Commit bbc3fbfe authored by 4ast's avatar 4ast Committed by GitHub

Merge pull request #1715 from iovisor/yhs_dev

introduce C++ get_syscall_fnname API
parents 533d1d3f 28b7fff9
......@@ -27,8 +27,9 @@ int main() {
std::ifstream pipe("/sys/kernel/debug/tracing/trace_pipe");
std::string line;
std::string clone_fnname = bpf.get_syscall_fnname("clone");
auto attach_res = bpf.attach_kprobe("sys_clone", "on_sys_clone");
auto attach_res = bpf.attach_kprobe(clone_fnname, "on_sys_clone");
if (attach_res.code() != 0) {
std::cerr << attach_res.msg() << std::endl;
return 1;
......@@ -38,7 +39,7 @@ int main() {
if (std::getline(pipe, line)) {
std::cout << line << std::endl;
// Detach the probe if we got at least one line.
auto detach_res = bpf.detach_kprobe("sys_clone");
auto detach_res = bpf.detach_kprobe(clone_fnname);
if (detach_res.code() != 0) {
std::cerr << detach_res.msg() << std::endl;
return 1;
......
......@@ -39,6 +39,11 @@
namespace ebpf {
static const char *syscall_prefix[] = {
"sys_",
"__x64_sys_",
};
std::string uint_to_hex(uint64_t value) {
std::stringstream ss;
ss << std::hex << value;
......@@ -57,6 +62,10 @@ StatusTuple BPF::init(const std::string& bpf_program,
const std::vector<std::string>& cflags,
const std::vector<USDT>& usdt) {
std::string all_bpf_program;
bcc_symbol_option symbol_option = {};
void *ksym_cache;
uint64_t addr;
int ret;
for (auto u : usdt) {
if (!u.initialized_)
......@@ -74,6 +83,16 @@ StatusTuple BPF::init(const std::string& bpf_program,
if (bpf_module_->load_string(all_bpf_program, flags, flags_len) != 0)
return StatusTuple(-1, "Unable to initialize BPF program");
ksym_cache = bcc_symcache_new(-1, &symbol_option);
ret = bcc_symcache_resolve_name(ksym_cache, NULL, "sys_bpf", &addr);
if (ret == 0) {
syscall_prefix_idx_ = 0;
} else {
ret = bcc_symcache_resolve_name(ksym_cache, NULL, "__x64_sys_bpf", &addr);
syscall_prefix_idx_ = (ret == 0) ? 1 : 0;
}
bcc_free_symcache(ksym_cache, -1);
return StatusTuple(0);
};
......@@ -548,6 +567,11 @@ StatusTuple BPF::unload_func(const std::string& func_name) {
return StatusTuple(0);
}
std::string BPF::get_syscall_fnname(const std::string &name) {
std::string fn_name = syscall_prefix[syscall_prefix_idx_] + name;
return std::move(fn_name);
}
StatusTuple BPF::check_binary_symbol(const std::string& binary_path,
const std::string& symbol,
uint64_t symbol_addr,
......
......@@ -47,7 +47,8 @@ class BPF {
explicit BPF(unsigned int flag = 0, TableStorage* ts = nullptr,
bool rw_engine_enabled = true)
: flag_(flag), bpf_module_(new BPFModule(flag, ts, rw_engine_enabled)) {}
: flag_(flag), syscall_prefix_idx_(0),
bpf_module_(new BPFModule(flag, ts, rw_engine_enabled)) {}
StatusTuple init(const std::string& bpf_program,
const std::vector<std::string>& cflags = {},
const std::vector<USDT>& usdt = {});
......@@ -90,6 +91,7 @@ class BPF {
int group_fd = -1);
StatusTuple detach_perf_event(uint32_t ev_type, uint32_t ev_config);
StatusTuple detach_perf_event_raw(void* perf_event_attr);
std::string get_syscall_fnname(const std::string &name);
BPFTable get_table(const std::string& name) {
TableStorage::iterator it;
......@@ -214,6 +216,8 @@ class BPF {
int flag_;
int syscall_prefix_idx_;
std::unique_ptr<BPFModule> bpf_module_;
std::map<std::string, int> funcs_;
......
......@@ -178,10 +178,11 @@ TEST_CASE("test bpf stack table", "[bpf_stack_table]") {
ebpf::StatusTuple res(0);
res = bpf.init(BPF_PROGRAM);
REQUIRE(res.code() == 0);
res = bpf.attach_kprobe("sys_getuid", "on_sys_getuid");
std::string getuid_fnname = bpf.get_syscall_fnname("getuid");
res = bpf.attach_kprobe(getuid_fnname, "on_sys_getuid");
REQUIRE(res.code() == 0);
REQUIRE(getuid() >= 0);
res = bpf.detach_kprobe("sys_getuid");
res = bpf.detach_kprobe(getuid_fnname);
REQUIRE(res.code() == 0);
auto id = bpf.get_hash_table<int, int>("id");
......
......@@ -62,10 +62,11 @@ TEST_CASE("test read perf event", "[bpf_perf_event]") {
res =
bpf.open_perf_event("cnt", PERF_TYPE_SOFTWARE, PERF_COUNT_SW_CPU_CLOCK);
REQUIRE(res.code() == 0);
res = bpf.attach_kprobe("sys_getuid", "on_sys_getuid");
std::string getuid_fnname = bpf.get_syscall_fnname("getuid");
res = bpf.attach_kprobe(getuid_fnname, "on_sys_getuid");
REQUIRE(res.code() == 0);
REQUIRE(getuid() >= 0);
res = bpf.detach_kprobe("sys_getuid");
res = bpf.detach_kprobe(getuid_fnname);
REQUIRE(res.code() == 0);
res = bpf.close_perf_event("cnt");
REQUIRE(res.code() == 0);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment