Brenden Blanco [Mon, 28 Sep 2015 18:35:26 +0000 (11:35 -0700)]
Add check for fd < 0 in perf_reader_free
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Fri, 25 Sep 2015 20:58:30 +0000 (13:58 -0700)]
Add ability to consume perf events in python
This adds the ability to consume perf events in libbpf/python using the
ring buffer. For now, this is the only way to get access to the function
call graph. Only kernel functions are supported.
It does this by introducing a new set of libbpf helper functions that
can open the perf fd, mmap it, and poll over the events as they are
submitted by the kernel. This allow for faster event processing than
trace_printks, but has not been tested.
The functionality is disabled by default, the user can enable it by
passing a non-empty cb parameter into the BPF constructor. That cb
function will be invoked for each event that is read from the buffer.
Buffers are per-fd, so each event is distinct as well as separated from
other processes that may be running simultaneously.
The initial test case uses this functionality to build a histogram of
events keyed by the callchain.
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Sun, 27 Sep 2015 03:19:54 +0000 (23:19 -0400)]
Merge pull request #254 from brendangregg/master
tcpv4connect
Brendan Gregg [Sat, 26 Sep 2015 00:01:17 +0000 (17:01 -0700)]
tcpv4connect
Brenden Blanco [Fri, 25 Sep 2015 21:05:59 +0000 (17:05 -0400)]
Merge pull request #252 from iovisor/bblanco_dev
Add custom formatter function to print_log2_hist
Brenden Blanco [Fri, 25 Sep 2015 20:57:18 +0000 (13:57 -0700)]
Add custom formatter function to print_log2_hist
Fixes: #251
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Fri, 25 Sep 2015 20:34:49 +0000 (16:34 -0400)]
Merge pull request #250 from brendangregg/master
begin using new histogram breakdowns feature
Brendan Gregg [Fri, 25 Sep 2015 20:20:16 +0000 (13:20 -0700)]
biolatency -D
Brendan Gregg [Fri, 25 Sep 2015 19:47:53 +0000 (12:47 -0700)]
funclatency -F
Brenden Blanco [Fri, 25 Sep 2015 18:22:57 +0000 (14:22 -0400)]
Merge pull request #249 from brendangregg/master
use BPF_HISTOGRAM and num_open_kprobes
Brendan Gregg [Fri, 25 Sep 2015 18:17:00 +0000 (11:17 -0700)]
tidy up: delete value after use
Brendan Gregg [Fri, 25 Sep 2015 18:16:33 +0000 (11:16 -0700)]
use new num_open_kprobes() function
Brendan Gregg [Fri, 25 Sep 2015 18:07:35 +0000 (11:07 -0700)]
improve comments for prime example
Brendan Gregg [Fri, 25 Sep 2015 18:07:23 +0000 (11:07 -0700)]
use BPF_HISTOGRAM
Brenden Blanco [Fri, 25 Sep 2015 15:54:15 +0000 (11:54 -0400)]
Merge pull request #248 from tuxology/open_probes
Helper to get open k[ret]probes. Fixes #236
Suchakra Sharma [Fri, 25 Sep 2015 15:45:06 +0000 (11:45 -0400)]
A more suitable function mame
Suchakra Sharma [Fri, 25 Sep 2015 15:37:03 +0000 (11:37 -0400)]
Merge branch 'master' into open_probes
Suchakra Sharma [Fri, 25 Sep 2015 15:24:12 +0000 (11:24 -0400)]
Helper to get open k[ret]probes. Fixes #236
Brenden Blanco [Thu, 24 Sep 2015 21:45:49 +0000 (17:45 -0400)]
Merge pull request #247 from iovisor/bblanco_dev
Add BPF_HISTOGRAM type and print support
Brenden Blanco [Thu, 24 Sep 2015 21:11:19 +0000 (14:11 -0700)]
Add support for char[N] as a histogram key
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Thu, 24 Sep 2015 04:36:05 +0000 (21:36 -0700)]
Add BPF_HISTOGRAM type and print support
This adds support for a specialized histogram type, which underneath
maps to an array or a hash table, depending on key type. With no
arguments, it takes on the type `u64 table[64];`. The other current
supported key type is `struct { int32|int64 bucket; int32|int64 slot }`.
To print these automatically, print_log2_hist is underneath split into
two types of printouts, one which prints the single histogram, and
another which prints a histogram for each unique `bucket` value.
See test_histogram.py for examples.
Fixes: #144
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Thu, 24 Sep 2015 13:52:08 +0000 (06:52 -0700)]
Add pointer dereference support to probe_read
Allows things like:
```c
int kprobe__foo(struct pt_regs *ctx, u64 *ptr) {
bpf_trace_printk("%lx\n", *ptr);
```
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Thu, 24 Sep 2015 21:41:33 +0000 (17:41 -0400)]
Merge pull request #230 from mbudiu-bfn/master
Initial implementation of P4->ebpf compiler.
Mihai Budiu [Thu, 24 Sep 2015 21:35:12 +0000 (14:35 -0700)]
initial prototype P4->EBPF compiler
Brenden Blanco [Thu, 24 Sep 2015 18:31:39 +0000 (14:31 -0400)]
Merge pull request #246 from tuxology/master
Add contribution section
Suchakra Sharma [Thu, 24 Sep 2015 18:27:46 +0000 (14:27 -0400)]
Formatting suggestions
Suchakra Sharma [Thu, 24 Sep 2015 17:16:26 +0000 (13:16 -0400)]
Add contribution section
4ast [Wed, 23 Sep 2015 15:00:59 +0000 (08:00 -0700)]
Merge pull request #244 from iovisor/bblanco_dev
Use GNUInstallDirs for LIBDIR variable
Brenden Blanco [Wed, 23 Sep 2015 14:23:35 +0000 (07:23 -0700)]
Use GNUInstallDirs for LIBDIR variable
This should be supported in older versions of cmake, but haven't
explicitly tested those.
Fixes: #243
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Mon, 21 Sep 2015 22:59:07 +0000 (15:59 -0700)]
Merge pull request #241 from brendangregg/master
biolatency, funclatency, and bpf_log2l usage
Brendan Gregg [Mon, 21 Sep 2015 22:52:01 +0000 (15:52 -0700)]
Merge remote-tracking branch 'upstream/master'
Brendan Gregg [Mon, 21 Sep 2015 22:51:11 +0000 (15:51 -0700)]
biolatency
Brendan Gregg [Mon, 21 Sep 2015 22:49:21 +0000 (15:49 -0700)]
funclatency
Brendan Gregg [Mon, 21 Sep 2015 22:46:36 +0000 (15:46 -0700)]
use bpf_log2l helper
Brenden Blanco [Mon, 21 Sep 2015 22:44:14 +0000 (15:44 -0700)]
Merge pull request #240 from brendangregg/master
add bpf_log2 functions
Brendan Gregg [Mon, 21 Sep 2015 22:39:46 +0000 (15:39 -0700)]
add bpf_log2 functions
Brenden Blanco [Mon, 21 Sep 2015 19:28:16 +0000 (12:28 -0700)]
Merge pull request #238 from brendangregg/master
killsnoop and some minor fixes
Brendan Gregg [Mon, 21 Sep 2015 18:59:42 +0000 (11:59 -0700)]
killsnoop
Brendan Gregg [Mon, 21 Sep 2015 18:58:16 +0000 (11:58 -0700)]
some simplifications
Brendan Gregg [Mon, 21 Sep 2015 18:55:52 +0000 (11:55 -0700)]
variable name typo
Brendan Gregg [Mon, 21 Sep 2015 18:52:52 +0000 (11:52 -0700)]
man page missing syntax
Brendan Gregg [Mon, 21 Sep 2015 18:52:21 +0000 (11:52 -0700)]
remove vfs copy-n-paste extras
Brendan Gregg [Mon, 21 Sep 2015 18:51:03 +0000 (11:51 -0700)]
add dynamic tracing warning
Brendan Gregg [Mon, 21 Sep 2015 18:50:29 +0000 (11:50 -0700)]
update kernel version
Brenden Blanco [Fri, 18 Sep 2015 12:18:40 +0000 (05:18 -0700)]
Merge pull request #229 from brendangregg/master
opensnoop
Brendan Gregg [Fri, 18 Sep 2015 04:52:52 +0000 (21:52 -0700)]
opensnoop
4ast [Thu, 17 Sep 2015 21:35:34 +0000 (14:35 -0700)]
Merge pull request #228 from iovisor/bblanco_dev
Add a better test case for nested probe reads
Brenden Blanco [Thu, 17 Sep 2015 21:23:34 +0000 (14:23 -0700)]
Add a better test case for nested probe reads
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Thu, 17 Sep 2015 20:50:42 +0000 (13:50 -0700)]
Merge pull request #227 from iovisor/bblanco_dev
Add support for static helper functions
Brenden Blanco [Wed, 16 Sep 2015 21:59:35 +0000 (14:59 -0700)]
Add support for static helper functions
This adds support for static helper functions that can be reused. It is
not necessary to include pt_regs in the helper functions, even though
external pointers may be dereferenced. Arguments in the helpers can also
be reordered.
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Wed, 16 Sep 2015 22:33:17 +0000 (15:33 -0700)]
Merge pull request #223 from brendangregg/master
add biosnoop to README
Brendan Gregg [Wed, 16 Sep 2015 22:30:07 +0000 (15:30 -0700)]
add biosnoop to README
Brenden Blanco [Wed, 16 Sep 2015 22:24:04 +0000 (15:24 -0700)]
Merge pull request #222 from brendangregg/master
biosnoop and disk updates
Brendan Gregg [Wed, 16 Sep 2015 22:19:03 +0000 (15:19 -0700)]
fix comment
Brendan Gregg [Wed, 16 Sep 2015 22:12:55 +0000 (15:12 -0700)]
accomodate mq block device I/O
Brendan Gregg [Wed, 16 Sep 2015 22:09:04 +0000 (15:09 -0700)]
biosnoop for block device I/O
4ast [Wed, 16 Sep 2015 21:11:35 +0000 (14:11 -0700)]
Merge pull request #221 from iovisor/bblanco_dev
Fix probe reads on char[] types
Brenden Blanco [Wed, 16 Sep 2015 21:06:06 +0000 (14:06 -0700)]
Fix probe reads on char[] types
It is easy enough to wrap the type in a typeof(), otherwise the rewriter
would need to do a deeper parsing of the type information to place it
properly next to the variable name.
Fixes: #219
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Tue, 15 Sep 2015 23:04:09 +0000 (16:04 -0700)]
Merge pull request #218 from iovisor/bblanco_dev
Translate multiple pointer dereference into bpr_probe_read
Brenden Blanco [Tue, 15 Sep 2015 22:46:26 +0000 (15:46 -0700)]
Translate multiple pointer dereference into bpr_probe_read
This commit adds support for multiple consecutive and nested pointer
dereference of function arguments that should be converted to
bpf_probe_read. The logic works by marking variables as needing a
probe_read if they come from the register argument, and then applying
this property transitively.
Supported syntax:
```
int trace_entry(struct pt_regs *ctx, struct file *file) {
struct vfsmount *mnt = file->f_path.mnt;
struct super_block *k = mnt->mnt_sb;
const char *name = file->f_path.dentry->d_name.name;
```
Not supported: probe reads from map leaves, probe reads after explicit casts.
Fixes: #188
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Tue, 15 Sep 2015 17:38:50 +0000 (10:38 -0700)]
Merge pull request #210 from rlane/ebpf-method
add ebpf method to retrieve bytecode
Rich Lane [Tue, 15 Sep 2015 00:21:39 +0000 (17:21 -0700)]
add test for dump_func method
Rich Lane [Mon, 14 Sep 2015 20:17:45 +0000 (13:17 -0700)]
rename ebpf method to dump_func
Rich Lane [Sun, 13 Sep 2015 05:31:52 +0000 (22:31 -0700)]
add ebpf method to retrieve bytecode
This is useful if you want to use bcc as a compiler without running the
program.
Brenden Blanco [Tue, 15 Sep 2015 02:47:26 +0000 (19:47 -0700)]
Merge pull request #211 from affansyed/master
updated mainline version to support bridge
affansyed [Mon, 14 Sep 2015 05:52:53 +0000 (10:52 +0500)]
Merge branch 'master' into master
4ast [Sun, 13 Sep 2015 23:42:11 +0000 (16:42 -0700)]
Merge pull request #214 from iovisor/bblanco_dev
Change test_xlate1 to use act_bpf instead of cls_bpf
Brenden Blanco [Fri, 11 Sep 2015 16:27:45 +0000 (09:27 -0700)]
Change test_xlate1 to use act_bpf instead of cls_bpf
Support for act_bpf is available for testing in
https://github.com/drzaeus77/pyroute2
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
affansyed [Sun, 13 Sep 2015 14:44:18 +0000 (19:44 +0500)]
Merge branch 'master' into master
4ast [Sat, 12 Sep 2015 00:19:34 +0000 (17:19 -0700)]
Merge pull request #208 from iovisor/bblanco_dev2
Don't include git tag in .so suffix
Brenden Blanco [Fri, 11 Sep 2015 23:36:00 +0000 (16:36 -0700)]
Don't include git tag in .so suffix
The git hash was being include in the shared library name. This leads to
polution of the /usr/lib directory. Instead, just use the latest tag in
the library suffix.
As a developer, you will need to clean up the /usr/lib/libbcc* files
whenever a new tag is created.
Fixes: #207
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Fri, 11 Sep 2015 16:40:28 +0000 (09:40 -0700)]
Merge pull request #206 from iovisor/yhs_dev
sync readme hello_world.py example with actual implementation
Yonghong Song [Fri, 11 Sep 2015 02:05:58 +0000 (19:05 -0700)]
sync readme hello_world.py example with actual implementation
Signed-off-by: Yonghong Song <yhs@plumgrid.com>
4ast [Fri, 11 Sep 2015 01:00:36 +0000 (18:00 -0700)]
Merge pull request #205 from iovisor/bblanco_dev
Add clang command line invocation to debug=0x4
Brenden Blanco [Fri, 11 Sep 2015 00:55:38 +0000 (17:55 -0700)]
Add clang command line invocation to debug=0x4
This adds the command line arguments of clang to debug flag 0x4 in the
clang frontend.
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Thu, 10 Sep 2015 23:48:57 +0000 (16:48 -0700)]
Merge pull request #204 from brendangregg/master
some README rework
Brendan Gregg [Thu, 10 Sep 2015 23:46:12 +0000 (16:46 -0700)]
copy-n-paste error
Brendan Gregg [Thu, 10 Sep 2015 21:50:02 +0000 (14:50 -0700)]
more trim
Brendan Gregg [Thu, 10 Sep 2015 21:48:48 +0000 (14:48 -0700)]
trim to fit word wrap
Brendan Gregg [Thu, 10 Sep 2015 21:46:52 +0000 (14:46 -0700)]
some rework
Brenden Blanco [Thu, 10 Sep 2015 20:47:35 +0000 (13:47 -0700)]
Merge pull request #202 from brendangregg/master
funccount and BPF_HASH updates
Brendan Gregg [Thu, 10 Sep 2015 20:43:34 +0000 (13:43 -0700)]
shorten syncsnoop example
Brendan Gregg [Thu, 10 Sep 2015 20:24:22 +0000 (13:24 -0700)]
shorten disksnoop.c example further
Brendan Gregg [Thu, 10 Sep 2015 19:16:30 +0000 (12:16 -0700)]
delete unused variable
Brendan Gregg [Thu, 10 Sep 2015 19:11:35 +0000 (12:11 -0700)]
funccount for counting kernel function calls
Brendan Gregg [Thu, 10 Sep 2015 18:34:28 +0000 (11:34 -0700)]
improve and shorten BPF_HASH usage
4ast [Thu, 10 Sep 2015 16:54:48 +0000 (09:54 -0700)]
Merge pull request #201 from iovisor/bblanco_dev
Always autoload k[ret]probe__ prefixed functions
Brenden Blanco [Thu, 10 Sep 2015 16:49:18 +0000 (09:49 -0700)]
Always autoload k[ret]probe__ prefixed functions
This will shorten some examples, no longer requiring them to call
attach_kprobe.
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Thu, 10 Sep 2015 15:08:38 +0000 (08:08 -0700)]
Merge pull request #200 from iovisor/bblanco_dev
Improve coverage for kprobe event_re
affansyed [Thu, 10 Sep 2015 13:00:37 +0000 (18:00 +0500)]
updated mainline version to support bridge
This version of the mainline kernel supports the bridge and vlan learning examples (i.e. the additional APIs). Will allow new users to run all examples provided.
Brenden Blanco [Thu, 10 Sep 2015 01:28:21 +0000 (18:28 -0700)]
Improve coverage for kprobe event_re
This makes the attachment of kprobes to arbitrary events more robust.
Issue 1: Functions with '.' characters should not have similarly named
probes.
Issue 2: Functions in the blacklist should not be attached to.
Issue 3: Some functions matched by regex cannot actually be attached to,
despite not being in the blacklist...possibly the blacklist is outdated?
Instead, warn instead of error during bulk regex attach.
Issue 4: Attaching to large numbers of kprobes gets to be very slow. For
now, leave this unresolved. For reasonably sized regexes, startup times
may be acceptable, and shutdown times are actually the worse part. To
speed up shutdown, one could add the following after the last
attach_kprobe to disable auto-cleanup:
```
from bcc import open_kprobes
open_kprobes = {}
```
Then, once the program is exited, one must manually
echo "" > kprobe_events
Some numbers:
attaching to event_re='tcp_*': 2 sec startup, 15 sec shutdown
attaching to event_re='b*': 10 sec startup, 75 sec shutdown
attaching to event_re='*': unknown (>20 min) startup, unknown shutdown
The slowdowns appear to be exponential, doubtful that '*' will ever
complete.
Fixes: #199
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Thu, 10 Sep 2015 00:17:50 +0000 (17:17 -0700)]
Merge pull request #198 from iovisor/bblanco_dev
Autoload kprobes for all types of trace_* functions
Brenden Blanco [Wed, 9 Sep 2015 20:50:39 +0000 (13:50 -0700)]
Typo in retprobe case of _trace_autoload
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Wed, 9 Sep 2015 18:55:38 +0000 (11:55 -0700)]
Autoload kprobes for all types of trace_* functions
The previous patch #195 for autoloading of kprobes only did it for
trace_print. Turn this feature on for all trace_* functions. This
requires that these functions are also no longer staticmethods.
Enable the feature in examples/disksnoop.py
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Wed, 9 Sep 2015 19:17:16 +0000 (12:17 -0700)]
Merge pull request #197 from iovisor/bblanco_dev
Fix breakage in bpf_probe_read from #196
Brenden Blanco [Wed, 9 Sep 2015 19:12:30 +0000 (12:12 -0700)]
Fix breakage in bpf_probe_read from #196
Argument needs to be cast to u64, otherwise it is adding a whole pointer
stride.
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Wed, 9 Sep 2015 18:01:03 +0000 (11:01 -0700)]
Merge pull request #196 from iovisor/bblanco_dev2
Add debug and fix the inline replace of kprobe args
Brenden Blanco [Wed, 9 Sep 2015 05:16:10 +0000 (22:16 -0700)]
Fix the inline replace of kprobe args
The way in which args 1+ were being replaced in the C file was
fragile. Instead, assign the registers from ptregs into the function
arguments as the first statement(s) in the body of the function.
e.g.:
int sys_clone(struct ptregs *ctx, struct request *req) {
// do something with req
}
becomes:
int sys_clone(struct ptregs *ctx, struct request *req) {
req = ctx->di;
// do something with req
Fixes: #192
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
Brenden Blanco [Wed, 9 Sep 2015 05:11:46 +0000 (22:11 -0700)]
Add debug flag for printing rewritten C text
* Many times it is useful to print out the C file after the
BFrontendAction has run.
e.g.: BPF("file.c", debug=0x4)
Signed-off-by: Brenden Blanco <bblanco@plumgrid.com>
4ast [Wed, 9 Sep 2015 17:54:01 +0000 (10:54 -0700)]
Merge pull request #195 from iovisor/bblanco_dev
Change auto-loading behavior of trace_print