Couple days ago at work I found myself needing to trace BPF's uprobes while investigating an issue with libzookeeper
.
Normally, running a uprobe
/ uretprobe
is as easy as passing the path to the library and the function name:
$ bpftrace -e 'uretprobe:/usr/lib/x86_64-linux-gnu/libzookeeper_mt.so.2.0.0:zoo_set2 { printf("%d\n", retval); }'
In my case, Zookeeper client was running in a container. How do I figure out the path to the library if the process is in Docker?
Turns out it's not too hard, but I tend to forget things, so I decided to write this post for myself in the future in case I need to do this again.