Add a read_trace_fields() Python function

[brendangregg]

As a follow on from #136, a function could be added that returned the fields printed by bpf_trace_printk(). Eg, so one can use:

b = BPF(...)
[...]
task, pid, cpu, flags, timestamp, function, arguments = b.read_trace_fields()

This is slightly harder than it sounds: I believe the task name can contain spaces.

[drzaeus77]

I added the suggested change, as well as an option to trace_print:
example simplistic json printer:

b.trace_print(fmt='{{"pid":{1}, "msg":"{5}"}}')

sudo ./hello_world.py 
{"pid":1118, "msg":"Hello, World!"}
{"pid":1118, "msg":"Hello, World!"}
{"pid":8696, "msg":"Hello, World!"}

[brendangregg]

Thanks, trace_readline_fields() works for me.

I'm not sure about the fmt= option's stability. Eg, the number of fields have changed in the past, which if it happened again would break indexes. But that's probably very unlikely...

Here's an example of using the new function (disksnoop.py):

Before:

while 1:
        try:
                line = trace.readline().rstrip()
        except KeyboardInterrupt:
                pass; exit()
        prolog, time_s, colon, bytes_s, flags_s, us_s = \
                line.rsplit(" ", 5)

        time_s = time_s[:-1]    # strip trailing ":"

After:

while 1:
        (task, pid, cpu, flags, ts, msg) = b.trace_readline_fields()
        (bytes_s, bflags_s, us_s) = msg.split()

So that's getting much better. And this should be commonly used.

Maybe as a follow on issue, we could have trace_readline_fields() split the msg on whitespace, so the above could be one line. I also think this may be better called just trace_fields().

[drzaeus77]

Shortening to trace_fields is fine to me.

Splitting msg doesn't seem right to me, since the formatting of msg is completely up to the user...trace_fields() can't know to split or not to split.