Suchakra Sharma [Thu, 24 Sep 2015 18:27:46 +0000 (14:27 -0400)]
Formatting suggestions
Suchakra Sharma [Thu, 24 Sep 2015 17:16:26 +0000 (13:16 -0400)]
Add contribution section
4ast [Wed, 23 Sep 2015 15:00:59 +0000 (08:00 -0700)]
Merge pull request #244 from iovisor/bblanco_dev
Use GNUInstallDirs for LIBDIR variable
Brenden Blanco [Wed, 23 Sep 2015 14:23:35 +0000 (07:23 -0700)]
Use GNUInstallDirs for LIBDIR variable
This should be supported in older versions of cmake, but haven't
explicitly tested those.
Fixes: #243
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Mon, 21 Sep 2015 22:59:07 +0000 (15:59 -0700)]
Merge pull request #241 from brendangregg/master
biolatency, funclatency, and bpf_log2l usage
Brendan Gregg [Mon, 21 Sep 2015 22:52:01 +0000 (15:52 -0700)]
Merge remote-tracking branch 'upstream/master'
Brendan Gregg [Mon, 21 Sep 2015 22:51:11 +0000 (15:51 -0700)]
biolatency
Brendan Gregg [Mon, 21 Sep 2015 22:49:21 +0000 (15:49 -0700)]
funclatency
Brendan Gregg [Mon, 21 Sep 2015 22:46:36 +0000 (15:46 -0700)]
use bpf_log2l helper
Brenden Blanco [Mon, 21 Sep 2015 22:44:14 +0000 (15:44 -0700)]
Merge pull request #240 from brendangregg/master
add bpf_log2 functions
Brendan Gregg [Mon, 21 Sep 2015 22:39:46 +0000 (15:39 -0700)]
add bpf_log2 functions
Brenden Blanco [Mon, 21 Sep 2015 19:28:16 +0000 (12:28 -0700)]
Merge pull request #238 from brendangregg/master
killsnoop and some minor fixes
Brendan Gregg [Mon, 21 Sep 2015 18:59:42 +0000 (11:59 -0700)]
killsnoop
Brendan Gregg [Mon, 21 Sep 2015 18:58:16 +0000 (11:58 -0700)]
some simplifications
Brendan Gregg [Mon, 21 Sep 2015 18:55:52 +0000 (11:55 -0700)]
variable name typo
Brendan Gregg [Mon, 21 Sep 2015 18:52:52 +0000 (11:52 -0700)]
man page missing syntax
Brendan Gregg [Mon, 21 Sep 2015 18:52:21 +0000 (11:52 -0700)]
remove vfs copy-n-paste extras
Brendan Gregg [Mon, 21 Sep 2015 18:51:03 +0000 (11:51 -0700)]
add dynamic tracing warning
Brendan Gregg [Mon, 21 Sep 2015 18:50:29 +0000 (11:50 -0700)]
update kernel version
Brenden Blanco [Fri, 18 Sep 2015 12:18:40 +0000 (05:18 -0700)]
Merge pull request #229 from brendangregg/master
opensnoop
Brendan Gregg [Fri, 18 Sep 2015 04:52:52 +0000 (21:52 -0700)]
opensnoop
4ast [Thu, 17 Sep 2015 21:35:34 +0000 (14:35 -0700)]
Merge pull request #228 from iovisor/bblanco_dev
Add a better test case for nested probe reads
Brenden Blanco [Thu, 17 Sep 2015 21:23:34 +0000 (14:23 -0700)]
Add a better test case for nested probe reads
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Thu, 17 Sep 2015 20:50:42 +0000 (13:50 -0700)]
Merge pull request #227 from iovisor/bblanco_dev
Add support for static helper functions
Brenden Blanco [Wed, 16 Sep 2015 21:59:35 +0000 (14:59 -0700)]
Add support for static helper functions
This adds support for static helper functions that can be reused. It is
not necessary to include pt_regs in the helper functions, even though
external pointers may be dereferenced. Arguments in the helpers can also
be reordered.
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Wed, 16 Sep 2015 22:33:17 +0000 (15:33 -0700)]
Merge pull request #223 from brendangregg/master
add biosnoop to README
Brendan Gregg [Wed, 16 Sep 2015 22:30:07 +0000 (15:30 -0700)]
add biosnoop to README
Brenden Blanco [Wed, 16 Sep 2015 22:24:04 +0000 (15:24 -0700)]
Merge pull request #222 from brendangregg/master
biosnoop and disk updates
Brendan Gregg [Wed, 16 Sep 2015 22:19:03 +0000 (15:19 -0700)]
fix comment
Brendan Gregg [Wed, 16 Sep 2015 22:12:55 +0000 (15:12 -0700)]
accomodate mq block device I/O
Brendan Gregg [Wed, 16 Sep 2015 22:09:04 +0000 (15:09 -0700)]
biosnoop for block device I/O
4ast [Wed, 16 Sep 2015 21:11:35 +0000 (14:11 -0700)]
Merge pull request #221 from iovisor/bblanco_dev
Fix probe reads on char[] types
Brenden Blanco [Wed, 16 Sep 2015 21:06:06 +0000 (14:06 -0700)]
Fix probe reads on char[] types
It is easy enough to wrap the type in a typeof(), otherwise the rewriter
would need to do a deeper parsing of the type information to place it
properly next to the variable name.
Fixes: #219
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Tue, 15 Sep 2015 23:04:09 +0000 (16:04 -0700)]
Merge pull request #218 from iovisor/bblanco_dev
Translate multiple pointer dereference into bpr_probe_read
Brenden Blanco [Tue, 15 Sep 2015 22:46:26 +0000 (15:46 -0700)]
Translate multiple pointer dereference into bpr_probe_read
This commit adds support for multiple consecutive and nested pointer
dereference of function arguments that should be converted to
bpf_probe_read. The logic works by marking variables as needing a
probe_read if they come from the register argument, and then applying
this property transitively.
Supported syntax:
```
int trace_entry(struct pt_regs *ctx, struct file *file) {
struct vfsmount *mnt = file->f_path.mnt;
struct super_block *k = mnt->mnt_sb;
const char *name = file->f_path.dentry->d_name.name;
```
Not supported: probe reads from map leaves, probe reads after explicit casts.
Fixes: #188
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Tue, 15 Sep 2015 17:38:50 +0000 (10:38 -0700)]
Merge pull request #210 from rlane/ebpf-method
add ebpf method to retrieve bytecode
Rich Lane [Tue, 15 Sep 2015 00:21:39 +0000 (17:21 -0700)]
add test for dump_func method
Rich Lane [Mon, 14 Sep 2015 20:17:45 +0000 (13:17 -0700)]
rename ebpf method to dump_func
Rich Lane [Sun, 13 Sep 2015 05:31:52 +0000 (22:31 -0700)]
add ebpf method to retrieve bytecode
This is useful if you want to use bcc as a compiler without running the
program.
Brenden Blanco [Tue, 15 Sep 2015 02:47:26 +0000 (19:47 -0700)]
Merge pull request #211 from affansyed/master
updated mainline version to support bridge
affansyed [Mon, 14 Sep 2015 05:52:53 +0000 (10:52 +0500)]
Merge branch 'master' into master
4ast [Sun, 13 Sep 2015 23:42:11 +0000 (16:42 -0700)]
Merge pull request #214 from iovisor/bblanco_dev
Change test_xlate1 to use act_bpf instead of cls_bpf
Brenden Blanco [Fri, 11 Sep 2015 16:27:45 +0000 (09:27 -0700)]
Change test_xlate1 to use act_bpf instead of cls_bpf
Support for act_bpf is available for testing in
https://github.com/drzaeus77/pyroute2
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
affansyed [Sun, 13 Sep 2015 14:44:18 +0000 (19:44 +0500)]
Merge branch 'master' into master
4ast [Sat, 12 Sep 2015 00:19:34 +0000 (17:19 -0700)]
Merge pull request #208 from iovisor/bblanco_dev2
Don't include git tag in .so suffix
Brenden Blanco [Fri, 11 Sep 2015 23:36:00 +0000 (16:36 -0700)]
Don't include git tag in .so suffix
The git hash was being include in the shared library name. This leads to
polution of the /usr/lib directory. Instead, just use the latest tag in
the library suffix.
As a developer, you will need to clean up the /usr/lib/libbcc* files
whenever a new tag is created.
Fixes: #207
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Fri, 11 Sep 2015 16:40:28 +0000 (09:40 -0700)]
Merge pull request #206 from iovisor/yhs_dev
sync readme hello_world.py example with actual implementation
Yonghong Song [Fri, 11 Sep 2015 02:05:58 +0000 (19:05 -0700)]
sync readme hello_world.py example with actual implementation
Signed-off-by: Yonghong Song <yhs@plumgrid.com>
4ast [Fri, 11 Sep 2015 01:00:36 +0000 (18:00 -0700)]
Merge pull request #205 from iovisor/bblanco_dev
Add clang command line invocation to debug=0x4
Brenden Blanco [Fri, 11 Sep 2015 00:55:38 +0000 (17:55 -0700)]
Add clang command line invocation to debug=0x4
This adds the command line arguments of clang to debug flag 0x4 in the
clang frontend.
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Thu, 10 Sep 2015 23:48:57 +0000 (16:48 -0700)]
Merge pull request #204 from brendangregg/master
some README rework
Brendan Gregg [Thu, 10 Sep 2015 23:46:12 +0000 (16:46 -0700)]
copy-n-paste error
Brendan Gregg [Thu, 10 Sep 2015 21:50:02 +0000 (14:50 -0700)]
more trim
Brendan Gregg [Thu, 10 Sep 2015 21:48:48 +0000 (14:48 -0700)]
trim to fit word wrap
Brendan Gregg [Thu, 10 Sep 2015 21:46:52 +0000 (14:46 -0700)]
some rework
Brenden Blanco [Thu, 10 Sep 2015 20:47:35 +0000 (13:47 -0700)]
Merge pull request #202 from brendangregg/master
funccount and BPF_HASH updates
Brendan Gregg [Thu, 10 Sep 2015 20:43:34 +0000 (13:43 -0700)]
shorten syncsnoop example
Brendan Gregg [Thu, 10 Sep 2015 20:24:22 +0000 (13:24 -0700)]
shorten disksnoop.c example further
Brendan Gregg [Thu, 10 Sep 2015 19:16:30 +0000 (12:16 -0700)]
delete unused variable
Brendan Gregg [Thu, 10 Sep 2015 19:11:35 +0000 (12:11 -0700)]
funccount for counting kernel function calls
Brendan Gregg [Thu, 10 Sep 2015 18:34:28 +0000 (11:34 -0700)]
improve and shorten BPF_HASH usage
4ast [Thu, 10 Sep 2015 16:54:48 +0000 (09:54 -0700)]
Merge pull request #201 from iovisor/bblanco_dev
Always autoload k[ret]probe__ prefixed functions
Brenden Blanco [Thu, 10 Sep 2015 16:49:18 +0000 (09:49 -0700)]
Always autoload k[ret]probe__ prefixed functions
This will shorten some examples, no longer requiring them to call
attach_kprobe.
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Thu, 10 Sep 2015 15:08:38 +0000 (08:08 -0700)]
Merge pull request #200 from iovisor/bblanco_dev
Improve coverage for kprobe event_re
affansyed [Thu, 10 Sep 2015 13:00:37 +0000 (18:00 +0500)]
updated mainline version to support bridge
This version of the mainline kernel supports the bridge and vlan learning examples (i.e. the additional APIs). Will allow new users to run all examples provided.
Brenden Blanco [Thu, 10 Sep 2015 01:28:21 +0000 (18:28 -0700)]
Improve coverage for kprobe event_re
This makes the attachment of kprobes to arbitrary events more robust.
Issue 1: Functions with '.' characters should not have similarly named
probes.
Issue 2: Functions in the blacklist should not be attached to.
Issue 3: Some functions matched by regex cannot actually be attached to,
despite not being in the blacklist...possibly the blacklist is outdated?
Instead, warn instead of error during bulk regex attach.
Issue 4: Attaching to large numbers of kprobes gets to be very slow. For
now, leave this unresolved. For reasonably sized regexes, startup times
may be acceptable, and shutdown times are actually the worse part. To
speed up shutdown, one could add the following after the last
attach_kprobe to disable auto-cleanup:
```
from bcc import open_kprobes
open_kprobes = {}
```
Then, once the program is exited, one must manually
echo "" > kprobe_events
Some numbers:
attaching to event_re='tcp_*': 2 sec startup, 15 sec shutdown
attaching to event_re='b*': 10 sec startup, 75 sec shutdown
attaching to event_re='*': unknown (>20 min) startup, unknown shutdown
The slowdowns appear to be exponential, doubtful that '*' will ever
complete.
Fixes: #199
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Thu, 10 Sep 2015 00:17:50 +0000 (17:17 -0700)]
Merge pull request #198 from iovisor/bblanco_dev
Autoload kprobes for all types of trace_* functions
Brenden Blanco [Wed, 9 Sep 2015 20:50:39 +0000 (13:50 -0700)]
Typo in retprobe case of _trace_autoload
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Wed, 9 Sep 2015 18:55:38 +0000 (11:55 -0700)]
Autoload kprobes for all types of trace_* functions
The previous patch #195 for autoloading of kprobes only did it for
trace_print. Turn this feature on for all trace_* functions. This
requires that these functions are also no longer staticmethods.
Enable the feature in examples/disksnoop.py
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Wed, 9 Sep 2015 19:17:16 +0000 (12:17 -0700)]
Merge pull request #197 from iovisor/bblanco_dev
Fix breakage in bpf_probe_read from #196
Brenden Blanco [Wed, 9 Sep 2015 19:12:30 +0000 (12:12 -0700)]
Fix breakage in bpf_probe_read from #196
Argument needs to be cast to u64, otherwise it is adding a whole pointer
stride.
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Wed, 9 Sep 2015 18:01:03 +0000 (11:01 -0700)]
Merge pull request #196 from iovisor/bblanco_dev2
Add debug and fix the inline replace of kprobe args
Brenden Blanco [Wed, 9 Sep 2015 05:16:10 +0000 (22:16 -0700)]
Fix the inline replace of kprobe args
The way in which args 1+ were being replaced in the C file was
fragile. Instead, assign the registers from ptregs into the function
arguments as the first statement(s) in the body of the function.
e.g.:
int sys_clone(struct ptregs *ctx, struct request *req) {
// do something with req
}
becomes:
int sys_clone(struct ptregs *ctx, struct request *req) {
req = ctx->di;
// do something with req
Fixes: #192
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Wed, 9 Sep 2015 05:11:46 +0000 (22:11 -0700)]
Add debug flag for printing rewritten C text
* Many times it is useful to print out the C file after the
BFrontendAction has run.
e.g.: BPF("file.c", debug=0x4)
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Wed, 9 Sep 2015 17:54:01 +0000 (10:54 -0700)]
Merge pull request #195 from iovisor/bblanco_dev
Change auto-loading behavior of trace_print
Brenden Blanco [Wed, 9 Sep 2015 05:58:49 +0000 (22:58 -0700)]
Denote auto-loading with k[ret]probe__ prefix
Since kprobe functions will have a different prototype than the kernel
symbols they are attaching to, require that the user prefix the trace
function with a kprobe__ name to denote intent. kretprobe__ prefix is
also supported.
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Wed, 9 Sep 2015 01:38:59 +0000 (18:38 -0700)]
Change auto-loading behavior of trace_print
* As @brendangregg pointed out, users will probably assume that
handily-named C functions that can be auto-loaded will be all the
time, rather than just in the singleton case. This is pretty easy to
implement, so changing the behavior.
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Wed, 9 Sep 2015 01:18:25 +0000 (18:18 -0700)]
Merge pull request #194 from iovisor/bblanco_dev
Support automatic kprobe event detection in common case
Brenden Blanco [Wed, 9 Sep 2015 00:35:25 +0000 (17:35 -0700)]
Support automatic kprobe event detection in common case
* In the simple case, a user only creates 1 C function to be used with
kprobes. Detect this common case and don't require the user to repeat
themselves by passing the fn_name to attach_kprobe().
e.g.: BPF(text='int sys_clone(void *ctx) {/*do stuff*/}').trace_print()
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Tue, 8 Sep 2015 15:30:31 +0000 (08:30 -0700)]
Merge pull request #189 from iovisor/bblanco_dev
Suppress None return when trace_pipe drops lines
Brenden Blanco [Tue, 8 Sep 2015 05:52:23 +0000 (22:52 -0700)]
Suppress None return when trace_pipe drops lines
* When a "CPU: X Lost N events" line came on the trace_pipe,
trace_fields would return None and cause exceptions in callers that do
(a, b, ...) = b.trace_fields() type of calls. Instead, keep reading
from trace_pipe when such messages come.
Fixes: #187
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Tue, 8 Sep 2015 05:52:09 +0000 (22:52 -0700)]
Merge pull request #184 from iovisor/bblanco_dev
Add BPF_HASH macro with variadic arguments
Brenden Blanco [Tue, 8 Sep 2015 04:37:33 +0000 (21:37 -0700)]
Merge pull request #185 from brendangregg/master
print_log2_hist() for #143
Brendan Gregg [Mon, 7 Sep 2015 21:51:53 +0000 (14:51 -0700)]
shorten hello world example
Brendan Gregg [Mon, 7 Sep 2015 21:46:14 +0000 (14:46 -0700)]
no longer need the clear()
Brendan Gregg [Mon, 7 Sep 2015 21:42:12 +0000 (14:42 -0700)]
make bitehist a simpler example of log2 histograms
Brendan Gregg [Mon, 7 Sep 2015 21:34:22 +0000 (14:34 -0700)]
add print_log2_hist() from #143
Brendan Gregg [Mon, 7 Sep 2015 20:28:43 +0000 (13:28 -0700)]
Merge remote-tracking branch 'upstream/master'
Brenden Blanco [Sat, 5 Sep 2015 04:20:59 +0000 (21:20 -0700)]
Shorten trace_readline_fields to trace_fields
* Per suggestion in #149
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Sun, 6 Sep 2015 04:54:59 +0000 (21:54 -0700)]
Add BPF_HASH macro with variadic arguments
* Usage: BPF_HASH(tablename, key_type=u64, leaf_type=u64)
2nd and 3rd arguments are optional in the C++ default argument style
Fixes: #135
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Sat, 5 Sep 2015 05:24:26 +0000 (22:24 -0700)]
Merge pull request #183 from iovisor/bblanco_dev
Shorten trace_readline_fields to trace_fields
Brenden Blanco [Sat, 5 Sep 2015 04:20:59 +0000 (21:20 -0700)]
Shorten trace_readline_fields to trace_fields
* Per suggestion in #149
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Sat, 5 Sep 2015 02:12:23 +0000 (19:12 -0700)]
Merge pull request #182 from brendangregg/master
simplify code using new features
Brendan Gregg [Sat, 5 Sep 2015 00:42:51 +0000 (17:42 -0700)]
simplify code using new features
4ast [Fri, 4 Sep 2015 22:21:53 +0000 (15:21 -0700)]
Merge pull request #181 from iovisor/bblanco_dev
Reorganize cmake, some cleanups and test fixes.
Brenden Blanco [Fri, 4 Sep 2015 21:56:31 +0000 (14:56 -0700)]
The use of schedule+<offset> was unstable, remove it
* After a kernel update, the binary of schedule function changed offset,
and the attachment point updated. Since this is just a test case, pick
a different function to test.
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Fri, 4 Sep 2015 21:55:35 +0000 (14:55 -0700)]
Remove std::exception code from exception.h
* The c++ exception code was unused, now it is just c macro style
"exceptions"
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Fri, 4 Sep 2015 16:36:37 +0000 (09:36 -0700)]
Reorganize cmake files into dedicated cmake directory
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Fri, 4 Sep 2015 15:14:54 +0000 (08:14 -0700)]
Merge pull request #180 from iovisor/bblanco_dev
Update README.md and INSTALL.md, specfile dependencies
Brenden Blanco [Fri, 4 Sep 2015 07:08:19 +0000 (00:08 -0700)]
Some more minor updates to INSTALL and README
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>