This repository has been archived by the owner on Oct 6, 2023. It is now read-only.
tools/: Add --json support
#2
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mauriciovasquezbernal
force-pushed
the
mauricio/execsnoop-json
branch
from
8813c58
to
54fd9d3
Compare
mauriciovasquezbernal
force-pushed
the
mauricio/execsnoop-json
branch
2 times, most recently
from
3ed6f4c
to
ea34dd9
Compare
|
I'm working to make this change to all gadgets supported by Inspektor Gadget. I'll update this soon. |
mauriciovasquezbernal
force-pushed
the
mauricio/execsnoop-json
branch
from
ea34dd9
to
be8c330
Compare
mauriciovasquezbernal
changed the title
--json and --file options--json support
|
I decided to split the work and only consider the The new idea disables standard output, all previous logic is still executed but it doesn't provide any visible output. There is a new code logic to print the events in json format when |
mauriciovasquezbernal
force-pushed
the
mauricio/execsnoop-json
branch
from
be8c330
to
4007b9e
Compare
1 task
|
I added support for opensnoop that was missing and opened the corresponding PR on Inspektor Gadget to use this feature. |
alban
reviewed
Jul 30, 2021
tools/bindsnoop.py
Outdated
| def stubprintb(s, file=sys.stdout, nl=1): | ||
| return | ||
|
|
||
| printb = stubprintb |
There was a problem hiding this comment.
Is it possible to factor this in a function of bcc.containers? I am not sure if it works, maybe the function would have to be called before the printb import (from bcc.utils import printb) but after the bcc.containers` import...
There was a problem hiding this comment.
I created a disable_output helper in the bcc.utils package. The caller still has to assign the return value to printb but I think it's ok.
| if start_ts == 0: | ||
| start_ts = event.ts_us | ||
| eventJ = { | ||
| "time": ((float(event.ts_us) - start_ts) / 1000000), |
There was a problem hiding this comment.
For another PR...
I know the same logic was in the initial code, but I wonder if we should use RFC3339 (2012-04-23T18:25:43.511Z).
import datetime
datetime.datetime.now().isoformat()
But I don't know how to convert the clock from bpf_ktime_get_ns() / CLOCK_MONOTONIC into the wall clock. Same problem with bpf_ktime_get_boot_ns() / CLOCK_BOOTTIME...
There was a problem hiding this comment.
I agree. This shouldn't be a relative time for the inspektor gadget use case. Let me open an issue to track this down.
The error is printed as usual to stderr. |
Add this function that adds the container related info to an event.
This helper is useful for tools that support json output and want to
supress other kind of output without adding a lot of conditionals
everywhere. The function returns the original reference to sys.stdout
and a stub function to replace bcc.utils.printb().
If the tool uses printb, it should assign the returned stub to disable it:
stdout, printb = disable_stdout()
If the tool only uses print, then the stub can be ignored:
stdout, _ = disable_stdout()
The original reference to sys.stdout is saved on stdout and can be used
later on to print to stdout:
stdout.write("hi there...")
mauriciovasquezbernal
force-pushed
the
mauricio/execsnoop-json
branch
from
4007b9e
to
542d594
Compare
alban
approved these changes
Jul 30, 2021
This was referenced Aug 2, 2021
eiffel-fl
pushed a commit
that referenced
this pull request
May 10, 2022
There are two pass managers in LLVM. Currently BCC uses the legacy one.
Switch to the new pass manager because the legacy one will be removed
in upcoming releases of LLVM.
Running the following script:
```
from bcc import BPF
bpf_text = '''
static int foobar()
{
bpf_trace_printk("enter vfs_read");
return 0;
}
KFUNC_PROBE(vfs_read)
{
return foobar();
}
'''
BPF(text=bpf_text, debug=1)
```
The IR output is the same with or without this change using LLVM 15:
; ModuleID = 'sscanf'
source_filename = "sscanf"
; ModuleID = '/virtual/main.c'
source_filename = "/virtual/main.c"
target datalayout = "e-m:e-p:64:64-i64:64-i128:128-n32:64-S128"
target triple = "bpf-pc-linux"
@_version = dso_local global i32 332032, section "version", align 4, !dbg !0
@_license = dso_local global [4 x i8] c"GPL\00", section "license", align 1, !dbg !5
@__const.foobar._fmt = private unnamed_addr constant [15 x i8] c"enter vfs_read\00", align 1
@llvm.compiler.used = appending global [2 x ptr] [ptr @_license, ptr @_version], section "llvm.metadata"
; Function Attrs: alwaysinline nounwind
define dso_local i32 @kfunc__vfs_read(ptr nocapture noundef readnone %0) local_unnamed_addr #0 section ".bpf.fn.kfunc__vfs_read" !dbg !33 {
%2 = alloca [15 x i8], align 1
call void @llvm.dbg.value(metadata ptr %0, metadata !39, metadata !DIExpression()), !dbg !41
call void @llvm.dbg.value(metadata ptr undef, metadata !42, metadata !DIExpression()) #4, !dbg !45
call void @llvm.lifetime.start.p0(i64 15, ptr nonnull %2) #4, !dbg !47
call void @llvm.dbg.declare(metadata ptr %2, metadata !53, metadata !DIExpression()) #4, !dbg !58
call void @llvm.memcpy.p0.p0.i64(ptr noundef nonnull align 1 dereferenceable(15) %2, ptr noundef nonnull align 1 dereferenceable(15) @__const.foobar._fmt, i64 15, i1 false) #4, !dbg !58
%3 = call i32 (ptr, i64, ...) inttoptr (i64 6 to ptr)(ptr noundef nonnull %2, i64 noundef 15) #4, !dbg !59
call void @llvm.lifetime.end.p0(i64 15, ptr nonnull %2) #4, !dbg !60
call void @llvm.dbg.value(metadata i32 0, metadata !40, metadata !DIExpression()), !dbg !41
ret i32 0, !dbg !61
}
; Function Attrs: alwaysinline mustprogress nocallback nofree nosync nounwind readnone speculatable willreturn
declare void @llvm.dbg.declare(metadata, metadata, metadata) #1
; Function Attrs: alwaysinline argmemonly mustprogress nocallback nofree nosync nounwind willreturn
declare void @llvm.lifetime.start.p0(i64 immarg, ptr nocapture) #2
; Function Attrs: alwaysinline argmemonly mustprogress nocallback nofree nosync nounwind willreturn
declare void @llvm.lifetime.end.p0(i64 immarg, ptr nocapture) #2
; Function Attrs: alwaysinline argmemonly mustprogress nofree nounwind willreturn
declare void @llvm.memcpy.p0.p0.i64(ptr noalias nocapture writeonly, ptr noalias nocapture readonly, i64, i1 immarg) #3
; Function Attrs: alwaysinline mustprogress nocallback nofree nosync nounwind readnone speculatable willreturn
declare void @llvm.dbg.value(metadata, metadata, metadata) #1
attributes #0 = { alwaysinline nounwind "frame-pointer"="none" "min-legal-vector-width"="0" "no-jump-tables"="true" "no-trapping-math"="true" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+cx8,+fxsr,+mmx,+sse,+sse2,+x87" "tune-cpu"="generic" }
attributes #1 = { alwaysinline mustprogress nocallback nofree nosync nounwind readnone speculatable willreturn }
attributes #2 = { alwaysinline argmemonly mustprogress nocallback nofree nosync nounwind willreturn }
attributes #3 = { alwaysinline argmemonly mustprogress nofree nounwind willreturn }
attributes #4 = { nounwind }
!llvm.dbg.cu = !{!2}
!llvm.module.flags = !{!27, !28, !29, !30, !31}
!llvm.ident = !{!32}
!0 = !DIGlobalVariableExpression(var: !1, expr: !DIExpression())
!1 = distinct !DIGlobalVariable(name: "_version", scope: !2, file: !14, line: 526, type: !26, isLocal: false, isDefinition: true)
!2 = distinct !DICompileUnit(language: DW_LANG_C99, file: !3, producer: "Ubuntu clang version 15.0.0-++20220426083628+d738d4717f6d-1~exp1~20220426203725.435", isOptimized: true, runtimeVersion: 0, emissionKind: FullDebug, globals: !4, splitDebugInlining: false, nameTableKind: None)
!3 = !DIFile(filename: "/virtual/main.c", directory: "/home/ubuntu/sources/bpf-next")
!4 = !{!0, !5, !12}
!5 = !DIGlobalVariableExpression(var: !6, expr: !DIExpression())
!6 = distinct !DIGlobalVariable(name: "_license", scope: !2, file: !7, line: 26, type: !8, isLocal: false, isDefinition: true)
!7 = !DIFile(filename: "/virtual/include/bcc/footer.h", directory: "")
!8 = !DICompositeType(tag: DW_TAG_array_type, baseType: !9, size: 32, elements: !10)
!9 = !DIBasicType(name: "char", size: 8, encoding: DW_ATE_signed_char)
!10 = !{!11}
!11 = !DISubrange(count: 4)
!12 = !DIGlobalVariableExpression(var: !13, expr: !DIExpression())
!13 = distinct !DIGlobalVariable(name: "bpf_trace_printk_", scope: !2, file: !14, line: 542, type: !15, isLocal: true, isDefinition: true)
!14 = !DIFile(filename: "/virtual/include/bcc/helpers.h", directory: "")
!15 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !16, size: 64)
!16 = !DISubroutineType(types: !17)
!17 = !{!18, !19, !21, null}
!18 = !DIBasicType(name: "int", size: 32, encoding: DW_ATE_signed)
!19 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !20, size: 64)
!20 = !DIDerivedType(tag: DW_TAG_const_type, baseType: !9)
!21 = !DIDerivedType(tag: DW_TAG_typedef, name: "u64", file: !22, line: 23, baseType: !23)
!22 = !DIFile(filename: "include/asm-generic/int-ll64.h", directory: "/home/ubuntu/sources/bpf-next")
!23 = !DIDerivedType(tag: DW_TAG_typedef, name: "__u64", file: !24, line: 31, baseType: !25)
!24 = !DIFile(filename: "include/uapi/asm-generic/int-ll64.h", directory: "/home/ubuntu/sources/bpf-next")
!25 = !DIBasicType(name: "unsigned long long", size: 64, encoding: DW_ATE_unsigned)
!26 = !DIBasicType(name: "unsigned int", size: 32, encoding: DW_ATE_unsigned)
!27 = !{i32 7, !"Dwarf Version", i32 4}
!28 = !{i32 2, !"Debug Info Version", i32 3}
!29 = !{i32 1, !"wchar_size", i32 4}
!30 = !{i32 7, !"PIC Level", i32 2}
!31 = !{i32 7, !"PIE Level", i32 2}
!32 = !{!"Ubuntu clang version 15.0.0-++20220426083628+d738d4717f6d-1~exp1~20220426203725.435"}
!33 = distinct !DISubprogram(name: "kfunc__vfs_read", scope: !34, file: !34, line: 23, type: !35, scopeLine: 23, flags: DIFlagPrototyped | DIFlagAllCallsDescribed, spFlags: DISPFlagDefinition | DISPFlagOptimized, unit: !2, retainedNodes: !38)
!34 = !DIFile(filename: "/virtual/main.c", directory: "")
!35 = !DISubroutineType(types: !36)
!36 = !{!18, !37}
!37 = !DIDerivedType(tag: DW_TAG_pointer_type, baseType: !25, size: 64)
!38 = !{!39, !40}
!39 = !DILocalVariable(name: "ctx", arg: 1, scope: !33, file: !34, line: 23, type: !37)
!40 = !DILocalVariable(name: "__ret", scope: !33, file: !34, line: 23, type: !18)
!41 = !DILocation(line: 0, scope: !33)
!42 = !DILocalVariable(name: "ctx", arg: 1, scope: !43, file: !34, line: 23, type: !37)
!43 = distinct !DISubprogram(name: "____kfunc__vfs_read", scope: !34, file: !34, line: 23, type: !35, scopeLine: 24, flags: DIFlagPrototyped | DIFlagAllCallsDescribed, spFlags: DISPFlagLocalToUnit | DISPFlagDefinition | DISPFlagOptimized, unit: !2, retainedNodes: !44)
!44 = !{!42}
!45 = !DILocation(line: 0, scope: !43, inlinedAt: !46)
!46 = distinct !DILocation(line: 23, column: 1, scope: !33)
!47 = !DILocation(line: 15, column: 5, scope: !48, inlinedAt: !57)
!48 = distinct !DILexicalBlock(scope: !49, file: !34, line: 15, column: 3)
!49 = distinct !DISubprogram(name: "foobar", scope: !34, file: !34, line: 13, type: !50, scopeLine: 14, flags: DIFlagAllCallsDescribed, spFlags: DISPFlagLocalToUnit | DISPFlagDefinition | DISPFlagOptimized, unit: !2, retainedNodes: !52)
!50 = !DISubroutineType(types: !51)
!51 = !{!18}
!52 = !{!53}
!53 = !DILocalVariable(name: "_fmt", scope: !48, file: !34, line: 15, type: !54)
!54 = !DICompositeType(tag: DW_TAG_array_type, baseType: !9, size: 120, elements: !55)
!55 = !{!56}
!56 = !DISubrange(count: 15)
!57 = distinct !DILocation(line: 25, column: 9, scope: !43, inlinedAt: !46)
!58 = !DILocation(line: 15, column: 10, scope: !48, inlinedAt: !57)
!59 = !DILocation(line: 15, column: 37, scope: !48, inlinedAt: !57)
!60 = !DILocation(line: 15, column: 76, scope: !49, inlinedAt: !57)
!61 = !DILocation(line: 23, column: 1, scope: !33)
Closes iovisor#3947.
References:
[0]: https://llvm.org/docs/NewPassManager.html
[1]: https://blog.llvm.org/posts/2021-03-26-the-new-pass-manager/
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
mauriciovasquezbernal
pushed a commit
that referenced
this pull request
Dec 20, 2022
…for -v option
Add additional information and change format of backtrace
- add symbol base offset, dso name, dso base offset
- symbol and dso info is included if it's available in target binary
- changed format:
INDEX ADDR [SYMBOL+OFFSET] (MODULE+OFFSET)
Print backtrace of ip if it failed to get syms.
Before:
# offcputime -v
psiginfo
vscanf
__snprintf_chk
[unknown]
[unknown]
[unknown]
[unknown]
[unknown]
sd_event_exit
sd_event_dispatch
sd_event_run
[unknown]
__libc_start_main
[unknown]
- systemd-journal (204)
1
xas_load
xas_find
filemap_map_pages
__handle_mm_fault
handle_mm_fault
do_page_fault
do_translation_fault
do_mem_abort
do_el0_ia_bp_hardening
el0_ia
xas_load
--
failed to get syms
- PmLogCtl (138757)
1
After:
# offcputime -v
#0 0xffffffc01018b7e8 __arm64_sys_clock_nanosleep+0x0
#1 0xffffffc01009a93c el0_svc_handler+0x34
#2 0xffffffc010084a08 el0_svc+0x8
#3 0xffffffc01018b7e8 __arm64_sys_clock_nanosleep+0x0
--
#4 0x0000007fa0bffd14 clock_nanosleep+0x94 (/usr/lib/libc-2.31.so+0x9ed14)
#5 0x0000007fa0c0530c nanosleep+0x1c (/usr/lib/libc-2.31.so+0xa430c)
#6 0x0000007fa0c051e4 sleep+0x34 (/usr/lib/libc-2.31.so+0xa41e4)
#7 0x000000558a5a9608 flb_loop+0x28 (/usr/bin/fluent-bit+0x52608)
#8 0x000000558a59f1c4 flb_main+0xa84 (/usr/bin/fluent-bit+0x481c4)
#9 0x0000007fa0b85124 __libc_start_main+0xe4 (/usr/lib/libc-2.31.so+0x24124)
#10 0x000000558a59d828 _start+0x34 (/usr/bin/fluent-bit+0x46828)
- fluent-bit (1238)
1
#0 0xffffffc01027daa4 generic_copy_file_checks+0x334
#1 0xffffffc0102ba634 __handle_mm_fault+0x8dc
#2 0xffffffc0102baa20 handle_mm_fault+0x168
#3 0xffffffc010ad23c0 do_page_fault+0x148
#4 0xffffffc010ad27c0 do_translation_fault+0xb0
#5 0xffffffc0100816b0 do_mem_abort+0x50
#6 0xffffffc0100843b0 el0_da+0x1c
#7 0xffffffc01027daa4 generic_copy_file_checks+0x334
--
#8 0x0000007f8dc12648 [unknown]
#9 0x0000007f8dc0aef8 [unknown]
#10 0x0000007f8dc1c990 [unknown]
#11 0x0000007f8dc08b0c [unknown]
#12 0x0000007f8dc08e48 [unknown]
#13 0x0000007f8dc081c8 [unknown]
- PmLogCtl (2412)
1
Fixed: iovisor#3884
Signed-off-by: Eunseon Lee <es.lee@lge.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Extend different tools to support output in json format.
TODO once merged:
--jsonsupport #2 (comment)--jsonsupport #2 (comment)