EBPF ja BCC utiliitide kasutamine
Allikas: Imre kasutab arvutit
Mine navigeerimisribaleMine otsikasti
Sissejuhatus
TODO
Tööpõhimõte
TODO
Väited
- BCC kasutamiseks peavad olema süsteemis tuuma päised ja sellega kaasneb omajagu arendusvahendite paigaldust (gcc jms)
BCC skriptide komplektis on üldiselt kahte sorti utiliite
- esitatakse jooksvalt mingite tüüpi sündmuste toimumise kohta infot (nt execsnoop, opensnoop)
- esitatakse mingi aja jooksul toimunud mingit tüüpi sündmuste kohta statistikat (nt runqlen)
Paigaldamine
Ubuntu 16.04
Paigaldamist tutvustatakse aadressil https://github.com/iovisor/bcc/blob/master/INSTALL.md#ubuntu---binary
# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys D4284CDD # echo "deb https://repo.iovisor.org/apt/xenial xenial main" | sudo tee /etc/apt/sources.list.d/iovisor.list # apt-get update # apt-get install bcc-tools libbcc-examples linux-headers-$(uname -r)
tulemusena
- paigaldatakse paketid
bcc-tools libbcc libbcc-examples python-bcc
- on /usr/share/bcc/tool kataloogitäis pyhton vms skripte
esimesel kasutamisel kirjutatakse dmesg'i
[N mai 3 07:27:05 2018] ********************************************************** [N mai 3 07:27:05 2018] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [N mai 3 07:27:05 2018] ** ** [N mai 3 07:27:05 2018] ** trace_printk() being used. Allocating extra memory. ** [N mai 3 07:27:05 2018] ** ** [N mai 3 07:27:05 2018] ** This means that this is a DEBUG kernel and it is ** [N mai 3 07:27:05 2018] ** unsafe for production use. ** [N mai 3 07:27:05 2018] ** ** [N mai 3 07:27:05 2018] ** If you see this message and you are not debugging ** [N mai 3 07:27:05 2018] ** the kernel, report this immediately to your vendor! ** [N mai 3 07:27:05 2018] ** ** [N mai 3 07:27:05 2018] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [N mai 3 07:27:05 2018] **********************************************************
Debian v. 9 Stretch
Paigaldada sõltuvused
# apt install linux-headers-amd64 sudo auditd build-essential cmake libllvm3.8 llvm-dev libclang-dev libelf-dev bison flex libedit-dev clang-format python python-netaddr python-pyroute2 luajit libluajit-5.1-dev arping iperf netperf ethtool devscripts zlib1g-dev libfl-dev
Kopeerida lähtetekst
# cd /var/tmp # git clone https://github.com/iovisor/bcc.git
kus
- käesoleva teksti puhul tabati commiti
# git log --pretty=format:"%h - %an, %ar : %s" | head -n 4 dad0ad1 - yonghong-song, 2 days ago : Merge pull request #1729 from sandip4n/sandip4n_dev 2af81df - Sandipan Das, 2 days ago : Fix bpf_trace_printk() for big-endian targets bd8f086 - yonghong-song, 2 days ago : Merge pull request #1727 from bobrik/runqlen-no-dup 0595f1b - Ivan Babrou, 3 days ago : Remove duplicate ebpf program load in tools/runqlen.py ...
- debian/control faili sõltuvuste osas muudatusi teha vaja pole.
- 2018 kevadel kohendada failis examples/networking/simulation.py, kommenteerides ns_ipdb.initdb() rea välja
if out_ifc: out_ifc.up().commit() ns_ipdb.interfaces.lo.up().commit() # ns_ipdb.initdb() in_ifc = ns_ipdb.interfaces[in_ifname]
- kopeerida üle katkine test, et sellega tegelemine vahele jääks
# cp /var/tmp/bcc/tests/python/test_tools_memleak.py /var/tmp/bcc/tests/python/test_tools_smoke.py
Kompileerida
# debuild -b -uc -us
Tulemusena tekivad .deb paketid
# ls -ld *deb -rw-r--r-- 1 root root 258592 May 5 10:38 bcc-lua_0.5.0-1_all.deb -rw-r--r-- 1 root root 233928 May 5 10:38 bcc-tools_0.5.0-1_all.deb -rw-r--r-- 1 root root 11878912 May 5 10:39 libbcc_0.5.0-1_amd64.deb -rw-r--r-- 1 root root 10758006 May 5 10:38 libbcc-dbgsym_0.5.0-1_amd64.deb -rw-r--r-- 1 root root 274252 May 5 10:38 libbcc-examples_0.5.0-1_amd64.deb -rw-r--r-- 1 root root 22058 May 5 10:38 python3-bcc_0.5.0-1_all.deb -rw-r--r-- 1 root root 21974 May 5 10:38 python-bcc_0.5.0-1_all.deb
Paigaldamiseks sobib öelda nt
# apt-get install ./bcc-tools_0.5.0-1_all.deb ./libbcc_0.5.0-1_amd64.deb ./python-bcc_0.5.0-1_all.deb
Paigaldamiseks arvutisse kus pole bcc tarkvara kompileeritud peab olema paigaldatud
# apt-get install linux-headers-amd64
Kasulikud lisamaterjalid
Debian v. 10 Buster
MÄRKUS 2018 kevad: ei õnnestunud kompileerida
Paigaldada sõltuvused
# apt install build-essential cmake libllvm4.0 llvm-dev libclang-dev libelf-dev bison flex libedit-dev clang-format python python-netaddr python-pyroute2 luajit libluajit-5.1-dev arping iperf netperf ethtool devscripts zlib1g-dev libfl-dev
muuta debian/control faili sõltuvuste osas
.. Build-Depends: debhelper (>= 9), cmake, libllvm4.0, llvm-dev, libclang-dev, libelf-dev, bison, flex, libfl-dev, libedit-dev, zlib1g-dev, git, clang-format, python (>= 2.7), python-netaddr, python-pyroute2, luajit, libluajit-5.1-dev, arping, inetutils-ping | iputils-ping, iperf, netperf, ethtool, devscripts, python3 Homepage: https://github.com/iovisor/bcc ...
Kompileerida
# debuild -b -uc -us
Paigaldada
# apt install ./bcc...
Kasulikud lisamaterjalid
Kasutamine
- filelife töötamise käigus moodustatud-kustutatud failide nimede jooksev esitamine
# /usr/share/bcc/tools/filelife
- mysql sql käskude esitamine
# /usr/share/bcc/tools/dbslower -x /usr/sbin/mysqld mysql -m 0 Tracing database queries for application /usr/sbin/mysqld slower than 0 ms... TIME(s) PID MS QUERY 10.149637 643 1.203 select 1 + 1 20.429446 643 0.889 select version() ...
- postgresql sql käskude esitamine
TODO
- tcplife tcp ühenduste kestuse esitamiseks
# /usr/share/bcc/tools/tcplife -D 80 PID COMM LADDR LPORT RADDR RPORT TX_KB RX_KB MS 1923 w3m 192.168.100.212 39362 217.146.71.187 80 0 0 16.80 1929 w3m 192.168.100.212 49178 85.222.234.14 80 0 2 107.51 ...
Probleemid
- Ubuntu 16.04 tuum 4.4.0 juhtub vahel nii
# /usr/share/bcc/tools/opensnoop Killed root@arvuti:/var/tmp# Broadcast message from systemd-journald@arvuti (Tue 2018-05-08 08:59:26 EEST): systemd[1]: Caught <SEGV>, core dump failed (child 7960, code=killed, status=11/SEGV). Broadcast message from systemd-journald@arvuti (Tue 2018-05-08 08:59:26 EEST): systemd[1]: Freezing execution. ^C root@arvuti:/var/tmp# dmesg -bash: ../sysdeps/nptl/fork.c:156: __libc_fork: Assertion `THREAD_GETMEM (self, tid) != ppid' failed. Connection to 10.0.65.172 closed. root@teine-arvuti# ssh root@10.0.65.172 ssh_exchange_identification: Connection closed by remote host
ning konsoolile kirjutatakse
Failed to send watchdog=1 notification: Connection refused