From bca1f26b80814e574959152d70d0c46574ddc5fd Mon Sep 17 00:00:00 2001 From: wenzhiwei11 Date: Wed, 21 Jun 2023 16:34:06 +0800 Subject: [PATCH] add User state data processing and main function for tcpconnect --- observation/src/tcpconnect/tcpconnect.c | 171 ++++++++++++++++++++++++ 1 file changed, 171 insertions(+) diff --git a/observation/src/tcpconnect/tcpconnect.c b/observation/src/tcpconnect/tcpconnect.c index b0a3626f..3f41a12f 100644 --- a/observation/src/tcpconnect/tcpconnect.c +++ b/observation/src/tcpconnect/tcpconnect.c @@ -221,3 +221,174 @@ static void print_events_headers(void) printf(" %-5s\n", "DPORT"); } +static int handle_event(void *ctx, void *data, size_t data_sz) +{ + const struct event *event = data; + char src[INET6_ADDRSTRLEN], dst[INET6_ADDRSTRLEN]; + union { + struct in_addr x4; + struct in6_addr x6; + } s, d; + + if (event->af == AF_INET) { + s.x4.s_addr = event->saddr_v4; + d.x4.s_addr = event->daddr_v4; + } else if (event->af == AF_INET6) { + memcpy(&s.x6.s6_addr, event->saddr_v6, sizeof(s.x6.s6_addr)); + memcpy(&d.x6.s6_addr, event->daddr_v6, sizeof(d.x6.s6_addr)); + } else { + warning("Broken event: event->af=%d\n", event->af); + return 0; + } + + if (env.print_timestamp) + printf("%-9.3f ", time_since_start(start_time)); + + if (env.print_uid) + printf("%-6d ", event->uid); + + printf("%-6d %-16.16s %-2d %-25s %-25s", + event->pid, event->task, + event->af == AF_INET ? 4 : 6, + inet_ntop(event->af, &s, src, sizeof(src)), + inet_ntop(event->af, &d, dst, sizeof(dst))); + + if (env.source_port) + printf(" %-5d", event->sport); + + printf(" %-5d", ntohs(event->dport)); + printf("\n"); + + return 0; +} + +static void handle_lost_events(void *ctx, int cpu, __u64 lost_cnt) +{ + warning("Lost %llu events on CPU #%d!\n", lost_cnt, cpu); +} + +static int print_events(struct bpf_buffer *buf) +{ + int err; + + err = bpf_buffer__open(buf, handle_event, handle_lost_events, NULL); + if (err) { + warning("Failed to open ring/perf buffer: %d\n", err); + return err; + } + + print_events_headers(); + + while (!exiting) { + err = bpf_buffer__poll(buf, POLL_TIMEOUT_MS); + if (err < 0 && err != -EINTR) { + warning("Error polling ring/perf buffer: %s\n", strerror(-err)); + break; + } + /* reset err to return 0 if exiting */ + err = 0; + } + + return err; +} + +int main(int argc, char *argv[]) +{ + LIBBPF_OPTS(bpf_object_open_opts, open_opts); + static const struct argp argp = { + .options = opts, + .parser = parse_arg, + .doc = argp_program_doc, + }; + struct tcpconnect_bpf *obj; + struct bpf_buffer *buf = NULL; + int err; + + err = argp_parse(&argp, argc, argv, 0, NULL, NULL); + if (err) + return err; + + if (!bpf_is_root()) + return 1; + + libbpf_set_print(libbpf_print_fn); + + err = ensure_core_btf(&open_opts); + if (err) { + warning("Failed to fetch necessary BTF for CO-RE: %s\n", strerror(-err)); + return 1; + } + + obj = tcpconnect_bpf__open_opts(&open_opts); + if (!obj) { + warning("Failed to open BPF objects\n"); + err = 1; + goto cleanup; + } + + buf = bpf_buffer__new(obj->maps.events, obj->maps.heap); + if (!buf) { + warning("Failed to create ring/perf buffer\n"); + err = -errno; + goto cleanup; + } + + if (env.count) + obj->rodata->do_count = true; + if (env.pid) + obj->rodata->filter_pid = env.pid; + if (env.uid != (uid_t)-1) + obj->rodata->filter_uid = env.uid; + if (env.nports > 0) { + obj->rodata->filter_ports_len = env.nports; + for (int i = 0; i < env.nports; i++) + obj->rodata->filter_ports[i] = htons(env.ports[i]); + } + if (env.source_port) + obj->rodata->source_port = true; + + if (fentry_can_attach("tcp_v4_connect", NULL)) { + bpf_program__set_autoload(obj->progs.tcp_v4_connect_kprobe, false); + bpf_program__set_autoload(obj->progs.tcp_v6_connect_kprobe, false); + bpf_program__set_autoload(obj->progs.tcp_v4_connect_ret_kprobe, false); + bpf_program__set_autoload(obj->progs.tcp_v6_connect_ret_kprobe, false); + } else { + bpf_program__set_autoload(obj->progs.tcp_v4_connect, false); + bpf_program__set_autoload(obj->progs.tcp_v6_connect, false); + bpf_program__set_autoload(obj->progs.tcp_v4_connect_ret, false); + bpf_program__set_autoload(obj->progs.tcp_v6_connect_ret, false); + } + + clock_gettime(CLOCK_MONOTONIC, &start_time); + err = tcpconnect_bpf__load(obj); + if (err) { + warning("failed to load BPF object: %d\n", err); + goto cleanup; + } + + err = tcpconnect_bpf__attach(obj); + if (err) { + warning("Failed to attach BPF programs: %s\n", strerror(-err)); + goto cleanup; + } + + if (signal(SIGINT, sig_handler) == SIG_ERR) { + warning("Can't set signal handler: %s\n", strerror(errno)); + err = 1; + goto cleanup; + } + + if (env.count) { + print_count(bpf_map__fd(obj->maps.ipv4_count), + bpf_map__fd(obj->maps.ipv6_count)); + } else { + err = print_events(buf); + } + +cleanup: + tcpconnect_bpf__destroy(obj); + cleanup_core_btf(&open_opts); + + return err != 0; +} + -- Gitee