Fixed #TASK_QT-9810 Network 调试

ebpftracer/ebpf/l7/l7.c

@@ -366,6 +366,10 @@ int trace_enter_write(void *ctx, __u64 fd, __u16 is_tls, char *buf, __u64 size,
     k.is_tls = is_tls;
     k.stream_id = -1;
 
+    struct connection_id cid = {};
+    cid.pid = pid;
+    cid.fd = fd;
+
 //    cw_bpf_debug("enter-payload:%s|type:%s|FD:%d\n",payload,"type",k.fd);
 
     if (is_http_response(payload, &http_status))
@@ -440,20 +444,24 @@ int trace_enter_write(void *ctx, __u64 fd, __u16 is_tls, char *buf, __u64 size,
 //        cw_bpf_debug("off->task__files_offset:%x", off->task__files_offset);
 //        cw_bpf_debug("e->test_id1111:%d", ttt->test_id);
 	    cw_bpf_debug("HTTP_END");
+
+        //TODO 4 查询 
+        cw_bpf_debug("socket accept bytes_sent cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
+        struct connection *accept_conn = bpf_map_lookup_elem(&active_accepts, &cid);
+        if (accept_conn && !is_tls) {
+            cw_bpf_debug("socket accept bytes_sent after cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
+            __sync_fetch_and_add(&accept_conn->bytes_sent, total_size);
+        }
         return 0;
     }
 
-    struct connection_id cid = {};
-    cid.pid = pid;
-    cid.fd = fd;
-
     struct connection *conn = bpf_map_lookup_elem(&active_connections, &cid);
     if (!conn) {
         //TODO 4 查询 
-        // cw_bpf_debug("accept bytes_sent cid.pid=%d, cid.fd=d\n", cid.pid, cid.fd);
+        cw_bpf_debug("socket accept bytes_sent cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
         struct connection *accept_conn = bpf_map_lookup_elem(&active_accepts, &cid);
         if (accept_conn && !is_tls) {
-            cw_bpf_debug("accept bytes_sent after cid.pid=%d, cid.fd=d\n", cid.pid, cid.fd);
+            cw_bpf_debug("socket accept bytes_sent after cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
             __sync_fetch_and_add(&accept_conn->bytes_sent, total_size);
         }
         return 0;
@@ -715,7 +723,11 @@ int trace_exit_read(void *ctx, __u64 id, __u32 pid, __u16 is_tls, long int ret)
 //    infer_dns_message(payload, (int)PT_REGS_RC((struct pt_regs *)ctx),
 //                      conn_info);
 
+    struct connection_id cid = {};
+    cid.pid = pid;
+    cid.fd = args->fd;
     // 被调用方http入口
+    // 作为服务端在走。coroot 原有逻辑是没有的
     if (is_http_request(payload)) {
         struct l7_request *req = bpf_map_lookup_elem(&l7_request_heap, &zero);
         if (!req)
@@ -770,19 +782,24 @@ int trace_exit_read(void *ctx, __u64 id, __u32 pid, __u16 is_tls, long int ret)
 //	    bpf_map_update_elem(&fd_trace_info_heap, &fd_trace_key, &trace_info, BPF_NOEXIST);
         bpf_perf_event_output(ctx, &l7_events, BPF_F_CURRENT_CPU, e, sizeof(*e));
         cw_bpf_debug("[Receive][HTTP] to user space");
+
+        // 作为服务端统计 bytes_received 使用
+        struct connection *accept_conn = bpf_map_lookup_elem(&active_accepts, &cid);
+        cw_bpf_debug("socket accept bytes_received cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
+        if (accept_conn && !is_tls){
+            cw_bpf_debug("socket accept bytes_received after cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
+            __sync_fetch_and_add(&accept_conn->bytes_received, total_size);
+        }
         return 0;
     }
 
-    struct connection_id cid = {};
-    cid.pid = pid;
-    cid.fd = args->fd;
     struct connection *conn = bpf_map_lookup_elem(&active_connections, &cid);
     if (args && !conn) {
         bpf_map_delete_elem(&active_reads, &id);
         struct connection *accept_conn = bpf_map_lookup_elem(&active_accepts, &cid);
-        // cw_bpf_debug("accept bytes_received cid.pid=%d, cid.fd=d\n", cid.pid, cid.fd);
+        cw_bpf_debug("socket accept bytes_received cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
         if (accept_conn && !is_tls){
-            cw_bpf_debug("accept bytes_received after cid.pid=%d, cid.fd=d\n", cid.pid, cid.fd);
+            cw_bpf_debug("socket accept bytes_received after cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
             __sync_fetch_and_add(&accept_conn->bytes_received, total_size);
         }
         return 0;
@@ -790,6 +807,7 @@ int trace_exit_read(void *ctx, __u64 id, __u32 pid, __u16 is_tls, long int ret)
 
     //TODO 5 同发送逻辑。
 
+    /// coroot 是以客户端为主体做统计的，所以这里是客户端逻辑
     if (!is_tls) {
         __sync_fetch_and_add(&conn->bytes_received, total_size);
     }

ebpftracer/ebpf/tcp/state.c

@@ -243,7 +243,7 @@ int sys_enter_close(void *ctx) {
         bpf_perf_event_output(ctx, &tcp_connect_events, BPF_F_CURRENT_CPU, &e, sizeof(e));
         bpf_map_delete_elem(&active_connections, &cid);
     }
-    cw_bpf_debug("accept socket sys_enter_close accept_Connection before cid.pid=%d, cid.fd=d\n", cid.pid, cid.fd);
+    cw_bpf_debug("socket accept socket sys_enter_close accept_Connection before cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
     conn = bpf_map_lookup_elem(&active_accepts, &cid);
     if (conn) {
         struct tcp_event e = {};
@@ -255,7 +255,8 @@ int sys_enter_close(void *ctx) {
         e.timestamp = conn->timestamp;
         bpf_perf_event_output(ctx, &tcp_accept_events, BPF_F_CURRENT_CPU, &e, sizeof(e));
         bpf_map_delete_elem(&active_accepts, &cid);
-        cw_bpf_debug("accept socket sys_enter_close accept_Connection cid.pid=%d, cid.fd=d\n", cid.pid, cid.fd);
+        cw_bpf_debug("socket accept socket sys_enter_close accept_Connection cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
+        cw_bpf_debug("socket accept socket sys_enter_close accept_Connection cid.bytes_sent=%d, cid.bytes_received=%d\n", e.bytes_sent, e.bytes_received);
     }
 
     //TODO 2，增加active_accept 对应的判断，类比234行操作，新增EVENT_TYPE_accept_conn_CLOSE类型
@@ -335,15 +336,15 @@ int kprobeinet_csk_accept(struct pt_regs *ctx) {
 struct sys_exit_accept4_ctx {
 	__u64 __unused_syscall_header;
 	__u32 __unused_syscall_nr;
-	__u64 ret;
+	long ret;
 };
 struct sys_enter_accept4_ctx {
 	__u64 __unused_syscall_header;
 	__u32 __unused_syscall_nr;
 
-	__u64 fd;
+	long fd;
 	__u64 *sockaddr;
-	__u64 addrlen;
+	int addrlen;
 };
 // 在系统调用accept返回时挂钩获取文件描述符  
 SEC("tracepoint/syscalls/sys_enter_accept4")  
@@ -356,14 +357,14 @@ int tracepoint__sys_enter_accept4(struct sys_enter_accept4_ctx *ctx) {
 // 在系统调用accept返回时挂钩获取文件描述符  
 SEC("tracepoint/syscalls/sys_exit_accept4")  
 int tracepoint__sys_exit_accept4(struct sys_exit_accept4_ctx *ctx) {  
-    __u64 fd = ctx->ret;  
+    long fd = ctx->ret;  
     __u64 pid_tgid = bpf_get_current_pid_tgid();  
     cw_bpf_debug("[Go] [socket/tracepoint__sys_exit_accept4]getget: rdi_ptr::pid: %d,-- %d\n", pid_tgid, fd);
     // bpf_map_update_elem(&fd_by_pid_tgid, &pid_tgid, &fd, BPF_ANY);
     struct sock **skp;  
     // 从 map 中获取 `struct sock` 指针  
     skp = bpf_map_lookup_elem(&socket_map, &pid_tgid);  
-    if (skp && fd >= 0) {
+    if (skp && fd > 0) {
         struct sock *sk = *skp;
         __u16 family = 0;
         bpf_probe_read(&family, sizeof(family), &sk->__sk_common.skc_family);
@@ -414,9 +415,9 @@ int tracepoint__sys_exit_accept4(struct sys_exit_accept4_ctx *ctx) {
 
         struct connection conn = {};
         conn.timestamp = bpf_ktime_get_ns();
-        cw_bpf_debug("accept update active_accepts before cid.pid=%d, cid.fd=d\n", cid.pid, cid.fd);
+        cw_bpf_debug("socket accept update active_accepts before cid.pid=%d, cid.fd=%lld\n", cid.pid, cid.fd);
         bpf_map_update_elem(&active_accepts, &cid, &conn, BPF_ANY);
-        cw_bpf_debug("accept update active_accepts after cid.pid=%d, cid.fd=d\n", cid.pid, cid.fd);
+        cw_bpf_debug("socket accept update active_accepts after cid.pid=%d, cid.fd=%lld\n", cid.pid, cid.fd);
 
         // TODO 1: tcp_accept_events 把数据发到go层。update active_accept 定义一个 e.type
     }