Commit db454655 authored by Brenden Blanco's avatar Brenden Blanco

Merge pull request #407 from yadutaf/jt-readme

Documentation and tcp4connect enhancements
parents a6f5a219 d0764aae
# Editor's files
*.swp *.swp
*.swo *.swo
*.pyc *.pyc
# Build artefacts
/build/
...@@ -112,12 +112,15 @@ To build the toolchain from source, one needs: ...@@ -112,12 +112,15 @@ To build the toolchain from source, one needs:
### Install build dependencies ### Install build dependencies
``` ```
# Trusty and older
VER=trusty VER=trusty
echo "deb http://llvm.org/apt/$VER/ llvm-toolchain-$VER-3.7 main echo "deb http://llvm.org/apt/$VER/ llvm-toolchain-$VER-3.7 main
deb-src http://llvm.org/apt/$VER/ llvm-toolchain-$VER-3.7 main" | \ deb-src http://llvm.org/apt/$VER/ llvm-toolchain-$VER-3.7 main" | \
sudo tee /etc/apt/sources.list.d/llvm.list sudo tee /etc/apt/sources.list.d/llvm.list
wget -O - http://llvm.org/apt/llvm-snapshot.gpg.key | sudo apt-key add - wget -O - http://llvm.org/apt/llvm-snapshot.gpg.key | sudo apt-key add -
sudo apt-get update sudo apt-get update
# All versions
sudo apt-get -y install bison build-essential cmake flex git libedit-dev \ sudo apt-get -y install bison build-essential cmake flex git libedit-dev \
libllvm3.7 llvm-3.7-dev libclang-3.7-dev python zlib1g-dev libllvm3.7 llvm-3.7-dev libclang-3.7-dev python zlib1g-dev
``` ```
......
...@@ -47,6 +47,10 @@ many possible capabilities. ...@@ -47,6 +47,10 @@ many possible capabilities.
See [INSTALL.md](INSTALL.md) for installation steps on your platform. See [INSTALL.md](INSTALL.md) for installation steps on your platform.
## FAQ
See [FAQ.txt](FAQ.txt) for the most common troubleshoot questions.
## Contents ## Contents
Some of these are single files that contain both C and Python, others have a Some of these are single files that contain both C and Python, others have a
......
...@@ -62,7 +62,7 @@ int kretprobe__tcp_v4_connect(struct pt_regs *ctx) ...@@ -62,7 +62,7 @@ int kretprobe__tcp_v4_connect(struct pt_regs *ctx)
bpf_probe_read(&dport, sizeof(dport), &skp->__sk_common.skc_dport); bpf_probe_read(&dport, sizeof(dport), &skp->__sk_common.skc_dport);
// output // output
bpf_trace_printk("%x %x %d\\n", saddr, daddr, ntohs(dport)); bpf_trace_printk("trace_tcp4connect %x %x %d\\n", saddr, daddr, ntohs(dport));
currsock.delete(&pid); currsock.delete(&pid);
...@@ -86,10 +86,19 @@ def inet_ntoa(addr): ...@@ -86,10 +86,19 @@ def inet_ntoa(addr):
addr = addr >> 8 addr = addr >> 8
return dq return dq
# format output # filter and format output
while 1: while 1:
(task, pid, cpu, flags, ts, msg) = b.trace_fields() # Read messages from kernel pipe
(saddr_hs, daddr_hs, dport_s) = msg.split(" ") try:
(task, pid, cpu, flags, ts, msg) = b.trace_fields()
(_tag, saddr_hs, daddr_hs, dport_s) = msg.split(" ")
except ValueError:
# Ignore messages from other tracers
continue
# Ignore messages from other tracers
if _tag != "trace_tcp4connect":
continue
print("%-6d %-12.12s %-16s %-16s %-4s" % (pid, task, print("%-6d %-12.12s %-16s %-16s %-4s" % (pid, task,
inet_ntoa(int(saddr_hs, 16)), inet_ntoa(int(saddr_hs, 16)),
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment