1#!/usr/bin/env python 2# 3# urandomread-explicit Example of instrumenting a kernel tracepoint. 4# For Linux, uses BCC, BPF. Embedded C. 5# 6# This is an older example of instrumenting a tracepoint, which defines 7# the argument struct and makes an explicit call to attach_tracepoint(). 8# See urandomread for a newer version that uses TRACEPOINT_PROBE(). 9# 10# REQUIRES: Linux 4.7+ (BPF_PROG_TYPE_TRACEPOINT support). 11# 12# Test by running this, then in another shell, run: 13# dd if=/dev/urandom of=/dev/null bs=1k count=5 14# 15# Copyright 2016 Netflix, Inc. 16# Licensed under the Apache License, Version 2.0 (the "License") 17 18from __future__ import print_function 19from bcc import BPF 20 21# define BPF program 22bpf_text = """ 23#include <uapi/linux/ptrace.h> 24 25struct urandom_read_args { 26 // from /sys/kernel/debug/tracing/events/random/urandom_read/format 27 u64 __unused__; 28 u32 got_bits; 29 u32 pool_left; 30 u32 input_left; 31}; 32 33int printarg(struct urandom_read_args *args) { 34 bpf_trace_printk("%d\\n", args->got_bits); 35 return 0; 36} 37""" 38 39# load BPF program 40b = BPF(text=bpf_text) 41b.attach_tracepoint(tp="random:urandom_read", fn_name="printarg") 42 43# header 44print("%-18s %-16s %-6s %s" % ("TIME(s)", "COMM", "PID", "GOTBITS")) 45 46# format output 47while 1: 48 try: 49 (task, pid, cpu, flags, ts, msg) = b.trace_fields() 50 except ValueError: 51 continue 52 print("%-18.9f %-16s %-6d %s" % (ts, task, pid, msg)) 53