Acasă Explorează Ajutor
Înregistrare Autentificare
root
/
ebpf
1
0
Bifurcare 0
Fisiere Probleme 0 Trageți solicitările 0 Wiki
Răsfoiți Sursa

Fixed #TASK_QT-9810 Go Tls

roger.wang 1 an în urmă
părinte
4f0955f9e3
comite
c826da0c03
4 a modificat fișierele cu 371 adăugiri și 371 ștergeri
Vizualizare divizată Arată Statisticile Diff
  1. 132 132
      containers/container.go
  2. 13 13
      containers/registry.go
  3. 190 190
      ebpftracer/ebpf/tcp/state.c
  4. 36 36
      ebpftracer/tracer.go

+ 132 - 132
containers/container.go
Vizualizați fișierul 

@@ -77,7 +77,7 @@ type AddrPair struct {
 
 
 type ActiveConnection struct {
 
 	Dest       netaddr.IPPort
 
-	Src 	   netaddr.IPPort
 
+	Src        netaddr.IPPort
 
 	ActualDest netaddr.IPPort
 
 	Pid        uint32
 
 	Fd         uint64
 
@@ -94,12 +94,12 @@ type ActiveConnection struct {
 
 }
 
 
 type ActiveAccept struct {
 
-	Dest       netaddr.IPPort
 
-	Src 	   netaddr.IPPort
 
-	Pid        uint32
 
-	Fd         uint64
 
-	Timestamp  uint64
 
-	Closed     time.Time
 
+	Dest      netaddr.IPPort
 
+	Src       netaddr.IPPort
 
+	Pid       uint32
 
+	Fd        uint64
 
+	Timestamp uint64
 
+	Closed    time.Time
 
 
 	BytesSent     uint64
 
 	BytesReceived uint64
 
@@ -131,11 +131,11 @@ type ConnectionStats struct {
 
 	PerBytesSent     uint64
 
 	BytesReceived    uint64
 
 	PerBytesReceived uint64
 
-	Src 	   		 netaddr.IPPort
 
-	ConEstTime		 time.Duration
 
-	FirstReadTime	 uint64
 
-	FirstWriteTime	 uint64
 
-	NewReadTime		 uint64
 
+	Src              netaddr.IPPort
 
+	ConEstTime       time.Duration
 
+	FirstReadTime    uint64
 
+	FirstWriteTime   uint64
 
+	NewReadTime      uint64
 
 }
 
 
 type AcceptStats struct {
 
@@ -376,7 +376,7 @@ func (c *Container) Collect(ch chan<- prometheus.Metric) {
 
 		ch <- counter(metrics.NetBytesSent, float64(stats.BytesSent), d.src.String(), d.dst.String())
 
 		ch <- counter(metrics.NetBytesReceived, float64(stats.BytesReceived), d.src.String(), d.dst.String())
 
 
-		klog.Infof("c.connectsSuccessful d.src=%s d.dst=%s stats.BytesSent=%d,stats.BytesReceived=%d stats.PerBytesSent=%d,stats.PerBytesReceived=%d,stats.datalatency=%d,stats.dataduration=%d,stats.estTime=%d", stats.Src.String(), d.dst.String(), stats.BytesSent, stats.BytesReceived, stats.PerBytesSent, stats.PerBytesReceived, stats.FirstReadTime - stats.FirstWriteTime, stats.NewReadTime - stats.FirstWriteTime, stats.ConEstTime)
 
+		klog.Infof("c.connectsSuccessful d.src=%s d.dst=%s stats.BytesSent=%d,stats.BytesReceived=%d stats.PerBytesSent=%d,stats.PerBytesReceived=%d,stats.datalatency=%d,stats.dataduration=%d,stats.estTime=%d", stats.Src.String(), d.dst.String(), stats.BytesSent, stats.BytesReceived, stats.PerBytesSent, stats.PerBytesReceived, stats.FirstReadTime-stats.FirstWriteTime, stats.NewReadTime-stats.FirstWriteTime, stats.ConEstTime)
 
 		stats.PerBytesReceived = 0
 
 		stats.PerBytesSent = 0
 
 	}
 
@@ -597,55 +597,55 @@ func (c *Container) onListenClose(pid uint32, addr netaddr.IPPort) {
 
 	}
 
 }
 
 
-// func (c *Container) onAcceptOpen(pid uint32, fd uint64, src, dst netaddr.IPPort, timestamp uint64, failed bool, duration time.Duration) {
 
-// 	klog.Infof("accept pid=%d id=%s dstaddr=%s srcaddr=%s", pid, c.id, dst.IP(), src.IP())
 
-// 	// if common.PortFilter.ShouldBeSkipped(dst.Port()) {
 
-// 	// 	return
 
-// 	// }
 
-// 	p := c.processes[pid]
 
-// 	if p == nil {
 
-// 		return
 
-// 	}
 
-// 	if dst.IP().IsLoopback() && !p.isHostNs() {
 
-// 		return
 
-// 	}
 
-// 	// actualDst, err := c.getActualDestination(p, src, dst)
 
-// 	// if err != nil {
 
-// 	// 	if !common.IsNotExist(err) {
 
-// 	// 		klog.Warningf("cannot open NetNs for pid %d: %s", pid, err)
 
-// 	// 	}
 
-// 	// 	return
 
-// 	// }
 
-// 	// switch {
 
-// 	// case actualDst == nil:
 
-// 	// 	actualDst = &dst
 
-// 	// case actualDst.IP().IsLoopback() && !p.isHostNs():
 
-// 	// 	return
 
-// 	// }
 
-// 	// if common.ConnectionFilter.ShouldBeSkipped(dst.IP(), actualDst.IP()) {
 
-// 	// 	return
 
-// 	// }
 
-// 	c.lock.Lock()
 
-// 	defer c.lock.Unlock()
 
-// 	if !failed {
 
-// 		key := AddrPair{src: dst, dst: src}
 
-// 		stats := c.acceptsSuccessful[key]
 
-// 		if stats == nil {
 
-// 			stats = &AcceptStats{}
 
-// 			c.acceptsSuccessful[key] = stats
 
-// 		}
 
-// 		acceptCon := &ActiveAccept{
 
-// 			Dest:       src,
 
-// 			Src: 		dst,
 
-// 			Pid:        pid,
 
-// 			Fd:         fd,
 
-// 			Timestamp:  timestamp,
 
-// 		}
 
-// 		c.acceptsActive[AddrPair{src: dst, dst: src}] = acceptCon
 
-// 		c.acceptsByPidFd[PidFd{Pid: pid, Fd: fd}] = acceptCon
 
-// 	}
 
-// 	c.acceptLastAttempt[dst] = time.Now()
 
-// }
 
+func (c *Container) onAcceptOpen(pid uint32, fd uint64, src, dst netaddr.IPPort, timestamp uint64, failed bool, duration time.Duration) {
 
+	klog.Infof("accept pid=%d id=%s dstaddr=%s srcaddr=%s", pid, c.id, dst.IP(), src.IP())
 
+	// if common.PortFilter.ShouldBeSkipped(dst.Port()) {
 
+	// 	return
 
+	// }
 
+	p := c.processes[pid]
 
+	if p == nil {
 
+		return
 
+	}
 
+	if dst.IP().IsLoopback() && !p.isHostNs() {
 
+		return
 
+	}
 
+	// actualDst, err := c.getActualDestination(p, src, dst)
 
+	// if err != nil {
 
+	// 	if !common.IsNotExist(err) {
 
+	// 		klog.Warningf("cannot open NetNs for pid %d: %s", pid, err)
 
+	// 	}
 
+	// 	return
 
+	// }
 
+	// switch {
 
+	// case actualDst == nil:
 
+	// 	actualDst = &dst
 
+	// case actualDst.IP().IsLoopback() && !p.isHostNs():
 
+	// 	return
 
+	// }
 
+	// if common.ConnectionFilter.ShouldBeSkipped(dst.IP(), actualDst.IP()) {
 
+	// 	return
 
+	// }
 
+	c.lock.Lock()
 
+	defer c.lock.Unlock()
 
+	if !failed {
 
+		key := AddrPair{src: dst, dst: src}
 
+		stats := c.acceptsSuccessful[key]
 
+		if stats == nil {
 
+			stats = &AcceptStats{}
 
+			c.acceptsSuccessful[key] = stats
 
+		}
 
+		acceptCon := &ActiveAccept{
 
+			Dest:      src,
 
+			Src:       dst,
 
+			Pid:       pid,
 
+			Fd:        fd,
 
+			Timestamp: timestamp,
 
+		}
 
+		c.acceptsActive[AddrPair{src: dst, dst: src}] = acceptCon
 
+		c.acceptsByPidFd[PidFd{Pid: pid, Fd: fd}] = acceptCon
 
+	}
 
+	c.acceptLastAttempt[dst] = time.Now()
 
+}
 
 
 func (c *Container) onConnectionOpen(pid uint32, fd uint64, src, dst netaddr.IPPort, timestamp uint64, failed bool, duration time.Duration) {
 
 	if common.PortFilter.ShouldBeSkipped(dst.Port()) {
 
@@ -691,7 +691,7 @@ func (c *Container) onConnectionOpen(pid uint32, fd uint64, src, dst netaddr.IPP
 
 		stats.ConEstTime = duration
 
 		connection := &ActiveConnection{
 
 			Dest:       dst,
 
-			Src: 		src,
 
+			Src:        src,
 
 			ActualDest: *actualDst,
 
 			Pid:        pid,
 
 			Fd:         fd,
 
@@ -749,21 +749,21 @@ func (c *Container) onConnectionClose(e ebpftracer.Event) {
 
 	}
 
 }
 
 
-// func (c *Container) onAcceptClose(e ebpftracer.Event) {
 
-// 	c.lock.Lock()
 
-// 	conn := c.acceptsByPidFd[PidFd{Pid: e.Pid, Fd: e.Fd}]
 
-// 	c.lock.Unlock()
 
-// 	if conn != nil {
 
-// 		if conn.Closed.IsZero() {
 
-// 			if e.TrafficStats != nil {
 
-// 				c.lock.Lock()
 
-// 				c.updateAcceptTrafficStats(conn, e.TrafficStats.BytesSent, e.TrafficStats.BytesReceived)
 
-// 				c.lock.Unlock()
 
-// 			}
 
-// 			conn.Closed = time.Now()
 
-// 		}
 
-// 	}
 
-// }
 
+func (c *Container) onAcceptClose(e ebpftracer.Event) {
 
+	c.lock.Lock()
 
+	conn := c.acceptsByPidFd[PidFd{Pid: e.Pid, Fd: e.Fd}]
 
+	c.lock.Unlock()
 
+	if conn != nil {
 
+		if conn.Closed.IsZero() {
 
+			if e.TrafficStats != nil {
 
+				c.lock.Lock()
 
+				c.updateAcceptTrafficStats(conn, e.TrafficStats.BytesSent, e.TrafficStats.BytesReceived)
 
+				c.lock.Unlock()
 
+			}
 
+			conn.Closed = time.Now()
 
+		}
 
+	}
 
+}
 
 
 func (c *Container) updateTrafficStats(u *TrafficStatsUpdate) {
 
 	if u == nil {
 
@@ -792,7 +792,7 @@ func (c *Container) updateConnectionTrafficStats(ac *ActiveConnection, sent, rec
 
 		stats.BytesReceived += received - ac.BytesReceived
 
 		stats.PerBytesReceived = received - ac.BytesReceived
 
 	}
 
-	if firstreadtime !=0 && firstwritetime != 0 && newreadtime != 0 {
 
+	if firstreadtime != 0 && firstwritetime != 0 && newreadtime != 0 {
 
 		stats.FirstReadTime = firstreadtime
 
 		stats.FirstWriteTime = firstwritetime
 
 		stats.NewReadTime = newreadtime
 
@@ -801,26 +801,26 @@ func (c *Container) updateConnectionTrafficStats(ac *ActiveConnection, sent, rec
 
 	ac.BytesReceived = received
 
 }
 
 
-// func (c *Container) updateAcceptTrafficStats(ac *ActiveAccept, sent, received uint64) {
 
-// 	if ac == nil {
 
-// 		return
 
-// 	}
 
-// 	klog.Infoln("TCP onConnectionClose5", ac.BytesSent, ac.BytesReceived, ac)
 
-// 	key := AddrPair{src: ac.Src, dst: ac.Dest}
 
-// 	stats := c.acceptsSuccessful[key]
 
-// 	if stats == nil {
 
-// 		stats = &AcceptStats{}
 
-// 		c.acceptsSuccessful[key] = stats
 
-// 	}
 
-// 	if sent > ac.BytesSent {
 
-// 		stats.BytesSent += sent - ac.BytesSent
 
-// 	}
 
-// 	if received > ac.BytesReceived {
 
-// 		stats.BytesReceived += received - ac.BytesReceived
 
-// 	}
 
-// 	ac.BytesSent = sent
 
-// 	ac.BytesReceived = received
 
-// }
 
+func (c *Container) updateAcceptTrafficStats(ac *ActiveAccept, sent, received uint64) {
 
+	if ac == nil {
 
+		return
 
+	}
 
+	klog.Infoln("TCP onConnectionClose5", ac.BytesSent, ac.BytesReceived, ac)
 
+	key := AddrPair{src: ac.Src, dst: ac.Dest}
 
+	stats := c.acceptsSuccessful[key]
 
+	if stats == nil {
 
+		stats = &AcceptStats{}
 
+		c.acceptsSuccessful[key] = stats
 
+	}
 
+	if sent > ac.BytesSent {
 
+		stats.BytesSent += sent - ac.BytesSent
 
+	}
 
+	if received > ac.BytesReceived {
 
+		stats.BytesReceived += received - ac.BytesReceived
 
+	}
 
+	ac.BytesSent = sent
 
+	ac.BytesReceived = received
 
+}
 
 
 func (c *Container) onDNSRequest(r *l7.RequestData) (map[netaddr.IP]string, string, string) {
 
 	status := r.Status.DNS()
 
@@ -1232,23 +1232,23 @@ func (c *Container) gc(now time.Time) {
 
 		}
 
 	}
 
 
-	// for srcDst, conn := range c.acceptsActive {
 
-	// 	pidFd := PidFd{Pid: conn.Pid, Fd: conn.Fd}
 
-	// 	if _, ok := established[srcDst]; !ok {
 
-	// 		delete(c.acceptsActive, srcDst)
 
-	// 		if conn == c.acceptsByPidFd[pidFd] {
 
-	// 			delete(c.acceptsByPidFd, pidFd)
 
-	// 		}
 
-	// 		continue
 
-	// 	}
 
+	for srcDst, conn := range c.acceptsActive {
 
+		pidFd := PidFd{Pid: conn.Pid, Fd: conn.Fd}
 
+		if _, ok := established[srcDst]; !ok {
 
+			delete(c.acceptsActive, srcDst)
 
+			if conn == c.acceptsByPidFd[pidFd] {
 
+				delete(c.acceptsByPidFd, pidFd)
 
+			}
 
+			continue
 
+		}
 
 
-	// 	if !conn.Closed.IsZero() && now.Sub(conn.Closed) > gcInterval {
 
-	// 		delete(c.acceptsActive, srcDst)
 
-	// 		if conn == c.acceptsByPidFd[pidFd] {
 
-	// 			delete(c.acceptsByPidFd, pidFd)
 
-	// 		}
 
-	// 	}
 
-	// }
 
+		if !conn.Closed.IsZero() && now.Sub(conn.Closed) > gcInterval {
 
+			delete(c.acceptsActive, srcDst)
 
+			if conn == c.acceptsByPidFd[pidFd] {
 
+				delete(c.acceptsByPidFd, pidFd)
 
+			}
 
+		}
 
+	}
 
 
 	for _, conn := range c.connectionsByPidFd {
 
 
@@ -1257,12 +1257,12 @@ func (c *Container) gc(now time.Time) {
 
 		}
 
 	}
 
 
-	// for _, conn := range c.acceptsByPidFd {
 
+	for _, conn := range c.acceptsByPidFd {
 
 
-	// 	if _, ok := fdMap[conn.Fd]; !ok {
 
-	// 		delete(c.acceptsByPidFd, PidFd{Pid: conn.Pid, Fd: conn.Fd})
 
-	// 	}
 
-	// }
 
+		if _, ok := fdMap[conn.Fd]; !ok {
 
+			delete(c.acceptsByPidFd, PidFd{Pid: conn.Pid, Fd: conn.Fd})
 
+		}
 
+	}
 
 
 	for dst, at := range c.connectLastAttempt {
 
 		_, active := establishedDst[dst]
 
@@ -1278,18 +1278,18 @@ func (c *Container) gc(now time.Time) {
 
 		}
 
 	}
 
 
-	// for dst, at := range c.acceptLastAttempt {
 
-	// 	_, active := establishedDst[dst]
 
-	// 	if !active && !at.IsZero() && now.Sub(at) > gcInterval {
 
-	// 		delete(c.acceptLastAttempt, dst)
 
-	// 		for d := range c.acceptsSuccessful {
 
-	// 			if d.src == dst {
 
-	// 				delete(c.acceptsSuccessful, d)
 
-	// 			}
 
-	// 		}
 
-	// 		c.l7Stats.delete(dst)
 
-	// 	}
 
-	// }
 
+	for dst, at := range c.acceptLastAttempt {
 
+		_, active := establishedDst[dst]
 
+		if !active && !at.IsZero() && now.Sub(at) > gcInterval {
 
+			delete(c.acceptLastAttempt, dst)
 
+			for d := range c.acceptsSuccessful {
 
+				if d.src == dst {
 
+					delete(c.acceptsSuccessful, d)
 
+				}
 
+			}
 
+			c.l7Stats.delete(dst)
 
+		}
 
+	}
 
 }
 
 
 func (c *Container) revalidateListens(now time.Time, actualListens map[netaddr.IPPort]string) {

+ 13 - 13
containers/registry.go
Vizualizați fișierul 

@@ -365,14 +365,14 @@ func (r *Registry) handleEvents(ch <-chan ebpftracer.Event) {
 
 				} else {
 
 					klog.Infoln("TCP listen open from unknown container", e)
 
 				}
 
-			// case ebpftracer.EventTypeAcceptOpen:
 
-			// 	klog.Infoln("ebpftracer.EventTypeAcceptOpen==================", e.Pid)
 
-			// 	if c := r.getOrCreateContainer(e.Pid); c != nil {
 
-			// 		c.onAcceptOpen(e.Pid, e.Fd, e.SrcAddr, e.DstAddr, e.Timestamp, false, e.Duration)
 
-			// 		c.eventReady()
 
-			// 	} else {
 
-			// 		klog.Infoln("TCP connection from unknown container", e)
 
-			// 	}
 
+			case ebpftracer.EventTypeAcceptOpen:
 
+				klog.Infoln("ebpftracer.EventTypeAcceptOpen==================", e.Pid)
 
+				if c := r.getOrCreateContainer(e.Pid); c != nil {
 
+					c.onAcceptOpen(e.Pid, e.Fd, e.SrcAddr, e.DstAddr, e.Timestamp, false, e.Duration)
 
+					c.eventReady()
 
+				} else {
 
+					klog.Infoln("TCP connection from unknown container", e)
 
+				}
 
 			case ebpftracer.EventTypeConnectionOpen:
 
 				//fmt.Println("ebpftracer.EventTypeConnectionOpen==================", e.Pid)
 
 				if c := r.getOrCreateContainer(e.Pid); c != nil {
 
@@ -408,10 +408,10 @@ func (r *Registry) handleEvents(ch <-chan ebpftracer.Event) {
 
 				if c := r.containersByPid[e.Pid]; c != nil {
 
 					c.onConnectionClose(e)
 
 				}
 
-			// case ebpftracer.EventTypeAcceptClose:
 
-			// 	if c := r.containersByPid[e.Pid]; c != nil {
 
-			// 		c.onAcceptClose(e)
 
-			// 	}
 
+			case ebpftracer.EventTypeAcceptClose:
 
+				if c := r.containersByPid[e.Pid]; c != nil {
 
+					c.onAcceptClose(e)
 
+				}
 
 			case ebpftracer.EventTypeTCPRetransmit:
 
 				srcDst := AddrPair{src: e.SrcAddr, dst: e.DstAddr}
 
 				for _, c := range r.containersById {
 
@@ -682,5 +682,5 @@ type TrafficStatsUpdate struct {
 
 	Pid           uint32
 
 	FD            uint64
 
 	BytesSent     uint64
 
-	BytesReceived uint64	
+	BytesReceived uint64
 
 }

+ 190 - 190
ebpftracer/ebpf/tcp/state.c
Vizualizați fișierul 

@@ -32,11 +32,11 @@ struct {
 
     __uint(value_size, sizeof(int));
 
 } tcp_connect_events SEC(".maps");
 
 
-// struct {
 
-//     __uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
 
-//     __uint(key_size, sizeof(int));
 
-//     __uint(value_size, sizeof(int));
 
-// } tcp_accept_events SEC(".maps");
 
+struct {
 
+    __uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
 
+    __uint(key_size, sizeof(int));
 
+    __uint(value_size, sizeof(int));
 
+} tcp_accept_events SEC(".maps");
 
 
 struct trace_event_raw_inet_sock_set_state__stub {
 
     __u64 unused;
 
@@ -92,12 +92,12 @@ struct {
 
     __uint(max_entries, MAX_CONNECTIONS);
 
 } active_connections SEC(".maps");
 
 
-// struct {
 
-//     __uint(type, BPF_MAP_TYPE_LRU_HASH);
 
-//     __uint(key_size, sizeof(struct connection_id));
 
-//     __uint(value_size, sizeof(struct connection));
 
-//     __uint(max_entries, MAX_CONNECTIONS);
 
-// } active_accepts SEC(".maps");
 
+struct {
 
+    __uint(type, BPF_MAP_TYPE_LRU_HASH);
 
+    __uint(key_size, sizeof(struct connection_id));
 
+    __uint(value_size, sizeof(struct connection));
 
+    __uint(max_entries, MAX_CONNECTIONS);
 
+} active_accepts SEC(".maps");
 
 
 
 SEC("tracepoint/sock/inet_sock_set_state")
 
@@ -274,21 +274,21 @@ int sys_enter_close(void *ctx) {
 
         bpf_perf_event_output(ctx, &tcp_connect_events, BPF_F_CURRENT_CPU, &e, sizeof(e));
 
         bpf_map_delete_elem(&active_connections, &cid);
 
     }
 
-    // cw_bpf_debug("socket accept socket sys_enter_close accept_Connection before cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
 
-    // struct connection *acceptConn = bpf_map_lookup_elem(&active_accepts, &cid);
 
-    // if (acceptConn) {
 
-    //     struct tcp_event e = {};
 
-    //     e.type = EVENT_TYPE_ACCEPT_CLOSE;
 
-    //     e.pid = cid.pid;
 
-    //     e.fd = cid.fd;
 
-    //     e.bytes_sent = acceptConn->bytes_sent;
 
-    //     e.bytes_received = acceptConn->bytes_received;
 
-    //     e.timestamp = acceptConn->timestamp;
 
-    //     bpf_perf_event_output(ctx, &tcp_accept_events, BPF_F_CURRENT_CPU, &e, sizeof(e));
 
-    //     bpf_map_delete_elem(&active_accepts, &cid);
 
-    //     cw_bpf_debug("socket accept socket sys_enter_close accept_Connection cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
 
-    //     cw_bpf_debug("socket accept socket sys_enter_close accept_Connection cid.bytes_sent=%d, cid.bytes_received=%d\n", e.bytes_sent, e.bytes_received);
 
-    // }
 
+    cw_bpf_debug("socket accept socket sys_enter_close accept_Connection before cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
 
+    struct connection *acceptConn = bpf_map_lookup_elem(&active_accepts, &cid);
 
+    if (acceptConn) {
 
+        struct tcp_event e = {};
 
+        e.type = EVENT_TYPE_ACCEPT_CLOSE;
 
+        e.pid = cid.pid;
 
+        e.fd = cid.fd;
 
+        e.bytes_sent = acceptConn->bytes_sent;
 
+        e.bytes_received = acceptConn->bytes_received;
 
+        e.timestamp = acceptConn->timestamp;
 
+        bpf_perf_event_output(ctx, &tcp_accept_events, BPF_F_CURRENT_CPU, &e, sizeof(e));
 
+        bpf_map_delete_elem(&active_accepts, &cid);
 
+        cw_bpf_debug("socket accept socket sys_enter_close accept_Connection cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
 
+        cw_bpf_debug("socket accept socket sys_enter_close accept_Connection cid.bytes_sent=%d, cid.bytes_received=%d\n", e.bytes_sent, e.bytes_received);
 
+    }
 
 
     //TODO 2,增加active_accept 对应的判断,类比234行操作,新增EVENT_TYPE_accept_conn_CLOSE类型
 
 
@@ -296,174 +296,174 @@ int sys_enter_close(void *ctx) {
 
     return 0;
 
 }
 
 
-// void u32_to_ip(__u32 ip, unsigned char* bytes) {  
-//     // 将32位整数拆分为四个8位整数  
-//     // unsigned char bytes[4];  
-//     bytes[15] = (ip >> 24) & 0xFF;  
-//     bytes[14] = (ip >> 16) & 0xFF;  
-//     bytes[13] = (ip >> 8) & 0xFF;  
-//     bytes[12] = ip & 0xFF;  
-//     bytes[11] = 0xFF;  
-//     bytes[10] = 0xFF;  
+void u32_to_ip(__u32 ip, unsigned char* bytes) {  
+    // 将32位整数拆分为四个8位整数  
+    // unsigned char bytes[4];  
+    bytes[15] = (ip >> 24) & 0xFF;  
+    bytes[14] = (ip >> 16) & 0xFF;  
+    bytes[13] = (ip >> 8) & 0xFF;  
+    bytes[12] = ip & 0xFF;  
+    bytes[11] = 0xFF;  
+    bytes[10] = 0xFF;  
 
-//     // 使用sprintf将这些整数格式化为字符串  
-//     cw_bpf_debug("[Go] [socket/IP: %u.%u", bytes[15], bytes[14]);  
-//     cw_bpf_debug("[Go] [socket/IP: %u.%u", bytes[13], bytes[12]);  
-// }  
+    // 使用sprintf将这些整数格式化为字符串  
+    cw_bpf_debug("[Go] [socket/IP: %u.%u", bytes[15], bytes[14]);  
+    cw_bpf_debug("[Go] [socket/IP: %u.%u", bytes[13], bytes[12]);  
+}  
 
 
 // 用于存储文件描述符和套接字指针的 map  
-// struct {  
-//     __uint(type, BPF_MAP_TYPE_HASH);  
-//     __type(key, __u64);  // 使用进程 ID 作为键  
-//     __type(value, struct sock *);  
-//     __uint(max_entries, 1024);  
-// } socket_map SEC(".maps");  
-
 
-
 
-// struct ipv4_tuple_t {  
-//     __u32 saddr;  
-//     __u32 daddr;  
-//     __u16 sport;  
-//     __u16 dport;  
-//     __u8  protocol;  
-// };
 
-
 
-// SEC("kretprobe/inet_csk_accept")
 
-// int kprobeinet_csk_accept(struct pt_regs *ctx) {
 
-//     cw_bpf_debug("socket inet_csk_accept Connection exit pid_tgid: pid_tgid=\n");
 
-//     __u64 pid_tgid = bpf_get_current_pid_tgid();
 
-//     cw_bpf_debug("socket inet_csk_accept Connection exit pid_tgid: pid_tgid=%d\n", pid_tgid);
 
-//     struct sock *sk = (struct sock *)PT_REGS_RC(ctx);
 
-//     // __u16 family = 0;
 
-//     // bpf_probe_read(&family, sizeof(family), &sk->__sk_common.skc_family);
 
-//     // cw_bpf_debug("socket inet_csk_accept Connection family: family=%d\n", family);
 
-//     // if (family == AF_INET)
 
-// 	// {
 
-//     //     cw_bpf_debug("socket inet_csk_accept Connection family: IPv4=%d\n", family);
 
-//     // }
 
-//     // struct ipv4_tuple_t tuple = {};  
-//     // // 从 __sk_common 获取信息  
-//     // bpf_probe_read(&tuple.saddr, sizeof(tuple.saddr), &sk->__sk_common.skc_rcv_saddr);  
-//     // bpf_probe_read(&tuple.daddr, sizeof(tuple.daddr), &sk->__sk_common.skc_daddr);  
-//     // bpf_probe_read(&tuple.sport, sizeof(tuple.sport), &sk->__sk_common.skc_num);  
-//     // bpf_probe_read(&tuple.dport, sizeof(tuple.dport), &sk->__sk_common.skc_dport);  
-
 
-//     // tuple.sport = bpf_ntohs(tuple.sport);  
-//     // tuple.dport = bpf_ntohs(tuple.dport);
 
-
 
-//     // __u64 hash;
 
-//     // bpf_probe_read(&hash, sizeof(hash), &sk->__sk_common.skc_hash);
 
-
 
-//     // cw_bpf_debug("socket inet_csk_accept Connection accepted: sk=%x, hash: %lld\n", sk, hash);
 
-//     // cw_bpf_debug("socket inet_csk_accept Connection accepted: dport=%d, lport=%d\n", tuple.dport, tuple.sport);
 
-//     // cw_bpf_debug("socket inet_csk_accept Connection accepted: saddr=%lld, daddr=%lld\n", tuple.saddr, tuple.daddr);
 
-//     // u32_to_ip(tuple.saddr);
 
-//     // u32_to_ip(tuple.daddr);
 
-//     // 将进程 ID 关联到 `struct sock` 指针  
-//     bpf_map_update_elem(&socket_map, &pid_tgid, &sk, BPF_ANY);  
-
 
-//     return 0;
 
-// }
 
-
 
-// struct sys_exit_accept4_ctx {
 
-// 	__u64 __unused_syscall_header;
 
-// 	__u32 __unused_syscall_nr;
 
-// 	long ret;
 
-// };
 
-// struct sys_enter_accept4_ctx {
 
-// 	__u64 __unused_syscall_header;
 
-// 	__u32 __unused_syscall_nr;
 
-
 
-// 	long fd;
 
-// 	__u64 *sockaddr;
 
-// 	int addrlen;
 
-// };
 
+struct {  
+    __uint(type, BPF_MAP_TYPE_HASH);  
+    __type(key, __u64);  // 使用进程 ID 作为键  
+    __type(value, struct sock *);  
+    __uint(max_entries, 1024);  
+} socket_map SEC(".maps");  
+
 
+
 
+struct ipv4_tuple_t {  
+    __u32 saddr;  
+    __u32 daddr;  
+    __u16 sport;  
+    __u16 dport;  
+    __u8  protocol;  
+};
 
+
 
+SEC("kretprobe/inet_csk_accept")
 
+int kprobeinet_csk_accept(struct pt_regs *ctx) {
 
+    cw_bpf_debug("socket inet_csk_accept Connection exit pid_tgid: pid_tgid=\n");
 
+    __u64 pid_tgid = bpf_get_current_pid_tgid();
 
+    cw_bpf_debug("socket inet_csk_accept Connection exit pid_tgid: pid_tgid=%d\n", pid_tgid);
 
+    struct sock *sk = (struct sock *)PT_REGS_RC(ctx);
 
+    // __u16 family = 0;
 
+    // bpf_probe_read(&family, sizeof(family), &sk->__sk_common.skc_family);
 
+    // cw_bpf_debug("socket inet_csk_accept Connection family: family=%d\n", family);
 
+    // if (family == AF_INET)
 
+	// {
 
+    //     cw_bpf_debug("socket inet_csk_accept Connection family: IPv4=%d\n", family);
 
+    // }
 
+    // struct ipv4_tuple_t tuple = {};  
+    // // 从 __sk_common 获取信息  
+    // bpf_probe_read(&tuple.saddr, sizeof(tuple.saddr), &sk->__sk_common.skc_rcv_saddr);  
+    // bpf_probe_read(&tuple.daddr, sizeof(tuple.daddr), &sk->__sk_common.skc_daddr);  
+    // bpf_probe_read(&tuple.sport, sizeof(tuple.sport), &sk->__sk_common.skc_num);  
+    // bpf_probe_read(&tuple.dport, sizeof(tuple.dport), &sk->__sk_common.skc_dport);  
+
 
+    // tuple.sport = bpf_ntohs(tuple.sport);  
+    // tuple.dport = bpf_ntohs(tuple.dport);
 
+
 
+    // __u64 hash;
 
+    // bpf_probe_read(&hash, sizeof(hash), &sk->__sk_common.skc_hash);
 
+
 
+    // cw_bpf_debug("socket inet_csk_accept Connection accepted: sk=%x, hash: %lld\n", sk, hash);
 
+    // cw_bpf_debug("socket inet_csk_accept Connection accepted: dport=%d, lport=%d\n", tuple.dport, tuple.sport);
 
+    // cw_bpf_debug("socket inet_csk_accept Connection accepted: saddr=%lld, daddr=%lld\n", tuple.saddr, tuple.daddr);
 
+    // u32_to_ip(tuple.saddr);
 
+    // u32_to_ip(tuple.daddr);
 
+    // 将进程 ID 关联到 `struct sock` 指针  
+    bpf_map_update_elem(&socket_map, &pid_tgid, &sk, BPF_ANY);  
+
 
+    return 0;
 
+}
 
+
 
+struct sys_exit_accept4_ctx {
 
+	__u64 __unused_syscall_header;
 
+	__u32 __unused_syscall_nr;
 
+	long ret;
 
+};
 
+struct sys_enter_accept4_ctx {
 
+	__u64 __unused_syscall_header;
 
+	__u32 __unused_syscall_nr;
 
+
 
+	long fd;
 
+	__u64 *sockaddr;
 
+	int addrlen;
 
+};
 
 // 在系统调用accept返回时挂钩获取文件描述符  
-// SEC("tracepoint/syscalls/sys_enter_accept4")  
-// int tracepoint__sys_enter_accept4(struct sys_enter_accept4_ctx *ctx) {  
-//     __u64 pid_tgid = bpf_get_current_pid_tgid();  
-//     cw_bpf_debug("[Go] [socket/tracepoint__sys_entry_accept4]getget: rdi_ptr::pid: %d,-- %d\n", pid_tgid, ctx->fd);
 
-//     return 0;  
-// }  
+SEC("tracepoint/syscalls/sys_enter_accept4")  
+int tracepoint__sys_enter_accept4(struct sys_enter_accept4_ctx *ctx) {  
+    __u64 pid_tgid = bpf_get_current_pid_tgid();  
+    cw_bpf_debug("[Go] [socket/tracepoint__sys_entry_accept4]getget: rdi_ptr::pid: %d,-- %d\n", pid_tgid, ctx->fd);
 
+    return 0;  
+}  
 
 // 在系统调用accept返回时挂钩获取文件描述符  
-// SEC("tracepoint/syscalls/sys_exit_accept4")  
-// int tracepoint__sys_exit_accept4(struct sys_exit_accept4_ctx *ctx) {  
-//     long fd = ctx->ret;  
-//     __u64 pid_tgid = bpf_get_current_pid_tgid();  
-//     cw_bpf_debug("[Go] [socket/tracepoint__sys_exit_accept4]getget: rdi_ptr::pid: %d,-- %d\n", pid_tgid, fd);
 
-//     // bpf_map_update_elem(&fd_by_pid_tgid, &pid_tgid, &fd, BPF_ANY);
 
-//     struct sock **skp;  
-//     // 从 map 中获取 `struct sock` 指针  
-//     skp = bpf_map_lookup_elem(&socket_map, &pid_tgid);  
-//     if (skp && fd > 0) {
 
-//         struct sock *sk = *skp;
 
-//         __u16 family = 0;
 
-//         bpf_probe_read(&family, sizeof(family), &sk->__sk_common.skc_family);
 
-//         cw_bpf_debug("socket sys_exit_accept4 family: family=%d\n", family);
 
-//         if (family == AF_INET)
 
-//         {
 
-//             cw_bpf_debug("socket sys_exit_accept4 family: IPv4=%d\n", family);
 
-//         }
 
-//         struct ipv4_tuple_t tuple = {};  
-//         // 从 __sk_common 获取信息  
-//         bpf_probe_read(&tuple.saddr, sizeof(tuple.saddr), &sk->__sk_common.skc_rcv_saddr);  
-//         bpf_probe_read(&tuple.daddr, sizeof(tuple.daddr), &sk->__sk_common.skc_daddr);  
-//         bpf_probe_read(&tuple.sport, sizeof(tuple.sport), &sk->__sk_common.skc_num);  
-//         bpf_probe_read(&tuple.dport, sizeof(tuple.dport), &sk->__sk_common.skc_dport);  
-
 
-//         tuple.sport = bpf_ntohs(tuple.sport);  
-//         tuple.dport = bpf_ntohs(tuple.dport);
 
-
 
-//         __u64 hash;
 
-//         bpf_probe_read(&hash, sizeof(hash), &sk->__sk_common.skc_hash);
 
-
 
-//         cw_bpf_debug("socket sys_exit_accept4 sk=%x, hash: %lld\n", sk, hash);
 
-//         cw_bpf_debug("socket sys_exit_accept4 dport=%d, lport=%d\n", tuple.dport, tuple.sport);
 
-//         cw_bpf_debug("socket sys_exit_accept4 saddr=%lld, daddr=%lld\n", tuple.saddr, tuple.daddr);
 
-//         unsigned char saddr[16] = {};
 
-//         unsigned char daddr[16] = {};
 
-//         u32_to_ip(tuple.saddr, saddr);
 
-//         u32_to_ip(tuple.daddr, daddr);
 
-
 
-//         void *map = &tcp_accept_events;
 
-
 
-//         struct tcp_event e = {};
 
-
 
-//         e.type = EVENT_TYPE_ACCEPT_OPEN;
 
-//         e.duration = 0;
 
-//         e.timestamp = 0;
 
-//         e.pid = pid_tgid >> 32;
 
-//         e.sport = tuple.sport;
 
-//         e.dport = tuple.dport;
 
-//         e.fd = fd;
 
-//         __builtin_memcpy(&e.saddr, &saddr, sizeof(e.saddr));
 
-//         __builtin_memcpy(&e.daddr, &daddr, sizeof(e.daddr));
 
-//         cw_bpf_debug("socket sys_exit_accept4 addraddraddr saddr=%llu, saddr=%llu\n", e.saddr[10], e.saddr[11]);
 
-//         cw_bpf_debug("socket sys_exit_accept4 addraddraddr saddr=%llu, saddr=%llu\n", e.saddr[12], e.saddr[13]);
 
-//         cw_bpf_debug("socket sys_exit_accept4 addraddraddr saddr=%llu, saddr=%llu\n", e.saddr[14], e.saddr[15]);
 
-
 
-//         cw_bpf_debug("socket sys_exit_accept4 addraddraddr daddr=%llu, daddr=%llu\n", e.daddr[10], e.daddr[11]);
 
-//         cw_bpf_debug("socket sys_exit_accept4 addraddraddr daddr=%llu, daddr=%llu\n", e.daddr[12], e.daddr[13]);
 
-//         cw_bpf_debug("socket sys_exit_accept4 addraddraddr daddr=%llu, daddr=%llu\n", e.daddr[14], e.daddr[15]);
 
-
 
-//         bpf_perf_event_output(ctx, map, BPF_F_CURRENT_CPU, &e, sizeof(e));
 
-//         struct connection_id cid = {};
 
-//         cid.pid = pid_tgid >> 32;
 
-//         cid.fd = fd;
 
-
 
-//         struct connection conn = {};
 
-//         conn.timestamp = bpf_ktime_get_ns();
 
-//         cw_bpf_debug("socket accept update active_accepts before cid.pid=%d, cid.fd=%lld\n", cid.pid, cid.fd);
 
-//         bpf_map_update_elem(&active_accepts, &cid, &conn, BPF_ANY);
 
-//         cw_bpf_debug("socket accept update active_accepts after cid.pid=%d, cid.fd=%lld\n", cid.pid, cid.fd);
 
-
 
-//         // TODO 1: tcp_accept_events 把数据发到go层。update active_accept 定义一个 e.type
 
-//     }
 
-
 
-//     // 从地图中移除项目,避免泄漏  
-//     bpf_map_delete_elem(&socket_map, &pid_tgid);  
-
 
-//     return 0;  
-// }  
+SEC("tracepoint/syscalls/sys_exit_accept4")  
+int tracepoint__sys_exit_accept4(struct sys_exit_accept4_ctx *ctx) {  
+    long fd = ctx->ret;  
+    __u64 pid_tgid = bpf_get_current_pid_tgid();  
+    cw_bpf_debug("[Go] [socket/tracepoint__sys_exit_accept4]getget: rdi_ptr::pid: %d,-- %d\n", pid_tgid, fd);
 
+    // bpf_map_update_elem(&fd_by_pid_tgid, &pid_tgid, &fd, BPF_ANY);
 
+    struct sock **skp;  
+    // 从 map 中获取 `struct sock` 指针  
+    skp = bpf_map_lookup_elem(&socket_map, &pid_tgid);  
+    if (skp && fd > 0) {
 
+        struct sock *sk = *skp;
 
+        __u16 family = 0;
 
+        bpf_probe_read(&family, sizeof(family), &sk->__sk_common.skc_family);
 
+        cw_bpf_debug("socket sys_exit_accept4 family: family=%d\n", family);
 
+        if (family == AF_INET)
 
+        {
 
+            cw_bpf_debug("socket sys_exit_accept4 family: IPv4=%d\n", family);
 
+        }
 
+        struct ipv4_tuple_t tuple = {};  
+        // 从 __sk_common 获取信息  
+        bpf_probe_read(&tuple.saddr, sizeof(tuple.saddr), &sk->__sk_common.skc_rcv_saddr);  
+        bpf_probe_read(&tuple.daddr, sizeof(tuple.daddr), &sk->__sk_common.skc_daddr);  
+        bpf_probe_read(&tuple.sport, sizeof(tuple.sport), &sk->__sk_common.skc_num);  
+        bpf_probe_read(&tuple.dport, sizeof(tuple.dport), &sk->__sk_common.skc_dport);  
+
 
+        tuple.sport = bpf_ntohs(tuple.sport);  
+        tuple.dport = bpf_ntohs(tuple.dport);
 
+
 
+        __u64 hash;
 
+        bpf_probe_read(&hash, sizeof(hash), &sk->__sk_common.skc_hash);
 
+
 
+        cw_bpf_debug("socket sys_exit_accept4 sk=%x, hash: %lld\n", sk, hash);
 
+        cw_bpf_debug("socket sys_exit_accept4 dport=%d, lport=%d\n", tuple.dport, tuple.sport);
 
+        cw_bpf_debug("socket sys_exit_accept4 saddr=%lld, daddr=%lld\n", tuple.saddr, tuple.daddr);
 
+        unsigned char saddr[16] = {};
 
+        unsigned char daddr[16] = {};
 
+        u32_to_ip(tuple.saddr, saddr);
 
+        u32_to_ip(tuple.daddr, daddr);
 
+
 
+        void *map = &tcp_accept_events;
 
+
 
+        struct tcp_event e = {};
 
+
 
+        e.type = EVENT_TYPE_ACCEPT_OPEN;
 
+        e.duration = 0;
 
+        e.timestamp = 0;
 
+        e.pid = pid_tgid >> 32;
 
+        e.sport = tuple.sport;
 
+        e.dport = tuple.dport;
 
+        e.fd = fd;
 
+        __builtin_memcpy(&e.saddr, &saddr, sizeof(e.saddr));
 
+        __builtin_memcpy(&e.daddr, &daddr, sizeof(e.daddr));
 
+        cw_bpf_debug("socket sys_exit_accept4 addraddraddr saddr=%llu, saddr=%llu\n", e.saddr[10], e.saddr[11]);
 
+        cw_bpf_debug("socket sys_exit_accept4 addraddraddr saddr=%llu, saddr=%llu\n", e.saddr[12], e.saddr[13]);
 
+        cw_bpf_debug("socket sys_exit_accept4 addraddraddr saddr=%llu, saddr=%llu\n", e.saddr[14], e.saddr[15]);
 
+
 
+        cw_bpf_debug("socket sys_exit_accept4 addraddraddr daddr=%llu, daddr=%llu\n", e.daddr[10], e.daddr[11]);
 
+        cw_bpf_debug("socket sys_exit_accept4 addraddraddr daddr=%llu, daddr=%llu\n", e.daddr[12], e.daddr[13]);
 
+        cw_bpf_debug("socket sys_exit_accept4 addraddraddr daddr=%llu, daddr=%llu\n", e.daddr[14], e.daddr[15]);
 
+
 
+        bpf_perf_event_output(ctx, map, BPF_F_CURRENT_CPU, &e, sizeof(e));
 
+        struct connection_id cid = {};
 
+        cid.pid = pid_tgid >> 32;
 
+        cid.fd = fd;
 
+
 
+        struct connection conn = {};
 
+        conn.timestamp = bpf_ktime_get_ns();
 
+        cw_bpf_debug("socket accept update active_accepts before cid.pid=%d, cid.fd=%lld\n", cid.pid, cid.fd);
 
+        bpf_map_update_elem(&active_accepts, &cid, &conn, BPF_ANY);
 
+        cw_bpf_debug("socket accept update active_accepts after cid.pid=%d, cid.fd=%lld\n", cid.pid, cid.fd);
 
+
 
+        // TODO 1: tcp_accept_events 把数据发到go层。update active_accept 定义一个 e.type
 
+    }
 
+
 
+    // 从地图中移除项目,避免泄漏  
+    bpf_map_delete_elem(&socket_map, &pid_tgid);  
+
 
+    return 0;  
+}

+ 36 - 36
ebpftracer/tracer.go
Vizualizați fișierul 

@@ -108,17 +108,17 @@ type TrafficStats struct {
 
 }
 
 
 type Event struct {
 
-	StackEvent   *StackEvent
 
-	Type         EventType
 
-	Reason       EventReason
 
-	Pid          uint32
 
-	SrcAddr      netaddr.IPPort
 
-	DstAddr      netaddr.IPPort
 
-	Fd           uint64
 
-	Timestamp    uint64
 
-	Duration     time.Duration
 
-	L7Request    *l7.RequestData
 
-	TrafficStats *TrafficStats
 
+	StackEvent     *StackEvent
 
+	Type           EventType
 
+	Reason         EventReason
 
+	Pid            uint32
 
+	SrcAddr        netaddr.IPPort
 
+	DstAddr        netaddr.IPPort
 
+	Fd             uint64
 
+	Timestamp      uint64
 
+	Duration       time.Duration
 
+	L7Request      *l7.RequestData
 
+	TrafficStats   *TrafficStats
 
 	FirstReadTime  uint64
 
 	FirstWriteTime uint64
 
 	NewReadTime    uint64
 
@@ -259,9 +259,9 @@ type ConnectionId struct {
 
 }
 
 
 type Connection struct {
 
-	Timestamp      uint64
 
-	BytesSent      uint64
 
-	BytesReceived  uint64
 
+	Timestamp     uint64
 
+	BytesSent     uint64
 
+	BytesReceived uint64
 
 }
 
 
 type perfMap struct {
 
@@ -315,7 +315,7 @@ func (t *Tracer) ebpf(ch chan<- Event) error {
 
 		{name: "proc_events", typ: perfMapTypeProcEvents, perCPUBufferSizePages: 4},
 
 		{name: "tcp_listen_events", typ: perfMapTypeTCPEvents, perCPUBufferSizePages: 4},
 
 		{name: "tcp_connect_events", typ: perfMapTypeTCPEvents, perCPUBufferSizePages: 8},
 
-		// {name: "tcp_accept_events", typ: perfMapTypeTCPEvents, perCPUBufferSizePages: 8},
 
+		{name: "tcp_accept_events", typ: perfMapTypeTCPEvents, perCPUBufferSizePages: 8},
 
 		{name: "tcp_retransmit_events", typ: perfMapTypeTCPEvents, perCPUBufferSizePages: 4},
 
 		{name: "file_events", typ: perfMapTypeFileEvents, perCPUBufferSizePages: 4},
 
 		{name: "event_queue", typ: perfMapTypeEventQueue, perCPUBufferSizePages: 32},
 
@@ -431,20 +431,20 @@ type procEvent struct {
 
 }
 
 
 type tcpEvent struct {
 
-	Fd            	 uint64
 
-	Timestamp     	 uint64
 
-	Duration      	 uint64
 
-	FirstReadTime	 uint64
 
-	FirstWriteTime	 uint64
 
-	NewReadTime		 uint64
 
-	Type         	 EventType
 
-	Pid           	 uint32
 
-	BytesSent     	 uint64
 
-	BytesReceived 	 uint64
 
-	SPort         	 uint16
 
-	DPort         	 uint16
 
-	SAddr         	 [16]byte
 
-	DAddr         	 [16]byte
 
+	Fd             uint64
 
+	Timestamp      uint64
 
+	Duration       uint64
 
+	FirstReadTime  uint64
 
+	FirstWriteTime uint64
 
+	NewReadTime    uint64
 
+	Type           EventType
 
+	Pid            uint32
 
+	BytesSent      uint64
 
+	BytesReceived  uint64
 
+	SPort          uint16
 
+	DPort          uint16
 
+	SAddr          [16]byte
 
+	DAddr          [16]byte
 
 }
 
 
 type fileEvent struct {
 
@@ -759,14 +759,14 @@ func runEventsReader(name string, r *perf.Reader, ch chan<- Event, typ perfMapTy
 
 				}
 
 			}
 
 			event.FirstReadTime = v.FirstReadTime
 
-			event.FirstWriteTime =  v.FirstWriteTime
 
+			event.FirstWriteTime = v.FirstWriteTime
 
 			event.NewReadTime = v.NewReadTime
 
-			// if v.Type == EventTypeAcceptClose {
 
-			// 	event.TrafficStats = &TrafficStats{
 
-			// 		BytesSent:     v.BytesSent,
 
-			// 		BytesReceived: v.BytesReceived,
 
-			// 	}
 
-			// }
 
+			if v.Type == EventTypeAcceptClose {
 
+				event.TrafficStats = &TrafficStats{
 
+					BytesSent:     v.BytesSent,
 
+					BytesReceived: v.BytesReceived,
 
+				}
 
+			}
 
 		case perfMapTypePythonThreadEvents:
 
 			v := &pythonThreadEvent{}
 
 			if err := binary.Read(bytes.NewBuffer(rec.RawSample), binary.LittleEndian, v); err != nil {