bpftrace icon indicating copy to clipboard operation
bpftrace copied to clipboard
verified publisher icon bpftrace

add bpf_snprintf_btf() function

Open brendangregg opened this issue 4 years ago • 1 comments

See bpf_snprintf_btf() on lkml and the ksnoop tool by Alan Maguire. We should support this in bpftrace.

E.g., something like (adapting Alan's example):

# bpftrace -e 'kfunc:ip_send_skb { printf("net = %s\n", btf(args->net)) }
Attaching 1 probe...
net = *(struct net){
 .passive = (refcount_t){
  .refs = (atomic_t){
   .counter = (int)2,
   },
}

For that option I called the function btf() that returned a bpf_snprintf_btf() string of the argument, and passed it one of the function arguments only.

brendangregg avatar May 07 '21 05:05 brendangregg

It looks like a lot of new helpers are requiring BTF in order to function. libbpf handles a lot of the BTF lookups / relocs but libbpf APIs are pretty rigid and tricky to adapt to bpftrace use case. I think bpftrace needs a good answer to how we handle BTF going forward before we can add features like these.

For example, another feature that requires BTF is https://github.com/iovisor/bpftrace/issues/1837 .

I think it's going to be a lot of work. I have some ideas but I'll need to think about it more.

danobi avatar May 11 '21 16:05 danobi