1*387f9dfdSAndroid Build Coastguard Worker /* 2*387f9dfdSAndroid Build Coastguard Worker * Copyright (c) Facebook, Inc. 3*387f9dfdSAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License") 4*387f9dfdSAndroid Build Coastguard Worker */ 5*387f9dfdSAndroid Build Coastguard Worker 6*387f9dfdSAndroid Build Coastguard Worker #include <unistd.h> 7*387f9dfdSAndroid Build Coastguard Worker #include <fstream> 8*387f9dfdSAndroid Build Coastguard Worker #include <iostream> 9*387f9dfdSAndroid Build Coastguard Worker #include <string> 10*387f9dfdSAndroid Build Coastguard Worker 11*387f9dfdSAndroid Build Coastguard Worker #include "bcc_version.h" 12*387f9dfdSAndroid Build Coastguard Worker #include "BPF.h" 13*387f9dfdSAndroid Build Coastguard Worker 14*387f9dfdSAndroid Build Coastguard Worker const std::string BPF_PROGRAM = R"( 15*387f9dfdSAndroid Build Coastguard Worker int on_sys_clone(void *ctx) { 16*387f9dfdSAndroid Build Coastguard Worker bpf_trace_printk("Hello, World! Here I did a sys_clone call!\n"); 17*387f9dfdSAndroid Build Coastguard Worker return 0; 18*387f9dfdSAndroid Build Coastguard Worker } 19*387f9dfdSAndroid Build Coastguard Worker )"; 20*387f9dfdSAndroid Build Coastguard Worker main()21*387f9dfdSAndroid Build Coastguard Workerint main() { 22*387f9dfdSAndroid Build Coastguard Worker ebpf::BPF bpf; 23*387f9dfdSAndroid Build Coastguard Worker auto init_res = bpf.init(BPF_PROGRAM); 24*387f9dfdSAndroid Build Coastguard Worker if (!init_res.ok()) { 25*387f9dfdSAndroid Build Coastguard Worker std::cerr << init_res.msg() << std::endl; 26*387f9dfdSAndroid Build Coastguard Worker return 1; 27*387f9dfdSAndroid Build Coastguard Worker } 28*387f9dfdSAndroid Build Coastguard Worker 29*387f9dfdSAndroid Build Coastguard Worker std::ifstream pipe("/sys/kernel/debug/tracing/trace_pipe"); 30*387f9dfdSAndroid Build Coastguard Worker std::string line; 31*387f9dfdSAndroid Build Coastguard Worker std::string clone_fnname = bpf.get_syscall_fnname("clone"); 32*387f9dfdSAndroid Build Coastguard Worker 33*387f9dfdSAndroid Build Coastguard Worker auto attach_res = bpf.attach_kprobe(clone_fnname, "on_sys_clone"); 34*387f9dfdSAndroid Build Coastguard Worker if (!attach_res.ok()) { 35*387f9dfdSAndroid Build Coastguard Worker std::cerr << attach_res.msg() << std::endl; 36*387f9dfdSAndroid Build Coastguard Worker return 1; 37*387f9dfdSAndroid Build Coastguard Worker } 38*387f9dfdSAndroid Build Coastguard Worker 39*387f9dfdSAndroid Build Coastguard Worker std::cout << "Starting HelloWorld with BCC " << LIBBCC_VERSION << std::endl; 40*387f9dfdSAndroid Build Coastguard Worker 41*387f9dfdSAndroid Build Coastguard Worker while (true) { 42*387f9dfdSAndroid Build Coastguard Worker if (std::getline(pipe, line)) { 43*387f9dfdSAndroid Build Coastguard Worker std::cout << line << std::endl; 44*387f9dfdSAndroid Build Coastguard Worker // Detach the probe if we got at least one line. 45*387f9dfdSAndroid Build Coastguard Worker auto detach_res = bpf.detach_kprobe(clone_fnname); 46*387f9dfdSAndroid Build Coastguard Worker if (!detach_res.ok()) { 47*387f9dfdSAndroid Build Coastguard Worker std::cerr << detach_res.msg() << std::endl; 48*387f9dfdSAndroid Build Coastguard Worker return 1; 49*387f9dfdSAndroid Build Coastguard Worker } 50*387f9dfdSAndroid Build Coastguard Worker break; 51*387f9dfdSAndroid Build Coastguard Worker } else { 52*387f9dfdSAndroid Build Coastguard Worker std::cout << "Waiting for a sys_clone event" << std::endl; 53*387f9dfdSAndroid Build Coastguard Worker sleep(1); 54*387f9dfdSAndroid Build Coastguard Worker } 55*387f9dfdSAndroid Build Coastguard Worker } 56*387f9dfdSAndroid Build Coastguard Worker 57*387f9dfdSAndroid Build Coastguard Worker return 0; 58*387f9dfdSAndroid Build Coastguard Worker } 59