libbpf-tools: add BPF CO-RE filegone #4978
Conversation
kerennaomidev
requested review from
drzaeus77,
goldshtn,
yonghong-song,
4ast,
brendangregg and
davemarchevsky
as code owners
This is a CO-RE port of the filegone BCC Python tool. The code is inspired by the 'filelife' port. Signed-off-by: Keren Naomi <[email protected]>
kerennaomidev
force-pushed
the
libbpf-tools-filegone
branch
from
0174990 to
28c3bf4
Compare
| @@ -22,6 +22,7 @@ | |||
| /f2fsdist | |||
| /f2fsslower | |||
| /filelife | |||
| /filegone | |||
There was a problem hiding this comment.
filegone comes before filelife in the dictionary.
Please keep the list sorted.
| @@ -55,6 +55,7 @@ APPS = \ | |||
| execsnoop \ | |||
| exitsnoop \ | |||
| filelife \ | |||
| filegone \ | |||
There was a problem hiding this comment.
filegone comes before filelife in the dictionary.
| if (targ_tgid && targ_tgid != tgid) | ||
| return 0; | ||
|
|
||
| bool has_arg = renamedata_has_old_mnt_userns_field() |
There was a problem hiding this comment.
Please declare variables first.
| if (targ_tgid && targ_tgid != tgid) | ||
| return 0; | ||
|
|
||
| bool has_arg = renamedata_has_old_mnt_userns_field() |
There was a problem hiding this comment.
Please declare variables first.
| " filegone -p 123 # trace pid 123\n"; | ||
|
|
||
| static const struct argp_option opts[] = { | ||
| {"pid", 'p', "PID", 0, "Process PID to trace"}, |
There was a problem hiding this comment.
Please check the missing initialize group field.
Refer to commit - 74fe720
|
|
||
| struct { | ||
| __uint(type, BPF_MAP_TYPE_HASH); | ||
| __uint(max_entries, 8192); |
There was a problem hiding this comment.
How about using macro instead of magic number?
| bpf_get_current_comm(&event.task, sizeof(event.task)); | ||
| bpf_probe_read_kernel_str(&event.fname, sizeof(event.fname), qs_name_ptr.name); | ||
| bpf_probe_read_kernel_str(&event.fname2, sizeof(event.fname2), qd_name_ptr.name); | ||
| event.action = 'R'; |
There was a problem hiding this comment.
How about using an enum type for action values?
Using enum values like RENAME and DELETE could be more descriptive.
| memcpy(&e, data, sizeof(e)); | ||
| action_str = action2str(e.action); | ||
|
|
||
| if (strcmp(action_str, "RENAME") == 0) { |
There was a problem hiding this comment.
we can classify the values of action using an enum type, without string comparison.
| return (action == 'D') ? "DELETE" : "RENAME"; | ||
| } | ||
|
|
||
| void handle_event(void *ctx, int cpu, void *data, __u32 data_sz) |
There was a problem hiding this comment.
how about declaring static if available?
| #include "filegone.h" | ||
| #include "core_fixes.bpf.h" | ||
|
|
||
| #define FMODE_CREATED 0x100000 |
This is a CO-RE port of the filegone BCC Python tool. The code is inspired by the 'filelife' port.
Supports [-p PID] filter option.
Please let us know if any changes are required.