kinvolk / Traceloop
Licence: apache-2.0
Tracing system calls in cgroups using BPF and overwritable ring buffers
Stars: ✭ 136
Programming Languages
go
31211 projects - #10 most used programming language
Labels
Projects that are alternatives of or similar to Traceloop
Libbpf Rs
Minimal and opinionated eBPF tooling for the Rust ecosystem
Stars: ✭ 116 (-14.71%)
Mutual labels: bpf
Awesome Ebpf
A curated list of awesome projects related to eBPF.
Stars: ✭ 1,102 (+710.29%)
Mutual labels: bpf
Capstone
Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings.
Stars: ✭ 5,374 (+3851.47%)
Mutual labels: bpf
Bpfd
Framework for running BPF programs with rules on Linux as a daemon. Container aware.
Stars: ✭ 396 (+191.18%)
Mutual labels: bpf
Libbpf
Automated upstream mirror for libbpf stand-alone build.
Stars: ✭ 353 (+159.56%)
Mutual labels: bpf
Cilium
eBPF-based Networking, Security, and Observability
Stars: ✭ 10,256 (+7441.18%)
Mutual labels: bpf
Libpcap
the LIBpcap interface to various kernel packet capture mechanism
Stars: ✭ 1,785 (+1212.5%)
Mutual labels: bpf
Kubectl Trace
Schedule bpftrace programs on your kubernetes cluster using the kubectl
Stars: ✭ 1,194 (+777.94%)
Mutual labels: bpf
traceloop
traceloop is a command line tool to trace system calls in a similar way to strace but with some differences:
- traceloop uses BPF instead of ptrace
- traceloop's tracing granularity is the control group (cgroup) instead of a process
- traceloop's traces are recorded in a fast, in-memory, overwritable ring buffer like a flight recorder. The tracing could be permanently enabled and inspected in case of crash.
traceloop can be used directly on the command line or via an HTTP interface.
traceloop has been written to trace Kubernetes Pods with Inspektor
Gadget, but it can as easily be
used with systemd services that are in their own control groups (look for
.service
and .scope
directories inside /sys/fs/cgroup/unified/
).
On the command line
Example with an existing systemd service:
sudo -E ./traceloop cgroups /sys/fs/cgroup/unified/system.slice/sshd.service
Example with a custom command:
sudo systemd-run -t --unit=test42.service /bin/sh -c 'for i in $(seq 1 1000) ; do sleep 4 ; echo 2*3*7 | bc > /dev/null ; echo Multiplication $i done. ; done'
...
sudo -E ./traceloop cgroups /sys/fs/cgroup/unified/system.slice/test42.service
...
00:04.022260640 cpu#0 pid 23981 [bc] brk(brk=0) = 94045092683776
00:04.022346588 cpu#0 pid 23981 [bc] ioctl(fd=0, cmd=21505, arg=140721805741680) = 18446744073709551591
00:04.022361201 cpu#0 pid 23981 [bc] read(fd=0, buf=94045092586128 "2*3*7\n", count=8192) = 6
00:04.022401517 cpu#0 pid 23981 [bc] fstat() = 0
00:04.022414650 cpu#0 pid 23981 [bc] ioctl(fd=1, cmd=21505, arg=140721805741312) = 18446744073709551591
00:04.022440173 cpu#0 pid 23981 [bc] write(fd=1, buf=94045092602832 "42\n", count=3) = 3
00:04.022460351 cpu#0 pid 23981 [bc] read(fd=0, buf=94045092586128 "", count=8192) = 0
00:04.022475888 cpu#0 pid 23981 [bc] ioctl(fd=0, cmd=21505, arg=140721805741616) = 18446744073709551591
00:04.022525326 cpu#0 pid 23981 [bc] exit_group(error_code=0)...
00:04.022833827 cpu#2 pid 23961 [sh] ...wait4() = 23981
With Docker
docker run --rm -v /sys/kernel/debug:/sys/kernel/debug -v /sys/fs/cgroup:/sys/fs/cgroup -v /sys/fs/bpf:/sys/fs/bpf -v /run:/run --privileged kinvolk/traceloop
With HTTP interface
sudo -E ./traceloop serve
...
$ sudo curl --unix-socket /run/traceloop.socket 'http://localhost/add?name=sshd&cgrouppath=/sys/fs/cgroup/unified/system.slice/sshd.service'
added as id 0
$ sudo curl --unix-socket /run/traceloop.socket 'http://localhost/list'
0: [sshd] /sys/fs/cgroup/unified/system.slice/sshd.service
$ sudo curl --unix-socket /run/traceloop.socket 'http://localhost/dump-by-cgroup?cgroup=/sys/fs/cgroup/unified/system.slice/sshd.service'
...
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].