1#!/usr/bin/env python
2
3#
4# strlen_hist.py   Histogram of system-wide strlen return values
5#
6# A basic example of using uprobes along with a histogram to show
7# distributions.
8#
9# Runs until ctrl-c is pressed.
10#
11# Copyright (c) PLUMgrid, Inc.
12# Licensed under the Apache License, Version 2.0 (the "License")
13#
14# Example output:
15# $ sudo ./strlen_hist.py
16# 22:12:52
17#      strlen return:      : count     distribution
18#          0 -> 1          : 2106     |****************                        |
19#          2 -> 3          : 1172     |*********                               |
20#          4 -> 7          : 3892     |******************************          |
21#          8 -> 15         : 5096     |****************************************|
22#         16 -> 31         : 2201     |*****************                       |
23#         32 -> 63         : 547      |****                                    |
24#         64 -> 127        : 106      |                                        |
25#        128 -> 255        : 13       |                                        |
26#        256 -> 511        : 27       |                                        |
27#        512 -> 1023       : 6        |                                        |
28#       1024 -> 2047       : 10       |                                        |
29# ^C$
30#
31
32from __future__ import print_function
33import bcc
34import time
35
36text = """
37#include <uapi/linux/ptrace.h>
38BPF_HISTOGRAM(dist);
39int count(struct pt_regs *ctx) {
40    dist.increment(bpf_log2l(PT_REGS_RC(ctx)));
41    return 0;
42}
43"""
44
45b = bcc.BPF(text=text)
46sym="strlen"
47b.attach_uretprobe(name="c", sym=sym, fn_name="count")
48
49dist = b["dist"]
50
51try:
52    while True:
53        time.sleep(1)
54        print("%-8s\n" % time.strftime("%H:%M:%S"), end="")
55        dist.print_log2_hist(sym + " return:")
56        dist.clear()
57
58except KeyboardInterrupt:
59    pass
60