commit fd73745c87c7082f293bd7b95f97825c2480ea4c
author Xiaozhou Liu <liuxiaozhou@bytedance.com> Wed Apr 10 23:35:16 2019 +0800
committer yonghong-song <ys114321@gmail.com> Wed Apr 10 08:35:16 2019 -0700
tree 8fcfa6e553d85a2a98f11f9a50a17071192fac4b
parent eea9e1e42d3b3b1c4cf33556c5a95f153bc59753

tcpaccept: remove sock:inet_sock_set_state tracepoint code (#2305)

Fixes #2304.

On Linux 4.16 and later, sock:inet_sock_set_state tracepoint was
used for efficency, but it may output wrong PIDs. This is because
sock:inet_sock_set_state may run outside of process context.
Hence, we stick to kprobes until we find a proper solution.

tools/tcpaccept.py

diff --git a/tools/tcpaccept.py b/tools/tcpaccept.py
index e08a08e..70202dd 100755
--- a/tools/tcpaccept.py
+++ b/tools/tcpaccept.py
@@ -80,10 +80,11 @@
 """
 
 #
-# The following is the code for older kernels(Linux pre-4.16).
-# It uses kprobes to instrument inet_csk_accept(). On Linux 4.16 and
-# later, the sock:inet_sock_set_state tracepoint should be used instead, as
-# is done by the code that follows this. 
+# The following code uses kprobes to instrument inet_csk_accept().
+# On Linux 4.16 and later, we could use sock:inet_sock_set_state
+# tracepoint for efficency, but it may output wrong PIDs. This is
+# because sock:inet_sock_set_state may run outside of process context.
+# Hence, we stick to kprobes until we find a proper solution.
 #
 bpf_text_kprobe = """
 int kretprobe__inet_csk_accept(struct pt_regs *ctx)
@@ -170,55 +171,7 @@
 }
 """
 
-bpf_text_tracepoint = """
-TRACEPOINT_PROBE(sock, inet_sock_set_state)
-{
-    if (args->protocol != IPPROTO_TCP)
-        return 0;
-    if (args->oldstate != TCP_SYN_RECV || args->newstate != TCP_ESTABLISHED)
-        return 0;
-    u32 pid = bpf_get_current_pid_tgid() >> 32;
-
-    ##FILTER_PID##
-
-    // pull in details
-    u16 family = 0, lport = 0, dport;
-    family = args->family;
-    lport = args->sport;
-    dport = args->dport;
-
-    ##FILTER_PORT##
-
-    if (family == AF_INET) {
-        struct ipv4_data_t data4 = {.pid = pid, .ip = 4};
-        data4.ts_us = bpf_ktime_get_ns() / 1000;
-        __builtin_memcpy(&data4.saddr, args->saddr, sizeof(data4.saddr));
-        __builtin_memcpy(&data4.daddr, args->daddr, sizeof(data4.daddr));
-        data4.lport = lport;
-        data4.dport = dport;
-        bpf_get_current_comm(&data4.task, sizeof(data4.task));
-        ipv4_events.perf_submit(args, &data4, sizeof(data4));
-    } else if (family == AF_INET6) {
-        struct ipv6_data_t data6 = {.pid = pid, .ip = 6};
-        data6.ts_us = bpf_ktime_get_ns() / 1000;
-        __builtin_memcpy(&data6.saddr, args->saddr, sizeof(data6.saddr));
-        __builtin_memcpy(&data6.daddr, args->daddr, sizeof(data6.daddr));
-        data6.lport = lport;
-        data6.dport = dport;
-        bpf_get_current_comm(&data6.task, sizeof(data6.task));
-        ipv6_events.perf_submit(args, &data6, sizeof(data6));
-    }
-    // else drop
-
-    return 0;
-}
-"""
-
-if (BPF.tracepoint_exists("sock", "inet_sock_set_state")):
-    bpf_text += bpf_text_tracepoint
-else:
-    bpf_text += bpf_text_kprobe
-
+bpf_text += bpf_text_kprobe
 
 # code substitutions
 if args.pid: