(skywalking-rover) branch reduce-handle-connect-time updated: add conntrack new probes

Fri, 27 Dec 2024 05:08:09 -0800 

This is an automated email from the ASF dual-hosted git repository.

liuhan pushed a commit to branch reduce-handle-connect-time
in repository https://gitbox.apache.org/repos/asf/skywalking-rover.git


The following commit(s) were added to refs/heads/reduce-handle-connect-time by 
this push:
     new 56c8356  add conntrack new probes
56c8356 is described below

commit 56c8356f12220c9401ba6a842973acf50dc4750c
Author: mrproliu <[email protected]>
AuthorDate: Fri Dec 27 21:07:51 2024 +0800

    add conntrack new probes
---
 bpf/accesslog/syscalls/connect_conntrack.c | 21 +++++++++++++++++++++
 bpf/accesslog/syscalls/connect_conntrack.h |  7 +++++++
 2 files changed, 28 insertions(+)

diff --git a/bpf/accesslog/syscalls/connect_conntrack.c 
b/bpf/accesslog/syscalls/connect_conntrack.c
index 18f4f9a..a9878d6 100644
--- a/bpf/accesslog/syscalls/connect_conntrack.c
+++ b/bpf/accesslog/syscalls/connect_conntrack.c
@@ -153,3 +153,24 @@ SEC("kprobe/ctnetlink_fill_info")
 int nf_ctnetlink_fill_info(struct pt_regs* ctx) {
     return nf_conn_aware(ctx, (struct nf_conn*)PT_REGS_PARM5(ctx));
 }
+
+SEC("kprobe/__nf_ct_refresh_acct")
+int nf_ct_refresh_acct(struct pt_regs *ctx) {
+    struct nf_conn *ct = (struct nf_conn *) PT_REGS_PARM1(ctx);
+    __u64 pid = bpf_get_current_pid_tgid();
+    bpf_map_update_elem(&conntrack_refreshing, &pid, &ct, BPF_ANY);
+    return 0;
+}
+
+// Bottom half of the update sampler. Extract accounting data from the nf_conn.
+SEC("kretprobe/__nf_ct_refresh_acct")
+int nf_ct_refresh_acct_ret(struct pt_regs *ctx) {
+    __u64 pid = bpf_get_current_pid_tgid();
+    struct nf_conn **ctp;
+    ctp = bpf_map_lookup_elem(&conntrack_refreshing, &pid);
+    if (ctp == 0)
+        return 0;
+    struct nf_conn *ct = *ctp;
+    bpf_map_delete_elem(&conntrack_refreshing, &pid);
+    return nf_conn_aware(ctx, ct);
+}
\ No newline at end of file
diff --git a/bpf/accesslog/syscalls/connect_conntrack.h 
b/bpf/accesslog/syscalls/connect_conntrack.h
index 0e67b9c..4b3024c 100644
--- a/bpf/accesslog/syscalls/connect_conntrack.h
+++ b/bpf/accesslog/syscalls/connect_conntrack.h
@@ -97,3 +97,10 @@ struct nf_conn {
        long unsigned int status;
        __u32 mark;
 } __attribute__((preserve_access_index));
+
+struct {
+       __uint(type, BPF_MAP_TYPE_PERCPU_HASH);
+       __uint(max_entries, 5000);
+       __type(key, __u64);
+       __type(value, sizeof(struct nf_conn *));
+} conntrack_refreshing SEC(".maps");
\ No newline at end of file

Reply via email to