Comments (12)
I should note that attach_kprobe() could stay around. This would be an optional shortcut.
from bcc.
I am hesitant to instrument the C syntax in the way mentioned (sched:sched_process_fork
). Though we mangle a little bit the programs that are created, they are still all valid C syntax. If/when we go down the route of a custom tracing language, then this can be introduced.
That said, there is an optimization in the api to be done without changing the supported C syntax. What do you think about this compromise:
BPF(text='int sys_clone(void *ctx) { bpf_trace_printk("Hello, World!\\n"); }').attach_kprobe("sys_clone").trace_print()
The change to support a single function BPF module is a pretty small diff:
diff --git a/src/python/bcc/__init__.py b/src/python/bcc/__init__.py
index 36ef17e..013da1a 100644
--- a/src/python/bcc/__init__.py
+++ b/src/python/bcc/__init__.py
@@ -468,6 +468,13 @@ class BPF(object):
cpu=cpu, group_fd=group_fd)
return
+ # If fn_name is omitted, auto-detect the function in singular case
+ if not fn_name:
+ if len(self.funcs) == 1:
+ fn_name = self.funcs.items()[0][0]
+ else:
+ raise Exception("Missing parameter fn_name not provided")
+
fn = self.load_func(fn_name, BPF.KPROBE)
ev_name = "p_" + event.replace("+", "_")
desc = "p:kprobes/%s %s" % (ev_name, event)
from bcc.
Ok, it looks like an improvement. Although could the attach_kprobe() be dropped as well?
from bcc.
Sure, the precondition will be that the C function name is matching the event.
BPF(text='void sys_clone(void *ctx) { bpf_trace_printk("Hello, World!\\n"); }').trace_print()
from bcc.
Let me know how #194 looks, which it seems Alexei has already merged :)
from bcc.
Ok, let me know how this approach seems to you.
from bcc.
All changes in, please close if it looks good to you.
from bcc.
This works well for disksnoop.c, but the next script I tried was bitehist.c, which doesn't use any trace_*() functions, and the kprobe doesn't attach.
from bcc.
For this my thinking was that it is a fair ask to have the user call attach_kprobe directly as before. Otherwise, b._trace_autoload() should work just fine too.
from bcc.
I think funccount is a good example of wanting to run attach_kprobe(), as it's a custom activity. But the bitehist.c usage is simple, like disksnoop.c, and it seems unintuitive to need to switch how it's attached because of how it's later on consumed.
funccount switches how it's attached because the kprobe__ shortcut is insufficient. That one makes sense.
from bcc.
Fair enough. Let me move _trace_autoload into the BPF constructor.
from bcc.
thanks!
from bcc.
Related Issues (20)
- BCC tool execute failed on Android by debianfs
- Failed to attach BPF program b'oncpu' to kprobe b'finish_task_switch' offcputime-bpfcc HOT 3
- bcc-tools: trace.py syscall trace not working for proccess in container(lxc) HOT 1
- question: `LLVM ERROR: ` error with no indication
- [question]: Run ebpf demo failed.
- zfsslower wrongly tries to attach to non-existant zpl_read (regression of #1248)
- memleak: the symbol of the function that calls `new` disappeared HOT 2
- some regex escape sequences broke after fixing SyntaxWarning HOT 1
- Just ran into this issue while building / testing on Debian 8 amd64.
- can't deny access to a specific file
- can't deny access to a specific file
- no matching member function for call to 'replace'
- fatal error: clang/Basic/FileManager.h: No such file or directory
- ImportError: cannot import name 'BPF' from 'bcc' (unknown location)
- python-bcc works only if clang-libs Installed, fails with only clang16-libs Installed
- libbpf javagc fails when no PID is provided
- bpflist doesn't show attached probes
- Build fail from source HOT 4
- Fail building from source HOT 1
- attach_raw_socket function does not work well on Qualcomm modem HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bcc.