GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → kinvolk → Traceloop

kinvolk / Traceloop

Licence: apache-2.0
Tracing system calls in cgroups using BPF and overwritable ring buffers

Programming Languages

go
31211 projects - #10 most used programming language

Labels

bpf

Projects that are alternatives of or similar to Traceloop

Bpftrace
High-level tracing language for Linux eBPF
Stars: ✭ 4,526 (+3227.94%)
Mutual labels:  bpf
Bpf Map
Generic tool to inspect BPF maps
Stars: ✭ 38 (-72.06%)
Mutual labels:  bpf
Libbpf Rs
Minimal and opinionated eBPF tooling for the Rust ecosystem
Stars: ✭ 116 (-14.71%)
Mutual labels:  bpf
Libseccomp
The main libseccomp repository
Stars: ✭ 489 (+259.56%)
Mutual labels:  bpf
Tracee
Linux Runtime Security and Forensics using eBPF
Stars: ✭ 788 (+479.41%)
Mutual labels:  bpf
Awesome Ebpf
A curated list of awesome projects related to eBPF.
Stars: ✭ 1,102 (+710.29%)
Mutual labels:  bpf
Rbpf
Rust virtual machine and JIT compiler for eBPF programs
Stars: ✭ 306 (+125%)
Mutual labels:  bpf
Xdp Project
XDP project collaboration through a git-repo
Stars: ✭ 127 (-6.62%)
Mutual labels:  bpf
Ebpf exporter
Prometheus exporter for custom eBPF metrics
Stars: ✭ 829 (+509.56%)
Mutual labels:  bpf
Rakelimit
A fair-share ratelimiter implemented in BPF
Stars: ✭ 97 (-28.68%)
Mutual labels:  bpf
Capstone
Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings.
Stars: ✭ 5,374 (+3851.47%)
Mutual labels:  bpf
Xdp Tutorial
XDP tutorial
Stars: ✭ 740 (+444.12%)
Mutual labels:  bpf
Cgnet
Stars: ✭ 69 (-49.26%)
Mutual labels:  bpf
Bpfd
Framework for running BPF programs with rules on Linux as a daemon. Container aware.
Stars: ✭ 396 (+191.18%)
Mutual labels:  bpf
Tcpdog
eBPF based TCP observability.
Stars: ✭ 119 (-12.5%)
Mutual labels:  bpf
Libbpf
Automated upstream mirror for libbpf stand-alone build.
Stars: ✭ 353 (+159.56%)
Mutual labels:  bpf
Cilium
eBPF-based Networking, Security, and Observability
Stars: ✭ 10,256 (+7441.18%)
Mutual labels:  bpf
Libpcap
the LIBpcap interface to various kernel packet capture mechanism
Stars: ✭ 1,785 (+1212.5%)
Mutual labels:  bpf
Tcpdump
the TCPdump network dissector
Stars: ✭ 1,731 (+1172.79%)
Mutual labels:  bpf
Kubectl Trace
Schedule bpftrace programs on your kubernetes cluster using the kubectl
Stars: ✭ 1,194 (+777.94%)
Mutual labels:  bpf
View All Similar Projects ➔

traceloop

traceloop is a command line tool to trace system calls in a similar way to strace but with some differences:

  • traceloop uses BPF instead of ptrace
  • traceloop's tracing granularity is the control group (cgroup) instead of a process
  • traceloop's traces are recorded in a fast, in-memory, overwritable ring buffer like a flight recorder. The tracing could be permanently enabled and inspected in case of crash.

traceloop can be used directly on the command line or via an HTTP interface.

traceloop has been written to trace Kubernetes Pods with Inspektor Gadget, but it can as easily be used with systemd services that are in their own control groups (look for .service and .scope directories inside /sys/fs/cgroup/unified/).

On the command line

Example with an existing systemd service:

sudo -E ./traceloop cgroups /sys/fs/cgroup/unified/system.slice/sshd.service

Example with a custom command:

sudo systemd-run -t  --unit=test42.service  /bin/sh -c 'for i in $(seq 1 1000) ; do sleep 4 ; echo 2*3*7 | bc > /dev/null ; echo Multiplication $i done. ; done'
...
sudo -E ./traceloop cgroups /sys/fs/cgroup/unified/system.slice/test42.service
...
00:04.022260640 cpu#0 pid 23981 [bc] brk(brk=0) = 94045092683776
00:04.022346588 cpu#0 pid 23981 [bc] ioctl(fd=0, cmd=21505, arg=140721805741680) = 18446744073709551591
00:04.022361201 cpu#0 pid 23981 [bc] read(fd=0, buf=94045092586128 "2*3*7\n", count=8192) = 6
00:04.022401517 cpu#0 pid 23981 [bc] fstat() = 0
00:04.022414650 cpu#0 pid 23981 [bc] ioctl(fd=1, cmd=21505, arg=140721805741312) = 18446744073709551591
00:04.022440173 cpu#0 pid 23981 [bc] write(fd=1, buf=94045092602832 "42\n", count=3) = 3
00:04.022460351 cpu#0 pid 23981 [bc] read(fd=0, buf=94045092586128 "", count=8192) = 0
00:04.022475888 cpu#0 pid 23981 [bc] ioctl(fd=0, cmd=21505, arg=140721805741616) = 18446744073709551591
00:04.022525326 cpu#0 pid 23981 [bc] exit_group(error_code=0)...
00:04.022833827 cpu#2 pid 23961 [sh] ...wait4() = 23981

With Docker

docker run --rm -v /sys/kernel/debug:/sys/kernel/debug -v /sys/fs/cgroup:/sys/fs/cgroup -v /sys/fs/bpf:/sys/fs/bpf -v /run:/run --privileged kinvolk/traceloop

With HTTP interface

sudo -E ./traceloop serve
...

$ sudo curl --unix-socket /run/traceloop.socket 'http://localhost/add?name=sshd&cgrouppath=/sys/fs/cgroup/unified/system.slice/sshd.service'
added as id 0
$ sudo curl --unix-socket /run/traceloop.socket 'http://localhost/list'
0: [sshd] /sys/fs/cgroup/unified/system.slice/sshd.service
$ sudo curl --unix-socket /run/traceloop.socket 'http://localhost/dump-by-cgroup?cgroup=/sys/fs/cgroup/unified/system.slice/sshd.service'
...
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].