tracex1_kern.c (1805B)
1/* Copyright (c) 2013-2015 PLUMgrid, http://plumgrid.com 2 * 3 * This program is free software; you can redistribute it and/or 4 * modify it under the terms of version 2 of the GNU General Public 5 * License as published by the Free Software Foundation. 6 */ 7#include <linux/skbuff.h> 8#include <linux/netdevice.h> 9#include <uapi/linux/bpf.h> 10#include <linux/version.h> 11#include <bpf/bpf_helpers.h> 12#include <bpf/bpf_tracing.h> 13 14#define _(P) \ 15 ({ \ 16 typeof(P) val = 0; \ 17 bpf_probe_read_kernel(&val, sizeof(val), &(P)); \ 18 val; \ 19 }) 20 21/* kprobe is NOT a stable ABI 22 * kernel functions can be removed, renamed or completely change semantics. 23 * Number of arguments and their positions can change, etc. 24 * In such case this bpf+kprobe example will no longer be meaningful 25 */ 26SEC("kprobe/__netif_receive_skb_core") 27int bpf_prog1(struct pt_regs *ctx) 28{ 29 /* attaches to kprobe __netif_receive_skb_core, 30 * looks for packets on loobpack device and prints them 31 */ 32 char devname[IFNAMSIZ]; 33 struct net_device *dev; 34 struct sk_buff *skb; 35 int len; 36 37 /* non-portable! works for the given kernel only */ 38 bpf_probe_read_kernel(&skb, sizeof(skb), (void *)PT_REGS_PARM1(ctx)); 39 dev = _(skb->dev); 40 len = _(skb->len); 41 42 bpf_probe_read_kernel(devname, sizeof(devname), dev->name); 43 44 if (devname[0] == 'l' && devname[1] == 'o') { 45 char fmt[] = "skb %p len %d\n"; 46 /* using bpf_trace_printk() for DEBUG ONLY */ 47 bpf_trace_printk(fmt, sizeof(fmt), skb, len); 48 } 49 50 return 0; 51} 52 53char _license[] SEC("license") = "GPL"; 54u32 _version SEC("version") = LINUX_VERSION_CODE;