brendan Gregg [Sat, 23 Jul 2016 00:11:51 +0000 (17:11 -0700)]
USDT Python API and example (#624)

* Python USDT API

Code from @vmg

* Basic USDT example

* retire procstat.py

* improve/fix USDT exceptions

8 years agoAdd profile: a CPU profiler (#620)
Brendan Gregg [Fri, 22 Jul 2016 01:13:24 +0000 (18:13 -0700)]
Add profile: a CPU profiler (#620)

* Add profile: a CPU profiler

* move Perf to common class

8 years agoMerge pull request #618 from palmtenor/master
Brendan Gregg [Tue, 19 Jul 2016 03:19:16 +0000 (20:19 -0700)]
Merge pull request #618 from palmtenor/master

Use errno symbols in offcputime.py

8 years agoUse errno symbol instead of hard-coded numbers in offcputime.py
Teng Qin [Mon, 18 Jul 2016 20:21:10 +0000 (13:21 -0700)]
Use errno symbol instead of hard-coded numbers in offcputime.py

8 years agoMerge pull request #614 from markdrayton/fix-auto-kprobe
Brenden Blanco [Mon, 18 Jul 2016 17:20:43 +0000 (10:20 -0700)]
Merge pull request #614 from markdrayton/fix-auto-kprobe

Fix probe detaching and auto-kprobes

8 years agoMove open_{kprobes,uprobes,tracepoints} into BPF object
Mark Drayton [Fri, 15 Jul 2016 22:55:22 +0000 (23:55 +0100)]
Move open_{kprobes,uprobes,tracepoints} into BPF object

* for #605, this diff moves probe storage from the BPF module to the BPF object,
  letting each instantiation clean up its own probes. A module-level counter
  for all open probes is provided for the quota check. It also adds a
  `cleanup()` function to force cleanup before the `atexit` handler runs.

* for #614, it removes the `len(open_kprobes) == 0` check that prevented more
  than one autoload probe working. It fixes the tests that this change breaks by
  calling the `cleanup()` function added.

8 years agoStore kprobes with string keys, fix num_open_kprobes
Mark Drayton [Fri, 15 Jul 2016 20:19:07 +0000 (21:19 +0100)]
Store kprobes with string keys, fix num_open_kprobes

Prior to this diff we used inconsistent types for keys in `open_kprobes`. The
results from the regex match (`attach_kprobe(event_re=..)`) and the automatic
`kprobe__` features were passed through `str.decode()`, yielding unicode keys,
but specific matches (i.e. from `attach_kprobe(event=..)`) were stored with
string keys passed down from the caller. Only probes under string keys were
released in `cleanup_kprobes`, leaving attached probes on program exit.

This diff makes all the keys regular strings. I erred on the side of using
regular strings over `str.decode()`ing them because a) this data isn't passed
outside of Python, b) it's more Python 3 compatible (there is no `.decode()` on
a regular string object in Python 3 so such a change would ultimately need
removing again).

I also cleaned up a few other things:

* removed the call to `awk` for getting probable functions

* removed the `isinstance` checks when cleaning uprobes/tracepoints -- we
  should only have string keys in these dicts

* made `num_open_kprobes` skip the perf_events buffers. People likely use this
  to check that the right number of probes have been placed so counting
  perf_events buffers doesn't make sense here

8 years agoMerge pull request #611 from cdown/failed_opens
Brendan Gregg [Thu, 14 Jul 2016 17:13:12 +0000 (10:13 -0700)]
Merge pull request #611 from cdown/failed_opens

killsnoop: s/failed opens/failed kill syscalls/

8 years agoMerge branch 'master' into failed_opens
Chris Down [Thu, 14 Jul 2016 08:08:48 +0000 (09:08 +0100)]
Merge branch 'master' into failed_opens

8 years agoMerge pull request #612 from markdrayton/fileslower
Brendan Gregg [Wed, 13 Jul 2016 19:05:24 +0000 (12:05 -0700)]
Merge pull request #612 from markdrayton/fileslower

fileslower: try probing vfs_write if __vfs_write is missing

8 years agoMerge branch 'master' into fileslower
Mark Drayton [Wed, 13 Jul 2016 19:00:35 +0000 (12:00 -0700)]
Merge branch 'master' into fileslower

8 years agofileslower: try probing vfs_write if __vfs_write is missing
Mark Drayton [Wed, 13 Jul 2016 17:24:56 +0000 (18:24 +0100)]
fileslower: try probing vfs_write if __vfs_write is missing

8 years agoMerge pull request #610 from bobrik/debian-dockerfile
Brenden Blanco [Wed, 13 Jul 2016 17:56:34 +0000 (10:56 -0700)]
Merge pull request #610 from bobrik/debian-dockerfile

Build debian packages in docker containers

8 years agokillsnoop: s/failed opens/failed kill syscalls/
Chris Down [Wed, 13 Jul 2016 14:18:35 +0000 (15:18 +0100)]
killsnoop: s/failed opens/failed kill syscalls/

8 years agoBuild debian packages in docker containers
Ivan Babrou [Tue, 12 Jul 2016 22:02:35 +0000 (23:02 +0100)]
Build debian packages in docker containers

8 years agouse new tracepoint support (#608)
Brendan Gregg [Tue, 12 Jul 2016 01:27:01 +0000 (18:27 -0700)]
use new tracepoint support (#608)

8 years agoMerge pull request #602 from goldshtn/auto-tp
Brenden Blanco [Mon, 11 Jul 2016 22:02:25 +0000 (15:02 -0700)]
Merge pull request #602 from goldshtn/auto-tp

Full tracepoint support in Clang front-end

8 years agoLink to Ubuntu Xenial binary section (#604)
Trent Schafer [Mon, 11 Jul 2016 22:02:03 +0000 (08:02 +1000)]
Link to Ubuntu Xenial binary section (#604)

8 years agocc: Use manual parsing instead of std::regex
Sasha Goldshtein [Sat, 9 Jul 2016 12:17:44 +0000 (05:17 -0700)]
cc: Use manual parsing instead of std::regex

Older versions of GCC don't support std::regex even though they support
most of C++11. To avoid breaking the build on older systems, such as
Ubuntu 14.04, use manual parsing instead of std::regex.

8 years agotests: Test new tracepoint support
Sasha Goldshtein [Fri, 8 Jul 2016 17:46:53 +0000 (10:46 -0700)]
tests: Test new tracepoint support

8 years agocc: Rewrite probe functions that refer to tracepoint structures
Sasha Goldshtein [Tue, 5 Jul 2016 16:34:56 +0000 (09:34 -0700)]
cc: Rewrite probe functions that refer to tracepoint structures

When a probe function refers to a tracepoint arguments structure,
such as `struct tracepoint__irq__irq_handler_entry`, add that structure
on-the-fly using a Clang frontend action that runs before any other
steps take place.

Typically, the user will create tracepoint probe functions using
the TRACEPOINT_PROBE macro, which avoids the need for specifying
the tracepoint category and event twice in the signature of the
probe function.

8 years agobcc: Auto-tracepoints similar to auto-kprobes
Sasha Goldshtein [Sun, 3 Jul 2016 08:33:19 +0000 (01:33 -0700)]
bcc: Auto-tracepoints similar to auto-kprobes

When a function in the BPF program starts with "tracepoint__", parse
the rest of the name as a tracepoint category and name and attach the
tracepoint automatically. For example:

```
int tracepoint__sched__sched_switch(...)
```

As a result, the sched:sched_switch tracepoint is enabled and the function
is attached to that tracepoint.

8 years agoFix test failure in test_libbcc (#603)
Brenden Blanco [Fri, 8 Jul 2016 23:21:38 +0000 (16:21 -0700)]
Fix test failure in test_libbcc (#603)

On some systems, was seeing a failure at tests/cc/test_c_api.cc:172 due
to failure to open the /tmp/perf-pid.map file. Looking through the code,
narrowed it down to an invalid use of c_str() on a temporary
std::string. Fix it by storing the string in a variable.

Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
8 years agoProcSyms: deduplicate symbol names (#598)
Mark Drayton [Fri, 8 Jul 2016 02:49:25 +0000 (03:49 +0100)]
ProcSyms: deduplicate symbol names (#598)

8 years agoFix for C++ api change in LLVM 3.9 (#600)
Brenden Blanco [Fri, 8 Jul 2016 00:56:03 +0000 (17:56 -0700)]
Fix for C++ api change in LLVM 3.9 (#600)

Upstream, params() was renamed to parameters(). In order to support both
old and new LLVM, use the unchanged param_begin and param_end API.

Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
8 years agoA tracepoint example (#596)
Brendan Gregg [Sat, 2 Jul 2016 01:38:30 +0000 (18:38 -0700)]
A tracepoint example (#596)

8 years agoProcSyms: fix off-by-ones, use binary search to resolve addresses (#594)
Mark Drayton [Fri, 1 Jul 2016 23:47:39 +0000 (00:47 +0100)]
ProcSyms: fix off-by-ones, use binary search to resolve addresses (#594)

* libbcc: fix off-by-one errors in resolving adjacent modules/symbols, add test

* libbcc: use binary search in ProcSyms::Module::find_addr()

8 years agobcc: Add ctypes declarations for new functions (#593)
Sasha Goldshtein [Fri, 1 Jul 2016 23:45:57 +0000 (02:45 +0300)]
bcc: Add ctypes declarations for new functions (#593)

Add ctypes declarations for `bpf_attach_tracepoint` and
`bpf_detach_tracepoint` in libbcc.py. It works anyway, but now
it's a bit safer.

8 years agoMerge pull request #586 from goldshtn/offcpudist
Brenden Blanco [Thu, 30 Jun 2016 22:38:11 +0000 (15:38 -0700)]
Merge pull request #586 from goldshtn/offcpudist

cpudist: Support off-cpu time reports

8 years agoMerge pull request #590 from goldshtn/bcc-tp-support
Brenden Blanco [Thu, 30 Jun 2016 18:59:50 +0000 (11:59 -0700)]
Merge pull request #590 from goldshtn/bcc-tp-support

bcc: Tracepoint support in libbpf and BPF

8 years agobcc: Add test for tracepoint support
Sasha Goldshtein [Thu, 30 Jun 2016 18:07:48 +0000 (11:07 -0700)]
bcc: Add test for tracepoint support

The test asserts that we can enable the sched_switch tracepoint and read
some events from it. The test is also marked to require kernel 4.7 or
later, because that's where the BPF support for tracepoints was introduced.

8 years agocpudist: Protect against potentially negative time deltas
Sasha Goldshtein [Thu, 30 Jun 2016 17:46:27 +0000 (10:46 -0700)]
cpudist: Protect against potentially negative time deltas

It seems from experimentation that the calculated timestamps between
on- and off-CPU switch events can produce incorrect results, with a
later event having a smaller timestamp. Discard events when the
resulting delta time would be negative.

8 years agocpudist: Use `finish_task_switch` kprobe instead of `sched_switch` tracepoint
Sasha Goldshtein [Thu, 30 Jun 2016 14:39:27 +0000 (07:39 -0700)]
cpudist: Use `finish_task_switch` kprobe instead of `sched_switch` tracepoint

The `sched_switch` tracepoint approach requires storing the previous
task's tgid in a map and fetching it from there, because it is not
available as a tracepoint argument. Instead, placing a kprobe on the
`finish_task_switch` function allows cleanly fetching the previous
task's pid and tgid from the task_struct.

8 years agocpudist: Fix extraneous filtering of descheduled tasks
Sasha Goldshtein [Thu, 30 Jun 2016 06:35:43 +0000 (23:35 -0700)]
cpudist: Fix extraneous filtering of descheduled tasks

When the `-O` switch was provided, cpudist was unnecessarily filtering
out scheduling events arising from a task waking up when the previous
task was not running. On an idle system, this happens a lot, and causes
events to be missed. This is now fixed.

8 years agocpudist: Attempt to resolve pid to command
Sasha Goldshtein [Wed, 29 Jun 2016 09:18:06 +0000 (02:18 -0700)]
cpudist: Attempt to resolve pid to command

Use `/proc/$PID/comm`, which may fail, for example if the original
process already exited. This may also produce misleading results
if another process got the same pid, but there's no way around this.

8 years agocpudist: Support off-cpu time reports
Sasha Goldshtein [Wed, 29 Jun 2016 08:48:08 +0000 (01:48 -0700)]
cpudist: Support off-cpu time reports

Add -O switch, which directs cpudist to collect off-CPU time
statistics. Also restructure the code slightly and added examples
as appropriate.

8 years agobcc: Tracepoint support in libbpf and BPF
Sasha Goldshtein [Thu, 30 Jun 2016 13:26:28 +0000 (06:26 -0700)]
bcc: Tracepoint support in libbpf and BPF

Introduce tracepoint support in libbpf via new `bpf_attach_tracepoint`
API, which takes the tracepoint category and name (e.g. "sched",
"sched_switch"). Attach the tracing program to the tracepoint's id
and proceed as usual.

Add `attach_tracepoint` API to Python BPF module, which takes the
tracepoint description as a single string (e.g. "sched:sched_switch").
Load the BPF program with bpf_prog_type set to TRACEPOINT and then
call `bpf_attach_tracepoint` to attach it.

8 years agotrace: Specifying a pid with a kernel probe now works (#589)
Sasha Goldshtein [Thu, 30 Jun 2016 09:16:39 +0000 (12:16 +0300)]
trace: Specifying a pid with a kernel probe now works (#589)

Due to an incorrectly referenced global variable, specifying a pid
to filter with a kernel probe produced an error. This is now fixed,
for example:

```
TIME     PID    COMM         FUNC
23:46:00 29967  bash         sched_switch
23:46:01 29967  bash         sched_switch
23:46:01 29967  bash         sched_switch
^C
```

8 years agocpudist: Summarize task on-CPU time as histograms (#585)
Sasha Goldshtein [Wed, 29 Jun 2016 00:57:01 +0000 (03:57 +0300)]
cpudist: Summarize task on-CPU time as histograms (#585)

* cpudist: summarize on-CPU time per task as a histogram

This is the initial implementation of the tool itself, which uses
the sched:sched_switch tracepoint to probe task switches. This is
a slightly more robust approach than using a kernel function, such
as finish_task_switch.

When native BCC support for tracepoints is introduced, this tool
can be reimplemented and reliance on the current Tracepoint module
can be removed.

* cpudist: add man page and examples

8 years agoMerge pull request #584 from ygrek/master
Brendan Gregg [Mon, 27 Jun 2016 20:11:18 +0000 (13:11 -0700)]
Merge pull request #584 from ygrek/master

tools: fix getting {ext4,btrfs}_file_operations address (ref #583)

8 years agotools: fix getting {ext4,btrfs}_file_operations address (ref #583)
ygrek [Mon, 27 Jun 2016 19:54:55 +0000 (12:54 -0700)]
tools: fix getting {ext4,btrfs}_file_operations address (ref #583)

8 years agoMerge pull request #583 from ygrek/master
Brendan Gregg [Mon, 27 Jun 2016 19:33:31 +0000 (12:33 -0700)]
Merge pull request #583 from ygrek/master

ext4slower: fix getting kallsyms address

8 years agoext4slower: fix getting kallsyms address
ygrek [Mon, 27 Jun 2016 18:07:47 +0000 (11:07 -0700)]
ext4slower: fix getting kallsyms address

$ grep ext4_file_operations /proc/kallsyms
ffffffffc0331340 r ext4_file_operations [ext4]

8 years agoIPv6 support for tcp* tools (#582)
Mark Drayton [Sun, 26 Jun 2016 20:14:44 +0000 (21:14 +0100)]
IPv6 support for tcp* tools (#582)

* tcpretrans: support full IPv6 addresses, fix --lossprobe

* tcpaccept: support full IPv6 addresses, fix timestamps

* tcpconnect: support full IPv6 addresses, fix timestamps

* tcpconnlat: support full IPv6 addresses, fix timestamps

8 years agoMerge pull request #581 from goldshtn/docs-fixes
Brenden Blanco [Sun, 26 Jun 2016 16:15:30 +0000 (09:15 -0700)]
Merge pull request #581 from goldshtn/docs-fixes

Update installation instructions for Fedora

8 years agoMerge branch 'master' into docs-fixes
Sasha Goldshtein [Sun, 26 Jun 2016 13:19:56 +0000 (16:19 +0300)]
Merge branch 'master' into docs-fixes

8 years agoUpdate installation instructions for Fedora
Sasha Goldshtein [Sun, 26 Jun 2016 13:15:39 +0000 (06:15 -0700)]
Update installation instructions for Fedora

clang 3.7.0 is known to be buggy, and we recommend that people use
3.7.1. Update install instructions to point to 3.7.1.

Compiling BCC on Fedora requires elfutils-libelf-devel. Add this
package to the install instructions for Fedora.

8 years agoMerge pull request #579 from bobrik/fix-ipv6-print
Brendan Gregg [Thu, 23 Jun 2016 18:05:29 +0000 (11:05 -0700)]
Merge pull request #579 from bobrik/fix-ipv6-print

Do not throw exception on ipv6 packets in tcpretrans

8 years agoDo not throw exception on ipv6 packets in tcpretrans
Ivan Babrou [Thu, 23 Jun 2016 17:11:25 +0000 (18:11 +0100)]
Do not throw exception on ipv6 packets in tcpretrans

8 years agokernel version guide (#577)
Brendan Gregg [Wed, 22 Jun 2016 00:12:38 +0000 (17:12 -0700)]
kernel version guide (#577)

* kernel version guide

* update

8 years agoMerge pull request #576 from markdrayton/perf-pid-map-fixes
4ast [Tue, 21 Jun 2016 15:51:11 +0000 (08:51 -0700)]
Merge pull request #576 from markdrayton/perf-pid-map-fixes

Fix nits for /tmp/perf-pid.map support

8 years agoFix nits for /tmp/perf-pid.map support
Mark Drayton [Tue, 21 Jun 2016 12:37:27 +0000 (13:37 +0100)]
Fix nits for /tmp/perf-pid.map support

8 years agoMerge pull request #573 from markdrayton/pid-map
4ast [Mon, 20 Jun 2016 16:47:30 +0000 (09:47 -0700)]
Merge pull request #573 from markdrayton/pid-map

Add support for reading symbols from /tmp/perf-pid.map

8 years agoMerge pull request #572 from iovisor/ast_dev
Brendan Gregg [Wed, 15 Jun 2016 18:50:24 +0000 (11:50 -0700)]
Merge pull request #572 from iovisor/ast_dev

fix install instruction to mention llvm >= 3.7.1

8 years agoMerge branch 'master' into ast_dev
Brendan Gregg [Wed, 15 Jun 2016 18:42:05 +0000 (11:42 -0700)]
Merge branch 'master' into ast_dev

8 years agofix install instruction to mention llvm >= 3.7.1
Alexei Starovoitov [Wed, 15 Jun 2016 16:39:28 +0000 (12:39 -0400)]
fix install instruction to mention llvm >= 3.7.1

Signed-off-by: Alexei Starovoitov <ast@fb.com>
8 years agoAdd support for reading symbols from /tmp/perf-pid.map
Mark Drayton [Wed, 15 Jun 2016 10:53:24 +0000 (11:53 +0100)]
Add support for reading symbols from /tmp/perf-pid.map

This adds basic support for /tmp/perf-pid.map. To cope with processes in
containers, it supports:

* mapping from BCC's PID namespace to the target process's PID namespace
  using /proc/pid/status
* resolving a target process's root filesystem using /proc/pid/root

8 years agoMerge pull request #571 from iovisor/fix_568
4ast [Wed, 15 Jun 2016 05:14:57 +0000 (22:14 -0700)]
Merge pull request #571 from iovisor/fix_568

Check for NULL result from bpf_attach_kprobe

8 years agoCheck for NULL result from bpf_attach_kprobe
Brenden Blanco [Wed, 15 Jun 2016 03:57:03 +0000 (20:57 -0700)]
Check for NULL result from bpf_attach_kprobe

The check for NULL in the return value from C functions was comparing to
None incorrectly, causing an error check to pass improperly. Simply
check the truthiness of the return instead seems to be more resilient.

Add a test as well.

Fixes: #568
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
8 years agoMerge pull request #563 from qmonnet/debug-output
Brenden Blanco [Mon, 13 Jun 2016 11:59:42 +0000 (04:59 -0700)]
Merge pull request #563 from qmonnet/debug-output

libbpf.c: Prepend BPF syscall error to log_bug when debug is enabled.

8 years agopython: With DEBUG_BPF, print BPF error even if log_buf is not empty.
Quentin Monnet [Thu, 9 Jun 2016 12:55:29 +0000 (14:55 +0200)]
python: With DEBUG_BPF, print BPF error even if log_buf is not empty.

When BPF syscall fails and DEBUG_FLAG has been provided to a Python
caller script, the BPF error string would be printed only if log_buf had
not been filled by the kernel. This commit removes this requirement,
printing the error string even if log_buf is not empty.

Signed-off-by: Quentin Monnet <quentin.monnet@6wind.com>
8 years agopython: Print BPF syscall error if DEBUG_BPF is on but log_buf is empty.
Quentin Monnet [Thu, 9 Jun 2016 12:55:29 +0000 (14:55 +0200)]
python: Print BPF syscall error if DEBUG_BPF is on but log_buf is empty.

Commit 759029fea8066b41b54be5447137db95cb1313c4 provided an option to
store the output from BPF syscall into a buffer (and not to print it
systematically to standard output) on program load in libbpf.c.

But doing so, it only stores the content of attr.log_buf, while the
error string--resulting from a failed BPF syscall--is no more displayed
when the DEBUG_BPF flag is used in the Python script responsible for
converting and injecting the code.

This commit proposes a fix for this bug by printing the error message
(associated to the return value from the syscall) from the Python
caller, when all the following conditions are met:

- the syscall fails,
- the DEBUG_BPF flag has been provided, and
- log_buf is empty (has not been filled by kernel).

Note: when DEBUG_BPF is not provided, the error string is printed in the
C wrapper in libbpf.c (bpf_prog_load) anyway.

Fixes: 759029fe ("Add option for custom log string to bpf_prog_load")

Signed-off-by: Quentin Monnet <quentin.monnet@6wind.com>
8 years agoMerge pull request #562 from evverx/change-kernel-user-stacks-order
Brendan Gregg [Wed, 8 Jun 2016 18:44:49 +0000 (11:44 -0700)]
Merge pull request #562 from evverx/change-kernel-user-stacks-order

Change kernel/user stacks order

8 years agooffcputime: add the -d option
Evgeny Vereshchagin [Tue, 7 Jun 2016 20:33:54 +0000 (06:33 +1000)]
offcputime: add the -d option

Closes #559

8 years agooffcputime: change user/kernel stack order
Evgeny Vereshchagin [Tue, 7 Jun 2016 20:06:33 +0000 (06:06 +1000)]
offcputime: change user/kernel stack order

see #559

8 years agoMerge pull request #561 from evverx/folded-dont-miss-backtrace-part
Brendan Gregg [Tue, 7 Jun 2016 15:49:19 +0000 (08:49 -0700)]
Merge pull request #561 from evverx/folded-dont-miss-backtrace-part

offcputime -f: don't miss backtrace bounds

8 years agooffcputime -f: don't miss backtrace bounds
Evgeny Vereshchagin [Tue, 7 Jun 2016 08:00:01 +0000 (18:00 +1000)]
offcputime -f: don't miss backtrace bounds

See #559

8 years agoMerge pull request #560 from evverx/clarify-offcputime
Brendan Gregg [Mon, 6 Jun 2016 19:45:02 +0000 (12:45 -0700)]
Merge pull request #560 from evverx/clarify-offcputime

Update manpage for offcputime

8 years agoMerge pull request #554 from evverx/fix-p-option
Brendan Gregg [Mon, 6 Jun 2016 18:18:54 +0000 (11:18 -0700)]
Merge pull request #554 from evverx/fix-p-option

Fix tools[/old]/offcputime -p PID