Skip to content

Commit 6997e66

Browse files
tsinttsint
authored
Fix context structs parameters for tracepoint programs (#157)
1 parent 8e68d59 commit 6997e66

File tree

8 files changed

+127
-229
lines changed

8 files changed

+127
-229
lines changed

bpf/accesslog/l24/read_l2.c

+6-5
Original file line numberDiff line numberDiff line change
@@ -17,14 +17,15 @@
1717

1818
#include "l24.h"
1919
#include "../common/data_args.h"
20+
#include "api.h"
2021

21-
struct netif_receive_skb {
22-
unsigned long long pad;
23-
void * skbaddr;
24-
};
22+
struct trace_event_raw_net_dev_template {
23+
struct trace_entry ent;
24+
void *skbaddr;
25+
} __attribute__((preserve_access_index)) ;
2526

2627
SEC("tracepoint/net/netif_receive_skb")
27-
int tracepoint_netif_receive_skb(struct netif_receive_skb *ctx) {
28+
int tracepoint_netif_receive_skb(struct trace_event_raw_net_dev_template *ctx) {
2829
struct sk_buff * skb = (struct sk_buff *)ctx->skbaddr;
2930

3031
struct net_device *device = _(skb->dev);

bpf/accesslog/l24/write_l2.c

+14-13
Original file line numberDiff line numberDiff line change
@@ -18,18 +18,19 @@
1818
#include "l24.h"
1919
#include "../common/data_args.h"
2020

21-
struct net_dev_start_xmit_args {
22-
unsigned long pad0;
23-
unsigned long pad1;
21+
struct trace_event_raw_net_dev_start_xmit {
22+
struct trace_entry ent;
23+
__u32 __data_loc_name;
24+
__u16 queue_mapping;
25+
const void *skbaddr;
26+
} __attribute__((aligned(8))) __attribute__((preserve_access_index)) ;
2427

25-
void *skb;
26-
};
2728

28-
struct net_dev_xmit_args {
29-
unsigned long pad0;
29+
struct trace_event_raw_net_dev_xmit {
30+
struct trace_entry ent;
31+
void *skbaddr;
32+
} __attribute__((preserve_access_index));
3033

31-
void *skb;
32-
};
3334

3435
SEC("kprobe/__dev_queue_xmit")
3536
int dev_queue_emit(struct pt_regs * ctx){
@@ -52,8 +53,8 @@ int dev_queue_emit_ret(struct pt_regs * ctx){
5253
}
5354

5455
SEC("tracepoint/net/net_dev_start_xmit")
55-
int tracepoint_net_dev_start_xmit(struct net_dev_start_xmit_args *args) {
56-
struct sk_buff * skb = args->skb;
56+
int tracepoint_net_dev_start_xmit(struct trace_event_raw_net_dev_start_xmit *args) {
57+
struct sk_buff * skb = (struct sk_buff *)args->skbaddr;
5758
struct skb_transmit_detail *detail = bpf_map_lookup_elem(&sk_buff_transmit_detail_map, &skb);
5859
if (detail != NULL) {
5960
detail->l2_start_xmit_time = bpf_ktime_get_ns();
@@ -62,8 +63,8 @@ int tracepoint_net_dev_start_xmit(struct net_dev_start_xmit_args *args) {
6263
}
6364

6465
SEC("tracepoint/net/net_dev_xmit")
65-
int tracepoint_net_dev_xmit(struct net_dev_xmit_args *args) {
66-
struct sk_buff * skb = args->skb;
66+
int tracepoint_net_dev_xmit(struct trace_event_raw_net_dev_xmit *args) {
67+
struct sk_buff * skb = (struct sk_buff *)args->skbaddr;
6768
struct skb_transmit_detail *detail = bpf_map_lookup_elem(&sk_buff_transmit_detail_map, &skb);
6869
if (detail != NULL) {
6970
detail->l2_finish_xmit_time = bpf_ktime_get_ns();

bpf/accesslog/l24/write_l4.c

+7-8
Original file line numberDiff line numberDiff line change
@@ -19,12 +19,11 @@
1919
#include "../common/data_args.h"
2020
#include "../common/sock.h"
2121

22-
struct kfree_skb_args {
23-
unsigned long pad;
24-
25-
void *skb;
26-
void *location;
27-
};
22+
struct trace_event_raw_kfree_skb {
23+
struct trace_entry ent;
24+
void *skbaddr;
25+
void *location;
26+
} __attribute__((preserve_access_index));
2827

2928
SEC("kprobe/tcp_sendmsg")
3029
int tcp_sendmsg(struct pt_regs* ctx) {
@@ -83,8 +82,8 @@ int tracepoint_tcp_retransmit_skb() {
8382
}
8483

8584
SEC("tracepoint/skb/kfree_skb")
86-
int kfree_skb(struct kfree_skb_args *args) {
87-
struct sk_buff *skb = args->skb;
85+
int kfree_skb(struct trace_event_raw_kfree_skb *args) {
86+
struct sk_buff *skb = (struct sk_buff *)args->skbaddr;
8887
if (skb == NULL) {
8988
return 0;
9089
}

bpf/accesslog/process/process.c

+9-11
Original file line numberDiff line numberDiff line change
@@ -26,19 +26,17 @@ struct process_execute_event {
2626
__u32 pid;
2727
};
2828

29-
struct sched_comm_fork_ctx {
30-
unsigned short common_type;
31-
unsigned char common_flags;
32-
unsigned char common_preempt_count;
33-
int common_pid;
34-
char parent_comm[16];
35-
pid_t parent_pid;
36-
char child_comm[16];
37-
pid_t child_pid;
38-
};
29+
struct trace_event_raw_sched_process_fork {
30+
struct trace_entry ent;
31+
char parent_comm[16];
32+
__u32 parent_pid;
33+
char child_comm[16];
34+
__u32 child_pid;
35+
char __data[0];
36+
} __attribute__((preserve_access_index)) ;
3937

4038
SEC("tracepoint/sched/sched_process_fork")
41-
int tracepoint_sched_process_fork(struct sched_comm_fork_ctx* ctx) {
39+
int tracepoint_sched_process_fork(struct trace_event_raw_sched_process_fork* ctx) {
4240
__u32 tgid = ctx->parent_pid;
4341
// adding to the monitor
4442
__u32 v = 1;

bpf/accesslog/syscalls/close.c

+4-17
Original file line numberDiff line numberDiff line change
@@ -21,19 +21,6 @@
2121
#include "../process/process.h"
2222
#include "../common/connection.h"
2323

24-
struct trace_point_enter_close {
25-
__u64 pad_0;
26-
int __syscall_nr;
27-
__u32 pad_1;
28-
int fd;
29-
};
30-
struct trace_point_exit_close {
31-
__u64 pad_0;
32-
__u32 __syscall_nr;
33-
__u32 pad_1;
34-
__u64 ret;
35-
};
36-
3724
static __inline void process_close_sock(void* ctx, __u64 id, struct sock_close_args_t *args, int ret) {
3825
__u32 tgid = (__u32)(id >> 32);
3926
if (args->fd < 0) {
@@ -44,25 +31,25 @@ static __inline void process_close_sock(void* ctx, __u64 id, struct sock_close_a
4431
}
4532

4633
SEC("tracepoint/syscalls/sys_enter_close")
47-
int tracepoint_enter_close(struct trace_point_enter_close *ctx) {
34+
int tracepoint_enter_close(struct syscall_trace_enter *ctx) {
4835
uint64_t id = bpf_get_current_pid_tgid();
4936
if (tgid_should_trace(id >> 32) == false) {
5037
return 0;
5138
}
5239

5340
struct sock_close_args_t close_args = {};
54-
close_args.fd = ctx->fd;
41+
close_args.fd = (__u32)ctx->args[0];
5542
close_args.start_nacs = bpf_ktime_get_ns();
5643
bpf_map_update_elem(&closing_args, &id, &close_args, 0);
5744
return 0;
5845
}
5946

6047
SEC("tracepoint/syscalls/sys_exit_close")
61-
int tracepoint_exit_close(struct trace_point_exit_close *ctx) {
48+
int tracepoint_exit_close(struct syscall_trace_exit *ctx) {
6249
__u64 id = bpf_get_current_pid_tgid();
6350
struct sock_close_args_t *close_args = bpf_map_lookup_elem(&closing_args, &id);
6451
if (close_args) {
65-
process_close_sock(ctx, id, close_args, ctx->ret);
52+
process_close_sock(ctx, id, close_args, (int)ctx->ret);
6653
}
6754

6855
bpf_map_delete_elem(&closing_args, &id);

bpf/accesslog/syscalls/connect.c

+7-35
Original file line numberDiff line numberDiff line change
@@ -21,34 +21,6 @@
2121
#include "../process/process.h"
2222
#include "../common/connection.h"
2323

24-
struct trace_point_enter_connect {
25-
__u64 pad_0;
26-
int __syscall_nr;
27-
__u32 pad_1;
28-
int fd;
29-
struct sockaddr * uservaddr;
30-
};
31-
struct trace_point_exit_connect {
32-
__u64 pad_0;
33-
__u32 __syscall_nr;
34-
__u32 pad_1;
35-
__u64 ret;
36-
};
37-
38-
struct trace_point_enter_accept {
39-
__u64 pad_0;
40-
int __syscall_nr;
41-
__u32 pad_1;
42-
int fd;
43-
struct sockaddr * upeer_sockaddr;
44-
};
45-
struct trace_point_exit_accept {
46-
__u64 pad_0;
47-
__u32 __syscall_nr;
48-
__u32 pad_1;
49-
long ret;
50-
};
51-
5224
static __inline void process_connect(void *ctx, __u64 id, struct connect_args_t *connect_args, long ret) {
5325
bool success = true;
5426
if (ret < 0 && ret != -EINPROGRESS) {
@@ -71,22 +43,22 @@ static __inline void process_accept(void *ctx, __u64 id, struct accept_args_t *a
7143
}
7244

7345
SEC("tracepoint/syscalls/sys_enter_connect")
74-
int tracepoint_enter_connect(struct trace_point_enter_connect *ctx) {
46+
int tracepoint_enter_connect(struct syscall_trace_enter *ctx) {
7547
uint64_t id = bpf_get_current_pid_tgid();
7648
if (tgid_should_trace(id >> 32) == false) {
7749
return 0;
7850
}
7951

8052
struct connect_args_t connect_args = {};
81-
connect_args.fd = ctx->fd;
82-
connect_args.addr = ctx->uservaddr;
53+
connect_args.fd = (__u32)ctx->args[0];
54+
connect_args.addr = (struct sockaddr *)ctx->args[1];
8355
connect_args.start_nacs = bpf_ktime_get_ns();
8456
bpf_map_update_elem(&conecting_args, &id, &connect_args, 0);
8557
return 0;
8658
}
8759

8860
SEC("tracepoint/syscalls/sys_exit_connect")
89-
int tracepoint_exit_connect(struct trace_point_exit_connect *ctx) {
61+
int tracepoint_exit_connect(struct syscall_trace_exit *ctx) {
9062
__u64 id = bpf_get_current_pid_tgid();
9163
struct connect_args_t *connect_args;
9264

@@ -110,21 +82,21 @@ int tcp_connect(struct pt_regs *ctx) {
11082
}
11183

11284
SEC("tracepoint/syscalls/sys_enter_accept")
113-
int tracepoint_enter_accept(struct trace_point_enter_accept *ctx) {
85+
int tracepoint_enter_accept(struct syscall_trace_enter *ctx) {
11486
uint64_t id = bpf_get_current_pid_tgid();
11587
if (tgid_should_trace(id >> 32) == false) {
11688
return 0;
11789
}
11890

11991
struct accept_args_t accept_args = {};
120-
accept_args.addr = ctx->upeer_sockaddr;
92+
accept_args.addr = (struct sockaddr *)ctx->args[1];
12193
accept_args.start_nacs = bpf_ktime_get_ns();
12294
bpf_map_update_elem(&accepting_args, &id, &accept_args, 0);
12395
return 0;
12496
}
12597

12698
SEC("tracepoint/syscalls/sys_exit_accept")
127-
int tracepoint_exit_accept(struct trace_point_exit_accept *ctx) {
99+
int tracepoint_exit_accept(struct syscall_trace_exit *ctx) {
128100
__u64 id = bpf_get_current_pid_tgid();
129101
struct accept_args_t *accept_args = bpf_map_lookup_elem(&accepting_args, &id);
130102
if (accept_args) {

0 commit comments

Comments
 (0)