1Demonstrations of shmsnoop, the Linux eBPF/bcc version.
2
3shmsnoop traces shm*() syscalls, for example:
4
5# ./shmsnoop.py
6PID    COMM                SYS              RET ARGs
719813  server           SHMGET            10000 key: 0x78020001, size: 20, shmflg: 0x3b6 (IPC_CREAT|0666)
819813  server            SHMAT     7f1cf8b1f000 shmid: 0x10000, shmaddr: 0x0, shmflg: 0x0
919816  client           SHMGET            10000 key: 0x78020001, size: 20, shmflg: 0x1b6 (0666)
1019816  client            SHMAT     7f4fd8ee7000 shmid: 0x10000, shmaddr: 0x0, shmflg: 0x0
1119816  client            SHMDT                0 shmaddr: 0x7f4fd8ee7000
1219813  server            SHMDT                0 shmaddr: 0x7f1cf8b1f000
1319813  server           SHMCTL                0 shmid: 0x10000, cmd: 0, buf: 0x0
14
15
16Every call the shm* syscall (SHM column) is displayed
17on separate line together with process info (PID/COMM
18columns) and argument details: return value (RET column)
19and syscall arguments (ARGs column).
20
21The ARGs column contains 'arg: value' couples that represent
22given syscall arguments as described in their manpage.
23
24This works by tracing shm* system calls and sending
25argument details to the python script.
26
27A -T option can be used to include a timestamp column,
28and a -n option to match on a command name. Regular
29expressions are allowed.  For example, matching commands
30containing "server" with timestamps:
31
32# ./shmsnoop.py -T -n server
33TIME(s)       PID    COMM                SYS              RET ARGs
340.563194000   19825  server            SHMDT                0 shmaddr: 0x7f74362e4000
350.563237000   19825  server           SHMCTL                0 shmid: 0x18000, cmd: 0, buf: 0x0
36
37
38A -p option can be used to trace only selected process:
39
40# ./shmsnoop.py -p 19855
41PID    COMM                SYS              RET ARGs
4219855  server            SHMDT                0 shmaddr: 0x7f4329ff8000
4319855  server           SHMCTL                0 shmid: 0x20000, cmd: 0, buf: 0x0
44
45USAGE message:
46# ./shmsnoop.py -h
47usage: shmsnoop.py [-h] [-T] [-p PID] [-t TID] [-d DURATION] [-n NAME]
48
49Trace shm*() syscalls
50
51optional arguments:
52  -h, --help            show this help message and exit
53  -T, --timestamp       include timestamp on output
54  -p PID, --pid PID     trace this PID only
55  -t TID, --tid TID     trace this TID only
56  -d DURATION, --duration DURATION
57                        total duration of trace in seconds
58  -n NAME, --name NAME  only print process names containing this name
59
60examples:
61    ./shmsnoop           # trace all shm*() syscalls
62    ./shmsnoop -T        # include timestamps
63    ./shmsnoop -p 181    # only trace PID 181
64    ./shmsnoop -t 123    # only trace TID 123
65    ./shmsnoop -d 10     # trace for 10 seconds only
66    ./shmsnoop -n main   # only print process names containing "main"
67