| Brendan Gregg | e422f5e | 2016-07-01 18:38:30 -0700 | [diff] [blame^] | 1 | #!/usr/bin/python |
| 2 | # |
| 3 | # tracepoint Example of instrumenting a kernel tracepoint. |
| 4 | # For Linux, uses BCC, BPF. Embedded C. |
| 5 | # |
| 6 | # REQUIRES: Linux 4.7+ (BPF_PROG_TYPE_TRACEPOINT support). |
| 7 | # |
| 8 | # Test by running this, then in another shell, run: |
| 9 | # dd if=/dev/urandom of=/dev/null bs=1k count=5 |
| 10 | # |
| 11 | # Copyright 2016 Netflix, Inc. |
| 12 | # Licensed under the Apache License, Version 2.0 (the "License") |
| 13 | |
| 14 | from __future__ import print_function |
| 15 | from bcc import BPF |
| 16 | |
| 17 | # define BPF program |
| 18 | bpf_text = """ |
| 19 | #include <uapi/linux/ptrace.h> |
| 20 | |
| 21 | struct urandom_read_args { |
| 22 | // from /sys/kernel/debug/tracing/events/random/urandom_read/format |
| 23 | // this may be automatically generated in a future bcc version |
| 24 | u64 __unused__; |
| 25 | u32 got_bits; |
| 26 | u32 pool_left; |
| 27 | u32 input_left; |
| 28 | }; |
| 29 | |
| 30 | int printarg(struct urandom_read_args *args) { |
| 31 | bpf_trace_printk("%d\\n", args->got_bits); |
| 32 | return 0; |
| 33 | }; |
| 34 | """ |
| 35 | |
| 36 | # load BPF program |
| 37 | b = BPF(text=bpf_text) |
| 38 | b.attach_tracepoint("random:urandom_read", "printarg") |
| 39 | |
| 40 | # header |
| 41 | print("%-18s %-16s %-6s %s" % ("TIME(s)", "COMM", "PID", "GOTBITS")) |
| 42 | |
| 43 | # format output |
| 44 | while 1: |
| 45 | try: |
| 46 | (task, pid, cpu, flags, ts, msg) = b.trace_fields() |
| 47 | except ValueError: |
| 48 | continue |
| 49 | print("%-18.9f %-16s %-6d %s" % (ts, task, pid, msg)) |