Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
B
bcc
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
bcc
Commits
365eade7
Commit
365eade7
authored
Jun 21, 2018
by
Joe Yin
Committed by
yonghong-song
Jun 20, 2018
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
#1838 (#1842)
implement tracepoint based probing for tcpaccept.py.
parent
d601984f
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
52 additions
and
4 deletions
+52
-4
tools/tcpaccept.py
tools/tcpaccept.py
+52
-4
No files found.
tools/tcpaccept.py
View file @
365eade7
...
...
@@ -52,8 +52,8 @@ struct ipv4_data_t {
// XXX: switch some to u32's when supported
u64 ts_us;
u64 pid;
u
64
saddr;
u
64
daddr;
u
32
saddr;
u
32
daddr;
u64 ip;
u64 lport;
char task[TASK_COMM_LEN];
...
...
@@ -70,7 +70,15 @@ struct ipv6_data_t {
char task[TASK_COMM_LEN];
};
BPF_PERF_OUTPUT(ipv6_events);
"""
#
# The following is the code for older kernels(Linux pre-4.16).
# It uses kprobes to instrument inet_csk_accept(). On Linux 4.16 and
# later, the sock:inet_sock_set_state tracepoint should be used instead, as
# is done by the code that follows this.
#
bpf_text_kprobe
=
"""
int kretprobe__inet_csk_accept(struct pt_regs *ctx)
{
struct sock *newsk = (struct sock *)PT_REGS_RC(ctx);
...
...
@@ -147,6 +155,46 @@ int kretprobe__inet_csk_accept(struct pt_regs *ctx)
}
"""
bpf_text_tracepoint
=
"""
TRACEPOINT_PROBE(sock, inet_sock_set_state)
{
if (args->protocol != IPPROTO_TCP)
return 0;
u32 pid = bpf_get_current_pid_tgid();
// pull in details
u16 family = 0, lport = 0;
family = args->family;
lport = args->sport;
if (family == AF_INET) {
struct ipv4_data_t data4 = {.pid = pid, .ip = 4};
data4.ts_us = bpf_ktime_get_ns() / 1000;
__builtin_memcpy(&data4.saddr, args->saddr, sizeof(data4.saddr));
__builtin_memcpy(&data4.daddr, args->daddr, sizeof(data4.daddr));
data4.lport = lport;
bpf_get_current_comm(&data4.task, sizeof(data4.task));
ipv4_events.perf_submit(args, &data4, sizeof(data4));
} else if (family == AF_INET6) {
struct ipv6_data_t data6 = {.pid = pid, .ip = 6};
data6.ts_us = bpf_ktime_get_ns() / 1000;
__builtin_memcpy(&data6.saddr, args->saddr, sizeof(data6.saddr));
__builtin_memcpy(&data6.daddr, args->daddr, sizeof(data6.daddr));
data6.lport = lport;
bpf_get_current_comm(&data6.task, sizeof(data6.task));
ipv6_events.perf_submit(args, &data6, sizeof(data6));
}
// else drop
return 0;
}
"""
if
(
BPF
.
tracepoint_exists
(
"sock"
,
"inet_sock_set_state"
)):
bpf_text
+=
bpf_text_tracepoint
else
:
bpf_text
+=
bpf_text_kprobe
# code substitutions
if
args
.
pid
:
bpf_text
=
bpf_text
.
replace
(
'FILTER'
,
...
...
@@ -165,8 +213,8 @@ class Data_ipv4(ct.Structure):
_fields_
=
[
(
"ts_us"
,
ct
.
c_ulonglong
),
(
"pid"
,
ct
.
c_ulonglong
),
(
"saddr"
,
ct
.
c_u
longlong
),
(
"daddr"
,
ct
.
c_u
longlong
),
(
"saddr"
,
ct
.
c_u
int
),
(
"daddr"
,
ct
.
c_u
int
),
(
"ip"
,
ct
.
c_ulonglong
),
(
"lport"
,
ct
.
c_ulonglong
),
(
"task"
,
ct
.
c_char
*
TASK_COMM_LEN
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment