rbbcc 0.6.4 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 92b4487b6e8f5b72aad25113da967b51b2feb064361676b093441b6fd0bab672
-  data.tar.gz: 03d71e58ddebacdbf41f0c1ad4422bcfa1b9acdda3ac568068a2a8751b594a97
+  metadata.gz: 5b46fa6dd0b99e4a178bc00bad497beab5d72426517f3d7b328c29d492e9e8a1
+  data.tar.gz: a5f84fdc89d50621b3dd06eca22aea243efc1991ec053acece136016ccbdfb64
 SHA512:
-  metadata.gz: bb9234154fe245bf001676f1a6e7b1e5bcce31e4962bd0d646746d1f3c286722def93899877c9a200a516fd33366ef7c73fcf2a7a22731fb76225edb5477f449
-  data.tar.gz: 89415cbd8cadade4b49b53b5fd1c024198bfbd3424e0d95ecaf8e00381495570e171bcf54f4c395ddf40d762821da1425945761d80166aef724e038f43ae0f3c
+  metadata.gz: 532f1d544b56d82e68d5931aac278bf36a850943c3e78e8851c59e56852ebe4f6a3d974fa6c129544f0c7f895696bd9b894f3d033490faff8c408bbd7deed424
+  data.tar.gz: 03de507c9094d850d77253610d2ffe08e2ee4ad97048e742f4c283ce6d8748de68f019a0e247ac826b5cbcbd48664a359ec57c92113f5f4015bc0c0f1984b482

data/.dockerignore

@@ -0,0 +1,4 @@
+vendor/*
+pkg/*
+examples/*.gif
+.git/*

data/.github/workflows/ci.yml

@@ -0,0 +1,38 @@
+name: Tests
+on:
+  push:
+    branches: [ default ]
+  pull_request:
+    branches: [ default ]
+
+jobs:
+  test:
+    strategy:
+      matrix:
+        libbcc_version: [0.17.0, 0.16.0, 0.12.0]
+        ruby_version: [2.7.2, 3.0.0]
+
+    runs-on: ubuntu-18.04
+    steps:
+    - uses: actions/checkout@v2
+    - name: Login to ghcr.io
+      run: |
+        echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u udzura  --password-stdin
+    - name: Build docker container with all deps
+      run: |
+        docker build -t rbbcc-ci-${{ matrix.libbcc_version }}-${{ matrix.ruby_version }} \
+                     -f ci/Dockerfile.${{ matrix.libbcc_version }}-${{ matrix.ruby_version }} ci/
+    - name: Run test
+      run: |
+        /bin/bash -c \
+                   "docker run --privileged \
+                   --pid=host \
+                   -v $(pwd):/rbbcc \
+                   -v /sys/kernel/debug:/sys/kernel/debug:rw \
+                   -v /lib/modules:/lib/modules:ro \
+                   -v /usr/src:/usr/src:ro \
+                   -v /usr/include/linux:/usr/include/linux:ro \
+                   rbbcc-ci-${{ matrix.libbcc_version }}-${{ matrix.ruby_version }} \
+                   /bin/bash -c \
+                   'cd /rbbcc && bundle install && bundle exec rake test'"
+    

data/Dockerfile.ci

@@ -0,0 +1,98 @@
+# ref: https://github.com/iovisor/bcc/blob/master/Dockerfile.tests
+FROM ubuntu:18.04
+
+ENV LLVM_VERSION="9"
+
+ARG BCC_VERSION="0.16.0"
+ENV BCC_VERSION=$BCC_VERSION
+
+ARG RUBY_VERSION="2.7.2"
+ENV RUBY_VERSION=$RUBY_VERSION
+
+ARG RUBY_VERSION_ARCHIVE="ruby-${RUBY_VERSION}.tar.bz2"
+ENV RUBY_VERSION_ARCHIVE=$RUBY_VERSION_ARCHIVE
+
+ARG RUBY_EXTRA_OPTS=""
+ENV RUBY_EXTRA_OPTS=$RUBY_EXTRA_OPTS
+
+ARG BCC_EXTRA_OPTS=""
+ENV BCC_EXTRA_OPTS=$BCC_EXTRA_OPTS
+
+RUN apt-get update && apt-get install -y curl gnupg && \
+    llvmRepository="\n\
+deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic main\n\
+deb-src http://apt.llvm.org/bionic/ llvm-toolchain-bionic main\n\
+deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-${LLVM_VERSION} main\n\
+deb-src http://apt.llvm.org/bionic/ llvm-toolchain-bionic-${LLVM_VERSION} main\n" && \
+    echo $llvmRepository >> /etc/apt/sources.list && \
+    curl -L https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add - && \
+    apt-get update && apt-get install -y \
+      util-linux \
+      bison \
+      binutils-dev \
+      cmake \
+      flex \
+      g++ \
+      git \
+      kmod \
+      wget \
+      libelf-dev \
+      zlib1g-dev \
+      libiberty-dev \
+      libbfd-dev \
+      libedit-dev \
+      clang-${LLVM_VERSION} \
+      libclang-${LLVM_VERSION}-dev \
+      libclang-common-${LLVM_VERSION}-dev \
+      libclang1-${LLVM_VERSION} \
+      llvm-${LLVM_VERSION} \
+      llvm-${LLVM_VERSION}-dev \
+      llvm-${LLVM_VERSION}-runtime \
+      libllvm${LLVM_VERSION} \
+      systemtap-sdt-dev \
+      sudo \
+      iproute2 \
+      iputils-ping \
+      bridge-utils \
+      libtinfo5 \
+      libtinfo-dev && \
+  wget -O ruby-install-0.7.1.tar.gz \
+         https://github.com/postmodern/ruby-install/archive/v0.7.1.tar.gz && \
+  tar -xzvf ruby-install-0.7.1.tar.gz && \
+  cd ruby-install-0.7.1/ && \
+  make install && \
+  sed -i 's/^ruby_archive=.*/ruby_archive="${ruby_archive:-ruby-$ruby_version.tar.bz2}"/' /usr/local/share/ruby-install/ruby/functions.sh && \
+  env ruby_archive=$RUBY_VERSION_ARCHIVE ruby-install --system $RUBY_EXTRA_OPTS ruby $RUBY_VERSION && \
+  git config --global user.name 'udzura' && \
+  git config --global user.email 'udzura@udzura.jp' && \
+  wget -O bcc-$BCC_VERSION.tar.gz \
+         https://github.com/iovisor/bcc/releases/download/v$BCC_VERSION/bcc-src-with-submodule.tar.gz && \
+  tar -xzvf bcc-$BCC_VERSION.tar.gz && \
+  cd bcc/ && \
+  ( test "$BCC_VERSION" = "0.12.0" && curl https://github.com/iovisor/bcc/commit/977a7e3a568c4c929fabeb4a025528d9b6f1e84c.patch | patch -p1 || true ) && \
+  git init . && git add . && git commit -m 'Dummy' && git tag v$BCC_VERSION && \
+  mkdir build && cd build/ && \
+  cmake $BCC_EXTRA_OPTS -DCMAKE_BUILD_TYPE=Release .. && \
+  cd src/cc && \
+  make -j8 && make install && \
+  cd ../.. && \
+  apt-get remove --purge -y \
+      binutils-dev \
+      libelf-dev \
+      zlib1g-dev \
+      libiberty-dev \
+      libbfd-dev \
+      libedit-dev \
+      clang-${LLVM_VERSION} \
+      libclang-${LLVM_VERSION}-dev \
+      libclang-common-${LLVM_VERSION}-dev \
+      libclang1-${LLVM_VERSION} \
+      llvm-${LLVM_VERSION} \
+      llvm-${LLVM_VERSION}-dev \
+      llvm-${LLVM_VERSION}-runtime \
+      libllvm${LLVM_VERSION} \
+      systemtap-sdt-dev \
+      libtinfo-dev && \
+   apt autoremove -y && \
+   apt-get clean -y && \
+   rm -rf *.tar.gz bcc/

data/Gemfile.lock

@@ -8,29 +8,32 @@ GIT
 PATH
   remote: .
   specs:
-    rbbcc (0.6.4)
+    rbbcc (0.8.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    appbundler (0.13.2)
+    appbundler (0.13.4)
       mixlib-cli (>= 1.4, < 3.0)
       mixlib-shellout (>= 2.0, < 4.0)
-    chef-utils (16.6.14)
+    chef-utils (17.10.0)
+      concurrent-ruby
     coderay (1.1.3)
+    concurrent-ruby (1.1.10)
     method_source (1.0.0)
-    minitest (5.14.2)
+    minitest (5.16.1)
     mixlib-cli (2.1.8)
-    mixlib-shellout (3.2.2)
+    mixlib-shellout (3.2.7)
       chef-utils
-    pry (0.13.1)
+    pry (0.14.1)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    rake (13.0.1)
-    specific_install (0.3.5)
+    rake (13.0.6)
+    specific_install (0.3.7)
 
 PLATFORMS
-  ruby
+  aarch64-linux
+  arm64-darwin-21
 
 DEPENDENCIES
   appbundler
@@ -43,4 +46,4 @@ DEPENDENCIES
   specific_install
 
 BUNDLED WITH
-   2.1.4
+   2.3.16

data/README.md

@@ -1,6 +1,6 @@
 # RbBCC
 
-[![Gem Version](https://badge.fury.io/rb/rbbcc.svg)](https://badge.fury.io/rb/rbbcc) [![CI status](https://udzura.semaphoreci.com/badges/rbbcc.svg)](https://udzura.semaphoreci.com/projects/rbbcc)
+[![Gem Version](https://badge.fury.io/rb/rbbcc.svg)](https://badge.fury.io/rb/rbbcc) [![CI Status](https://github.com/udzura/rbbcc/workflows/Tests/badge.svg)](https://github.com/udzura/rbbcc/actions?query=workflow%3ATests)
 
 RbBCC is a port of [BCC](https://github.com/iovisor/bcc) in MRI. See iovisor project page.
 

data/ci/Dockerfile.0.12.0-2.7.2

@@ -0,0 +1 @@
+FROM ghcr.io/udzura/rbbcc-ci-images:libbcc-0.12.0

data/ci/Dockerfile.0.12.0-3.0.0

@@ -0,0 +1 @@
+FROM ghcr.io/udzura/rbbcc-ci-images:libbcc-0.12.0-ruby-3.0.0

data/ci/Dockerfile.0.16.0-2.7.2

@@ -0,0 +1 @@
+FROM ghcr.io/udzura/rbbcc-ci-images:libbcc-0.16.0

data/ci/Dockerfile.0.16.0-3.0.0

@@ -0,0 +1 @@
+FROM ghcr.io/udzura/rbbcc-ci-images:libbcc-0.16.0-ruby-3.0.0

data/ci/Dockerfile.0.17.0-2.7.2

@@ -0,0 +1 @@
+FROM ghcr.io/udzura/rbbcc-ci-images:libbcc-0.17.0

data/ci/Dockerfile.0.17.0-3.0.0

@@ -0,0 +1 @@
+FROM ghcr.io/udzura/rbbcc-ci-images:libbcc-0.17.0-ruby-3.0.0

data/examples/bitehist.rb

@@ -17,7 +17,7 @@ b = BCC.new(text: <<CLANG)
 BPF_HISTOGRAM(dist);
 BPF_HISTOGRAM(dist_linear);
 
-int kprobe__blk_account_io_completion(struct pt_regs *ctx, struct request *req)
+int kprobe__blk_account_io_done(struct pt_regs *ctx, struct request *req)
 {
   dist.increment(bpf_log2l(req->__data_len / 1024));
   dist_linear.increment(req->__data_len / 1024);

data/examples/collectsyscall.rb

@@ -38,10 +38,14 @@ require 'rbbcc'
 include RbBCC
 
 $pid = nil
+$comm = nil
 
 if ARGV.size == 2 &&
    ARGV[0] == '-p'
   $pid = ARGV[1].to_i
+elsif ARGV.size == 2 &&
+   ARGV[0] == '-c'
+  $comm = ARGV[1]
 elsif ARGV[0] == '-h' ||
       ARGV[0] == '--help'
   $stderr.puts "Usage: #{$0} [-p PID]"
@@ -77,11 +81,15 @@ BPF_HASH(store, struct key_t, struct leaf_t);
 TRACEPOINT_PROBE(raw_syscalls, sys_enter) {
     struct key_t key = {0};
     struct leaf_t initial = {0}, *val_;
+    char comm[16];
 
-    key.pid = bpf_get_current_pid_tgid();
+    // key.pid = bpf_get_current_pid_tgid();
+    key.pid = (bpf_get_current_pid_tgid() >> 32);
     key.syscall_nr = args->id;
 
     DO_FILTER_BY_PID
+    bpf_get_current_comm(&comm, sizeof(comm));
+    DO_FILTER_BY_COMM
 
     val_ = store.lookup_or_try_init(&key, &initial);
     if (val_) {
@@ -98,15 +106,17 @@ TRACEPOINT_PROBE(raw_syscalls, sys_exit) {
     struct key_t key = {0};
     struct leaf_t *val_;
 
-    key.pid = bpf_get_current_pid_tgid();
+    key.pid = (bpf_get_current_pid_tgid() >> 32);
     key.syscall_nr = args->id;
 
     val_ = store.lookup(&key);
     if (val_) {
       struct leaf_t val = *val_;
-      u64 delta = bpf_ktime_get_ns() - val.enter_ns;
-      val.enter_ns = 0;
-      val.elapsed_ns += delta;
+      if(val.enter_ns) {
+        u64 delta = bpf_ktime_get_ns() - val.enter_ns;
+        val.enter_ns = 0;
+        val.elapsed_ns += delta;
+      }
       store.update(&key, &val);
     }
     return 0;
@@ -121,6 +131,22 @@ else
   prog.sub!('DO_FILTER_BY_PID', '')
 end
 
+if $comm
+  prog.sub!('DO_FILTER_BY_COMM', <<~FILTER)
+    int idx;
+    int matched = 1;
+    char *needle = "#{$comm}";
+    for(idx=0;idx<sizeof(comm);++idx) {
+      if (comm[idx] != needle[idx]) matched = 0;
+      if (!needle[idx]) break;
+      if (!comm[idx]) break;
+    }
+    if(!matched) return 0;
+  FILTER
+else
+  prog.sub!('DO_FILTER_BY_COMM', '')
+end
+
 b = BCC.new(text: prog)
 
 puts "Collecting syscalls..."
@@ -134,14 +160,15 @@ info_by_pids = {}
 comms = {}
 store = b.get_table("store")
 store.items.each do |k, v|
-  # require 'pry'; binding.pry
+  #require 'pry'; binding.pry
+  count, elapsed_ns, _dummy, comm = v[0, 40].unpack("Q Q Q Z16")
   info_by_pids[k.pid] ||= {}
   info_by_pids[k.pid][k.syscall_nr] = {
     name: to_name(k.syscall_nr),
-    count: v.count,
-    elapsed_ms: v.elapsed_ns / 1000000.0
+    count: count,
+    elapsed_ms: elapsed_ns / 1000000.0
   }
-  comms[k.pid] ||= v.comm
+  comms[k.pid] ||= comm
 end
 
 pids = info_by_pids.keys.sort
@@ -149,7 +176,7 @@ pids.each do |pid|
   puts "PID=#{pid}(maybe: #{comms[pid]}) --->"
   i = info_by_pids[pid]
   i.to_a.sort_by {|k, v| [-v[:count], -v[:elapsed_ms]] }.each do |nr, record|
-    puts "\t%<name>-20s %<count>3d %<elapsed_ms>8.3f ms" % record
+    puts "\t%<name>-22s %<count>7d %<elapsed_ms>10.3f ms" % record
   end
   puts
 end

data/examples/hello_ring_buffer.rb

@@ -0,0 +1,64 @@
+#!/usr/bin/env ruby
+#
+# This is a Hello World example that uses BPF_PERF_OUTPUT.
+# Ported from hello_perf_output.py
+
+require 'rbbcc'
+include RbBCC
+
+# define BPF program
+prog = """
+#include <linux/sched.h>
+
+struct data_t {
+    u32 pid;
+    u64 ts;
+    char comm[TASK_COMM_LEN];
+};
+BPF_RINGBUF_OUTPUT(buffer, 1 << 4);
+
+int hello(struct pt_regs *ctx) {
+    struct data_t data = {};
+
+    data.pid = bpf_get_current_pid_tgid();
+    data.ts = bpf_ktime_get_ns();
+    bpf_get_current_comm(&data.comm, sizeof(data.comm));
+
+    buffer.ringbuf_output(&data, sizeof(data), 0);
+
+    return 0;
+}
+"""
+
+# load BPF program
+b = BCC.new(text: prog)
+b.attach_kprobe(event: b.get_syscall_fnname("clone"), fn_name: "hello")
+
+# header
+puts("%-18s %-16s %-6s %s" % ["TIME(s)", "COMM", "PID", "MESSAGE"])
+
+# process event
+start = 0
+print_event = lambda { |ctx, data, size|
+  event = b["buffer"].event(data)
+  if start == 0
+    start = event.ts
+  end
+
+  time_s = ((event.ts - start).to_f) / 1000000000
+  # event.comm.pack("c*").sprit
+  puts("%-18.9f %-16s %-6d %s" % [time_s, event.comm, event.pid,
+                                  "Hello, ringbuf!"])
+}
+
+# loop with callback to print_event
+b["buffer"].open_ring_buffer(&print_event)
+
+loop do
+  begin
+    b.ring_buffer_poll()
+    sleep(0.5)
+  rescue Interrupt
+    exit()
+  end
+end

data/examples/sbrk_trace.rb

@@ -33,7 +33,7 @@ def find_libc_location
   if File.exist?('/lib/x86_64-linux-gnu/libc.so.6')
     '/lib/x86_64-linux-gnu/libc.so.6'
   else
-    `find /lib -name 'libc.so*' | grep -v musl | head -1`.chomp
+    `find /lib/ -name 'libc.so*' | tail -1`.chomp
   end
 end
 

data/examples/syscalluname.rb

@@ -0,0 +1,39 @@
+#!/usr/bin/env ruby
+#
+# syscalluname.rb Example of instrumenting a kernel tracepoint.
+#
+# Copyright 2024 Uchio Kondo
+# Licensed under the Apache License, Version 2.0 (the "License")
+
+require 'rbbcc'
+include RbBCC
+
+b = BCC.new(text: %[
+#include <linux/utsname.h>
+
+TRACEPOINT_PROBE(syscalls, sys_enter_newuname) {
+    // args is from
+    // /sys/kernel/debug/tracing/events/syscalls/sys_enter_newuname/format
+    char release[16];
+    bpf_probe_read_user_str(release, 16, args->name->release);
+    // avoid broken data
+    if (release[0] == '5' || release[0] == '6') {
+        bpf_trace_printk("%s\\n", release);
+    }
+    return 0;
+}
+])
+
+# header
+printf("%-18s %-16s %-6s %s\n", "TIME(s)", "COMM", "PID", "RELEASE")
+
+# format output
+loop do
+  begin
+    b.trace_fields do |task, pid, cpu, flags, ts, msg|
+      puts("%-18.9f %-16s %-6d %s" % [ts, task, pid, msg])
+    end
+  rescue Interrupt
+    exit
+  end
+end

data/examples/table.rb

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+
+require 'rbbcc'
+include RbBCC
+
+b = BCC.new(text: <<CLANG)
+BPF_HASH(the_table_name, int);
+CLANG
+
+table = b.get_table('the_table_name', leaftype: 'int')
+
+table[10] = 1
+table[20] = 2
+puts table[10].to_bcc_value == 1
+puts table[20].to_bcc_value == 2

data/examples/urandomread-explicit.rb

@@ -16,6 +16,8 @@
 # Copyright 2016 Netflix, Inc.
 # Licensed under the Apache License, Version 2.0 (the "License")
 
+# FIXME: random/urandom_read is removed from newer kernel!!
+
 require 'rbbcc'
 include RbBCC
 

data/examples/urandomread.rb

@@ -11,6 +11,8 @@
 # Copyright 2016 Netflix, Inc.
 # Licensed under the Apache License, Version 2.0 (the "License")
 
+# FIXME: random/urandom_read is removed from newer kernel!!
+
 require 'rbbcc'
 include RbBCC
 

data/lib/rbbcc/bcc.rb

@@ -262,6 +262,7 @@ module RbBCC
       @funcs = {}
       @tables = {}
       @perf_buffers = {}
+      @_ringbuf_manager = nil
 
       unless @module
         raise "BPF module not created"
@@ -480,6 +481,7 @@ module RbBCC
     def trace_fields(&do_each_line)
       ret = []
       while buf = trace_readline
+        next if buf.chomp.empty?
         next if buf.start_with? "CPU:"
         task = buf[0..15].lstrip()
         meta, _addr, msg = buf[17..-1].split(": ", 3)
@@ -554,6 +556,21 @@ module RbBCC
       Clib.perf_reader_poll(readers.size, pack, timeout)
     end
 
+    def _open_ring_buffer(map_fd, fn, ctx)
+      buf = Clib.bpf_new_ringbuf(map_fd, fn, ctx)
+      if !buf
+        raise "Could not open ring buffer"
+      end
+      @_ringbuf_manager ||= buf
+    end
+    
+    def ring_buffer_poll(timeout=-1)
+      unless @_ringbuf_manager
+        raise "No ring buffers to poll"
+      end
+      Clib.bpf_poll_ringbuf(@_ringbuf_manager, timeout)
+    end
+    
     def ksymname(name)
       SymbolCache.resolve_global(name)
     end

data/lib/rbbcc/clib.rb

@@ -25,7 +25,7 @@ module RbBCC
     end
 
     extend Fiddle::Importer
-    targets = %w(0.17.0 0.16.0 0.15.0 0.14.0 0.13.0 0.12.0 0.11.0 0.10.0)
+    targets = %w(0.18.0 0.17.0 0.16.0 0.15.0 0.14.0 0.13.0 0.12.0 0.11.0 0.10.0)
     if default_load = ENV['LIBBCC_VERSION']
       targets.unshift(default_load)
       targets.uniq!
@@ -133,6 +133,11 @@ module RbBCC
     extern 'size_t bpf_perf_event_fields(void *program, const char *event)'
     extern 'char * bpf_perf_event_field(void *program, const char *event, size_t i)'
 
+    # typedef int (*ring_buffer_sample_fn)(void *ctx, void *data, size_t size);
+    extern 'void * bpf_new_ringbuf(int map_fd, void *sample_cb, void *ctx)'
+    extern 'int bpf_poll_ringbuf(void *rb, int timeout_ms)'
+    extern 'void bpf_free_ringbuf(void *rb)'
+
     extern 'void * bcc_usdt_new_frompid(int, char *)'
     extern 'void * bcc_usdt_new_frompath(char *path)'
     extern 'int bcc_usdt_enable_probe(void *, char *, char *)'

data/lib/rbbcc/pointer.rb

@@ -0,0 +1,15 @@
+module RbBCC
+  class Pointer
+    def initialize(p, value_type: nil, size: nil)
+      @raw_pointer = p
+      @size = size || p.size
+      @value_type = value_type
+    end
+
+    attr_reader :raw_pointer
+
+    def value
+
+    end
+  end
+end

data/lib/rbbcc/table.rb

@@ -5,6 +5,61 @@ require 'rbbcc/disp_helper'
 require 'rbbcc/cpu_helper'
 
 module RbBCC
+  module EventTypeSupported
+    def get_event_class
+      ct_mapping = {
+        's8': 'char',
+        'u8': 'unsined char',
+        's8 *': 'char *',
+        's16': 'short',
+        'u16': 'unsigned short',
+        's32': 'int',
+        'u32': 'unsigned int',
+        's64': 'long long',
+        'u64': 'unsigned long long'
+      }
+
+      array_type = /(.+) \[([0-9]+)\]$/
+      fields = []
+      num_fields = Clib.bpf_perf_event_fields(self.bpf.module, @name)
+      num_fields.times do |i|
+        field = Clib.__extract_char(Clib.bpf_perf_event_field(self.bpf.module, @name, i))
+        field_name, field_type = *field.split('#')
+        if field_type =~ /enum .*/
+          field_type = "int" #it is indeed enum...
+        end
+        if _field_type = ct_mapping[field_type.to_sym]
+          field_type = _field_type
+        end
+
+        m = array_type.match(field_type)
+        if m
+          field_type = "#{m[1]}[#{m[2]}]"
+          fields << [field_type, field_name].join(" ")
+        else
+          fields << [field_type, field_name].join(" ")
+        end
+      end
+      klass = Fiddle::Importer.struct(fields)
+      char_ps = fields.select {|f| f =~ /^char\[(\d+)\] ([_a-zA-Z0-9]+)/ }
+      unless char_ps.empty?
+        m = Module.new do
+          char_ps.each do |char_p|
+            md = /^char\[(\d+)\] ([_a-zA-Z0-9]+)/.match(char_p)
+            define_method md[2] do
+              # Split the char[] in the place where the first \0 appears
+              raw = super()
+              raw = raw[0...raw.index(0)] if raw.index(0)
+              raw.pack("c*")
+            end
+          end
+        end
+        klass.prepend m
+      end
+      klass
+    end
+  end
+  
   module Table
     BPF_MAP_TYPE_HASH = 1
     BPF_MAP_TYPE_ARRAY = 2
@@ -24,6 +79,17 @@ module RbBCC
     BPF_MAP_TYPE_CPUMAP = 16
     BPF_MAP_TYPE_XSKMAP = 17
     BPF_MAP_TYPE_SOCKHASH = 18
+    BPF_MAP_TYPE_CGROUP_STORAGE = 19
+    BPF_MAP_TYPE_REUSEPORT_SOCKARRAY = 20
+    BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE = 21
+    BPF_MAP_TYPE_QUEUE = 22
+    BPF_MAP_TYPE_STACK = 23
+    BPF_MAP_TYPE_SK_STORAGE = 24
+    BPF_MAP_TYPE_DEVMAP_HASH = 25
+    BPF_MAP_TYPE_STRUCT_OPS = 26
+    BPF_MAP_TYPE_RINGBUF = 27
+    BPF_MAP_TYPE_INODE_STORAGE = 28
+    BPF_MAP_TYPE_TASK_STORAGE = 29
 
     def self.new(bpf, map_id, map_fd, keytype, leaftype, name, **kwargs)
       ttype = Clib.bpf_table_type_id(bpf.module, map_id)
@@ -34,6 +100,8 @@ module RbBCC
         ArrayTable.new(bpf, map_id, map_fd, keytype, leaftype)
       when BPF_MAP_TYPE_PERF_EVENT_ARRAY
         PerfEventArray.new(bpf, map_id, map_fd, keytype, leaftype, name: name)
+      when BPF_MAP_TYPE_RINGBUF
+        RingBuf.new(bpf, map_id, map_fd, keytype, leaftype, name: name)
       when BPF_MAP_TYPE_STACK_TRACE
         StackTrace.new(bpf, map_id, map_fd, keytype, leaftype)
       else
@@ -260,6 +328,8 @@ module RbBCC
   end
 
   class PerfEventArray < TableBase
+    include EventTypeSupported
+    
     def initialize(bpf, map_id, map_fd, keytype, leaftype, name: nil)
       super
       @open_key_fds = {}
@@ -285,60 +355,6 @@ module RbBCC
       end
     end
 
-    private
-    def get_event_class
-      ct_mapping = {
-        's8': 'char',
-        'u8': 'unsined char',
-        's8 *': 'char *',
-        's16': 'short',
-        'u16': 'unsigned short',
-        's32': 'int',
-        'u32': 'unsigned int',
-        's64': 'long long',
-        'u64': 'unsigned long long'
-      }
-
-      array_type = /(.+) \[([0-9]+)\]$/
-      fields = []
-      num_fields = Clib.bpf_perf_event_fields(self.bpf.module, @name)
-      num_fields.times do |i|
-        field = Clib.__extract_char(Clib.bpf_perf_event_field(self.bpf.module, @name, i))
-        field_name, field_type = *field.split('#')
-        if field_type =~ /enum .*/
-          field_type = "int" #it is indeed enum...
-        end
-        if _field_type = ct_mapping[field_type.to_sym]
-          field_type = _field_type
-        end
-
-        m = array_type.match(field_type)
-        if m
-          field_type = "#{m[1]}[#{m[2]}]"
-          fields << [field_type, field_name].join(" ")
-        else
-          fields << [field_type, field_name].join(" ")
-        end
-      end
-      klass = Fiddle::Importer.struct(fields)
-      char_ps = fields.select {|f| f =~ /^char\[(\d+)\] ([_a-zA-Z0-9]+)/ }
-      unless char_ps.empty?
-        m = Module.new do
-          char_ps.each do |char_p|
-            md = /^char\[(\d+)\] ([_a-zA-Z0-9]+)/.match(char_p)
-            define_method md[2] do
-              # Split the char[] in the place where the first \0 appears
-              raw = super()
-              raw = raw[0...raw.index(0)] if raw.index(0)
-              raw.pack("c*")
-            end
-          end
-        end
-        klass.prepend m
-      end
-      klass
-    end
-
     def _open_perf_buffer(cpu, callback, page_cnt, lost_cb)
       # bind("void raw_cb_callback(void *, void *, int)")
       fn = Fiddle::Closure::BlockCaller.new(
@@ -382,6 +398,51 @@ module RbBCC
     end
   end
 
+  class RingBuf < TableBase
+    include EventTypeSupported
+    
+    def initialize(bpf, map_id, map_fd, keytype, leaftype, name: nil)
+      super
+      @_ringbuf = nil
+      @_ringbuf_manager = nil
+      @event_class = nil
+    end
+
+    def event(data)
+      @event_class ||= get_event_class
+      ev = @event_class.malloc
+      Fiddle::Pointer.new(ev.to_ptr)[0, @event_class.size] = data[0, @event_class.size]
+      return ev
+    end
+
+    def open_ring_buffer(ctx=nil, &callback)
+      # bind("int ring_buffer_sample_fn(void *, void *, int)")
+      fn = Fiddle::Closure::BlockCaller.new(
+        Fiddle::TYPE_INT,
+        [Fiddle::TYPE_VOIDP, Fiddle::TYPE_VOIDP, Fiddle::TYPE_INT]
+      ) do |_dummy, data, size|
+        begin
+          _ret = callback.call(ctx, data, size)
+          ret = _ret.to_i
+          ret
+        rescue NoMethodError
+          # Callback for ringbufs should _always_ return an integer.
+          # simply fall back to returning 0 when failed
+          0
+        rescue => e
+          if Fiddle.last_error == 32 # EPIPE
+            exit
+          else
+            raise e
+          end
+        end
+      end
+
+      @bpf._open_ring_buffer(@map_fd, fn, ctx)
+      nil
+    end
+  end
+
   class StackTrace < TableBase
     MAX_DEPTH = 127
     BPF_F_STACK_BUILD_ID = (1<<5)

data/lib/rbbcc/version.rb

@@ -1,3 +1,3 @@
 module RbBCC
-  VERSION = "0.6.4"
+  VERSION = "0.8.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rbbcc
 version: !ruby/object:Gem::Version
-  version: 0.6.4
+  version: 0.8.0
 platform: ruby
 authors:
 - Uchio Kondo
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-11-26 00:00:00.000000000 Z
+date: 2024-02-13 00:00:00.000000000 Z
 dependencies: []
 description: BCC port for MRI. See https://github.com/iovisor/bcc
 email:
@@ -18,9 +18,11 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".dockerignore"
+- ".github/workflows/ci.yml"
 - ".gitignore"
-- ".semaphore/semaphore.yml"
 - Dockerfile
+- Dockerfile.ci
 - Dockerfile.dfm-example
 - Gemfile
 - Gemfile.lock
@@ -29,6 +31,12 @@ files:
 - Rakefile
 - bin/console
 - bin/setup
+- ci/Dockerfile.0.12.0-2.7.2
+- ci/Dockerfile.0.12.0-3.0.0
+- ci/Dockerfile.0.16.0-2.7.2
+- ci/Dockerfile.0.16.0-3.0.0
+- ci/Dockerfile.0.17.0-2.7.2
+- ci/Dockerfile.0.17.0-3.0.0
 - docs/README.md
 - docs/answers/01-hello-world.rb
 - docs/answers/02-sys_sync.rb
@@ -64,6 +72,7 @@ files:
 - examples/extract_arg.rb
 - examples/hello_fields.rb
 - examples/hello_perf_output.rb
+- examples/hello_ring_buffer.rb
 - examples/hello_world.rb
 - examples/kvm_hypercall.rb
 - examples/mallocstack.rb
@@ -71,6 +80,8 @@ files:
 - examples/networking/http_filter/http-parse-simple.rb
 - examples/ruby_usdt.rb
 - examples/sbrk_trace.rb
+- examples/syscalluname.rb
+- examples/table.rb
 - examples/tools/bashreadline.rb
 - examples/tools/execsnoop.rb
 - examples/tools/runqlat.rb
@@ -89,6 +100,7 @@ files:
 - lib/rbbcc/fiddle_ext.rb
 - lib/rbbcc/invoker.rb
 - lib/rbbcc/plugin.rb
+- lib/rbbcc/pointer.rb
 - lib/rbbcc/symbol_cache.rb
 - lib/rbbcc/table.rb
 - lib/rbbcc/usdt.rb
@@ -100,7 +112,7 @@ homepage: https://github.com/udzura/rbbcc
 licenses:
 - Apache-2.0
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -115,8 +127,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key: 
+rubygems_version: 3.4.0.dev
+signing_key:
 specification_version: 4
 summary: BCC port for MRI
 test_files: []

data/.semaphore/semaphore.yml

@@ -1,21 +0,0 @@
-version: v1.0
-name: Ruby Test
-agent:
-  machine:
-    type: e1-standard-2
-    os_image: ubuntu1804
-blocks:
-  - name: Basic Test
-    task:
-      jobs:
-        - name: ruby test
-          matrix:
-            - env_var: RUBY_VERSION
-              values: [ "2.6.5", "2.6.6", "2.7.1" ]
-            - env_var: LIBBCC_VERSION
-              values: [ "0.12.0", "0.11.0", "0.10.0" ]
-          commands:
-            - sem-version c 7
-            - sem-version ruby $RUBY_VERSION
-            - checkout
-            - ./semaphore.sh