From 14af7ec4ddf3cdd4792933fda8111e00f28283bb Mon Sep 17 00:00:00 2001 From: varun-r-mallya Date: Fri, 28 Nov 2025 14:47:29 +0530 Subject: [PATCH] add file_io.bpf.py to make container-monitor --- BCC-Examples/container-monitor/file_io.bpf.py | 92 +++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 BCC-Examples/container-monitor/file_io.bpf.py diff --git a/BCC-Examples/container-monitor/file_io.bpf.py b/BCC-Examples/container-monitor/file_io.bpf.py new file mode 100644 index 0000000..a8fcbfc --- /dev/null +++ b/BCC-Examples/container-monitor/file_io.bpf.py @@ -0,0 +1,92 @@ +import logging + +from pythonbpf import bpf, map, section, bpfglobal, struct, compile +from pythonbpf.maps import HashMap +from pythonbpf.helper import get_current_cgroup_id +from ctypes import c_int32, c_uint64 +from vmlinux import struct_pt_regs + + +@bpf +@struct +class read_stats: + bytes: c_uint64 + ops: c_uint64 + + +@bpf +@struct +class write_stats: + bytes: c_uint64 + ops: c_uint64 + + +@bpf +@map +def read_map() -> HashMap: + return HashMap(key=c_uint64, value=read_stats, max_entries=1024) + + +@bpf +@map +def write_map() -> HashMap: + return HashMap(key=c_uint64, value=write_stats, max_entries=1024) + + +# +# READ PROBE +# +@bpf +@section("kprobe/vfs_read") +def trace_read(ctx: struct_pt_regs) -> c_int32: + cg = get_current_cgroup_id() + count = c_uint64(ctx.dx) + ptr = read_map.lookup(cg) + + if ptr: + s = read_stats() + s.bytes = ptr.bytes + count + s.ops = ptr.ops + 1 + read_map.update(cg, ptr) + else: + print("read init") + s = read_stats() + s.bytes = count + s.ops = c_uint64(1) + read_map.update(cg, s) + + return c_int32(0) + + +# +# WRITE PROBE +# +@bpf +@section("kprobe/vfs_write") +def trace_write(ctx1: struct_pt_regs) -> c_int32: + cg = get_current_cgroup_id() + count = c_uint64(ctx1.dx) + ptr = write_map.lookup(cg) + + if ptr: + s = write_stats() + s.bytes = ptr.bytes + count + s.ops = ptr.ops + 1 + write_map.update(cg, s) + else: + print("write init") + s = write_stats() + s.bytes = count + s.ops = c_uint64(1) + write_map.update(cg, s) + + return c_int32(0) + + +@bpf +@bpfglobal +def LICENSE() -> str: + return "GPL" + + +compile(loglevel=logging.INFO)