On Thu, May 28, 2020 at 1:14 AM 王贇 <yun.wang@xxxxxxxxxxxxxxxxx> wrote: > > Hi, Andrii > > Thanks for your comments :-) > > On 2020/5/28 下午2:36, Andrii Nakryiko wrote: > [snip] > >> --- > > > > I haven't looked through implementation thoroughly yet. But I have few > > general remarks. > > > > This looks like a useful and generic tool. I think it will get most > > attention and be most useful if it will be part of BCC tools. There is > > already a set of generic tools that use libbpf and CO-RE, see [0]. It > > feels like this belongs there. > > > > Some of the annoying parts (e.g., syscall name translation) is already > > generalized as part of syscount tool PR (to be hopefully merged soon), > > so you'll be able to save quite a lot of code with this. There is also > > a common build infra that takes care of things like vmlinux.h, which > > would provide definitions for all those xxx_args structs that you had > > to manually define. > > > > With CO-RE, it also will allow to compile this tool once and run it on > > many different kernels without recompilation. Please do take a look > > and submit a PR there, it will be a good addition to the toolkit (and > > will force you write a bit of README explaining use of this tool as > > well ;). > > Aha, I used to think bcc only support python and cpp :-P > libbpf-tools don't use BCC at all, they are just co-located with BCC and BCC tools in the same repository and are lightweight alternatives to BCC-based tools. But it needs kernel with BTF built-in, which is the only (temporary) downside. > I'll try to rework it and submit PR, I'm glad to know that you think > this tool as a helpful one, we do solved some tough issue with it > already. > > > > > As for the code itself, I haven't gone through it much, but please > > convert map definition syntax to BTF-defined one. The one you are > > using is a legacy one. Thanks! > > > > [0] https://github.com/iovisor/bcc/tree/master/libbpf-tools > > Will check the example there :-) > > Regards, > Michael Wang > > > > >> samples/bpf/Makefile | 3 + > >> samples/bpf/task_detector.h | 382 +++++++++++++++++++++++++++++++++++++++ > >> samples/bpf/task_detector_kern.c | 329 +++++++++++++++++++++++++++++++++ > >> samples/bpf/task_detector_user.c | 314 ++++++++++++++++++++++++++++++++ > >> 4 files changed, 1028 insertions(+) > >> create mode 100644 samples/bpf/task_detector.h > >> create mode 100644 samples/bpf/task_detector_kern.c > >> create mode 100644 samples/bpf/task_detector_user.c > >> > > > > [...] > >
