使用 systemtap over ebpf begin probe 探测用户空间进程不起作用
Probing a userspace process with systemtap over ebpf begin probe doesn't work
我正在尝试使用 begin 探测器探测用户空间进程,但似乎没有任何作用
begin.stp:
probe process("a.out").begin {
printf("%s %d\n", execname(), pid())
}
stp 输出:
[root@RHEL8 ~]# stap --bpf -v ~/begin.stp
Pass 1: parsed user script and 56 library scripts using 203356virt/48420res/12256shr/36024data kb, in 100usr/10sys/114real ms.
Pass 2: analyzed script: 2 probes, 3 functions, 0 embeds, 1 global using 204676virt/50128res/12392shr/37344data kb, in 10usr/10sys/11real ms.
Pass 3: pass skipped for stapbpf runtime in 0usr/0sys/0real ms.
Pass 4: compiled BPF into "stap_30984.bo" in 0usr/0sys/2real ms.
Pass 5: starting run.
将探针更改为 main() 函数时似乎有效:
function.stp
probe process("a.out").function("main") {
printf("%s %d\n", execname(), pid())
}
stap 输出:
[root@RHEL8 ~]# stap --bpf -v ~/222.stp
Pass 1: parsed user script and 56 library scripts using 203356virt/48364res/12200shr/36024data kb, in 290usr/50sys/404real ms.
Pass 2: analyzed script: 2 probes, 3 functions, 0 embeds, 1 global using 204676virt/50996res/13068shr/37344data kb, in 20usr/0sys/25real ms.
Pass 3: pass skipped for stapbpf runtime in 0usr/0sys/0real ms.
Pass 4: compiled BPF into "stap_31782.bo" in 0usr/0sys/3real ms.
Pass 5: starting run.
a.out 31806
a.out 31821
a.out 31827
a.out 31831
stap 版本
[root@RHEL8 ~]# stap --version
Systemtap translator/driver (version 4.2/0.178, rpm 4.2-6.el8)
Copyright (C) 2005-2019 Red Hat, Inc. and others
This is free software; see the source for copying conditions.
tested kernel versions: 2.6.32 ... 5.4-rc6
enabled features: AVAHI BOOST_STRING_REF DYNINST BPF JAVA PYTHON3 LIBRPM LIBSQLITE3 LIBVIRT LIBXML2 NLS NSS READLINE
我正在尝试使用 begin 探测器探测用户空间进程,但似乎没有任何作用
begin.stp:
probe process("a.out").begin {
printf("%s %d\n", execname(), pid())
}
stp 输出:
[root@RHEL8 ~]# stap --bpf -v ~/begin.stp
Pass 1: parsed user script and 56 library scripts using 203356virt/48420res/12256shr/36024data kb, in 100usr/10sys/114real ms.
Pass 2: analyzed script: 2 probes, 3 functions, 0 embeds, 1 global using 204676virt/50128res/12392shr/37344data kb, in 10usr/10sys/11real ms.
Pass 3: pass skipped for stapbpf runtime in 0usr/0sys/0real ms.
Pass 4: compiled BPF into "stap_30984.bo" in 0usr/0sys/2real ms.
Pass 5: starting run.
将探针更改为 main() 函数时似乎有效:
function.stp
probe process("a.out").function("main") {
printf("%s %d\n", execname(), pid())
}
stap 输出:
[root@RHEL8 ~]# stap --bpf -v ~/222.stp
Pass 1: parsed user script and 56 library scripts using 203356virt/48364res/12200shr/36024data kb, in 290usr/50sys/404real ms.
Pass 2: analyzed script: 2 probes, 3 functions, 0 embeds, 1 global using 204676virt/50996res/13068shr/37344data kb, in 20usr/0sys/25real ms.
Pass 3: pass skipped for stapbpf runtime in 0usr/0sys/0real ms.
Pass 4: compiled BPF into "stap_31782.bo" in 0usr/0sys/3real ms.
Pass 5: starting run.
a.out 31806
a.out 31821
a.out 31827
a.out 31831
stap 版本
[root@RHEL8 ~]# stap --version
Systemtap translator/driver (version 4.2/0.178, rpm 4.2-6.el8)
Copyright (C) 2005-2019 Red Hat, Inc. and others
This is free software; see the source for copying conditions.
tested kernel versions: 2.6.32 ... 5.4-rc6
enabled features: AVAHI BOOST_STRING_REF DYNINST BPF JAVA PYTHON3 LIBRPM LIBSQLITE3 LIBVIRT LIBXML2 NLS NSS READLINE