接前一篇文章:BCC源码编译和安装
本文参考官网中的Contents部分的介绍。
BCC源码根目录的文件,其中一些是同时包含C和Python的单个文件,另一些是.c和.py的成对文件,还有一些是目录。
跟踪(Tracing)
examples目录下的文件:
- examples/tracing/bitehist.py
块I/O大小直方图。
bcc/examples/tracing/bitehist.txt文件内容如下:
Demonstrations of bitehist.py, the Linux eBPF/bcc version.
This prints a power-of-2 histogram to show the block I/O size distribution.
A summary is printed after Ctrl-C is hit.
# ./bitehist.py
Tracing... Hit Ctrl-C to end.
^C
kbytes : count distribution
0 -> 1 : 3 | |
2 -> 3 : 0 | |
4 -> 7 : 211 |********** |
8 -> 15 : 0 | |
16 -> 31 : 0 | |
32 -> 63 : 0 | |
64 -> 127 : 1 | |
128 -> 255 : 800 |**************************************|
This output shows a bimodal distribution. The largest mod of 800 I/O were
between 128 and 255 Kbytes in size, and another mode of 211 I/O were between
4 and 7 Kbytes in size.
Understanding this distribution is useful for characterizing workloads and
understanding performance. The existence of this distribution is not visible
from averages alone.- examples/tracing/disksnoop.py
跟踪块设备I/O延迟。
bcc/examples/tracing/disksnoop_example.txt文件内容如下:
Demonstrations of disksnoop.py, the Linux eBPF/bcc version.
This traces block I/O, a prints a line to summarize each I/O completed:
# ./disksnoop.py
TIME(s) T BYTES LAT(ms)
16458043.435457 W 4096 2.73
16458043.435981 W 4096 3.24
16458043.436012 W 4096 3.13
16458043.437326 W 4096 4.44
16458044.126545 R 4096 42.82
16458044.129872 R 4096 3.24
16458044.130705 R 4096 0.73
16458044.142813 R 4096 12.01
16458044.147302 R 4096 4.33
16458044.148117 R 4096 0.71
16458044.148950 R 4096 0.70
16458044.164332 R 4096 15.29
16458044.168003 R 4096 3.58
16458044.171676 R 4096 3.59
16458044.172453 R 4096 0.72
16458044.173213 R 4096 0.71
16458044.173989 R 4096 0.72
16458044.174739 R 4096 0.70
16458044.190334 R 4096 15.52
16458044.196608 R 4096 6.17
16458044.203091 R 4096 6.35
The output includes a basic timestamp (in seconds), the type of I/O (W == write,
R == read, M == metadata), the size of the I/O in bytes, and the latency (or
duration) of the I/O in milliseconds.
The latency is measured from I/O request to the device, to the device
completion. This excludes latency spent queued in the OS.
Most of the I/O in this example were 0.7 and 4 milliseconds in duration. There
was an outlier of 42.82 milliseconds, a read which followed many writes (the
high latency may have been caused by the writes still being serviced on the
storage device).- examples/hello_world.py
为新进程打印“Hello, World!”。
bcc/examples/hello_world.py文件内容如下:
#!/usr/bin/python
# Copyright (c) PLUMgrid, Inc.
# Licensed under the Apache License, Version 2.0 (the "License")
# run in project examples directory with:
# sudo ./hello_world.py"
# see trace_fields.py for a longer example
from bcc import BPF
# This may not work for 4.17 on x64, you need replace kprobe__sys_clone with kprobe____x64_sys_clone
BPF(text='int kprobe__sys_clone(void *ctx) { bpf_trace_printk("Hello, World!\\n"); return 0; }').trace_print()- examples/tracing/mysqld_query.py
使用USDT探测跟踪MySQL服务器查询。
bcc/examples/tracing/mysqld_query.txt文件内容如下:
# ./mysqld_query.py `pgrep -n mysqld`
TIME(s) COMM PID QUERY
17450459.549910001 mysqld 18608 select @@version_comment limit 1
17450463.822668001 mysqld 18608 SELECT DATABASE()
17450463.824042998 mysqld 18608 show databases
17450463.824570000 mysqld 18608 show tables
17450465.602717999 mysqld 18608 SELECT COUNT(*) FROM words
17450479.944897000 mysqld 18608 SELECT * FROM words WHERE word REGEXP '^bre.*n$'