I wrote a long script that, as a basic example, tries to do the following in C:
int trace(struct pt_regs *ctx) {
bpf_trace_printk("%d", ctx->ax);
return 1; }
Then consumes both the printk output, and the callchain, in Python. But these currently seem mutually exclusive:
- tests/cc/test_callchain.py uses a callback and a b.kprobe_poll() loop to fetch the callchain.
- Many other examples use a b.trace_fields() loop to fetch the printk output.
I haven't found a way to do both at the same time. I'd like the callchain with the output of printk together.
Thoughts? Is this just another example of pushing bpf_trace_printk() too far?
Could the callback arguments be extended to be more than "pid, callchain"?
If the "return 1" and callback method is reading the raw perf_event, is there a way to read the fmt string? (which is usually set to something useful for tracepoints). Could there be a bpf_trace_fmt(), to customize such a string for kprobes?
