fixed #TASK_QT-13747 dotnet http 多线程 hook 埋点及调试

.vscode/settings.json

@@ -1,6 +1,10 @@
 {
     "files.associations": {
         "*.toml": "toml",
-        "numbers": "c"
+        "numbers": "c",
+        "array": "c",
+        "string": "c",
+        "string_view": "c",
+        "netcore_common.h": "c"
     }
 }

build.sh

@@ -4,18 +4,23 @@ make -f Makefile2 all debug=1 pid=1121
 
 # pid=`ps aux | grep ebpfdemo81 | grep -v grep | awk '{print $2}'`
 # echo $pid
-# TRACES_ENDPOINT=http://10.2.31.156:8099/docp/api/v2/data/receive BIN_TYPE=go SEND=1 FILTER_PID=$pid WHITE_LIST=".*HandleFunc|.*main.*|.*serverHandler.*|.*ServeHTTP.*" ./euspace --listen="0.0.0.0:8123"
+# TRACES_ENDPOINT=http://10.0.6.103:8099/docp/api/v2/data/receive BIN_TYPE=go SEND=1 FILTER_PID=$pid WHITE_LIST=".*HandleFunc|.*main.*|.*serverHandler.*|.*ServeHTTP.*" ./euspace --listen="0.0.0.0:8123"
 
 
 # pid=`ps aux | grep ./helloworld | grep -v grep | awk '{print $2}'`
 # echo $pid
-# TRACES_ENDPOINT=http://10.2.31.156:8099/docp/api/v2/data/receive BIN_TYPE=java DBG_PATH="/data/roger/graalvm/simplehttpserver.debug" SEND=1 FILTER_PID=$pid WHITE_LIST="main.*|addwj.*" ./euspace  --listen="0.0.0.0:8123"
+# TRACES_ENDPOINT=http://10.0.6.103:8099/docp/api/v2/data/receive BIN_TYPE=java DBG_PATH="/data/roger/graalvm/simplehttpserver.debug" SEND=1 FILTER_PID=$pid WHITE_LIST="main.*|addwj.*" ./euspace  --listen="0.0.0.0:8123"
 
 
-pid=`ps aux | grep ./simplehttpserver | grep -v grep | awk '{print $2}'`
-echo $pid
-TRACES_ENDPOINT=http://10.2.31.156:8099/docp/api/v2/data/receive BIN_TYPE=java DBG_PATH="/data/roger/graalvm/simplehttpserver.debug" SEND=1 FILTER_PID=$pid WHITE_LIST="handle*|addw.*" ./euspace  --listen="0.0.0.0:8123"
+# pid=`ps aux | grep ./simplehttpserver | grep -v grep | awk '{print $2}'`
+# echo $pid
+# TRACES_ENDPOINT=http://10.0.6.103:8099/docp/api/v2/data/receive BIN_TYPE=java DBG_PATH="/data/roger/graalvm/simplehttpserver.debug" SEND=1 FILTER_PID=$pid WHITE_LIST="handle*|addw.*" ./euspace  --listen="0.0.0.0:8123"
 
-# pid=`ps aux | grep CoreAoT | grep -v grep | awk '{print $2}'`
+# pid=`ps aux | grep ./simplehttpserver | grep -v grep | awk '{print $2}'`
 # echo $pid
-# TRACES_ENDPOINT=http://10.2.31.156:8099/docp/api/v2/data/receive BIN_TYPE=dotnet DBG_PATH="/data/roger/NET8/CoreAoT/bin/Release/net8.0/linux-x64/publish/CoreAoT.dbg" SEND=1 FILTER_PID=$pid WHITE_LIST="main.*|Addwj.*" ./euspace  --listen="0.0.0.0:8123"
+# TRACES_ENDPOINT=http://10.0.6.103:8099/docp/api/v2/data/receive BIN_TYPE=go DBG_PATH="" SEND=1 FILTER_PID=$pid WHITE_LIST="handle*|addw.*" ./euspace  --listen="0.0.0.0:8123"
+
+
+pid=`ps aux | grep CoreAoT | grep -v grep | awk '{print $2}'`
+echo $pid
+TRACES_ENDPOINT=http://10.0.6.103:8099/docp/api/v2/data/receive BIN_TYPE=dotnet DBG_PATH="/data/NET8/CoreAoT/bin/Debug/net8.0/linux-x64/publish/CoreAoT.dbg" SEND=1 FILTER_PID=$pid WHITE_LIST="main.*|Addwj.*|CoreAoT_Program___Main__.*" ./euspace  --listen="0.0.0.0:8123"

containers/container.go

@@ -1184,8 +1184,29 @@ func (c *Container) attachNetCoreUprobes(tracer *ebpftracer.Tracer, pid uint32)
 	if !p.jvmUprobesChecked {
 		codeType := c.GetCodeTypeFromCache(pid)
 		tracer.InitKProcInfo(pid, c.instanceID, uint16(codeType))
+		p.uprobes = append(p.uprobes, tracer.AttachNetCoreNetThreadUprobes(pid, c.instanceID)...)
 		p.uprobes = append(p.uprobes, tracer.AttachNetCoreNetReadUprobes(pid, c.instanceID)...)
 		p.uprobes = append(p.uprobes, tracer.AttachNetCoreNetWriteUprobes(pid, c.instanceID)...)
+		// 以下 v2 版本
+		// p.uprobes = append(p.uprobes, tracer.AttachNetCoreNetOnConnectionAsyncStartUprobes(pid, c.instanceID)...)
+		// p.uprobes = append(p.uprobes, tracer.AttachNetCoreNetOnConnectionAsyncEndUprobes(pid, c.instanceID)...)
+		// p.uprobes = append(p.uprobes, tracer.AttachNetCoreNetDoSendStartUprobes(pid, c.instanceID)...)
+		// p.uprobes = append(p.uprobes, tracer.AttachNetCoreNetDoSendEndUprobes(pid, c.instanceID)...)
+		// p.uprobes = append(p.uprobes, tracer.AttachNetCoreNetSendAsync1Uprobes(pid, c.instanceID)...)
+		// p.uprobes = append(p.uprobes, tracer.AttachNetCoreNetSendAsync2Uprobes(pid, c.instanceID)...)
+		// p.uprobes = append(p.uprobes, tracer.AttachNetCoreNetSendAsync2EndUprobes(pid, c.instanceID)...)
+		// p.uprobes = append(p.uprobes, tracer.AttachNetCoreNetSocketConnectionStartStartUprobes(pid, c.instanceID)...)
+		// p.uprobes = append(p.uprobes, tracer.AttachNetCoreNetSocketConnectionStartEndUprobes(pid, c.instanceID)...)
+		// 以下为 v1 版本
+		// p.uprobes = append(p.uprobes, tracer.AttachNetCoreNetThreadUprobes(pid, c.instanceID)...)
+		// p.uprobes = append(p.uprobes, tracer.AttachNetCoreNetReceiveStartUprobes(pid, c.instanceID)...)
+		// p.uprobes = append(p.uprobes, tracer.AttachNetCoreNetReceiveEndUprobes(pid, c.instanceID)...)
+		// p.uprobes = append(p.uprobes, tracer.AttachNetCoreNetSendStartUprobes(pid, c.instanceID)...)
+		// p.uprobes = append(p.uprobes, tracer.AttachNetCoreNetSendEndUprobes(pid, c.instanceID)...)
+		// p.uprobes = append(p.uprobes, tracer.AttachNetCoreNetDoReceiveEndUprobes(pid, c.instanceID)...)
+		// p.uprobes = append(p.uprobes, tracer.AttachNetCoreNetDoReceiveStartUprobes(pid, c.instanceID)...)
+		// p.uprobes = append(p.uprobes, tracer.AttachNetCoreNetCreateContextStartUprobes(pid, c.instanceID)...)
+
 		p.jvmUprobesChecked = true
 	}
 }

containers/util.go

@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"github.com/coroot/coroot-node-agent/common"
 	"io/ioutil"
-	"log"
 	"os"
 	"os/exec"
 	"regexp"
@@ -20,7 +19,8 @@ func GetExeType(pid uint32) common.CodeType {
 
 	data, err := ioutil.ReadFile(mapsFilePath)
 	if err != nil {
-		log.Fatalf("Failed to read %s: %s", mapsFilePath, err)
+		fmt.Println("Failed to read %s: %s", mapsFilePath, err)
+		return CodeTypeUnknown
 	}
 
 	content := string(data)

ebpftracer/ebpf/include/apm_trace.h

@@ -43,6 +43,7 @@ struct apm_trace_key_t {
 	__u32 tgid;
 	__u32 pid;
 	__u64 goid;
+	__u64 connectid;
 };
 
 struct fd_trace_key_t {

ebpftracer/ebpf/l7/apm_trace.c

@@ -44,6 +44,18 @@ struct {
 	__uint(max_entries, 32768);
 } trace_event_count_heap SEC(".maps");
 
+struct pid_of_connection_ptr_key_t {
+	__u64 num;
+	__u64 connection_ptr;
+};
+
+struct {
+	__uint(type, BPF_MAP_TYPE_HASH);
+	__uint(key_size, sizeof(__u64));
+	__uint(value_size, sizeof(struct pid_of_connection_ptr_key_t));
+	__uint(max_entries, 10240);
+} pid_of_connection_ptr_maps SEC(".maps");
+
 static __inline __attribute__((__always_inline__))
 struct apm_trace_key_t get_apm_trace_key(__u64 timeout, bool is_socket_io) {
 	__u64 pid_tgid = bpf_get_current_pid_tgid();
@@ -57,10 +69,24 @@ struct apm_trace_key_t get_apm_trace_key(__u64 timeout, bool is_socket_io) {
 
 	key.tgid = (__u32) (pid_tgid >> 32);
 
-	if (goid) {
-		key.goid = goid;
+	struct ebpf_proc_info *info = bpf_map_lookup_elem(&proc_info_map, &key.tgid);
+	if (info && info->code_type == 1005) {
+		// dotnet 使用 connectid 作为 Key，该 key 维护在 pid_of_connection_ptr_maps 中
+		cw_bpf_debug("[Go] [uprobe/ent]: proc_info_map::%ld, %d, %d\n", info->code_type);
+		struct pid_of_connection_ptr_key_t *e = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &key.tgid);
+		if (e) {
+			cw_bpf_debug("[Go] [uprobeThread/get_apm_trace_key]getget: rdi_ptr::pid:%d, %llx\n", key.tgid, e->connection_ptr);
+			key.connectid = e->connection_ptr;
+		} else {
+			cw_bpf_debug("[Go] [uprobeThread/get_apm_trace_key]getget: rdi_ptr::pid:%d\n", key.tgid);
+		}
 	} else {
-		key.pid = (__u32) pid_tgid;
+		// 其他语言使用 trace_id 作为 Key
+		if (goid) {
+			key.goid = goid;
+		} else {
+			key.pid = (__u32) pid_tgid;
+		}
 	}
 
 //    debug("key.tgid:%llu|%llu",key.tgid,key.goid);

ebpftracer/ebpf/l7/l7.c

@@ -248,6 +248,218 @@ __u64 read_iovec(char *l7_iovec, __u64 iovlen, __u64 ret, char *buf) {
     return offset;
 }
 
+static inline __attribute__((__always_inline__))
+int rock_trace_enter_write(void *ctx, char *buf, __u64 size, __u64 iovlen) {
+    __u64 id = bpf_get_current_pid_tgid();
+    __u32 zero = 0;
+    __u32 pid, tid;
+    __u32 http_status;
+    struct trace_event_raw_sys_enter_rw__stub* tctx = (struct trace_event_raw_sys_enter_rw__stub*)ctx;
+    __u64 fd = tctx->fd;
+
+    pid = id >> 32;
+    tid =  (__u32)id;
+    if (load_filter_pid() != 0 && pid != load_filter_pid()) {
+        return 0;
+    }
+    char* payload = buf;
+    if (iovlen) {
+        payload = bpf_map_lookup_elem(&iovec_buf_heap, &zero);
+        if (!payload) {
+            return 0;
+        }
+        size = read_iovec(buf, iovlen, 0, payload);
+    }
+    if (!size) {
+        return 0;
+    }
+
+    struct l7_request *req = bpf_map_lookup_elem(&l7_request_heap, &zero);
+    if (!req) {
+        return 0;
+    }
+    req->protocol = PROTOCOL_UNKNOWN;
+    req->partial = 0;
+    req->request_id = 0;
+    req->ns = 0;
+    req->payload_size = size;
+    struct l7_request_key k = {};
+    k.pid = id >> 32;
+    k.fd = fd;
+    k.is_tls = 0;
+    k.stream_id = -1;
+
+//    cw_bpf_debug("enter-payload:%s|type:%s|FD:%d\n",payload,"type",k.fd);
+
+    if (is_http_response(payload, &http_status))
+    {
+//        __u64 trace_id = get_apm_trace_id(pid, fd);
+        __u64 trace_id = get_fd_trace_id(pid, fd);
+        cw_bpf_debug("[Trace End in l7][Response][HTTP] pid:%d,fd:%d,trace_id:%llu", tid, fd, trace_id);
+        // 清除trace信息
+        cw_clear_trace(pid, tid, fd);
+        // 发送事件到用户空间 start
+        struct l7_event *e = bpf_map_lookup_elem(&l7_event_heap, &zero);
+        if (!e) {
+            return 0;
+        }
+        struct l7_request *req = bpf_map_lookup_elem(&active_l7_requests, &k);
+        if (!req)
+        {
+//            cw_bpf_debug("[Response][HTTP]:no req-----------");
+//            cw_bpf_debug("[Response][HTTP]:pid:%d|tid:%d",k.pid,k.fd);
+//            cw_bpf_debug("[Response][HTTP]:is_tls:%d|tid:%d",k.is_tls,k.stream_id);
+            return 0;
+        }
+
+        e->duration = bpf_ktime_get_ns() - req->ns;
+//        cw_bpf_debug("[Response][HTTP]:duration->ns:%d\n",e->duration);
+        e->protocol = PROTOCOL_TRACE;
+        e->status = http_status;
+        e->pid = k.pid;
+        e->fd = k.fd;
+        // e->connection_timestamp = get_connection_timestamp(k.pid, k.fd);
+        e->trace_start = 0;
+        e->trace_end = 1;
+        e->trace_id = trace_id;
+        e->payload_size = size;
+        COPY_PAYLOAD(e->payload, size, payload);
+		// psc
+	    struct apm_span_context *cw_psc = cw_get_parent_tracking_span();
+	    if(cw_psc){
+		    cw_copy_byte_arrays(cw_psc->trace_id, e->trace_id_from, APM_TRACE_ID_SIZE);
+		    cw_copy_byte_arrays(cw_psc->assumed_app_id, e->called_id, APM_ASSUMED_APP_ID_SIZE);
+		    cw_copy_byte_arrays(cw_psc->instance_id, e->instance_id_from, APM_INSTANCE_ID_SIZE);
+		    cw_copy_byte_arrays(cw_psc->app_id, e->app_id_from, APM_APP_ID_SIZE);
+		    cw_copy_byte_arrays(cw_psc->span_id, e->span_id_from, APM_SPAN_ID_SIZE);
+//		    for (int i = 0; i < APM_TRACE_ID_SIZE; i++) {
+//			    bpf_printk("trace_enter_write - trace_id = %02x", e->trace_id_from[i]);
+//		    }
+	    }
+        bpf_map_delete_elem(&active_l7_requests, &k);
+        bpf_perf_event_output(ctx, &l7_events, BPF_F_CURRENT_CPU, e, sizeof(*e));
+        // 发送事件到用户空间 end
+//        __u64 k_version = load_filter_pid();
+//        cw_bpf_debug("filter_pid:%d", k_version);
+//
+//        struct test_t *ttt = bpf_map_lookup_elem(&test_heap, &zero);
+//        if (!ttt) {
+//            return 0;
+//        }
+
+//        struct member_fields_offset *off = bpf_map_lookup_elem(&__members_offset, &zero);
+//        if (!off) {
+//            return 0;
+//        }
+
+//        cw_bpf_debug("off->task__files_offset:%x", off->task__files_offset);
+//        cw_bpf_debug("e->test_id1111:%d", ttt->test_id);
+        cw_bpf_debug("HTTP_END");
+        return 0;
+    }
+
+    if (is_http_request(payload)) {
+	    cw_bpf_debug("");
+	    cw_bpf_debug("-----[Kernel Enter][HTTP]:pid:[%d]|CURRENT-GOID:[%llu]|FD:[%d]", tid, get_current_goroutine(), k.fd);
+
+	    req->protocol = PROTOCOL_HTTP;
+//        struct apm_trace_key_t trace_key = {0};
+//        trace_key = get_apm_trace_key(120 * NS_PER_SEC, true);
+//        cw_bpf_debug("[Enter] [HTTP]:goid:%llu",trace_key.goid);
+
+
+    } else if (is_postgres_query(payload, size, &req->request_type)) {
+        if (req->request_type == POSTGRES_FRAME_CLOSE) {
+            struct l7_event *e = bpf_map_lookup_elem(&l7_event_heap, &zero);
+            if (!e) {
+                return 0;
+            }
+            e->protocol = PROTOCOL_POSTGRES;
+            e->method = METHOD_STATEMENT_CLOSE;
+            e->payload_size = size;
+            COPY_PAYLOAD(e->payload, size, payload);
+            send_event(ctx, e, k.pid, k.fd);
+            return 0;
+        }
+        req->protocol = PROTOCOL_POSTGRES;
+    } else if (is_redis_query(payload, size)) {
+        cw_bpf_debug("[Enter][Redis]:TGID:%d|type:%s|FD:%d\n",k.pid,"type",k.fd);
+        req->protocol = PROTOCOL_REDIS;
+    } else if (is_memcached_query(payload, size)) {
+        req->protocol = PROTOCOL_MEMCACHED;
+    } else if (is_mysql_query(payload, size, &req->request_type)) {
+        cw_bpf_debug("[Enter][Mysql]:thread_id:%d\n",tid);
+        if (req->request_type == MYSQL_COM_STMT_CLOSE) {
+            struct l7_event *e = bpf_map_lookup_elem(&l7_event_heap, &zero);
+            if (!e) {
+                return 0;
+            }
+            e->protocol = PROTOCOL_MYSQL;
+            e->method = METHOD_STATEMENT_CLOSE;
+            e->payload_size = size;
+            COPY_PAYLOAD(e->payload, size, payload);
+	        cw_bpf_debug("[Enter][Mysql][Send]:thread_id:%d\n",tid);
+            send_event(ctx, e, k.pid, k.fd);
+            return 0;
+        }
+        req->protocol = PROTOCOL_MYSQL;
+    } else if (is_mongo_query(payload, size)) {
+        req->protocol = PROTOCOL_MONGO;
+    } else if (is_rabbitmq_produce(payload, size)) {
+        struct l7_event *e = bpf_map_lookup_elem(&l7_event_heap, &zero);
+        if (!e) {
+            return 0;
+        }
+        e->protocol = PROTOCOL_RABBITMQ;
+        e->method = METHOD_PRODUCE;
+        send_event(ctx, e, k.pid, k.fd);
+        return 0;
+    } else if (nats_method(payload, size) == METHOD_PRODUCE) {
+        struct l7_event *e = bpf_map_lookup_elem(&l7_event_heap, &zero);
+        if (!e) {
+            return 0;
+        }
+        e->protocol = PROTOCOL_NATS;
+        e->method = METHOD_PRODUCE;
+        send_event(ctx, e, k.pid, k.fd);
+        return 0;
+    } else if (is_cassandra_request(payload, size, &k.stream_id)) {
+        req->protocol = PROTOCOL_CASSANDRA;
+    } else if (is_kafka_request(payload, size, &req->request_id)) {
+        req->protocol = PROTOCOL_KAFKA;
+        struct l7_request *prev_req = bpf_map_lookup_elem(&active_l7_requests, &k);
+        if (prev_req && prev_req->protocol == PROTOCOL_KAFKA) {
+            req->ns = prev_req->ns;
+        }
+    } else if (looks_like_http2_frame(payload, size, METHOD_HTTP2_CLIENT_FRAMES)) {
+        struct l7_event *e = bpf_map_lookup_elem(&l7_event_heap, &zero);
+        if (!e) {
+            return 0;
+        }
+        e->protocol = PROTOCOL_HTTP2;
+        e->method = METHOD_HTTP2_CLIENT_FRAMES;
+        e->duration = bpf_ktime_get_ns();
+        e->payload_size = size;
+        COPY_PAYLOAD(e->payload, size, payload);
+        send_event(ctx, e, k.pid, k.fd);
+        return 0;
+    } else if (is_dubbo2_request(payload, size)) {
+        req->protocol = PROTOCOL_DUBBO2;
+    } else if (is_dns_request(payload, size, &k.stream_id)) {
+        req->protocol = PROTOCOL_DNS;
+    }
+
+    if (req->protocol == PROTOCOL_UNKNOWN) {
+        return 0;
+    }
+    if (req->ns == 0) {
+        req->ns = bpf_ktime_get_ns();
+    }
+    COPY_PAYLOAD(req->payload, size, payload);
+    bpf_map_update_elem(&active_l7_requests, &k, req, BPF_NOEXIST);
+    return 0;
+}
+
 static inline __attribute__((__always_inline__))
 int trace_enter_write(void *ctx, __u64 fd, __u16 is_tls, char *buf, __u64 size, __u64 iovlen) {
     __u64 id = bpf_get_current_pid_tgid();
@@ -295,6 +507,7 @@ int trace_enter_write(void *ctx, __u64 fd, __u16 is_tls, char *buf, __u64 size,
         __u64 trace_id = get_fd_trace_id(pid, fd);
 	    __u32 event_count = cw_get_event_count(trace_id);
         cw_bpf_debug("[Trace End in l7][Response][HTTP] pid:%d,fd:%d,trace_id:%llu", tid, fd, trace_id);
+        cw_bpf_debug("[uprobeThread/pidpidpidpid][Trace End in l7][HTTP]pid:[%d]--[%lld]", tid, bpf_ktime_get_ns());
         cw_bpf_debug("[Trace End in l7][Response][HTTP] event_count:%d", event_count);
         // 清除trace信息
         cw_clear_trace(pid, tid, fd);
@@ -586,6 +799,7 @@ int trace_exit_read(void *ctx, __u64 id, __u32 pid, __u16 is_tls, long int ret)
 //	    trace_info.trace_id = bpf_get_current_pid_tgid() + uid_base;
 	    cw_bpf_debug("\n");
 	    cw_bpf_debug("[Trace Start in l7][Receive][HTTP]pid:[%d]|GOID:[%d]|FD:%d", tid, trace_info.trace_key.goid,k.fd);
+	    cw_bpf_debug("[uprobeThread/pidpidpidpid][Trace Start in l7][HTTP]pid:[%d]--[%lld]", tid, bpf_ktime_get_ns());
 
         e->trace_start = 1;
         e->trace_end = 0;

ebpftracer/ebpf/uprobe_base_bpf.c

@@ -466,7 +466,7 @@ int enter_runtime_newproc1(struct pt_regs *ctx)
 	if (!goid) {
 		return 0;
 	}
-	debug("[Go] [runtime.newproc1] goid:%llu",goid);
+	// debug("[Go] [runtime.newproc1] goid:%llu",goid);
 
 	struct go_newproc_caller caller = {
 			.goid = goid,
@@ -525,11 +525,11 @@ int exit_runtime_newproc1(struct pt_regs *ctx)
 		bpf_map_delete_elem(&pid_tgid_callerid_map, &pid_tgid);
 		return 0;
 	}
-	debug("[Go] [runtime.newproc1.exit] current->goid:%llu",goid);
+	// debug("[Go] [runtime.newproc1.exit] current->goid:%llu",goid);
 	// 生成当前协程key
 	struct go_key key = { .tgid = tgid, .goid = goid };
 	goid = caller->goid;
-	debug("[Go] [runtime.newproc1.exit] caller->goid:%llu",goid);	goid = caller->goid;
+	// debug("[Go] [runtime.newproc1.exit] caller->goid:%llu",goid);	goid = caller->goid;
 	bpf_map_update_elem(&go_ancerstor_map, &key, &goid, BPF_ANY);
 
 	bpf_map_delete_elem(&pid_tgid_callerid_map, &pid_tgid);

ebpftracer/ebpf/utrace/go/net/stack.probe.bpf.c

@@ -44,6 +44,13 @@ struct {
 	__uint(max_entries, 32768);
 } trace_stack_entry SEC(".maps");
 
+struct {
+	__uint(type, BPF_MAP_TYPE_LRU_HASH);
+	__uint(key_size, sizeof(struct trace_stack_entry_key_t));
+	__uint(value_size, sizeof(__u64));
+	__uint(max_entries, 32768);
+} trace_stack_entry_thread SEC(".maps");
+
 struct bpf_map_def SEC("maps") event_stack = {
 	.type = BPF_MAP_TYPE_PERCPU_ARRAY,
 	.key_size = sizeof(__u32),
@@ -76,6 +83,7 @@ int ent(struct pt_regs *ctx)
 	__u64 trace_id = get_apm_trace_id(pid, pid_tgid);
 
 	cw_bpf_debug("[Go] [uprobe/ent]: get_apm_trace_id::%ld, %d, %d\n", trace_id, pid, pid_tgid);
+	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][ent][HTTP]pid:[%d]--[%lld]--[%x]", pid_tgid, bpf_ktime_get_ns(), PT_REGS_IP(ctx));
 
 	__u32 key = 0;
 	struct event *e = bpf_map_lookup_elem(&event_stack, &key);
@@ -237,8 +245,6 @@ int ret(struct pt_regs *ctx)
 	return 1;
 }
 
-
-
 SEC("uprobe/dotnetent")
 int dotnetent(struct pt_regs *ctx)
 {
@@ -257,6 +263,7 @@ int dotnetent(struct pt_regs *ctx)
 	__u64 trace_id = get_apm_trace_id(pid, pid_tgid);
 	
 	cw_bpf_debug("[Go] [uprobe/ent]: get_apm_trace_id::%ld, %d, %d\n", trace_id, pid, pid_tgid);
+	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][ent][HTTP]pid:[%d]--[%lld]--[%x]", pid_tgid, bpf_ktime_get_ns(), PT_REGS_IP(ctx));
 
 	__u32 key = 0;
 	struct event *e = bpf_map_lookup_elem(&event_stack, &key);
@@ -331,4 +338,792 @@ int dotnetent(struct pt_regs *ctx)
 
 	cw_bpf_debug("[Go] [uprobe/ent] end");
 	return 1;
-}
+}
+
+SEC("uprobe/SocketConnectionStartStart")
+int SocketConnectionStartStart(struct pt_regs *ctx)
+{
+	cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart] enter");
+	__u64 pid_tgid = bpf_get_current_pid_tgid();
+    __u64 pid = pid_tgid >> 32;
+
+	__u64 rdi_ptr = (__u64)PT_REGS_PARM1(ctx);
+	// __u64 rdi_ptr_long = (__u64)rdi_ptr;
+
+	cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart]: rdi_ptr:: %llx\n", rdi_ptr);
+	// cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart]: rdi_ptr:: %llx\n", rdi_ptr_long);
+	cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][SocketConnectionStartStart][HTTP]pid:[%d]--[%lld]--request[%llx]", pid_tgid, bpf_ktime_get_ns(), rdi_ptr);
+
+	// 维护 pid 与 connection 的关系
+	int num = 1;
+	struct pid_of_connection_ptr_key_t *pre_e = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
+	if (pre_e) {
+		cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart]getget: rdi_ptr:: %llx -> %d\n", pre_e->connection_ptr, pre_e->num);
+		num = pre_e->num + 1;
+	}
+	struct pid_of_connection_ptr_key_t connection_ptr_key = {};
+	connection_ptr_key.num = num;
+	connection_ptr_key.connection_ptr = rdi_ptr;
+	bpf_map_update_elem(&pid_of_connection_ptr_maps, &pid, &connection_ptr_key, BPF_ANY);
+	cw_bpf_debug("[Go] [uprobeThread/insert/SocketConnectionStartStart]getget: rdi_ptr:: %d -> %llx\n", pid, rdi_ptr);
+
+	struct pid_of_connection_ptr_key_t *e = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
+	if (!e) {
+		cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart]getget: ErrorErrorErrorError rdi_ptr\n");
+		return 0;
+	}
+	cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart]getget: rdi_ptr:: %llx -> %d\n", e->connection_ptr, e->num);
+	// 维护 pid 与 connection 的关系
+
+
+	// 维护函数出入口，用于关闭 当前 Connection 与线程的关系
+	__u64 ip = PT_REGS_IP(ctx);
+	__u64 asm_;
+	bpf_probe_read_user(&asm_, sizeof(asm_), (void*)ip);
+
+	asm_ = asm_ >> 32;
+	cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart/ent]: e->asm: %x", asm_);
+
+	__u64 bp = PT_REGS_SP(ctx);
+	// __u64 bp = PT_REGS_SP(ctx) + asm_;
+	__u64 caller_bp = PT_REGS_FP(ctx);
+
+	struct trace_stack_entry_key_t trace_key = {};
+	trace_key.caller_bp = caller_bp;
+	trace_key.bp = bp;
+	trace_key.trace_id = 0;
+
+	cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart/ent]: trace_keytrace_keytrace_key: rbp: %x, rbp: %x, rip:%x", PT_REGS_FP(ctx), PT_REGS_SP(ctx), PT_REGS_IP(ctx));
+	cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartStart/ent]: trace_keytrace_keytrace_key: caller_bp: %x, bp: %x", trace_key.caller_bp, trace_key.bp);
+
+	bpf_map_update_elem(&trace_stack_entry_thread, &trace_key, &pid, BPF_ANY);
+	// 维护函数出入口，用于关闭 当前 Connection 与线程的关系
+	
+	return 1;
+}
+
+SEC("uprobe/SocketConnectionStartEnd")
+int SocketConnectionStartEnd(struct pt_regs *ctx)
+{
+	cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartEnd] enter");
+	__u64 pid_tgid = bpf_get_current_pid_tgid();
+    __u64 pid = pid_tgid >> 32;
+
+	cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartEnd]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][SocketConnectionStartEnd][HTTP]pid:[%d]--[%lld]", pid_tgid, bpf_ktime_get_ns());
+
+
+	// 维护函数出入口，用于关闭 当前 Connection 与线程的关系
+	// __u64 bp = PT_REGS_SP(ctx) - 8;
+	__u64 bp = PT_REGS_SP(ctx);
+	__u64 caller_bp = PT_REGS_FP(ctx);
+
+	struct trace_stack_entry_key_t trace_key = {};
+	trace_key.caller_bp = caller_bp;
+	trace_key.bp = bp;
+	trace_key.trace_id = 0;
+
+	cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartEnd/ent]: trace_keytrace_keytrace_key: rbp: %x, rbp: %x, rip: %x", PT_REGS_FP(ctx), PT_REGS_SP(ctx), PT_REGS_IP(ctx));
+	cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartEnd]: trace_keytrace_keytrace_key: caller_bp: %x, bp: %x", trace_key.caller_bp, trace_key.bp);
+
+	__u64 *pid_p = bpf_map_lookup_elem(&trace_stack_entry_thread, &trace_key);
+
+	if (!pid_p) {
+		cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartEnd]:ErrorErrorErrorError Not get funEntry");
+		return 0;
+	}
+	cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartEnd]:Delete It: %d", *pid_p);
+	bpf_map_delete_elem(&trace_stack_entry_thread, &trace_key);
+
+	// 删除 pid 与 connection 的关系，由于 hook 点可能共用同一个线程，需要维护 num
+	struct pid_of_connection_ptr_key_t *ed_e = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, pid_p);
+	if (ed_e && ed_e->num > 1) {
+		cw_bpf_debug("[Go] [uprobeThread/SocketConnectionStartEnd]getget: rdi_ptr:: %llx -> %d\n", ed_e->connection_ptr, ed_e->num);
+		ed_e->num = ed_e->num - 1;
+		bpf_map_update_elem(&pid_of_connection_ptr_maps, pid_p, ed_e, BPF_ANY);
+	} else {
+		bpf_map_delete_elem(&pid_of_connection_ptr_maps, pid_p);
+	}
+	cw_bpf_debug("[Go] [uprobeThread/delete/SocketConnectionStartEnd]getget: rdi_ptr:: %d\n", *pid_p);
+	// 维护函数出入口，用于关闭 当前 Connection 与线程的关系
+	return 1;
+}
+
+
+SEC("uprobe/OnConnectionAsyncStart")
+int OnConnectionAsyncStart(struct pt_regs *ctx)
+{
+	cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncStart] enter");
+	__u64 pid_tgid = bpf_get_current_pid_tgid();
+    __u64 pid = pid_tgid >> 32;
+
+
+    __u64 rsi_ptr = (__u64)PT_REGS_PARM2(ctx);  
+
+	cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncStart]: rsi_ptr:: %llx\n", rsi_ptr);
+	cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncStart]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+
+	// 维护 pid 与 connection 的关系
+	int num = 1;
+	struct pid_of_connection_ptr_key_t *pre_e = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
+	if (pre_e) {
+		cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncStart]getget: rdi_ptr:: %llx -> %d\n", pre_e->connection_ptr, pre_e->num);
+		num = pre_e->num + 1;
+	}
+	struct pid_of_connection_ptr_key_t connection_ptr_key = {};
+	connection_ptr_key.num = num;
+	connection_ptr_key.connection_ptr = rsi_ptr;
+	bpf_map_update_elem(&pid_of_connection_ptr_maps, &pid, &connection_ptr_key, BPF_ANY);
+	cw_bpf_debug("[Go] [uprobeThread/insert/OnConnectionAsyncStart]getget: rdi_ptr:: %d -> %llx\n", pid, rsi_ptr);
+
+	struct pid_of_connection_ptr_key_t *e3 = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
+	if (!e3) {
+		cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncStart]getget: ErrorErrorErrorError rsi_ptr3\n");
+		return 0;
+	}
+	cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncStart]getget: rsi_ptr3:: %llx -> %d\n", e3->connection_ptr, e3->num);
+	// 维护 pid 与 connection 的关系
+	return 1;
+}
+
+SEC("uprobe/OnConnectionAsyncEnd")
+int OnConnectionAsyncEnd(struct pt_regs *ctx)
+{
+	cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncEnd] enter");
+	__u64 pid_tgid = bpf_get_current_pid_tgid();
+    __u64 pid = pid_tgid >> 32;
+
+	cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncEnd]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][OnConnectionAsyncEnd][HTTP]pid:[%d]--[%lld]", pid_tgid, bpf_ktime_get_ns());
+
+	// 维护 pid 与 connection 的关系
+	__u64 *e3 = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
+	if (!e3) {
+		cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncEnd]getget: rsi_ptr:: %llx\n", *e3);
+		return 0;
+	}
+	cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncEnd]getget: rsi_ptr:: %llx\n", *e3);
+
+	// 删除 pid 与 connection 的关系，由于 hook 点可能共用同一个线程，需要维护 num
+	struct pid_of_connection_ptr_key_t *ed_e = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
+	if (ed_e && ed_e->num > 1) {
+		cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncEnd]getget: rdi_ptr:: %llx -> %d\n", ed_e->connection_ptr, ed_e->num);
+		ed_e->num = ed_e->num - 1;
+		bpf_map_update_elem(&pid_of_connection_ptr_maps, &pid, ed_e, BPF_ANY);
+	} else {
+		bpf_map_delete_elem(&pid_of_connection_ptr_maps, &pid);
+	}
+	cw_bpf_debug("[Go] [uprobeThread/delete/OnConnectionAsyncEnd]getget: rdi_ptr:: %d\n", pid);
+	// 维护 pid 与 connection 的关系
+	return 1;
+}
+
+struct {
+	__uint(type, BPF_MAP_TYPE_HASH);
+	__uint(key_size, sizeof(__u64));
+	__uint(value_size, sizeof(__u64));
+	__uint(max_entries, 10240);
+} request_of_connection_ptr_maps SEC(".maps");
+
+SEC("uprobe/SendAsync1Start")
+int SendAsync1Start(struct pt_regs *ctx)
+{
+	cw_bpf_debug("[Go] [uprobeTshread/SendAsync1Start] enter");
+	__u64 pid_tgid = bpf_get_current_pid_tgid();
+    __u64 pid = pid_tgid >> 32;
+
+	void *rsi_ptr = (void *)PT_REGS_PARM2(ctx);
+
+	cw_bpf_debug("[Go] [uprobeThread/SendAsync1Start]: rsi_ptr:: %llx\n", rsi_ptr);
+
+	cw_bpf_debug("[Go] [uprobeThread/SendAsync1Start]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][SendAsync1Start][HTTP]pid:[%d]--[%lld]--request[%llx]", pid_tgid, bpf_ktime_get_ns(), rsi_ptr);
+
+	// 维护 pid 与 connection 的关系
+	__u64 *e3 = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
+	if (!e3) {
+		cw_bpf_debug("[Go] [uprobeThread/SendAsync1Start]getget: rsi_ptr:: %llx\n", *e3);
+		return 0;
+	}
+	cw_bpf_debug("[Go] [uprobeThread/SendAsync1Start]getget: rsi_ptr:: %llx\n", *e3);
+
+	bpf_map_update_elem(&request_of_connection_ptr_maps, &rsi_ptr, e3, BPF_ANY);
+
+	__u64 *e2 = bpf_map_lookup_elem(&request_of_connection_ptr_maps, &rsi_ptr);
+	if (!e2) {
+		cw_bpf_debug("[Go] [uprobeThread/SendAsync1Start] ErrorErrorError getget: rsi_ptr2:: %llx\n", *e2);
+		return 0;
+	}
+	cw_bpf_debug("[Go] [uprobeThread/SendAsync1Start]getget: rsi_ptr2:: %llx\n", *e2);
+	// 维护 pid 与 connection 的关系
+
+	return 1;
+}
+
+SEC("uprobe/SendAsync1End")
+int SendAsync1End(struct pt_regs *ctx)
+{
+	cw_bpf_debug("[Go] [uprobeTshread/SendAsync1End] enter");
+	return 1;
+}
+
+SEC("uprobe/SendAsync2Start")
+int SendAsync2Start(struct pt_regs *ctx)
+{
+	cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start] enter");
+	__u64 pid_tgid = bpf_get_current_pid_tgid();
+    __u64 pid = pid_tgid >> 32;
+
+	void *rdi_ptr = (void *)PT_REGS_PARM1(ctx);
+
+	void* fd_ptr;
+    if (bpf_probe_read(&fd_ptr, sizeof(fd_ptr), rdi_ptr + 0x8)) {
+        // return 1;
+    }
+
+	cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start]: fd_ptr:: %llx\n", fd_ptr);
+
+	cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][SendAsync2Start][HTTP]pid:[%d]--[%lld]--request[%llx]", pid_tgid, bpf_ktime_get_ns(), fd_ptr);
+
+
+	// 维护 pid 与 connection 的关系
+	__u64 *e2 = bpf_map_lookup_elem(&request_of_connection_ptr_maps, &fd_ptr);
+	if (!e2) {
+		cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start] ErrorErrorError getget: fd_ptr:: %llx\n", *e2);
+		return 0;
+	}
+	cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start]getget: fd_ptr:: %llx\n", *e2);
+
+	int num = 1;
+	struct pid_of_connection_ptr_key_t *pre_e = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
+	if (pre_e) {
+		cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start]getget: rdi_ptr:: %llx -> %d\n", pre_e->connection_ptr, pre_e->num);
+		num = pre_e->num + 1;
+	}
+	struct pid_of_connection_ptr_key_t connection_ptr_key = {};
+	connection_ptr_key.num = num;
+	connection_ptr_key.connection_ptr = *e2;
+	bpf_map_update_elem(&pid_of_connection_ptr_maps, &pid, &connection_ptr_key, BPF_ANY);
+	cw_bpf_debug("[Go] [uprobeThread/insert/SendAsync2Start]getget: rdi_ptr:: %d -> %llx\n", pid, *e2);
+
+	struct pid_of_connection_ptr_key_t *e3 = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
+	if (!e3) {
+		cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start]getget: ErrorErrorErrorError rsi_ptr3\n");
+		return 0;
+	}
+	cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start]getget: rsi_ptr3:: %llx -> %d\n", e3->connection_ptr, e3->num);
+	// 维护 pid 与 connection 的关系
+
+
+	// 维护函数出入口，用于关闭 当前 Connection 与线程的关系
+	__u64 ip = PT_REGS_IP(ctx);
+	__u64 asm_;
+	bpf_probe_read_user(&asm_, sizeof(asm_), (void*)ip);
+
+	asm_ = asm_ >> 32;
+	cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start/ent]: e->asm: %x", asm_);
+
+	__u64 bp = PT_REGS_SP(ctx);
+	// __u64 bp = PT_REGS_SP(ctx) + asm_;
+	__u64 caller_bp = PT_REGS_FP(ctx);
+
+	struct trace_stack_entry_key_t trace_key = {};
+	trace_key.caller_bp = caller_bp;
+	trace_key.bp = bp;
+	trace_key.trace_id = 0;
+
+	cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start/ent]: trace_keytrace_keytrace_key: rbp: %x, rbp: %x, rip:%x", PT_REGS_FP(ctx), PT_REGS_SP(ctx), PT_REGS_IP(ctx));
+	cw_bpf_debug("[Go] [uprobeThread/SendAsync2Start/ent]: trace_keytrace_keytrace_key: caller_bp: %x, bp: %x", trace_key.caller_bp, trace_key.bp);
+
+	bpf_map_update_elem(&trace_stack_entry_thread, &trace_key, &pid, BPF_ANY);
+	// 维护函数出入口，用于关闭 当前 Connection 与线程的关系
+
+	return 1;
+}
+
+SEC("uprobe/SendAsync2End")
+int SendAsync2End(struct pt_regs *ctx)
+{
+	cw_bpf_debug("[Go] [uprobeThread/SendAsync2End] enter");
+	__u64 pid_tgid = bpf_get_current_pid_tgid();
+    __u64 pid = pid_tgid >> 32;
+
+	cw_bpf_debug("[Go] [uprobeThread/SendAsync2End]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][SendAsync2End][HTTP]pid:[%d]--[%lld]", pid_tgid, bpf_ktime_get_ns());
+
+	// 维护函数出入口，用于关闭 当前 Connection 与线程的关系
+	// __u64 bp = PT_REGS_SP(ctx) - 8;
+	__u64 bp = PT_REGS_SP(ctx);
+	__u64 caller_bp = PT_REGS_FP(ctx);
+
+	struct trace_stack_entry_key_t trace_key = {};
+	trace_key.caller_bp = caller_bp;
+	trace_key.bp = bp;
+	trace_key.trace_id = 0;
+
+	cw_bpf_debug("[Go] [uprobeThread/SendAsync2End/ent]: trace_keytrace_keytrace_key: rbp: %x, rbp: %x, rip: %x", PT_REGS_FP(ctx), PT_REGS_SP(ctx), PT_REGS_IP(ctx));
+	cw_bpf_debug("[Go] [uprobeThread/SendAsync2End/ent]: trace_keytrace_keytrace_key: caller_bp: %x, bp: %x", trace_key.caller_bp, trace_key.bp);
+
+	__u64 *pid_p = bpf_map_lookup_elem(&trace_stack_entry_thread, &trace_key);
+
+	if (!pid_p) {
+		cw_bpf_debug("[Go] [uprobeThread/SendAsync2End/ent]:ErrorErrorErrorError Not get funEntry");
+		return 0;
+	}
+	cw_bpf_debug("[Go] [uprobeThread/SendAsync2End/ent]:Delete It: %d", *pid_p);
+	bpf_map_delete_elem(&trace_stack_entry_thread, &trace_key);
+
+	// 删除 pid 与 connection 的关系，由于 hook 点可能共用同一个线程，需要维护 num
+	struct pid_of_connection_ptr_key_t *ed_e = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, pid_p);
+	if (ed_e && ed_e->num > 1) {
+		cw_bpf_debug("[Go] [uprobeThread/SendAsync2End]getget: rdi_ptr:: %llx -> %d\n", ed_e->connection_ptr, ed_e->num);
+		ed_e->num = ed_e->num - 1;
+		bpf_map_update_elem(&pid_of_connection_ptr_maps, pid_p, ed_e, BPF_ANY);
+	} else {
+		bpf_map_delete_elem(&pid_of_connection_ptr_maps, pid_p);
+	}
+	cw_bpf_debug("[Go] [uprobeThread/delete/SendAsync2End]getget: rdi_ptr:: %d\n", pid_p);
+	// 维护函数出入口，用于关闭 当前 Connection 与线程的关系
+
+	return 1;
+}
+
+SEC("uprobe/DoSendStart")
+int DoSendStart(struct pt_regs *ctx)
+{
+	cw_bpf_debug("[Go] [uprobeThread/DoSendStart] enter");
+	__u64 pid_tgid = bpf_get_current_pid_tgid();
+    __u64 pid = pid_tgid >> 32;
+	
+
+	void *rdi_ptr = (void *)PT_REGS_PARM1(ctx);
+
+	__u64 fd_ptr;
+    if (bpf_probe_read(&fd_ptr, sizeof(fd_ptr), rdi_ptr - 0xe8 + 0x28)) {
+        // return 1;
+    }
+	cw_bpf_debug("[Go] [uprobeThread/DoSendStart]: fd_ptr: %llx\n", fd_ptr);  
+	cw_bpf_debug("[Go] [uprobeThread/DoSendStart]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+	// cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][DoSendStart][HTTP]pid:[%d]--[%lld]--id[%s]", pid_tgid, bpf_ktime_get_ns(), final_connection_id);
+
+	// 维护 pid 与 connection 的关系
+	int num = 1;
+	struct pid_of_connection_ptr_key_t *pre_e = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
+	if (pre_e) {
+		cw_bpf_debug("[Go] [uprobeThread/DoSendStart]getget: rdi_ptr:: %llx -> %d\n", pre_e->connection_ptr, pre_e->num);
+		num = pre_e->num + 1;
+	}
+	struct pid_of_connection_ptr_key_t connection_ptr_key = {};
+	connection_ptr_key.num = num;
+	connection_ptr_key.connection_ptr = fd_ptr;
+	bpf_map_update_elem(&pid_of_connection_ptr_maps, &pid, &connection_ptr_key, BPF_ANY);
+	cw_bpf_debug("[Go] [uprobeThread/insert/DoSendStart]getget: rdi_ptr:: %d -> %llx\n", pid, fd_ptr);
+
+	struct pid_of_connection_ptr_key_t *e3 = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
+	if (!e3) {
+		cw_bpf_debug("[Go] [uprobeThread/DoSendStart] ErrorErrorError getget: rsi_ptr3\n");
+		return 0;
+	}
+	cw_bpf_debug("[Go] [uprobeThread/DoSendStart]getget: rsi_ptr3:: %llx -> %d\n", e3->connection_ptr, e3->num);
+	// 维护 pid 与 connection 的关系
+
+
+	// 维护函数出入口，用于关闭 当前 Connection 与线程的关系
+	__u64 ip = PT_REGS_IP(ctx);
+	__u64 asm_;
+	bpf_probe_read_user(&asm_, sizeof(asm_), (void*)ip);
+
+	asm_ = asm_ >> 32;
+	cw_bpf_debug("[Go] [uprobeThread/DoSendStart/ent]: e->asm: %x", asm_);
+
+	__u64 bp = PT_REGS_SP(ctx);
+	// __u64 bp = PT_REGS_SP(ctx) + asm_;
+	__u64 caller_bp = PT_REGS_FP(ctx);
+
+	struct trace_stack_entry_key_t trace_key = {};
+	trace_key.caller_bp = caller_bp;
+	trace_key.bp = bp;
+	trace_key.trace_id = 0;
+
+	cw_bpf_debug("[Go] [uprobeThread/DoSendStart/ent]: trace_keytrace_keytrace_key: rbp: %x, rbp: %x, rip:%x", PT_REGS_FP(ctx), PT_REGS_SP(ctx), PT_REGS_IP(ctx));
+	cw_bpf_debug("[Go] [uprobeThread/DoSendStart/ent]: trace_keytrace_keytrace_key: caller_bp: %x, bp: %x", trace_key.caller_bp, trace_key.bp);
+
+	bpf_map_update_elem(&trace_stack_entry_thread, &trace_key, &pid, BPF_ANY);
+	// 维护函数出入口，用于关闭 当前 Connection 与线程的关系
+
+	return 1;
+}
+
+SEC("uprobe/DoSendEnd")
+int DoSendEnd(struct pt_regs *ctx)
+{
+	cw_bpf_debug("[Go] [uprobeThread/DoSendEnd] enter");
+	__u64 pid_tgid = bpf_get_current_pid_tgid();
+    __u64 pid = pid_tgid >> 32;
+
+	cw_bpf_debug("[Go] [uprobeThread/DoSendEnd]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][DoSendEnd][HTTP]pid:[%d]--[%lld]", pid_tgid, bpf_ktime_get_ns());
+
+	// 维护函数出入口，用于关闭 当前 Connection 与线程的关系
+	// __u64 bp = PT_REGS_SP(ctx) - 8;
+	__u64 bp = PT_REGS_SP(ctx);
+	__u64 caller_bp = PT_REGS_FP(ctx);
+
+	struct trace_stack_entry_key_t trace_key = {};
+	trace_key.caller_bp = caller_bp;
+	trace_key.bp = bp;
+	trace_key.trace_id = 0;
+
+	cw_bpf_debug("[Go] [uprobeThread/DoSendEnd/ret]: trace_keytrace_keytrace_key: rbp: %x, rbp: %x, rip: %x", PT_REGS_FP(ctx), PT_REGS_SP(ctx), PT_REGS_IP(ctx));
+	cw_bpf_debug("[Go] [uprobeThread/DoSendEnd/ret]: trace_keytrace_keytrace_key: caller_bp: %x, bp: %x", trace_key.caller_bp, trace_key.bp);
+
+	__u64 *pid_p = bpf_map_lookup_elem(&trace_stack_entry_thread, &trace_key);
+
+	if (!pid_p) {
+		cw_bpf_debug("[Go] [uprobeThread/DoSendEnd/ret]:ErrorErrorErrorError Not get funEntry");
+		return 0;
+	}
+	cw_bpf_debug("[Go] [uprobeThread/DoSendEnd/ret]:Delete It: %d", *pid_p);
+	bpf_map_delete_elem(&trace_stack_entry_thread, &trace_key);
+
+	// 删除 pid 与 connection 的关系，由于 hook 点可能共用同一个线程，需要维护 num
+	struct pid_of_connection_ptr_key_t *ed_e = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, pid_p);
+	if (ed_e && ed_e->num > 1) {
+		cw_bpf_debug("[Go] [uprobeThread/DoSendEnd]getget: rdi_ptr:: %llx -> %d\n", ed_e->connection_ptr, ed_e->num);
+		ed_e->num = ed_e->num - 1;
+		bpf_map_update_elem(&pid_of_connection_ptr_maps, pid_p, ed_e, BPF_ANY);
+	} else {
+		bpf_map_delete_elem(&pid_of_connection_ptr_maps, pid_p);
+	}
+	cw_bpf_debug("[Go] [uprobeThread/delete/DoSendEnd]getget: rdi_ptr:: %d\n", pid_p);
+	// 维护函数出入口，用于关闭 当前 Connection 与线程的关系
+
+	return 1;
+}
+
+
+
+// 以下 V1 版本使用 ConnectionId 串联使用，如果用直接用 Connection 对象可缩减部分逻辑
+// SEC("uprobe/CreateContextStart")
+// int CreateContextStart(struct pt_regs *ctx)
+// {
+// 	cw_bpf_debug("[Go] [uprobeThread/CreateContextStart] enter");
+// 	__u64 pid_tgid = bpf_get_current_pid_tgid();
+//     __u64 pid = pid_tgid >> 32;
+
+// 	void *rsi_ptr = (void *)PT_REGS_PARM2(ctx);
+
+// 	cw_bpf_debug("[Go] [uprobeThread/CreateContextStart]: rdi_ptr:: %llx\n", rsi_ptr);
+// 	cw_bpf_debug("[Go] [uprobeThread/CreateContextStart]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+// 	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][CreateContextStart][HTTP]pid:[%d]--[%lld]--request[%llx]", pid_tgid, bpf_ktime_get_ns(), rsi_ptr);
+
+// 	// 维护 pid 与 connection 的关系
+// 	bpf_map_update_elem(&pid_of_connection_ptr_maps, &pid, &rsi_ptr, BPF_ANY);
+
+// 	__u64 *e = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
+// 	if (!e) {
+// 		cw_bpf_debug("[Go] [uprobeThread/CreateContextStart]getget: rsi_ptr:: %llx\n", *e);
+// 		return 0;
+// 	}
+// 	cw_bpf_debug("[Go] [uprobeThread/CreateContextStart]getget: rsi_ptr:: %llx\n", *e);
+// 	// 维护 pid 与 connection 的关系
+
+// 	return 1;
+// }
+
+// struct {
+// 	__uint(type, BPF_MAP_TYPE_HASH);
+// 	__uint(key_size, 14);
+// 	__uint(value_size, sizeof(__u64));
+// 	__uint(max_entries, 10240);
+// } httpid_of_connection_ptr_maps SEC(".maps");
+
+// SEC("uprobe/AcceptConnectionsAsync")
+// int AcceptConnectionsAsync(struct pt_regs *ctx)
+// {
+// 	cw_bpf_debug("[Go] [uprobeThread/AcceptConnectionsAsync] enter");
+// 	__u64 pid_tgid = bpf_get_current_pid_tgid();
+//     __u64 pid = pid_tgid >> 32;
+
+// 	char original[26];  
+//     char final_connection_id[14];  // 13 个字符和一个结束符  
+
+//     void *rsi_ptr = (void *)PT_REGS_PARM2(ctx);  
+
+//     // 读取 rsi+0xc 的 26 个字符  
+//     bpf_probe_read(original, sizeof(original), rsi_ptr + 0xc);  
+
+//     // 每隔一个字符取一个字符  
+//     #pragma unroll  
+//     for (int i = 0; i < 13; ++i) {  
+//         final_connection_id[i] = original[i * 2];  
+//     }  
+//     final_connection_id[13] = '\0';  // 确保字符串以null终止  
+
+// 	cw_bpf_debug("[Go] [uprobeThread/AcceptConnectionsAsync]: rsi_ptr:: %llx\n", rsi_ptr);
+// 	cw_bpf_debug("[Go] [uprobeThread/AcceptConnectionsAsync]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+// 	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][AcceptConnectionsAsync][HTTP]pid:[%d]--[%lld]--id[%s]", pid_tgid, bpf_ktime_get_ns(), final_connection_id);
+
+// 	// 维护 pid 与 connection 的关系
+// 	__u64 *e = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
+// 	if (!e) {
+// 		cw_bpf_debug("[Go] [uprobeThread/AcceptConnectionsAsync] ErrorErrorError getget: rsi_ptr:: %llx\n", *e);
+// 		return 0;
+// 	}
+// 	cw_bpf_debug("[Go] [uprobeThread/AcceptConnectionsAsync]getget: rsi_ptr:: %llx\n", *e);
+// 	bpf_map_delete_elem(&pid_of_connection_ptr_maps, &pid);
+
+// 	bpf_map_update_elem(&httpid_of_connection_ptr_maps, final_connection_id, e, BPF_ANY);
+
+// 	__u64 *e2 = bpf_map_lookup_elem(&httpid_of_connection_ptr_maps, &final_connection_id);
+// 	if (!e2) {
+// 		cw_bpf_debug("[Go] [uprobeThread/AcceptConnectionsAsync] ErrorErrorError getget: rsi_ptr2:: %llx\n", *e2);
+// 		return 0;
+// 	}
+// 	cw_bpf_debug("[Go] [uprobeThread/AcceptConnectionsAsync]getget: rsi_ptr2:: %llx\n", *e2);
+// 	// 维护 pid 与 connection 的关系
+
+// 	return 1;
+// }
+
+
+// SEC("uprobe/OnConnectionAsyncStart")
+// int OnConnectionAsyncStart(struct pt_regs *ctx)
+// {
+// 	cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncStart] enter");
+// 	__u64 pid_tgid = bpf_get_current_pid_tgid();
+//     __u64 pid = pid_tgid >> 32;
+
+//     char original[26];  
+//     char final_connection_id[14];  // 13 个字符和一个结束符  
+
+//     void *rsi_ptr = (void *)PT_REGS_PARM2(ctx);  
+
+//     // 读取 rsi+0xc 的 26 个字符  
+//     bpf_probe_read(original, sizeof(original), rsi_ptr + 0xc);  
+
+//     // 每隔一个字符取一个字符  
+//     #pragma unroll  
+//     for (int i = 0; i < 13; ++i) {  
+//         final_connection_id[i] = original[i * 2];  
+//     }  
+//     final_connection_id[13] = '\0';  // 确保字符串以null终止  
+
+// 	cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncStart]: rsi_ptr:: %llx\n", rsi_ptr);
+// 	cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncStart]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+// 	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][OnConnectionAsyncStart][HTTP]pid:[%d]--[%lld]--id[%s]", pid_tgid, bpf_ktime_get_ns(), final_connection_id);
+
+// 	// 维护 pid 与 connection 的关系
+// 	__u64 *e2 = bpf_map_lookup_elem(&httpid_of_connection_ptr_maps, &final_connection_id);
+// 	if (!e2) {
+// 		cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncStart] ErrorErrorError getget: rsi_ptr2:: %llx\n", *e2);
+// 		return 0;
+// 	}
+// 	cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncStart]getget: rsi_ptr2:: %llx\n", *e2);
+
+// 	bpf_map_update_elem(&pid_of_connection_ptr_maps, &pid, e2, BPF_ANY);
+
+// 	__u64 *e3 = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
+// 	if (!e3) {
+// 		cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncStart]getget: rsi_ptr3:: %llx\n", *e3);
+// 		return 0;
+// 	}
+// 	cw_bpf_debug("[Go] [uprobeThread/OnConnectionAsyncStart]getget: rsi_ptr3:: %llx\n", *e3);
+// 	// 维护 pid 与 connection 的关系
+// 	return 1;
+// }
+
+
+// SEC("uprobe/DoSendStart")
+// int DoSendStart(struct pt_regs *ctx)
+// {
+// 	cw_bpf_debug("[Go] [uprobeThread/DoSendStart] enter");
+// 	__u64 pid_tgid = bpf_get_current_pid_tgid();
+//     __u64 pid = pid_tgid >> 32;
+	
+
+// 	void *rdi_ptr = (void *)PT_REGS_PARM1(ctx);
+
+// 	void* fd_ptr;
+//     if (bpf_probe_read(&fd_ptr, sizeof(fd_ptr), rdi_ptr - 0xe8 + 0x28)) {
+//         // return 1;
+//     }
+// 	cw_bpf_debug("[Go] [uprobeThread/DoSendStart]: fd_ptr: %llx\n", fd_ptr);
+// 	void* fd_ptr2;
+//     if (bpf_probe_read(&fd_ptr2, sizeof(fd_ptr2), fd_ptr + 0x28)) {
+//         // return 1;
+//     }
+
+// 	cw_bpf_debug("[Go] [uprobeThread/DoSendStart]: rsi_ptr:: %llx\n", fd_ptr2);
+
+// 	char original[26];  
+//     char final_connection_id[14];  // 13 个字符和一个结束符 
+
+// 	// 读取 rsi+0xc 的 26 个字符  
+//     bpf_probe_read(original, sizeof(original), fd_ptr2 + 0xc);  
+
+//     // 每隔一个字符取一个字符  
+//     #pragma unroll  
+//     for (int i = 0; i < 13; ++i) {  
+//         final_connection_id[i] = original[i * 2];  
+//     }  
+//     final_connection_id[13] = '\0';  // 确保字符串以null终止  
+
+// 	cw_bpf_debug("[Go] [uprobeThread/DoSendStart]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+// 	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][DoSendStart][HTTP]pid:[%d]--[%lld]--id[%s]", pid_tgid, bpf_ktime_get_ns(), final_connection_id);
+
+// 	// 维护 pid 与 connection 的关系
+// 	__u64 *e2 = bpf_map_lookup_elem(&httpid_of_connection_ptr_maps, &final_connection_id);
+// 	if (!e2) {
+// 		cw_bpf_debug("[Go] [uprobeThread/DoSendStart] ErrorErrorError getget: rsi_ptr2:: %llx\n", *e2);
+// 		return 0;
+// 	}
+// 	cw_bpf_debug("[Go] [uprobeThread/DoSendStart]getget: rsi_ptr2:: %llx\n", *e2);
+
+// 	bpf_map_update_elem(&pid_of_connection_ptr_maps, &pid, e2, BPF_ANY);
+
+// 	__u64 *e3 = bpf_map_lookup_elem(&pid_of_connection_ptr_maps, &pid);
+// 	if (!e3) {
+// 		cw_bpf_debug("[Go] [uprobeThread/DoSendStart] ErrorErrorError getget: rsi_ptr3:: %llx\n", *e3);
+// 		return 0;
+// 	}
+// 	cw_bpf_debug("[Go] [uprobeThread/DoSendStart]getget: rsi_ptr3:: %llx\n", *e3);
+// 	// 维护 pid 与 connection 的关系
+
+
+// 	// 维护函数出入口，用于关闭 当前 Connection 与线程的关系
+// 	__u64 ip = PT_REGS_IP(ctx);
+// 	__u64 asm_;
+// 	bpf_probe_read_user(&asm_, sizeof(asm_), (void*)ip);
+
+// 	asm_ = asm_ >> 32;
+// 	cw_bpf_debug("[Go] [uprobeThread/DoSendStart/ent]: e->asm: %x", asm_);
+
+// 	__u64 bp = PT_REGS_SP(ctx);
+// 	// __u64 bp = PT_REGS_SP(ctx) + asm_;
+// 	__u64 caller_bp = PT_REGS_FP(ctx);
+
+// 	struct trace_stack_entry_key_t trace_key = {};
+// 	trace_key.caller_bp = caller_bp;
+// 	trace_key.bp = bp;
+// 	trace_key.trace_id = 0;
+
+// 	cw_bpf_debug("[Go] [uprobeThread/DoSendStart/ent]: trace_keytrace_keytrace_key: rbp: %x, rbp: %x, rip:%x", PT_REGS_FP(ctx), PT_REGS_SP(ctx), PT_REGS_IP(ctx));
+// 	cw_bpf_debug("[Go] [uprobeThread/DoSendStart/ent]: trace_keytrace_keytrace_key: caller_bp: %x, bp: %x", trace_key.caller_bp, trace_key.bp);
+
+// 	bpf_map_update_elem(&trace_stack_entry_thread, &trace_key, &pid, BPF_ANY);
+// 	// 维护函数出入口，用于关闭 当前 Connection 与线程的关系
+
+// 	return 1;
+// }
+
+
+
+// 后面 hook 暂时主流程中用不到，主要在调试过程中使用
+
+// SEC("uprobe/DoReceiveStart")
+// int DoReceiveStart(struct pt_regs *ctx)
+// {
+// 	cw_bpf_debug("[Go] [uprobeThread/DoReceiveStart] enter");
+// 	__u64 pid_tgid = bpf_get_current_pid_tgid();
+//     __u64 pid = pid_tgid >> 32;
+
+// 	void *rdi_ptr = (void *)PT_REGS_PARM1(ctx);
+
+// 	void* fd_ptr;
+//     if (bpf_probe_read(&fd_ptr, sizeof(fd_ptr), rdi_ptr + 0x28)) {
+//         // return 1;
+//     }
+// 	cw_bpf_debug("[Go] [uprobeThread/DoReceiveStart]: fd_ptr: %llx\n", fd_ptr);
+// 	void* fd_ptr2;
+//     if (bpf_probe_read(&fd_ptr2, sizeof(fd_ptr2), fd_ptr + 0x28)) {
+//         // return 1;
+//     }
+
+// 	cw_bpf_debug("[Go] [uprobeThread/DoReceiveStart]: rsi_ptr:: %llx\n", fd_ptr2);
+
+// 	char original[26];  
+//     char final_connection_id[14];  // 13 个字符和一个结束符 
+
+// 	// 读取 rsi+0xc 的 26 个字符  
+//     bpf_probe_read(original, sizeof(original), fd_ptr2 + 0xc);  
+
+//     // 每隔一个字符取一个字符  
+//     #pragma unroll  
+//     for (int i = 0; i < 13; ++i) {  
+//         final_connection_id[i] = original[i * 2];  
+//     }  
+//     final_connection_id[13] = '\0';  // 确保字符串以null终止  
+	
+// 	cw_bpf_debug("[Go] [uprobeThread/DoReceiveStart]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+// 	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][DoReceiveStart][HTTP]pid:[%d]--[%lld]--id[%s]", pid_tgid, bpf_ktime_get_ns(), final_connection_id);
+
+// 	return 1;
+// }
+
+// SEC("uprobe/DoReceiveEnd")
+// int DoReceiveEnd(struct pt_regs *ctx)
+// {
+// 	cw_bpf_debug("[Go] [uprobeThread/DoReceiveEnd] enter");
+// 	__u64 pid_tgid = bpf_get_current_pid_tgid();
+//     __u64 pid = pid_tgid >> 32;
+
+// 	cw_bpf_debug("[Go] [uprobeThread/DoReceiveEnd]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+// 	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][DoReceiveEnd][HTTP]pid:[%d]--[%lld]", pid_tgid, bpf_ktime_get_ns());
+
+// 	return 1;
+// }
+
+// SEC("uprobe/ReceiveStart")
+// int ReceiveStart(struct pt_regs *ctx)
+// {
+// 	cw_bpf_debug("[Go] [uprobeThread/ReceiveStart] enter");
+// 	__u64 pid_tgid = bpf_get_current_pid_tgid();
+//     __u64 pid = pid_tgid >> 32;
+
+// 	cw_bpf_debug("[Go] [uprobeThread/ReceiveStart]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+// 	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][ReceiveStart][HTTP]pid:[%d]--[%lld]", pid_tgid, bpf_ktime_get_ns());
+
+// 	return 1;
+// }
+
+// SEC("uprobe/ReceiveEnd")
+// int ReceiveEnd(struct pt_regs *ctx)
+// {
+// 	cw_bpf_debug("[Go] [uprobeThread/ReceiveEnd] enter");
+// 	__u64 pid_tgid = bpf_get_current_pid_tgid();
+//     __u64 pid = pid_tgid >> 32;
+
+// 	cw_bpf_debug("[Go] [uprobeThread/ReceiveEnd]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+// 	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][ReceiveEnd][HTTP]pid:[%d]--[%lld]", pid_tgid, bpf_ktime_get_ns());
+
+// 	return 1;
+// }
+
+// SEC("uprobe/SendStart")
+// int SendStart(struct pt_regs *ctx)
+// {
+// 	cw_bpf_debug("[Go] [uprobeThread/SendStart] enter");
+// 	__u64 pid_tgid = bpf_get_current_pid_tgid();
+//     __u64 pid = pid_tgid >> 32;
+
+// 	cw_bpf_debug("[Go] [uprobeThread/SendStart]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+// 	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][SendStart][HTTP]pid:[%d]--[%lld]", pid_tgid, bpf_ktime_get_ns());
+
+// 	return 1;
+// }
+
+// SEC("uprobe/SendEnd")
+// int SendEnd(struct pt_regs *ctx)
+// {
+// 	cw_bpf_debug("[Go] [uprobeThread/SendEnd] enter");
+// 	__u64 pid_tgid = bpf_get_current_pid_tgid();
+//     __u64 pid = pid_tgid >> 32;
+
+// 	cw_bpf_debug("[Go] [uprobeThread/SendEnd]: get_apm_trace_id:: %d, %d\n", pid, pid_tgid);
+// 	cw_bpf_debug("[Go] [uprobeThread/pidpidpidpid][SendEnd][HTTP]pid:[%d]--[%lld]", pid_tgid, bpf_ktime_get_ns());
+
+// 	return 1;
+// }

ebpftracer/ebpf/utrace/netcore/net/client.probe.bpf.c

@@ -123,7 +123,7 @@ static __inline struct sock_t* buildHeader2(struct sock_t *map_data) {
 	span_context_to_cw_string_stream(cw_span_context, header, '1');
 	bpf_printk("Successfully HEADER  %s\n", header);
 
-//	bpf_probe_read(map_data_res->payload, map_data->header_offset_idx, map_data->payload);
+// bpf_probe_read(map_data_res->payload, map_data->header_offset_idx, map_data->payload);
 //	bpf_printk("Successfully %s\n", data);
 //	return 1;
 #pragma unroll
@@ -163,6 +163,7 @@ static __inline int insertHeader2(struct sock_t *map_data,void * jbytechar_ptr,v
 	}
 
 	/*修改部分*/
+	// bpf_printk("map_data->payload: %s, len %d\n", map_data_res->payload, map_data_res->size);
 	return updataSocket3(map_data_res, map_data_res->payload, map_data_res->size, jbytechar_ptr, len_from_rbp_ptr);
 }
 

ebpftracer/netcore.go

@@ -2,6 +2,7 @@ package ebpftracer
 
 import (
 	"bufio"
+	"bytes"
 	"errors"
 	"io"
 	"log"
@@ -11,6 +12,7 @@ import (
 
 	"debug/dwarf"
 	"debug/elf"
+	debugelf "debug/elf"
 	"fmt"
 
 	"github.com/coroot/coroot-node-agent/utils"
@@ -21,7 +23,7 @@ import (
 const (
 	// goServeHTTP           = "net/http.serverHandler.ServeHTTP"
 	// binPath           = "/root/code/jdk8u/build/linux-x86_64-normal-server-release/jdk/lib/amd64/libnio.so"
-	libPath                  = "/data/roger/NET8/CoreAoT/bin/Release/net8.0/linux-x64/publish/CoreAoT"
+	libPath                  = "/data/NET8/CoreAoT/bin/Debug/net8.0/linux-x64/publish/CoreAoT"
 	netcoresymbolsocketRead0 = "SystemNative_Receive"
 )
 
@@ -223,3 +225,621 @@ func (t *Tracer) AttachNetCoreNetWriteUprobes(pid uint32, insID utils.ID) []link
 
 	return links
 }
+
+func contains(array []string, str string) bool {
+	for _, v := range array {
+		if v == str {
+			return true
+		}
+	}
+	return false
+}
+
+func SplitByteByDelimiter(data []byte) []byte {
+	pre := data[:4]
+	data = data[4:]
+	// 查找两个字节序列的位置
+	index1 := bytes.Index(data, []byte{0x55, 0x48, 0x83, 0xEC})
+	index2 := bytes.Index(data, []byte{0x55, 0x48, 0x81, 0xEC})
+
+	// 如果两个都没有找到，返回 nil
+	if index1 == -1 && index2 == -1 {
+		return nil
+	}
+
+	// 确定哪个字节序列在前
+	var startIndex int
+	if index1 == -1 {
+		// 只有index2找到了
+		startIndex = index2
+	} else if index2 == -1 {
+		// 只有index1找到了
+		startIndex = index1
+	} else {
+		// 两个都找到了，选择较小的那个
+		startIndex = min(index1, index2)
+	}
+
+	// 返回从开始到选定的起始位置之前的数据
+	return append(pre, data[:startIndex]...)
+}
+
+func (t *Tracer) AttachNetCoreNetThreadUprobes(pid uint32, insID utils.ID) []link.Link {
+	// uprobes := []tracer.Uprobe{}
+
+	binFile, err := os.Open(libPath + ".dbg")
+	binFile2, err := os.Open(libPath)
+	if err != nil {
+		return nil
+	}
+
+	// cache := map[string]interface{}{}
+	// 解析 elf 文件
+	elfFile, _ := debugelf.NewFile(binFile)
+	elfFile2, _ := debugelf.NewFile(binFile2)
+	// 获取所有符号表
+	symbols, _ := elfFile.Symbols()
+
+	ex, err := link.OpenExecutable(libPath)
+
+	words := []string{
+		"Microsoft_AspNetCore_Server_Kestrel_Core_Microsoft_AspNetCore_Server_Kestrel_Core_Internal_HttpConnectionMiddleware_1<System___Canon>__OnConnectionAsync", "Microsoft_AspNetCore_Server_Kestrel_Transport_Sockets_Microsoft_AspNetCore_Server_Kestrel_Transport_Sockets_Internal_SocketConnection__DoSend_d__28__MoveNext", "System_Net_Http_System_Net_Http_HttpClient__SendAsync_2",
+		"System_Net_Http_System_Net_Http_HttpConnection__SendAsync_d__57__MoveNext",
+		"Microsoft_AspNetCore_Server_Kestrel_Transport_Sockets_Microsoft_AspNetCore_Server_Kestrel_Transport_Sockets_Internal_SocketConnection__Start"}
+
+	wordsType := map[string]string{
+		"Microsoft_AspNetCore_Server_Kestrel_Core_Microsoft_AspNetCore_Server_Kestrel_Core_Internal_HttpConnectionMiddleware_1<System___Canon>__OnConnectionAsync":      "OnConnectionAsync",
+		"Microsoft_AspNetCore_Server_Kestrel_Transport_Sockets_Microsoft_AspNetCore_Server_Kestrel_Transport_Sockets_Internal_SocketConnection__DoSend_d__28__MoveNext": "DoSend",
+		"System_Net_Http_System_Net_Http_HttpClient__SendAsync_2":                                                                                      "SendAsync1",
+		"System_Net_Http_System_Net_Http_HttpConnection__SendAsync_d__57__MoveNext":                                                                    "SendAsync2",
+		"Microsoft_AspNetCore_Server_Kestrel_Transport_Sockets_Microsoft_AspNetCore_Server_Kestrel_Transport_Sockets_Internal_SocketConnection__Start": "SocketConnectionStart"}
+
+	textSection := elfFile2.Section("__managedcode")
+	textSectionData, err := textSection.Data()
+
+	if err != nil {
+		fmt.Println("failed to read text section", err)
+		return nil
+	}
+
+	if textSection == nil {
+		fmt.Println("no text section", nil)
+		return nil
+	}
+	textSectionLen := uint64(len(textSectionData) - 1)
+	fmt.Printf("textSectionLen %x, %x, %x\n", textSectionLen, textSection.Addr, textSection.Size)
+
+	var links []link.Link
+
+	for _, sym := range symbols {
+		exists := contains(words, sym.Name)
+		if exists {
+			fmt.Println("dddddddd:", sym.Name, sym.Value, sym.Size, sym.Info, sym)
+			address := sym.Value
+
+			sStart := sym.Value - textSection.Addr
+			sEnd := sStart + sym.Size
+			if sym.Size == 0 {
+				sEnd = sStart + 5000
+			}
+			if sEnd > textSectionLen {
+				fmt.Println("no text section333", nil)
+				continue
+			}
+			sBytes := textSectionData[sStart:sEnd]
+			if sym.Size == 0 {
+				sBytes = SplitByteByDelimiter(sBytes)
+			}
+
+			fmt.Printf("dddddddd+++++: %s, %x, %d, %x, %s\n", sym.Name, sym.Value, sym.Size, address, wordsType[sym.Name])
+
+			l, err := ex.Uprobe("", t.uprobes[wordsType[sym.Name]+"Start"], &link.UprobeOptions{Address: address})
+			if err != nil {
+				fmt.Println("failed to attach uprobe", err, wordsType[sym.Name])
+				// return nil
+			}
+
+			links = append(links, l)
+			returnOffsets := getReturnOffsets(elfFile.Machine, sBytes)
+			for _, offset := range returnOffsets {
+				fmt.Printf("dddddddd----: %s, %x, %d, %x\n", sym.Name, sym.Value, sym.Size, offset)
+				l, err := ex.Uprobe("", t.uprobes[wordsType[sym.Name]+"End"], &link.UprobeOptions{Address: address, Offset: uint64(offset)})
+				if err != nil {
+					fmt.Println("failed to attach uprobe", err, wordsType[sym.Name])
+					// return nil
+				}
+				links = append(links, l)
+			}
+
+		}
+	}
+	if len(links) == 0 {
+		return nil
+	}
+	fmt.Println("netcore uprobes OnConnectionAsyncStart attached, pid is ", pid)
+	return links
+}
+
+// func (t *Tracer) AttachNetCoreNetOnConnectionAsyncStartUprobes(pid uint32, insID utils.ID) []link.Link {
+// 	if t.disableL7Tracing {
+// 		return nil
+// 	}
+
+// 	var links []link.Link
+// 	ex, err := link.OpenExecutable(libPath)
+
+// 	// 获取函数的偏移量
+// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))
+
+// 	var addr uint64 = 0x96d700 // Microsoft_AspNetCore_Server_Kestrel_Core_Microsoft_AspNetCore_Server_Kestrel_Core_Internal_HttpConnectionMiddleware_1<System___Canon>__OnConnectionAsync 入口处
+// 	// var addr uint64 = 0x96dc15
+
+// 	l, err := ex.Uprobe("", t.uprobes["OnConnectionAsyncStart"], &link.UprobeOptions{Address: addr})
+// 	if err != nil {
+// 		fmt.Println("failed to attach OnConnectionAsyncStart uprobe", err)
+// 		return nil
+// 	}
+
+// 	links = append(links, l)
+
+// 	if len(links) == 0 {
+// 		return nil
+// 	}
+// 	fmt.Println("netcore uprobes OnConnectionAsyncStart attached, pid is ", pid)
+// 	return links
+// }
+
+// func (t *Tracer) AttachNetCoreNetOnConnectionAsyncEndUprobes(pid uint32, insID utils.ID) []link.Link {
+// 	if t.disableL7Tracing {
+// 		return nil
+// 	}
+
+// 	var links []link.Link
+// 	ex, err := link.OpenExecutable(libPath)
+
+// 	// 获取函数的偏移量
+// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))
+
+// 	var addr uint64 = 0x96dcbf
+
+// 	l, err := ex.Uprobe("", t.uprobes["OnConnectionAsyncEnd"], &link.UprobeOptions{Address: addr})
+// 	if err != nil {
+// 		fmt.Println("failed to attach OnConnectionAsyncEnd uprobe", err)
+// 		return nil
+// 	}
+
+// 	links = append(links, l)
+
+// 	if len(links) == 0 {
+// 		return nil
+// 	}
+// 	fmt.Println("netcore uprobes OnConnectionAsyncEnd attached, pid is ", pid)
+// 	return links
+// }
+
+// func (t *Tracer) AttachNetCoreNetDoSendStartUprobes(pid uint32, insID utils.ID) []link.Link {
+// 	if t.disableL7Tracing {
+// 		return nil
+// 	}
+
+// 	var links []link.Link
+// 	ex, err := link.OpenExecutable(libPath)
+
+// 	// 获取函数的偏移量
+// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))
+
+// 	var addr uint64 = 0x260b40 // Microsoft_AspNetCore_Server_Kestrel_Transport_Sockets_Microsoft_AspNetCore_Server_Kestrel_Transport_Sockets_Internal_SocketConnection__DoSend_d__28__MoveNext 入口处
+
+// 	l, err := ex.Uprobe("", t.uprobes["DoSendStart"], &link.UprobeOptions{Address: addr})
+// 	if err != nil {
+// 		fmt.Println("failed to attach DoSendStart uprobe", err)
+// 		return nil
+// 	}
+
+// 	links = append(links, l)
+
+// 	if len(links) == 0 {
+// 		return nil
+// 	}
+// 	fmt.Println("netcore uprobes DoSendStart attached, pid is ", pid)
+// 	return links
+// }
+
+// func (t *Tracer) AttachNetCoreNetDoSendEndUprobes(pid uint32, insID utils.ID) []link.Link {
+// 	if t.disableL7Tracing {
+// 		return nil
+// 	}
+
+// 	var links []link.Link
+// 	ex, _ := link.OpenExecutable(libPath)
+
+// 	// 获取函数的偏移量
+// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))
+
+// 	var addrArray = []uint64{0x26125d, 0x261295, 0x2612fd, 0x261396, 0x2613f4}
+
+// 	for _, addr := range addrArray {
+// 		l, err := ex.Uprobe("", t.uprobes["DoSendEnd"], &link.UprobeOptions{Address: addr})
+// 		if err != nil {
+// 			fmt.Println("failed to attach DoSendEnd uprobe", err)
+// 			return nil
+// 		}
+
+// 		links = append(links, l)
+// 	}
+
+// 	if len(links) == 0 {
+// 		return nil
+// 	}
+// 	fmt.Println("netcore uprobes DoSendEnd attached, pid is ", pid)
+// 	return links
+// }
+
+// func (t *Tracer) AttachNetCoreNetSendAsync1Uprobes(pid uint32, insID utils.ID) []link.Link {
+// 	if t.disableL7Tracing {
+// 		return nil
+// 	}
+
+// 	var links []link.Link
+// 	ex, err := link.OpenExecutable(libPath)
+
+// 	// 获取函数的偏移量
+// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))
+
+// 	var addr uint64 = 0x32ab70 // System_Net_Http_System_Net_Http_HttpClient__SendAsync_2 入口处
+
+// 	l, err := ex.Uprobe("", t.uprobes["SendAsync1"], &link.UprobeOptions{Address: addr})
+// 	if err != nil {
+// 		fmt.Println("failed to attach SendAsync1 uprobe", err)
+// 		return nil
+// 	}
+
+// 	links = append(links, l)
+
+// 	if len(links) == 0 {
+// 		return nil
+// 	}
+// 	fmt.Println("netcore uprobes SendAsync1 attached, pid is ", pid)
+// 	return links
+// }
+
+// func (t *Tracer) AttachNetCoreNetSendAsync2Uprobes(pid uint32, insID utils.ID) []link.Link {
+// 	if t.disableL7Tracing {
+// 		return nil
+// 	}
+
+// 	var links []link.Link
+// 	ex, err := link.OpenExecutable(libPath)
+
+// 	// 获取函数的偏移量
+// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))
+
+// 	var addr uint64 = 0x34ce90 // System_Net_Http_System_Net_Http_HttpConnection__SendAsync_d__57__MoveNext 入口处
+
+// 	l, err := ex.Uprobe("", t.uprobes["SendAsync2"], &link.UprobeOptions{Address: addr})
+// 	if err != nil {
+// 		fmt.Println("failed to attach SendAsync2 uprobe", err)
+// 		return nil
+// 	}
+
+// 	links = append(links, l)
+
+// 	if len(links) == 0 {
+// 		return nil
+// 	}
+// 	fmt.Println("netcore uprobes SendAsync2 attached, pid is ", pid)
+// 	return links
+// }
+
+// func (t *Tracer) AttachNetCoreNetSendAsync2EndUprobes(pid uint32, insID utils.ID) []link.Link {
+// 	if t.disableL7Tracing {
+// 		return nil
+// 	}
+
+// 	var links []link.Link
+// 	ex, _ := link.OpenExecutable(libPath)
+
+// 	// 获取函数的偏移量
+// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))
+
+// 	var addrArray = []uint64{0x34f56c, 0x34f5af, 0x34f649, 0x34f6e3}
+
+// 	for _, addr := range addrArray {
+// 		l, err := ex.Uprobe("", t.uprobes["SendAsync2End"], &link.UprobeOptions{Address: addr})
+// 		if err != nil {
+// 			fmt.Println("failed to attach SendAsync2End uprobe", err)
+// 			return nil
+// 		}
+
+// 		links = append(links, l)
+// 	}
+
+// 	if len(links) == 0 {
+// 		return nil
+// 	}
+// 	fmt.Println("netcore uprobes SendAsync2End attached, pid is ", pid)
+// 	return links
+// }
+
+// func (t *Tracer) AttachNetCoreNetSocketConnectionStartStartUprobes(pid uint32, insID utils.ID) []link.Link {
+// 	if t.disableL7Tracing {
+// 		return nil
+// 	}
+
+// 	var links []link.Link
+// 	ex, err := link.OpenExecutable(libPath)
+
+// 	var addr uint64 = 0x25c4c0 // Microsoft_AspNetCore_Server_Kestrel_Transport_Sockets_Microsoft_AspNetCore_Server_Kestrel_Transport_Sockets_Internal_SocketConnection__Start 入口处
+
+// 	l, err := ex.Uprobe("", t.uprobes["SocketConnectionStartStart"], &link.UprobeOptions{Address: addr})
+// 	if err != nil {
+// 		fmt.Println("failed to attach SocketConnectionStartStart uprobe", err)
+// 		return nil
+// 	}
+
+// 	links = append(links, l)
+
+// 	if len(links) == 0 {
+// 		return nil
+// 	}
+// 	fmt.Println("netcore uprobes SocketConnectionStartStart attached, pid is ", pid)
+// 	return links
+// }
+
+// func (t *Tracer) AttachNetCoreNetSocketConnectionStartEndUprobes(pid uint32, insID utils.ID) []link.Link {
+// 	if t.disableL7Tracing {
+// 		return nil
+// 	}
+
+// 	var links []link.Link
+// 	ex, _ := link.OpenExecutable(libPath)
+
+// 	// 获取函数的偏移量
+// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))
+
+// 	var addrArray = []uint64{0x25c54e, 0x25c5c7}
+
+// 	for _, addr := range addrArray {
+// 		l, err := ex.Uprobe("", t.uprobes["SocketConnectionStartEnd"], &link.UprobeOptions{Address: addr})
+// 		if err != nil {
+// 			fmt.Println("failed to attach SocketConnectionStartEnd uprobe", err)
+// 			return nil
+// 		}
+
+// 		links = append(links, l)
+// 	}
+
+// 	if len(links) == 0 {
+// 		return nil
+// 	}
+// 	fmt.Println("netcore uprobes SocketConnectionStartEnd attached, pid is ", pid)
+// 	return links
+// }
+
+// func (t *Tracer) AttachNetCoreNetThreadUprobes(pid uint32, insID utils.ID) []link.Link {
+// 	if t.disableL7Tracing {
+// 		return nil
+// 	}
+
+// 	var links []link.Link
+// 	ex, err := link.OpenExecutable(libPath)
+
+// 	// 获取函数的偏移量
+// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))
+
+// 	fmt.Println("netcore uprobes AttachNetCoreNetThreadUprobes hook value, pid is ", functionSym.Value)
+
+// 	var addr uint64 = 0x97b766
+
+// 	l, err := ex.Uprobe("", t.uprobes["AcceptConnectionsAsync"], &link.UprobeOptions{Address: addr})
+// 	if err != nil {
+// 		fmt.Println("failed to attach AcceptConnectionsAsync uprobe", err)
+// 		return nil
+// 	}
+
+// 	links = append(links, l)
+
+// 	if len(links) == 0 {
+// 		return nil
+// 	}
+// 	fmt.Println("netcore uprobes AcceptConnectionsAsync attached, pid is ", pid)
+// 	return links
+// }
+
+// func (t *Tracer) AttachNetCoreNetCreateContextStartUprobes(pid uint32, insID utils.ID) []link.Link {
+// 	if t.disableL7Tracing {
+// 		return nil
+// 	}
+
+// 	var links []link.Link
+// 	ex, err := link.OpenExecutable(libPath)
+
+// 	// 获取函数的偏移量
+// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))
+
+// 	var addr uint64 = 0x97b60a
+
+// 	l, err := ex.Uprobe("", t.uprobes["CreateContextStart"], &link.UprobeOptions{Address: addr})
+// 	if err != nil {
+// 		fmt.Println("failed to attach CreateContextStart uprobe", err)
+// 		return nil
+// 	}
+
+// 	links = append(links, l)
+
+// 	if len(links) == 0 {
+// 		return nil
+// 	}
+// 	fmt.Println("netcore uprobes CreateContextStart attached, pid is ", pid)
+// 	return links
+// }
+
+// func (t *Tracer) AttachNetCoreNetReceiveStartUprobes(pid uint32, insID utils.ID) []link.Link {
+// 	if t.disableL7Tracing {
+// 		return nil
+// 	}
+
+// 	var links []link.Link
+// 	ex, err := link.OpenExecutable(libPath)
+
+// 	// 获取函数的偏移量
+// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))
+
+// 	var addr uint64 = 0xec7d0
+
+// 	l, err := ex.Uprobe("", t.uprobes["ReceiveStart"], &link.UprobeOptions{Address: addr})
+// 	if err != nil {
+// 		fmt.Println("failed to attach ReceiveStart uprobe", err)
+// 		return nil
+// 	}
+
+// 	links = append(links, l)
+
+// 	if len(links) == 0 {
+// 		return nil
+// 	}
+// 	fmt.Println("netcore uprobes ReceiveStart attached, pid is ", pid)
+// 	return links
+// }
+
+// func (t *Tracer) AttachNetCoreNetReceiveEndUprobes(pid uint32, insID utils.ID) []link.Link {
+// 	if t.disableL7Tracing {
+// 		return nil
+// 	}
+
+// 	var links []link.Link
+// 	ex, err := link.OpenExecutable(libPath)
+
+// 	// 获取函数的偏移量
+// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))
+
+// 	var addr uint64 = 0xec86e
+
+// 	l, err := ex.Uprobe("", t.uprobes["ReceiveEnd"], &link.UprobeOptions{Address: addr})
+// 	if err != nil {
+// 		fmt.Println("failed to attach ReceiveEnd uprobe", err)
+// 		return nil
+// 	}
+
+// 	links = append(links, l)
+
+// 	if len(links) == 0 {
+// 		return nil
+// 	}
+// 	fmt.Println("netcore uprobes ReceiveEnd attached, pid is ", pid)
+// 	return links
+// }
+
+// func (t *Tracer) AttachNetCoreNetSendStartUprobes(pid uint32, insID utils.ID) []link.Link {
+// 	if t.disableL7Tracing {
+// 		return nil
+// 	}
+
+// 	var links []link.Link
+// 	ex, err := link.OpenExecutable(libPath)
+
+// 	// 获取函数的偏移量
+// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))
+
+// 	var addr uint64 = 0xeca40
+
+// 	l, err := ex.Uprobe("", t.uprobes["SendStart"], &link.UprobeOptions{Address: addr})
+// 	if err != nil {
+// 		fmt.Println("failed to attach SendStart uprobe", err)
+// 		return nil
+// 	}
+
+// 	links = append(links, l)
+
+// 	if len(links) == 0 {
+// 		return nil
+// 	}
+// 	fmt.Println("netcore uprobes SendStart attached, pid is ", pid)
+// 	return links
+// }
+
+// func (t *Tracer) AttachNetCoreNetSendEndUprobes(pid uint32, insID utils.ID) []link.Link {
+// 	if t.disableL7Tracing {
+// 		return nil
+// 	}
+
+// 	var links []link.Link
+// 	ex, err := link.OpenExecutable(libPath)
+
+// 	// 获取函数的偏移量
+// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))
+
+// 	var addr uint64 = 0xecad1
+
+// 	l, err := ex.Uprobe("", t.uprobes["SendEnd"], &link.UprobeOptions{Address: addr})
+// 	if err != nil {
+// 		fmt.Println("failed to attach SendEnd uprobe", err)
+// 		return nil
+// 	}
+
+// 	links = append(links, l)
+
+// 	if len(links) == 0 {
+// 		return nil
+// 	}
+// 	fmt.Println("netcore uprobes SendEnd attached, pid is ", pid)
+// 	return links
+// }
+
+// func (t *Tracer) AttachNetCoreNetDoReceiveStartUprobes(pid uint32, insID utils.ID) []link.Link {
+// 	if t.disableL7Tracing {
+// 		return nil
+// 	}
+
+// 	var links []link.Link
+// 	ex, err := link.OpenExecutable(libPath)
+
+// 	// 获取函数的偏移量
+// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))
+
+// 	var addr uint64 = 0x260150
+
+// 	l, err := ex.Uprobe("", t.uprobes["DoReceiveStart"], &link.UprobeOptions{Address: addr})
+// 	if err != nil {
+// 		fmt.Println("failed to attach DoReceiveStart uprobe", err)
+// 		return nil
+// 	}
+
+// 	links = append(links, l)
+
+// 	if len(links) == 0 {
+// 		return nil
+// 	}
+// 	fmt.Println("netcore uprobes DoReceiveStart attached, pid is ", pid)
+// 	return links
+// }
+
+// func (t *Tracer) AttachNetCoreNetDoReceiveEndUprobes(pid uint32, insID utils.ID) []link.Link {
+// 	if t.disableL7Tracing {
+// 		return nil
+// 	}
+
+// 	var links []link.Link
+// 	ex, _ := link.OpenExecutable(libPath)
+
+// 	// 获取函数的偏移量
+// 	// memoryMap, _ := ReadFirstLineOfMapsFile(strconv.Itoa(int(pid)))
+
+// 	var addrArray = []uint64{0x2609ed, 0x260a4f, 0x260aa3, 0x260adb, 0x260b33}
+
+// 	for _, addr := range addrArray {
+// 		l, err := ex.Uprobe("", t.uprobes["DoReceiveEnd"], &link.UprobeOptions{Address: addr})
+// 		if err != nil {
+// 			fmt.Println("failed to attach DoReceiveEnd uprobe", err)
+// 			return nil
+// 		}
+
+// 		links = append(links, l)
+// 	}
+
+// 	if len(links) == 0 {
+// 		return nil
+// 	}
+// 	fmt.Println("netcore uprobes DoReceiveEnd attached, pid is ", pid)
+// 	return links
+// }

run.sh

@@ -1,18 +1,18 @@
-!/bin/sh
+#!/bin/sh
 # pid=`ps aux | grep ebpfdemo81 | grep -v grep | awk '{print $2}'`
 # echo $pid
-# TRACES_ENDPOINT=http://10.2.31.156:8099/docp/api/v2/data/receive BIN_TYPE=go SEND=1 FILTER_PID=$pid WHITE_LIST=".*HandleFunc|.*main.*|.*serverHandler.*|.*ServeHTTP.*" ./euspace --listen="0.0.0.0:8123"
+# TRACES_ENDPOINT=http://10.0.6.103:8099/docp/api/v2/data/receive BIN_TYPE=go SEND=1 FILTER_PID=$pid WHITE_LIST=".*HandleFunc|.*main.*|.*serverHandler.*|.*ServeHTTP.*" ./euspace --listen="0.0.0.0:8123"
 
 
 # pid=`ps aux | grep ./helloworld | grep -v grep | awk '{print $2}'`
 # echo $pid
-# TRACES_ENDPOINT=http://10.2.31.156:8099/docp/api/v2/data/receive BIN_TYPE=java DBG_PATH="/data/roger/graalvm/simplehttpserver.debug" SEND=1 FILTER_PID=$pid WHITE_LIST="main.*|addwj.*" ./euspace  --listen="0.0.0.0:8123"
+# TRACES_ENDPOINT=http://10.0.6.103:8099/docp/api/v2/data/receive BIN_TYPE=java DBG_PATH="/data/roger/graalvm/simplehttpserver.debug" SEND=1 FILTER_PID=$pid WHITE_LIST="main.*|addwj.*" ./euspace  --listen="0.0.0.0:8123"
 
 
-pid=`ps aux | grep ./simplehttpserver | grep -v grep | awk '{print $2}'`
-echo $pid
-TRACES_ENDPOINT=http://10.2.31.156:8099/docp/api/v2/data/receive BIN_TYPE=java DBG_PATH="/data/roger/graalvm/simplehttpserver.debug" SEND=1 FILTER_PID=$pid WHITE_LIST="handle*|addw.*" ./euspace  --listen="0.0.0.0:8124"
-
-# pid=`ps aux | grep CoreAoT | grep -v grep | awk '{print $2}'`
+# pid=`ps aux | grep ./simplehttpserver | grep -v grep | awk '{print $2}'`
 # echo $pid
-# TRACES_ENDPOINT=http://10.2.31.156:8099/docp/api/v2/data/receive BIN_TYPE=dotnet DBG_PATH="/data/roger/NET8/CoreAoT/bin/Release/net8.0/linux-x64/publish/CoreAoT.dbg" SEND=1 FILTER_PID=$pid WHITE_LIST="main.*|Addwj.*" ./euspace  --listen="0.0.0.0:8123"
+# TRACES_ENDPOINT=http://10.0.6.103:8099/docp/api/v2/data/receive BIN_TYPE=go DBG_PATH="" SEND=1 FILTER_PID=$pid WHITE_LIST="handle*|addw.*" ./euspace  --listen="0.0.0.0:8124"
+
+pid=`ps aux | grep CoreAoT | grep -v grep | awk '{print $2}'`
+echo $pid
+TRACES_ENDPOINT=http://10.0.6.103:8099/docp/api/v2/data/receive BIN_TYPE=dotnet DBG_PATH="/data/NET8/CoreAoT/bin/Debug/net8.0/linux-x64/publish/CoreAoT.dbg" SEND=1 FILTER_PID=$(pidof CoreAoT) WHITE_LIST="main.*|Addwj.*|CoreAoT_Program___Main__.*|*SocketConnection__Start*" ./euspace  --listen="0.0.0.0:8123"