graymon
graymon
This PR uses &skb to track skb instead of skb->head to prevent several issues. XDP tracing is also taken care of by introducing a new bpf map `xdp_dhs_skb_heads`.
Otherwise things could get broken silently.
Fixes: #4188 ##### Checklist - [ ] Language changes are updated in `man/adoc/bpftrace.adoc` - [ ] User-visible and non-trivial changes updated in `CHANGELOG.md` - [ ] The new behaviour is...
The https://github.com/jschwinger233/elibpcap has been adopted by several popular projects such as https://github.com/gojue/ecapture, let's use it to simplify the codebase. Historically, elibpcap was derived from pwru/internal/libpcap/ following #198. The two share...
#412 turns out to be buggy because per-cpu maps on kprobe aren't safe: https://lore.kernel.org/bpf/CAMy7=ZWPc279vnKK6L1fssp5h7cb6cqS9_EuMNbfVBg_ixmTrQ@mail.gmail.com/T/
This PR adds `--output-bpfmap` flag to collect and print bpfmap ID, name, key(hex) and value(hex). ``` # pwru --output-caller --filter-track-skb --filter-track-bpf-helpers --output-bpfmap 'src port 19233 and tcp[tcpflags]=tcp-syn' 2025/01/05 19:28:56 Attaching...
Running pwru to capture traffic between cilium's test-conn-disrupt-server and test-conn-disrupt-client (`cilium-cli connectivity test --include-conn-disrupt-test --conn-disrupt-test-setup --conn-disrupt-dispatch-interval 0ms`) ends up with inaccurate output. There could be multiple reasons, like bpf hash...
### Background tgid_pname_map 只是用在 cookie_pid_map update 失败时的 fallback: 1. cookie_pid_map update 失败是少见的情况,在正常场景下不需维护 tgid_pname_map。 2. 就算是 cookie_pid_map update 失败,先 `_update_map_elem_by_cookie()` 里 tgid_pname_map[pid] = val 再在上层函数 `update_map_elem_by_cookie()` 里读 tgid_pname_map[pid] 也是多此一举,一个指针传递就行了,无需用 map。 这个...