Skip to content

Instantly share code, notes, and snippets.

@ashleydavies
Created February 8, 2019 14:56
Show Gist options
  • Save ashleydavies/465f9171c3530284f477ae7097966156 to your computer and use it in GitHub Desktop.
Save ashleydavies/465f9171c3530284f477ae7097966156 to your computer and use it in GitHub Desktop.
#! /usr/bin/env python
from bcc import BPF
b = BPF(text="""
BPF_PERCPU_ARRAY(call_count, int);
int kprobe__sys_clone() {
int zero = 0;
int one = 1;
int two = 2;
int three = 3;
int *val_p = call_count.lookup(&zero);
int *val_p_2 = call_count.lookup(&one);
int *val_p_3 = call_count.lookup(&two);
int *val_p_4 = call_count.lookup(&three);
if (val_p != NULL && val_p_2 != NULL && val_p_3 != NULL && val_p_4 != NULL) {
bpf_trace_printk("Total futex in: %d\\n", *val_p);
bpf_trace_printk("Total futex out: %d\\n", *val_p_2);
bpf_trace_printk("Total write in: %d\\n", *val_p_3);
bpf_trace_printk("Total write out: %d\\n", *val_p_4);
}
}
int kprobe__sys_write() {
call_count.increment(2);
return 0;
}
int kretprobe__sys_write() {
call_count.increment(3);
return 0;
}
int kprobe__sys_futex() {
call_count.increment(0);
return 0;
}
int kretprobe__sys_futex() {
call_count.increment(1);
return 0;
}
""")
b.trace_print()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment