From 41ba266ba931d4115a079102e157adf4171c8426 Mon Sep 17 00:00:00 2001
From: wubijie <wubijie@kylinos.cn>
Date: Wed, 21 Jun 2023 15:52:30 +0800
Subject: [PATCH] Add signal processing capabilities and printing capabilities

---
 observation/src/bindsnoop/bindsnoop.bpf.c | 40 ++++++++++++++++++++++-
 observation/src/bindsnoop/bindsnoop.c     | 14 ++++++++
 2 files changed, 53 insertions(+), 1 deletion(-)

diff --git a/observation/src/bindsnoop/bindsnoop.bpf.c b/observation/src/bindsnoop/bindsnoop.bpf.c
index 184bdd53..1292ecef 100644
--- a/observation/src/bindsnoop/bindsnoop.bpf.c
+++ b/observation/src/bindsnoop/bindsnoop.bpf.c
@@ -108,4 +108,42 @@ static int probe_exit(struct pt_regs *ctx, short ver)
 cleanup:
 	bpf_map_delete_elem(&sockets, &pid);
 	return 0;
-}
\ No newline at end of file
+}
+
+SEC("kprobe/inet_bind")
+int BPF_KPROBE(ipv4_bind_entry, struct socket *socket)
+{
+	if (filter_memcg && !bpf_current_task_under_cgroup(&cgroup_map, 0))
+		return 0;
+
+	return probe_entry(ctx, socket);
+}
+
+SEC("kretprobe/inet_bind")
+int BPF_KRETPROBE(ipv4_bind_exit)
+{
+	if (filter_memcg && !bpf_current_task_under_cgroup(&cgroup_map, 0))
+		return 0;
+
+	return probe_exit(ctx, 4);
+}
+
+SEC("kprobe/inet6_bind")
+int BPF_KPROBE(ipv6_bind_entry, struct socket *socket)
+{
+	if (filter_memcg && !bpf_current_task_under_cgroup(&cgroup_map, 0))
+		return 0;
+
+	return probe_entry(ctx, socket);
+}
+
+SEC("kretprobe/inet6_bind")
+int BPF_KRETPROBE(ipv6_bind_exit)
+{
+	if (filter_memcg && !bpf_current_task_under_cgroup(&cgroup_map, 0))
+		return 0;
+
+	return probe_exit(ctx, 6);
+}
+
+char LICENSE[] SEC("license") = "Dual BSD/GPL";
\ No newline at end of file
diff --git a/observation/src/bindsnoop/bindsnoop.c b/observation/src/bindsnoop/bindsnoop.c
index e515e034..c833692f 100644
--- a/observation/src/bindsnoop/bindsnoop.c
+++ b/observation/src/bindsnoop/bindsnoop.c
@@ -7,6 +7,7 @@
 
 #include <sys/socket.h>
 #include <arpa/inet.h>
+
 static struct env {
 	char	*cgroupspath;
 	bool	cg;
@@ -100,3 +101,16 @@ static error_t parse_arg(int key, char *arg, struct argp_state *state)
 
 	return 0;
 }
+
+static int libbpf_print_fn(enum libbpf_print_level level, const char *format,
+			   va_list args)
+{
+	if (level == LIBBPF_DEBUG && !env.verbose)
+		return 0;
+	return vfprintf(stderr, format, args);
+}
+
+static void sig_handler(int sig)
+{
+	exiting = 1;
+}
-- 
Gitee