On Wed, 4 Aug 2021, Daniel Borkmann wrote: > Hi Alan, > > On 8/3/21 11:23 PM, Alan Maguire wrote: > > Recent functionality added to libbpf [1] enables typed display of kernel > > data structures; here that functionality is exploited to provide a > > simple example of how a tracer can support deep argument/return value > > inspection. The intent is to provide a demonstration of these features > > to help facilitate tracer adoption, while also providing a tool which > > can be useful for kernel debugging. > > Thanks a lot for working on this tool, this looks _super useful_! Right now > under tools/bpf/ we have bpftool and resolve_btfids as the two main tools, > the latter used during kernel build, and the former evolving with the kernel > together with libbpf. The runqslower in there was originally thought of as > a single/small example tool to demo how to build stand-alone tracing tools > with all the modern practices, though the latter has also been added to [0] > (thus could be removed). I would rather love if you could add ksnoop for > inclusion into bcc's libbpf-based tracing tooling suite under [0] as well > which would be a better fit long term rather than kernel tree for the tool > to evolve. We don't intend to add a stand-alone tooling collection under the > tools/bpf/ long term since these can evolve better outside of kernel tree. > Sounds good; I'll look into contributing the tool to bcc. Thanks! Alan
