| #!/usr/bin/python |
| |
| # |
| # strlen_hist.py Histogram of system-wide strlen return values |
| # |
| # A basic example of using uprobes along with a histogram to show |
| # distributions. |
| # |
| # Runs until ctrl-c is pressed. |
| # |
| # Copyright (c) PLUMgrid, Inc. |
| # Licensed under the Apache License, Version 2.0 (the "License") |
| # |
| # Example output: |
| # $ sudo ./strlen_hist.py |
| # 22:12:52 |
| # strlen return: : count distribution |
| # 0 -> 1 : 2106 |**************** | |
| # 2 -> 3 : 1172 |********* | |
| # 4 -> 7 : 3892 |****************************** | |
| # 8 -> 15 : 5096 |****************************************| |
| # 16 -> 31 : 2201 |***************** | |
| # 32 -> 63 : 547 |**** | |
| # 64 -> 127 : 106 | | |
| # 128 -> 255 : 13 | | |
| # 256 -> 511 : 27 | | |
| # 512 -> 1023 : 6 | | |
| # 1024 -> 2047 : 10 | | |
| # ^C$ |
| # |
| |
| from __future__ import print_function |
| import bcc |
| import time |
| |
| text = """ |
| #include <uapi/linux/ptrace.h> |
| BPF_HISTOGRAM(dist); |
| int count(struct pt_regs *ctx) { |
| dist.increment(bpf_log2l(PT_REGS_RC(ctx))); |
| return 0; |
| } |
| """ |
| |
| b = bcc.BPF(text=text) |
| sym="strlen" |
| b.attach_uretprobe(name="c", sym=sym, fn_name="count") |
| |
| dist = b["dist"] |
| |
| try: |
| while True: |
| time.sleep(1) |
| print("%-8s\n" % time.strftime("%H:%M:%S"), end="") |
| dist.print_log2_hist(sym + " return:") |
| dist.clear() |
| |
| except KeyboardInterrupt: |
| pass |