eBPF query runner. Choose a format in:
- Ruby DSL
- YAML
- SQL-like query language (in the future)
Add this line to your application's Gemfile:
gem 'bpfql'And then execute:
$ bundle install
Or install it yourself as:
$ gem install bpfql
BPFQL do
select "*"
from "tracepoint:random:urandom_read"
where "comm", is: "ruby"
_and "pid", is: 12345
endBPFQL do
select "count()"
from "tracepoint:syscalls:sys_enter_clone"
group_by "comm"
interval "15s"
endBPFQL:
- select: count()
from: tracepoint:syscalls:sys_enter_clone
group_by: comm
stop_after: "30s"BPFQL:
- select: count()
from: tracepoint:syscalls:sys_enter_clone
where:
- comm is "ruby"
- pid is 12345- See examples/ to find working examples.
After checking out the repo, run bin/setup to install dependencies. Then, run rake test to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.
Bug reports and pull requests are welcome on GitHub at https://github.com/udzura/bpfql.