This is an automated email from the ASF dual-hosted git repository.
liuhan pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/skywalking-rover.git
The following commit(s) were added to refs/heads/main by this push:
new 6997e66 Fix context structs parameters for tracepoint programs (#157)
6997e66 is described below
commit 6997e660af50f5a74d14e9a468fb3b0f962b002b
Author: david <[email protected]>
AuthorDate: Thu Nov 21 13:06:11 2024 +0800
Fix context structs parameters for tracepoint programs (#157)
---
bpf/accesslog/l24/read_l2.c | 11 ++-
bpf/accesslog/l24/write_l2.c | 27 ++---
bpf/accesslog/l24/write_l4.c | 15 ++-
bpf/accesslog/process/process.c | 20 ++--
bpf/accesslog/syscalls/close.c | 21 +---
bpf/accesslog/syscalls/connect.c | 42 ++------
bpf/accesslog/syscalls/transfer.c | 203 ++++++++++++--------------------------
bpf/include/api.h | 17 ++++
8 files changed, 127 insertions(+), 229 deletions(-)
diff --git a/bpf/accesslog/l24/read_l2.c b/bpf/accesslog/l24/read_l2.c
index 0896eeb..e05bd7b 100644
--- a/bpf/accesslog/l24/read_l2.c
+++ b/bpf/accesslog/l24/read_l2.c
@@ -17,14 +17,15 @@
#include "l24.h"
#include "../common/data_args.h"
+#include "api.h"
-struct netif_receive_skb {
- unsigned long long pad;
- void * skbaddr;
-};
+struct trace_event_raw_net_dev_template {
+ struct trace_entry ent;
+ void *skbaddr;
+} __attribute__((preserve_access_index)) ;
SEC("tracepoint/net/netif_receive_skb")
-int tracepoint_netif_receive_skb(struct netif_receive_skb *ctx) {
+int tracepoint_netif_receive_skb(struct trace_event_raw_net_dev_template *ctx)
{
struct sk_buff * skb = (struct sk_buff *)ctx->skbaddr;
struct net_device *device = _(skb->dev);
diff --git a/bpf/accesslog/l24/write_l2.c b/bpf/accesslog/l24/write_l2.c
index 2f477df..094be3a 100644
--- a/bpf/accesslog/l24/write_l2.c
+++ b/bpf/accesslog/l24/write_l2.c
@@ -18,18 +18,19 @@
#include "l24.h"
#include "../common/data_args.h"
-struct net_dev_start_xmit_args {
- unsigned long pad0;
- unsigned long pad1;
+struct trace_event_raw_net_dev_start_xmit {
+ struct trace_entry ent;
+ __u32 __data_loc_name;
+ __u16 queue_mapping;
+ const void *skbaddr;
+} __attribute__((aligned(8))) __attribute__((preserve_access_index)) ;
- void *skb;
-};
-struct net_dev_xmit_args {
- unsigned long pad0;
+struct trace_event_raw_net_dev_xmit {
+ struct trace_entry ent;
+ void *skbaddr;
+} __attribute__((preserve_access_index));
- void *skb;
-};
SEC("kprobe/__dev_queue_xmit")
int dev_queue_emit(struct pt_regs * ctx){
@@ -52,8 +53,8 @@ int dev_queue_emit_ret(struct pt_regs * ctx){
}
SEC("tracepoint/net/net_dev_start_xmit")
-int tracepoint_net_dev_start_xmit(struct net_dev_start_xmit_args *args) {
- struct sk_buff * skb = args->skb;
+int tracepoint_net_dev_start_xmit(struct trace_event_raw_net_dev_start_xmit
*args) {
+ struct sk_buff * skb = (struct sk_buff *)args->skbaddr;
struct skb_transmit_detail *detail =
bpf_map_lookup_elem(&sk_buff_transmit_detail_map, &skb);
if (detail != NULL) {
detail->l2_start_xmit_time = bpf_ktime_get_ns();
@@ -62,8 +63,8 @@ int tracepoint_net_dev_start_xmit(struct
net_dev_start_xmit_args *args) {
}
SEC("tracepoint/net/net_dev_xmit")
-int tracepoint_net_dev_xmit(struct net_dev_xmit_args *args) {
- struct sk_buff * skb = args->skb;
+int tracepoint_net_dev_xmit(struct trace_event_raw_net_dev_xmit *args) {
+ struct sk_buff * skb = (struct sk_buff *)args->skbaddr;
struct skb_transmit_detail *detail =
bpf_map_lookup_elem(&sk_buff_transmit_detail_map, &skb);
if (detail != NULL) {
detail->l2_finish_xmit_time = bpf_ktime_get_ns();
diff --git a/bpf/accesslog/l24/write_l4.c b/bpf/accesslog/l24/write_l4.c
index c38ecc6..2d0a1a7 100644
--- a/bpf/accesslog/l24/write_l4.c
+++ b/bpf/accesslog/l24/write_l4.c
@@ -19,12 +19,11 @@
#include "../common/data_args.h"
#include "../common/sock.h"
-struct kfree_skb_args {
- unsigned long pad;
-
- void *skb;
- void *location;
-};
+struct trace_event_raw_kfree_skb {
+ struct trace_entry ent;
+ void *skbaddr;
+ void *location;
+} __attribute__((preserve_access_index));
SEC("kprobe/tcp_sendmsg")
int tcp_sendmsg(struct pt_regs* ctx) {
@@ -83,8 +82,8 @@ int tracepoint_tcp_retransmit_skb() {
}
SEC("tracepoint/skb/kfree_skb")
-int kfree_skb(struct kfree_skb_args *args) {
- struct sk_buff *skb = args->skb;
+int kfree_skb(struct trace_event_raw_kfree_skb *args) {
+ struct sk_buff *skb = (struct sk_buff *)args->skbaddr;
if (skb == NULL) {
return 0;
}
diff --git a/bpf/accesslog/process/process.c b/bpf/accesslog/process/process.c
index 7ad6723..ae58740 100644
--- a/bpf/accesslog/process/process.c
+++ b/bpf/accesslog/process/process.c
@@ -26,19 +26,17 @@ struct process_execute_event {
__u32 pid;
};
-struct sched_comm_fork_ctx {
- unsigned short common_type;
- unsigned char common_flags;
- unsigned char common_preempt_count;
- int common_pid;
- char parent_comm[16];
- pid_t parent_pid;
- char child_comm[16];
- pid_t child_pid;
-};
+struct trace_event_raw_sched_process_fork {
+ struct trace_entry ent;
+ char parent_comm[16];
+ __u32 parent_pid;
+ char child_comm[16];
+ __u32 child_pid;
+ char __data[0];
+} __attribute__((preserve_access_index)) ;
SEC("tracepoint/sched/sched_process_fork")
-int tracepoint_sched_process_fork(struct sched_comm_fork_ctx* ctx) {
+int tracepoint_sched_process_fork(struct trace_event_raw_sched_process_fork*
ctx) {
__u32 tgid = ctx->parent_pid;
// adding to the monitor
__u32 v = 1;
diff --git a/bpf/accesslog/syscalls/close.c b/bpf/accesslog/syscalls/close.c
index d4539c6..a1bc953 100644
--- a/bpf/accesslog/syscalls/close.c
+++ b/bpf/accesslog/syscalls/close.c
@@ -21,19 +21,6 @@
#include "../process/process.h"
#include "../common/connection.h"
-struct trace_point_enter_close {
- __u64 pad_0;
- int __syscall_nr;
- __u32 pad_1;
- int fd;
-};
-struct trace_point_exit_close {
- __u64 pad_0;
- __u32 __syscall_nr;
- __u32 pad_1;
- __u64 ret;
-};
-
static __inline void process_close_sock(void* ctx, __u64 id, struct
sock_close_args_t *args, int ret) {
__u32 tgid = (__u32)(id >> 32);
if (args->fd < 0) {
@@ -44,25 +31,25 @@ static __inline void process_close_sock(void* ctx, __u64
id, struct sock_close_a
}
SEC("tracepoint/syscalls/sys_enter_close")
-int tracepoint_enter_close(struct trace_point_enter_close *ctx) {
+int tracepoint_enter_close(struct syscall_trace_enter *ctx) {
uint64_t id = bpf_get_current_pid_tgid();
if (tgid_should_trace(id >> 32) == false) {
return 0;
}
struct sock_close_args_t close_args = {};
- close_args.fd = ctx->fd;
+ close_args.fd = (__u32)ctx->args[0];
close_args.start_nacs = bpf_ktime_get_ns();
bpf_map_update_elem(&closing_args, &id, &close_args, 0);
return 0;
}
SEC("tracepoint/syscalls/sys_exit_close")
-int tracepoint_exit_close(struct trace_point_exit_close *ctx) {
+int tracepoint_exit_close(struct syscall_trace_exit *ctx) {
__u64 id = bpf_get_current_pid_tgid();
struct sock_close_args_t *close_args = bpf_map_lookup_elem(&closing_args,
&id);
if (close_args) {
- process_close_sock(ctx, id, close_args, ctx->ret);
+ process_close_sock(ctx, id, close_args, (int)ctx->ret);
}
bpf_map_delete_elem(&closing_args, &id);
diff --git a/bpf/accesslog/syscalls/connect.c b/bpf/accesslog/syscalls/connect.c
index d1441f7..061a4ee 100644
--- a/bpf/accesslog/syscalls/connect.c
+++ b/bpf/accesslog/syscalls/connect.c
@@ -21,34 +21,6 @@
#include "../process/process.h"
#include "../common/connection.h"
-struct trace_point_enter_connect {
- __u64 pad_0;
- int __syscall_nr;
- __u32 pad_1;
- int fd;
- struct sockaddr * uservaddr;
-};
-struct trace_point_exit_connect {
- __u64 pad_0;
- __u32 __syscall_nr;
- __u32 pad_1;
- __u64 ret;
-};
-
-struct trace_point_enter_accept {
- __u64 pad_0;
- int __syscall_nr;
- __u32 pad_1;
- int fd;
- struct sockaddr * upeer_sockaddr;
-};
-struct trace_point_exit_accept {
- __u64 pad_0;
- __u32 __syscall_nr;
- __u32 pad_1;
- long ret;
-};
-
static __inline void process_connect(void *ctx, __u64 id, struct
connect_args_t *connect_args, long ret) {
bool success = true;
if (ret < 0 && ret != -EINPROGRESS) {
@@ -71,22 +43,22 @@ static __inline void process_accept(void *ctx, __u64 id,
struct accept_args_t *a
}
SEC("tracepoint/syscalls/sys_enter_connect")
-int tracepoint_enter_connect(struct trace_point_enter_connect *ctx) {
+int tracepoint_enter_connect(struct syscall_trace_enter *ctx) {
uint64_t id = bpf_get_current_pid_tgid();
if (tgid_should_trace(id >> 32) == false) {
return 0;
}
struct connect_args_t connect_args = {};
- connect_args.fd = ctx->fd;
- connect_args.addr = ctx->uservaddr;
+ connect_args.fd = (__u32)ctx->args[0];
+ connect_args.addr = (struct sockaddr *)ctx->args[1];
connect_args.start_nacs = bpf_ktime_get_ns();
bpf_map_update_elem(&conecting_args, &id, &connect_args, 0);
return 0;
}
SEC("tracepoint/syscalls/sys_exit_connect")
-int tracepoint_exit_connect(struct trace_point_exit_connect *ctx) {
+int tracepoint_exit_connect(struct syscall_trace_exit *ctx) {
__u64 id = bpf_get_current_pid_tgid();
struct connect_args_t *connect_args;
@@ -110,21 +82,21 @@ int tcp_connect(struct pt_regs *ctx) {
}
SEC("tracepoint/syscalls/sys_enter_accept")
-int tracepoint_enter_accept(struct trace_point_enter_accept *ctx) {
+int tracepoint_enter_accept(struct syscall_trace_enter *ctx) {
uint64_t id = bpf_get_current_pid_tgid();
if (tgid_should_trace(id >> 32) == false) {
return 0;
}
struct accept_args_t accept_args = {};
- accept_args.addr = ctx->upeer_sockaddr;
+ accept_args.addr = (struct sockaddr *)ctx->args[1];
accept_args.start_nacs = bpf_ktime_get_ns();
bpf_map_update_elem(&accepting_args, &id, &accept_args, 0);
return 0;
}
SEC("tracepoint/syscalls/sys_exit_accept")
-int tracepoint_exit_accept(struct trace_point_exit_accept *ctx) {
+int tracepoint_exit_accept(struct syscall_trace_exit *ctx) {
__u64 id = bpf_get_current_pid_tgid();
struct accept_args_t *accept_args = bpf_map_lookup_elem(&accepting_args,
&id);
if (accept_args) {
diff --git a/bpf/accesslog/syscalls/transfer.c
b/bpf/accesslog/syscalls/transfer.c
index f3a2608..bed6be3 100644
--- a/bpf/accesslog/syscalls/transfer.c
+++ b/bpf/accesslog/syscalls/transfer.c
@@ -23,103 +23,26 @@
#include "../l24/l24.h"
#include "transfer.h"
-struct trace_point_common_exit {
- __u64 pad_0;
- __u32 __syscall_nr;
- __u32 pad_1;
- __u64 ret;
-};
-struct trace_point_common_write {
- __u64 pad_0;
- __u32 __syscall_nr;
- __u32 pad_1;
- int fd;
- char * buf;
- size_t count;
-};
-struct trace_point_common_writev {
- __u64 pad_0;
- __u32 __syscall_nr;
- __u32 pad_1;
- int fd;
- struct iovec * vec;
- size_t count;
-};
-struct trace_point_common_readv {
- __u64 pad_0;
- __u32 __syscall_nr;
- __u32 pad_1;
- int fd;
- struct iovec * vec;
- size_t count;
-};
-struct trace_point_common_sendmsg {
- __u64 pad_0;
- __u32 __syscall_nr;
- __u32 pad_1;
- int fd;
- struct user_msghdr * msg;
-};
-struct trace_point_common_sendmmsg {
- __u64 pad_0;
- __u32 __syscall_nr;
- __u32 pad_1;
- int fd;
- struct mmsghdr * mmsg;
- unsigned int vlen;
-};
-struct trace_point_enter_sendto {
- __u64 pad_0;
- __u32 __syscall_nr;
- __u32 pad_1;
- int fd;
- char * buf;
- size_t count;
- unsigned int flags;
- struct sockaddr * addr;
-};
-struct trace_point_enter_recvfrom {
- __u64 pad_0;
- __u32 __syscall_nr;
- __u32 pad_1;
- int fd;
- char * buf;
- size_t count;
- unsigned int flags;
- struct sockaddr * addr;
-};
-struct trace_point_common_recvmsg {
- __u64 pad_0;
- __u32 __syscall_nr;
- __u32 pad_1;
- int fd;
- struct user_msghdr * msg;
-};
-struct trace_point_common_recvmmsg {
- __u64 pad_0;
- __u32 __syscall_nr;
- __u32 pad_1;
- int fd;
- struct mmsghdr * mmsg;
- unsigned int vlen;
-};
-struct trace_point_skb_copy_datagram_iovec {
- __u64 pad_0;
- void *skb;
-};
+
+struct trace_event_raw_skb_copy_datagram_iovec {
+ struct trace_entry ent;
+ const void *skbaddr;
+ int len;
+ char __data[0];
+} __attribute__((preserve_access_index));
#define BPF_PROBE_READ_VAR(value, ptr) bpf_probe_read(&value, sizeof(value),
ptr)
SEC("tracepoint/syscalls/sys_enter_write")
-int tracepoint_enter_write(struct trace_point_common_write *ctx) {
+int tracepoint_enter_write(struct syscall_trace_enter *ctx) {
uint64_t id = bpf_get_current_pid_tgid();
if (tgid_should_trace(id >> 32) == false) {
return 0;
}
struct sock_data_args_t data_args = {};
- data_args.fd = ctx->fd;
- data_args.buf = ctx->buf;
+ data_args.fd = (__u32)ctx->args[0];
+ data_args.buf = (char *)ctx->args[1];
data_args.start_nacs = bpf_ktime_get_ns();
data_args.data_id = generate_socket_data_id(id, data_args.fd,
SOCKET_OPTS_TYPE_WRITE, false);
bpf_map_update_elem(&socket_data_args, &id, &data_args, 0);
@@ -127,7 +50,7 @@ int tracepoint_enter_write(struct trace_point_common_write
*ctx) {
}
SEC("tracepoint/syscalls/sys_exit_write")
-int tracepoint_exit_write(struct trace_point_common_exit *ctx) {
+int tracepoint_exit_write(struct syscall_trace_exit *ctx) {
__u64 id = bpf_get_current_pid_tgid();
struct sock_data_args_t *data_args =
bpf_map_lookup_elem(&socket_data_args, &id);
if (data_args && data_args->is_sock_event) {
@@ -140,22 +63,22 @@ int tracepoint_exit_write(struct trace_point_common_exit
*ctx) {
}
SEC("tracepoint/syscalls/sendto")
-int tracepoint_enter_sendto(struct trace_point_enter_sendto *ctx) {
+int tracepoint_enter_sendto(struct syscall_trace_enter *ctx) {
uint64_t id = bpf_get_current_pid_tgid();
if (tgid_should_trace(id >> 32) == false) {
return 0;
}
- if (ctx->addr != NULL) {
+ if ((struct sockaddr *)ctx->args[4] != NULL) {
struct connect_args_t connect_args = {};
- connect_args.addr = ctx->addr;
- connect_args.fd = ctx->fd;
+ connect_args.addr = (struct sockaddr *)ctx->args[4];
+ connect_args.fd = (__u32)ctx->args[0];
bpf_map_update_elem(&conecting_args, &id, &connect_args, 0);
}
struct sock_data_args_t data_args = {};
- data_args.fd = ctx->fd;
- data_args.buf = ctx->buf;
+ data_args.fd = (__u32)ctx->args[0];
+ data_args.buf = (char *)ctx->args[1];
data_args.start_nacs = bpf_ktime_get_ns();
data_args.data_id = generate_socket_data_id(id, data_args.fd,
SOCKET_OPTS_TYPE_SENDTO, false);
bpf_map_update_elem(&socket_data_args, &id, &data_args, 0);
@@ -163,7 +86,7 @@ int tracepoint_enter_sendto(struct trace_point_enter_sendto
*ctx) {
}
SEC("tracepoint/syscalls/sys_exit_sendto")
-int tracepoint_exit_sendto(struct trace_point_common_exit *ctx) {
+int tracepoint_exit_sendto(struct syscall_trace_exit *ctx) {
__u64 id = bpf_get_current_pid_tgid();
ssize_t bytes_count = ctx->ret;
@@ -184,16 +107,16 @@ int tracepoint_exit_sendto(struct trace_point_common_exit
*ctx) {
}
SEC("tracepoint/syscalls/sys_enter_writev")
-int tracepoint_enter_writev(struct trace_point_common_writev *ctx) {
+int tracepoint_enter_writev(struct syscall_trace_enter *ctx) {
uint64_t id = bpf_get_current_pid_tgid();
if (tgid_should_trace(id >> 32) == false) {
return 0;
}
struct sock_data_args_t data_args = {};
- data_args.fd = ctx->fd;
- data_args.iovec = ctx->vec;
- data_args.iovlen = ctx->count;
+ data_args.fd = (__u32)ctx->args[0];
+ data_args.iovec = (struct iovec *)ctx->args[1];
+ data_args.iovlen = (size_t)ctx->args[2];
data_args.start_nacs = bpf_ktime_get_ns();
data_args.data_id = generate_socket_data_id(id, data_args.fd,
SOCKET_OPTS_TYPE_WRITE, false);
bpf_map_update_elem(&socket_data_args, &id, &data_args, 0);
@@ -201,7 +124,7 @@ int tracepoint_enter_writev(struct
trace_point_common_writev *ctx) {
}
SEC("tracepoint/syscalls/sys_exit_writev")
-int tracepoint_exit_writev(struct trace_point_common_exit *ctx) {
+int tracepoint_exit_writev(struct syscall_trace_exit *ctx) {
__u64 id = bpf_get_current_pid_tgid();
struct sock_data_args_t *data_args =
bpf_map_lookup_elem(&socket_data_args, &id);
if (data_args && data_args->is_sock_event) {
@@ -214,12 +137,12 @@ int tracepoint_exit_writev(struct trace_point_common_exit
*ctx) {
}
SEC("tracepoint/syscalls/sys_enter_sendmsg")
-int tracepoint_enter_sendmsg(struct trace_point_common_sendmsg *ctx) {
+int tracepoint_enter_sendmsg(struct syscall_trace_enter *ctx) {
uint64_t id = bpf_get_current_pid_tgid();
if (tgid_should_trace(id >> 32) == false) {
return 0;
}
- struct user_msghdr* msghdr = ctx->msg;
+ struct user_msghdr* msghdr = (struct user_msghdr*)ctx->args[1];
if (msghdr == NULL) {
return 0;
}
@@ -228,13 +151,13 @@ int tracepoint_enter_sendmsg(struct
trace_point_common_sendmsg *ctx) {
if (addr != NULL) {
struct connect_args_t connect_args = {};
connect_args.addr = addr;
- connect_args.fd = ctx->fd;
+ connect_args.fd = (__u32)ctx->args[0];
connect_args.start_nacs = bpf_ktime_get_ns();
bpf_map_update_elem(&conecting_args, &id, &connect_args, 0);
}
struct sock_data_args_t data_args = {};
- data_args.fd = ctx->fd;
+ data_args.fd = (__u32)ctx->args[0];
data_args.iovec = _(msghdr->msg_iov);
data_args.iovlen = _(msghdr->msg_iovlen);
data_args.start_nacs = bpf_ktime_get_ns();
@@ -244,7 +167,7 @@ int tracepoint_enter_sendmsg(struct
trace_point_common_sendmsg *ctx) {
}
SEC("tracepoint/syscalls/sys_exit_sendmsg")
-int tracepoint_exit_sendmsg(struct trace_point_common_exit *ctx) {
+int tracepoint_exit_sendmsg(struct syscall_trace_exit *ctx) {
__u64 id = bpf_get_current_pid_tgid();
ssize_t bytes_count = ctx->ret;
@@ -265,13 +188,13 @@ int tracepoint_exit_sendmsg(struct
trace_point_common_exit *ctx) {
}
SEC("tracepoint/syscalls/sys_enter_sendmmsg")
-int tracepoint_enter_sendmmsg(struct trace_point_common_sendmmsg *ctx) {
+int tracepoint_enter_sendmmsg(struct syscall_trace_enter *ctx) {
uint64_t id = bpf_get_current_pid_tgid();
if (tgid_should_trace(id >> 32) == false) {
return 0;
}
- struct mmsghdr* mmsghdr = ctx->mmsg;
- __u32 vlen = ctx->vlen;
+ struct mmsghdr* mmsghdr = (struct mmsghdr*)ctx->args[1];
+ __u32 vlen = (__u32)ctx->args[2];
if (mmsghdr == NULL || vlen <= 0) {
return 0;
}
@@ -280,13 +203,13 @@ int tracepoint_enter_sendmmsg(struct
trace_point_common_sendmmsg *ctx) {
if (addr != NULL) {
struct connect_args_t connect_args = {};
connect_args.addr = addr;
- connect_args.fd = ctx->fd;
+ connect_args.fd = (__u32)ctx->args[0];
connect_args.start_nacs = bpf_ktime_get_ns();
bpf_map_update_elem(&conecting_args, &id, &connect_args, 0);
}
struct sock_data_args_t data_args = {};
- data_args.fd = ctx->fd;
+ data_args.fd = (__u32)ctx->args[0];
struct iovec *msg_iov = _(mmsghdr->msg_hdr.msg_iov);
data_args.iovec = msg_iov;
size_t msg_iovlen = _(mmsghdr->msg_hdr.msg_iovlen);
@@ -299,7 +222,7 @@ int tracepoint_enter_sendmmsg(struct
trace_point_common_sendmmsg *ctx) {
}
SEC("tracepoint/syscalls/sys_exit_sendmmsg")
-int tracepoint_exit_sendmmsg(struct trace_point_common_exit *ctx) {
+int tracepoint_exit_sendmmsg(struct syscall_trace_exit *ctx) {
__u64 id = bpf_get_current_pid_tgid();
ssize_t bytes_count = ctx->ret;
@@ -322,15 +245,15 @@ int tracepoint_exit_sendmmsg(struct
trace_point_common_exit *ctx) {
}
SEC("tracepoint/syscalls/sys_enter_read")
-int tracepoint_enter_read(struct trace_point_common_write *ctx) {
+int tracepoint_enter_read(struct syscall_trace_enter *ctx) {
uint64_t id = bpf_get_current_pid_tgid();
if (tgid_should_trace(id >> 32) == false) {
return 0;
}
struct sock_data_args_t data_args = {};
- data_args.fd = ctx->fd;
- data_args.buf = ctx->buf;
+ data_args.fd = (__u32)ctx->args[0];
+ data_args.buf = (char *)ctx->args[1];
data_args.start_nacs = bpf_ktime_get_ns();
data_args.data_id = generate_socket_data_id(id, data_args.fd,
SOCKET_OPTS_TYPE_READ, false);
bpf_map_update_elem(&socket_data_args, &id, &data_args, 0);
@@ -338,7 +261,7 @@ int tracepoint_enter_read(struct trace_point_common_write
*ctx) {
}
SEC("tracepoint/syscalls/sys_exit_read")
-int tracepoint_exit_read(struct trace_point_common_exit *ctx) {
+int tracepoint_exit_read(struct syscall_trace_exit *ctx) {
__u64 id = bpf_get_current_pid_tgid();
struct sock_data_args_t *data_args =
bpf_map_lookup_elem(&socket_data_args, &id);
if (data_args && data_args->is_sock_event) {
@@ -351,16 +274,16 @@ int tracepoint_exit_read(struct trace_point_common_exit
*ctx) {
}
SEC("tracepoint/syscalls/sys_enter_readv")
-int tracepoint_enter_readv(struct trace_point_common_readv *ctx) {
+int tracepoint_enter_readv(struct syscall_trace_enter *ctx) {
uint64_t id = bpf_get_current_pid_tgid();
if (tgid_should_trace(id >> 32) == false) {
return 0;
}
struct sock_data_args_t data_args = {};
- data_args.fd = ctx->fd;
- data_args.iovec = ctx->vec;
- data_args.iovlen = ctx->count;
+ data_args.fd = (__u32)ctx->args[0];
+ data_args.iovec = (struct iovec *)ctx->args[1];
+ data_args.iovlen = (size_t)ctx->args[2];
data_args.start_nacs = bpf_ktime_get_ns();
data_args.data_id = generate_socket_data_id(id, data_args.fd,
SOCKET_OPTS_TYPE_READV, false);
bpf_map_update_elem(&socket_data_args, &id, &data_args, 0);
@@ -368,7 +291,7 @@ int tracepoint_enter_readv(struct trace_point_common_readv
*ctx) {
}
SEC("tracepoint/syscalls/sys_exit_readv")
-int tracepoint_exit_readv(struct trace_point_common_exit *ctx) {
+int tracepoint_exit_readv(struct syscall_trace_exit *ctx) {
__u64 id = bpf_get_current_pid_tgid();
struct sock_data_args_t *data_args =
bpf_map_lookup_elem(&socket_data_args, &id);
if (data_args && data_args->is_sock_event) {
@@ -411,22 +334,22 @@ int sys_recv_ret(struct pt_regs* ctx) {
}
SEC("tracepoint/syscalls/sys_enter_recvfrom")
-int tracepoint_enter_recvfrom(struct trace_point_enter_recvfrom *ctx) {
+int tracepoint_enter_recvfrom(struct syscall_trace_enter *ctx) {
uint64_t id = bpf_get_current_pid_tgid();
if (tgid_should_trace(id >> 32) == false) {
return 0;
}
- if (ctx->addr != NULL) {
+ if ((struct sockaddr *)ctx->args[4] != NULL) {
struct connect_args_t connect_args = {};
- connect_args.addr = ctx->addr;
- connect_args.fd = ctx->fd;
+ connect_args.addr = (struct sockaddr *)ctx->args[4];
+ connect_args.fd = (__u32)ctx->args[0];
bpf_map_update_elem(&conecting_args, &id, &connect_args, 0);
}
struct sock_data_args_t data_args = {};
- data_args.fd = ctx->fd;
- data_args.buf = ctx->buf;
+ data_args.fd = (__u32)ctx->args[0];
+ data_args.buf = (char *)ctx->args[1];
data_args.start_nacs = bpf_ktime_get_ns();
data_args.data_id = generate_socket_data_id(id, data_args.fd,
SOCKET_OPTS_TYPE_RECVFROM, false);
bpf_map_update_elem(&socket_data_args, &id, &data_args, 0);
@@ -434,7 +357,7 @@ int tracepoint_enter_recvfrom(struct
trace_point_enter_recvfrom *ctx) {
}
SEC("tracepoint/syscalls/sys_exit_recvfrom")
-int tracepoint_exit_recvfrom(struct trace_point_common_exit *ctx) {
+int tracepoint_exit_recvfrom(struct syscall_trace_exit *ctx) {
__u64 id = bpf_get_current_pid_tgid();
ssize_t bytes_count = ctx->ret;
@@ -455,12 +378,12 @@ int tracepoint_exit_recvfrom(struct
trace_point_common_exit *ctx) {
}
SEC("tracepoint/syscalls/sys_enter_recvmsg")
-int tracepoint_enter_recvmsg(struct trace_point_common_recvmsg *ctx) {
+int tracepoint_enter_recvmsg(struct syscall_trace_enter *ctx) {
uint64_t id = bpf_get_current_pid_tgid();
if (tgid_should_trace(id >> 32) == false) {
return 0;
}
- struct user_msghdr* msghdr = ctx->msg;
+ struct user_msghdr* msghdr = (struct user_msghdr*)ctx->args[1];
if (msghdr == NULL) {
return 0;
}
@@ -469,13 +392,13 @@ int tracepoint_enter_recvmsg(struct
trace_point_common_recvmsg *ctx) {
if (addr != NULL) {
struct connect_args_t connect_args = {};
connect_args.addr = addr;
- connect_args.fd = ctx->fd;
+ connect_args.fd = (__u32)ctx->args[0];
connect_args.start_nacs = bpf_ktime_get_ns();
bpf_map_update_elem(&conecting_args, &id, &connect_args, 0);
}
struct sock_data_args_t data_args = {};
- data_args.fd = ctx->fd;
+ data_args.fd = (__u32)ctx->args[0];
data_args.iovec = _(msghdr->msg_iov);
data_args.iovlen = _(msghdr->msg_iovlen);
data_args.start_nacs = bpf_ktime_get_ns();
@@ -485,7 +408,7 @@ int tracepoint_enter_recvmsg(struct
trace_point_common_recvmsg *ctx) {
}
SEC("tracepoint/syscalls/sys_exit_recvmsg")
-int tracepoint_exit_recvmsg(struct trace_point_common_exit *ctx) {
+int tracepoint_exit_recvmsg(struct syscall_trace_exit *ctx) {
__u64 id = bpf_get_current_pid_tgid();
ssize_t bytes_count = ctx->ret;
@@ -506,13 +429,13 @@ int tracepoint_exit_recvmsg(struct
trace_point_common_exit *ctx) {
}
SEC("tracepoint/syscalls/sys_enter_recvmmsg")
-int tracepoint_enter_recvmmsg(struct trace_point_common_recvmmsg *ctx) {
+int tracepoint_enter_recvmmsg(struct syscall_trace_enter *ctx) {
uint64_t id = bpf_get_current_pid_tgid();
if (tgid_should_trace(id >> 32) == false) {
return 0;
}
- struct mmsghdr* mmsghdr = ctx->mmsg;
- __u32 vlen = ctx->vlen;
+ struct mmsghdr* mmsghdr = (struct mmsghdr*)ctx->args[1];
+ __u32 vlen = (__u32)ctx->args[2];
if (mmsghdr == NULL || vlen <= 0) {
return 0;
}
@@ -521,13 +444,13 @@ int tracepoint_enter_recvmmsg(struct
trace_point_common_recvmmsg *ctx) {
if (addr != NULL) {
struct connect_args_t connect_args = {};
connect_args.addr = addr;
- connect_args.fd = ctx->fd;
+ connect_args.fd = (__u32)ctx->args[0];
connect_args.start_nacs = bpf_ktime_get_ns();
bpf_map_update_elem(&conecting_args, &id, &connect_args, 0);
}
struct sock_data_args_t data_args = {};
- data_args.fd = ctx->fd;
+ data_args.fd = (__u32)ctx->args[0];
struct iovec *msg_iov = _(mmsghdr->msg_hdr.msg_iov);
data_args.iovec = msg_iov;
size_t msg_iovlen = _(mmsghdr->msg_hdr.msg_iovlen);
@@ -540,7 +463,7 @@ int tracepoint_enter_recvmmsg(struct
trace_point_common_recvmmsg *ctx) {
}
SEC("tracepoint/syscalls/sys_exit_recvmmsg")
-int tracepoint_exit_recvmmsg(struct trace_point_common_exit *ctx) {
+int tracepoint_exit_recvmmsg(struct syscall_trace_exit *ctx) {
__u64 id = bpf_get_current_pid_tgid();
ssize_t bytes_count = ctx->ret;
@@ -563,9 +486,9 @@ int tracepoint_exit_recvmmsg(struct trace_point_common_exit
*ctx) {
}
SEC("tracepoint/skb/skb_copy_datagram_iovec")
-int tracepoint_skb_copy_datagram_iovec(struct
trace_point_skb_copy_datagram_iovec* ctx) {
+int tracepoint_skb_copy_datagram_iovec(struct
trace_event_raw_skb_copy_datagram_iovec* ctx) {
__u64 id = bpf_get_current_pid_tgid();
- struct sk_buff *buff = ctx->skb;
+ struct sk_buff *buff = (struct sk_buff *)ctx->skbaddr;
struct sock_data_args_t *data_args =
bpf_map_lookup_elem(&socket_data_args, &id);
if (data_args == NULL) {
bpf_map_delete_elem(&sk_buff_receive_detail_map, &buff);
diff --git a/bpf/include/api.h b/bpf/include/api.h
index be139bf..f27dd1c 100644
--- a/bpf/include/api.h
+++ b/bpf/include/api.h
@@ -46,6 +46,23 @@ typedef enum
true=1, false=0
} bool;
+struct trace_entry {
+ short unsigned int type;
+ unsigned char flags;
+ unsigned char preempt_count;
+ int pid;
+} __attribute__((preserve_access_index));
+struct syscall_trace_enter {
+ struct trace_entry ent;
+ int nr;
+ long unsigned int args[0];
+} __attribute__((preserve_access_index));
+struct syscall_trace_exit {
+ struct trace_entry ent;
+ int nr;
+ long int ret;
+}__attribute__((preserve_access_index));
+
struct thread_struct {
// x86_64
long unsigned int fsbase;
