-
Notifications
You must be signed in to change notification settings - Fork 0
/
call_tracker_samp.sh
108 lines (96 loc) · 2.24 KB
/
call_tracker_samp.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
#!/bin/bash
#
# Shell script that generates a bpftrace script to track perform a sampling
# of functions called after a specific function is entered.
#
# Output will look something like this
#
#@a[
# trampoline_handler+47
#]: 43
#@a[
# copy_user_enhanced_fast_string+14
#]: 316
#@a[
# copy_user_enhanced_fast_string+3
#]: 194747
#
# The output is not an accurate count of functions called, but is based on profiling.
#
# Options
# -c: "command to execute"
# -d: depth of stack to view, default is 1 level.
# -h: help message
# -s: <name>: syscall tracepoint
# -p: <value>: Profile interval
# -k: <name>: kprobe to track
DEPTH=1
PROFILE=9999
usage()
{
echo Usage
echo "-c command to execute"
echo "-d depth of stack (default == 1)"
echo "-h help message"
echo "-s <name>: syscall tracepoint"
echo "-k <name>: kprobe tracking"
echo "-p <value>: Profile interval>"
exit -1
}
while getopts "hc:p:d:s:k:" opt; do
case ${opt} in
c )
COMMAND=${OPTARG}
;;
d )
DEPTH=${OPTARG}
;;
p )
PROFILE=${OPTARG}
;;
h )
usage
;;
s )
SYSCALL_TP=${OPTARG};
;;
k )
KPROBE=${OPTARG}
esac
done
if [[ -z ${COMMAND} ]]; then
echo need to designate command to run
usage
fi
if [[ -z ${SYSCALL_TP} ]] && [[ -z ${KPROBE} ]]; then
echo Need to designate either a syscall trace point or kernel probe
usage
fi
printf "#%c/usr/local/bin/bpftrace\n" '!' > temp.bt
if [[ -z ${SYSCALL_TP} ]]; then
printf "kprobe:%s\n" ${KPROBE} >> temp.bt
else
printf "tracepoint:syscalls:sys_enter_%s\n" ${SYSCALL_TP} >> temp.bt
fi
printf "{\n" >> temp.bt
printf "\t@track[tid] = 1;\n" >> temp.bt
printf "}\n" >> temp.bt
if [[ -z ${SYSCALL_TP} ]]; then
printf "kretprobe:%s\n" ${KPROBE} >> temp.bt
else
printf "tracepoint:syscalls:sys_exit_%s\n" ${SYSCALL_TP} >> temp.bt
fi
printf "{\n" >> temp.bt
printf "\tdelete(@track[tid]);\n" >> temp.bt
printf "}\n" >> temp.bt
printf "profile:us:%d\n" ${PROFILE} >> temp.bt
printf "\t/ @track[tid] == 1 /\n" >> temp.bt
printf "{\n" >> temp.bt
printf "\t@a[kstack(%d)] = count()\n" ${DEPTH} >> temp.bt
printf "}\n" >> temp.bt
printf "END\n" >> temp.bt
printf "{\n" >> temp.bt
printf "\tclear(@track);\n" >> temp.bt
printf "}\n" >> temp.bt
chmod 755 temp.bt
bpftrace -c "${COMMAND}" ./temp.bt