|
|
@@ -268,14 +268,16 @@ int sys_enter_close(void *ctx) {
|
|
|
void u32_to_ip(__u32 ip, unsigned char* bytes) {
|
|
|
// 将32位整数拆分为四个8位整数
|
|
|
// unsigned char bytes[4];
|
|
|
- bytes[3] = (ip >> 24) & 0xFF;
|
|
|
- bytes[2] = (ip >> 16) & 0xFF;
|
|
|
- bytes[1] = (ip >> 8) & 0xFF;
|
|
|
- bytes[0] = ip & 0xFF;
|
|
|
+ bytes[15] = (ip >> 24) & 0xFF;
|
|
|
+ bytes[14] = (ip >> 16) & 0xFF;
|
|
|
+ bytes[13] = (ip >> 8) & 0xFF;
|
|
|
+ bytes[12] = ip & 0xFF;
|
|
|
+ bytes[11] = 0xFF;
|
|
|
+ bytes[10] = 0xFF;
|
|
|
|
|
|
// 使用sprintf将这些整数格式化为字符串
|
|
|
- cw_bpf_debug("[Go] [socket/IP: %u.%u", bytes[0], bytes[1]);
|
|
|
- cw_bpf_debug("[Go] [socket/IP: %u.%u", bytes[2], bytes[3]);
|
|
|
+ cw_bpf_debug("[Go] [socket/IP: %u.%u", bytes[15], bytes[14]);
|
|
|
+ cw_bpf_debug("[Go] [socket/IP: %u.%u", bytes[13], bytes[12]);
|
|
|
}
|
|
|
|
|
|
|
|
|
@@ -389,10 +391,10 @@ int tracepoint__sys_exit_accept4(struct sys_exit_accept4_ctx *ctx) {
|
|
|
cw_bpf_debug("socket sys_exit_accept4 sk=%x, hash: %lld\n", sk, hash);
|
|
|
cw_bpf_debug("socket sys_exit_accept4 dport=%d, lport=%d\n", tuple.dport, tuple.sport);
|
|
|
cw_bpf_debug("socket sys_exit_accept4 saddr=%lld, daddr=%lld\n", tuple.saddr, tuple.daddr);
|
|
|
- // unsigned char saddr[4] = {};
|
|
|
- // unsigned char daddr[4] = {};
|
|
|
- // u32_to_ip(tuple.saddr, saddr);
|
|
|
- // u32_to_ip(tuple.daddr, daddr);
|
|
|
+ unsigned char saddr[16] = {};
|
|
|
+ unsigned char daddr[16] = {};
|
|
|
+ u32_to_ip(tuple.saddr, saddr);
|
|
|
+ u32_to_ip(tuple.daddr, daddr);
|
|
|
|
|
|
void *map = &tcp_accept_events;
|
|
|
|
|
|
@@ -405,10 +407,15 @@ int tracepoint__sys_exit_accept4(struct sys_exit_accept4_ctx *ctx) {
|
|
|
e.sport = tuple.sport;
|
|
|
e.dport = tuple.dport;
|
|
|
e.fd = fd;
|
|
|
- // __builtin_memcpy(&e.saddr, &saddr, sizeof(e.saddr));
|
|
|
- // __builtin_memcpy(&e.daddr, &daddr, sizeof(e.saddr));
|
|
|
- __builtin_memcpy(&e.saddr, &tuple.saddr, sizeof(e.saddr));
|
|
|
- __builtin_memcpy(&e.daddr, &tuple.saddr, sizeof(e.saddr));
|
|
|
+ __builtin_memcpy(&e.saddr, &saddr, sizeof(e.saddr));
|
|
|
+ __builtin_memcpy(&e.daddr, &daddr, sizeof(e.saddr));
|
|
|
+ cw_bpf_debug("socket sys_exit_accept4 addraddraddr saddr=%llu, daddr=%llu\n", e.saddr[10], e.saddr[11]);
|
|
|
+ cw_bpf_debug("socket sys_exit_accept4 addraddraddr saddr=%llu, daddr=%llu\n", e.saddr[12], e.saddr[13]);
|
|
|
+ cw_bpf_debug("socket sys_exit_accept4 addraddraddr saddr=%llu, daddr=%llu\n", e.saddr[14], e.saddr[15]);
|
|
|
+
|
|
|
+ cw_bpf_debug("socket sys_exit_accept4 addraddraddr saddr=%llu, daddr=%llu\n", e.daddr[10], e.daddr[11]);
|
|
|
+ cw_bpf_debug("socket sys_exit_accept4 addraddraddr saddr=%llu, daddr=%llu\n", e.daddr[12], e.daddr[13]);
|
|
|
+ cw_bpf_debug("socket sys_exit_accept4 addraddraddr saddr=%llu, daddr=%llu\n", e.daddr[14], e.daddr[15]);
|
|
|
|
|
|
bpf_perf_event_output(ctx, map, BPF_F_CURRENT_CPU, &e, sizeof(e));
|
|
|
struct connection_id cid = {};
|
rock