tracex6_kern.c (1478B)
1#include <linux/ptrace.h> 2#include <linux/version.h> 3#include <uapi/linux/bpf.h> 4#include <bpf/bpf_helpers.h> 5 6struct { 7 __uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY); 8 __uint(key_size, sizeof(int)); 9 __uint(value_size, sizeof(u32)); 10 __uint(max_entries, 64); 11} counters SEC(".maps"); 12 13struct { 14 __uint(type, BPF_MAP_TYPE_HASH); 15 __type(key, int); 16 __type(value, u64); 17 __uint(max_entries, 64); 18} values SEC(".maps"); 19 20struct { 21 __uint(type, BPF_MAP_TYPE_HASH); 22 __type(key, int); 23 __type(value, struct bpf_perf_event_value); 24 __uint(max_entries, 64); 25} values2 SEC(".maps"); 26 27SEC("kprobe/htab_map_get_next_key") 28int bpf_prog1(struct pt_regs *ctx) 29{ 30 u32 key = bpf_get_smp_processor_id(); 31 u64 count, *val; 32 s64 error; 33 34 count = bpf_perf_event_read(&counters, key); 35 error = (s64)count; 36 if (error <= -2 && error >= -22) 37 return 0; 38 39 val = bpf_map_lookup_elem(&values, &key); 40 if (val) 41 *val = count; 42 else 43 bpf_map_update_elem(&values, &key, &count, BPF_NOEXIST); 44 45 return 0; 46} 47 48SEC("kprobe/htab_map_lookup_elem") 49int bpf_prog2(struct pt_regs *ctx) 50{ 51 u32 key = bpf_get_smp_processor_id(); 52 struct bpf_perf_event_value *val, buf; 53 int error; 54 55 error = bpf_perf_event_read_value(&counters, key, &buf, sizeof(buf)); 56 if (error) 57 return 0; 58 59 val = bpf_map_lookup_elem(&values2, &key); 60 if (val) 61 *val = buf; 62 else 63 bpf_map_update_elem(&values2, &key, &buf, BPF_NOEXIST); 64 65 return 0; 66} 67 68char _license[] SEC("license") = "GPL"; 69u32 _version SEC("version") = LINUX_VERSION_CODE;