eBPF is probably what you want. If you have not found them yet, you should familiarize yourself with the examples provided by the Bcc tools (BPF compiler compiler) .
In particular, the argdist tool argdist really depends on kprobes and might interest you:
argdist probes that you specify and collect parameter values ββin a histogram or frequency. This can be used to understand the distribution of values ββof a certain parameter, receives, filters and prints interesting parameters without adding a debugger, and obtain general statistics on various functions.
For example, suppose you want to find which placement sizes are common in your application:
# ./argdist -p 2420 -C 'p:c:malloc(size_t size):size_t:size' [01:42:29] p:c:malloc(size_t size):size_t:size COUNT EVENT [01:42:30] p:c:malloc(size_t size):size_t:size COUNT EVENT
[...]
(extract from the example argdist uses ).
For the record, most of the examples that I have found so far in eBPF were located in one of these places:
- In
linux/samples/bpf on Linux kernel sources. - In the
bcc/tools bcc directory. - (For examples of networks related to
tc , iproute2/examples/tc in the iproute2 package sources.)
Qeole source share