DOKK / manpages / debian 12 / libtracefs-doc / tracefs_eprobe_alloc.3.en
LIBTRACEFS(3) libtracefs Manual LIBTRACEFS(3)

tracefs_eprobe_alloc - Allocate new event probe (eprobe)

#include <tracefs.h>
struct tracefs_dynevent *
tracefs_eprobe_alloc(const char *system, const char *event,

const char *target_system, const char *target_event,
const char *fetchargs);

tracefs_eprobe_alloc() allocates a new eprobe context. The ebrobe is not configured in the system. The new eprobe will be in the system group (or eprobes if system is NULL) and have the name of event. The eprobe will be attached to target_event, located in target_system. The list of arguments, described in fetchargs, will be fetched from target_event. The returned pointer to the event probe must be freed with tracefs_dynevent_free().

The tracefs_eprobe_alloc() API returns a pointer to an allocated tracefs_dynevent structure, describing the event probe. This pointer must be freed by tracefs_dynevent_free(3). Note, this only allocates a descriptor representing the eprobe. It does not modify the running system. On error NULL is returned.

#include <stdlib.h>
#include <unistd.h>
#include <sys/wait.h>
#include <tracefs.h>
static struct tep_event *open_event;
static struct tep_format_field *file_field;
static int callback(struct tep_event *event, struct tep_record *record,

int cpu, void *data) {
struct trace_seq seq;
trace_seq_init(&seq);
tep_print_event(event->tep, &seq, record, "%d-%s: ", TEP_PRINT_PID, TEP_PRINT_COMM);
if (event->id == open_event->id) {
trace_seq_puts(&seq, "open file='");
tep_print_field(&seq, record->data, file_field);
trace_seq_puts(&seq, "'\n");
}
trace_seq_terminate(&seq);
trace_seq_do_printf(&seq);
trace_seq_destroy(&seq);
return 0; } static pid_t run_exec(char **argv, char **env) {
pid_t pid;
pid = fork();
if (pid)
return pid;
execve(argv[0], argv, env);
perror("exec");
exit(-1); } const char *myprobe = "my_eprobes"; int main (int argc, char **argv, char **env) {
struct tracefs_dynevent *eprobe;
struct tracefs_instance *instance;
struct tep_handle *tep;
const char *sysnames[] = { myprobe, NULL };
pid_t pid;
if (argc < 2) {
printf("usage: %s command\n", argv[0]);
exit(-1);
}
instance = tracefs_instance_create("exec_open");
if (!instance) {
perror("creating instance");
exit(-1);
}
tracefs_dynevent_destroy_all(TRACEFS_DYNEVENT_EPROBE, true);
eprobe = tracefs_eprobe_alloc(myprobe, "sopen", "syscalls", "sys_enter_openat2",
"file=+0($filename):ustring");
if (!eprobe) {
perror("allocating event probe");
exit(-1);
}
if (tracefs_dynevent_create(eprobe)) {
perror("creating event probe");
exit(-1);
}
tep = tracefs_local_events_system(NULL, sysnames);
if (!tep) {
perror("reading events");
exit(-1);
}
open_event = tep_find_event_by_name(tep, myprobe, "sopen");
file_field = tep_find_field(open_event, "file");
tracefs_event_enable(instance, myprobe, "sopen");
pid = run_exec(&argv[1], env);
/* Let the child start to run */
sched_yield();
do {
tracefs_load_cmdlines(NULL, tep);
tracefs_iterate_raw_events(tep, instance, NULL, 0, callback, NULL);
} while (waitpid(pid, NULL, WNOHANG) != pid);
/* Will disable the events */
tracefs_dynevent_destroy(eprobe, true);
tracefs_dynevent_free(eprobe);
tracefs_instance_destroy(instance);
tep_free(tep);
return 0; }

tracefs.h

Header file to include in order to have access to the library APIs. -ltracefs
Linker switch to add when building a program that uses the library.

libtracefs(3), libtraceevent(3), trace-cmd(1)

Steven Rostedt <rostedt@goodmis.org[1]>
Tzvetomir Stoyanov <tz.stoyanov@gmail.com[2]>

Report bugs to <linux-trace-devel@vger.kernel.org[3]>

libtracefs is Free Software licensed under the GNU LGPL 2.1

https://git.kernel.org/pub/scm/libs/libtrace/libtracefs.git/

Copyright (C) 2021 VMware, Inc. Free use of this software is granted under the terms of the GNU Public License (GPL).

1.
rostedt@goodmis.org
mailto:rostedt@goodmis.org
2.
tz.stoyanov@gmail.com
mailto:tz.stoyanov@gmail.com
3.
linux-trace-devel@vger.kernel.org
mailto:linux-trace-devel@vger.kernel.org
01/17/2023 libtracefs 1.6.4