1#!/usr/bin/env python 2 3# 4# strlen_hist.py Histogram of system-wide strlen return values 5# 6# A basic example of using uprobes along with a histogram to show 7# distributions. 8# 9# Runs until ctrl-c is pressed. 10# 11# Copyright (c) PLUMgrid, Inc. 12# Licensed under the Apache License, Version 2.0 (the "License") 13# 14# Example output: 15# $ sudo ./strlen_hist.py 16# 22:12:52 17# strlen return: : count distribution 18# 0 -> 1 : 2106 |**************** | 19# 2 -> 3 : 1172 |********* | 20# 4 -> 7 : 3892 |****************************** | 21# 8 -> 15 : 5096 |****************************************| 22# 16 -> 31 : 2201 |***************** | 23# 32 -> 63 : 547 |**** | 24# 64 -> 127 : 106 | | 25# 128 -> 255 : 13 | | 26# 256 -> 511 : 27 | | 27# 512 -> 1023 : 6 | | 28# 1024 -> 2047 : 10 | | 29# ^C$ 30# 31 32from __future__ import print_function 33import bcc 34import time 35 36text = """ 37#include <uapi/linux/ptrace.h> 38BPF_HISTOGRAM(dist); 39int count(struct pt_regs *ctx) { 40 dist.increment(bpf_log2l(PT_REGS_RC(ctx))); 41 return 0; 42} 43""" 44 45b = bcc.BPF(text=text) 46sym="strlen" 47b.attach_uretprobe(name="c", sym=sym, fn_name="count") 48 49dist = b["dist"] 50 51try: 52 while True: 53 time.sleep(1) 54 print("%-8s\n" % time.strftime("%H:%M:%S"), end="") 55 dist.print_log2_hist(sym + " return:") 56 dist.clear() 57 58except KeyboardInterrupt: 59 pass 60