1

I am using the bpf_printk() helper to print to the kernel debug to trace some BPF programs. The usage is as follows:

#include <stdio.h>

#include <linux/bpf.h>
#include <sys/socket.h>

#include <bpf/bpf_helpers.h>

char LICENSE[] SEC("license") = "GPL";

SEC("sk_msg")
int http_state_machine(struct sk_msg_md *msg) {
  long len = (long)msg->data_end - (long)msg->data;
  if (len > 0) {
    bpf_printk("Message length: %ld\n", len);
  }

  return SK_PASS;
}

Then I try to read the trace_pipe via sudo cat /sys/kernel/debug/tracing/trace_pipe > check.log. My goal is to read only the first few lines of the trace, instead of the entire trace. However, this takes a very long time (in the order of minutes) to move all the output into check.log.

I learnt from this answer, that the output of the trace_pipe is also the same in the static file /sys/kernel/debug/tracing/trace. And the trace file has nearly 10k lines.

My question is: How can I clear the entire output of the trace_pipe and/or trace - either by moving the entire output to a new file or discarding the output (after having read the first few lines)?

Improve this question

1 Answer 1

Reset to default
3

trace vs trace_pipe

In general, trace and trace_pipe have the same data. The difference is that trace is static; Events don't get deleted from it, just appended (up until the size of the buffer, which you can show and set in /sys/kernel/debug/tracing/buffer_size_kb). In trace_pipe, however, once you read a certain event, it will disappear from this file (kind of like fifo queue). So if you run cat /sys/kernel/debug/tracing/trace_pipe, all the events this file are cleared (at least until the next events).

Reading from trace_pipe

The thing is, the trace_pipe file doesn't have EOF (End Of File). this cat command will never end, and will keep waiting for new events indefinitely. Maybe that's the reason you think it takes a long time - this command will never finish, either waiting for new events or reading them when they appear.

Clearing the buffer from trace and trace_pipe

If you want to clear all the events from both files, you should simply write into the trace file:

$ echo > /sys/kernel/debug/tracing/trace

This will clear both trace and trace_pipe files. Of course, they will still get new events until your disable the tracing.

Improve this answer
0

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.