1 #!/usr/bin/python 2 3 # 4 # strlen_hist.py Histogram of system-wide strlen return values 5 # 6 # A basic example of using uprobes along with a histogram to show 7 # distributions. 8 # 9 # Runs until ctrl-c is pressed. 10 # 11 # Copyright (c) PLUMgrid, Inc. 12 # Licensed under the Apache License, Version 2.0 (the "License") 13 # 14 # Example output: 15 # $ sudo ./strlen_hist.py 16 # 22:12:52 17 # strlen return: : count distribution 18 # 0 -> 1 : 2106 |**************** | 19 # 2 -> 3 : 1172 |********* | 20 # 4 -> 7 : 3892 |****************************** | 21 # 8 -> 15 : 5096 |****************************************| 22 # 16 -> 31 : 2201 |***************** | 23 # 32 -> 63 : 547 |**** | 24 # 64 -> 127 : 106 | | 25 # 128 -> 255 : 13 | | 26 # 256 -> 511 : 27 | | 27 # 512 -> 1023 : 6 | | 28 # 1024 -> 2047 : 10 | | 29 # ^C$ 30 # 31 32 from __future__ import print_function 33 import bcc 34 import time 35 36 text = """ 37 #include <uapi/linux/ptrace.h> 38 BPF_HISTOGRAM(dist); 39 int count(struct pt_regs *ctx) { 40 dist.increment(bpf_log2l(PT_REGS_RC(ctx))); 41 return 0; 42 } 43 """ 44 45 b = bcc.BPF(text=text) 46 sym="strlen" 47 b.attach_uretprobe(name="c", sym=sym, fn_name="count") 48 49 dist = b["dist"] 50 51 try: 52 while True: 53 time.sleep(1) 54 print("%-8s\n" % time.strftime("%H:%M:%S"), end="") 55 dist.print_log2_hist(sym + " return:") 56 dist.clear() 57 58 except KeyboardInterrupt: 59 pass 60
