⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.144
Server IP:
157.245.143.252
Server:
Linux www 6.11.0-9-generic #9-Ubuntu SMP PREEMPT_DYNAMIC Mon Oct 14 13:19:59 UTC 2024 x86_64
Server Software:
nginx/1.26.0
PHP Version:
8.3.11
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
proc
/
self
/
root
/
usr
/
share
/
doc
/
bpftrace
/
examples
/
View File Name :
vfscount_example.txt
Demonstrations of vfscount, the Linux bpftrace/eBPF version. Tracing all VFS calls: # ./vfscount.bt Attaching 54 probes... cannot attach kprobe, Invalid argument Warning: could not attach probe kprobe:vfs_dedupe_get_page.isra.21, skipping. Tracing VFS calls... Hit Ctrl-C to end. ^C @[vfs_fsync_range]: 4 @[vfs_readlink]: 14 @[vfs_statfs]: 56 @[vfs_lock_file]: 60 @[vfs_write]: 276 @[vfs_statx]: 328 @[vfs_statx_fd]: 394 @[vfs_open]: 541 @[vfs_getattr]: 595 @[vfs_getattr_nosec]: 597 @[vfs_read]: 1113 While tracing, the vfs_read() call was the most frequent, occurring 1,113 times. VFS is the Virtual File System: a kernel abstraction for file systems and other resources that expose a file system interface. Much of VFS maps directly to the syscall interface. Tracing VFS calls gives you a high level breakdown of the kernel workload, and starting points for further investigation. Note that a warning was printed: "Warning: could not attach probe kprobe:vfs_dedupe_get_page.isra.21": these are not currently instrumentable by bpftrace/kprobes, so a warning is printed to let you know that they will be missed. There is another version of this tool in bcc: https://github.com/iovisor/bcc