Feature #TASK_QT-21111 【私有发版】更新最新的文件。

Makefile2

@@ -17,12 +17,12 @@ build:
 	CGO_ENABLED=1 go build -gcflags="all=-N -l" -buildvcs=false -o euspace
 c:
 	#docker exec -it 9d928d96d4d0 sh -c 'cd /opt/github/euspace/ebpftracer && sh build.sh${PARAMS}'
-	docker exec -it 432002584cbf sh -c 'cd /opt/github/euspace/ebpftracer && make all ${PARAMS}'
+	docker exec -it 889965bb1d4a sh -c 'cd /opt/github/euspace/ebpftracer && make all ${PARAMS}'
 c-build: c
 
 go-build:
 	#ssh [email protected] 'export https_proxy=http://10.0.22.50:4780 && source ~/.g/env && cd /opt/github/euspace && make -f Makefile2 build'
-	docker exec -it 432002584cbf bash -c 'cd /opt/github/euspace && source ~/.g/env && make -f Makefile2 build'
+	docker exec -it 889965bb1d4a bash -c 'cd /opt/github/euspace && source ~/.g/env && make -f Makefile2 build'
 go: go-build
 
 run:

containers/container.go

@@ -154,6 +154,20 @@ type ConnectionStats struct {
 	NewReadTime      uint64
 }
 
+type ProcessOffCPUTime struct {
+	OffCpuTime          uint64
+	OffNetTime          uint64
+	OffEpollTime        uint64
+	OffFileTime         uint64
+	OffFutexTime        uint64
+	OffMemTime          uint64
+	OffMemmapTime       uint64
+	OffMmapTime         uint64
+	RunqTime            uint64
+	CPUOnTime           uint64
+	Url 				string
+}
+
 type AcceptStats struct {
 	BytesSent     uint64
 	BytesReceived uint64
@@ -190,6 +204,8 @@ type Container struct {
 	acceptsActive     map[AddrPair]*ActiveAccept
 	acceptsByPidFd    map[PidFd]*ActiveAccept
 
+	offCpuTimeInfo	  map[uint64]*ProcessOffCPUTime
+
 	l7Stats  L7Stats
 	dnsStats *L7Metrics
 
@@ -701,6 +717,26 @@ func (c *Container) onAcceptOpen(pid uint32, fd uint64, src, dst netaddr.IPPort,
 	c.acceptLastAttempt[dst] = time.Now()
 }
 
+func (c *Container) onOffCPUTime(offcputime *l7.OffCPUData) {
+	p := c.processes[offcputime.Pid]
+	if p == nil {
+		return
+	}
+	processoffcputime := &ProcessOffCPUTime{
+		OffCpuTime:		offcputime.OffCpuTime,          
+		OffNetTime:		offcputime.OffNetTime,          
+		OffEpollTime:	offcputime.OffEpollTime,        
+		OffFileTime:	offcputime.OffFileTime,         
+		OffFutexTime:	offcputime.OffFutexTime,        
+		OffMemTime:		offcputime.OffMemTime,          
+		OffMemmapTime:	offcputime.OffMemmapTime,       
+		OffMmapTime:	offcputime.OffMmapTime,         
+		RunqTime:		offcputime.RunqTime,            
+		CPUOnTime:		offcputime.CPUOnTime,           
+	}
+	c.offCpuTimeInfo[offcputime.TraceID] = processoffcputime
+}
+
 func (c *Container) onConnectionOpen(pid uint32, fd uint64, src, dst netaddr.IPPort, timestamp uint64, failed bool, duration time.Duration) {
 	if common.PortFilter.ShouldBeSkipped(dst.Port()) {
 		return

containers/registry.go

@@ -455,6 +455,18 @@ func (r *Registry) handleEvents(ch <-chan ebpftracer.Event) {
 					}
 					r.ip2fqdnLock.Unlock()
 				}
+			case ebpftracer.EventTypeOffCpuTIme:
+
+				//fmt.Println("e.L7Request Payload:", string(e.L7Request.Payload))
+				if e.OffCPU == nil {
+					continue
+				}
+
+				if c := r.getOrCreateContainer(e.Pid); c != nil {
+					c.onOffCPUTime(e.OffCPU)
+				} else {
+					klog.Infoln("EventTypeOffCpuTIme from unknown container", e)
+				}
 			case ebpftracer.EventTypeFunEnt:
 				if e.StackEvent == nil {
 					continue

ebpftracer/ebpf/ebpf.c

@@ -51,10 +51,10 @@
 #include "tcp/state.c"
 #include "tcp/retransmit.c"
 //#include "l7/uprobe_base_bpf.c"
+#include "sys_cpu/offcpu.c"
 #include "l7/l7.c"
 //#include "l7/gotls.c"
 //#include "l7/openssl.c"
-#include "sys_cpu/offcpu.c"
 #include "utrace/go/net/server.probe.bpf.c"
 #include "utrace/go/net/client.probe.bpf.c"
 #include "utrace/go/net/stack.probe.bpf.c"

ebpftracer/ebpf/l7/apm_trace.c

@@ -83,7 +83,7 @@ struct apm_trace_key_t get_apm_trace_key(__u64 timeout, bool is_socket_io) {
 	// 解决4.x问题
 	struct pid_of_connection_ptr_key_t *e = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &key.tgid);
 	if (e) {
-		cw_bpf_debug("[Go] [uprobeThread/get_apm_trace_key]getget: rdi_ptr::pid:%d, %llx\n", key.tgid, e->connection_ptr);
+		// cw_bpf_debug("[Go] [uprobeThread/get_apm_trace_key]getget: rdi_ptr::pid:%d, %llx\n", key.tgid, e->connection_ptr);
 		key.connectid = e->connection_ptr;
 	}
 //		} else {
@@ -119,7 +119,7 @@ __u64 get_apm_trace_id(__u32 pid, __u32 tid) {
 
 	struct apm_trace_info_t *trace_info = bpf_map_lookup_elem(&trace_info_heap, &trace_key);
 	if (trace_info) {
-		cw_bpf_debug("info_trace_id:%llu", trace_info->trace_id);
+		// cw_bpf_debug("info_trace_id:%llu", trace_info->trace_id);
 		return trace_info->trace_id;
 	}
 	return 0;
@@ -263,7 +263,7 @@ __u64 get_fd_trace_id(__u32 pid, __u32 fd) {
 	struct fd_trace_key_t trace_key = get_fd_trace_key(pid, fd);
 	struct apm_trace_info_t *trace_info = bpf_map_lookup_elem(&fd_trace_info_heap, &trace_key);
 	if (trace_info) {
-		cw_bpf_debug("fd_trace_id:%llu", trace_info->trace_id);
+		// cw_bpf_debug("fd_trace_id:%llu", trace_info->trace_id);
 		return trace_info->trace_id;
 	}
 	return 0;
@@ -285,7 +285,7 @@ void cw_save_parent_tracking_span(struct apm_span_context *sc) {
 	long err = 0;
 	err = bpf_map_update_elem(&apm_parent_span_context_map, &trace_key, sc, BPF_ANY);
 	if (err != 0) {
-		cw_bpf_debug("Failed to update tracked_spans map: %ld", err);
+		// cw_bpf_debug("Failed to update tracked_spans map: %ld", err);
 		return;
 	}
 }

ebpftracer/ebpf/l7/l7.c

@@ -404,7 +404,7 @@ int trace_enter_write(void *ctx, __u64 fd, __u16 is_tls, char *buf, __u64 size,
         //处理http请求之前，确认进程信息是否存在
         struct ebpf_proc_info *proc_info = bpf_map_lookup_elem(&proc_info_map, &pid);
         if (!proc_info) {
-            cw_bpf_debug("[Trace End in l7][Response][HTTP]:no proc info. pid:%d \n",k.pid);
+            // cw_bpf_debug("[Trace End in l7][Response][HTTP]:no proc info. pid:%d \n",k.pid);
             return 0;
         }
 
@@ -414,9 +414,9 @@ int trace_enter_write(void *ctx, __u64 fd, __u16 is_tls, char *buf, __u64 size,
 		}
         __u64 trace_id = start_trace_info->trace_id;
 	    __u32 event_count = cw_get_event_count(trace_id);
-        cw_bpf_debug("[uprobeThread/pidpidpidpid][Trace End in l7][HTTP]pid:[%d]--[%lld]", tid, bpf_ktime_get_ns());
-	    cw_bpf_debug("[Trace End in l7][Response][HTTP] event_count:%d", event_count);
-	    cw_bpf_debug("[Trace End in l7][Response][HTTP] pid:%d,fd:%d,trace_id:%llu", tid, fd, trace_id);
+        // cw_bpf_debug("[uprobeThread/pidpidpidpid][Trace End in l7][HTTP]pid:[%d]--[%lld]", tid, bpf_ktime_get_ns());
+	    // cw_bpf_debug("[Trace End in l7][Response][HTTP] event_count:%d", event_count);
+	    // cw_bpf_debug("[Trace End in l7][Response][HTTP] pid:%d,fd:%d,trace_id:%llu", tid, fd, trace_id);
 
         // 发送事件到用户空间 start
         struct l7_event *e = bpf_map_lookup_elem(&l7_event_heap, &zero);
@@ -443,7 +443,7 @@ int trace_enter_write(void *ctx, __u64 fd, __u16 is_tls, char *buf, __u64 size,
             return 0;
         }
 	    e->start_at = req->ns;
-	    cw_bpf_debug("req->ns:%llu",req->ns);
+	    // cw_bpf_debug("req->ns:%llu",req->ns);
 	    e->end_at = bpf_ktime_get_ns();
         e->duration = e->end_at - e->start_at;
 //        cw_bpf_debug("[Response][HTTP]:duration->ns:%d\n",e->duration);
@@ -458,6 +458,7 @@ int trace_enter_write(void *ctx, __u64 fd, __u16 is_tls, char *buf, __u64 size,
         e->payload_size = size;
         e->event_count = event_count;
         COPY_PAYLOAD(e->payload, size, payload);
+        
         bpf_map_delete_elem(&active_l7_requests, &k);
 		// 清除事件计数
 	    bpf_map_delete_elem(&trace_event_count_heap, &trace_id);
@@ -465,21 +466,52 @@ int trace_enter_write(void *ctx, __u64 fd, __u16 is_tls, char *buf, __u64 size,
 	    clear_parent_span_context_by_trace_key(start_trace_info->trace_key);
 	    // 清除trace信息
 	    cw_clear_trace(pid, tid, fd);
-        cw_bpf_debug("socket accept bytes_sent cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
+        // cw_bpf_debug("socket accept bytes_sent cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
         struct accept_connection *accept_conn = bpf_map_lookup_elem(&active_accepts, &cid);
         if (accept_conn) {
-            cw_bpf_debug("socket accept bytes_sent after cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
-            cw_bpf_debug("rock enter the  accept_conn function cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
+            // cw_bpf_debug("socket accept bytes_sent after cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
+            // cw_bpf_debug("rock enter the  accept_conn function cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
             e->sport = accept_conn->sport;
             e->dport = accept_conn->dport;
             __builtin_memcpy(&e->saddr, &accept_conn->saddr, sizeof(e->saddr));
             __builtin_memcpy(&e->daddr, &accept_conn->daddr, sizeof(e->daddr));
             // __sync_fetch_and_add(&accept_conn->bytes_sent, total_size);
-            cw_bpf_debug("socket sys_exit_accept--- accept_conn daddr=%llu, daddr=%llu\n", e->saddr[10], e->saddr[11]);
-            cw_bpf_debug("socket sys_exit_accept--- accept_conn daddr=%llu, daddr=%llu\n", e->saddr[12], e->saddr[13]);
-            cw_bpf_debug("socket sys_exit_accept--- accept_conn daddr=%llu, daddr=%llu\n", e->saddr[14], e->saddr[15]);
+            // cw_bpf_debug("socket sys_exit_accept--- accept_conn daddr=%llu, daddr=%llu\n", e->saddr[10], e->saddr[11]);
+            // cw_bpf_debug("socket sys_exit_accept--- accept_conn daddr=%llu, daddr=%llu\n", e->saddr[12], e->saddr[13]);
+            // cw_bpf_debug("socket sys_exit_accept--- accept_conn daddr=%llu, daddr=%llu\n", e->saddr[14], e->saddr[15]);
         }
         bpf_perf_event_output(ctx, &l7_events, BPF_F_CURRENT_CPU, e, sizeof(*e));
+
+        __u64 pid_tgid = bpf_get_current_pid_tgid();
+        // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+        __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+        struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+        if (tidCpuTime) {
+            struct offcpu_event *offcpuEvent = bpf_map_lookup_elem(&offcpu_event_heap, &zero);
+            if(offcpuEvent){
+                offcpuEvent->tid = tidCpuTime->tid;
+                offcpuEvent->pid = tidCpuTime->pid;
+                offcpuEvent->off_CPU_time = tidCpuTime->off_CPU_time;
+                offcpuEvent->off_net_time = tidCpuTime->off_net_time;
+                offcpuEvent->off_epoll_time = tidCpuTime->off_epoll_time;
+                offcpuEvent->off_file_time = tidCpuTime->off_file_time;
+                offcpuEvent->off_futex_time = tidCpuTime->off_futex_time;
+                offcpuEvent->off_mem_time = tidCpuTime->off_mem_time;
+                offcpuEvent->off_memmap_time = tidCpuTime->off_memmap_time;
+                offcpuEvent->off_mmap_time = tidCpuTime->off_mmap_time;
+                offcpuEvent->runq_time = tidCpuTime->runq_time;
+                offcpuEvent->cpu_in_time = tidCpuTime->cpu_in_time;
+                offcpuEvent->trace_id = trace_id;
+                offcpuEvent->payload_size = size;
+                COPY_PAYLOAD(offcpuEvent->payload, size, payload);
+                bpf_perf_event_output(ctx, &offcpu_events, BPF_F_CURRENT_CPU, offcpuEvent, sizeof(*offcpuEvent));
+            }            
+        }
+
+
+        //清除offcpu的统计
+        bpf_map_delete_elem(&active_tids, &tid);
         // 发送事件到用户空间 end
 //        __u64 k_version = load_filter_pid();
 //        cw_bpf_debug("filter_pid:%d", k_version);
@@ -533,8 +565,8 @@ int trace_enter_write(void *ctx, __u64 fd, __u16 is_tls, char *buf, __u64 size,
     }
 
     if (is_http_request(payload)) {
-	    cw_bpf_debug("");
-	    cw_bpf_debug("-----[Kernel HTTP Enter]:pid:[%d]|CURRENT-GOID:[%llu]|FD:[%d]", tid, get_current_goroutine(), k.fd);
+	    // cw_bpf_debug("");
+	    // cw_bpf_debug("-----[Kernel HTTP Enter]:pid:[%d]|CURRENT-GOID:[%llu]|FD:[%d]", tid, get_current_goroutine(), k.fd);
 	    __u8 type =  0;
 	    __u64 trace_id = 0;
 	    struct apm_trace_key_t trace_key = get_apm_trace_key(120 * NS_PER_SEC, true);
@@ -564,7 +596,7 @@ int trace_enter_write(void *ctx, __u64 fd, __u16 is_tls, char *buf, __u64 size,
 //		    }
 		}
 		// 0默认，1
-	    cw_bpf_debug("[Kernel HTTP Enter]req-payload:%s [traceid:%llu][type:%d]",payload,trace_id,type);
+	    // cw_bpf_debug("[Kernel HTTP Enter]req-payload:%s [traceid:%llu][type:%d]",payload,trace_id,type);
 
     } else if (is_postgres_query(payload, size, &req->request_type)) {
 //        if (req->request_type == POSTGRES_FRAME_CLOSE) {
@@ -583,12 +615,12 @@ int trace_enter_write(void *ctx, __u64 fd, __u16 is_tls, char *buf, __u64 size,
 //        }
         req->protocol = PROTOCOL_POSTGRES;
     } else if (is_redis_query(payload, size)) {
-        cw_bpf_debug("[Enter][Redis]:TGID:%d|type:%s|FD:%d\n",k.pid,"type",k.fd);
+        // cw_bpf_debug("[Enter][Redis]:TGID:%d|type:%s|FD:%d\n",k.pid,"type",k.fd);
         req->protocol = PROTOCOL_REDIS;
     } else if (is_memcached_query(payload, size)) {
         req->protocol = PROTOCOL_MEMCACHED;
     } else if (is_mysql_query(payload, size, &req->request_type)) {
-        cw_bpf_debug("[Enter][Mysql]:thread_id:%d\n",tid);
+        // cw_bpf_debug("[Enter][Mysql]:thread_id:%d\n",tid);
         if (req->request_type == MYSQL_COM_STMT_CLOSE) {
 	        return 0;
             struct l7_event *e = bpf_map_lookup_elem(&l7_event_heap, &zero);
@@ -601,7 +633,7 @@ int trace_enter_write(void *ctx, __u64 fd, __u16 is_tls, char *buf, __u64 size,
             e->method = METHOD_STATEMENT_CLOSE;
             e->payload_size = size;
             COPY_PAYLOAD(e->payload, size, payload);
-	        cw_bpf_debug("[Enter][Mysql][Send]:thread_id:%d\n",tid);
+	        // cw_bpf_debug("[Enter][Mysql][Send]:thread_id:%d\n",tid);
             send_event(ctx, e, cid, conn);
             return 0;
         }
@@ -800,7 +832,7 @@ int trace_exit_read(void *ctx, __u64 id, __u32 pid, __u16 is_tls, long int ret)
         //处理http请求之前，确认进程信息是否存在
         struct ebpf_proc_info *proc_info = bpf_map_lookup_elem(&proc_info_map, &pid);
         if (!proc_info) {
-            cw_bpf_debug("[Receive][HTTP]:no proc info. pid:%d",k.pid);
+            // cw_bpf_debug("[Receive][HTTP]:no proc info. pid:%d",k.pid);
             return 0;
         }
 
@@ -857,8 +889,33 @@ int trace_exit_read(void *ctx, __u64 id, __u32 pid, __u16 is_tls, long int ret)
 //	    bpf_map_update_elem(&fd_trace_info_heap, &fd_trace_key, &trace_info, BPF_NOEXIST);
 
         bpf_perf_event_output(ctx, &l7_events, BPF_F_CURRENT_CPU, e, sizeof(*e));
-        cw_bpf_debug("[Receive][HTTP] to user space");
+        // cw_bpf_debug("[Receive][HTTP] to user space");
+        
+        struct trace_tid_cpu_time *trace_cpu_time = bpf_map_lookup_elem(&trace_tid_cpu_time_heap, &zero);
+	    if (!trace_cpu_time) {
+		    return 0;
+	    }
 
+        trace_cpu_time->tid = tid;
+        trace_cpu_time->pid = pid;
+        trace_cpu_time->last_type = 0;
+        trace_cpu_time->off_CPU_time = 0;
+        trace_cpu_time->off_net_time = 0;
+        trace_cpu_time->off_epoll_time = 0;
+        trace_cpu_time->off_file_time = 0;
+        trace_cpu_time->off_futex_time = 0;
+        trace_cpu_time->off_mem_time = 0;
+        trace_cpu_time->off_memmap_time = 0;
+        trace_cpu_time->off_mmap_time = 0;
+        trace_cpu_time->cpu_in_start = 0;
+        trace_cpu_time->cpu_out_start = 0;
+        trace_cpu_time->runq_start = 0;
+        trace_cpu_time->runq_time = 0;
+        trace_cpu_time->cpu_in_time = 0;
+        trace_cpu_time->trace_id = trace_info.trace_id;
+        COPY_PAYLOAD(trace_cpu_time->payload, ret, payload);
+
+        bpf_map_update_elem(&active_tids, &tid, trace_cpu_time, BPF_NOEXIST);
         // 作为服务端统计 bytes_received 使用
         // struct connection *accept_conn = bpf_map_lookup_elem(&active_accepts, &cid);
         // cw_bpf_debug("socket accept bytes_received cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
@@ -868,7 +925,7 @@ int trace_exit_read(void *ctx, __u64 id, __u32 pid, __u16 is_tls, long int ret)
         // }
 
         //bpf_tail_call PROGUP(l7_http_request)
-        cw_bpf_debug("======== PROG_DATA_L7_HTTP_TRACE_ID_UP_IDX ========== __KERNEL_FROM < 512 pid:[%d] ",tid);
+        // cw_bpf_debug("======== PROG_DATA_L7_HTTP_TRACE_ID_UP_IDX ========== __KERNEL_FROM < 512 pid:[%d] ",tid);
         bpf_tail_call(ctx, &NAME(progs_jmp_tp_map), PROG_DATA_L7_HTTP_TRACE_ID_TP_IDX);
          return 0;
     }
@@ -944,7 +1001,7 @@ int trace_exit_read(void *ctx, __u64 id, __u32 pid, __u16 is_tls, long int ret)
 	if (e->protocol == PROTOCOL_HTTP) {
 //		__u64 trace_id = req->trace_id;
 		e->trace_id = req->trace_id;
-        cw_bpf_debug("l7.c addr is --------:%d,%s",conn->sport,conn->saddr);
+        // cw_bpf_debug("l7.c addr is --------:%d,%s",conn->sport,conn->saddr);
         e->component_sport = conn->sport;
         e->component_dport = conn->dport;
         __builtin_memcpy(&e->component_saddr, &conn->saddr, sizeof(e->component_saddr));
@@ -983,10 +1040,10 @@ int trace_exit_read(void *ctx, __u64 id, __u32 pid, __u16 is_tls, long int ret)
 			e->method = METHOD_STATEMENT_PREPARE;
 		}
 	} else if (e->protocol == PROTOCOL_REDIS) {
-		cw_bpf_debug("[Response][Redis]:TGID:%d|type:%s|FD:%d\n", k.pid, "", k.fd);
+		// cw_bpf_debug("[Response][Redis]:TGID:%d|type:%s|FD:%d\n", k.pid, "", k.fd);
 //		__u64 trace_id = get_apm_trace_id(pid, tid);
 //		e->trace_id = req->trace_id;
-		cw_bpf_debug("[Redis] trace_id:%llu", req->trace_id);
+		// cw_bpf_debug("[Redis] trace_id:%llu", req->trace_id);
         e->component_sport = conn->sport;
         e->component_dport = conn->dport;
         __builtin_memcpy(&e->component_saddr, &conn->saddr, sizeof(e->component_saddr));
@@ -995,7 +1052,7 @@ int trace_exit_read(void *ctx, __u64 id, __u32 pid, __u16 is_tls, long int ret)
 	} else if (e->protocol == PROTOCOL_MEMCACHED) {
 		response = is_memcached_response(payload, ret, &e->status);
 	} else if (e->protocol == PROTOCOL_MYSQL) {
-		cw_bpf_debug("[Response][Mysql]:thread_id:%d\n", tid);
+		// cw_bpf_debug("[Response][Mysql]:thread_id:%d\n", tid);
 //		__u64 trace_id = get_apm_trace_id(pid, tid);
 //        cw_bpf_debug("[Mysql] trace_id:%llu", trace_id);
 //		e->trace_id = trace_id;
@@ -1358,7 +1415,7 @@ PROGTP(l7_http_trace_id)(void * ctx){
     }
     // 保存 trace_id 到psc
     cw_save_parent_tracking_span(cw_parent_span_context);
-    cw_bpf_debug("[Trace Start in l7][HTTP] trace_id:[%llu]\n", cw_parent_span_context->trace_id);
+    // cw_bpf_debug("[Trace Start in l7][HTTP] trace_id:[%llu]\n", cw_parent_span_context->trace_id);
     // ---------- 在http请求入口生成 横向串联的trace_id end ----------
     return 0;
 }

ebpftracer/ebpf/sys_cpu/offcpu.c

@@ -1,40 +1,156 @@
 
+struct trace_tid_cpu_time{
+    __u32   tid;
+    __u32   pid;
+    __u8    last_type;
+    __u64   off_CPU_time;
+    __u64   off_net_time;
+    __u64   off_epoll_time;
+    __u64   off_file_time;
+    __u64   off_futex_time;
+    __u64   off_mem_time;
+    __u64   off_memmap_time;
+    __u64   off_mmap_time;
+    __u64   cpu_in_start;
+    __u64   cpu_out_start;
+    __u64   runq_start;
+    __u64   runq_time;
+    __u64   cpu_in_time;
+    __u64   trace_id;
+    __u16   sport;
+    __u64   payload_size;
+    __u8    saddr[16];
+    char    payload[1024];
+};
+
+// go type OffCpuEvent struct && type OffCPUData struct
+struct offcpu_event{
+    __u32   tid;
+    __u32   pid;
+    __u64   off_CPU_time;
+    __u64   off_net_time;
+    __u64   off_epoll_time;
+    __u64   off_file_time;
+    __u64   off_futex_time;
+    __u64   off_mem_time;
+    __u64   off_memmap_time;
+    __u64   off_mmap_time;
+    __u64   runq_time;
+    __u64   cpu_in_time;
+    __u64   trace_id;
+    __u64   payload_size;
+    char    payload[1024];
+};
+
+struct {
+    __uint(type, BPF_MAP_TYPE_LRU_HASH);
+    __uint(key_size, sizeof(__u32));
+    __uint(value_size, sizeof(struct trace_tid_cpu_time));
+    __uint(max_entries, 10240);
+} active_tids SEC(".maps");
+
+struct {
+     __uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
+     __type(key, int);
+     __type(value, struct trace_tid_cpu_time);
+     __uint(max_entries, 1);
+} trace_tid_cpu_time_heap SEC(".maps");
+
+struct {
+     __uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
+     __type(key, int);
+     __type(value, struct offcpu_event);
+     __uint(max_entries, 1);
+} offcpu_event_heap SEC(".maps");
+
+
 struct trace_event_raw_sched_switch {
-    struct trace_entry ent;      // Tracepoint 的通用头部
-    char prev_comm[TASK_COMM_LEN]; // 被切换出的进程名
-    pid_t prev_pid;             // 被切换出的进程PID
-    int prev_prio;              // 被切换出进程的优先级
-    long prev_state;            // 被切换出进程的状态
-    char next_comm[TASK_COMM_LEN]; // 被切换入的进程名
-    pid_t next_pid;             // 被切换入的进程PID
-    int next_prio;              // 被切换入进程的优先级
-    // 可能还有其他字段，取决于内核版本
+    __u16 type;
+    __u8  flag;
+    __u8  preeempt;
+    __u32 c_pid;
+    char prev_comm[16];
+    __u32  prev_pid;
+    __u32 prev_prio;
+    __u64 prev_state;
+    char next_comm[16];
+    __u32  next_pid;
+    __u32 next_prio;
 };
 
+
+struct {
+    __uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
+    __uint(key_size, sizeof(int));
+    __uint(value_size, sizeof(int));
+} offcpu_events SEC(".maps");
+
 SEC("tracepoint/sched/sched_switch")
 int handle_sched_switch(struct trace_event_raw_sched_switch *ctx)
 {
-    // struct sched_switch_event event = {};
-    
-    // event.timestamp = bpf_ktime_get_ns();
-    // event.cpu = bpf_get_smp_processor_id();
-    // event.prev_pid = ctx->prev_pid;
-    // event.next_pid = ctx->next_pid;
-    // event.prev_state = ctx->prev_state;
-    
-    // // 获取进程名
-    // bpf_get_current_comm(event.prev_comm, sizeof(event.prev_comm));
-    // bpf_probe_read_str(event.next_comm, sizeof(event.next_comm), (void *)ctx->next_comm);
-    
-    // // 输出事件
-    // bpf_perf_event_output(ctx, &sched_events, BPF_F_CURRENT_CPU, &event, sizeof(event));
-    
+    // conn->first_write_time = bpf_ktime_get_ns();
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+    __u64 duration = 0;
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+    cw_bpf_debug("sched_switch function find the trace_tid_cpu_time\n");
+    if(ctx->next_pid == tid){
+        //切入 CPU
+        __u64 currentTime = bpf_ktime_get_ns();
+        //runqtime
+        duration = currentTime - tidCpuTime->runq_start;
+        tidCpuTime->runq_time += duration;
+        cw_bpf_debug("sched_switch next_pid duration is %d\n",duration);
+        //记录切入CPU的时间戳，方便后续记录总时间
+        tidCpuTime->cpu_in_start = currentTime;
+        //duration代表 cpu off时间，下面根据 lasttype确定，将时间累加到那个变量内
+        duration = currentTime - tidCpuTime->cpu_out_start;
+        tidCpuTime->off_CPU_time += duration;
+        if(tidCpuTime->last_type == 1){
+            tidCpuTime->off_net_time += duration;
+            cw_bpf_debug("last_type is %d, off_net_time time is %ld\n", tidCpuTime->last_type, tidCpuTime->off_net_time);
+        } else if(tidCpuTime->last_type == 2){
+            tidCpuTime->off_epoll_time += duration;
+            cw_bpf_debug("last_type is %d, off_epoll_time time is %ld\n", tidCpuTime->last_type, tidCpuTime->off_epoll_time);
+        } else if(tidCpuTime->last_type == 3){
+            tidCpuTime->off_file_time += duration;
+            cw_bpf_debug("last_type is %d, off_file_time time is %ld\n", tidCpuTime->last_type, tidCpuTime->off_file_time);
+        } else if(tidCpuTime->last_type == 4){
+            tidCpuTime->off_futex_time += duration;
+            cw_bpf_debug("last_type is %d, off_futex_time time is %ld\n", tidCpuTime->last_type, tidCpuTime->off_futex_time);
+        } else if(tidCpuTime->last_type == 5){
+            tidCpuTime->off_mem_time += duration;
+            cw_bpf_debug("last_type is %d, off_mem_time time is %ld\n", tidCpuTime->last_type, tidCpuTime->off_mem_time);
+        } else if(tidCpuTime->last_type == 6){
+            tidCpuTime->off_memmap_time += duration;
+            cw_bpf_debug("last_type is %d, off_memmap_time time is %ld\n", tidCpuTime->last_type, tidCpuTime->off_memmap_time);
+        }
+
+    }else if(ctx->prev_pid == tid){
+        //切出 CPU
+        //记录CPU切出时间，方便后续记录总时间。
+        tidCpuTime->cpu_out_start = bpf_ktime_get_ns();
+        if(tidCpuTime->cpu_in_start > 0){
+            duration = bpf_ktime_get_ns() - tidCpuTime->cpu_in_start;
+            //cpu_in_time由切出时时间戳减去切入时时间戳所得
+            tidCpuTime->cpu_in_time += duration;
+            cw_bpf_debug("sched_switch prev_pid duration is %d\n",duration);
+        }
+    }
+
+    tidCpuTime->last_type = 1;
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
     return 0;
 }
 
 // 自定义的 sendmsg exit 上下文结构
 struct sys_exit_sendmsg_ctx {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
+    // struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
     // 以下是sendmsg特有的扩展字段
     int fd;                    // 套接字文件描述符
     struct msghdr *msg;        // 消息头指针
@@ -47,33 +163,24 @@ struct sys_exit_sendmsg_ctx {
 SEC("tracepoint/syscalls/sys_exit_sendmsg")
 int handle_sys_exit_sendmsg(struct sys_exit_sendmsg_ctx *ctx)
 {
-    // struct sendmsg_event event = {};
-    // __u64 pid_tgid = bpf_get_current_pid_tgid();
-    
-    // event.timestamp = bpf_ktime_get_ns();
-    // event.pid = pid_tgid >> 32;
-    // event.tid = (__u32)pid_tgid;
-    // event.ret = ctx->ret;
-    
-    // // 如果返回值大于0，表示成功发送的字节数
-    // if (ctx->ret > 0) {
-    //     event.bytes_sent = (__u64)ctx->ret;
-    // } else {
-    //     event.bytes_sent = 0;
-    // }
-    
-    // // 获取进程名
-    // bpf_get_current_comm(event.comm, sizeof(event.comm));
-    
-    // // 输出事件
-    // bpf_perf_event_output(ctx, &sendmsg_events, BPF_F_CURRENT_CPU, &event, sizeof(event));
-    
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 1;
+    // cw_bpf_debug("enter the sys_exit_sendmsg, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
     return 0;
 }
 
 // 自定义的 sendmsg exit 上下文结构
 struct trace_event_raw_sys_exit {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
+    // struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
     // 以下是sendmsg特有的扩展字段
     int fd;                    // 套接字文件描述符
     struct msghdr *msg;        // 消息头指针
@@ -87,112 +194,81 @@ struct trace_event_raw_sys_exit {
 SEC("tracepoint/syscalls/sys_exit_write")
 int handle_sys_exit_write(struct trace_event_raw_sys_exit *ctx)
 {
-
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 1;
+    // cw_bpf_debug("enter the sys_exit_write, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
+    return 0;
 }
 
-// 自定义的 sendmsg exit 上下文结构
-struct trace_event_raw_sys_exit {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
-    // 以下是sendmsg特有的扩展字段
-    int fd;                    // 套接字文件描述符
-    struct msghdr *msg;        // 消息头指针
-    unsigned int flags;        // 发送标志
-    __u32 pid;                  // 进程PID
-    __u32 tid;                  // 线程TID
-    char comm[TASK_COMM_LEN]; // 进程名
-};
-
 // sys_exit_writev tracepoint处理函数
 SEC("tracepoint/syscalls/sys_exit_writev")
 int handle_sys_exit_writev(struct trace_event_raw_sys_exit *ctx)
 {
-    // struct writev_event *event;
-    // struct task_struct *task;
-    // u64 ts = bpf_ktime_get_ns();
-    // u64 id = bpf_get_current_pid_tgid();
-    // u32 tid = (u32)id;
-    
-    // // 分配事件缓冲区
-    // event = bpf_ringbuf_reserve(&events, sizeof(*event), 0);
-    // if (!event) {
-    //     return 0;
-    // }
-
-    // // 获取当前任务结构体
-    // task = (struct task_struct *)bpf_get_current_task();
-
-    // // 从map中获取sys_enter时保存的参数
-    // struct writev_event *enter_event = bpf_map_lookup_elem(&writev_args, &tid);
-    // if (enter_event) {
-    //     event->fd = enter_event->fd;
-    //     event->args[0] = enter_event->args[0];  // fd
-    //     event->args[1] = enter_event->args[1];  // iov
-    //     event->args[2] = enter_event->args[2];  // iovcnt
-    //     event->iovcnt = enter_event->iovcnt;
-    //     bpf_map_delete_elem(&writev_args, &tid);
-    // } else {
-    //     event->fd = 0;
-    //     event->args[0] = 0;
-    //     event->args[1] = 0;
-    //     event->args[2] = 0;
-    //     event->iovcnt = 0;
-    // }
-
-    // // 填充事件数据
-    // event->timestamp = ts;
-    // event->pid = id >> 32;       // PID
-    // event->tid = tid;            // TID
-    // event->retval = ctx->ret;    // 系统调用返回值
-    
-    // // 读取进程名
-    // bpf_probe_read_kernel_str(event->comm, sizeof(event->comm), BPF_CORE_READ(task, comm));
-
-    // // 提交事件到用户空间
-    // bpf_ringbuf_submit(event, 0);
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 1;
+    // cw_bpf_debug("enter the sys_exit_writev, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
     return 0;
 }
 
-// 自定义的 sendmsg exit 上下文结构
-struct trace_event_raw_sys_exit {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
-    // 以下是sendmsg特有的扩展字段
-    int fd;                    // 套接字文件描述符
-    struct msghdr *msg;        // 消息头指针
-    unsigned int flags;        // 发送标志
-    __u32 pid;                  // 进程PID
-    __u32 tid;                  // 线程TID
-    char comm[TASK_COMM_LEN]; // 进程名
-};
-
 // sys_exit_sendmmsg tracepoint处理函数
 SEC("tracepoint/syscalls/sys_exit_sendmmsg")
 int handle_sys_exit_sendmmsg(struct trace_event_raw_sys_exit *ctx)
 {
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 1;
+    // cw_bpf_debug("enter the sys_exit_sendmmsg, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
     return 0;
 }
 
-// 自定义的 sendmsg exit 上下文结构
-struct trace_event_raw_sys_exit {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
-    // 以下是sendmsg特有的扩展字段
-    int fd;                    // 套接字文件描述符
-    struct msghdr *msg;        // 消息头指针
-    unsigned int flags;        // 发送标志
-    __u32 pid;                  // 进程PID
-    __u32 tid;                  // 线程TID
-    char comm[TASK_COMM_LEN]; // 进程名
-};
-
 // sys_exit_sendto tracepoint处理函数
 SEC("tracepoint/syscalls/sys_exit_sendto")
 int handle_sys_exit_sendto(struct trace_event_raw_sys_exit *ctx)
 {
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 1;
+    // cw_bpf_debug("enter the sys_exit_sendto, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
     return 0;
 }
 
 // 自定义的 sendmsg exit 上下文结构
 struct trace_event_raw_sys_enter {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
+    // struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
     // 以下是sendmsg特有的扩展字段
     int fd;                    // 套接字文件描述符
     struct msghdr *msg;        // 消息头指针
@@ -206,376 +282,317 @@ struct trace_event_raw_sys_enter {
 SEC("tracepoint/syscalls/sys_enter_read")
 int handle_sys_enter_read(struct trace_event_raw_sys_enter *ctx)
 {
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 1;
+    // cw_bpf_debug("enter the sys_enter_read, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
     return 0;
 }
 
-// 自定义的 sendmsg exit 上下文结构
-struct trace_event_raw_sys_enter {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
-    // 以下是sendmsg特有的扩展字段
-    int fd;                    // 套接字文件描述符
-    struct msghdr *msg;        // 消息头指针
-    unsigned int flags;        // 发送标志
-    __u32 pid;                  // 进程PID
-    __u32 tid;                  // 线程TID
-    char comm[TASK_COMM_LEN]; // 进程名
-};
-
 SEC("tracepoint/syscalls/sys_enter_readv")
 int handle_sys_enter_readv(struct trace_event_raw_sys_enter *ctx)
 {
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 1;
+    // cw_bpf_debug("enter the sys_enter_readv, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
     return 0; 
 }
 
-// 自定义的 sendmsg exit 上下文结构
-struct trace_event_raw_sys_enter {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
-    // 以下是sendmsg特有的扩展字段
-    int fd;                    // 套接字文件描述符
-    struct msghdr *msg;        // 消息头指针
-    unsigned int flags;        // 发送标志
-    __u32 pid;                  // 进程PID
-    __u32 tid;                  // 线程TID
-    char comm[TASK_COMM_LEN]; // 进程名
-};
-
 SEC("tracepoint/syscalls/sys_enter_recvmsg")
 int handle_sys_enter_recvmsg(struct trace_event_raw_sys_enter *ctx)
 {
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 1;
+    // cw_bpf_debug("enter the sys_enter_recvmsg, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
     return 0;
 }
 
-// 自定义的 sendmsg exit 上下文结构
-struct trace_event_raw_sys_enter {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
-    // 以下是sendmsg特有的扩展字段
-    int fd;                    // 套接字文件描述符
-    struct msghdr *msg;        // 消息头指针
-    unsigned int flags;        // 发送标志
-    __u32 pid;                  // 进程PID
-    __u32 tid;                  // 线程TID
-    char comm[TASK_COMM_LEN]; // 进程名
-};
-
 SEC("tracepoint/syscalls/sys_enter_recvfrom")
 int handle_sys_enter_recvfrom(struct trace_event_raw_sys_enter *ctx)
 {
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 1;
+    // cw_bpf_debug("enter the sys_enter_recvfrom, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
     return 0;
 }
 
 //以上为网络部分监控函数原型
 
-// 自定义的 sendmsg exit 上下文结构
-struct trace_event_raw_sys_enter {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
-    // 以下是sendmsg特有的扩展字段
-    int fd;                    // 套接字文件描述符
-    struct msghdr *msg;        // 消息头指针
-    unsigned int flags;        // 发送标志
-    __u32 pid;                  // 进程PID
-    __u32 tid;                  // 线程TID
-    char comm[TASK_COMM_LEN]; // 进程名
-};
-
 SEC("tracepoint/syscalls/sys_enter_epoll_wait")
 int handle_sys_enter_epoll_wait(struct trace_event_raw_sys_enter *ctx)
 {
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 2;
+    // cw_bpf_debug("enter the sys_enter_epoll_wait, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
     return 0;
 }
 
-// 自定义的 sendmsg exit 上下文结构
-struct trace_event_raw_sys_enter {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
-    // 以下是sendmsg特有的扩展字段
-    int fd;                    // 套接字文件描述符
-    struct msghdr *msg;        // 消息头指针
-    unsigned int flags;        // 发送标志
-    __u32 pid;                  // 进程PID
-    __u32 tid;                  // 线程TID
-    char comm[TASK_COMM_LEN]; // 进程名
-};
-
 SEC("tracepoint/syscalls/sys_enter_epoll_pwait")
 int handle_sys_enter_epoll_pwait(struct trace_event_raw_sys_enter *ctx)
 {
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 2;
+    // cw_bpf_debug("enter the sys_enter_epoll_pwait, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
     return 0;
 }
 
-// 自定义的 sendmsg exit 上下文结构
-struct trace_event_raw_sys_enter {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
-    // 以下是sendmsg特有的扩展字段
-    int fd;                    // 套接字文件描述符
-    struct msghdr *msg;        // 消息头指针
-    unsigned int flags;        // 发送标志
-    __u32 pid;                  // 进程PID
-    __u32 tid;                  // 线程TID
-    char comm[TASK_COMM_LEN]; // 进程名
-};
-
 SEC("tracepoint/syscalls/sys_enter_epoll_pwait2")
 int handle_sys_enter_epoll_pwait2(struct trace_event_raw_sys_enter *ctx)
 {
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 2;
+    // cw_bpf_debug("enter the sys_enter_epoll_pwait2, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
     return 0;
 }
 
 //以上为epoll timewait部分监控函数原型  
 
-// 自定义的 sendmsg exit 上下文结构
-struct trace_event_raw_sys_exit {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
-    // 以下是sendmsg特有的扩展字段
-    int fd;                    // 套接字文件描述符
-    struct msghdr *msg;        // 消息头指针
-    unsigned int flags;        // 发送标志
-    __u32 pid;                  // 进程PID
-    __u32 tid;                  // 线程TID
-    char comm[TASK_COMM_LEN]; // 进程名
-};
-
 SEC("tracepoint/syscalls/sys_exit_futex")
 int handle_sys_exit_futex(struct trace_event_raw_sys_exit *ctx)
 {
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 4;
+    // cw_bpf_debug("enter the sys_exit_futex, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
     return 0;
 }
 
 //以上为futex time
 
-// 自定义的 sendmsg exit 上下文结构
-struct trace_event_raw_sys_enter__stub {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
-    // 以下是sendmsg特有的扩展字段
-    int fd;                    // 套接字文件描述符
-    struct msghdr *msg;        // 消息头指针
-    unsigned int flags;        // 发送标志
-    __u32 pid;                  // 进程PID
-    __u32 tid;                  // 线程TID
-    char comm[TASK_COMM_LEN]; // 进程名
-};
-
 #if defined(__TARGET_ARCH_x86)
 
-SEC("tracepoint/syscalls/sys_enter_open")
-int sys_enter_open(struct trace_event_raw_sys_enter__stub* ctx)
-{
-	return 0;
-}
-
 SEC("tracepoint/syscalls/sys_exit_open")
-int sys_exit_open(struct trace_event_raw_sys_exit__stub* ctx)
+int sys_exit_open_offcpu(struct trace_event_raw_sys_exit__stub* ctx)
 {
-	return 0;
+	__u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 3;
+    // cw_bpf_debug("enter the sys_exit_open, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
+    return 0;
 }
 #endif
 
-// 自定义的 sendmsg exit 上下文结构
-struct trace_event_raw_sys_enter__stub {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
-    // 以下是sendmsg特有的扩展字段
-    int fd;                    // 套接字文件描述符
-    struct msghdr *msg;        // 消息头指针
-    unsigned int flags;        // 发送标志
-    __u32 pid;                  // 进程PID
-    __u32 tid;                  // 线程TID
-    char comm[TASK_COMM_LEN]; // 进程名
-};
-
-SEC("tracepoint/syscalls/sys_enter_openat")
-int sys_enter_openat(struct trace_event_raw_sys_enter__stub* ctx)
-{
-	return 0;
-}
 
-// 自定义的 sendmsg exit 上下文结构
-struct trace_event_raw_sys_exit__stub {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
-    // 以下是sendmsg特有的扩展字段
-    int fd;                    // 套接字文件描述符
-    struct msghdr *msg;        // 消息头指针
-    unsigned int flags;        // 发送标志
-    __u32 pid;                  // 进程PID
-    __u32 tid;                  // 线程TID
-    char comm[TASK_COMM_LEN]; // 进程名
-};
 
 SEC("tracepoint/syscalls/sys_exit_openat")
-int sys_exit_openat(struct trace_event_raw_sys_exit__stub* ctx)
+int sys_exit_openat_offcpu(struct trace_event_raw_sys_exit__stub* ctx)
 {
-	return 0;
+	__u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 3;
+    // cw_bpf_debug("enter the sys_exit_openat, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
+    return 0;
 }
 
-// 自定义的 sendmsg exit 上下文结构
-struct trace_event_raw_sys_exit {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
-    // 以下是sendmsg特有的扩展字段
-    int fd;                    // 套接字文件描述符
-    struct msghdr *msg;        // 消息头指针
-    unsigned int flags;        // 发送标志
-    __u32 pid;                  // 进程PID
-    __u32 tid;                  // 线程TID
-    char comm[TASK_COMM_LEN]; // 进程名
-};
-
 SEC("tracepoint/syscalls/sys_exit_read")
 int handle_sys_exit_read(struct trace_event_raw_sys_exit *ctx)
 {
-    // struct file_event event = {};
-    // // 填充通用事件数据
-    // fill_common_event_fields(&event, ctx);
-    // event.fd = get_syscall_arg(ctx, 0);
-    // event.size = ctx->ret > 0 ? ctx->ret : 0;
-    // event.op = OP_READ;
-    
-    // submit_event(&event);
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 3;
+    // cw_bpf_debug("enter the sys_exit_read, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
     return 0;
 }
 
-// 自定义的 sendmsg exit 上下文结构
-struct trace_event_raw_sys_exit {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
-    // 以下是sendmsg特有的扩展字段
-    int fd;                    // 套接字文件描述符
-    struct msghdr *msg;        // 消息头指针
-    unsigned int flags;        // 发送标志
-    __u32 pid;                  // 进程PID
-    __u32 tid;                  // 线程TID
-    char comm[TASK_COMM_LEN]; // 进程名
-};
-
 SEC("tracepoint/syscalls/sys_exit_write")
-int handle_sys_exit_write(struct trace_event_raw_sys_exit *ctx)
+int handle_sys_exit_write_offcpu(struct trace_event_raw_sys_exit *ctx)
 {
-    // struct file_event event = {};
-    // fill_common_event_fields(&event, ctx);
-    // event.fd = get_syscall_arg(ctx, 0);
-    // event.size = ctx->ret > 0 ? ctx->ret : 0;
-    // event.op = OP_WRITE;
-    
-    // submit_event(&event);
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 1;
+    // cw_bpf_debug("enter the sys_exit_write, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
     return 0;
 }
 
-// 自定义的 sendmsg exit 上下文结构
-struct trace_event_raw_sys_exit {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
-    // 以下是sendmsg特有的扩展字段
-    int fd;                    // 套接字文件描述符
-    struct msghdr *msg;        // 消息头指针
-    unsigned int flags;        // 发送标志
-    __u32 pid;                  // 进程PID
-    __u32 tid;                  // 线程TID
-    char comm[TASK_COMM_LEN]; // 进程名
-};
-
 SEC("tracepoint/syscalls/sys_exit_close")
 int handle_sys_exit_close(struct trace_event_raw_sys_exit *ctx)
 {
-    // struct file_event event = {};
-    // fill_common_event_fields(&event, ctx);
-    // event.fd = get_syscall_arg(ctx, 0);
-    // event.op = OP_CLOSE;
-    
-    // submit_event(&event);
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 3;
+    // cw_bpf_debug("enter the sys_exit_close, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
     return 0;
 }
 
-// 自定义的 sendmsg exit 上下文结构
-struct trace_event_raw_sys_exit {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
-    // 以下是sendmsg特有的扩展字段
-    int fd;                    // 套接字文件描述符
-    struct msghdr *msg;        // 消息头指针
-    unsigned int flags;        // 发送标志
-    __u32 pid;                  // 进程PID
-    __u32 tid;                  // 线程TID
-    char comm[TASK_COMM_LEN]; // 进程名
-};
-
 SEC("tracepoint/syscalls/sys_exit_fsync")
 int handle_sys_exit_fsync(struct trace_event_raw_sys_exit *ctx)
 {
-    // struct file_event event = {};
-    // fill_common_event_fields(&event, ctx);
-    // event.fd = get_syscall_arg(ctx, 0);
-    // event.op = OP_FSYNC;
-    
-    // submit_event(&event);
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 3;
+    // cw_bpf_debug("enter the sys_exit_fsync, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
     return 0;
 }
 
-// 自定义的 sendmsg exit 上下文结构
-struct trace_event_raw_sys_exit {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
-    // 以下是sendmsg特有的扩展字段
-    int fd;                    // 套接字文件描述符
-    struct msghdr *msg;        // 消息头指针
-    unsigned int flags;        // 发送标志
-    __u32 pid;                  // 进程PID
-    __u32 tid;                  // 线程TID
-    char comm[TASK_COMM_LEN]; // 进程名
-};
-
 SEC("tracepoint/syscalls/sys_exit_fdatasync")
 int handle_sys_exit_fdatasync(struct trace_event_raw_sys_exit *ctx)
 {
-    // struct file_event event = {};
-    // fill_common_event_fields(&event, ctx);
-    // event.fd = get_syscall_arg(ctx, 0);
-    // event.op = OP_FDATASYNC;
-    
-    // submit_event(&event);
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 3;
+    // cw_bpf_debug("enter the sys_exit_fdatasync, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
     return 0;
 }
 
-// 自定义的 sendmsg exit 上下文结构
-struct trace_event_raw_sys_exit {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
-    // 以下是sendmsg特有的扩展字段
-    int fd;                    // 套接字文件描述符
-    struct msghdr *msg;        // 消息头指针
-    unsigned int flags;        // 发送标志
-    __u32 pid;                  // 进程PID
-    __u32 tid;                  // 线程TID
-    char comm[TASK_COMM_LEN]; // 进程名
-};
-
 SEC("tracepoint/syscalls/sys_exit_pread64")
 int handle_sys_exit_pread64(struct trace_event_raw_sys_exit *ctx)
 {
-    // struct file_event event = {};
-    // fill_common_event_fields(&event, ctx);
-    // event.fd = get_syscall_arg(ctx, 0);
-    // event.size = ctx->ret > 0 ? ctx->ret : 0;
-    // event.offset = get_syscall_arg(ctx, 3);
-    // event.op = OP_PREAD;
-    
-    // submit_event(&event);
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 3;
+    // cw_bpf_debug("enter the sys_exit_pread64, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
     return 0;
 }
 
-// 自定义的 sendmsg exit 上下文结构
-struct trace_event_raw_sys_exit {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
-    // 以下是sendmsg特有的扩展字段
-    int fd;                    // 套接字文件描述符
-    struct msghdr *msg;        // 消息头指针
-    unsigned int flags;        // 发送标志
-    __u32 pid;                  // 进程PID
-    __u32 tid;                  // 线程TID
-    char comm[TASK_COMM_LEN]; // 进程名
-};
-
 SEC("tracepoint/syscalls/sys_exit_pwrite64")
 int handle_sys_exit_pwrite64(struct trace_event_raw_sys_exit *ctx)
 {
-    // struct file_event event = {};
-    // fill_common_event_fields(&event, ctx);
-    // event.fd = get_syscall_arg(ctx, 0);
-    // event.size = ctx->ret > 0 ? ctx->ret : 0;
-    // event.offset = get_syscall_arg(ctx, 3);
-    // event.op = OP_PWRITE;
-    
-    // submit_event(&event);
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 3;
+    // cw_bpf_debug("enter the sys_exit_pwrite64, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
     return 0;
 }
 
@@ -584,136 +601,125 @@ int handle_sys_exit_pwrite64(struct trace_event_raw_sys_exit *ctx)
 // handle_mm_fault kprobe 监控
 KPROG(handle_mm_fault) (struct pt_regs *ctx)
 {
-    // struct mm_fault_event event = {};
-    // __u64 pid_tgid = bpf_get_current_pid_tgid();
-    
-    // event.timestamp = bpf_ktime_get_ns();
-    // event.pid = pid_tgid >> 32;
-    // event.tid = (__u32)pid_tgid;
-    
-    // // 获取函数参数
-    // struct mm_fault_args args = {};
-    // bpf_probe_read(&args, sizeof(args), (void *)PT_REGS_PARM1(ctx));
-    
-    // event.fault_addr = args.address;
-    // event.fault_flags = args.flags;
-    
-    // // 根据地址和标志判断故障类型
-    // // 这里简化处理，实际可以根据更多信息判断
-    // if (args.address & 0x1000) {  // 简化的大页判断
-    //     event.fault_type = 1;  // major fault
-    // } else {
-    //     event.fault_type = 0;  // minor fault
-    // }
-    
-    // // 获取进程名
-    // bpf_get_current_comm(event.comm, sizeof(event.comm));
-    
-    // // 输出事件
-    // bpf_perf_event_output(ctx, &mm_fault_events, BPF_F_CURRENT_CPU, &event, sizeof(event));
-    
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 5;
+    // cw_bpf_debug("enter the handle_mm_fault, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
     return 0;
 }
 
-// 自定义的 sendmsg exit 上下文结构
-struct trace_event_raw_sys_enter {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
-    // 以下是sendmsg特有的扩展字段
-    int fd;                    // 套接字文件描述符
-    struct msghdr *msg;        // 消息头指针
-    unsigned int flags;        // 发送标志
-    __u32 pid;                  // 进程PID
-    __u32 tid;                  // 线程TID
-    char comm[TASK_COMM_LEN]; // 进程名
-};
-
 SEC("tracepoint/syscalls/sys_enter_mmap")
 int handle_sys_enter_mmap(struct trace_event_raw_sys_enter *ctx)
 {
-    // struct mmap_event event = {};
-    // u64 id = bpf_get_current_pid_tgid();
-    
-    // event.timestamp = bpf_ktime_get_ns();
-    // event.pid = id >> 32;
-    // event.tid = (u32)id;
-    // bpf_get_current_comm(&event.comm, sizeof(event.comm));
-    
-    // event.addr = (void *)ctx->args[0];      // 映射起始地址
-    // event.length = (size_t)ctx->args[1];    // 映射长度
-    // event.prot = (int)ctx->args[2];         // 保护标志
-    // event.flags = (int)ctx->args[3];        // 映射标志
-    // event.fd = (int)ctx->args[4];           // 文件描述符
-    // event.offset = (off_t)ctx->args[5];     // 文件偏移
-    
-    // // 存储参数供exit时使用
-    // bpf_map_update_elem(&mmap_args, &event.tid, &event, BPF_ANY);
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 6;
+    // cw_bpf_debug("enter the sys_enter_mmap, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
     return 0;
 }
 
-// 自定义的 sendmsg exit 上下文结构
-struct trace_event_raw_sys_enter {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
-    // 以下是sendmsg特有的扩展字段
-    int fd;                    // 套接字文件描述符
-    struct msghdr *msg;        // 消息头指针
-    unsigned int flags;        // 发送标志
-    __u32 pid;                  // 进程PID
-    __u32 tid;                  // 线程TID
-    char comm[TASK_COMM_LEN]; // 进程名
-};
-
 SEC("tracepoint/syscalls/sys_enter_munmap")
 int handle_sys_enter_munmap(struct trace_event_raw_sys_enter *ctx)
 {
-    // struct munmap_event event = {};
-    // u64 id = bpf_get_current_pid_tgid();
-    
-    // event.timestamp = bpf_ktime_get_ns();
-    // event.pid = id >> 32;
-    // event.tid = (u32)id;
-    // bpf_get_current_comm(&event.comm, sizeof(event.comm));
-    
-    // event.addr = (void *)ctx->args[0];      // 解除映射的起始地址
-    // event.length = (size_t)ctx->args[1];    // 解除映射的长度
-    
-    // // 存储参数供exit时使用
-    // bpf_map_update_elem(&munmap_args, &event.tid, &event, BPF_ANY);
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 6;
+    // cw_bpf_debug("enter the sys_enter_munmap, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
     return 0;
 }
 
-// 自定义的 sendmsg exit 上下文结构
-struct trace_event_raw_sys_enter {
-    struct trace_event_raw_sys_exit exit_ctx;  // 基础exit结构
-    // 以下是sendmsg特有的扩展字段
-    int fd;                    // 套接字文件描述符
-    struct msghdr *msg;        // 消息头指针
-    unsigned int flags;        // 发送标志
-    
-    __u32 pid;                  // 进程PID
-    __u32 tid;                  // 线程TID
-    char comm[TASK_COMM_LEN]; // 进程名
-};
-
 SEC("tracepoint/syscalls/sys_enter_brk")
 int handle_sys_enter_brk(struct trace_event_raw_sys_enter *ctx)
 {
-    // struct brk_event event = {};
-    // u64 id = bpf_get_current_pid_tgid();
-    
-    // event.timestamp = bpf_ktime_get_ns();
-    // event.pid = id >> 32;
-    // event.tid = (u32)id;
-    // bpf_get_current_comm(&event.comm, sizeof(event.comm));
-    
-    // event.addr = (void *)ctx->args[0];      // 新的program break地址
-    
-    // // 存储参数供exit时使用
-    // bpf_map_update_elem(&brk_args, &event.tid, &event, BPF_ANY);
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+
+    tidCpuTime->last_type = 6;
+    // cw_bpf_debug("enter the sys_enter_brk, last_type is %d\n", tidCpuTime->last_type);
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
     return 0;
 }
 
 
 //以上为mem time
 
+// 定义 tracepoint 参数结构
+struct sched_wakeup_args {
+    __u16 common_type;
+    __u8 common_flags;
+    __u8 common_preempt_count;
+    __u32 common_pid;
+    
+    __u32 pid;
+    __u32 success;
+    __u32 target_cpu;
+};
+
+// eBPF 程序
+SEC("tracepoint/sched/sched_wakeup")
+int trace_sched_wakeup(struct sched_wakeup_args *ctx)
+{
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+    tidCpuTime->runq_start = bpf_ktime_get_ns();
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
+    cw_bpf_debug("enter the sched_wakeup, runq_start is %ld\n", tidCpuTime->runq_start);
+    return 0;
+}
+
+// eBPF 程序
+SEC("tracepoint/sched/sched_wakeup_new")
+int trace_sched_wakeup_new(struct sched_wakeup_args *ctx)
+{
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
+    // __u32 pid = pid_tgid >> 32;  // 提取进程PID
+    __u32 tid = (__u32)pid_tgid;   // 提取线程TID
+
+    struct trace_tid_cpu_time *tidCpuTime = bpf_map_lookup_elem(&active_tids, &tid);
+    if (!tidCpuTime) {
+        return 0;
+    }
+    tidCpuTime->runq_start = bpf_ktime_get_ns();
+    bpf_map_update_elem(&active_tids, &tid, tidCpuTime, BPF_ANY);
+    cw_bpf_debug("enter the sched_wakeup_new, runq_start is %ld\n", tidCpuTime->runq_start);
+    return 0;
+}
+
 
 

ebpftracer/ebpf/tcp/state.c

@@ -125,8 +125,8 @@ int inet_sock_set_state(void *ctx)
     }
     __u64 id = bpf_get_current_pid_tgid();
     __u32 pid = id >> 32;
-    cw_bpf_debug("fucksocket pid=%lld inet_sock_set_state -- args.oldstate=%lld, args.newstate=%lld\n", pid, args.oldstate, args.newstate);
-    cw_bpf_debug("fucksocket pid=%lld inet_sock_set_state -- id=%lld\n", pid, id);
+    // cw_bpf_debug("fucksocket pid=%lld inet_sock_set_state -- args.oldstate=%lld, args.newstate=%lld\n", pid, args.oldstate, args.newstate);
+    // cw_bpf_debug("fucksocket pid=%lld inet_sock_set_state -- id=%lld\n", pid, id);
 
     if (args.oldstate == BPF_TCP_CLOSE && args.newstate == BPF_TCP_SYN_SENT) {
         
@@ -232,7 +232,7 @@ int sys_enter_connect(void *ctx) {
     }
     __u64 id = bpf_get_current_pid_tgid();
     __u64 pid = id >> 32;
-    cw_bpf_debug("fucksocket pid=%lld sys_enter_connect -- id=%lld, fd=%lld\n", pid, id, args.fd);
+    // cw_bpf_debug("fucksocket pid=%lld sys_enter_connect -- id=%lld, fd=%lld\n", pid, id, args.fd);
     bpf_map_update_elem(&fd_by_pid_tgid, &id, &args.fd, BPF_ANY);
     return 0;
 }
@@ -253,7 +253,7 @@ int sys_exit_connect(struct trace_event_raw_sys_exit__stub* ctx) {
         conn.timestamp = bpf_ktime_get_ns();
         conn.first_read_time = 0;
         conn.first_write_time = 0;
-        cw_bpf_debug("fucksocket pid=%lld sys_exit_connect -- id=%lld, fd=%lld\n", cid.pid, id, cid.fd);
+        // cw_bpf_debug("fucksocket pid=%lld sys_exit_connect -- id=%lld, fd=%lld\n", cid.pid, id, cid.fd);
         bpf_map_update_elem(&active_connections, &cid, &conn, BPF_ANY);
     }
     bpf_map_delete_elem(&fd_by_pid_tgid, &id);
@@ -272,14 +272,14 @@ int sys_enter_close(void *ctx) {
     cid.fd = args.fd;
     struct connection *conn = bpf_map_lookup_elem(&active_connections, &cid);
     if (cid.pid == 3269744) {
-        cw_bpf_debug("fucksocket pid=%lld sys_enter_close -- id=%lld, fd=%lld\n", cid.pid, id, cid.fd);
+        // cw_bpf_debug("fucksocket pid=%lld sys_enter_close -- id=%lld, fd=%lld\n", cid.pid, id, cid.fd);
     }
-    cw_bpf_debug("socket accept socket sys_enter_close connection before -- cid.pid=%lld, cid.fd=%lld\n", cid.pid, cid.fd);
+    // cw_bpf_debug("socket accept socket sys_enter_close connection before -- cid.pid=%lld, cid.fd=%lld\n", cid.pid, cid.fd);
     if (conn) {
         if (cid.pid == 3269744) {
-            cw_bpf_debug("fucksocket pid=%lld sys_enter_close2 -- id=%lld, fd=%lld\n", cid.pid, id, cid.fd);
+            // cw_bpf_debug("fucksocket pid=%lld sys_enter_close2 -- id=%lld, fd=%lld\n", cid.pid, id, cid.fd);
         }
-        cw_bpf_debug("socket accept socket sys_enter_close connection before cid.pid=%lld, cid.fd=%lld\n", conn->bytes_sent, conn->bytes_received);
+        // cw_bpf_debug("socket accept socket sys_enter_close connection before cid.pid=%lld, cid.fd=%lld\n", conn->bytes_sent, conn->bytes_received);
         struct tcp_event e = {};
         e.type = EVENT_TYPE_CONNECTION_CLOSE;
         e.pid = cid.pid;
@@ -293,7 +293,7 @@ int sys_enter_close(void *ctx) {
         bpf_perf_event_output(ctx, &tcp_connect_events, BPF_F_CURRENT_CPU, &e, sizeof(e));
         bpf_map_delete_elem(&active_connections, &cid);
     }
-    cw_bpf_debug("socket accept socket sys_enter_close accept_Connection before cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
+    // cw_bpf_debug("socket accept socket sys_enter_close accept_Connection before cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
     struct accept_connection *acceptConn = bpf_map_lookup_elem(&active_accepts, &cid);
     if (acceptConn) {
         // struct tcp_event e = {};
@@ -326,8 +326,8 @@ void u32_to_ip(__u32 ip, unsigned char* bytes) {
     bytes[10] = 0xFF;  
 
     // 使用sprintf将这些整数格式化为字符串  
-    cw_bpf_debug("[Go] [socket/IP: %u.%u", bytes[15], bytes[14]);  
-    cw_bpf_debug("[Go] [socket/IP: %u.%u", bytes[13], bytes[12]);  
+    // cw_bpf_debug("[Go] [socket/IP: %u.%u", bytes[15], bytes[14]);  
+    // cw_bpf_debug("[Go] [socket/IP: %u.%u", bytes[13], bytes[12]);  
 }  
 
 
@@ -350,9 +350,9 @@ struct ipv4_tuple_t {
 
 SEC("kretprobe/inet_csk_accept")
 int kprobeinet_csk_accept(struct pt_regs *ctx) {
-    cw_bpf_debug("socket inet_csk_accept Connection exit pid_tgid: pid_tgid=\n");
+    // cw_bpf_debug("socket inet_csk_accept Connection exit pid_tgid: pid_tgid=\n");
     __u64 pid_tgid = bpf_get_current_pid_tgid();
-    cw_bpf_debug("socket inet_csk_accept Connection exit pid_tgid: pid_tgid=%d\n", pid_tgid);
+    // cw_bpf_debug("socket inet_csk_accept Connection exit pid_tgid: pid_tgid=%d\n", pid_tgid);
     struct sock *sk = (struct sock *)PT_REGS_RC(ctx);
     // __u16 family = 0;
     // bpf_probe_read(&family, sizeof(family), &sk->__sk_common.skc_family);
@@ -417,14 +417,14 @@ struct sys_exit_accept_ctx {
 SEC("tracepoint/syscalls/sys_enter_accept4")  
 int tracepoint__sys_enter_accept4(struct sys_enter_accept4_ctx *ctx) {  
     __u64 pid_tgid = bpf_get_current_pid_tgid();  
-    cw_bpf_debug("[Go] [socket/tracepoint__sys_entry_accept4]getget: rdi_ptr::pid: %d,-- %d\n", pid_tgid, ctx->fd);
+    // cw_bpf_debug("[Go] [socket/tracepoint__sys_entry_accept4]getget: rdi_ptr::pid: %d,-- %d\n", pid_tgid, ctx->fd);
     return 0;  
 }  
 
 SEC("tracepoint/syscalls/sys_enter_accept")  
 int tracepoint__sys_enter_accept(struct sys_enter_accept_ctx *ctx) {  
     __u64 pid_tgid = bpf_get_current_pid_tgid();  
-    cw_bpf_debug("[Go] [socket/tracepoint__sys_entry_accept----]getget: rdi_ptr::pid: %d\n", pid_tgid);  
+    // cw_bpf_debug("[Go] [socket/tracepoint__sys_entry_accept----]getget: rdi_ptr::pid: %d\n", pid_tgid);  
     return 0;  
 } 
 
@@ -433,7 +433,7 @@ int sys_exit_accept(struct sys_exit_accept_ctx *ctx)
 {
     long fd = ctx->ret;  
     __u64 pid_tgid = bpf_get_current_pid_tgid();  
-    cw_bpf_debug("[Go] [socket/tracepoint__sys_exit_accept-----]getget: rdi_ptr::pid: %d,-- %d\n", pid_tgid, fd);
+    // cw_bpf_debug("[Go] [socket/tracepoint__sys_exit_accept-----]getget: rdi_ptr::pid: %d,-- %d\n", pid_tgid, fd);
     // bpf_map_update_elem(&fd_by_pid_tgid, &pid_tgid, &fd, BPF_ANY);
     struct sock **skp;  
     // 从 map 中获取 `struct sock` 指针  
@@ -442,10 +442,10 @@ int sys_exit_accept(struct sys_exit_accept_ctx *ctx)
         struct sock *sk = *skp;
         __u16 family = 0;
         bpf_probe_read(&family, sizeof(family), &sk->__sk_common.skc_family);
-        cw_bpf_debug("socket sys_exit_accept--- family: family=%d\n", family);
+        // cw_bpf_debug("socket sys_exit_accept--- family: family=%d\n", family);
         if (family == AF_INET)
         {
-            cw_bpf_debug("socket sys_exit_accept--- family: IPv4=%d\n", family);
+            // cw_bpf_debug("socket sys_exit_accept--- family: IPv4=%d\n", family);
         }
         struct ipv4_tuple_t tuple = {};  
         // 从 __sk_common 获取信息  
@@ -460,9 +460,9 @@ int sys_exit_accept(struct sys_exit_accept_ctx *ctx)
         __u64 hash;
         bpf_probe_read(&hash, sizeof(hash), &sk->__sk_common.skc_hash);
 
-        cw_bpf_debug("socket sys_exit_accept--- sk=%x, hash: %lld\n", sk, hash);
-        cw_bpf_debug("socket sys_exit_accept--- dport=%d, lport=%d\n", tuple.dport, tuple.sport);
-        cw_bpf_debug("socket sys_exit_accept--- saddr=%lld, daddr=%lld\n", tuple.saddr, tuple.daddr);
+        // cw_bpf_debug("socket sys_exit_accept--- sk=%x, hash: %lld\n", sk, hash);
+        // cw_bpf_debug("socket sys_exit_accept--- dport=%d, lport=%d\n", tuple.dport, tuple.sport);
+        // cw_bpf_debug("socket sys_exit_accept--- saddr=%lld, daddr=%lld\n", tuple.saddr, tuple.daddr);
         unsigned char saddr[16] = {};
         unsigned char daddr[16] = {};
         u32_to_ip(tuple.saddr, saddr);
@@ -481,13 +481,13 @@ int sys_exit_accept(struct sys_exit_accept_ctx *ctx)
         e.fd = fd;
         __builtin_memcpy(&e.saddr, &saddr, sizeof(e.saddr));
         __builtin_memcpy(&e.daddr, &daddr, sizeof(e.daddr));
-        cw_bpf_debug("socket sys_exit_accept--- addraddraddr saddr=%llu, saddr=%llu\n", e.saddr[10], e.saddr[11]);
-        cw_bpf_debug("socket sys_exit_accept--- addraddraddr saddr=%llu, saddr=%llu\n", e.saddr[12], e.saddr[13]);
-        cw_bpf_debug("socket sys_exit_accept--- addraddraddr saddr=%llu, saddr=%llu\n", e.saddr[14], e.saddr[15]);
+        // cw_bpf_debug("socket sys_exit_accept--- addraddraddr saddr=%llu, saddr=%llu\n", e.saddr[10], e.saddr[11]);
+        // cw_bpf_debug("socket sys_exit_accept--- addraddraddr saddr=%llu, saddr=%llu\n", e.saddr[12], e.saddr[13]);
+        // cw_bpf_debug("socket sys_exit_accept--- addraddraddr saddr=%llu, saddr=%llu\n", e.saddr[14], e.saddr[15]);
 
-        cw_bpf_debug("socket sys_exit_accept--- addraddraddr daddr=%llu, daddr=%llu\n", e.daddr[10], e.daddr[11]);
-        cw_bpf_debug("socket sys_exit_accept--- addraddraddr daddr=%llu, daddr=%llu\n", e.daddr[12], e.daddr[13]);
-        cw_bpf_debug("socket sys_exit_accept--- addraddraddr daddr=%llu, daddr=%llu\n", e.daddr[14], e.daddr[15]);
+        // cw_bpf_debug("socket sys_exit_accept--- addraddraddr daddr=%llu, daddr=%llu\n", e.daddr[10], e.daddr[11]);
+        // cw_bpf_debug("socket sys_exit_accept--- addraddraddr daddr=%llu, daddr=%llu\n", e.daddr[12], e.daddr[13]);
+        // cw_bpf_debug("socket sys_exit_accept--- addraddraddr daddr=%llu, daddr=%llu\n", e.daddr[14], e.daddr[15]);
 
         bpf_perf_event_output(ctx, map, BPF_F_CURRENT_CPU, &e, sizeof(e));
         struct connection_id cid = {};
@@ -499,9 +499,9 @@ int sys_exit_accept(struct sys_exit_accept_ctx *ctx)
         conn.dport = tuple.dport;
         __builtin_memcpy(&conn.saddr, &saddr, sizeof(conn.saddr));
         __builtin_memcpy(&conn.daddr, &daddr, sizeof(conn.daddr));
-        cw_bpf_debug("socket accept update active_accepts before cid.pid=%d, cid.fd=%lld\n", cid.pid, cid.fd);
+        // cw_bpf_debug("socket accept update active_accepts before cid.pid=%d, cid.fd=%lld\n", cid.pid, cid.fd);
         bpf_map_update_elem(&active_accepts, &cid, &conn, BPF_ANY);
-        cw_bpf_debug("socket accept update active_accepts after cid.pid=%d, cid.fd=%lld\n", cid.pid, cid.fd);
+        // cw_bpf_debug("socket accept update active_accepts after cid.pid=%d, cid.fd=%lld\n", cid.pid, cid.fd);
 
         // TODO 1: tcp_accept_events 把数据发到go层。update active_accept 定义一个 e.type
     }
@@ -517,7 +517,7 @@ SEC("tracepoint/syscalls/sys_exit_accept4")
 int tracepoint__sys_exit_accept4(struct sys_exit_accept4_ctx *ctx) {  
     long fd = ctx->ret;  
     __u64 pid_tgid = bpf_get_current_pid_tgid();  
-    cw_bpf_debug("[Go] [socket/tracepoint__sys_exit_accept4]getget: rdi_ptr::pid: %d,-- %d\n", pid_tgid, fd);
+    // cw_bpf_debug("[Go] [socket/tracepoint__sys_exit_accept4]getget: rdi_ptr::pid: %d,-- %d\n", pid_tgid, fd);
     // bpf_map_update_elem(&fd_by_pid_tgid, &pid_tgid, &fd, BPF_ANY);
     struct sock **skp;  
     // 从 map 中获取 `struct sock` 指针  
@@ -526,10 +526,10 @@ int tracepoint__sys_exit_accept4(struct sys_exit_accept4_ctx *ctx) {
         struct sock *sk = *skp;
         __u16 family = 0;
         bpf_probe_read(&family, sizeof(family), &sk->__sk_common.skc_family);
-        cw_bpf_debug("socket sys_exit_accept4 family: family=%d\n", family);
+        // cw_bpf_debug("socket sys_exit_accept4 family: family=%d\n", family);
         if (family == AF_INET)
         {
-            cw_bpf_debug("socket sys_exit_accept4 family: IPv4=%d\n", family);
+            // cw_bpf_debug("socket sys_exit_accept4 family: IPv4=%d\n", family);
         }
         struct ipv4_tuple_t tuple = {};  
         // 从 __sk_common 获取信息  
@@ -544,9 +544,9 @@ int tracepoint__sys_exit_accept4(struct sys_exit_accept4_ctx *ctx) {
         __u64 hash;
         bpf_probe_read(&hash, sizeof(hash), &sk->__sk_common.skc_hash);
 
-        cw_bpf_debug("socket sys_exit_accept4 sk=%x, hash: %lld\n", sk, hash);
-        cw_bpf_debug("socket sys_exit_accept4 dport=%d, lport=%d\n", tuple.dport, tuple.sport);
-        cw_bpf_debug("socket sys_exit_accept4 saddr=%lld, daddr=%lld\n", tuple.saddr, tuple.daddr);
+        // cw_bpf_debug("socket sys_exit_accept4 sk=%x, hash: %lld\n", sk, hash);
+        // cw_bpf_debug("socket sys_exit_accept4 dport=%d, lport=%d\n", tuple.dport, tuple.sport);
+        // cw_bpf_debug("socket sys_exit_accept4 saddr=%lld, daddr=%lld\n", tuple.saddr, tuple.daddr);
         unsigned char saddr[16] = {};
         unsigned char daddr[16] = {};
         u32_to_ip(tuple.saddr, saddr);
@@ -565,13 +565,13 @@ int tracepoint__sys_exit_accept4(struct sys_exit_accept4_ctx *ctx) {
         e.fd = fd;
         __builtin_memcpy(&e.saddr, &saddr, sizeof(e.saddr));
         __builtin_memcpy(&e.daddr, &daddr, sizeof(e.daddr));
-        cw_bpf_debug("socket sys_exit_accept4 addraddraddr saddr=%llu, saddr=%llu\n", e.saddr[10], e.saddr[11]);
-        cw_bpf_debug("socket sys_exit_accept4 addraddraddr saddr=%llu, saddr=%llu\n", e.saddr[12], e.saddr[13]);
-        cw_bpf_debug("socket sys_exit_accept4 addraddraddr saddr=%llu, saddr=%llu\n", e.saddr[14], e.saddr[15]);
+        // cw_bpf_debug("socket sys_exit_accept4 addraddraddr saddr=%llu, saddr=%llu\n", e.saddr[10], e.saddr[11]);
+        // cw_bpf_debug("socket sys_exit_accept4 addraddraddr saddr=%llu, saddr=%llu\n", e.saddr[12], e.saddr[13]);
+        // cw_bpf_debug("socket sys_exit_accept4 addraddraddr saddr=%llu, saddr=%llu\n", e.saddr[14], e.saddr[15]);
 
-        cw_bpf_debug("socket sys_exit_accept4 addraddraddr daddr=%llu, daddr=%llu\n", e.daddr[10], e.daddr[11]);
-        cw_bpf_debug("socket sys_exit_accept4 addraddraddr daddr=%llu, daddr=%llu\n", e.daddr[12], e.daddr[13]);
-        cw_bpf_debug("socket sys_exit_accept4 addraddraddr daddr=%llu, daddr=%llu\n", e.daddr[14], e.daddr[15]);
+        // cw_bpf_debug("socket sys_exit_accept4 addraddraddr daddr=%llu, daddr=%llu\n", e.daddr[10], e.daddr[11]);
+        // cw_bpf_debug("socket sys_exit_accept4 addraddraddr daddr=%llu, daddr=%llu\n", e.daddr[12], e.daddr[13]);
+        // cw_bpf_debug("socket sys_exit_accept4 addraddraddr daddr=%llu, daddr=%llu\n", e.daddr[14], e.daddr[15]);
 
         bpf_perf_event_output(ctx, map, BPF_F_CURRENT_CPU, &e, sizeof(e));
         struct connection_id cid = {};
@@ -583,9 +583,9 @@ int tracepoint__sys_exit_accept4(struct sys_exit_accept4_ctx *ctx) {
         conn.dport = tuple.dport;
         __builtin_memcpy(&conn.saddr, &saddr, sizeof(conn.saddr));
         __builtin_memcpy(&conn.daddr, &daddr, sizeof(conn.daddr));
-        cw_bpf_debug("socket accept update active_accepts before cid.pid=%d, cid.fd=%lld\n", cid.pid, cid.fd);
+        // cw_bpf_debug("socket accept update active_accepts before cid.pid=%d, cid.fd=%lld\n", cid.pid, cid.fd);
         bpf_map_update_elem(&active_accepts, &cid, &conn, BPF_ANY);
-        cw_bpf_debug("socket accept update active_accepts after cid.pid=%d, cid.fd=%lld\n", cid.pid, cid.fd);
+        // cw_bpf_debug("socket accept update active_accepts after cid.pid=%d, cid.fd=%lld\n", cid.pid, cid.fd);
 
         // TODO 1: tcp_accept_events 把数据发到go层。update active_accept 定义一个 e.type
     }

ebpftracer/ebpf/uprobe_base_bpf.c

@@ -614,8 +614,8 @@ int enter_runtime_runqget(struct pt_regs *ctx)
 		struct go_key key = { .tgid = tgid, .goid = next_goid };
 		// caller id
 		__u64 caller_goid = goidcache - 1;
-		cw_bpf_debug("[Go] [runtime.runqget.enter] [save] [(caller_goid):%llu ----->:%llu(next_goid)]", caller_goid,
-		           next_goid);
+		// cw_bpf_debug("[Go] [runtime.runqget.enter] [save] [(caller_goid):%llu ----->:%llu(next_goid)]", caller_goid,
+		        //    next_goid);
 		if (caller_goid == next_goid)
 			return 0;
 		bpf_map_update_elem(&go_ancerstor_by_runq_map, &key, &caller_goid, BPF_ANY);

ebpftracer/ebpf/utrace/go/include/alloc.h

@@ -113,7 +113,7 @@ static __always_inline void *write_target_data(void *data, s32 size)
     u64 end = get_area_end(start,start_from_proc,end_from_proc);
     if (end - start < size)
     {
-        cw_bpf_debug("reached end of CPU memory block, going to the start again");
+        // cw_bpf_debug("reached end of CPU memory block, going to the start again");
         s32 start_index = 0;
         bpf_map_delete_elem(&alloc_map, &start_index);
         start = get_area_start(start_from_proc, end_from_proc);
@@ -129,7 +129,7 @@ static __always_inline void *write_target_data(void *data, s32 size)
     }
     u64 target_u = (u64)target;
     if (target_u > end_from_proc || target_u < start_from_proc) {
-	    cw_bpf_debug("TARGET ADDRESS IS OUT OF BOUNDS: 0x%llx", target);
+	    // cw_bpf_debug("TARGET ADDRESS IS OUT OF BOUNDS: 0x%llx", target);
         return NULL;
     }
 
@@ -151,7 +151,7 @@ static __always_inline void *write_target_data(void *data, s32 size)
     }
     else
     {
-	    cw_bpf_debug("failed to write to userspace, error code: %d, addr: %lx, size: %d", success, target, size);
+	    // cw_bpf_debug("failed to write to userspace, error code: %d, addr: %lx, size: %d", success, target, size);
         return NULL;
     }
 }
@@ -176,7 +176,7 @@ static __always_inline void *cw_write_target_data(void *data, s32 size, struct e
     u64 end = get_area_end(start,start_from_proc,end_from_proc);
     if (end - start < size)
     {
-        cw_bpf_debug("reached end of CPU memory block, going to the start again");
+        // cw_bpf_debug("reached end of CPU memory block, going to the start again");
         s32 start_index = 0;
         bpf_map_delete_elem(&alloc_map, &start_index);
         start = get_area_start(start_from_proc, end_from_proc);
@@ -192,7 +192,7 @@ static __always_inline void *cw_write_target_data(void *data, s32 size, struct e
     }
     u64 target_u = (u64)target;
     if (target_u > end_from_proc || target_u < start_from_proc) {
-	    cw_bpf_debug("TARGET ADDRESS IS OUT OF BOUNDS: 0x%llx", target);
+	    // cw_bpf_debug("TARGET ADDRESS IS OUT OF BOUNDS: 0x%llx", target);
         return NULL;
     }
 

ebpftracer/ebpf/utrace/go/include/go_context.h

@@ -119,7 +119,7 @@ static __always_inline struct span_context *get_parent_span_context(void *ctx) {
 
 static __always_inline void start_tracking_span(void *contextContext, struct span_context *sc) {
     long err = 0;
-    cw_bpf_debug("Save data");
+    // cw_bpf_debug("Save data");
     err = bpf_map_update_elem(&tracked_spans, &contextContext, sc, BPF_ANY);
     if (err != 0)
     {
@@ -139,21 +139,21 @@ static __always_inline void start_tracking_span(void *contextContext, struct spa
     err = bpf_map_update_elem(&tracked_spans_by_sc, sc, &contextContext, BPF_ANY);
     if (err != 0)
     {
-        cw_bpf_debug("Failed to update tracked_spans_by_sc map: %ld", err);
+        // cw_bpf_debug("Failed to update tracked_spans_by_sc map: %ld", err);
         return;
     }
 }
 
 static __always_inline void stop_tracking_span(struct span_context *sc, struct span_context *psc) {
     if (sc == NULL) {
-        cw_bpf_debug("stop_tracking_span: sc is null");
+        // cw_bpf_debug("stop_tracking_span: sc is null");
         return;
     }
 
     void *ctx = bpf_map_lookup_elem(&tracked_spans_by_sc, sc);
     if (ctx == NULL)
     {
-        cw_bpf_debug("stop_tracking_span: cant find span context");
+        // cw_bpf_debug("stop_tracking_span: cant find span context");
         return;
     }
 

ebpftracer/ebpf/utrace/go/net/client.probe.bpf.c

@@ -67,12 +67,12 @@ static __always_inline long inject_header(void* headers_ptr, struct span_context
     long res = bpf_probe_read_user(&curr_keyvalue_count, sizeof(curr_keyvalue_count), headers_ptr);
 
     if (res < 0) {
-        cw_bpf_debug("Couldn't read map key-value count from user");
+        // cw_bpf_debug("Couldn't read map key-value count from user");
         return -1;
     }
 
     if (curr_keyvalue_count >= 8) {
-        cw_bpf_debug("Map size is bigger than 8, skipping context propagation");
+        // cw_bpf_debug("Map size is bigger than 8, skipping context propagation");
         return -1;
     }
 
@@ -99,13 +99,13 @@ static __always_inline long inject_header(void* headers_ptr, struct span_context
         // No key-value pairs in the Go map, need to "allocate" memory for the user
         bucket_ptr = write_target_data(bucket_map_value, sizeof(struct map_bucket));
         if (bucket_ptr == NULL) {
-            cw_bpf_debug("inject_header: Failed to write bucket to user");
+            // cw_bpf_debug("inject_header: Failed to write bucket to user");
             return -1;
         }
         // Update the buckets pointer in the hmap struct to point to newly allocated bucket
         res = bpf_probe_write_user(buckets_ptr_ptr, &bucket_ptr, sizeof(bucket_ptr));
         if (res < 0) {
-            cw_bpf_debug("Failed to update the map bucket pointer for the user");
+            // cw_bpf_debug("Failed to update the map bucket pointer for the user");
             return -1;
         }
     } else {
@@ -125,7 +125,7 @@ static __always_inline long inject_header(void* headers_ptr, struct span_context
     char key[W3C_KEY_LENGTH] = "traceparent";
     void *ptr = write_target_data(key, W3C_KEY_LENGTH);
     if (ptr == NULL) {
-        cw_bpf_debug("inject_header: Failed to write key to user");
+        // cw_bpf_debug("inject_header: Failed to write key to user");
         return -1;
     }
     bucket_map_value->keys[bucket_index] = (struct go_string_ot) {.len = W3C_KEY_LENGTH, .str = ptr};
@@ -136,7 +136,7 @@ static __always_inline long inject_header(void* headers_ptr, struct span_context
     span_context_to_w3c_string(propagated_ctx, val);
     ptr = write_target_data(val, sizeof(val));
     if(ptr == NULL) {
-        cw_bpf_debug("inject_header: Failed to write value to user");
+        // cw_bpf_debug("inject_header: Failed to write value to user");
         return -1;
     }
 
@@ -144,7 +144,7 @@ static __always_inline long inject_header(void* headers_ptr, struct span_context
     struct go_string_ot header_value = {.len = W3C_VAL_LENGTH, .str = ptr};
     ptr = write_target_data((void*)&header_value, sizeof(header_value));
     if(ptr == NULL) {
-        cw_bpf_debug("inject_header: Failed to write go_string to user");
+        // cw_bpf_debug("inject_header: Failed to write go_string to user");
         return -1;
     }
 
@@ -155,14 +155,14 @@ static __always_inline long inject_header(void* headers_ptr, struct span_context
     curr_keyvalue_count += 1;
     res = bpf_probe_write_user(headers_ptr, &curr_keyvalue_count, sizeof(curr_keyvalue_count));
     if (res < 0) {
-        cw_bpf_debug("Failed to update key-value count in map header");
+        // cw_bpf_debug("Failed to update key-value count in map header");
         return -1;
     }
 
     // Update the bucket
     res = bpf_probe_write_user(bucket_ptr, bucket_map_value, sizeof(struct map_bucket));
     if (res < 0) {
-        cw_bpf_debug("Failed to update bucket content");
+        // cw_bpf_debug("Failed to update bucket content");
         return -1;
     }
 
@@ -176,12 +176,12 @@ static __always_inline long cw_inject_header(void* headers_ptr, struct apm_span_
     long res = bpf_probe_read_user(&curr_keyvalue_count, sizeof(curr_keyvalue_count), headers_ptr);
 
     if (res < 0) {
-        cw_bpf_debug("Couldn't read map key-value count from user");
+        // cw_bpf_debug("Couldn't read map key-value count from user");
         return -1;
     }
 
     if (curr_keyvalue_count >= 8) {
-        cw_bpf_debug("Map size is bigger than 8, skipping context propagation");
+        // cw_bpf_debug("Map size is bigger than 8, skipping context propagation");
         return -1;
     }
 
@@ -209,13 +209,13 @@ static __always_inline long cw_inject_header(void* headers_ptr, struct apm_span_
         // No key-value pairs in the Go map, need to "allocate" memory for the user
         bucket_ptr = write_target_data(bucket_map_value, sizeof(struct map_bucket));
         if (bucket_ptr == NULL) {
-            cw_bpf_debug("inject_header: Failed to write bucket to user");
+            // cw_bpf_debug("inject_header: Failed to write bucket to user");
             return -1;
         }
         // Update the buckets pointer in the hmap struct to point to newly allocated bucket
         res = bpf_probe_write_user(buckets_ptr_ptr, &bucket_ptr, sizeof(bucket_ptr));
         if (res < 0) {
-            cw_bpf_debug("Failed to update the map bucket pointer for the user");
+            // cw_bpf_debug("Failed to update the map bucket pointer for the user");
             return -1;
         }
     } else {
@@ -235,7 +235,7 @@ static __always_inline long cw_inject_header(void* headers_ptr, struct apm_span_
     char key[W3C_KEY_LENGTH] = "traceparent";
     void *ptr = write_target_data(key, W3C_KEY_LENGTH);
     if (ptr == NULL) {
-        cw_bpf_debug("inject_header: Failed to write key to user");
+        // cw_bpf_debug("inject_header: Failed to write key to user");
         return -1;
     }
     bucket_map_value->keys[bucket_index] = (struct go_string_ot) {.len = W3C_KEY_LENGTH, .str = ptr};
@@ -246,7 +246,7 @@ static __always_inline long cw_inject_header(void* headers_ptr, struct apm_span_
 	span_context_to_cw_string(propagated_ctx, val);
     ptr = write_target_data(val, sizeof(val));
     if(ptr == NULL) {
-        cw_bpf_debug("inject_header: Failed to write value to user");
+        // cw_bpf_debug("inject_header: Failed to write value to user");
         return -1;
     }
 
@@ -254,7 +254,7 @@ static __always_inline long cw_inject_header(void* headers_ptr, struct apm_span_
     struct go_string_ot header_value = {.len = CW_HEADER_LENGTH, .str = ptr};
     ptr = write_target_data((void*)&header_value, sizeof(header_value));
     if(ptr == NULL) {
-        cw_bpf_debug("inject_header: Failed to write go_string to user");
+        // cw_bpf_debug("inject_header: Failed to write go_string to user");
         return -1;
     }
 
@@ -265,14 +265,14 @@ static __always_inline long cw_inject_header(void* headers_ptr, struct apm_span_
     curr_keyvalue_count += 1;
     res = bpf_probe_write_user(headers_ptr, &curr_keyvalue_count, sizeof(curr_keyvalue_count));
     if (res < 0) {
-        cw_bpf_debug("Failed to update key-value count in map header");
+        // cw_bpf_debug("Failed to update key-value count in map header");
         return -1;
     }
 
     // Update the bucket
     res = bpf_probe_write_user(bucket_ptr, bucket_map_value, sizeof(struct map_bucket));
     if (res < 0) {
-        cw_bpf_debug("Failed to update bucket content");
+        // cw_bpf_debug("Failed to update bucket content");
         return -1;
     }
 
@@ -287,12 +287,12 @@ static __always_inline long cw_inject_header2(void* headers_ptr, struct apm_span
     long res = bpf_probe_read_user(&curr_keyvalue_count, sizeof(curr_keyvalue_count), headers_ptr);
 
     if (res < 0) {
-        cw_bpf_debug("Couldn't read map key-value count from user");
+        // cw_bpf_debug("Couldn't read map key-value count from user");
         return -1;
     }
 
     if (curr_keyvalue_count >= 8) {
-        cw_bpf_debug("Map size is bigger than 8, skipping context propagation");
+        // cw_bpf_debug("Map size is bigger than 8, skipping context propagation");
         return -1;
     }
 
@@ -319,13 +319,13 @@ static __always_inline long cw_inject_header2(void* headers_ptr, struct apm_span
         // No key-value pairs in the Go map, need to "allocate" memory for the user
         bucket_ptr = write_target_data(bucket_map_value, sizeof(struct map_bucket));
         if (bucket_ptr == NULL) {
-            cw_bpf_debug("inject_header: Failed to write bucket to user");
+            // cw_bpf_debug("inject_header: Failed to write bucket to user");
             return -1;
         }
         // Update the buckets pointer in the hmap struct to point to newly allocated bucket
         res = bpf_probe_write_user(buckets_ptr_ptr, &bucket_ptr, sizeof(bucket_ptr));
         if (res < 0) {
-            cw_bpf_debug("Failed to update the map bucket pointer for the user");
+            // cw_bpf_debug("Failed to update the map bucket pointer for the user");
             return -1;
         }
     } else {
@@ -345,7 +345,7 @@ static __always_inline long cw_inject_header2(void* headers_ptr, struct apm_span
     char key[CW_HEADER_KEY_LENGTH] = CW_HEADER_KEY_VAL;
     void *ptr = write_target_data(key, CW_HEADER_KEY_LENGTH);
     if (ptr == NULL) {
-        cw_bpf_debug("inject_header: Failed to write key to user");
+        // cw_bpf_debug("inject_header: Failed to write key to user");
         return -1;
     }
     bucket_map_value->keys[bucket_index] = (struct go_string_ot) {.len = CW_HEADER_KEY_LENGTH, .str = ptr};
@@ -361,7 +361,7 @@ static __always_inline long cw_inject_header2(void* headers_ptr, struct apm_span
 	span_context_to_cw_string(propagated_ctx, val);
     ptr = write_target_data(val, sizeof(val));
     if(ptr == NULL) {
-        cw_bpf_debug("inject_header: Failed to write value to user");
+        // cw_bpf_debug("inject_header: Failed to write value to user");
         return -1;
     }
 
@@ -369,7 +369,7 @@ static __always_inline long cw_inject_header2(void* headers_ptr, struct apm_span
     struct go_string_ot header_value = {.len = CW_HEADER_VAL_LENGTH, .str = ptr};
     ptr = write_target_data((void*)&header_value, sizeof(header_value));
     if(ptr == NULL) {
-        cw_bpf_debug("inject_header: Failed to write go_string to user");
+        // cw_bpf_debug("inject_header: Failed to write go_string to user");
         return -1;
     }
 
@@ -380,14 +380,14 @@ static __always_inline long cw_inject_header2(void* headers_ptr, struct apm_span
     curr_keyvalue_count += 1;
     res = bpf_probe_write_user(headers_ptr, &curr_keyvalue_count, sizeof(curr_keyvalue_count));
     if (res < 0) {
-        cw_bpf_debug("Failed to update key-value count in map header");
+        // cw_bpf_debug("Failed to update key-value count in map header");
         return -1;
     }
 
     // Update the bucket
     res = bpf_probe_write_user(bucket_ptr, bucket_map_value, sizeof(struct map_bucket));
     if (res < 0) {
-        cw_bpf_debug("Failed to update bucket content");
+        // cw_bpf_debug("Failed to update bucket content");
         return -1;
     }
 
@@ -402,12 +402,12 @@ static __always_inline long cw_inject_header_half(void* headers_ptr, char * head
     long res = bpf_probe_read_user(&curr_keyvalue_count, sizeof(curr_keyvalue_count), headers_ptr);
 
     if (res < 0) {
-        cw_bpf_debug("Couldn't read map key-value count from user");
+        // cw_bpf_debug("Couldn't read map key-value count from user");
         return -1;
     }
 
     if (curr_keyvalue_count >= 8) {
-        cw_bpf_debug("Map size is bigger than 8, skipping context propagation");
+        // cw_bpf_debug("Map size is bigger than 8, skipping context propagation");
         return -1;
     }
 
@@ -434,13 +434,13 @@ static __always_inline long cw_inject_header_half(void* headers_ptr, char * head
         // No key-value pairs in the Go map, need to "allocate" memory for the user
         bucket_ptr = cw_write_target_data(bucket_map_value, sizeof(struct map_bucket),proc_info);
         if (bucket_ptr == NULL) {
-            cw_bpf_debug("inject_header: Failed to write bucket to user");
+            // cw_bpf_debug("inject_header: Failed to write bucket to user");
             return -1;
         }
         // Update the buckets pointer in the hmap struct to point to newly allocated bucket
         res = bpf_probe_write_user(buckets_ptr_ptr, &bucket_ptr, sizeof(bucket_ptr));
         if (res < 0) {
-            cw_bpf_debug("Failed to update the map bucket pointer for the user");
+            // cw_bpf_debug("Failed to update the map bucket pointer for the user");
             return -1;
         }
     } else {
@@ -461,7 +461,7 @@ static __always_inline long cw_inject_header_half(void* headers_ptr, char * head
 	bucket_map_value->curr_keyvalue_count = curr_keyvalue_count;
 	bucket_map_value->bucket_index = bucket_index;
 	bpf_probe_read(bucket_map_value->header_str, sizeof(bucket_map_value->header_str),header_str);
-	cw_bpf_debug("bucket_map_value->header_str %s",bucket_map_value->header_str);
+	// cw_bpf_debug("bucket_map_value->header_str %s",bucket_map_value->header_str);
 //	bucket_map_value->header_str = header_str;
 
 //	void * header_str_ptr = cw_write_target_data(header_str, CW_HEADER_VAL_LENGTH,proc_info);
@@ -480,7 +480,7 @@ static __always_inline long cw_inject_header_half(void* headers_ptr, char * head
     char key[CW_HEADER_KEY_LENGTH] = CW_HEADER_KEY_VAL;
     void *ptr = cw_write_target_data(key, CW_HEADER_KEY_LENGTH,proc_info);
     if (ptr == NULL) {
-        cw_bpf_debug("inject_header: Failed to write key to user");
+        // cw_bpf_debug("inject_header: Failed to write key to user");
         return -1;
     }
 //    bucket_map_value->keys[bucket_index] = (struct go_string_ot) {.len = CW_HEADER_KEY_LENGTH, .str = ptr};
@@ -502,7 +502,7 @@ static __always_inline long cw_inject_header_half(void* headers_ptr, char * head
 // 往前提
     ptr = cw_write_target_data(header_str, CW_HEADER_VAL_LENGTH,proc_info);
     if(ptr == NULL) {
-        cw_bpf_debug("inject_header: Failed to write value to user");
+        // cw_bpf_debug("inject_header: Failed to write value to user");
         return -1;
     }
 
@@ -511,7 +511,7 @@ static __always_inline long cw_inject_header_half(void* headers_ptr, char * head
     struct go_string_ot header_value = {.len = CW_HEADER_VAL_LENGTH, .str = ptr};
     ptr = cw_write_target_data((void*)&header_value, sizeof(header_value),proc_info);
     if(ptr == NULL) {
-        cw_bpf_debug("inject_header: Failed to write go_string to user");
+        // cw_bpf_debug("inject_header: Failed to write go_string to user");
         return -1;
     }
 
@@ -522,14 +522,14 @@ static __always_inline long cw_inject_header_half(void* headers_ptr, char * head
     curr_keyvalue_count += 1;
     res = bpf_probe_write_user(headers_ptr, &curr_keyvalue_count, sizeof(curr_keyvalue_count));
     if (res < 0) {
-        cw_bpf_debug("Failed to update key-value count in map header");
+        // cw_bpf_debug("Failed to update key-value count in map header");
         return -1;
     }
 
     // Update the bucket
     res = bpf_probe_write_user(bucket_ptr, bucket_map_value, sizeof(struct map_bucket));
     if (res < 0) {
-        cw_bpf_debug("Failed to update bucket content");
+        // cw_bpf_debug("Failed to update bucket content");
         return -1;
     }
 
@@ -541,7 +541,7 @@ static __always_inline long cw_inject_header_half(void* headers_ptr, char * head
 // func net/http/transport.roundTrip(req *Request) (*Response, error)
 SEC("uprobe/Transport_roundTrip")
 int uprobe_Transport_roundTrip(struct pt_regs *ctx) {
-	cw_bpf_debug("--------[Uprobe HTTP Client] start %llu",get_current_goroutine());
+	// cw_bpf_debug("--------[Uprobe HTTP Client] start %llu",get_current_goroutine());
 
     u64 request_pos = 2;
     void *req_ptr = get_argument(ctx, request_pos);
@@ -565,7 +565,7 @@ int uprobe_Transport_roundTrip(struct pt_regs *ctx) {
     void *httpReq_ptr = bpf_map_lookup_elem(&http_events, &key);
     if (httpReq_ptr != NULL)
     {
-	    cw_bpf_debug("uprobe/Transport_RoundTrip already tracked with the current context");
+	    // cw_bpf_debug("uprobe/Transport_RoundTrip already tracked with the current context");
         return 0;
     }
     // return 0;
@@ -573,7 +573,7 @@ int uprobe_Transport_roundTrip(struct pt_regs *ctx) {
     struct http_request_t *httpReq = bpf_map_lookup_elem(&http_client_uprobe_storage_map, &map_id);
     if (httpReq == NULL)
     {
-        cw_bpf_debug("uprobe/Transport_roundTrip: httpReq is NULL");
+        // cw_bpf_debug("uprobe/Transport_roundTrip: httpReq is NULL");
         return 0;
     }
 
@@ -626,10 +626,10 @@ int uprobe_Transport_roundTrip(struct pt_regs *ctx) {
 
     // get host from Request
     if (!get_go_string_from_user_ptr((void *)(req_ptr+proc_info->request_host_pos), httpReq->host, sizeof(httpReq->host))) {
-        cw_bpf_debug("uprobe_Transport_roundTrip: Failed to get host from Request");
+        // cw_bpf_debug("uprobe_Transport_roundTrip: Failed to get host from Request");
     }
 	// TODO set request_host_pos
-	cw_bpf_debug("[Client] httpReq->host:%llu",proc_info->request_host_pos);
+	// cw_bpf_debug("[Client] httpReq->host:%llu",proc_info->request_host_pos);
 //	for (int i = 0; i < MAX_HOSTNAME_SIZE; ++i) {
 //		if (httpReq->host[i] == '\0') {
 //			break;
@@ -683,7 +683,7 @@ int uprobe_Transport_roundTrip(struct pt_regs *ctx) {
 
 	long res2 = cw_inject_header_half(headers_ptr, val,proc_info);
 	if (res2 < 0) {
-		cw_bpf_debug("uprobe_Transport_roundTrip: Failed to inject header");
+		// cw_bpf_debug("uprobe_Transport_roundTrip: Failed to inject header");
 		return -1;
 	}
 // Write event
@@ -778,7 +778,7 @@ PROGUP(go_update_header)(struct pt_regs *ctx) {
 	struct go_string_ot header_value = {.len = CW_HEADER_VAL_LENGTH, .str = header_str_ptr};
 	void * header_value_ptr = cw_write_target_data((void*)&header_value, sizeof(header_value),proc_info);
 	if(header_value_ptr == NULL) {
-		cw_bpf_debug("inject_header: Failed to write go_string to user");
+		// cw_bpf_debug("inject_header: Failed to write go_string to user");
 		return -1;
 	}
 
@@ -796,14 +796,14 @@ PROGUP(go_update_header)(struct pt_regs *ctx) {
 	curr_keyvalue_count = curr_keyvalue_count + 1;
 	long res = bpf_probe_write_user(headers_ptr, &curr_keyvalue_count, sizeof(curr_keyvalue_count));
 	if (res < 0) {
-		cw_bpf_debug("Failed to update key-value count in map header");
+		// cw_bpf_debug("Failed to update key-value count in map header");
 		return -1;
 	}
 
 	// Update the bucket
 	res = bpf_probe_write_user(bucket_ptr, bucket_map_value, sizeof(struct map_bucket));
 	if (res < 0) {
-		cw_bpf_debug("Failed to update bucket content");
+		// cw_bpf_debug("Failed to update bucket content");
 		return -1;
 	}
 
@@ -815,7 +815,7 @@ PROGUP(go_update_header)(struct pt_regs *ctx) {
 // func net/http/transport.roundTrip(req *Request) (*Response, error)
 SEC("uprobe/Transport_roundTrip")
 int uprobe_Transport_roundTrip_Returns(struct pt_regs *ctx) {
-	cw_bpf_debug("[Uprobe HTTP Client] start Return----------%llu",get_current_goroutine());
+	// cw_bpf_debug("[Uprobe HTTP Client] start Return----------%llu",get_current_goroutine());
 	clear_current_span_context();
     u64 end_time = bpf_ktime_get_ns();
 
@@ -833,7 +833,7 @@ int uprobe_Transport_roundTrip_Returns(struct pt_regs *ctx) {
 
     struct http_request_t *http_req_span = bpf_map_lookup_elem(&http_events, &key);
     if (http_req_span == NULL) {
-        cw_bpf_debug("probe_Transport_roundTrip_Returns: entry_state is NULL");
+        // cw_bpf_debug("probe_Transport_roundTrip_Returns: entry_state is NULL");
         return 0;
     }
 
@@ -847,7 +847,7 @@ int uprobe_Transport_roundTrip_Returns(struct pt_regs *ctx) {
     http_req_span->end_time = end_time;
 
 //    bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, http_req_span, sizeof(*http_req_span));
-	cw_bpf_debug("goid:%llu path",get_current_goroutine());
+	// cw_bpf_debug("goid:%llu path",get_current_goroutine());
 
 	stop_tracking_span(&http_req_span->sc, &http_req_span->psc);
 

ebpftracer/ebpf/utrace/go/net/jvmstack.probe.bpf.c

@@ -28,7 +28,7 @@ struct bpf_map_def SEC("maps") jvmevent_stack = {
 SEC("uprobe/setNodeEnter")
 int setNodeEnter(struct pt_regs *ctx)
 {
-    cw_bpf_debug("[Go] [uprobe/setNodeEnter] enter");
+    // cw_bpf_debug("[Go] [uprobe/setNodeEnter] enter");
 	__u64 pid_tgid = bpf_get_current_pid_tgid();
     __u64 pid = pid_tgid >> 32;
 
@@ -37,18 +37,18 @@ int setNodeEnter(struct pt_regs *ctx)
 		return 0;
 	}
 
-	cw_bpf_debug("[Go] [uprobe/setNodeEnter]: proc_info_map::%ld, %d, %d\n", info->code_type);
+	// cw_bpf_debug("[Go] [uprobe/setNodeEnter]: proc_info_map::%ld, %d, %d\n", info->code_type);
 
 	__u64 trace_id = get_apm_trace_id(pid, pid_tgid);
 
-	cw_bpf_debug("[Go] [uprobe/setNodeEnter]: get_apm_trace_id::%ld, %d, %d\n", trace_id, pid, pid_tgid);
-	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][setNodeEnter][HTTP]pid:[%d]--[%lld]--[%x]", pid_tgid, bpf_ktime_get_ns(), PT_REGS_IP(ctx));
+	// cw_bpf_debug("[Go] [uprobe/setNodeEnter]: get_apm_trace_id::%ld, %d, %d\n", trace_id, pid, pid_tgid);
+	// cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][setNodeEnter][HTTP]pid:[%d]--[%lld]--[%x]", pid_tgid, bpf_ktime_get_ns(), PT_REGS_IP(ctx));
 
 	__u32 key = 0;
 	struct event *e = bpf_map_lookup_elem(&jvmevent_stack, &key);
 	if (!e)
 	{
-		cw_bpf_debug("[Go] [uprobe/setNodeEnter]: conot get event");
+		// cw_bpf_debug("[Go] [uprobe/setNodeEnter]: conot get event");
 		return 0;
 	}
 	__builtin_memset(e, 0, sizeof(*e));
@@ -74,12 +74,12 @@ int setNodeEnter(struct pt_regs *ctx)
     bpf_probe_read_user(&arg7, sizeof(arg7), (void *)(PT_REGS_SP(ctx) + 8));  
     bpf_probe_read_user(&arg8, sizeof(arg8), (void *)(PT_REGS_SP(ctx) + 16)); 
 
-	cw_bpf_debug("[Go] [uprobe/setNodeEnter]: e->arg7: arg8: %d, %d", arg7, arg8);
+	// cw_bpf_debug("[Go] [uprobe/setNodeEnter]: e->arg7: arg8: %d, %d", arg7, arg8);
 
-	cw_bpf_debug("[Go] [uprobe/setNodeEnter]: e->caller_bp: %d", e->caller_bp);
-	cw_bpf_debug("[Go] [uprobe/setNodeEnter]: e->bp: %d", e->bp);
-	cw_bpf_debug("[Go] [uprobe/setNodeEnter]: e->ip: %d", e->ip);
-	cw_bpf_debug("[Go] [uprobe/setNodeEnter]: yes");
+	// cw_bpf_debug("[Go] [uprobe/setNodeEnter]: e->caller_bp: %d", e->caller_bp);
+	// cw_bpf_debug("[Go] [uprobe/setNodeEnter]: e->bp: %d", e->bp);
+	// cw_bpf_debug("[Go] [uprobe/setNodeEnter]: e->ip: %d", e->ip);
+	// cw_bpf_debug("[Go] [uprobe/setNodeEnter]: yes");
 
 	struct jvm_trace_stack_entry_key_t trace_key = {};
 	trace_key.caller_bp = e->caller_bp;
@@ -87,13 +87,13 @@ int setNodeEnter(struct pt_regs *ctx)
 	trace_key.pid = pid;
 	trace_key.trace_id = trace_id;
 
-	cw_bpf_debug("[Go] [uprobe/ent]: trace_keytrace_keytrace_key: trace_id: %llu", trace_key.trace_id);
-	cw_bpf_debug("[Go] [uprobe/setNodeEnter]: trace_keytrace_keytrace_key: caller_bp: %d, bp: %d, pid: %lld", trace_key.caller_bp, trace_key.bp, trace_key.pid);
+	// cw_bpf_debug("[Go] [uprobe/ent]: trace_keytrace_keytrace_key: trace_id: %llu", trace_key.trace_id);
+	// cw_bpf_debug("[Go] [uprobe/setNodeEnter]: trace_keytrace_keytrace_key: caller_bp: %d, bp: %d, pid: %lld", trace_key.caller_bp, trace_key.bp, trace_key.pid);
 
 	struct event *event_p = bpf_map_lookup_elem(&jvmwww_trace_stack_entry, &trace_key);
 
 	if (event_p) {
-		cw_bpf_debug("[Go] [uprobe/ent]:Error get alike funEntry %x, %d, %d", event_p->ip, event_p->caller_bp, event_p->bp);
+		// cw_bpf_debug("[Go] [uprobe/ent]:Error get alike funEntry %x, %d, %d", event_p->ip, event_p->caller_bp, event_p->bp);
 	}
 
 	struct event event_current = {};
@@ -112,20 +112,20 @@ int setNodeEnter(struct pt_regs *ctx)
 	struct event *event_p2 = bpf_map_lookup_elem(&jvmwww_trace_stack_entry, &trace_key);
 
 	if (event_p2) {
-		cw_bpf_debug("[Go] [uprobe/setNodeEnter---]:Error get alike funEntry %x, %d, %d", event_p2->ip, event_p2->caller_bp, event_p2->bp);
+		// cw_bpf_debug("[Go] [uprobe/setNodeEnter---]:Error get alike funEntry %x, %d, %d", event_p2->ip, event_p2->caller_bp, event_p2->bp);
 		// return 0;
 	} else {
-		cw_bpf_debug("[Go] [uprobe/setNodeEnter+++]:Error get alike funEntry");
+		// cw_bpf_debug("[Go] [uprobe/setNodeEnter+++]:Error get alike funEntry");
 	}
 
-	cw_bpf_debug("[Go] [uprobe/setNodeEnter] end");
+	// cw_bpf_debug("[Go] [uprobe/setNodeEnter] end");
 	return 1;
 }
 
 SEC("uprobe/setNodeReturn")
 int setNodeReturn(struct pt_regs *ctx)
 {
-    cw_bpf_debug("[Go] [uprobe/setNodeReturn] enter");
+    // cw_bpf_debug("[Go] [uprobe/setNodeReturn] enter");
 	__u64 pid_tgid = bpf_get_current_pid_tgid();
     __u64 pid = pid_tgid >> 32;
 
@@ -134,7 +134,7 @@ int setNodeReturn(struct pt_regs *ctx)
 	struct event *e = bpf_map_lookup_elem(&jvmevent_stack, &key);
 	if (!e)
 	{
-		cw_bpf_debug("[Go] [uprobe/setNodeReturn]: conot get event");
+		// cw_bpf_debug("[Go] [uprobe/setNodeReturn]: conot get event");
 		return 0;
 	}
 	__builtin_memset(e, 0, sizeof(*e));
@@ -142,7 +142,7 @@ int setNodeReturn(struct pt_regs *ctx)
 	// ------- 获取 class_name 和 methed_name  Start
 	__u64 class_name_len;
     bpf_probe_read_user(&class_name_len, sizeof(class_name_len), (void *)(PT_REGS_SP(ctx) + 8));  
-	cw_bpf_debug("[Go] [uprobe/setNodeReturn]: e->class_name_len: %lld", class_name_len);
+	// cw_bpf_debug("[Go] [uprobe/setNodeReturn]: e->class_name_len: %lld", class_name_len);
 
 	void *rdx_ptr = (void *)PT_REGS_PARM3(ctx);
 
@@ -150,7 +150,7 @@ int setNodeReturn(struct pt_regs *ctx)
     if (bpf_probe_read(&class_name_ptr, sizeof(class_name_ptr), rdx_ptr)) {
         // return 1;
     }
-	cw_bpf_debug("[Go] [uprobe/setNodeReturn]: e->class_name_ptr: %llx", class_name_ptr);
+	// cw_bpf_debug("[Go] [uprobe/setNodeReturn]: e->class_name_ptr: %llx", class_name_ptr);
 
 	if (class_name_len >= 100) {
 		class_name_len = 99;
@@ -162,11 +162,11 @@ int setNodeReturn(struct pt_regs *ctx)
     bpf_probe_read(e->class_name, sizeof(e->class_name), class_name_ptr + 16); 
 	// e->class_name[class_name_len] = '\0';
 
-	cw_bpf_debug("[Go] [uprobe/setNodeReturn]: e->class_name: %s", e->class_name);
+	// cw_bpf_debug("[Go] [uprobe/setNodeReturn]: e->class_name: %s", e->class_name);
 
 	__u64 methed_name_len;
 	bpf_probe_read_user(&methed_name_len, sizeof(methed_name_len), (void *)(PT_REGS_SP(ctx) + 16)); 
-	cw_bpf_debug("[Go] [uprobe/setNodeReturn]: e->methed_name_len: %lld", methed_name_len);
+	// cw_bpf_debug("[Go] [uprobe/setNodeReturn]: e->methed_name_len: %lld", methed_name_len);
 
 	void *rcx_ptr = (void *)PT_REGS_PARM4(ctx);
 
@@ -174,7 +174,7 @@ int setNodeReturn(struct pt_regs *ctx)
     if (bpf_probe_read(&methed_name_ptr, sizeof(methed_name_ptr), rcx_ptr)) {
         // return 1;
     }
-	cw_bpf_debug("[Go] [uprobe/setNodeReturn]: e->methed_name_ptr: %llx", methed_name_ptr);
+	// cw_bpf_debug("[Go] [uprobe/setNodeReturn]: e->methed_name_ptr: %llx", methed_name_ptr);
 
 	if (methed_name_len >= 100) {
 		methed_name_len = 99;
@@ -185,7 +185,7 @@ int setNodeReturn(struct pt_regs *ctx)
     bpf_probe_read(e->methed_name, sizeof(e->methed_name), methed_name_ptr + 16); 
 	// e->methed_name[methed_name_len] = '\0';
 
-	cw_bpf_debug("[Go] [uprobe/setNodeReturn]: e->methed_name: %s", e->methed_name);
+	// cw_bpf_debug("[Go] [uprobe/setNodeReturn]: e->methed_name: %s", e->methed_name);
 
 	// ------- 获取 class_name 和 methed_name End
 
@@ -198,10 +198,10 @@ int setNodeReturn(struct pt_regs *ctx)
 	e->bp = (__u64)PT_REGS_PARM6(ctx);
 	e->time_ns_end = bpf_ktime_get_ns();
 
-	cw_bpf_debug("[Go] [uprobe/setNodeReturn]: e->caller_bp: %llu", e->caller_bp);
-	cw_bpf_debug("[Go] [uprobe/setNodeReturn]: e->bp: %llu", e->bp);
-	cw_bpf_debug("[Go] [uprobe/setNodeReturn]: e->ip: %d", e->ip);
-	cw_bpf_debug("[Go] [uprobe/setNodeReturn]: yes");
+	// cw_bpf_debug("[Go] [uprobe/setNodeReturn]: e->caller_bp: %llu", e->caller_bp);
+	// cw_bpf_debug("[Go] [uprobe/setNodeReturn]: e->bp: %llu", e->bp);
+	// cw_bpf_debug("[Go] [uprobe/setNodeReturn]: e->ip: %d", e->ip);
+	// cw_bpf_debug("[Go] [uprobe/setNodeReturn]: yes");
 
 	struct jvm_trace_stack_entry_key_t trace_key = {};
 	trace_key.caller_bp = e->caller_bp;
@@ -209,40 +209,40 @@ int setNodeReturn(struct pt_regs *ctx)
 	trace_key.pid = pid;
 	trace_key.trace_id = trace_id;
 
-	cw_bpf_debug("[Go] [uprobe/setNodeReturn]: trace_keytrace_keytrace_key: trace_id: %llu", trace_key.trace_id);
-	cw_bpf_debug("[Go] [uprobe/setNodeReturn]: trace_keytrace_keytrace_key: caller_bp: %llu, bp: %llu, pid: %lld", trace_key.caller_bp, trace_key.bp, trace_key.pid);
+	// cw_bpf_debug("[Go] [uprobe/setNodeReturn]: trace_keytrace_keytrace_key: trace_id: %llu", trace_key.trace_id);
+	// cw_bpf_debug("[Go] [uprobe/setNodeReturn]: trace_keytrace_keytrace_key: caller_bp: %llu, bp: %llu, pid: %lld", trace_key.caller_bp, trace_key.bp, trace_key.pid);
 	
 	struct event *event_p = bpf_map_lookup_elem(&jvmwww_trace_stack_entry, &trace_key);
 
 	if (event_p) {
-		cw_bpf_debug("[Go] [uprobe/setNodeReturn---]:Error get alike funEntry %x, %d, %d", event_p->ip, event_p->caller_bp, event_p->bp);
+		// cw_bpf_debug("[Go] [uprobe/setNodeReturn---]:Error get alike funEntry %x, %d, %d", event_p->ip, event_p->caller_bp, event_p->bp);
 		// return 0;
 	} else {
-		cw_bpf_debug("[Go] [uprobe/setNodeReturn+++]:Error get alike funEntry");
+		// cw_bpf_debug("[Go] [uprobe/setNodeReturn+++]:Error get alike funEntry");
 	}
 
 	if (!event_p) {
-		cw_bpf_debug("[Go] [uprobe/setNodeReturn]:ErrorErrorErrorError Not get funEntry");
+		// cw_bpf_debug("[Go] [uprobe/setNodeReturn]:ErrorErrorErrorError Not get funEntry");
 		return 0;
 	}
 
-	cw_bpf_debug("[Go] [uprobe/setNodeReturn]: ent:event: location:%d,ip:%x,time_ns_start:%llu\n", event_p->location, event_p->ip, event_p->time_ns_start);
-	cw_bpf_debug("[Go] [uprobe/setNodeReturn]: ent:event: bp:%d,caller_bp:%d,caller_ip:%llu\n", event_p->caller_bp, event_p->bp, event_p->trace_id);
+	// cw_bpf_debug("[Go] [uprobe/setNodeReturn]: ent:event: location:%d,ip:%x,time_ns_start:%llu\n", event_p->location, event_p->ip, event_p->time_ns_start);
+	// cw_bpf_debug("[Go] [uprobe/setNodeReturn]: ent:event: bp:%d,caller_bp:%d,caller_ip:%llu\n", event_p->caller_bp, event_p->bp, event_p->trace_id);
 
 	e->time_ns_start = event_p->time_ns_start;
 	
-	cw_bpf_debug("[Go] [uprobe/setNodeReturn]: ent:event_ret push: event_p->ip:%llx,ip:%llx\n", event_p->ip, e->ip);
+	// cw_bpf_debug("[Go] [uprobe/setNodeReturn]: ent:event_ret push: event_p->ip:%llx,ip:%llx\n", event_p->ip, e->ip);
 	long err =  bpf_perf_event_output(ctx, &event_queue, BPF_F_CURRENT_CPU, e, sizeof(*e));
 	if (err == 0) {
 		__u32 count = cw_add_event_count(trace_id);
 		if (event_p->trace_id != trace_id) {
-			cw_bpf_debug("[pref] fuck err<%d> ip->%x->%x", err, PT_REGS_IP(ctx), e->ip);
+			// cw_bpf_debug("[pref] fuck err<%d> ip->%x->%x", err, PT_REGS_IP(ctx), e->ip);
 		}
-		cw_bpf_debug("[pref] err<%d> count->%d trace_id->%llu", err, count, trace_id);
+		// cw_bpf_debug("[pref] err<%d> count->%d trace_id->%llu", err, count, trace_id);
 	} else {
-		cw_bpf_debug("[pref] err<%d> trace_id->%d", err, trace_id);
+		// cw_bpf_debug("[pref] err<%d> trace_id->%d", err, trace_id);
 	}
 	bpf_map_delete_elem(&jvmwww_trace_stack_entry, &trace_key);
-	cw_bpf_debug("[Go] [uprobe/setNodeReturn] end");
+	// cw_bpf_debug("[Go] [uprobe/setNodeReturn] end");
 	return 1;
 }

ebpftracer/ebpf/utrace/go/net/server.probe.bpf.c

@@ -318,7 +318,7 @@ static __always_inline char *get_header_val(struct map_bucket *map_value,u32 off
 				long res = bpf_probe_read(&traceparent_header_value_go_str, sizeof(traceparent_header_value_go_str),
 				                          traceparent_header_value_ptr);
 				if (res == 0) {
-					cw_bpf_debug("get_header_val %d-%d %s",off,count,traceparent_header_value_go_str.str);
+					// cw_bpf_debug("get_header_val %d-%d %s",off,count,traceparent_header_value_go_str.str);
 					return traceparent_header_value_go_str.str;
 				}
 			}
@@ -347,14 +347,14 @@ static __always_inline char *get_header_val_off(struct map_bucket *map_value) {
 // func (sh serverHandler) ServeHTTP(rw ResponseWriter, req *Request)
 SEC("uprobe/HandlerFunc_ServeHTTP")
 int uprobe_HandlerFunc_ServeHTTP(struct pt_regs *ctx) {
-	cw_bpf_debug("[uprobe_HandlerFunc_ServeHTTP]");
+	// cw_bpf_debug("[uprobe_HandlerFunc_ServeHTTP]");
 	__u64 pid_tgid = bpf_get_current_pid_tgid();
 	__u32 tgid = pid_tgid >> 32;
 	struct ebpf_proc_info *proc_info =
 			bpf_map_lookup_elem(&proc_info_map, &tgid);
     if(!proc_info)
     {
-	    cw_bpf_debug("[uprobe_HandlerFunc_ServeHTTP] no proc info");
+	    // cw_bpf_debug("[uprobe_HandlerFunc_ServeHTTP] no proc info");
         return 0;
     }
 
@@ -362,14 +362,14 @@ int uprobe_HandlerFunc_ServeHTTP(struct pt_regs *ctx) {
 	void *key = get_consistent_key(ctx, req_ctx_ptr);
 	void *httpReq_ptr = bpf_map_lookup_elem(&http_server_uprobes, &key);
 	if (httpReq_ptr != NULL) {
-		cw_bpf_debug("uprobe/HandlerFunc_ServeHTTP already tracked with the current request");
+		// cw_bpf_debug("uprobe/HandlerFunc_ServeHTTP already tracked with the current request");
 		return 0;
 	}
 	
 	u32 map_id = 0;
 	struct uprobe_data_t *uprobe_data = bpf_map_lookup_elem(&http_server_uprobe_storage_map, &map_id);
 	if (uprobe_data == NULL) {
-		cw_bpf_debug("uprobe/HandlerFunc_ServeHTTP: http_server_span is NULL");
+		// cw_bpf_debug("uprobe/HandlerFunc_ServeHTTP: http_server_span is NULL");
 		return 0;
 	}
 
@@ -393,7 +393,7 @@ int uprobe_HandlerFunc_ServeHTTP(struct pt_regs *ctx) {
 	char * traceparent_header_value = get_header_val_off(map_bucket_p);
 
 	if (traceparent_header_value != NULL) {
-		cw_bpf_debug("traceparent_header_value != NULL");
+		// cw_bpf_debug("traceparent_header_value != NULL");
 		struct apm_span_context *cw_parent_span_context = bpf_map_lookup_elem(&cw_parent_span_context_storage_map, &map_id);
 		if (!cw_parent_span_context) {
 			return 0;
@@ -408,7 +408,7 @@ int uprobe_HandlerFunc_ServeHTTP(struct pt_regs *ctx) {
 		generate_random_bytes(http_server_span->sc.SpanID, SPAN_ID_SIZE);
 		cw_save_parent_tracking_span(cw_parent_span_context);
 	} else {
-		cw_bpf_debug("traceparent_header_value == NULL");
+		// cw_bpf_debug("traceparent_header_value == NULL");
 		http_server_span->sc = generate_span_context();
 
 		struct apm_span_context *cw_parent_span_context = bpf_map_lookup_elem(&cw_parent_span_context_storage_map, &map_id);
@@ -452,7 +452,7 @@ int uprobe_HandlerFunc_ServeHTTP(struct pt_regs *ctx) {
 // func (sh serverHandler) ServeHTTP(rw ResponseWriter, req *Request)
 SEC("uprobe/HandlerFunc_ServeHTTP")
 int uprobe_HandlerFunc_ServeHTTP_Returns(struct pt_regs *ctx) {
-	cw_bpf_debug("[uprobe_HandlerFunc_ServeHTTP_Returns]");
+	// cw_bpf_debug("[uprobe_HandlerFunc_ServeHTTP_Returns]");
 //	u64 end_time = bpf_ktime_get_ns();
 	__u64 pid_tgid = bpf_get_current_pid_tgid();
 	__u32 tgid = pid_tgid >> 32;
@@ -468,7 +468,7 @@ int uprobe_HandlerFunc_ServeHTTP_Returns(struct pt_regs *ctx) {
 
 	struct uprobe_data_t *uprobe_data = bpf_map_lookup_elem(&http_server_uprobes, &key);
 	if (uprobe_data == NULL) {
-		cw_bpf_debug("uprobe/HandlerFunc_ServeHTTP_Returns: entry_state is NULL");
+		// cw_bpf_debug("uprobe/HandlerFunc_ServeHTTP_Returns: entry_state is NULL");
 		return 0;
 	}
 	bpf_map_delete_elem(&http_server_uprobes, &key);
@@ -502,6 +502,6 @@ int uprobe_HandlerFunc_ServeHTTP_Returns(struct pt_regs *ctx) {
 
 
 	clear_parent_span_context();
-	cw_bpf_debug("HTTP_END");
+	// cw_bpf_debug("HTTP_END");
 	return 0;
 }

ebpftracer/ebpf/utrace/go/net/stack.probe.bpf.c

@@ -71,7 +71,7 @@ struct bpf_map_def SEC("maps") should_trace_goid = {
 SEC("uprobe/ent")
 int ent(struct pt_regs *ctx)
 {
-    cw_bpf_debug("[Go] [uprobe/ent] enter");
+    // cw_bpf_debug("[Go] [uprobe/ent] enter");
 	__u64 pid_tgid = bpf_get_current_pid_tgid();
     __u64 pid = pid_tgid >> 32;
 
@@ -81,18 +81,18 @@ int ent(struct pt_regs *ctx)
 		return 0;
 	}
 
-	cw_bpf_debug("[Go] [uprobe/ent]: proc_info_map::%ld, %d, %d\n", info->code_type);
+	// cw_bpf_debug("[Go] [uprobe/ent]: proc_info_map::%ld, %d, %d\n", info->code_type);
 
 	__u64 trace_id = get_apm_trace_id(pid, pid_tgid);
 
-	cw_bpf_debug("[Go] [uprobe/ent]: get_apm_trace_id::%ld, %d, %d\n", trace_id, pid, pid_tgid);
-	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][ent][HTTP]pid:[%d]--[%lld]--[%x]", pid_tgid, bpf_ktime_get_ns(), PT_REGS_IP(ctx));
+	// cw_bpf_debug("[Go] [uprobe/ent]: get_apm_trace_id::%ld, %d, %d\n", trace_id, pid, pid_tgid);
+	// cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][ent][HTTP]pid:[%d]--[%lld]--[%x]", pid_tgid, bpf_ktime_get_ns(), PT_REGS_IP(ctx));
 
 	__u32 key = 0;
 	struct event *e = bpf_map_lookup_elem(&event_stack, &key);
 	if (!e)
 	{
-		cw_bpf_debug("[Go] [uprobe/ret]: conot get event");
+		// cw_bpf_debug("[Go] [uprobe/ret]: conot get event");
 		return 0;
 	}
 	__builtin_memset(e, 0, sizeof(*e));
@@ -107,9 +107,9 @@ int ent(struct pt_regs *ctx)
 		__u64 should_trace = true;
 		bpf_map_update_elem(&should_trace_goid, &e->goid, &should_trace, BPF_ANY);
 	}
-	cw_bpf_debug("[Go] [uprobe/ent]: e->goid: %llu", e->goid);
-	cw_bpf_debug("[Go] [uprobe/ent]: e->ip: %d", e->ip);
-	cw_bpf_debug("[Go] [uprobe/ent]: yes");
+	// cw_bpf_debug("[Go] [uprobe/ent]: e->goid: %llu", e->goid);
+	// cw_bpf_debug("[Go] [uprobe/ent]: e->ip: %d", e->ip);
+	// cw_bpf_debug("[Go] [uprobe/ent]: yes");
 
 	e->pid = pid;
 	e->trace_id = trace_id;
@@ -122,10 +122,10 @@ int ent(struct pt_regs *ctx)
 	ra = (void *)PT_REGS_SP(ctx); // 父函数的 sp，此时 sp 指向父函数的最后一个地址
 	bpf_probe_read_user(&e->caller_ip, sizeof(e->caller_ip), ra);
 
-	cw_bpf_debug("[Go] [uprobe/ent]: goid: %llu", e->goid);
+	// cw_bpf_debug("[Go] [uprobe/ent]: goid: %llu", e->goid);
 
-	cw_bpf_debug("[Go] [uprobe/ent]: event: location:%x,ip:%lx,time_ns_start:%llu\n", e->location, e->ip, e->time_ns_start);
-	cw_bpf_debug("[Go] [uprobe/ent]: event: bp:%x,caller_bp:%x,caller_ip:%x\n", e->bp,e->caller_bp,e->caller_ip);
+	// cw_bpf_debug("[Go] [uprobe/ent]: event: location:%x,ip:%lx,time_ns_start:%llu\n", e->location, e->ip, e->time_ns_start);
+	// cw_bpf_debug("[Go] [uprobe/ent]: event: bp:%x,caller_bp:%x,caller_ip:%x\n", e->bp,e->caller_bp,e->caller_ip);
 
 	struct trace_stack_entry_key_t trace_key = {};
 	trace_key.caller_bp = e->caller_bp % 0x800 + (e->goid << 12);
@@ -135,12 +135,12 @@ int ent(struct pt_regs *ctx)
 	// trace_key.caller_bp = e->caller_bp;
 	// trace_key.bp = e->bp;
 	// cw_bpf_debug("[Go] [uprobe/ent]: trace_keytrace_keytrace_key: bp: %x", trace_key.bp);
-	cw_bpf_debug("[Go] [uprobe/ent]: trace_keytrace_keytrace_key: caller_bp: %x, bp: %x, %lld", trace_key.caller_bp, trace_key.bp, trace_key.trace_id);
+	// cw_bpf_debug("[Go] [uprobe/ent]: trace_keytrace_keytrace_key: caller_bp: %x, bp: %x, %lld", trace_key.caller_bp, trace_key.bp, trace_key.trace_id);
 
 	struct event *event_p = bpf_map_lookup_elem(&trace_stack_entry, &trace_key);
 
 	if (event_p) {
-		cw_bpf_debug("[Go] [uprobe/ent]:Error get alike funEntry %x, %x, %x", event_p->ip, event_p->caller_bp, event_p->bp);
+		// cw_bpf_debug("[Go] [uprobe/ent]:Error get alike funEntry %x, %x, %x", event_p->ip, event_p->caller_bp, event_p->bp);
 		// return 0;
 	}
 
@@ -160,14 +160,14 @@ int ent(struct pt_regs *ctx)
 	// return bpf_map_push_elem(&event_queue, e, BPF_EXIST);
 	// bpf_perf_event_output(ctx, &event_queue, BPF_F_CURRENT_CPU, e, sizeof(*e));
 
-	cw_bpf_debug("[Go] [uprobe/ent] end");
+	// cw_bpf_debug("[Go] [uprobe/ent] end");
 	return 1;
 }
 
 SEC("uprobe/ret")
 int ret(struct pt_regs *ctx)
 {
-    cw_bpf_debug("[Go] [uprobe/ret] enter");
+    // cw_bpf_debug("[Go] [uprobe/ret] enter");
 	__u64 pid_tgid = bpf_get_current_pid_tgid();
     __u64 pid = pid_tgid >> 32;
 
@@ -177,7 +177,7 @@ int ret(struct pt_regs *ctx)
 	struct event *e = bpf_map_lookup_elem(&event_stack, &key);
 	if (!e)
 	{
-		cw_bpf_debug("[Go] [uprobe/ret]: conot get event");
+		// cw_bpf_debug("[Go] [uprobe/ret]: conot get event");
 		return 0;
 	}
 	__builtin_memset(e, 0, sizeof(*e));
@@ -186,10 +186,10 @@ int ret(struct pt_regs *ctx)
 	e->goid = get_current_goroutine();
 	if (!bpf_map_lookup_elem(&should_trace_goid, &e->goid))
 	{
-		cw_bpf_debug("[Go] [uprobe/ret]: conot get event: %llu", e->goid);
+		// cw_bpf_debug("[Go] [uprobe/ret]: conot get event: %llu", e->goid);
 		return 0;
 	}
-	cw_bpf_debug("[Go] [uprobe/ret]: yes");
+	// cw_bpf_debug("[Go] [uprobe/ret]: yes");
 	e->pid = pid;
 	e->trace_id = trace_id;
 	e->location = ENTPOINT;
@@ -199,10 +199,10 @@ int ret(struct pt_regs *ctx)
 	e->caller_bp = PT_REGS_FP(ctx);
 
 	// __u64 caller_bp = PT_REGS_FP(ctx);
-	cw_bpf_debug("[Go] [uprobe/ret]: e->ip:%lx,bp:%x,caller_bp:%x", e->ip, e->bp, e->caller_bp);
-	cw_bpf_debug("[Go] [uprobe/ret]: sp:%x, goid: %llu, goid:0x:%x", PT_REGS_SP(ctx), e->goid, e->goid);
+	// cw_bpf_debug("[Go] [uprobe/ret]: e->ip:%lx,bp:%x,caller_bp:%x", e->ip, e->bp, e->caller_bp);
+	// cw_bpf_debug("[Go] [uprobe/ret]: sp:%x, goid: %llu, goid:0x:%x", PT_REGS_SP(ctx), e->goid, e->goid);
 
-	cw_bpf_debug("[Go] [uprobe/ret]: event: location:%x,ip:%x,time_ns_end:%llu\n", e->location, e->ip, e->time_ns_end);
+	// cw_bpf_debug("[Go] [uprobe/ret]: event: location:%x,ip:%x,time_ns_end:%llu\n", e->location, e->ip, e->time_ns_end);
 
 	struct trace_stack_entry_key_t trace_key = {};
 	trace_key.caller_bp = e->caller_bp % 0x800 + (e->goid << 12);
@@ -212,46 +212,46 @@ int ret(struct pt_regs *ctx)
 	// trace_key.caller_bp = caller_bp;
 	// trace_key.bp = e->bp;
 
-	cw_bpf_debug("[Go] [uprobe/ret]: trace_keytrace_keytrace_key: caller_bp: %x, bp: %x", trace_key.caller_bp, trace_key.bp);
+	// cw_bpf_debug("[Go] [uprobe/ret]: trace_keytrace_keytrace_key: caller_bp: %x, bp: %x", trace_key.caller_bp, trace_key.bp);
 	// cw_bpf_debug("[Go] [uprobe/ret]: trace_keytrace_keytrace_key: bp: %x", trace_key.bp);
 
 	struct event *event_p = bpf_map_lookup_elem(&trace_stack_entry, &trace_key);
 
 	if (!event_p) {
-		cw_bpf_debug("[Go] [uprobe/ret]:ErrorErrorErrorError Not get funEntry");
+		// cw_bpf_debug("[Go] [uprobe/ret]:ErrorErrorErrorError Not get funEntry");
 		return 0;
 	}
 
 	event_p->time_ns_end = e->time_ns_end;
 
-	cw_bpf_debug("[Go] [uprobe/ret]: ent:event: location:%d,ip:%x,time_ns_start:%llu\n", event_p->location, event_p->ip, event_p->time_ns_start);
-	cw_bpf_debug("[Go] [uprobe/ret]: ent:event: bp:%x,caller_bp:%x,caller_ip:%x\n", event_p->bp,event_p->caller_bp,event_p->caller_ip);
+	// cw_bpf_debug("[Go] [uprobe/ret]: ent:event: location:%d,ip:%x,time_ns_start:%llu\n", event_p->location, event_p->ip, event_p->time_ns_start);
+	// cw_bpf_debug("[Go] [uprobe/ret]: ent:event: bp:%x,caller_bp:%x,caller_ip:%x\n", event_p->bp,event_p->caller_bp,event_p->caller_ip);
 
 	e->time_ns_start = event_p->time_ns_start;
 	// e->caller_ip = event_p->caller_ip;
 	// e->ip = event_p->ip;
 	
 	// return bpf_map_push_elem(&event_queue, e, BPF_EXIST);
-	cw_bpf_debug("[Go] [uprobe/ret]: ent:event_ret push: event_p->ip:%llx,ip:%llx\n", event_p->ip, e->ip);
+	// cw_bpf_debug("[Go] [uprobe/ret]: ent:event_ret push: event_p->ip:%llx,ip:%llx\n", event_p->ip, e->ip);
 	long err =  bpf_perf_event_output(ctx, &event_queue, BPF_F_CURRENT_CPU, e, sizeof(*e));
 	if (err == 0) {
 		__u32 count = cw_add_event_count(trace_id);
 		if (event_p->trace_id != trace_id) {
-			cw_bpf_debug("[pref] fuck err<%d> ip->%x->%x", err, PT_REGS_IP(ctx), e->ip);
+			// cw_bpf_debug("[pref] fuck err<%d> ip->%x->%x", err, PT_REGS_IP(ctx), e->ip);
 		}
-		cw_bpf_debug("[pref] err<%d> count->%d trace_id->%llu", err, count, trace_id);
+		// cw_bpf_debug("[pref] err<%d> count->%d trace_id->%llu", err, count, trace_id);
 	} else {
-		cw_bpf_debug("[pref] err<%d> trace_id->%d", err, trace_id);
+		// cw_bpf_debug("[pref] err<%d> trace_id->%d", err, trace_id);
 	}
 	bpf_map_delete_elem(&trace_stack_entry, &trace_key);
-	cw_bpf_debug("[Go] [uprobe/ret] end");
+	// cw_bpf_debug("[Go] [uprobe/ret] end");
 	return 1;
 }
 
 SEC("uprobe/dotnetent")
 int dotnetent(struct pt_regs *ctx)
 {
-    cw_bpf_debug("[Go] [uprobe/ent] enter");
+    // cw_bpf_debug("[Go] [uprobe/ent] enter");
 	__u64 pid_tgid = bpf_get_current_pid_tgid();
     __u64 pid = pid_tgid >> 32;
 
@@ -261,18 +261,18 @@ int dotnetent(struct pt_regs *ctx)
 		return 0;
 	}
 
-	cw_bpf_debug("[Go] [uprobe/ent]: proc_info_map::%ld, %d, %d\n", info->code_type);
+	// cw_bpf_debug("[Go] [uprobe/ent]: proc_info_map::%ld, %d, %d\n", info->code_type);
 
 	__u64 trace_id = get_apm_trace_id(pid, pid_tgid);
 	
-	cw_bpf_debug("[Go] [uprobe/ent]: get_apm_trace_id::%ld, %d, %d\n", trace_id, pid, pid_tgid);
-	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][ent][HTTP]pid:[%d]--[%lld]--[%x]", pid_tgid, bpf_ktime_get_ns(), PT_REGS_IP(ctx));
+	// cw_bpf_debug("[Go] [uprobe/ent]: get_apm_trace_id::%ld, %d, %d\n", trace_id, pid, pid_tgid);
+	// cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][ent][HTTP]pid:[%d]--[%lld]--[%x]", pid_tgid, bpf_ktime_get_ns(), PT_REGS_IP(ctx));
 
 	__u32 key = 0;
 	struct event *e = bpf_map_lookup_elem(&event_stack, &key);
 	if (!e)
 	{
-		cw_bpf_debug("[Go] [uprobe/ret]: conot get event");
+		// cw_bpf_debug("[Go] [uprobe/ret]: conot get event");
 		return 0;
 	}
 	__builtin_memset(e, 0, sizeof(*e));
@@ -287,15 +287,15 @@ int dotnetent(struct pt_regs *ctx)
 		__u64 should_trace = true;
 		bpf_map_update_elem(&should_trace_goid, &e->goid, &should_trace, BPF_ANY);
 	}
-	cw_bpf_debug("[Go] [uprobe/ent]: e->goid: %llu", e->goid);
-	cw_bpf_debug("[Go] [uprobe/ent]: e->ip: %d", e->ip);
-	cw_bpf_debug("[Go] [uprobe/ent]: yes");
+	// cw_bpf_debug("[Go] [uprobe/ent]: e->goid: %llu", e->goid);
+	// cw_bpf_debug("[Go] [uprobe/ent]: e->ip: %d", e->ip);
+	// cw_bpf_debug("[Go] [uprobe/ent]: yes");
 
 	__u64 asm_;
 	bpf_probe_read_user(&asm_, sizeof(asm_), (void*)e->ip);
 
 	asm_ = asm_ >> 32;
-	cw_bpf_debug("[Go] [uprobe/ent]: e->asm: %x", asm_);
+	// cw_bpf_debug("[Go] [uprobe/ent]: e->asm: %x", asm_);
 
 	e->pid = pid;
 	e->trace_id = trace_id;
@@ -308,10 +308,10 @@ int dotnetent(struct pt_regs *ctx)
 	ra = (void *)PT_REGS_SP(ctx); // 父函数的 sp，此时 sp 指向父函数的最后一个地址
 	bpf_probe_read_user(&e->caller_ip, sizeof(e->caller_ip), ra);
 
-	cw_bpf_debug("[Go] [uprobe/ent]: goid: %llu", e->goid);
+	// cw_bpf_debug("[Go] [uprobe/ent]: goid: %llu", e->goid);
 
-	cw_bpf_debug("[Go] [uprobe/ent]: event: location:%x,ip:%lx,time_ns_start:%lld\n", e->location, e->ip, e->time_ns_start);
-	cw_bpf_debug("[Go] [uprobe/ent]: event: bp:%x,caller_bp:%x,caller_ip:%x\n", e->bp,e->caller_bp,e->caller_ip);
+	// cw_bpf_debug("[Go] [uprobe/ent]: event: location:%x,ip:%lx,time_ns_start:%lld\n", e->location, e->ip, e->time_ns_start);
+	// cw_bpf_debug("[Go] [uprobe/ent]: event: bp:%x,caller_bp:%x,caller_ip:%x\n", e->bp,e->caller_bp,e->caller_ip);
 
 	struct trace_stack_entry_key_t trace_key = {};
 	trace_key.caller_bp = e->caller_bp % 0x800 + (e->goid << 12);
@@ -321,7 +321,7 @@ int dotnetent(struct pt_regs *ctx)
 	// trace_key.caller_bp = e->caller_bp;
 	// trace_key.bp = e->bp;
 	// cw_bpf_debug("[Go] [uprobe/ent]: trace_keytrace_keytrace_key: bp: %x", trace_key.bp);
-	cw_bpf_debug("[Go] [uprobe/ent]: trace_keytrace_keytrace_key: caller_bp: %x, bp: %x", trace_key.caller_bp, trace_key.bp);
+	// cw_bpf_debug("[Go] [uprobe/ent]: trace_keytrace_keytrace_key: caller_bp: %x, bp: %x", trace_key.caller_bp, trace_key.bp);
 
 	struct event event_current = {};
 	event_current.bp = e->bp,
@@ -339,44 +339,44 @@ int dotnetent(struct pt_regs *ctx)
 	// return bpf_map_push_elem(&event_queue, e, BPF_EXIST);
 	// bpf_perf_event_output(ctx, &event_queue, BPF_F_CURRENT_CPU, e, sizeof(*e));
 
-	cw_bpf_debug("[Go] [uprobe/ent] end");
+	// cw_bpf_debug("[Go] [uprobe/ent] end");
 	return 1;
 }
 
 SEC("uprobe/SocketConnectionStartStart")
 int SocketConnectionStartStart(struct pt_regs *ctx)
 {
-	cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart] enter");
+	// cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart] enter");
 	__u64 pid_tgid = bpf_get_current_pid_tgid();
     __u64 pid = pid_tgid >> 32;
 
 	__u64 rdi_ptr = (__u64)PT_REGS_PARM1(ctx);
 	// __u64 rdi_ptr_long = (__u64)rdi_ptr;
 
-	cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart]: rdi_ptr:: %llx\n", rdi_ptr);
+	// cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart]: rdi_ptr:: %llx\n", rdi_ptr);
 	// cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart]: rdi_ptr:: %llx\n", rdi_ptr_long);
-	cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
-	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][SocketConnectionStartStart][HTTP]pid:[%d]--[%lld]--request[%llx]", pid_tgid, bpf_ktime_get_ns(), rdi_ptr);
+	// cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+	// cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][SocketConnectionStartStart][HTTP]pid:[%d]--[%lld]--request[%llx]", pid_tgid, bpf_ktime_get_ns(), rdi_ptr);
 
 	// 维护 pid 与 connection 的关系
 	int num = 1;
 	struct pid_of_connection_ptr_key_t *pre_e = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
 	if (pre_e) {
-		cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart]getget: rdi_ptr:: %llx -> %d\n", pre_e->connection_ptr, pre_e->num);
+		// cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart]getget: rdi_ptr:: %llx -> %d\n", pre_e->connection_ptr, pre_e->num);
 		num = pre_e->num + 1;
 	}
 	struct pid_of_connection_ptr_key_t connection_ptr_key = {};
 	connection_ptr_key.num = num;
 	connection_ptr_key.connection_ptr = rdi_ptr;
 	bpf_map_update_elem(&pid_of_connection_ptr_maps, &pid, &connection_ptr_key, BPF_ANY);
-	cw_bpf_debug("[Go] [uprobeThread/insert/SocketConnectionStartStart]getget: rdi_ptr:: %d -> %llx\n", pid, rdi_ptr);
+	// cw_bpf_debug("[Go] [uprobeThread/insert/SocketConnectionStartStart]getget: rdi_ptr:: %d -> %llx\n", pid, rdi_ptr);
 
 	struct pid_of_connection_ptr_key_t *e = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
 	if (!e) {
-		cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart]getget: ErrorErrorErrorError rdi_ptr\n");
+		// cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart]getget: ErrorErrorErrorError rdi_ptr\n");
 		return 0;
 	}
-	cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart]getget: rdi_ptr:: %llx -> %d\n", e->connection_ptr, e->num);
+	// cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart]getget: rdi_ptr:: %llx -> %d\n", e->connection_ptr, e->num);
 	// 维护 pid 与 connection 的关系
 
 
@@ -386,7 +386,7 @@ int SocketConnectionStartStart(struct pt_regs *ctx)
 	bpf_probe_read_user(&asm_, sizeof(asm_), (void*)ip);
 
 	asm_ = asm_ >> 32;
-	cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart/ent]: e->asm: %x", asm_);
+	// cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart/ent]: e->asm: %x", asm_);
 
 	__u64 bp = PT_REGS_SP(ctx);
 	// __u64 bp = PT_REGS_SP(ctx) + asm_;
@@ -397,8 +397,8 @@ int SocketConnectionStartStart(struct pt_regs *ctx)
 	trace_key.bp = bp;
 	trace_key.trace_id = 0;
 
-	cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart/ent]: trace_keytrace_keytrace_key: rbp: %x, rbp: %x, rip:%x", PT_REGS_FP(ctx), PT_REGS_SP(ctx), PT_REGS_IP(ctx));
-	cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart/ent]: trace_keytrace_keytrace_key: caller_bp: %x, bp: %x", trace_key.caller_bp, trace_key.bp);
+	// cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart/ent]: trace_keytrace_keytrace_key: rbp: %x, rbp: %x, rip:%x", PT_REGS_FP(ctx), PT_REGS_SP(ctx), PT_REGS_IP(ctx));
+	// cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart/ent]: trace_keytrace_keytrace_key: caller_bp: %x, bp: %x", trace_key.caller_bp, trace_key.bp);
 
 	bpf_map_update_elem(&trace_stack_entry_thread, &trace_key, &pid, BPF_ANY);
 	// 维护函数出入口，用于关闭 当前 Connection 与线程的关系
@@ -409,12 +409,12 @@ int SocketConnectionStartStart(struct pt_regs *ctx)
 SEC("uprobe/SocketConnectionStartEnd")
 int SocketConnectionStartEnd(struct pt_regs *ctx)
 {
-	cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartEnd] enter");
+	// cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartEnd] enter");
 	__u64 pid_tgid = bpf_get_current_pid_tgid();
     __u64 pid = pid_tgid >> 32;
 
-	cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartEnd]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
-	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][SocketConnectionStartEnd][HTTP]pid:[%d]--[%lld]", pid_tgid, bpf_ktime_get_ns());
+	// cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartEnd]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+	// cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][SocketConnectionStartEnd][HTTP]pid:[%d]--[%lld]", pid_tgid, bpf_ktime_get_ns());
 
 
 	// 维护函数出入口，用于关闭 当前 Connection 与线程的关系
@@ -427,28 +427,28 @@ int SocketConnectionStartEnd(struct pt_regs *ctx)
 	trace_key.bp = bp;
 	trace_key.trace_id = 0;
 
-	cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartEnd/ent]: trace_keytrace_keytrace_key: rbp: %x, rbp: %x, rip: %x", PT_REGS_FP(ctx), PT_REGS_SP(ctx), PT_REGS_IP(ctx));
-	cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartEnd]: trace_keytrace_keytrace_key: caller_bp: %x, bp: %x", trace_key.caller_bp, trace_key.bp);
+	// cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartEnd/ent]: trace_keytrace_keytrace_key: rbp: %x, rbp: %x, rip: %x", PT_REGS_FP(ctx), PT_REGS_SP(ctx), PT_REGS_IP(ctx));
+	// cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartEnd]: trace_keytrace_keytrace_key: caller_bp: %x, bp: %x", trace_key.caller_bp, trace_key.bp);
 
 	__u64 *pid_p = bpf_map_lookup_elem(&trace_stack_entry_thread, &trace_key);
 
 	if (!pid_p) {
-		cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartEnd]:ErrorErrorErrorError Not get funEntry");
+		// cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartEnd]:ErrorErrorErrorError Not get funEntry");
 		return 0;
 	}
-	cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartEnd]:Delete It: %d", *pid_p);
+	// cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartEnd]:Delete It: %d", *pid_p);
 	bpf_map_delete_elem(&trace_stack_entry_thread, &trace_key);
 
 	// 删除 pid 与 connection 的关系，由于 hook 点可能共用同一个线程，需要维护 num
 	struct pid_of_connection_ptr_key_t *ed_e = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, pid_p);
 	if (ed_e && ed_e->num > 1) {
-		cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartEnd]getget: rdi_ptr:: %llx -> %d\n", ed_e->connection_ptr, ed_e->num);
+		// cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartEnd]getget: rdi_ptr:: %llx -> %d\n", ed_e->connection_ptr, ed_e->num);
 		ed_e->num = ed_e->num - 1;
 		bpf_map_update_elem(&pid_of_connection_ptr_maps, pid_p, ed_e, BPF_ANY);
 	} else {
 		bpf_map_delete_elem(&pid_of_connection_ptr_maps, pid_p);
 	}
-	cw_bpf_debug("[Go] [uprobeThread/delete/SocketConnectionStartEnd]getget: rdi_ptr:: %d\n", *pid_p);
+	// cw_bpf_debug("[Go] [uprobeThread/delete/SocketConnectionStartEnd]getget: rdi_ptr:: %d\n", *pid_p);
 	// 维护函数出入口，用于关闭 当前 Connection 与线程的关系
 	return 1;
 }
@@ -457,35 +457,35 @@ int SocketConnectionStartEnd(struct pt_regs *ctx)
 SEC("uprobe/OnConnectionAsyncStart")
 int OnConnectionAsyncStart(struct pt_regs *ctx)
 {
-	cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncStart] enter");
+	// cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncStart] enter");
 	__u64 pid_tgid = bpf_get_current_pid_tgid();
     __u64 pid = pid_tgid >> 32;
 
 
     __u64 rsi_ptr = (__u64)PT_REGS_PARM2(ctx);  
 
-	cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncStart]: rsi_ptr:: %llx\n", rsi_ptr);
-	cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncStart]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+	// cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncStart]: rsi_ptr:: %llx\n", rsi_ptr);
+	// cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncStart]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
 
 	// 维护 pid 与 connection 的关系
 	int num = 1;
 	struct pid_of_connection_ptr_key_t *pre_e = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
 	if (pre_e) {
-		cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncStart]getget: rdi_ptr:: %llx -> %d\n", pre_e->connection_ptr, pre_e->num);
+		// cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncStart]getget: rdi_ptr:: %llx -> %d\n", pre_e->connection_ptr, pre_e->num);
 		num = pre_e->num + 1;
 	}
 	struct pid_of_connection_ptr_key_t connection_ptr_key = {};
 	connection_ptr_key.num = num;
 	connection_ptr_key.connection_ptr = rsi_ptr;
 	bpf_map_update_elem(&pid_of_connection_ptr_maps, &pid, &connection_ptr_key, BPF_ANY);
-	cw_bpf_debug("[Go] [uprobeThread/insert/OnConnectionAsyncStart]getget: rdi_ptr:: %d -> %llx\n", pid, rsi_ptr);
+	// cw_bpf_debug("[Go] [uprobeThread/insert/OnConnectionAsyncStart]getget: rdi_ptr:: %d -> %llx\n", pid, rsi_ptr);
 
 	struct pid_of_connection_ptr_key_t *e3 = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
 	if (!e3) {
-		cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncStart]getget: ErrorErrorErrorError rsi_ptr3\n");
+		// cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncStart]getget: ErrorErrorErrorError rsi_ptr3\n");
 		return 0;
 	}
-	cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncStart]getget: rsi_ptr3:: %llx -> %d\n", e3->connection_ptr, e3->num);
+	// cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncStart]getget: rsi_ptr3:: %llx -> %d\n", e3->connection_ptr, e3->num);
 	// 维护 pid 与 connection 的关系
 	return 1;
 }
@@ -493,31 +493,31 @@ int OnConnectionAsyncStart(struct pt_regs *ctx)
 SEC("uprobe/OnConnectionAsyncEnd")
 int OnConnectionAsyncEnd(struct pt_regs *ctx)
 {
-	cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncEnd] enter");
+	// cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncEnd] enter");
 	__u64 pid_tgid = bpf_get_current_pid_tgid();
     __u64 pid = pid_tgid >> 32;
 
-	cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncEnd]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
-	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][OnConnectionAsyncEnd][HTTP]pid:[%d]--[%lld]", pid_tgid, bpf_ktime_get_ns());
+	// cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncEnd]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+	// cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][OnConnectionAsyncEnd][HTTP]pid:[%d]--[%lld]", pid_tgid, bpf_ktime_get_ns());
 
 	// 维护 pid 与 connection 的关系
 	__u64 *e3 = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
 	if (!e3) {
-		cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncEnd]getget: rsi_ptr:: %llx\n", *e3);
+		// cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncEnd]getget: rsi_ptr:: %llx\n", *e3);
 		return 0;
 	}
-	cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncEnd]getget: rsi_ptr:: %llx\n", *e3);
+	// cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncEnd]getget: rsi_ptr:: %llx\n", *e3);
 
 	// 删除 pid 与 connection 的关系，由于 hook 点可能共用同一个线程，需要维护 num
 	struct pid_of_connection_ptr_key_t *ed_e = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
 	if (ed_e && ed_e->num > 1) {
-		cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncEnd]getget: rdi_ptr:: %llx -> %d\n", ed_e->connection_ptr, ed_e->num);
+		// cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncEnd]getget: rdi_ptr:: %llx -> %d\n", ed_e->connection_ptr, ed_e->num);
 		ed_e->num = ed_e->num - 1;
 		bpf_map_update_elem(&pid_of_connection_ptr_maps, &pid, ed_e, BPF_ANY);
 	} else {
 		bpf_map_delete_elem(&pid_of_connection_ptr_maps, &pid);
 	}
-	cw_bpf_debug("[Go] [uprobeThread/delete/OnConnectionAsyncEnd]getget: rdi_ptr:: %d\n", pid);
+	// cw_bpf_debug("[Go] [uprobeThread/delete/OnConnectionAsyncEnd]getget: rdi_ptr:: %d\n", pid);
 	// 维护 pid 与 connection 的关系
 	return 1;
 }
@@ -532,33 +532,33 @@ struct {
 SEC("uprobe/SendAsync1Start")
 int SendAsync1Start(struct pt_regs *ctx)
 {
-	cw_bpf_debug("[Go] [uprobeTshread/SendAsync1Start] enter");
+	// cw_bpf_debug("[Go] [uprobeTshread/SendAsync1Start] enter");
 	__u64 pid_tgid = bpf_get_current_pid_tgid();
     __u64 pid = pid_tgid >> 32;
 
 	void *rsi_ptr = (void *)PT_REGS_PARM2(ctx);
 
-	cw_bpf_debug("[Go] [uprobeThread/SendAsync1Start]: rsi_ptr:: %llx\n", rsi_ptr);
+	// cw_bpf_debug("[Go] [uprobeThread/SendAsync1Start]: rsi_ptr:: %llx\n", rsi_ptr);
 
-	cw_bpf_debug("[Go] [uprobeThread/SendAsync1Start]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
-	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][SendAsync1Start][HTTP]pid:[%d]--[%lld]--request[%llx]", pid_tgid, bpf_ktime_get_ns(), rsi_ptr);
+	// cw_bpf_debug("[Go] [uprobeThread/SendAsync1Start]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+	// cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][SendAsync1Start][HTTP]pid:[%d]--[%lld]--request[%llx]", pid_tgid, bpf_ktime_get_ns(), rsi_ptr);
 
 	// 维护 pid 与 connection 的关系
 	__u64 *e3 = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
 	if (!e3) {
-		cw_bpf_debug("[Go] [uprobeThread/SendAsync1Start]getget: rsi_ptr:: %llx\n", *e3);
+		// cw_bpf_debug("[Go] [uprobeThread/SendAsync1Start]getget: rsi_ptr:: %llx\n", *e3);
 		return 0;
 	}
-	cw_bpf_debug("[Go] [uprobeThread/SendAsync1Start]getget: rsi_ptr:: %llx\n", *e3);
+	// cw_bpf_debug("[Go] [uprobeThread/SendAsync1Start]getget: rsi_ptr:: %llx\n", *e3);
 
 	bpf_map_update_elem(&request_of_connection_ptr_maps, &rsi_ptr, e3, BPF_ANY);
 
 	__u64 *e2 = bpf_map_lookup_elem(&request_of_connection_ptr_maps, &rsi_ptr);
 	if (!e2) {
-		cw_bpf_debug("[Go] [uprobeThread/SendAsync1Start] ErrorErrorError getget: rsi_ptr2:: %llx\n", *e2);
+		// cw_bpf_debug("[Go] [uprobeThread/SendAsync1Start] ErrorErrorError getget: rsi_ptr2:: %llx\n", *e2);
 		return 0;
 	}
-	cw_bpf_debug("[Go] [uprobeThread/SendAsync1Start]getget: rsi_ptr2:: %llx\n", *e2);
+	// cw_bpf_debug("[Go] [uprobeThread/SendAsync1Start]getget: rsi_ptr2:: %llx\n", *e2);
 	// 维护 pid 与 connection 的关系
 
 	return 1;
@@ -567,14 +567,14 @@ int SendAsync1Start(struct pt_regs *ctx)
 SEC("uprobe/SendAsync1End")
 int SendAsync1End(struct pt_regs *ctx)
 {
-	cw_bpf_debug("[Go] [uprobeTshread/SendAsync1End] enter");
+	// cw_bpf_debug("[Go] [uprobeTshread/SendAsync1End] enter");
 	return 1;
 }
 
 SEC("uprobe/SendAsync2Start")
 int SendAsync2Start(struct pt_regs *ctx)
 {
-	cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start] enter");
+	// cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start] enter");
 	__u64 pid_tgid = bpf_get_current_pid_tgid();
     __u64 pid = pid_tgid >> 32;
 
@@ -585,38 +585,38 @@ int SendAsync2Start(struct pt_regs *ctx)
         // return 1;
     }
 
-	cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start]: fd_ptr:: %llx\n", fd_ptr);
+	// cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start]: fd_ptr:: %llx\n", fd_ptr);
 
-	cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
-	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][SendAsync2Start][HTTP]pid:[%d]--[%lld]--request[%llx]", pid_tgid, bpf_ktime_get_ns(), fd_ptr);
+	// cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+	// cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][SendAsync2Start][HTTP]pid:[%d]--[%lld]--request[%llx]", pid_tgid, bpf_ktime_get_ns(), fd_ptr);
 
 
 	// 维护 pid 与 connection 的关系
 	__u64 *e2 = bpf_map_lookup_elem(&request_of_connection_ptr_maps, &fd_ptr);
 	if (!e2) {
-		cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start] ErrorErrorError getget: fd_ptr:: %llx\n", *e2);
+		// cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start] ErrorErrorError getget: fd_ptr:: %llx\n", *e2);
 		return 0;
 	}
-	cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start]getget: fd_ptr:: %llx\n", *e2);
+	// cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start]getget: fd_ptr:: %llx\n", *e2);
 
 	int num = 1;
 	struct pid_of_connection_ptr_key_t *pre_e = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
 	if (pre_e) {
-		cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start]getget: rdi_ptr:: %llx -> %d\n", pre_e->connection_ptr, pre_e->num);
+		// cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start]getget: rdi_ptr:: %llx -> %d\n", pre_e->connection_ptr, pre_e->num);
 		num = pre_e->num + 1;
 	}
 	struct pid_of_connection_ptr_key_t connection_ptr_key = {};
 	connection_ptr_key.num = num;
 	connection_ptr_key.connection_ptr = *e2;
 	bpf_map_update_elem(&pid_of_connection_ptr_maps, &pid, &connection_ptr_key, BPF_ANY);
-	cw_bpf_debug("[Go] [uprobeThread/insert/SendAsync2Start]getget: rdi_ptr:: %d -> %llx\n", pid, *e2);
+	// cw_bpf_debug("[Go] [uprobeThread/insert/SendAsync2Start]getget: rdi_ptr:: %d -> %llx\n", pid, *e2);
 
 	struct pid_of_connection_ptr_key_t *e3 = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
 	if (!e3) {
-		cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start]getget: ErrorErrorErrorError rsi_ptr3\n");
+		// cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start]getget: ErrorErrorErrorError rsi_ptr3\n");
 		return 0;
 	}
-	cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start]getget: rsi_ptr3:: %llx -> %d\n", e3->connection_ptr, e3->num);
+	// cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start]getget: rsi_ptr3:: %llx -> %d\n", e3->connection_ptr, e3->num);
 	// 维护 pid 与 connection 的关系
 
 
@@ -626,7 +626,7 @@ int SendAsync2Start(struct pt_regs *ctx)
 	bpf_probe_read_user(&asm_, sizeof(asm_), (void*)ip);
 
 	asm_ = asm_ >> 32;
-	cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start/ent]: e->asm: %x", asm_);
+	// cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start/ent]: e->asm: %x", asm_);
 
 	__u64 bp = PT_REGS_SP(ctx);
 	// __u64 bp = PT_REGS_SP(ctx) + asm_;
@@ -637,8 +637,8 @@ int SendAsync2Start(struct pt_regs *ctx)
 	trace_key.bp = bp;
 	trace_key.trace_id = 0;
 
-	cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start/ent]: trace_keytrace_keytrace_key: rbp: %x, rbp: %x, rip:%x", PT_REGS_FP(ctx), PT_REGS_SP(ctx), PT_REGS_IP(ctx));
-	cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start/ent]: trace_keytrace_keytrace_key: caller_bp: %x, bp: %x", trace_key.caller_bp, trace_key.bp);
+	// cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start/ent]: trace_keytrace_keytrace_key: rbp: %x, rbp: %x, rip:%x", PT_REGS_FP(ctx), PT_REGS_SP(ctx), PT_REGS_IP(ctx));
+	// cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start/ent]: trace_keytrace_keytrace_key: caller_bp: %x, bp: %x", trace_key.caller_bp, trace_key.bp);
 
 	bpf_map_update_elem(&trace_stack_entry_thread, &trace_key, &pid, BPF_ANY);
 	// 维护函数出入口，用于关闭 当前 Connection 与线程的关系
@@ -649,12 +649,12 @@ int SendAsync2Start(struct pt_regs *ctx)
 SEC("uprobe/SendAsync2End")
 int SendAsync2End(struct pt_regs *ctx)
 {
-	cw_bpf_debug("[Go] [uprobeThread/SendAsync2End] enter");
+	// cw_bpf_debug("[Go] [uprobeThread/SendAsync2End] enter");
 	__u64 pid_tgid = bpf_get_current_pid_tgid();
     __u64 pid = pid_tgid >> 32;
 
-	cw_bpf_debug("[Go] [uprobeThread/SendAsync2End]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
-	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][SendAsync2End][HTTP]pid:[%d]--[%lld]", pid_tgid, bpf_ktime_get_ns());
+	// cw_bpf_debug("[Go] [uprobeThread/SendAsync2End]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+	// cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][SendAsync2End][HTTP]pid:[%d]--[%lld]", pid_tgid, bpf_ktime_get_ns());
 
 	// 维护函数出入口，用于关闭 当前 Connection 与线程的关系
 	// __u64 bp = PT_REGS_SP(ctx) - 8;
@@ -666,28 +666,28 @@ int SendAsync2End(struct pt_regs *ctx)
 	trace_key.bp = bp;
 	trace_key.trace_id = 0;
 
-	cw_bpf_debug("[Go] [uprobeThread/SendAsync2End/ent]: trace_keytrace_keytrace_key: rbp: %x, rbp: %x, rip: %x", PT_REGS_FP(ctx), PT_REGS_SP(ctx), PT_REGS_IP(ctx));
-	cw_bpf_debug("[Go] [uprobeThread/SendAsync2End/ent]: trace_keytrace_keytrace_key: caller_bp: %x, bp: %x", trace_key.caller_bp, trace_key.bp);
+	// cw_bpf_debug("[Go] [uprobeThread/SendAsync2End/ent]: trace_keytrace_keytrace_key: rbp: %x, rbp: %x, rip: %x", PT_REGS_FP(ctx), PT_REGS_SP(ctx), PT_REGS_IP(ctx));
+	// cw_bpf_debug("[Go] [uprobeThread/SendAsync2End/ent]: trace_keytrace_keytrace_key: caller_bp: %x, bp: %x", trace_key.caller_bp, trace_key.bp);
 
 	__u64 *pid_p = bpf_map_lookup_elem(&trace_stack_entry_thread, &trace_key);
 
 	if (!pid_p) {
-		cw_bpf_debug("[Go] [uprobeThread/SendAsync2End/ent]:ErrorErrorErrorError Not get funEntry");
+		// cw_bpf_debug("[Go] [uprobeThread/SendAsync2End/ent]:ErrorErrorErrorError Not get funEntry");
 		return 0;
 	}
-	cw_bpf_debug("[Go] [uprobeThread/SendAsync2End/ent]:Delete It: %d", *pid_p);
+	// cw_bpf_debug("[Go] [uprobeThread/SendAsync2End/ent]:Delete It: %d", *pid_p);
 	bpf_map_delete_elem(&trace_stack_entry_thread, &trace_key);
 
 	// 删除 pid 与 connection 的关系，由于 hook 点可能共用同一个线程，需要维护 num
 	struct pid_of_connection_ptr_key_t *ed_e = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, pid_p);
 	if (ed_e && ed_e->num > 1) {
-		cw_bpf_debug("[Go] [uprobeThread/SendAsync2End]getget: rdi_ptr:: %llx -> %d\n", ed_e->connection_ptr, ed_e->num);
+		// cw_bpf_debug("[Go] [uprobeThread/SendAsync2End]getget: rdi_ptr:: %llx -> %d\n", ed_e->connection_ptr, ed_e->num);
 		ed_e->num = ed_e->num - 1;
 		bpf_map_update_elem(&pid_of_connection_ptr_maps, pid_p, ed_e, BPF_ANY);
 	} else {
 		bpf_map_delete_elem(&pid_of_connection_ptr_maps, pid_p);
 	}
-	cw_bpf_debug("[Go] [uprobeThread/delete/SendAsync2End]getget: rdi_ptr:: %d\n", pid_p);
+	// cw_bpf_debug("[Go] [uprobeThread/delete/SendAsync2End]getget: rdi_ptr:: %d\n", pid_p);
 	// 维护函数出入口，用于关闭 当前 Connection 与线程的关系
 
 	return 1;
@@ -696,7 +696,7 @@ int SendAsync2End(struct pt_regs *ctx)
 SEC("uprobe/DoSendStart")
 int DoSendStart(struct pt_regs *ctx)
 {
-	cw_bpf_debug("[Go] [uprobeThread/DoSendStart] enter");
+	// cw_bpf_debug("[Go] [uprobeThread/DoSendStart] enter");
 	__u64 pid_tgid = bpf_get_current_pid_tgid();
     __u64 pid = pid_tgid >> 32;
 	
@@ -707,29 +707,29 @@ int DoSendStart(struct pt_regs *ctx)
     if (bpf_probe_read(&fd_ptr, sizeof(fd_ptr), rdi_ptr - 0xe8 + 0x28)) {
         // return 1;
     }
-	cw_bpf_debug("[Go] [uprobeThread/DoSendStart]: fd_ptr: %llx\n", fd_ptr);  
-	cw_bpf_debug("[Go] [uprobeThread/DoSendStart]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+	// cw_bpf_debug("[Go] [uprobeThread/DoSendStart]: fd_ptr: %llx\n", fd_ptr);  
+	// cw_bpf_debug("[Go] [uprobeThread/DoSendStart]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
 	// cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][DoSendStart][HTTP]pid:[%d]--[%lld]--id[%s]", pid_tgid, bpf_ktime_get_ns(), final_connection_id);
 
 	// 维护 pid 与 connection 的关系
 	int num = 1;
 	struct pid_of_connection_ptr_key_t *pre_e = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
 	if (pre_e) {
-		cw_bpf_debug("[Go] [uprobeThread/DoSendStart]getget: rdi_ptr:: %llx -> %d\n", pre_e->connection_ptr, pre_e->num);
+		// cw_bpf_debug("[Go] [uprobeThread/DoSendStart]getget: rdi_ptr:: %llx -> %d\n", pre_e->connection_ptr, pre_e->num);
 		num = pre_e->num + 1;
 	}
 	struct pid_of_connection_ptr_key_t connection_ptr_key = {};
 	connection_ptr_key.num = num;
 	connection_ptr_key.connection_ptr = fd_ptr;
 	bpf_map_update_elem(&pid_of_connection_ptr_maps, &pid, &connection_ptr_key, BPF_ANY);
-	cw_bpf_debug("[Go] [uprobeThread/insert/DoSendStart]getget: rdi_ptr:: %d -> %llx\n", pid, fd_ptr);
+	// cw_bpf_debug("[Go] [uprobeThread/insert/DoSendStart]getget: rdi_ptr:: %d -> %llx\n", pid, fd_ptr);
 
 	struct pid_of_connection_ptr_key_t *e3 = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
 	if (!e3) {
-		cw_bpf_debug("[Go] [uprobeThread/DoSendStart] ErrorErrorError getget: rsi_ptr3\n");
+		// cw_bpf_debug("[Go] [uprobeThread/DoSendStart] ErrorErrorError getget: rsi_ptr3\n");
 		return 0;
 	}
-	cw_bpf_debug("[Go] [uprobeThread/DoSendStart]getget: rsi_ptr3:: %llx -> %d\n", e3->connection_ptr, e3->num);
+	// cw_bpf_debug("[Go] [uprobeThread/DoSendStart]getget: rsi_ptr3:: %llx -> %d\n", e3->connection_ptr, e3->num);
 	// 维护 pid 与 connection 的关系
 
 
@@ -739,7 +739,7 @@ int DoSendStart(struct pt_regs *ctx)
 	bpf_probe_read_user(&asm_, sizeof(asm_), (void*)ip);
 
 	asm_ = asm_ >> 32;
-	cw_bpf_debug("[Go] [uprobeThread/DoSendStart/ent]: e->asm: %x", asm_);
+	// cw_bpf_debug("[Go] [uprobeThread/DoSendStart/ent]: e->asm: %x", asm_);
 
 	__u64 bp = PT_REGS_SP(ctx);
 	// __u64 bp = PT_REGS_SP(ctx) + asm_;
@@ -750,8 +750,8 @@ int DoSendStart(struct pt_regs *ctx)
 	trace_key.bp = bp;
 	trace_key.trace_id = 0;
 
-	cw_bpf_debug("[Go] [uprobeThread/DoSendStart/ent]: trace_keytrace_keytrace_key: rbp: %x, rbp: %x, rip:%x", PT_REGS_FP(ctx), PT_REGS_SP(ctx), PT_REGS_IP(ctx));
-	cw_bpf_debug("[Go] [uprobeThread/DoSendStart/ent]: trace_keytrace_keytrace_key: caller_bp: %x, bp: %x", trace_key.caller_bp, trace_key.bp);
+	// cw_bpf_debug("[Go] [uprobeThread/DoSendStart/ent]: trace_keytrace_keytrace_key: rbp: %x, rbp: %x, rip:%x", PT_REGS_FP(ctx), PT_REGS_SP(ctx), PT_REGS_IP(ctx));
+	// cw_bpf_debug("[Go] [uprobeThread/DoSendStart/ent]: trace_keytrace_keytrace_key: caller_bp: %x, bp: %x", trace_key.caller_bp, trace_key.bp);
 
 	bpf_map_update_elem(&trace_stack_entry_thread, &trace_key, &pid, BPF_ANY);
 	// 维护函数出入口，用于关闭 当前 Connection 与线程的关系
@@ -762,12 +762,12 @@ int DoSendStart(struct pt_regs *ctx)
 SEC("uprobe/DoSendEnd")
 int DoSendEnd(struct pt_regs *ctx)
 {
-	cw_bpf_debug("[Go] [uprobeThread/DoSendEnd] enter");
+	// cw_bpf_debug("[Go] [uprobeThread/DoSendEnd] enter");
 	__u64 pid_tgid = bpf_get_current_pid_tgid();
     __u64 pid = pid_tgid >> 32;
 
-	cw_bpf_debug("[Go] [uprobeThread/DoSendEnd]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
-	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][DoSendEnd][HTTP]pid:[%d]--[%lld]", pid_tgid, bpf_ktime_get_ns());
+	// cw_bpf_debug("[Go] [uprobeThread/DoSendEnd]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+	// cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][DoSendEnd][HTTP]pid:[%d]--[%lld]", pid_tgid, bpf_ktime_get_ns());
 
 	// 维护函数出入口，用于关闭 当前 Connection 与线程的关系
 	// __u64 bp = PT_REGS_SP(ctx) - 8;
@@ -779,28 +779,28 @@ int DoSendEnd(struct pt_regs *ctx)
 	trace_key.bp = bp;
 	trace_key.trace_id = 0;
 
-	cw_bpf_debug("[Go] [uprobeThread/DoSendEnd/ret]: trace_keytrace_keytrace_key: rbp: %x, rbp: %x, rip: %x", PT_REGS_FP(ctx), PT_REGS_SP(ctx), PT_REGS_IP(ctx));
-	cw_bpf_debug("[Go] [uprobeThread/DoSendEnd/ret]: trace_keytrace_keytrace_key: caller_bp: %x, bp: %x", trace_key.caller_bp, trace_key.bp);
+	// cw_bpf_debug("[Go] [uprobeThread/DoSendEnd/ret]: trace_keytrace_keytrace_key: rbp: %x, rbp: %x, rip: %x", PT_REGS_FP(ctx), PT_REGS_SP(ctx), PT_REGS_IP(ctx));
+	// cw_bpf_debug("[Go] [uprobeThread/DoSendEnd/ret]: trace_keytrace_keytrace_key: caller_bp: %x, bp: %x", trace_key.caller_bp, trace_key.bp);
 
 	__u64 *pid_p = bpf_map_lookup_elem(&trace_stack_entry_thread, &trace_key);
 
 	if (!pid_p) {
-		cw_bpf_debug("[Go] [uprobeThread/DoSendEnd/ret]:ErrorErrorErrorError Not get funEntry");
+		// cw_bpf_debug("[Go] [uprobeThread/DoSendEnd/ret]:ErrorErrorErrorError Not get funEntry");
 		return 0;
 	}
-	cw_bpf_debug("[Go] [uprobeThread/DoSendEnd/ret]:Delete It: %d", *pid_p);
+	// cw_bpf_debug("[Go] [uprobeThread/DoSendEnd/ret]:Delete It: %d", *pid_p);
 	bpf_map_delete_elem(&trace_stack_entry_thread, &trace_key);
 
 	// 删除 pid 与 connection 的关系，由于 hook 点可能共用同一个线程，需要维护 num
 	struct pid_of_connection_ptr_key_t *ed_e = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, pid_p);
 	if (ed_e && ed_e->num > 1) {
-		cw_bpf_debug("[Go] [uprobeThread/DoSendEnd]getget: rdi_ptr:: %llx -> %d\n", ed_e->connection_ptr, ed_e->num);
+		// cw_bpf_debug("[Go] [uprobeThread/DoSendEnd]getget: rdi_ptr:: %llx -> %d\n", ed_e->connection_ptr, ed_e->num);
 		ed_e->num = ed_e->num - 1;
 		bpf_map_update_elem(&pid_of_connection_ptr_maps, pid_p, ed_e, BPF_ANY);
 	} else {
 		bpf_map_delete_elem(&pid_of_connection_ptr_maps, pid_p);
 	}
-	cw_bpf_debug("[Go] [uprobeThread/delete/DoSendEnd]getget: rdi_ptr:: %d\n", pid_p);
+	// cw_bpf_debug("[Go] [uprobeThread/delete/DoSendEnd]getget: rdi_ptr:: %d\n", pid_p);
 	// 维护函数出入口，用于关闭 当前 Connection 与线程的关系
 
 	return 1;

ebpftracer/ebpf/utrace/java/net/client.probe.bpf.c

@@ -56,25 +56,25 @@ int uprobe_Java_java_net_SocketOutputStream_socketWrite0(struct pt_regs *ctx) {
 		return 0;
 	}
 
-	cw_bpf_debug("[java client] data_count:%d\n", data_count);
+	// cw_bpf_debug("[java client] data_count:%d\n", data_count);
 
 	void *len_from_rbp_ptr = (void *) PT_LEN_REGS(ctx);
 
 	void *len_ptr = 0;
-	cw_bpf_debug("[java client] address: len_from_rbp_ptr<0x%lx>\n", len_from_rbp_ptr);
+	// cw_bpf_debug("[java client] address: len_from_rbp_ptr<0x%lx>\n", len_from_rbp_ptr);
 
 	bpf_probe_read(&len_ptr, sizeof(len_ptr), (void *) len_from_rbp_ptr);
-	cw_bpf_debug("[java client] [len_ptr] before addr<0x%lx>, %d \n", len_from_rbp_ptr, len_ptr);
+	// cw_bpf_debug("[java client] [len_ptr] before addr<0x%lx>, %d \n", len_from_rbp_ptr, len_ptr);
 
 	if ((long) len_ptr != data_count) {
-		cw_bpf_debug("[java client] [len_ptr] check error.");
+		// cw_bpf_debug("[java client] [len_ptr] check error.");
 		return 0;
 	}
 
 	int key = 0;
 	struct sock_t *map_data = bpf_map_lookup_elem(&socket_heap, &key);
 	if (!map_data) {
-		cw_bpf_debug("[java client] Failed to lookup socket_heap\n");
+		// cw_bpf_debug("[java client] Failed to lookup socket_heap\n");
 		return 1;
 	}
 
@@ -106,13 +106,13 @@ int uprobe_Java_java_net_SocketOutputStream_socketWrite0(struct pt_regs *ctx) {
 	// cw_bpf_debug("[java client] [jbytechar_head_ptr] <0x%lx>", jbytechar_head_ptr);
 	
 	if (ret != 0) {
-		cw_bpf_debug("[java client] Failed to read first level ptr: %d\n", ret);
+		// cw_bpf_debug("[java client] Failed to read first level ptr: %d\n", ret);
 		return 0;
 	}
 
 	// 检查一级指针是否有效
 	if (!jbytechar_head_ptr) {
-		cw_bpf_debug("[java client] First level pointer is null.\n");
+		// cw_bpf_debug("[java client] First level pointer is null.\n");
 		return 0;
 	}
 
@@ -123,7 +123,7 @@ int uprobe_Java_java_net_SocketOutputStream_socketWrite0(struct pt_regs *ctx) {
 	long err = bpf_probe_read_user_str(map_data->payload, sizeof(map_data->payload), jbytechar_ptr);
 
 	if (err < 0) {
-		cw_bpf_debug("[java client] bpf_probe_read_user failed with return code: %d\n", err);
+		// cw_bpf_debug("[java client] bpf_probe_read_user failed with return code: %d\n", err);
 		return 0;
 	}
 	map_data->size = data_count;
@@ -147,7 +147,7 @@ int uprobe_Java_java_net_SocketOutputStream_socketWrite0(struct pt_regs *ctx) {
 	}
 
 	if (map_data->header_offset_idx == 0) {
-		cw_bpf_debug("[java client] header_offset_idx error:\n");
+		// cw_bpf_debug("[java client] header_offset_idx error:\n");
 		return 1;
 	}
 
@@ -156,7 +156,7 @@ int uprobe_Java_java_net_SocketOutputStream_socketWrite0(struct pt_regs *ctx) {
 	if (map_data->end_str_len > copy_size) {
 		u32 chunk = (u32) map_data->end_str_len / copy_size;
 		if (chunk > MAX_CHUNK) {
-			cw_bpf_debug("[java client] Exceeding the max_chunk:%d need_chunk:%d\n", MAX_CHUNK, chunk);
+			// cw_bpf_debug("[java client] Exceeding the max_chunk:%d need_chunk:%d\n", MAX_CHUNK, chunk);
 			return 1;
 		}
 	}
@@ -273,7 +273,7 @@ PROGUP(java_find_host)(struct pt_regs *ctx) {
 	u32 k0 = 0;
 	struct sock_t *map_data = bpf_map_lookup_elem(&socket_heap, &k0);
 	if (!map_data) {
-		cw_bpf_debug("[java client] Failed to lookup socket_heap\n");
+		// cw_bpf_debug("[java client] Failed to lookup socket_heap\n");
 		return 1;
 	}
 
@@ -288,7 +288,7 @@ PROGUP(java_find_host)(struct pt_regs *ctx) {
 		}
 	}
 	if (map_data->host_offset_idx == 0) {
-		cw_bpf_debug("[java client] host_offset_idx error:\n");
+		// cw_bpf_debug("[java client] host_offset_idx error:\n");
 		return 1;
 	}
 
@@ -304,7 +304,7 @@ PROGUP(java_build_header)(struct pt_regs *ctx) {
 	u32 k0 = 0;
 	struct sock_t *map_data = bpf_map_lookup_elem(&socket_heap, &k0);
 	if (!map_data) {
-		cw_bpf_debug("[java client] Failed to lookup socket_heap\n");
+		// cw_bpf_debug("[java client] Failed to lookup socket_heap\n");
 		return 1;
 	}
 
@@ -323,14 +323,14 @@ PROGUP(java_build_header)(struct pt_regs *ctx) {
 			break;
 		}
 	}
-	cw_bpf_debug("[java client] http host %s\n", map_data->host);
+	// cw_bpf_debug("[java client] http host %s\n", map_data->host);
 
 	struct apm_span_context *cw_sc = build_sc(proc_info, host);
 	if (cw_sc == NULL) {
 		return 0;
 	}
 	span_context_to_cw_string_stream(cw_sc, map_data->header_stream, '1');
-	cw_bpf_debug("[java client] header:[%s],sizeof %d ", map_data->header_stream, sizeof(map_data->header_stream));
+	// cw_bpf_debug("[java client] header:[%s],sizeof %d ", map_data->header_stream, sizeof(map_data->header_stream));
 	// 更新Header
 	bpf_tail_call(ctx, &NAME(progs_jmp_up_map), PROG_DATA_JAVA_UPDATE_HEADER_UP_IDX);
 	return 0;
@@ -344,13 +344,13 @@ PROGUP(java_update_header)(struct pt_regs *ctx) {
 	u32 k1 = 1;
 	char *tail_payload = bpf_map_lookup_elem(&large_array_map, &k1);
 	if (!tail_payload) {
-		cw_bpf_debug("[java client] header ->end %s\n", tail_payload);
+		// cw_bpf_debug("[java client] header ->end %s\n", tail_payload);
 		return -1;
 	}
 
 	struct sock_t *map_data = bpf_map_lookup_elem(&socket_heap, &k0);
 	if (!map_data) {
-		cw_bpf_debug("[java client] Failed to lookup socket_heap\n");
+		// cw_bpf_debug("[java client] Failed to lookup socket_heap\n");
 		return -1;
 	}
 
@@ -368,7 +368,7 @@ PROGUP(java_update_header)(struct pt_regs *ctx) {
 
 	long res = bpf_probe_write_user((void *) len_from_rbp_ptr, &new_val, sizeof(new_val));
 	if (res < 0) {
-		cw_bpf_debug("[java client] Failed to write value to user address: %p, error: %ld\n", len_from_rbp_ptr, res);
+		// cw_bpf_debug("[java client] Failed to write value to user address: %p, error: %ld\n", len_from_rbp_ptr, res);
 		return -1;
 	}
 
@@ -417,23 +417,23 @@ int javaaot_asmnop(struct pt_regs *ctx) {
 		return 0;
 	}
 
-	cw_bpf_debug("[java client] data_count:%d\n", data_count);
+	// cw_bpf_debug("[java client] data_count:%d\n", data_count);
 
 	void *len_ptr = 0;
-	cw_bpf_debug("[java client] address: len_from_rbp_ptr<0x%lx>\n", len_from_rbp_ptr);
+	// cw_bpf_debug("[java client] address: len_from_rbp_ptr<0x%lx>\n", len_from_rbp_ptr);
 
 	bpf_probe_read(&len_ptr, sizeof(len_ptr), (void *) len_from_rbp_ptr);
-	cw_bpf_debug("[java client] [len_ptr] before addr<0x%lx>, %d \n", len_from_rbp_ptr, len_ptr);
+	// cw_bpf_debug("[java client] [len_ptr] before addr<0x%lx>, %d \n", len_from_rbp_ptr, len_ptr);
 
 	if ((long) len_ptr != data_count) {
-		cw_bpf_debug("[java client] [len_ptr] check error.");
+		// cw_bpf_debug("[java client] [len_ptr] check error.");
 		return 0;
 	}
 
 	int key = 0;
 	struct sock_t *map_data = bpf_map_lookup_elem(&socket_heap, &key);
 	if (!map_data) {
-		cw_bpf_debug("[java client] Failed to lookup socket_heap\n");
+		// cw_bpf_debug("[java client] Failed to lookup socket_heap\n");
 		return 1;
 	}
 
@@ -450,7 +450,7 @@ int javaaot_asmnop(struct pt_regs *ctx) {
 	long err = bpf_probe_read_user_str(map_data->payload, sizeof(map_data->payload), jbytechar_ptr);
 
 	if (err < 0) {
-		cw_bpf_debug("[java client] bpf_probe_read_user failed with return code: %d\n", err);
+		// cw_bpf_debug("[java client] bpf_probe_read_user failed with return code: %d\n", err);
 		return 0;
 	}
 	map_data->size = data_count;
@@ -474,7 +474,7 @@ int javaaot_asmnop(struct pt_regs *ctx) {
 	}
 
 	if (map_data->header_offset_idx == 0) {
-		cw_bpf_debug("[java client] header_offset_idx error:\n");
+		// cw_bpf_debug("[java client] header_offset_idx error:\n");
 		return 1;
 	}
 
@@ -483,7 +483,7 @@ int javaaot_asmnop(struct pt_regs *ctx) {
 	if (map_data->end_str_len > copy_size) {
 		u32 chunk = (u32) map_data->end_str_len / copy_size;
 		if (chunk > MAX_CHUNK) {
-			cw_bpf_debug("[java client] Exceeding the max_chunk:%d need_chunk:%d\n", MAX_CHUNK, chunk);
+			// cw_bpf_debug("[java client] Exceeding the max_chunk:%d need_chunk:%d\n", MAX_CHUNK, chunk);
 			return 1;
 		}
 	}

ebpftracer/ebpf/utrace/java/net/server.probe.bpf.c

@@ -197,11 +197,11 @@ int uprobe_ret_Java_sun_nio_ch_FileDispatcherImpl_read0(struct pt_regs *ctx) {
 		return -1;
 	}
 
-	cw_bpf_debug("read data is : %s\n", map_data->payload);
+	// cw_bpf_debug("read data is : %s\n", map_data->payload);
 
 	u32 offset = has_cw_header(map_data->payload);
 	map_data->header_offset_idx = offset;
-	cw_bpf_debug("[Jvm service] Header offset: [%d]\n", offset);
+	// cw_bpf_debug("[Jvm service] Header offset: [%d]\n", offset);
 //	bpf_tail_call(ctx, &jmp_table1, 0);
 	bpf_tail_call(ctx, &NAME(progs_jmp_up_map), PROG_DATA_SAVE_UP_IDX);
 	return 0;

ebpftracer/ebpf/utrace/netcore/net/client.probe.bpf.c

@@ -187,23 +187,23 @@ int netcore_asmnop(struct pt_regs *ctx) {
 		return 0;
 	}
 
-	cw_bpf_debug("[netcore client] data_count:%d\n", data_count);
+	// cw_bpf_debug("[netcore client] data_count:%d\n", data_count);
 
 	void *len_ptr = 0;
-	cw_bpf_debug("[netcore client] address: len_from_rbp_ptr<0x%lx>\n", len_from_rbp_ptr);
+	// cw_bpf_debug("[netcore client] address: len_from_rbp_ptr<0x%lx>\n", len_from_rbp_ptr);
 
 	bpf_probe_read(&len_ptr, sizeof(len_ptr), (void *) len_from_rbp_ptr);
-	cw_bpf_debug("[netcore client] [len_ptr] before addr<0x%lx>, %d \n", len_from_rbp_ptr, len_ptr);
+	// cw_bpf_debug("[netcore client] [len_ptr] before addr<0x%lx>, %d \n", len_from_rbp_ptr, len_ptr);
 
 	if ((long) len_ptr != data_count) {
-		cw_bpf_debug("[netcore client] [len_ptr] check error.");
+		// cw_bpf_debug("[netcore client] [len_ptr] check error.");
 		return 0;
 	}
 
 	int key = 0;
 	struct sock_t *map_data = bpf_map_lookup_elem(&socket_heap, &key);
 	if (!map_data) {
-		cw_bpf_debug("[netcore client] Failed to lookup socket_heap\n");
+		// cw_bpf_debug("[netcore client] Failed to lookup socket_heap\n");
 		return 1;
 	}
 
@@ -220,7 +220,7 @@ int netcore_asmnop(struct pt_regs *ctx) {
 	long err = bpf_probe_read_user_str(map_data->payload, sizeof(map_data->payload), jbytechar_ptr);
 
 	if (err < 0) {
-		cw_bpf_debug("[netcore client] bpf_probe_read_user failed with return code: %d\n", err);
+		// cw_bpf_debug("[netcore client] bpf_probe_read_user failed with return code: %d\n", err);
 		return 0;
 	}
 	map_data->size = data_count;
@@ -244,7 +244,7 @@ int netcore_asmnop(struct pt_regs *ctx) {
 	}
 
 	if (map_data->header_offset_idx == 0) {
-		cw_bpf_debug("[netcore client] header_offset_idx error:\n");
+		// cw_bpf_debug("[netcore client] header_offset_idx error:\n");
 		return 1;
 	}
 
@@ -253,11 +253,11 @@ int netcore_asmnop(struct pt_regs *ctx) {
 	if (map_data->end_str_len > copy_size) {
 		u32 chunk = (u32) map_data->end_str_len / copy_size;
 		if (chunk > MAX_CHUNK) {
-			cw_bpf_debug("[netcore client] Exceeding the max_chunk:%d need_chunk:%d\n", MAX_CHUNK, chunk);
+			// cw_bpf_debug("[netcore client] Exceeding the max_chunk:%d need_chunk:%d\n", MAX_CHUNK, chunk);
 			return 1;
 		}
 	}
-	cw_bpf_debug("[netcore client] header_offset_idx:%d\n", map_data->header_offset_idx);
+	// cw_bpf_debug("[netcore client] header_offset_idx:%d\n", map_data->header_offset_idx);
 
 	// tail payload保存
 	u32 tail_key = 1;

ebpftracer/l7/l7.go

@@ -208,3 +208,21 @@ type RequestData struct {
 		SpanIdFrom     string
 	}
 }
+
+type OffCPUData struct {
+	Tid              	uint32
+	Pid              	uint32
+	OffCpuTime          uint64
+	OffNetTime          uint64
+	OffEpollTime        uint64
+	OffFileTime         uint64
+	OffFutexTime        uint64
+	OffMemTime          uint64
+	OffMemmapTime       uint64
+	OffMmapTime         uint64
+	RunqTime            uint64
+	CPUOnTime           uint64
+	TraceID             uint64
+	PayloadSize         uint64
+    Payload    			[]byte
+}

ebpftracer/tracer.go

@@ -99,6 +99,7 @@ const (
 	EventTypeFunRet          EventType = 12
 	EventTypeAcceptOpen      EventType = 13
 	EventTypeAcceptClose     EventType = 14
+	EventTypeOffCpuTIme      EventType = 15
 
 	EventReasonNone    EventReason = 0
 	EventReasonOOMKill EventReason = 1
@@ -120,6 +121,7 @@ type Event struct {
 	Timestamp      uint64
 	Duration       time.Duration
 	L7Request      *l7.RequestData
+	OffCPU		   *l7.OffCPUData
 	TrafficStats   *TrafficStats
 	FirstReadTime  uint64
 	FirstWriteTime uint64
@@ -136,6 +138,7 @@ const (
 	perfMapTypeSocketEvents       perfMapType = 5
 	perfMapTypeEventQueue         perfMapType = 6
 	perfMapTypePythonThreadEvents perfMapType = 7
+	perfMapTypeOffCpuEvents 	  perfMapType = 8
 )
 
 type Tracer struct {
@@ -322,6 +325,7 @@ func (t *Tracer) ebpf(ch chan<- Event) error {
 	tracer.MapInsert(c)
 	if !t.DisableL7Tracing() {
 		perfMaps = append(perfMaps, perfMap{name: "l7_events", typ: perfMapTypeL7Events, perCPUBufferSizePages: 32})
+		perfMaps = append(perfMaps, perfMap{name: "offcpu_events", typ: perfMapTypeOffCpuEvents, perCPUBufferSizePages: 32})
 	}
 	perfMaps = append(perfMaps, perfMap{name: MAP_PERF_SOCKET_DATA_NAME, typ: perfMapTypeSocketEvents, perCPUBufferSizePages: 64})
 	klog.Infof("[start] Look eBPF perf_maps")
@@ -534,6 +538,25 @@ type l7Event struct {
 	SpanIdFrom          HashByte
 }
 
+// struct offcpu_event in offcpu.c
+type OffCpuEvent struct{
+	Tid              	uint32
+	Pid              	uint32
+	OffCpuTime          uint64
+	OffNetTime          uint64
+	OffEpollTime        uint64
+	OffFileTime              uint64
+	OffFutexTime              uint64
+	OffMemTime              uint64
+	OffMemmapTime              uint64
+	OffMmapTime              uint64
+	RunqTime              uint64
+	CPUOnTime              uint64
+	TraceID              uint64
+	PayloadSize             uint64
+    Payload    			[]byte
+}
+
 type SocketDataBufferddd struct {
 	EventsNum uint32
 	Len       uint32
@@ -728,6 +751,42 @@ func runEventsReader(name string, r *perf.Reader, ch chan<- Event, typ perfMapTy
 
 			//fmt.Println(string(v.Data))
 			//continue
+		case perfMapTypeOffCpuEvents:
+			//接收 offcpu数据
+			v := &OffCpuEvent{}
+			reader := bytes.NewBuffer(rec.RawSample)
+			if err := binary.Read(reader, binary.LittleEndian, v); err != nil {
+				klog.Warningln("failed to read msg:", err)
+				continue
+			}
+
+			payload := reader.Bytes()
+			offcpu := &l7.OffCPUData{
+				Tid:			v.Tid,
+				Pid:			v.Pid,
+				OffCpuTime:		v.OffCpuTime,         
+				OffNetTime: 	v.OffNetTime,          
+				OffEpollTime: 	v.OffEpollTime,
+				OffFileTime: 	v.OffFileTime,
+				OffFutexTime: 	v.OffFutexTime,
+				OffMemTime: 	v.OffMemTime,
+				OffMemmapTime: 	v.OffMemmapTime,
+				OffMmapTime: 	v.OffMmapTime,
+				RunqTime: 		v.RunqTime,
+				CPUOnTime: 		v.CPUOnTime,
+				TraceID: 		v.TraceID,
+			}
+			switch {
+			case v.PayloadSize == 0:
+			case v.PayloadSize > MaxPayloadSize:
+				offcpu.Payload = payload[:MaxPayloadSize]
+			default:
+				offcpu.Payload = payload[:v.PayloadSize]
+			}
+			//fmt.Println("==========")
+			//fmt.Println("req.Payload:", string(req.Payload))
+			//fmt.Println("==========")
+			event = Event{Type: EventTypeOffCpuTIme, Pid: v.Pid, OffCPU: offcpu}
 		case perfMapTypeL7Events:
 			v := &l7Event{}
 			reader := bytes.NewBuffer(rec.RawSample)

main.go

@@ -141,7 +141,7 @@ func main() {
 		MaxSize:    50, // 日志文件最大尺寸，单位MB
 		MaxBackups: 3,  // 最多保留的旧日志文件数
 		MaxAge:     3,  // 日志文件保留的最长时间，单位天
-		//Console:    true,
+		Console:    true,
 	})
 
 	if err != nil {