tools: filter/display using PID intead of TID
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
diff --git a/tools/sslsniff.py b/tools/sslsniff.py
index 0200750..02b7360 100755
--- a/tools/sslsniff.py
+++ b/tools/sslsniff.py
@@ -66,7 +66,9 @@
BPF_PERF_OUTPUT(perf_SSL_write);
int probe_SSL_write(struct pt_regs *ctx, void *ssl, void *buf, int num) {
- u32 pid = bpf_get_current_pid_tgid();
+ u64 pid_tgid = bpf_get_current_pid_tgid();
+ u32 pid = pid_tgid >> 32;
+
FILTER
struct probe_SSL_data_t __data = {0};
@@ -89,18 +91,24 @@
BPF_HASH(bufs, u32, u64);
int probe_SSL_read_enter(struct pt_regs *ctx, void *ssl, void *buf, int num) {
- u32 pid = bpf_get_current_pid_tgid();
+ u64 pid_tgid = bpf_get_current_pid_tgid();
+ u32 pid = pid_tgid >> 32;
+ u32 tid = (u32)pid_tgid;
+
FILTER
- bufs.update(&pid, (u64*)&buf);
+ bufs.update(&tid, (u64*)&buf);
return 0;
}
int probe_SSL_read_exit(struct pt_regs *ctx, void *ssl, void *buf, int num) {
- u32 pid = bpf_get_current_pid_tgid();
+ u64 pid_tgid = bpf_get_current_pid_tgid();
+ u32 pid = pid_tgid >> 32;
+ u32 tid = (u32)pid_tgid;
+
FILTER
- u64 *bufp = bufs.lookup(&pid);
+ u64 *bufp = bufs.lookup(&tid);
if (bufp == 0) {
return 0;
}
@@ -116,7 +124,7 @@
bpf_probe_read_user(&__data.v0, sizeof(__data.v0), (char *)*bufp);
}
- bufs.delete(&pid);
+ bufs.delete(&tid);
perf_SSL_read.perf_submit(ctx, &__data, sizeof(__data));
return 0;
@@ -176,7 +184,7 @@
# header
-print("%-12s %-18s %-16s %-6s %-6s" % ("FUNC", "TIME(s)", "COMM", "PID",
+print("%-12s %-18s %-16s %-7s %-6s" % ("FUNC", "TIME(s)", "COMM", "PID",
"LEN"))
# process event
@@ -213,7 +221,7 @@
e_mark = "-" * 5 + " END DATA (TRUNCATED, " + str(truncated_bytes) + \
" bytes lost) " + "-" * 5
- fmt = "%-12s %-18.9f %-16s %-6d %-6d\n%s\n%s\n%s\n\n"
+ fmt = "%-12s %-18.9f %-16s %-7d %-6d\n%s\n%s\n%s\n\n"
if args.hexdump:
unwrapped_data = binascii.hexlify(event.v0)
data = textwrap.fill(unwrapped_data.decode('utf-8', 'replace'),width=32)