#!/usr/bin/env python # @lint-avoid-python-3-compatibility-imports # # syncsnoop Trace sync() syscall. # For Linux, uses BCC, eBPF. Embedded C. # # Written as a basic example of BCC trace & reformat. See # examples/hello_world.py for a BCC trace with default output example. # # Copyright (c) 2015 Brendan Gregg. # Licensed under the Apache License, Version 2.0 (the "License") # # 13-Aug-2015 Brendan Gregg Created this. # 19-Feb-2016 Allan McAleavy migrated to BPF_PERF_OUTPUT from __future__ import print_function from bcc import BPF import ctypes as ct # load BPF program b = BPF(text=""" struct data_t { u64 ts; }; BPF_PERF_OUTPUT(events); void syscall__sync(void *ctx) { struct data_t data = {}; data.ts = bpf_ktime_get_ns() / 1000; events.perf_submit(ctx, &data, sizeof(data)); }; """) b.attach_kprobe(event=b.get_syscall_fnname("sync"), fn_name="syscall__sync") class Data(ct.Structure): _fields_ = [ ("ts", ct.c_ulonglong) ] # header print("%-18s %s" % ("TIME(s)", "CALL")) # process event def print_event(cpu, data, size): event = ct.cast(data, ct.POINTER(Data)).contents print("%-18.9f sync()" % (float(event.ts) / 1000000)) # loop with callback to print_event b["events"].open_perf_buffer(print_event) while 1: try: b.perf_buffer_poll() except KeyboardInterrupt: exit()