1*387f9dfdSAndroid Build Coastguard Worker#!/usr/bin/python 2*387f9dfdSAndroid Build Coastguard Worker# 3*387f9dfdSAndroid Build Coastguard Worker# bashreadline Print entered bash commands from all running shells. 4*387f9dfdSAndroid Build Coastguard Worker# For Linux, uses BCC, eBPF. Embedded C. 5*387f9dfdSAndroid Build Coastguard Worker# 6*387f9dfdSAndroid Build Coastguard Worker# This works by tracing the readline() function using a uretprobe (uprobes). 7*387f9dfdSAndroid Build Coastguard Worker# 8*387f9dfdSAndroid Build Coastguard Worker# Copyright 2016 Netflix, Inc. 9*387f9dfdSAndroid Build Coastguard Worker# Licensed under the Apache License, Version 2.0 (the "License") 10*387f9dfdSAndroid Build Coastguard Worker# 11*387f9dfdSAndroid Build Coastguard Worker# 28-Jan-2016 Brendan Gregg Created this. 12*387f9dfdSAndroid Build Coastguard Worker 13*387f9dfdSAndroid Build Coastguard Workerfrom __future__ import print_function 14*387f9dfdSAndroid Build Coastguard Workerfrom bcc import BPF 15*387f9dfdSAndroid Build Coastguard Workerfrom time import strftime 16*387f9dfdSAndroid Build Coastguard Worker 17*387f9dfdSAndroid Build Coastguard Worker# load BPF program 18*387f9dfdSAndroid Build Coastguard Workerbpf_text = """ 19*387f9dfdSAndroid Build Coastguard Worker#include <uapi/linux/ptrace.h> 20*387f9dfdSAndroid Build Coastguard Workerint printret(struct pt_regs *ctx) { 21*387f9dfdSAndroid Build Coastguard Worker if (!ctx->ax) 22*387f9dfdSAndroid Build Coastguard Worker return 0; 23*387f9dfdSAndroid Build Coastguard Worker 24*387f9dfdSAndroid Build Coastguard Worker char str[80] = {}; 25*387f9dfdSAndroid Build Coastguard Worker bpf_probe_read(&str, sizeof(str), (void *)PT_REGS_RC(ctx)); 26*387f9dfdSAndroid Build Coastguard Worker bpf_trace_printk("%s\\n", &str); 27*387f9dfdSAndroid Build Coastguard Worker 28*387f9dfdSAndroid Build Coastguard Worker return 0; 29*387f9dfdSAndroid Build Coastguard Worker}; 30*387f9dfdSAndroid Build Coastguard Worker""" 31*387f9dfdSAndroid Build Coastguard Workerb = BPF(text=bpf_text) 32*387f9dfdSAndroid Build Coastguard Workerb.attach_uretprobe(name="/bin/bash", sym="readline", fn_name="printret") 33*387f9dfdSAndroid Build Coastguard Worker 34*387f9dfdSAndroid Build Coastguard Worker# header 35*387f9dfdSAndroid Build Coastguard Workerprint("%-9s %-6s %s" % ("TIME", "PID", "COMMAND")) 36*387f9dfdSAndroid Build Coastguard Worker 37*387f9dfdSAndroid Build Coastguard Worker# format output 38*387f9dfdSAndroid Build Coastguard Workerwhile 1: 39*387f9dfdSAndroid Build Coastguard Worker try: 40*387f9dfdSAndroid Build Coastguard Worker (task, pid, cpu, flags, ts, msg) = b.trace_fields() 41*387f9dfdSAndroid Build Coastguard Worker except ValueError: 42*387f9dfdSAndroid Build Coastguard Worker continue 43*387f9dfdSAndroid Build Coastguard Worker print("%-9s %-6d %s" % (strftime("%H:%M:%S"), pid, msg)) 44