From eae0acfb493a2dc0273cfd65856271aabb5b9c67 Mon Sep 17 00:00:00 2001 From: Paul Chaignon Date: Sat, 5 Aug 2017 23:04:41 +0200 Subject: Trace external pointers through maps The bcc rewriter currently traces external pointers using ProbeVisitor in order to replace dereferences with calls to bpf_probe_read. It is, however, unable to trace them through maps. This commit remedy this for simple (yet common) cases. Through a first traversal of the Clang AST, MapVisitor looks for calls to update (and insert) to find maps with an external pointer as value. When ProbeVisitor runs, in a second time, it looks for calls to lookup (and lookup_or_init). If the map was registered as having an external pointer as value, the l-value of the lookup assignment is marked as being an external pointer. Two traversals of the Clang AST are needed because the update of a map may happen after the lookup in the AST. Therefore, the first traversal makes sure we inspect all updates before acting on lookups. To implement this two-stage traversal without parsing the AST twice, ProbeConsumer and BTypeConsumer now implement HandleTranslationUnit, which is called after a whole translation unit has been parsed. --- examples/tracing/tcpv4connect.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'examples') diff --git a/examples/tracing/tcpv4connect.py b/examples/tracing/tcpv4connect.py index 1256f5d2..8a89469d 100755 --- a/examples/tracing/tcpv4connect.py +++ b/examples/tracing/tcpv4connect.py @@ -55,11 +55,9 @@ int kretprobe__tcp_v4_connect(struct pt_regs *ctx) // pull in details struct sock *skp = *skpp; - u32 saddr = 0, daddr = 0; - u16 dport = 0; - bpf_probe_read(&saddr, sizeof(saddr), &skp->__sk_common.skc_rcv_saddr); - bpf_probe_read(&daddr, sizeof(daddr), &skp->__sk_common.skc_daddr); - bpf_probe_read(&dport, sizeof(dport), &skp->__sk_common.skc_dport); + u32 saddr = skp->__sk_common.skc_rcv_saddr; + u32 daddr = skp->__sk_common.skc_daddr; + u16 dport = skp->__sk_common.skc_dport; // output bpf_trace_printk("trace_tcp4connect %x %x %d\\n", saddr, daddr, ntohs(dport)); -- cgit v1.2.3