diff --git a/observation/src/bindsnoop/bindsnoop.bpf.c b/observation/src/bindsnoop/bindsnoop.bpf.c index 184bdd536a43a7aa16d0334d7c7a10d13ddc89d3..1292ecefdf13af006ceba1ef7b75955aa4520e2f 100644 --- a/observation/src/bindsnoop/bindsnoop.bpf.c +++ b/observation/src/bindsnoop/bindsnoop.bpf.c @@ -108,4 +108,42 @@ static int probe_exit(struct pt_regs *ctx, short ver) cleanup: bpf_map_delete_elem(&sockets, &pid); return 0; -} \ No newline at end of file +} + +SEC("kprobe/inet_bind") +int BPF_KPROBE(ipv4_bind_entry, struct socket *socket) +{ + if (filter_memcg && !bpf_current_task_under_cgroup(&cgroup_map, 0)) + return 0; + + return probe_entry(ctx, socket); +} + +SEC("kretprobe/inet_bind") +int BPF_KRETPROBE(ipv4_bind_exit) +{ + if (filter_memcg && !bpf_current_task_under_cgroup(&cgroup_map, 0)) + return 0; + + return probe_exit(ctx, 4); +} + +SEC("kprobe/inet6_bind") +int BPF_KPROBE(ipv6_bind_entry, struct socket *socket) +{ + if (filter_memcg && !bpf_current_task_under_cgroup(&cgroup_map, 0)) + return 0; + + return probe_entry(ctx, socket); +} + +SEC("kretprobe/inet6_bind") +int BPF_KRETPROBE(ipv6_bind_exit) +{ + if (filter_memcg && !bpf_current_task_under_cgroup(&cgroup_map, 0)) + return 0; + + return probe_exit(ctx, 6); +} + +char LICENSE[] SEC("license") = "Dual BSD/GPL"; \ No newline at end of file diff --git a/observation/src/bindsnoop/bindsnoop.c b/observation/src/bindsnoop/bindsnoop.c index e515e03410ce10537db966657773cd97347875b0..c833692fe5f7f0efd0d54e6e6b80d41451e79a16 100644 --- a/observation/src/bindsnoop/bindsnoop.c +++ b/observation/src/bindsnoop/bindsnoop.c @@ -7,6 +7,7 @@ #include #include + static struct env { char *cgroupspath; bool cg; @@ -100,3 +101,16 @@ static error_t parse_arg(int key, char *arg, struct argp_state *state) return 0; } + +static int libbpf_print_fn(enum libbpf_print_level level, const char *format, + va_list args) +{ + if (level == LIBBPF_DEBUG && !env.verbose) + return 0; + return vfprintf(stderr, format, args); +} + +static void sig_handler(int sig) +{ + exiting = 1; +}