setupKo(lat >> 1) //只需要简单的init,就可以把open load attach 等动作做好,然后专注于数据处理 super(Crunlatency, self).__init__("runlatency", bpf_str=bpfProg) def _cb(self, cpu, data, size): stacks = self.maps['call_stack'].getStacks(e.stack_id) print("call ...
data.delayed = PT_REGS_PARM3(ctx); data.stack_id = bpf_get_stackid(ctx, &call_stack, KERN_STACKID_FLAGS); bpf_perf_event_output(ctx, &e_out, BPF_F_CURRENT_CPU, &data, sizeof(data)); return 0; } """ class Crunlatency(ClbcBase): def __init__(self, lat=10): self._exe...
data.delayed = PT_REGS_PARM3(ctx); data.stack_id = bpf_get_stackid(ctx, &call_stack, KERN_STACKID_FLAGS); bpf_perf_event_output(ctx, &e_out, BPF_F_CURRENT_CPU, &data, sizeof(data)); return 0; } """ class Crunlatency(ClbcBase): def __init__(self, lat=10): self._exe...
bpf_get_stackid, bpf_get_current_task, bpf_current_task_under_cgroup, bpf_get_numa_node_id, bpf_probe_read_str, bpf_perf_event_read_value, bpf_get_stack, bpf_get_current_cgroup_id, bpf_map_push_elem, bpf_map_pop_elem, bpf_map_peek_elem, bpf_spin_lock, bpf_spin_unlock...
● BPF_MAP_TYPE_STACK_TRACE:内核程序可以通过 bpf_get_stackid() 帮助程序存储堆栈 ● BPF_MAP_TYPE_LPM_TRIE:最长前缀匹配,例如,用于存储/检索 IP 路由 ● BPF_MAP_TYPE_SOCKMAP:sockmaps 主要用于套接字重定向 ● BPF_MAP_TYPE_DEVMAP:与 sockmap 做类似的工作,使用 XDP 的 netdevices 和 bpf_redirec...
BPF_MAP_TYPE_SOCKMAP, BPF_MAP_TYPE_CPUMAP, BPF_MAP_TYPE_XSKMAP, BPF_MAP_TYPE_SOCKHASH, BPF_MAP_TYPE_CGROUP_STORAGE, BPF_MAP_TYPE_REUSEPORT_SOCKARRAY, BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE, BPF_MAP_TYPE_QUEUE, BPF_MAP_TYPE_STACK, /* See /usr/include/linux/bpf.h for the full list....
(lat >> 1) //只需要简单的init,就可以把open load attach 等动作做好,然后专注于数据处理 super(Crunlatency, self).__init__("runlatency", bpf_str=bpfProg) def _cb(self, cpu, data, size): stacks = self.maps['call_stack'].getStacks(e.stack_id) print("call trace:") //call back...
int bpf_get_stackid(struct pt_reg *ctx, struct bpf_map *map, u64 flags) Description Walk a user or a kernel stack and return its id. To achieve this, the helper needs ctx, which is a pointer to the context on which the tracing program is executed, and a pointer to a map of ty...
static__always_inline __s64get_task_state(void*task) { structtask_struct___x*t=task; // 先判断目标类型stack_struct中是否包含__state字段 // 如果包含就直接访问,否则表示包含state字段 if(bpf_core_field_exists(t->__state)) returnBPF_CORE_READ(t, __state); ...
该 BPF 程序首先获取了当前进程的运行命令(bpf_get_current_comm()), 将当前进程的运行命令与我们感兴趣的进程命令进行比较, 如果一致说明当前运行的是我们感兴趣的进程, 于是我们首先获取其内核堆栈并保存于 kstack_map(bpf_get_stackid()使用 FP 回栈获取堆栈), 然后获取其用户态堆栈并保存于 ustack_map....