接前一篇文章:BCC源码编译和安装
本文参考官网中的Contents部分的介绍。
BCC源码根目录的文件,其中一些是同时包含C和Python的单个文件,另一些是.c和.py的成对文件,还有一些是目录。
examples目录下的文件:
块I/O大小直方图。
bcc/examples/tracing/bitehist.txt文件内容如下:
- Demonstrations of bitehist.py, the Linux eBPF/bcc version.
-
- This prints a power-of-2 histogram to show the block I/O size distribution.
- A summary is printed after Ctrl-C is hit.
-
- # ./bitehist.py
- Tracing... Hit Ctrl-C to end.
- ^C
- kbytes : count distribution
- 0 -> 1 : 3 | |
- 2 -> 3 : 0 | |
- 4 -> 7 : 211 |********** |
- 8 -> 15 : 0 | |
- 16 -> 31 : 0 | |
- 32 -> 63 : 0 | |
- 64 -> 127 : 1 | |
- 128 -> 255 : 800 |**************************************|
-
- This output shows a bimodal distribution. The largest mod of 800 I/O were
- between 128 and 255 Kbytes in size, and another mode of 211 I/O were between
- 4 and 7 Kbytes in size.
-
- Understanding this distribution is useful for characterizing workloads and
- understanding performance. The existence of this distribution is not visible
- from averages alone.
跟踪块设备I/O延迟。
bcc/examples/tracing/disksnoop_example.txt文件内容如下:
- Demonstrations of disksnoop.py, the Linux eBPF/bcc version.
-
-
- This traces block I/O, a prints a line to summarize each I/O completed:
-
- # ./disksnoop.py
- TIME(s) T BYTES LAT(ms)
- 16458043.435457 W 4096 2.73
- 16458043.435981 W 4096 3.24
- 16458043.436012 W 4096 3.13
- 16458043.437326 W 4096 4.44
- 16458044.126545 R 4096 42.82
- 16458044.129872 R 4096 3.24
- 16458044.130705 R 4096 0.73
- 16458044.142813 R 4096 12.01
- 16458044.147302 R 4096 4.33
- 16458044.148117 R 4096 0.71
- 16458044.148950 R 4096 0.70
- 16458044.164332 R 4096 15.29
- 16458044.168003 R 4096 3.58
- 16458044.171676 R 4096 3.59
- 16458044.172453 R 4096 0.72
- 16458044.173213 R 4096 0.71
- 16458044.173989 R 4096 0.72
- 16458044.174739 R 4096 0.70
- 16458044.190334 R 4096 15.52
- 16458044.196608 R 4096 6.17
- 16458044.203091 R 4096 6.35
-
- The output includes a basic timestamp (in seconds), the type of I/O (W == write,
- R == read, M == metadata), the size of the I/O in bytes, and the latency (or
- duration) of the I/O in milliseconds.
-
- The latency is measured from I/O request to the device, to the device
- completion. This excludes latency spent queued in the OS.
-
- Most of the I/O in this example were 0.7 and 4 milliseconds in duration. There
- was an outlier of 42.82 milliseconds, a read which followed many writes (the
- high latency may have been caused by the writes still being serviced on the
- storage device).
为新进程打印“Hello, World!”。
bcc/examples/hello_world.py文件内容如下:
- #!/usr/bin/python
- # Copyright (c) PLUMgrid, Inc.
- # Licensed under the Apache License, Version 2.0 (the "License")
-
- # run in project examples directory with:
- # sudo ./hello_world.py"
- # see trace_fields.py for a longer example
-
- from bcc import BPF
-
- # This may not work for 4.17 on x64, you need replace kprobe__sys_clone with kprobe____x64_sys_clone
- BPF(text='int kprobe__sys_clone(void *ctx) { bpf_trace_printk("Hello, World!\\n"); return 0; }').trace_print()
使用USDT探测跟踪MySQL服务器查询。
bcc/examples/tracing/mysqld_query.txt文件内容如下:
- # ./mysqld_query.py `pgrep -n mysqld`
- TIME(s) COMM PID QUERY
- 17450459.549910001 mysqld 18608 select @@version_comment limit 1
- 17450463.822668001 mysqld 18608 SELECT DATABASE()
- 17450463.824042998 mysqld 18608 show databases
- 17450463.824570000 mysqld 18608 show tables
- 17450465.602717999 mysqld 18608 SELECT COUNT(*) FROM words
- 17450479.944897000 mysqld 18608 SELECT * FROM words WHERE word REGEXP '^bre.*n$'