Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / bcc / refs/tags/rel/13/fp3/6.A.023.1 / . / examples / tracing / tcpv4connect.py
blob: 40963cfdd61046599e90ea9357c71de7c5f1ad1a [file] [log] [blame]
Alexey Ivanovcc01a9c2019-01-16 09:50:46 -0800[diff] [blame]1#!/usr/bin/python
Brendan Gregg870b1cd2015-09-25 17:01:17 -0700[diff] [blame]2#
3# tcpv4connect Trace TCP IPv4 connect()s.
4# For Linux, uses BCC, eBPF. Embedded C.
5#
6# USAGE: tcpv4connect [-h] [-t] [-p PID]
7#
Brendan Greggf06d3b42015-10-15 17:21:32 -0700[diff] [blame]8# This is provided as a basic example of TCP connection & socket tracing.
9#
10# All IPv4 connection attempts are traced, even if they ultimately fail.
11#
Brendan Gregg870b1cd2015-09-25 17:01:17 -0700[diff] [blame]12# Copyright (c) 2015 Brendan Gregg.
13# Licensed under the Apache License, Version 2.0 (the "License")
14#
Brendan Greggf06d3b42015-10-15 17:21:32 -0700[diff] [blame]15# 15-Oct-2015 Brendan Gregg Created this.
Brendan Gregg870b1cd2015-09-25 17:01:17 -0700[diff] [blame]16
17from __future__ import print_function
18from bcc import BPF
Gary Linbb65bea2019-02-27 16:52:35 +0800[diff] [blame]19from bcc.utils import printb
Brendan Gregg870b1cd2015-09-25 17:01:17 -0700[diff] [blame]20
21# define BPF program
22bpf_text = """
23#include <uapi/linux/ptrace.h>
24#include <net/sock.h>
25#include <bcc/proto.h>
26
27BPF_HASH(currsock, u32, struct sock *);
28
29int kprobe__tcp_v4_connect(struct pt_regs *ctx, struct sock *sk)
30{
31 u32 pid = bpf_get_current_pid_tgid();
Brendan Gregg870b1cd2015-09-25 17:01:17 -0700[diff] [blame]32
33 // stash the sock ptr for lookup on return
34 currsock.update(&pid, &sk);
35
36 return 0;
37};
38
39int kretprobe__tcp_v4_connect(struct pt_regs *ctx)
40{
Naveen N. Rao4afa96a2016-05-03 14:54:21 +0530[diff] [blame]41 int ret = PT_REGS_RC(ctx);
Brendan Gregg870b1cd2015-09-25 17:01:17 -0700[diff] [blame]42 u32 pid = bpf_get_current_pid_tgid();
43
44 struct sock **skpp;
45 skpp = currsock.lookup(&pid);
46 if (skpp == 0) {
47 return 0; // missed entry
48 }
49
Yonghong Song366eb2e2015-10-07 08:59:42 -0700[diff] [blame]50 if (ret != 0) {
Brendan Greggf06d3b42015-10-15 17:21:32 -0700[diff] [blame]51 // failed to send SYNC packet, may not have populated
52 // socket __sk_common.{skc_rcv_saddr, ...}
Yonghong Song366eb2e2015-10-07 08:59:42 -0700[diff] [blame]53 currsock.delete(&pid);
54 return 0;
55 }
56
Brendan Gregg870b1cd2015-09-25 17:01:17 -0700[diff] [blame]57 // pull in details
58 struct sock *skp = *skpp;
Paul Chaignoneae0acf2017-08-05 23:04:41 +0200[diff] [blame]59 u32 saddr = skp->__sk_common.skc_rcv_saddr;
60 u32 daddr = skp->__sk_common.skc_daddr;
61 u16 dport = skp->__sk_common.skc_dport;
Brendan Gregg870b1cd2015-09-25 17:01:17 -0700[diff] [blame]62
63 // output
Jean-Tiare Le Bigotd0764aa2016-02-21 23:45:29 +0100[diff] [blame]64 bpf_trace_printk("trace_tcp4connect %x %x %d\\n", saddr, daddr, ntohs(dport));
Brendan Gregg870b1cd2015-09-25 17:01:17 -0700[diff] [blame]65
66 currsock.delete(&pid);
67
68 return 0;
69}
70"""
71
Brendan Gregg870b1cd2015-09-25 17:01:17 -0700[diff] [blame]72# initialize BPF
73b = BPF(text=bpf_text)
74
75# header
Brendan Gregg870b1cd2015-09-25 17:01:17 -0700[diff] [blame]76print("%-6s %-12s %-16s %-16s %-4s" % ("PID", "COMM", "SADDR", "DADDR",
77 "DPORT"))
78
Brendan Gregg870b1cd2015-09-25 17:01:17 -0700[diff] [blame]79def inet_ntoa(addr):
Gary Linbb65bea2019-02-27 16:52:35 +0800[diff] [blame]80 dq = b''
Brendan Gregg870b1cd2015-09-25 17:01:17 -0700[diff] [blame]81 for i in range(0, 4):
Gary Linbb65bea2019-02-27 16:52:35 +0800[diff] [blame]82 dq = dq + str(addr & 0xff).encode()
Brendan Gregg870b1cd2015-09-25 17:01:17 -0700[diff] [blame]83 if (i != 3):
Gary Linbb65bea2019-02-27 16:52:35 +0800[diff] [blame]84 dq = dq + b'.'
Brendan Gregg870b1cd2015-09-25 17:01:17 -0700[diff] [blame]85 addr = addr >> 8
86 return dq
87
Jean-Tiare Le Bigotd0764aa2016-02-21 23:45:29 +0100[diff] [blame]88# filter and format output
Brendan Gregg870b1cd2015-09-25 17:01:17 -0700[diff] [blame]89while 1:
Iago López Galeiras5bd242c2016-09-08 16:45:11 +0200[diff] [blame]90 # Read messages from kernel pipe
91 try:
92 (task, pid, cpu, flags, ts, msg) = b.trace_fields()
Gary Linbb65bea2019-02-27 16:52:35 +0800[diff] [blame]93 (_tag, saddr_hs, daddr_hs, dport_s) = msg.split(b" ")
Iago López Galeiras5bd242c2016-09-08 16:45:11 +0200[diff] [blame]94 except ValueError:
95 # Ignore messages from other tracers
96 continue
Gary Lin593339d2019-02-27 16:54:44 +0800[diff] [blame]97 except KeyboardInterrupt:
98 exit()
Jean-Tiare Le Bigotd0764aa2016-02-21 23:45:29 +0100[diff] [blame]99
Iago López Galeiras5bd242c2016-09-08 16:45:11 +0200[diff] [blame]100 # Ignore messages from other tracers
Zdravko Bozakovd3ceae02021-09-28 22:45:17 +0200[diff] [blame]101 if _tag.decode() != "trace_tcp4connect":
Iago López Galeiras5bd242c2016-09-08 16:45:11 +0200[diff] [blame]102 continue
Brendan Gregg870b1cd2015-09-25 17:01:17 -0700[diff] [blame]103
Gary Linbb65bea2019-02-27 16:52:35 +0800[diff] [blame]104 printb(b"%-6d %-12.12s %-16s %-16s %-4s" % (pid, task,
Brendan Gregg870b1cd2015-09-25 17:01:17 -0700[diff] [blame]105 inet_ntoa(int(saddr_hs, 16)),
106 inet_ntoa(int(daddr_hs, 16)),
107 dport_s))