tcp to bpf_perf_output
diff --git a/tools/old/tcpaccept.py b/tools/old/tcpaccept.py
new file mode 100755
index 0000000..2fda8a7
--- /dev/null
+++ b/tools/old/tcpaccept.py
@@ -0,0 +1,134 @@
+#!/usr/bin/python
+# @lint-avoid-python-3-compatibility-imports
+#
+# tcpaccept Trace TCP accept()s.
+# For Linux, uses BCC, eBPF. Embedded C.
+#
+# USAGE: tcpaccept [-h] [-t] [-p PID]
+#
+# This uses dynamic tracing of the kernel inet_csk_accept() socket function
+# (from tcp_prot.accept), and will need to be modified to match kernel changes.
+#
+# IPv4 addresses are printed as dotted quads. For IPv6 addresses, the last four
+# bytes are printed after "..."; check for future versions with better IPv6
+# support.
+#
+# Copyright (c) 2015 Brendan Gregg.
+# Licensed under the Apache License, Version 2.0 (the "License")
+#
+# 13-Oct-2015 Brendan Gregg Created this.
+
+from __future__ import print_function
+from bcc import BPF
+import argparse
+
+# arguments
+examples = """examples:
+ ./tcpaccept # trace all TCP accept()s
+ ./tcpaccept -t # include timestamps
+ ./tcpaccept -p 181 # only trace PID 181
+"""
+parser = argparse.ArgumentParser(
+ description="Trace TCP accepts",
+ formatter_class=argparse.RawDescriptionHelpFormatter,
+ epilog=examples)
+parser.add_argument("-t", "--timestamp", action="store_true",
+ help="include timestamp on output")
+parser.add_argument("-p", "--pid",
+ help="trace this PID only")
+args = parser.parse_args()
+debug = 0
+
+# define BPF program
+bpf_text = """
+#include <uapi/linux/ptrace.h>
+#include <net/sock.h>
+#include <bcc/proto.h>
+
+int kretprobe__inet_csk_accept(struct pt_regs *ctx)
+{
+ struct sock *newsk = (struct sock *)ctx->ax;
+ u32 pid = bpf_get_current_pid_tgid();
+
+ if (newsk == NULL)
+ return 0;
+
+ // check this is TCP
+ u8 protocol = 0;
+ // workaround for reading the sk_protocol bitfield:
+ bpf_probe_read(&protocol, 1, (void *)((long)&newsk->sk_wmem_queued) - 3);
+ if (protocol != IPPROTO_TCP)
+ return 0;
+
+ // pull in details
+ u16 family = 0, lport = 0;
+ u32 saddr = 0, daddr = 0;
+ bpf_probe_read(&family, sizeof(family), &newsk->__sk_common.skc_family);
+ bpf_probe_read(&lport, sizeof(lport), &newsk->__sk_common.skc_num);
+ if (family == AF_INET) {
+ bpf_probe_read(&saddr, sizeof(saddr),
+ &newsk->__sk_common.skc_rcv_saddr);
+ bpf_probe_read(&daddr, sizeof(daddr),
+ &newsk->__sk_common.skc_daddr);
+
+ // output
+ bpf_trace_printk("4 %x %x %d\\n", daddr, saddr, lport);
+ } else if (family == AF_INET6) {
+ // just grab the last 4 bytes for now
+ bpf_probe_read(&saddr, sizeof(saddr),
+ &newsk->__sk_common.skc_v6_rcv_saddr.in6_u.u6_addr32[3]);
+ bpf_probe_read(&daddr, sizeof(daddr),
+ &newsk->__sk_common.skc_v6_daddr.in6_u.u6_addr32[3]);
+
+ // output and flip byte order of addresses
+ bpf_trace_printk("6 %x %x %d\\n", bpf_ntohl(daddr),
+ bpf_ntohl(saddr), lport);
+ }
+ // else drop
+
+ return 0;
+}
+"""
+
+# code substitutions
+if args.pid:
+ bpf_text = bpf_text.replace('FILTER',
+ 'if (pid != %s) { return 0; }' % args.pid)
+else:
+ bpf_text = bpf_text.replace('FILTER', '')
+if debug:
+ print(bpf_text)
+
+# initialize BPF
+b = BPF(text=bpf_text)
+
+# header
+if args.timestamp:
+ print("%-9s" % ("TIME(s)"), end="")
+print("%-6s %-12s %-2s %-16s %-16s %-4s" % ("PID", "COMM", "IP", "RADDR",
+ "LADDR", "LPORT"))
+
+start_ts = 0
+
+def inet_ntoa(addr):
+ dq = ''
+ for i in range(0, 4):
+ dq = dq + str(addr & 0xff)
+ if (i != 3):
+ dq = dq + '.'
+ addr = addr >> 8
+ return dq
+
+# format output
+while 1:
+ (task, pid, cpu, flags, ts, msg) = b.trace_fields()
+ (ip_s, raddr_hs, laddr_hs, lport_s) = msg.split(" ")
+
+ if args.timestamp:
+ if start_ts == 0:
+ start_ts = ts
+ print("%-9.3f" % (ts - start_ts), end="")
+ print("%-6d %-12.12s %-2s %-16s %-16s %-4s" % (pid, task, ip_s,
+ inet_ntoa(int(raddr_hs, 16)) if ip_s == "4" else "..." + raddr_hs,
+ inet_ntoa(int(laddr_hs, 16)) if ip_s == "4" else "..." + laddr_hs,
+ lport_s))
diff --git a/tools/old/tcpconnect.py b/tools/old/tcpconnect.py
new file mode 100755
index 0000000..2fb5307
--- /dev/null
+++ b/tools/old/tcpconnect.py
@@ -0,0 +1,160 @@
+#!/usr/bin/python
+# @lint-avoid-python-3-compatibility-imports
+#
+# tcpconnect Trace TCP connect()s.
+# For Linux, uses BCC, eBPF. Embedded C.
+#
+# USAGE: tcpconnect [-h] [-t] [-p PID]
+#
+# All connection attempts are traced, even if they ultimately fail.
+#
+# Copyright (c) 2015 Brendan Gregg.
+# Licensed under the Apache License, Version 2.0 (the "License")
+#
+# 25-Sep-2015 Brendan Gregg Created this.
+
+from __future__ import print_function
+from bcc import BPF
+import argparse
+
+# arguments
+examples = """examples:
+ ./tcpconnect # trace all TCP connect()s
+ ./tcpconnect -t # include timestamps
+ ./tcpconnect -p 181 # only trace PID 181
+"""
+parser = argparse.ArgumentParser(
+ description="Trace TCP connects",
+ formatter_class=argparse.RawDescriptionHelpFormatter,
+ epilog=examples)
+parser.add_argument("-t", "--timestamp", action="store_true",
+ help="include timestamp on output")
+parser.add_argument("-p", "--pid",
+ help="trace this PID only")
+args = parser.parse_args()
+debug = 0
+
+# define BPF program
+bpf_text = """
+#include <uapi/linux/ptrace.h>
+#include <net/sock.h>
+#include <bcc/proto.h>
+
+BPF_HASH(currsock, u32, struct sock *);
+
+int trace_connect_entry(struct pt_regs *ctx, struct sock *sk)
+{
+ u32 pid = bpf_get_current_pid_tgid();
+ FILTER
+
+ // stash the sock ptr for lookup on return
+ currsock.update(&pid, &sk);
+
+ return 0;
+};
+
+static int trace_connect_return(struct pt_regs *ctx, short ipver)
+{
+ int ret = ctx->ax;
+ u32 pid = bpf_get_current_pid_tgid();
+
+ struct sock **skpp;
+ skpp = currsock.lookup(&pid);
+ if (skpp == 0) {
+ return 0; // missed entry
+ }
+
+ if (ret != 0) {
+ // failed to send SYNC packet, may not have populated
+ // socket __sk_common.{skc_rcv_saddr, ...}
+ currsock.delete(&pid);
+ return 0;
+ }
+
+ // pull in details
+ struct sock *skp = *skpp;
+ u32 saddr = 0, daddr = 0;
+ u16 dport = 0;
+ bpf_probe_read(&dport, sizeof(dport), &skp->__sk_common.skc_dport);
+ if (ipver == 4) {
+ bpf_probe_read(&saddr, sizeof(saddr),
+ &skp->__sk_common.skc_rcv_saddr);
+ bpf_probe_read(&daddr, sizeof(daddr),
+ &skp->__sk_common.skc_daddr);
+
+ // output
+ bpf_trace_printk("4 %x %x %d\\n", saddr, daddr, ntohs(dport));
+ } else /* 6 */ {
+ // just grab the last 4 bytes for now
+ bpf_probe_read(&saddr, sizeof(saddr),
+ &skp->__sk_common.skc_v6_rcv_saddr.in6_u.u6_addr32[3]);
+ bpf_probe_read(&daddr, sizeof(daddr),
+ &skp->__sk_common.skc_v6_daddr.in6_u.u6_addr32[3]);
+
+ // output and flip byte order of addresses
+ bpf_trace_printk("6 %x %x %d\\n", bpf_ntohl(saddr),
+ bpf_ntohl(daddr), ntohs(dport));
+ }
+
+ currsock.delete(&pid);
+
+ return 0;
+}
+
+int trace_connect_v4_return(struct pt_regs *ctx)
+{
+ return trace_connect_return(ctx, 4);
+}
+
+int trace_connect_v6_return(struct pt_regs *ctx)
+{
+ return trace_connect_return(ctx, 6);
+}
+"""
+
+# code substitutions
+if args.pid:
+ bpf_text = bpf_text.replace('FILTER',
+ 'if (pid != %s) { return 0; }' % args.pid)
+else:
+ bpf_text = bpf_text.replace('FILTER', '')
+if debug:
+ print(bpf_text)
+
+# initialize BPF
+b = BPF(text=bpf_text)
+b.attach_kprobe(event="tcp_v4_connect", fn_name="trace_connect_entry")
+b.attach_kprobe(event="tcp_v6_connect", fn_name="trace_connect_entry")
+b.attach_kretprobe(event="tcp_v4_connect", fn_name="trace_connect_v4_return")
+b.attach_kretprobe(event="tcp_v6_connect", fn_name="trace_connect_v6_return")
+
+# header
+if args.timestamp:
+ print("%-9s" % ("TIME(s)"), end="")
+print("%-6s %-12s %-2s %-16s %-16s %-4s" % ("PID", "COMM", "IP", "SADDR",
+ "DADDR", "DPORT"))
+
+start_ts = 0
+
+def inet_ntoa(addr):
+ dq = ''
+ for i in range(0, 4):
+ dq = dq + str(addr & 0xff)
+ if (i != 3):
+ dq = dq + '.'
+ addr = addr >> 8
+ return dq
+
+# format output
+while 1:
+ (task, pid, cpu, flags, ts, msg) = b.trace_fields()
+ (ip_s, saddr_hs, daddr_hs, dport_s) = msg.split(" ")
+
+ if args.timestamp:
+ if start_ts == 0:
+ start_ts = ts
+ print("%-9.3f" % (ts - start_ts), end="")
+ print("%-6d %-12.12s %-2s %-16s %-16s %-4s" % (pid, task, ip_s,
+ inet_ntoa(int(saddr_hs, 16)) if ip_s == "4" else "..." + saddr_hs,
+ inet_ntoa(int(daddr_hs, 16)) if ip_s == "4" else "..." + daddr_hs,
+ dport_s))
diff --git a/tools/tcpaccept.py b/tools/tcpaccept.py
index 2fda8a7..5c41e74 100755
--- a/tools/tcpaccept.py
+++ b/tools/tcpaccept.py
@@ -17,10 +17,12 @@
# Licensed under the Apache License, Version 2.0 (the "License")
#
# 13-Oct-2015 Brendan Gregg Created this.
+# 14-Feb-2016 " " Switch to bpf_perf_output.
from __future__ import print_function
from bcc import BPF
import argparse
+import ctypes as ct
# arguments
examples = """examples:
@@ -45,6 +47,31 @@
#include <net/sock.h>
#include <bcc/proto.h>
+// separate data structs for ipv4 and ipv6
+struct ipv4_data_t {
+ // XXX: switch some to u32's when supported
+ u64 ts_us;
+ u64 pid;
+ u64 ip;
+ u64 saddr;
+ u64 daddr;
+ u64 lport;
+ char task[TASK_COMM_LEN];
+};
+BPF_PERF_OUTPUT(ipv4_events);
+
+struct ipv6_data_t {
+ // XXX: update to transfer full ipv6 addrs
+ u64 ts_us;
+ u64 pid;
+ u64 ip;
+ u64 saddr;
+ u64 daddr;
+ u64 lport;
+ char task[TASK_COMM_LEN];
+};
+BPF_PERF_OUTPUT(ipv6_events);
+
int kretprobe__inet_csk_accept(struct pt_regs *ctx)
{
struct sock *newsk = (struct sock *)ctx->ax;
@@ -62,27 +89,34 @@
// pull in details
u16 family = 0, lport = 0;
- u32 saddr = 0, daddr = 0;
bpf_probe_read(&family, sizeof(family), &newsk->__sk_common.skc_family);
bpf_probe_read(&lport, sizeof(lport), &newsk->__sk_common.skc_num);
- if (family == AF_INET) {
- bpf_probe_read(&saddr, sizeof(saddr),
- &newsk->__sk_common.skc_rcv_saddr);
- bpf_probe_read(&daddr, sizeof(daddr),
- &newsk->__sk_common.skc_daddr);
- // output
- bpf_trace_printk("4 %x %x %d\\n", daddr, saddr, lport);
+ if (family == AF_INET) {
+ struct ipv4_data_t data4 = {.pid = pid, .ip = 4};
+ data4.ts_us = bpf_ktime_get_ns() / 1000;
+ bpf_probe_read(&data4.saddr, sizeof(u32),
+ &newsk->__sk_common.skc_rcv_saddr);
+ bpf_probe_read(&data4.daddr, sizeof(u32),
+ &newsk->__sk_common.skc_daddr);
+ data4.lport = lport;
+ bpf_get_current_comm(&data4.task, sizeof(data4.task));
+ ipv4_events.perf_submit(ctx, &data4, sizeof(data4));
+
} else if (family == AF_INET6) {
+ struct ipv6_data_t data6 = {.pid = pid, .ip = 6};
+ data6.ts_us = bpf_ktime_get_ns() / 1000;
// just grab the last 4 bytes for now
+ u32 saddr = 0, daddr = 0;
bpf_probe_read(&saddr, sizeof(saddr),
&newsk->__sk_common.skc_v6_rcv_saddr.in6_u.u6_addr32[3]);
bpf_probe_read(&daddr, sizeof(daddr),
&newsk->__sk_common.skc_v6_daddr.in6_u.u6_addr32[3]);
-
- // output and flip byte order of addresses
- bpf_trace_printk("6 %x %x %d\\n", bpf_ntohl(daddr),
- bpf_ntohl(saddr), lport);
+ data6.saddr = bpf_ntohl(saddr);
+ data6.daddr = bpf_ntohl(daddr);
+ data6.lport = lport;
+ bpf_get_current_comm(&data6.task, sizeof(data6.task));
+ ipv6_events.perf_submit(ctx, &data6, sizeof(data6));
}
// else drop
@@ -99,6 +133,48 @@
if debug:
print(bpf_text)
+# event data
+TASK_COMM_LEN = 16 # linux/sched.h
+class Data_ipv4(ct.Structure):
+ _fields_ = [
+ ("ts_us", ct.c_ulonglong),
+ ("pid", ct.c_ulonglong),
+ ("ip", ct.c_ulonglong),
+ ("saddr", ct.c_ulonglong),
+ ("daddr", ct.c_ulonglong),
+ ("lport", ct.c_ulonglong),
+ ("task", ct.c_char * TASK_COMM_LEN)
+ ]
+class Data_ipv6(ct.Structure):
+ _fields_ = [
+ ("ts_us", ct.c_ulonglong),
+ ("pid", ct.c_ulonglong),
+ ("ip", ct.c_ulonglong),
+ ("saddr", ct.c_ulonglong),
+ ("daddr", ct.c_ulonglong),
+ ("lport", ct.c_ulonglong),
+ ("task", ct.c_char * TASK_COMM_LEN)
+ ]
+
+# process event
+def print_ipv4_event(cpu, data, size):
+ event = ct.cast(data, ct.POINTER(Data_ipv4)).contents
+ if args.timestamp:
+ if start_ts == 0:
+ start_ts = event.ts_us
+ print("%-9.3f" % ((event.ts_us - start_ts) / 100000), end="")
+ print("%-6d %-12.12s %-2d %-16s %-16s %-4d" % (event.pid, event.task,
+ event.ip, inet_ntoa(event.daddr), inet_ntoa(event.saddr),
+ event.lport))
+def print_ipv6_event(cpu, data, size):
+ event = ct.cast(data, ct.POINTER(Data_ipv6)).contents
+ if args.timestamp:
+ if start_ts == 0:
+ start_ts = event.ts_us
+ print("%-9.3f" % ((event.ts_us - start_ts) / 100000), end="")
+ print("%-6d %-12.12s %-2d ...%-13x ...%-13x %-4d" % (event.pid,
+ event.task, event.ip, event.daddr, event.saddr, event.lport))
+
# initialize BPF
b = BPF(text=bpf_text)
@@ -119,16 +195,8 @@
addr = addr >> 8
return dq
-# format output
+# read events
+b["ipv4_events"].open_perf_buffer(print_ipv4_event)
+b["ipv6_events"].open_perf_buffer(print_ipv6_event)
while 1:
- (task, pid, cpu, flags, ts, msg) = b.trace_fields()
- (ip_s, raddr_hs, laddr_hs, lport_s) = msg.split(" ")
-
- if args.timestamp:
- if start_ts == 0:
- start_ts = ts
- print("%-9.3f" % (ts - start_ts), end="")
- print("%-6d %-12.12s %-2s %-16s %-16s %-4s" % (pid, task, ip_s,
- inet_ntoa(int(raddr_hs, 16)) if ip_s == "4" else "..." + raddr_hs,
- inet_ntoa(int(laddr_hs, 16)) if ip_s == "4" else "..." + laddr_hs,
- lport_s))
+ b.kprobe_poll()
diff --git a/tools/tcpconnect.py b/tools/tcpconnect.py
index 2fb5307..5a46197 100755
--- a/tools/tcpconnect.py
+++ b/tools/tcpconnect.py
@@ -8,14 +8,23 @@
#
# All connection attempts are traced, even if they ultimately fail.
#
+# This uses dynamic tracing of kernel functions, and will need to be updated
+# to match kernel changes.
+#
+# IPv4 addresses are printed as dotted quads. For IPv6 addresses, the last four
+# bytes are printed after "..."; check for future versions with better IPv6
+# support.
+#
# Copyright (c) 2015 Brendan Gregg.
# Licensed under the Apache License, Version 2.0 (the "License")
#
# 25-Sep-2015 Brendan Gregg Created this.
+# 14-Feb-2016 " " Switch to bpf_perf_output.
from __future__ import print_function
from bcc import BPF
import argparse
+import ctypes as ct
# arguments
examples = """examples:
@@ -42,6 +51,31 @@
BPF_HASH(currsock, u32, struct sock *);
+// separate data structs for ipv4 and ipv6
+struct ipv4_data_t {
+ // XXX: switch some to u32's when supported
+ u64 ts_us;
+ u64 pid;
+ u64 ip;
+ u64 saddr;
+ u64 daddr;
+ u64 dport;
+ char task[TASK_COMM_LEN];
+};
+BPF_PERF_OUTPUT(ipv4_events);
+
+struct ipv6_data_t {
+ // XXX: update to transfer full ipv6 addrs
+ u64 ts_us;
+ u64 pid;
+ u64 ip;
+ u64 saddr;
+ u64 daddr;
+ u64 dport;
+ char task[TASK_COMM_LEN];
+};
+BPF_PERF_OUTPUT(ipv6_events);
+
int trace_connect_entry(struct pt_regs *ctx, struct sock *sk)
{
u32 pid = bpf_get_current_pid_tgid();
@@ -73,27 +107,34 @@
// pull in details
struct sock *skp = *skpp;
- u32 saddr = 0, daddr = 0;
u16 dport = 0;
bpf_probe_read(&dport, sizeof(dport), &skp->__sk_common.skc_dport);
- if (ipver == 4) {
- bpf_probe_read(&saddr, sizeof(saddr),
- &skp->__sk_common.skc_rcv_saddr);
- bpf_probe_read(&daddr, sizeof(daddr),
- &skp->__sk_common.skc_daddr);
- // output
- bpf_trace_printk("4 %x %x %d\\n", saddr, daddr, ntohs(dport));
+ if (ipver == 4) {
+ struct ipv4_data_t data4 = {.pid = pid, .ip = ipver};
+ data4.ts_us = bpf_ktime_get_ns() / 1000;
+ bpf_probe_read(&data4.saddr, sizeof(u32),
+ &skp->__sk_common.skc_rcv_saddr);
+ bpf_probe_read(&data4.daddr, sizeof(u32),
+ &skp->__sk_common.skc_daddr);
+ data4.dport = ntohs(dport);
+ bpf_get_current_comm(&data4.task, sizeof(data4.task));
+ ipv4_events.perf_submit(ctx, &data4, sizeof(data4));
+
} else /* 6 */ {
+ struct ipv6_data_t data6 = {.pid = pid, .ip = ipver};
+ data6.ts_us = bpf_ktime_get_ns() / 1000;
// just grab the last 4 bytes for now
+ u32 saddr = 0, daddr = 0;
bpf_probe_read(&saddr, sizeof(saddr),
&skp->__sk_common.skc_v6_rcv_saddr.in6_u.u6_addr32[3]);
bpf_probe_read(&daddr, sizeof(daddr),
&skp->__sk_common.skc_v6_daddr.in6_u.u6_addr32[3]);
-
- // output and flip byte order of addresses
- bpf_trace_printk("6 %x %x %d\\n", bpf_ntohl(saddr),
- bpf_ntohl(daddr), ntohs(dport));
+ data6.saddr = bpf_ntohl(saddr);
+ data6.daddr = bpf_ntohl(daddr);
+ data6.dport = ntohs(dport);
+ bpf_get_current_comm(&data6.task, sizeof(data6.task));
+ ipv6_events.perf_submit(ctx, &data6, sizeof(data6));
}
currsock.delete(&pid);
@@ -121,6 +162,48 @@
if debug:
print(bpf_text)
+# event data
+TASK_COMM_LEN = 16 # linux/sched.h
+class Data_ipv4(ct.Structure):
+ _fields_ = [
+ ("ts_us", ct.c_ulonglong),
+ ("pid", ct.c_ulonglong),
+ ("ip", ct.c_ulonglong),
+ ("saddr", ct.c_ulonglong),
+ ("daddr", ct.c_ulonglong),
+ ("dport", ct.c_ulonglong),
+ ("task", ct.c_char * TASK_COMM_LEN)
+ ]
+class Data_ipv6(ct.Structure):
+ _fields_ = [
+ ("ts_us", ct.c_ulonglong),
+ ("pid", ct.c_ulonglong),
+ ("ip", ct.c_ulonglong),
+ ("saddr", ct.c_ulonglong),
+ ("daddr", ct.c_ulonglong),
+ ("dport", ct.c_ulonglong),
+ ("task", ct.c_char * TASK_COMM_LEN)
+ ]
+
+# process event
+def print_ipv4_event(cpu, data, size):
+ event = ct.cast(data, ct.POINTER(Data_ipv4)).contents
+ if args.timestamp:
+ if start_ts == 0:
+ start_ts = event.ts_us
+ print("%-9.3f" % ((event.ts_us - start_ts) / 100000), end="")
+ print("%-6d %-12.12s %-2d %-16s %-16s %-4d" % (event.pid, event.task,
+ event.ip, inet_ntoa(event.saddr), inet_ntoa(event.daddr),
+ event.dport))
+def print_ipv6_event(cpu, data, size):
+ event = ct.cast(data, ct.POINTER(Data_ipv6)).contents
+ if args.timestamp:
+ if start_ts == 0:
+ start_ts = event.ts_us
+ print("%-9.3f" % ((event.ts_us - start_ts) / 100000), end="")
+ print("%-6d %-12.12s %-2d ...%-13x ...%-13x %-4d" % (event.pid,
+ event.task, event.ip, event.saddr, event.daddr, event.dport))
+
# initialize BPF
b = BPF(text=bpf_text)
b.attach_kprobe(event="tcp_v4_connect", fn_name="trace_connect_entry")
@@ -145,16 +228,8 @@
addr = addr >> 8
return dq
-# format output
+# read events
+b["ipv4_events"].open_perf_buffer(print_ipv4_event)
+b["ipv6_events"].open_perf_buffer(print_ipv6_event)
while 1:
- (task, pid, cpu, flags, ts, msg) = b.trace_fields()
- (ip_s, saddr_hs, daddr_hs, dport_s) = msg.split(" ")
-
- if args.timestamp:
- if start_ts == 0:
- start_ts = ts
- print("%-9.3f" % (ts - start_ts), end="")
- print("%-6d %-12.12s %-2s %-16s %-16s %-4s" % (pid, task, ip_s,
- inet_ntoa(int(saddr_hs, 16)) if ip_s == "4" else "..." + saddr_hs,
- inet_ntoa(int(daddr_hs, 16)) if ip_s == "4" else "..." + daddr_hs,
- dport_s))
+ b.kprobe_poll()