| #!/usr/bin/env python |
| # |
| # This is a Hello World example that uses BPF_PERF_OUTPUT. |
| |
| from bcc import BPF |
| import ctypes as ct |
| |
| # define BPF program |
| prog = """ |
| #include <linux/sched.h> |
| |
| // define output data structure in C |
| struct data_t { |
| u32 pid; |
| u64 ts; |
| char comm[TASK_COMM_LEN]; |
| }; |
| BPF_PERF_OUTPUT(events); |
| |
| int hello(struct pt_regs *ctx) { |
| struct data_t data = {}; |
| |
| data.pid = bpf_get_current_pid_tgid(); |
| data.ts = bpf_ktime_get_ns(); |
| bpf_get_current_comm(&data.comm, sizeof(data.comm)); |
| |
| events.perf_submit(ctx, &data, sizeof(data)); |
| |
| return 0; |
| } |
| """ |
| |
| # load BPF program |
| b = BPF(text=prog) |
| b.attach_kprobe(event=b.get_syscall_fnname("clone"), fn_name="hello") |
| |
| # define output data structure in Python |
| TASK_COMM_LEN = 16 # linux/sched.h |
| class Data(ct.Structure): |
| _fields_ = [("pid", ct.c_uint), |
| ("ts", ct.c_ulonglong), |
| ("comm", ct.c_char * TASK_COMM_LEN)] |
| |
| # header |
| print("%-18s %-16s %-6s %s" % ("TIME(s)", "COMM", "PID", "MESSAGE")) |
| |
| # process event |
| start = 0 |
| def print_event(cpu, data, size): |
| global start |
| event = ct.cast(data, ct.POINTER(Data)).contents |
| if start == 0: |
| start = event.ts |
| time_s = (float(event.ts - start)) / 1000000000 |
| print("%-18.9f %-16s %-6d %s" % (time_s, event.comm, event.pid, |
| "Hello, perf_output!")) |
| |
| # loop with callback to print_event |
| b["events"].open_perf_buffer(print_event) |
| while 1: |
| b.perf_buffer_poll() |