-
Notifications
You must be signed in to change notification settings - Fork 181
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add an option --filter-trace-tc to trace all tc-bpf progs on host by
fentry-ing on the progs.
To trace tc-bpf, we list all tc-bpf progs first. Then, for each prog, we
have to retrieve its entry function name as fentry attaching function.
And provide prog ID to bpf spec in order to output prog name while
printing event data. And cache prog ID => prog info BTW. Next, we do
fentry on the prog.
Example:
... [<empty>] dummy@TC
Signed-off-by: Leon Hwang <[email protected]>- Loading branch information
Showing
5 changed files
with
242 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,152 @@ | ||
| // SPDX-License-Identifier: Apache-2.0 | ||
| // Copyright 2023 Leon Hwang. | ||
|
|
||
| package pwru | ||
|
|
||
| import ( | ||
| "errors" | ||
| "fmt" | ||
| "log" | ||
|
|
||
| "github.com/cilium/ebpf" | ||
| "github.com/cilium/ebpf/btf" | ||
| "github.com/cilium/ebpf/link" | ||
| "golang.org/x/sys/unix" | ||
| ) | ||
|
|
||
| func listBpfProgs(typ ebpf.ProgramType) ([]*ebpf.Program, error) { | ||
| var ( | ||
| id ebpf.ProgramID | ||
| err error | ||
| ) | ||
|
|
||
| var progs []*ebpf.Program | ||
| for id, err = ebpf.ProgramGetNextID(id); err == nil; id, err = ebpf.ProgramGetNextID(id) { | ||
| prog, err := ebpf.NewProgramFromID(id) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
|
|
||
| if prog.Type() == typ { | ||
| progs = append(progs, prog) | ||
| } else { | ||
| _ = prog.Close() | ||
| } | ||
| } | ||
|
|
||
| if err != nil && !errors.Is(err, unix.ENOENT) { | ||
| return nil, err | ||
| } | ||
|
|
||
| return progs, nil | ||
| } | ||
|
|
||
| func getEntryFuncName(prog *ebpf.Program) (string, error) { | ||
| info, err := prog.Info() | ||
| if err != nil { | ||
| return "", fmt.Errorf("failed to get program info: %w", err) | ||
| } | ||
|
|
||
| id, ok := info.BTFID() | ||
| if !ok { | ||
| return "", fmt.Errorf("bpf program %s does not have BTF", info.Name) | ||
| } | ||
|
|
||
| handle, err := btf.NewHandleFromID(id) | ||
| if err != nil { | ||
| return "", fmt.Errorf("failed to get BTF handle: %w", err) | ||
| } | ||
| defer handle.Close() | ||
|
|
||
| spec, err := handle.Spec(nil) | ||
| if err != nil { | ||
| return "", fmt.Errorf("failed to get BTF spec: %w", err) | ||
| } | ||
|
|
||
| iter := spec.Iterate() | ||
| for iter.Next() { | ||
| if fn, ok := iter.Type.(*btf.Func); ok { | ||
| return fn.Name, nil | ||
| } | ||
| } | ||
|
|
||
| return "", fmt.Errorf("no function found in %s bpf prog", info.Name) | ||
| } | ||
|
|
||
| func TraceTC(prevColl *ebpf.Collection, spec *ebpf.CollectionSpec, | ||
| opts *ebpf.CollectionOptions, outputSkb bool, | ||
| progsInfo map[uint32]*ebpf.ProgramInfo, | ||
| ) (func(), error) { | ||
| progs, err := listBpfProgs(ebpf.SchedCLS) | ||
| if err != nil { | ||
| log.Fatalf("Failed to list TC bpf progs: %v", err) | ||
| } | ||
|
|
||
| // Reusing maps from previous collection is to handle the events together | ||
| // with the kprobes. | ||
| replacedMaps := map[string]*ebpf.Map{ | ||
| "events": prevColl.Maps["events"], | ||
| "print_stack_map": prevColl.Maps["print_stack_map"], | ||
| } | ||
| if outputSkb { | ||
| replacedMaps["print_skb_map"] = prevColl.Maps["print_skb_map"] | ||
| } | ||
| opts.MapReplacements = replacedMaps | ||
|
|
||
| tracings := make([]link.Link, 0, len(progs)) | ||
| for _, prog := range progs { | ||
| info, err := prog.Info() | ||
| if err != nil { | ||
| log.Fatalf("Failed to get program info: %v", err) | ||
| } | ||
|
|
||
| id, ok := info.ID() | ||
| if !ok { | ||
| log.Fatalf("Failed to get program ID") | ||
| } | ||
| progsInfo[uint32(id)] = info | ||
|
|
||
| entryFn, err := getEntryFuncName(prog) | ||
| if err != nil { | ||
| log.Fatalf("Failed to get entry function name: %v", err) | ||
| } | ||
| spec := spec.Copy() | ||
| if err := spec.RewriteConstants(map[string]interface{}{ | ||
| "BPF_PROG_ID": uint32(id), | ||
| }); err != nil { | ||
| log.Fatalf("Failed to rewrite BPF_PROG_ID: %v", err) | ||
| } | ||
| spec.Programs["fentry_tc"].AttachTarget = prog | ||
| spec.Programs["fentry_tc"].AttachTo = entryFn | ||
| coll, err := ebpf.NewCollectionWithOptions(spec, *opts) | ||
| if err != nil { | ||
| var ( | ||
| ve *ebpf.VerifierError | ||
| verifierLog string | ||
| ) | ||
| if errors.As(err, &ve) { | ||
| verifierLog = fmt.Sprintf("Verifier error: %+v\n", ve) | ||
| } | ||
|
|
||
| log.Fatalf("Failed to load objects: %s\n%+v", verifierLog, err) | ||
| } | ||
| defer coll.Close() | ||
|
|
||
| tracing, err := link.AttachTracing(link.TracingOptions{ | ||
| Program: coll.Programs["fentry_tc"], | ||
| }) | ||
| if err != nil { | ||
| log.Fatalf("Failed to attach tracing: %v", err) | ||
| } | ||
| tracings = append(tracings, tracing) | ||
| } | ||
|
|
||
| return func() { | ||
| for _, tracing := range tracings { | ||
| _ = tracing.Close() | ||
| } | ||
| for _, prog := range progs { | ||
| _ = prog.Close() | ||
| } | ||
| }, nil | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -39,11 +39,13 @@ type output struct { | |
| kprobeMulti bool | ||
| kfreeReasons map[uint64]string | ||
| ifaceCache map[uint64]map[uint32]string | ||
| progsInfo map[uint32]*ebpf.ProgramInfo | ||
| } | ||
|
|
||
| func NewOutput(flags *Flags, printSkbMap *ebpf.Map, printStackMap *ebpf.Map, | ||
| addr2Name Addr2Name, kprobeMulti bool, btfSpec *btf.Spec) (*output, error) { | ||
|
|
||
| addr2Name Addr2Name, kprobeMulti bool, btfSpec *btf.Spec, | ||
| info map[uint32]*ebpf.ProgramInfo, | ||
| ) (*output, error) { | ||
| writer := os.Stdout | ||
|
|
||
| if flags.OutputFile != "" { | ||
|
|
@@ -77,6 +79,7 @@ func NewOutput(flags *Flags, printSkbMap *ebpf.Map, printStackMap *ebpf.Map, | |
| kprobeMulti: kprobeMulti, | ||
| kfreeReasons: reasons, | ||
| ifaceCache: ifs, | ||
| progsInfo: info, | ||
| }, nil | ||
| } | ||
|
|
||
|
|
@@ -127,6 +130,14 @@ func (o *output) Print(event *Event) { | |
| // See https://lore.kernel.org/bpf/[email protected]/ | ||
| // for more ctx. | ||
| funcName = ksym.name | ||
| } else if event.Type == EventTypeTc { | ||
| progID := uint32(event.Addr) | ||
| info, ok := o.progsInfo[progID] | ||
| if ok { | ||
| funcName = fmt.Sprintf("%s@TC", info.Name) | ||
| } else { | ||
| funcName = fmt.Sprintf("ID(%d)@TC", progID) | ||
| } | ||
| } else { | ||
| funcName = fmt.Sprintf("0x%x", addr) | ||
| } | ||
|
|
@@ -235,7 +246,6 @@ func getKFreeSKBReasons(spec *btf.Spec) (map[uint64]string, error) { | |
| ret := map[uint64]string{} | ||
| for _, val := range dropReasonsEnum.Values { | ||
| ret[uint64(val.Value)] = val.Name | ||
|
|
||
| } | ||
|
|
||
| return ret, nil | ||
|
|
@@ -293,7 +303,6 @@ func getIfaces() (map[uint64]map[uint32]string, error) { | |
| } | ||
|
|
||
| return ifaceCache, err | ||
|
|
||
| } | ||
|
|
||
| func getIfacesInNetNs(path string) (map[uint32]string, error) { | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.