| olsajiri | b511422 | 2018-11-16 23:23:37 +0100 | [diff] [blame] | 1 | Demonstrations of shmsnoop, the Linux eBPF/bcc version. |
| 2 | |
| 3 | shmsnoop traces shm*() syscalls, for example: |
| 4 | |
| 5 | # ./shmsnoop.py |
| 6 | PID COMM SYS RET ARGs |
| 7 | 19813 server SHMGET 10000 key: 0x78020001, size: 20, shmflg: 0x3b6 (IPC_CREAT|0666) |
| 8 | 19813 server SHMAT 7f1cf8b1f000 shmid: 0x10000, shmaddr: 0x0, shmflg: 0x0 |
| 9 | 19816 client SHMGET 10000 key: 0x78020001, size: 20, shmflg: 0x1b6 (0666) |
| 10 | 19816 client SHMAT 7f4fd8ee7000 shmid: 0x10000, shmaddr: 0x0, shmflg: 0x0 |
| 11 | 19816 client SHMDT 0 shmaddr: 0x7f4fd8ee7000 |
| 12 | 19813 server SHMDT 0 shmaddr: 0x7f1cf8b1f000 |
| 13 | 19813 server SHMCTL 0 shmid: 0x10000, cmd: 0, buf: 0x0 |
| 14 | |
| 15 | |
| 16 | Every call the shm* syscall (SHM column) is displayed |
| 17 | on separate line together with process info (PID/COMM |
| 18 | columns) and argument details: return value (RET column) |
| 19 | and syscall arguments (ARGs column). |
| 20 | |
| 21 | The ARGs column contains 'arg: value' couples that represent |
| 22 | given syscall arguments as described in their manpage. |
| 23 | |
| 24 | This works by tracing shm* system calls and sending |
| 25 | argument details to the python script. |
| 26 | |
| 27 | A -T option can be used to include a timestamp column, |
| 28 | and a -n option to match on a command name. Regular |
| 29 | expressions are allowed. For example, matching commands |
| 30 | containing "server" with timestamps: |
| 31 | |
| 32 | # ./shmsnoop.py -T -n server |
| 33 | TIME(s) PID COMM SYS RET ARGs |
| 34 | 0.563194000 19825 server SHMDT 0 shmaddr: 0x7f74362e4000 |
| 35 | 0.563237000 19825 server SHMCTL 0 shmid: 0x18000, cmd: 0, buf: 0x0 |
| 36 | |
| 37 | |
| 38 | A -p option can be used to trace only selected process: |
| 39 | |
| 40 | # ./shmsnoop.py -p 19855 |
| 41 | PID COMM SYS RET ARGs |
| 42 | 19855 server SHMDT 0 shmaddr: 0x7f4329ff8000 |
| 43 | 19855 server SHMCTL 0 shmid: 0x20000, cmd: 0, buf: 0x0 |
| 44 | |
| 45 | USAGE message: |
| 46 | # ./shmsnoop.py -h |
| 47 | usage: shmsnoop.py [-h] [-T] [-p PID] [-t TID] [-d DURATION] [-n NAME] |
| 48 | |
| 49 | Trace shm*() syscalls |
| 50 | |
| 51 | optional arguments: |
| 52 | -h, --help show this help message and exit |
| 53 | -T, --timestamp include timestamp on output |
| 54 | -p PID, --pid PID trace this PID only |
| 55 | -t TID, --tid TID trace this TID only |
| 56 | -d DURATION, --duration DURATION |
| 57 | total duration of trace in seconds |
| 58 | -n NAME, --name NAME only print process names containing this name |
| 59 | |
| 60 | examples: |
| 61 | ./shmsnoop # trace all shm*() syscalls |
| 62 | ./shmsnoop -T # include timestamps |
| 63 | ./shmsnoop -p 181 # only trace PID 181 |
| 64 | ./shmsnoop -t 123 # only trace TID 123 |
| 65 | ./shmsnoop -d 10 # trace for 10 seconds only |
| 66 | ./shmsnoop -n main # only print process names containing "main" |