libtracefs(3) ============= NAME ---- tracefs_eprobe_alloc - Allocate new event probe (eprobe) SYNOPSIS -------- [verse] -- *#include * struct tracefs_dynevent pass:[*] *tracefs_eprobe_alloc*(const char pass:[*]_system_, const char pass:[*]_event_, const char pass:[*]_target_system_, const char pass:[*]_target_event_, const char pass:[*]_fetchargs_); -- DESCRIPTION ----------- *tracefs_eprobe_alloc*() allocates a new eprobe context. The ebrobe is not configured in the system. The new eprobe will be in the _system_ group (or eprobes if _system_ is NULL) and have the name of _event_. The eprobe will be attached to _target_event_, located in _target_system_. The list of arguments, described in _fetchargs_, will be fetched from _target_event_. The returned pointer to the event probe must be freed with *tracefs_dynevent_free*(). RETURN VALUE ------------ The *tracefs_eprobe_alloc*() API returns a pointer to an allocated tracefs_dynevent structure, describing the event probe. This pointer must be freed by *tracefs_dynevent_free*(3). Note, this only allocates a descriptor representing the eprobe. It does not modify the running system. On error NULL is returned. EXAMPLE ------- [source,c] -- #include #include #include #include static struct tep_event *open_event; static struct tep_format_field *file_field; static int callback(struct tep_event *event, struct tep_record *record, int cpu, void *data) { struct trace_seq seq; trace_seq_init(&seq); tep_print_event(event->tep, &seq, record, "%d-%s: ", TEP_PRINT_PID, TEP_PRINT_COMM); if (event->id == open_event->id) { trace_seq_puts(&seq, "open file='"); tep_print_field(&seq, record->data, file_field); trace_seq_puts(&seq, "'\n"); } trace_seq_terminate(&seq); trace_seq_do_printf(&seq); trace_seq_destroy(&seq); return 0; } static pid_t run_exec(char **argv, char **env) { pid_t pid; pid = fork(); if (pid) return pid; execve(argv[0], argv, env); perror("exec"); exit(-1); } const char *myprobe = "my_eprobes"; int main (int argc, char **argv, char **env) { struct tracefs_dynevent *eprobe; struct tracefs_instance *instance; struct tep_handle *tep; const char *sysnames[] = { myprobe, NULL }; pid_t pid; if (argc < 2) { printf("usage: %s command\n", argv[0]); exit(-1); } instance = tracefs_instance_create("exec_open"); if (!instance) { perror("creating instance"); exit(-1); } tracefs_dynevent_destroy_all(TRACEFS_DYNEVENT_EPROBE, true); eprobe = tracefs_eprobe_alloc(myprobe, "sopen", "syscalls", "sys_enter_openat2", "file=+0($filename):ustring"); if (!eprobe) { perror("allocating event probe"); exit(-1); } if (tracefs_dynevent_create(eprobe)) { perror("creating event probe"); exit(-1); } tep = tracefs_local_events_system(NULL, sysnames); if (!tep) { perror("reading events"); exit(-1); } open_event = tep_find_event_by_name(tep, myprobe, "sopen"); file_field = tep_find_field(open_event, "file"); tracefs_event_enable(instance, myprobe, "sopen"); pid = run_exec(&argv[1], env); /* Let the child start to run */ sched_yield(); do { tracefs_load_cmdlines(NULL, tep); tracefs_iterate_raw_events(tep, instance, NULL, 0, callback, NULL); } while (waitpid(pid, NULL, WNOHANG) != pid); /* Will disable the events */ tracefs_dynevent_destroy(eprobe, true); tracefs_dynevent_free(eprobe); tracefs_instance_destroy(instance); tep_free(tep); return 0; } -- FILES ----- [verse] -- *tracefs.h* Header file to include in order to have access to the library APIs. *-ltracefs* Linker switch to add when building a program that uses the library. -- SEE ALSO -------- *libtracefs*(3), *libtraceevent*(3), *trace-cmd*(1) AUTHOR ------ [verse] -- *Steven Rostedt* *Tzvetomir Stoyanov* -- REPORTING BUGS -------------- Report bugs to LICENSE ------- libtracefs is Free Software licensed under the GNU LGPL 2.1 RESOURCES --------- https://git.kernel.org/pub/scm/libs/libtrace/libtracefs.git/ COPYING ------- Copyright \(C) 2021 VMware, Inc. Free use of this software is granted under the terms of the GNU Public License (GPL).