1#!/usr/bin/python 2# 3# urandomread Example of instrumenting a kernel tracepoint. 4# For Linux, uses BCC, BPF. Embedded C. 5# 6# REQUIRES: Linux 4.7+ (BPF_PROG_TYPE_TRACEPOINT support). 7# 8# Test by running this, then in another shell, run: 9# dd if=/dev/urandom of=/dev/null bs=1k count=5 10# 11# Copyright 2016 Netflix, Inc. 12# Licensed under the Apache License, Version 2.0 (the "License") 13 14from __future__ import print_function 15from bcc import BPF 16from bcc.utils import printb 17 18# load BPF program 19b = BPF(text=""" 20TRACEPOINT_PROBE(random, urandom_read) { 21 // args is from /sys/kernel/debug/tracing/events/random/urandom_read/format 22 bpf_trace_printk("%d\\n", args->got_bits); 23 return 0; 24} 25""") 26 27# header 28print("%-18s %-16s %-6s %s" % ("TIME(s)", "COMM", "PID", "GOTBITS")) 29 30# format output 31while 1: 32 try: 33 (task, pid, cpu, flags, ts, msg) = b.trace_fields() 34 except ValueError: 35 continue 36 except KeyboardInterrupt: 37 exit() 38 printb(b"%-18.9f %-16s %-6d %s" % (ts, task, pid, msg)) 39