eBPF Talk: trace sockops 程序

• eBPF Talk: trace XDP 程序
• eBPF Talk: trace tc-bpf 程序
• eBPF Talk: trace bpf2bpf 函数调用
• eBPF Talk: trace freplace 程序
• eBPF Talk: trace tailcall 程序？NO！
• eBPF Talk: trace kprobe 程序
• eBPF Talk: trace tracepoint 程序

trace sockops 程序的 demo

demo 效果如下：

# ./fentry_fexit-sockops
2024/09/21 04:35:15 Attached sockops fentry(sockops_example)
2024/09/21 04:35:15 Attached sockops fexit(sockops_example)

# cat /sys/kernel/debug/tracing/trace_pipe
            curl-366500  [003] ...12 567047.039684: bpf_trace_printk: fentry sockops: TCP_CONNECT_CB
            curl-366500  [003] ...12 567047.039718: bpf_trace_printk: fexit  sockops: TCP_CONNECT_CB, retval: 0
            curl-366500  [003] ...12 567047.039720: bpf_trace_printk: fentry sockops: RWND_INIT
            curl-366500  [003] ...12 567047.039721: bpf_trace_printk: fexit  sockops: RWND_INIT, retval: 0
            curl-366500  [003] ...12 567047.039722: bpf_trace_printk: fentry sockops: TIMEOUT_INIT
            curl-366500  [003] ...12 567047.039722: bpf_trace_printk: fexit  sockops: TIMEOUT_INIT, retval: 0
            curl-366500  [003] ...12 567047.039725: bpf_trace_printk: fentry sockops: NEEDS_ECN
            curl-366500  [003] ...12 567047.039725: bpf_trace_printk: fexit  sockops: NEEDS_ECN, retval: 0
          <idle>-0       [006] ..s32 567047.065954: bpf_trace_printk: fentry sockops: ACTIVE_ESTABLISHED_CB
          <idle>-0       [006] ..s31 567047.065994: bpf_trace_printk: active established: 192.168.241.133:54920 -> 64.233.170.102:443
          <idle>-0       [006] ..s32 567047.065995: bpf_trace_printk: fexit  sockops: ACTIVE_ESTABLISHED_CB, retval: 0
          <idle>-0       [006] b.s22 567050.235378: bpf_trace_printk: fentry sockops: RWND_INIT
          <idle>-0       [006] b.s22 567050.235415: bpf_trace_printk: fexit  sockops: RWND_INIT, retval: 0
          <idle>-0       [006] b.s22 567050.235441: bpf_trace_printk: fentry sockops: TIMEOUT_INIT
          <idle>-0       [006] b.s22 567050.235442: bpf_trace_printk: fexit  sockops: TIMEOUT_INIT, retval: 0
          <idle>-0       [006] b.s22 567050.235446: bpf_trace_printk: fentry sockops: NEEDS_ECN
          <idle>-0       [006] b.s22 567050.235447: bpf_trace_printk: fexit  sockops: NEEDS_ECN, retval: 0
          <idle>-0       [006] .Ns32 567050.235773: bpf_trace_printk: fentry sockops: PASSIVE_ESTABLISHED_CB
          <idle>-0       [006] .Ns31 567050.235804: bpf_trace_printk: passive established: 192.168.241.133:22 -> 192.168.241.1:60425
          <idle>-0       [006] .Ns32 567050.235806: bpf_trace_printk: fexit  sockops: PASSIVE_ESTABLISHED_CB, retval: 0

其中 trace sockops 的办法是 fentry 和 fexit。