"The Linux tracing APIs are a relatively new addition to the
kernel and one of the most powerful new features its gained in a
long time. Unfortunately the plethora of terms and names for the
system can be confusing, so in this follow-up to my previous post
on the proc connector and socket filter, I'll take a look at
achieving the same result using tracing and hopefully unravel a
little of the mystery along the way.
"Rather than write a program along the way, I'll be referring to
sample code found in the kernel tree itself so you'll want a
checkout. If you're doing any work that touches the kernel further
than standard POSIX APIs, I highly recommend this anyway; it's
quite readable and once you find your way around, is the quickest
way to answer questions."