https://github.com/danteslimbo/elysium

An easy epbf probe tool.
https://github.com/danteslimbo/elysium

ebpf

Last synced: 3 months ago
JSON representation

An easy epbf probe tool.

• Host: GitHub
• URL: https://github.com/danteslimbo/elysium
• Owner: danteslimbo
• License: gpl-3.0
• Created: 2024-06-01T14:12:15.000Z (about 2 years ago)
• Default Branch: main
• Last Pushed: 2024-06-12T07:05:27.000Z (about 2 years ago)
• Last Synced: 2026-01-01T16:33:58.566Z (6 months ago)
• Topics: ebpf
• Language: C
• Homepage:
• Size: 798 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# elysium

## About elysium

`elysium` is a simple tool to stat arbitrary kprobes.

TODO:

- [ ] uprobe support.

- [ ] more filter options.

## TL;DR

Usage:

```bash

./elysium -h

Usage: ./elysium [options]

    Available options:

  -h, --help              show help

  -i, --interval uint32   set monitor time in seconds

  -k, --kprobe string     kprobe to be monitored

  -p, --pid uint32        filter pid

  -s, --self elysium      show stat of elysium itself, default `false`

  -t, --tid uint32        filter tid

  -v, --version           show version

```

Example, stat `__x64_sys_read` for 3 seconds,

and omit the `__x64_sys_read` called from elysium.

```bash

sudo ./elysium -k __x64_sys_read -i 3 

Fetching __x64_sys_read for 3 seconds...

Records:

Tid     Pid     Comm    Count   Ave Latency

372     372     systemd-journal 16      8699

759     750     gmain   8       2417

573     569     multipathd      4       4231

1734246 1734246 sshd    1       4544

1109    806     containerd      1       4031

```

Filter by pid:

```bash

sudo ./elysium -k __x64_sys_read -i 3  -p $(pidof containerd)

Fetching __x64_sys_read for 3 seconds...

Records:

Tid     Pid     Comm    Count   Ave Latency

895     806     containerd      4       2786

```

## FAQ

1. Why not BCC funccount?

Don't want to install BCC on servers.

2. Why not bpftrace?

We cannot pass a kprobe to be tracked to bpftrace scripts.

When I want to trace and stat different kprobes by one script,

I have to pass the kprobe to the bash script and render a bpftrace script.

This is also why I develop `elysium`.

```bash

#!/bin/bash

if [ -z "$1" ]; then

  echo "Usage: $0 "

  exit 1

fi

KPROBE_NAME=$1

cat < trace.bt

#!/usr/bin/env bpftrace

BEGIN

{

  printf("Tracing kprobe %s\\n", "$KPROBE_NAME");

}

kprobe:$KPROBE_NAME

{

  @start[comm, tid] = nsecs;

  @result[comm, tid] = count();

}

kretprobe:$KPROBE_NAME

{

  @delta[comm, tid] = nsecs - @start[comm, tid];

  delete(@start[comm, tid]);

}

END

{

  clear(@start);

}

EOL

chmod +x trace.bt

bpftrace ./trace.bt

```