-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update killsnoop to use tracepoints #3592
Comments
I made a mistake. I think the behavior of killsnoop.py is correct. The manpage of kill(2) has the following description:
And using strace also confirmed this:
|
As suggested by @brendangregg in iovisor#3592, update killsnoop to use tracepoints. This commit adds kill/tkill/tgkill as tracing targets using tracepoints. The output looks the same as using kprobe: sudo ./killsnoop.py TIME PID COMM SIG TPID RESULT 00:17:54 151828 code 0 11326 0 00:17:54 151828 code 0 11326 0 00:17:54 834 containerd 23 40277 0 Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
Yeah, the 0 signal (which has no name) is valid and used by a lot of software, and should be shown by killsnoop/sigsnoop. |
As suggested by @brendangregg in iovisor#3592, update killsnoop to use tracepoints. This commit adds kill/tkill/tgkill as tracing targets using tracepoints and a new option which allows print signal name instead of signal number. The output looks the same as using kprobe: sudo ./killsnoop.py TIME PID COMM SIG TPID RESULT 00:17:54 151828 code 0 11326 0 00:17:54 151828 code 0 11326 0 00:17:54 834 containerd 23 40277 0 Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
As suggested by @brendangregg in iovisor#3592, update killsnoop to use tracepoints. This commit adds kill/tkill/tgkill as tracing targets using tracepoints and a new option which allows print signal name instead of signal number. The output looks the same as using kprobe: sudo ./killsnoop.py TIME PID COMM SIG TPID RESULT 00:17:54 151828 code 0 11326 0 00:17:54 151828 code 0 11326 0 00:17:54 834 containerd 23 40277 0 Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
is the issue closed ? im looking for issue to work on |
@irenge Just assign it to you. |
Thanks, I will work on it |
As far as a libbpf implementation of |
Thanks, so:
|
This is a request for help.
I wrote killsnoop back in 2015 before tracepoint support, and so I kprobe'd sys_kill(). It still does some derivation of that. But now there's a report it no longer works on Linux 5.11: #3572 (comment) CC @chenhengqi
Can someone please update killsnoop (both Python and libbpf-tools) to use tracepoints instead of kprobes (if it works as expected). All of these:
The text was updated successfully, but these errors were encountered: