Fixed #TASK_QT-9810 拼装数据。

containers/container.go

@@ -77,6 +77,7 @@ type AddrPair struct {
 
 type ActiveConnection struct {
 	Dest       netaddr.IPPort
+	Src 	   netaddr.IPPort
 	ActualDest netaddr.IPPort
 	Pid        uint32
 	Fd         uint64
@@ -94,7 +95,7 @@ type ActiveConnection struct {
 
 type ActiveAccept struct {
 	Dest       netaddr.IPPort
-	ActualDest netaddr.IPPort
+	Src 	   netaddr.IPPort
 	Pid        uint32
 	Fd         uint64
 	Timestamp  uint64
@@ -123,11 +124,14 @@ type K8sContainer struct {
 	pid           string
 }
 type ConnectionStats struct {
-	Count           uint64
-	TotalTime       time.Duration
-	Retransmissions uint64
-	BytesSent       uint64
-	BytesReceived   uint64
+	Count            uint64
+	TotalTime        time.Duration
+	Retransmissions  uint64
+	BytesSent        uint64
+	PerBytesSent     uint64
+	BytesReceived    uint64
+	PerBytesReceived uint64
+	Src 	   		 netaddr.IPPort
 }
 
 type AcceptStats struct {
@@ -367,13 +371,19 @@ func (c *Container) Collect(ch chan<- prometheus.Metric) {
 		}
 		ch <- counter(metrics.NetBytesSent, float64(stats.BytesSent), d.src.String(), d.dst.String())
 		ch <- counter(metrics.NetBytesReceived, float64(stats.BytesReceived), d.src.String(), d.dst.String())
-	}
 
-	for d, stats := range c.acceptsSuccessful {
-		ch <- counter(metrics.NetAcceptsSuccessful, float64(0), d.src.String(), d.dst.String())
-		ch <- counter(metrics.NetAcceptBytesSent, float64(stats.BytesSent), d.src.String(), d.dst.String())
-		ch <- counter(metrics.NetAcceptBytesReceived, float64(stats.BytesReceived), d.src.String(), d.dst.String())
+		klog.Infof("c.connectsSuccessful d.src=%s d.dst=%s stats.BytesSent=%d,stats.BytesReceived=%d stats.PerBytesSent=%d,stats.PerBytesReceived=%d", stats.Src.String(), d.dst.String(), stats.BytesSent, stats.BytesReceived, stats.PerBytesSent, stats.PerBytesReceived)
+		stats.PerBytesReceived = 0
+		stats.PerBytesSent = 0
 	}
+
+	// for d, stats := range c.acceptsSuccessful {
+	// 	ch <- counter(metrics.NetAcceptsSuccessful, float64(0), d.src.String(), d.dst.String())
+	// 	ch <- counter(metrics.NetAcceptBytesSent, float64(stats.BytesSent), d.src.String(), d.dst.String())
+	// 	ch <- counter(metrics.NetAcceptBytesReceived, float64(stats.BytesReceived), d.src.String(), d.dst.String())
+
+	// 	klog.Infof("c.acceptsSuccessful d.src=%s d.dst=%s stats.BytesSent=%d,stats.BytesReceived=%d", d.src.String(), d.dst.String(), stats.BytesSent, stats.BytesReceived)
+	// }
 	for dst, count := range c.connectsFailed {
 		ch <- counter(metrics.NetConnectionsFailed, float64(count), dst.String())
 	}
@@ -581,55 +591,55 @@ func (c *Container) onListenClose(pid uint32, addr netaddr.IPPort) {
 	}
 }
 
-func (c *Container) onAcceptOpen(pid uint32, fd uint64, src, dst netaddr.IPPort, timestamp uint64, failed bool, duration time.Duration) {
-	klog.Infof("accept pid=%d id=%s addr=%s", pid, c.id, dst.IP())
-	// if common.PortFilter.ShouldBeSkipped(dst.Port()) {
-	// 	return
-	// }
-	p := c.processes[pid]
-	if p == nil {
-		return
-	}
-	if dst.IP().IsLoopback() && !p.isHostNs() {
-		return
-	}
-	actualDst, err := c.getActualDestination(p, src, dst)
-	if err != nil {
-		if !common.IsNotExist(err) {
-			klog.Warningf("cannot open NetNs for pid %d: %s", pid, err)
-		}
-		return
-	}
-	switch {
-	case actualDst == nil:
-		actualDst = &dst
-	case actualDst.IP().IsLoopback() && !p.isHostNs():
-		return
-	}
-	// if common.ConnectionFilter.ShouldBeSkipped(dst.IP(), actualDst.IP()) {
-	// 	return
-	// }
-	c.lock.Lock()
-	defer c.lock.Unlock()
-	if !failed {
-		key := AddrPair{src: dst, dst: *actualDst}
-		stats := c.acceptsSuccessful[key]
-		if stats == nil {
-			stats = &AcceptStats{}
-			c.acceptsSuccessful[key] = stats
-		}
-		acceptCon := &ActiveAccept{
-			Dest:       dst,
-			ActualDest: *actualDst,
-			Pid:        pid,
-			Fd:         fd,
-			Timestamp:  timestamp,
-		}
-		c.acceptsActive[AddrPair{src: src, dst: dst}] = acceptCon
-		c.acceptsByPidFd[PidFd{Pid: pid, Fd: fd}] = acceptCon
-	}
-	c.acceptLastAttempt[dst] = time.Now()
-}
+// func (c *Container) onAcceptOpen(pid uint32, fd uint64, src, dst netaddr.IPPort, timestamp uint64, failed bool, duration time.Duration) {
+// 	klog.Infof("accept pid=%d id=%s dstaddr=%s srcaddr=%s", pid, c.id, dst.IP(), src.IP())
+// 	// if common.PortFilter.ShouldBeSkipped(dst.Port()) {
+// 	// 	return
+// 	// }
+// 	p := c.processes[pid]
+// 	if p == nil {
+// 		return
+// 	}
+// 	if dst.IP().IsLoopback() && !p.isHostNs() {
+// 		return
+// 	}
+// 	// actualDst, err := c.getActualDestination(p, src, dst)
+// 	// if err != nil {
+// 	// 	if !common.IsNotExist(err) {
+// 	// 		klog.Warningf("cannot open NetNs for pid %d: %s", pid, err)
+// 	// 	}
+// 	// 	return
+// 	// }
+// 	// switch {
+// 	// case actualDst == nil:
+// 	// 	actualDst = &dst
+// 	// case actualDst.IP().IsLoopback() && !p.isHostNs():
+// 	// 	return
+// 	// }
+// 	// if common.ConnectionFilter.ShouldBeSkipped(dst.IP(), actualDst.IP()) {
+// 	// 	return
+// 	// }
+// 	c.lock.Lock()
+// 	defer c.lock.Unlock()
+// 	if !failed {
+// 		key := AddrPair{src: dst, dst: src}
+// 		stats := c.acceptsSuccessful[key]
+// 		if stats == nil {
+// 			stats = &AcceptStats{}
+// 			c.acceptsSuccessful[key] = stats
+// 		}
+// 		acceptCon := &ActiveAccept{
+// 			Dest:       src,
+// 			Src: 		dst,
+// 			Pid:        pid,
+// 			Fd:         fd,
+// 			Timestamp:  timestamp,
+// 		}
+// 		c.acceptsActive[AddrPair{src: dst, dst: src}] = acceptCon
+// 		c.acceptsByPidFd[PidFd{Pid: pid, Fd: fd}] = acceptCon
+// 	}
+// 	c.acceptLastAttempt[dst] = time.Now()
+// }
 
 func (c *Container) onConnectionOpen(pid uint32, fd uint64, src, dst netaddr.IPPort, timestamp uint64, failed bool, duration time.Duration) {
 	if common.PortFilter.ShouldBeSkipped(dst.Port()) {
@@ -671,8 +681,10 @@ func (c *Container) onConnectionOpen(pid uint32, fd uint64, src, dst netaddr.IPP
 		}
 		stats.Count++
 		stats.TotalTime += duration
+		stats.Src = src
 		connection := &ActiveConnection{
 			Dest:       dst,
+			Src: 		src,
 			ActualDest: *actualDst,
 			Pid:        pid,
 			Fd:         fd,
@@ -730,21 +742,21 @@ func (c *Container) onConnectionClose(e ebpftracer.Event) {
 	}
 }
 
-func (c *Container) onAcceptClose(e ebpftracer.Event) {
-	c.lock.Lock()
-	conn := c.acceptsByPidFd[PidFd{Pid: e.Pid, Fd: e.Fd}]
-	c.lock.Unlock()
-	if conn != nil {
-		if conn.Closed.IsZero() {
-			if e.TrafficStats != nil {
-				c.lock.Lock()
-				c.updateAcceptTrafficStats(conn, e.TrafficStats.BytesSent, e.TrafficStats.BytesReceived)
-				c.lock.Unlock()
-			}
-			conn.Closed = time.Now()
-		}
-	}
-}
+// func (c *Container) onAcceptClose(e ebpftracer.Event) {
+// 	c.lock.Lock()
+// 	conn := c.acceptsByPidFd[PidFd{Pid: e.Pid, Fd: e.Fd}]
+// 	c.lock.Unlock()
+// 	if conn != nil {
+// 		if conn.Closed.IsZero() {
+// 			if e.TrafficStats != nil {
+// 				c.lock.Lock()
+// 				c.updateAcceptTrafficStats(conn, e.TrafficStats.BytesSent, e.TrafficStats.BytesReceived)
+// 				c.lock.Unlock()
+// 			}
+// 			conn.Closed = time.Now()
+// 		}
+// 	}
+// }
 
 func (c *Container) updateTrafficStats(u *TrafficStatsUpdate) {
 	if u == nil {
@@ -767,34 +779,36 @@ func (c *Container) updateConnectionTrafficStats(ac *ActiveConnection, sent, rec
 	}
 	if sent > ac.BytesSent {
 		stats.BytesSent += sent - ac.BytesSent
+		stats.PerBytesSent = sent - ac.BytesSent
 	}
 	if received > ac.BytesReceived {
 		stats.BytesReceived += received - ac.BytesReceived
+		stats.PerBytesReceived = received - ac.BytesReceived
 	}
 	ac.BytesSent = sent
 	ac.BytesReceived = received
 }
 
-func (c *Container) updateAcceptTrafficStats(ac *ActiveAccept, sent, received uint64) {
-	if ac == nil {
-		return
-	}
-	klog.Infoln("TCP onConnectionClose5", ac.BytesSent, ac.BytesReceived, ac)
-	key := AddrPair{src: ac.Dest, dst: ac.ActualDest}
-	stats := c.acceptsSuccessful[key]
-	if stats == nil {
-		stats = &AcceptStats{}
-		c.acceptsSuccessful[key] = stats
-	}
-	if sent > ac.BytesSent {
-		stats.BytesSent += sent - ac.BytesSent
-	}
-	if received > ac.BytesReceived {
-		stats.BytesReceived += received - ac.BytesReceived
-	}
-	ac.BytesSent = sent
-	ac.BytesReceived = received
-}
+// func (c *Container) updateAcceptTrafficStats(ac *ActiveAccept, sent, received uint64) {
+// 	if ac == nil {
+// 		return
+// 	}
+// 	klog.Infoln("TCP onConnectionClose5", ac.BytesSent, ac.BytesReceived, ac)
+// 	key := AddrPair{src: ac.Src, dst: ac.Dest}
+// 	stats := c.acceptsSuccessful[key]
+// 	if stats == nil {
+// 		stats = &AcceptStats{}
+// 		c.acceptsSuccessful[key] = stats
+// 	}
+// 	if sent > ac.BytesSent {
+// 		stats.BytesSent += sent - ac.BytesSent
+// 	}
+// 	if received > ac.BytesReceived {
+// 		stats.BytesReceived += received - ac.BytesReceived
+// 	}
+// 	ac.BytesSent = sent
+// 	ac.BytesReceived = received
+// }
 
 func (c *Container) onDNSRequest(r *l7.RequestData) (map[netaddr.IP]string, string, string) {
 	status := r.Status.DNS()
@@ -1206,23 +1220,23 @@ func (c *Container) gc(now time.Time) {
 		}
 	}
 
-	for srcDst, conn := range c.acceptsActive {
-		pidFd := PidFd{Pid: conn.Pid, Fd: conn.Fd}
-		if _, ok := established[srcDst]; !ok {
-			delete(c.acceptsActive, srcDst)
-			if conn == c.acceptsByPidFd[pidFd] {
-				delete(c.acceptsByPidFd, pidFd)
-			}
-			continue
-		}
+	// for srcDst, conn := range c.acceptsActive {
+	// 	pidFd := PidFd{Pid: conn.Pid, Fd: conn.Fd}
+	// 	if _, ok := established[srcDst]; !ok {
+	// 		delete(c.acceptsActive, srcDst)
+	// 		if conn == c.acceptsByPidFd[pidFd] {
+	// 			delete(c.acceptsByPidFd, pidFd)
+	// 		}
+	// 		continue
+	// 	}
 
-		if !conn.Closed.IsZero() && now.Sub(conn.Closed) > gcInterval {
-			delete(c.acceptsActive, srcDst)
-			if conn == c.acceptsByPidFd[pidFd] {
-				delete(c.acceptsByPidFd, pidFd)
-			}
-		}
-	}
+	// 	if !conn.Closed.IsZero() && now.Sub(conn.Closed) > gcInterval {
+	// 		delete(c.acceptsActive, srcDst)
+	// 		if conn == c.acceptsByPidFd[pidFd] {
+	// 			delete(c.acceptsByPidFd, pidFd)
+	// 		}
+	// 	}
+	// }
 
 	for _, conn := range c.connectionsByPidFd {
 
@@ -1231,12 +1245,12 @@ func (c *Container) gc(now time.Time) {
 		}
 	}
 
-	for _, conn := range c.acceptsByPidFd {
+	// for _, conn := range c.acceptsByPidFd {
 
-		if _, ok := fdMap[conn.Fd]; !ok {
-			delete(c.acceptsByPidFd, PidFd{Pid: conn.Pid, Fd: conn.Fd})
-		}
-	}
+	// 	if _, ok := fdMap[conn.Fd]; !ok {
+	// 		delete(c.acceptsByPidFd, PidFd{Pid: conn.Pid, Fd: conn.Fd})
+	// 	}
+	// }
 
 	for dst, at := range c.connectLastAttempt {
 		_, active := establishedDst[dst]
@@ -1252,18 +1266,18 @@ func (c *Container) gc(now time.Time) {
 		}
 	}
 
-	for dst, at := range c.acceptLastAttempt {
-		_, active := establishedDst[dst]
-		if !active && !at.IsZero() && now.Sub(at) > gcInterval {
-			delete(c.acceptLastAttempt, dst)
-			for d := range c.acceptsSuccessful {
-				if d.src == dst {
-					delete(c.acceptsSuccessful, d)
-				}
-			}
-			c.l7Stats.delete(dst)
-		}
-	}
+	// for dst, at := range c.acceptLastAttempt {
+	// 	_, active := establishedDst[dst]
+	// 	if !active && !at.IsZero() && now.Sub(at) > gcInterval {
+	// 		delete(c.acceptLastAttempt, dst)
+	// 		for d := range c.acceptsSuccessful {
+	// 			if d.src == dst {
+	// 				delete(c.acceptsSuccessful, d)
+	// 			}
+	// 		}
+	// 		c.l7Stats.delete(dst)
+	// 	}
+	// }
 }
 
 func (c *Container) revalidateListens(now time.Time, actualListens map[netaddr.IPPort]string) {

containers/registry.go

@@ -365,27 +365,14 @@ func (r *Registry) handleEvents(ch <-chan ebpftracer.Event) {
 				} else {
 					klog.Infoln("TCP listen open from unknown container", e)
 				}
-			case ebpftracer.EventTypeAcceptOpen:
-				klog.Infoln("ebpftracer.EventTypeAcceptOpen==================", e.Pid)
-				if c := r.getOrCreateContainer(e.Pid); c != nil {
-					c.onAcceptOpen(e.Pid, e.Fd, e.SrcAddr, e.DstAddr, e.Timestamp, false, e.Duration)
-					c.eventReady()
-					// if common.IsOpenFilter() && common.IsFilterPid(e.Pid) {
-					// 	c.WhiteSettingInfo.AppName = enums.TestApp
-					// 	err := c.RegisterAppInfo(r, e.Pid)
-					// 	if err != nil {
-					// 		klog.WithError(err).Errorf("[registry] Failed registerAppInfo. pid is %d", e.Pid)
-					// 		continue
-					// 	}
-					// 	c.attachUprobes(r.tracer, e.Pid)
-					// 	err = c.StackTrace(r.tracer, e.Pid)
-					// 	if err != nil {
-					// 		klog.Errorf("Stack trace error", err)
-					// 	}
-					// }
-				} else {
-					klog.Infoln("TCP connection from unknown container", e)
-				}
+			// case ebpftracer.EventTypeAcceptOpen:
+			// 	klog.Infoln("ebpftracer.EventTypeAcceptOpen==================", e.Pid)
+			// 	if c := r.getOrCreateContainer(e.Pid); c != nil {
+			// 		c.onAcceptOpen(e.Pid, e.Fd, e.SrcAddr, e.DstAddr, e.Timestamp, false, e.Duration)
+			// 		c.eventReady()
+			// 	} else {
+			// 		klog.Infoln("TCP connection from unknown container", e)
+			// 	}
 			case ebpftracer.EventTypeConnectionOpen:
 				//fmt.Println("ebpftracer.EventTypeConnectionOpen==================", e.Pid)
 				if c := r.getOrCreateContainer(e.Pid); c != nil {
@@ -421,10 +408,10 @@ func (r *Registry) handleEvents(ch <-chan ebpftracer.Event) {
 				if c := r.containersByPid[e.Pid]; c != nil {
 					c.onConnectionClose(e)
 				}
-			case ebpftracer.EventTypeAcceptClose:
-				if c := r.containersByPid[e.Pid]; c != nil {
-					c.onAcceptClose(e)
-				}
+			// case ebpftracer.EventTypeAcceptClose:
+			// 	if c := r.containersByPid[e.Pid]; c != nil {
+			// 		c.onAcceptClose(e)
+			// 	}
 			case ebpftracer.EventTypeTCPRetransmit:
 				srcDst := AddrPair{src: e.SrcAddr, dst: e.DstAddr}
 				for _, c := range r.containersById {

ebpftracer/ebpf/l7/l7.c

@@ -445,25 +445,25 @@ int trace_enter_write(void *ctx, __u64 fd, __u16 is_tls, char *buf, __u64 size,
 //        cw_bpf_debug("e->test_id1111:%d", ttt->test_id);
 	    cw_bpf_debug("HTTP_END");
 
-        //TODO 4 查询 
-        cw_bpf_debug("socket accept bytes_sent cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
-        struct connection *accept_conn = bpf_map_lookup_elem(&active_accepts, &cid);
-        if (accept_conn && !is_tls) {
-            cw_bpf_debug("socket accept bytes_sent after cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
-            __sync_fetch_and_add(&accept_conn->bytes_sent, total_size);
-        }
+        // //TODO 4 查询 
+        // cw_bpf_debug("socket accept bytes_sent cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
+        // struct connection *accept_conn = bpf_map_lookup_elem(&active_accepts, &cid);
+        // if (accept_conn && !is_tls) {
+        //     cw_bpf_debug("socket accept bytes_sent after cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
+        //     __sync_fetch_and_add(&accept_conn->bytes_sent, total_size);
+        // }
         return 0;
     }
 
     struct connection *conn = bpf_map_lookup_elem(&active_connections, &cid);
     if (!conn) {
         //TODO 4 查询 
-        cw_bpf_debug("socket accept bytes_sent cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
-        struct connection *accept_conn = bpf_map_lookup_elem(&active_accepts, &cid);
-        if (accept_conn && !is_tls) {
-            cw_bpf_debug("socket accept bytes_sent after cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
-            __sync_fetch_and_add(&accept_conn->bytes_sent, total_size);
-        }
+        // cw_bpf_debug("socket accept bytes_sent cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
+        // struct connection *accept_conn = bpf_map_lookup_elem(&active_accepts, &cid);
+        // if (accept_conn && !is_tls) {
+        //     cw_bpf_debug("socket accept bytes_sent after cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
+        //     __sync_fetch_and_add(&accept_conn->bytes_sent, total_size);
+        // }
         return 0;
     }
 
@@ -784,24 +784,24 @@ int trace_exit_read(void *ctx, __u64 id, __u32 pid, __u16 is_tls, long int ret)
         cw_bpf_debug("[Receive][HTTP] to user space");
 
         // 作为服务端统计 bytes_received 使用
-        struct connection *accept_conn = bpf_map_lookup_elem(&active_accepts, &cid);
-        cw_bpf_debug("socket accept bytes_received cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
-        if (accept_conn && !is_tls){
-            cw_bpf_debug("socket accept bytes_received after cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
-            __sync_fetch_and_add(&accept_conn->bytes_received, total_size);
-        }
+        // struct connection *accept_conn = bpf_map_lookup_elem(&active_accepts, &cid);
+        // cw_bpf_debug("socket accept bytes_received cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
+        // if (accept_conn && !is_tls){
+        //     cw_bpf_debug("socket accept bytes_received after cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
+        //     __sync_fetch_and_add(&accept_conn->bytes_received, total_size);
+        // }
         return 0;
     }
 
     struct connection *conn = bpf_map_lookup_elem(&active_connections, &cid);
     if (args && !conn) {
         bpf_map_delete_elem(&active_reads, &id);
-        struct connection *accept_conn = bpf_map_lookup_elem(&active_accepts, &cid);
-        cw_bpf_debug("socket accept bytes_received cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
-        if (accept_conn && !is_tls){
-            cw_bpf_debug("socket accept bytes_received after cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
-            __sync_fetch_and_add(&accept_conn->bytes_received, total_size);
-        }
+        // struct connection *accept_conn = bpf_map_lookup_elem(&active_accepts, &cid);
+        // cw_bpf_debug("socket accept bytes_received cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
+        // if (accept_conn && !is_tls){
+        //     cw_bpf_debug("socket accept bytes_received after cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
+        //     __sync_fetch_and_add(&accept_conn->bytes_received, total_size);
+        // }
         return 0;
     }
 

ebpftracer/ebpf/tcp/state.c

@@ -29,11 +29,11 @@ struct {
     __uint(value_size, sizeof(int));
 } tcp_connect_events SEC(".maps");
 
-struct {
-    __uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
-    __uint(key_size, sizeof(int));
-    __uint(value_size, sizeof(int));
-} tcp_accept_events SEC(".maps");
+// struct {
+//     __uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
+//     __uint(key_size, sizeof(int));
+//     __uint(value_size, sizeof(int));
+// } tcp_accept_events SEC(".maps");
 
 struct trace_event_raw_inet_sock_set_state__stub {
     __u64 unused;
@@ -86,12 +86,12 @@ struct {
     __uint(max_entries, MAX_CONNECTIONS);
 } active_connections SEC(".maps");
 
-struct {
-    __uint(type, BPF_MAP_TYPE_LRU_HASH);
-    __uint(key_size, sizeof(struct connection_id));
-    __uint(value_size, sizeof(struct connection));
-    __uint(max_entries, MAX_CONNECTIONS);
-} active_accepts SEC(".maps");
+// struct {
+//     __uint(type, BPF_MAP_TYPE_LRU_HASH);
+//     __uint(key_size, sizeof(struct connection_id));
+//     __uint(value_size, sizeof(struct connection));
+//     __uint(max_entries, MAX_CONNECTIONS);
+// } active_accepts SEC(".maps");
 
 
 SEC("tracepoint/sock/inet_sock_set_state")
@@ -245,21 +245,21 @@ int sys_enter_close(void *ctx) {
         bpf_perf_event_output(ctx, &tcp_connect_events, BPF_F_CURRENT_CPU, &e, sizeof(e));
         bpf_map_delete_elem(&active_connections, &cid);
     }
-    cw_bpf_debug("socket accept socket sys_enter_close accept_Connection before cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
-    struct connection *acceptConn = bpf_map_lookup_elem(&active_accepts, &cid);
-    if (acceptConn) {
-        struct tcp_event e = {};
-        e.type = EVENT_TYPE_ACCEPT_CLOSE;
-        e.pid = cid.pid;
-        e.fd = cid.fd;
-        e.bytes_sent = acceptConn->bytes_sent;
-        e.bytes_received = acceptConn->bytes_received;
-        e.timestamp = acceptConn->timestamp;
-        bpf_perf_event_output(ctx, &tcp_accept_events, BPF_F_CURRENT_CPU, &e, sizeof(e));
-        bpf_map_delete_elem(&active_accepts, &cid);
-        cw_bpf_debug("socket accept socket sys_enter_close accept_Connection cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
-        cw_bpf_debug("socket accept socket sys_enter_close accept_Connection cid.bytes_sent=%d, cid.bytes_received=%d\n", e.bytes_sent, e.bytes_received);
-    }
+    // cw_bpf_debug("socket accept socket sys_enter_close accept_Connection before cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
+    // struct connection *acceptConn = bpf_map_lookup_elem(&active_accepts, &cid);
+    // if (acceptConn) {
+    //     struct tcp_event e = {};
+    //     e.type = EVENT_TYPE_ACCEPT_CLOSE;
+    //     e.pid = cid.pid;
+    //     e.fd = cid.fd;
+    //     e.bytes_sent = acceptConn->bytes_sent;
+    //     e.bytes_received = acceptConn->bytes_received;
+    //     e.timestamp = acceptConn->timestamp;
+    //     bpf_perf_event_output(ctx, &tcp_accept_events, BPF_F_CURRENT_CPU, &e, sizeof(e));
+    //     bpf_map_delete_elem(&active_accepts, &cid);
+    //     cw_bpf_debug("socket accept socket sys_enter_close accept_Connection cid.pid=%d, cid.fd=%d\n", cid.pid, cid.fd);
+    //     cw_bpf_debug("socket accept socket sys_enter_close accept_Connection cid.bytes_sent=%d, cid.bytes_received=%d\n", e.bytes_sent, e.bytes_received);
+    // }
 
     //TODO 2，增加active_accept 对应的判断，类比234行操作，新增EVENT_TYPE_accept_conn_CLOSE类型
 
@@ -267,174 +267,174 @@ int sys_enter_close(void *ctx) {
     return 0;
 }
 
-void u32_to_ip(__u32 ip, unsigned char* bytes) {  
-    // 将32位整数拆分为四个8位整数  
-    // unsigned char bytes[4];  
-    bytes[15] = (ip >> 24) & 0xFF;  
-    bytes[14] = (ip >> 16) & 0xFF;  
-    bytes[13] = (ip >> 8) & 0xFF;  
-    bytes[12] = ip & 0xFF;  
-    bytes[11] = 0xFF;  
-    bytes[10] = 0xFF;  
+// void u32_to_ip(__u32 ip, unsigned char* bytes) {  
+//     // 将32位整数拆分为四个8位整数  
+//     // unsigned char bytes[4];  
+//     bytes[15] = (ip >> 24) & 0xFF;  
+//     bytes[14] = (ip >> 16) & 0xFF;  
+//     bytes[13] = (ip >> 8) & 0xFF;  
+//     bytes[12] = ip & 0xFF;  
+//     bytes[11] = 0xFF;  
+//     bytes[10] = 0xFF;  
 
-    // 使用sprintf将这些整数格式化为字符串  
-    cw_bpf_debug("[Go] [socket/IP: %u.%u", bytes[15], bytes[14]);  
-    cw_bpf_debug("[Go] [socket/IP: %u.%u", bytes[13], bytes[12]);  
-}  
+//     // 使用sprintf将这些整数格式化为字符串  
+//     cw_bpf_debug("[Go] [socket/IP: %u.%u", bytes[15], bytes[14]);  
+//     cw_bpf_debug("[Go] [socket/IP: %u.%u", bytes[13], bytes[12]);  
+// }  
 
 
 // 用于存储文件描述符和套接字指针的 map  
-struct {  
-    __uint(type, BPF_MAP_TYPE_HASH);  
-    __type(key, __u64);  // 使用进程 ID 作为键  
-    __type(value, struct sock *);  
-    __uint(max_entries, 1024);  
-} socket_map SEC(".maps");  
-
-
-struct ipv4_tuple_t {  
-    __u32 saddr;  
-    __u32 daddr;  
-    __u16 sport;  
-    __u16 dport;  
-    __u8  protocol;  
-};
-
-SEC("kretprobe/inet_csk_accept")
-int kprobeinet_csk_accept(struct pt_regs *ctx) {
-    cw_bpf_debug("socket inet_csk_accept Connection exit pid_tgid: pid_tgid=\n");
-    __u64 pid_tgid = bpf_get_current_pid_tgid();
-    cw_bpf_debug("socket inet_csk_accept Connection exit pid_tgid: pid_tgid=%d\n", pid_tgid);
-    struct sock *sk = (struct sock *)PT_REGS_RC(ctx);
-    // __u16 family = 0;
-    // bpf_probe_read(&family, sizeof(family), &sk->__sk_common.skc_family);
-    // cw_bpf_debug("socket inet_csk_accept Connection family: family=%d\n", family);
-    // if (family == AF_INET)
-	// {
-    //     cw_bpf_debug("socket inet_csk_accept Connection family: IPv4=%d\n", family);
-    // }
-    // struct ipv4_tuple_t tuple = {};  
-    // // 从 __sk_common 获取信息  
-    // bpf_probe_read(&tuple.saddr, sizeof(tuple.saddr), &sk->__sk_common.skc_rcv_saddr);  
-    // bpf_probe_read(&tuple.daddr, sizeof(tuple.daddr), &sk->__sk_common.skc_daddr);  
-    // bpf_probe_read(&tuple.sport, sizeof(tuple.sport), &sk->__sk_common.skc_num);  
-    // bpf_probe_read(&tuple.dport, sizeof(tuple.dport), &sk->__sk_common.skc_dport);  
-
-    // tuple.sport = bpf_ntohs(tuple.sport);  
-    // tuple.dport = bpf_ntohs(tuple.dport);
-
-    // __u64 hash;
-    // bpf_probe_read(&hash, sizeof(hash), &sk->__sk_common.skc_hash);
-
-    // cw_bpf_debug("socket inet_csk_accept Connection accepted: sk=%x, hash: %lld\n", sk, hash);
-    // cw_bpf_debug("socket inet_csk_accept Connection accepted: dport=%d, lport=%d\n", tuple.dport, tuple.sport);
-    // cw_bpf_debug("socket inet_csk_accept Connection accepted: saddr=%lld, daddr=%lld\n", tuple.saddr, tuple.daddr);
-    // u32_to_ip(tuple.saddr);
-    // u32_to_ip(tuple.daddr);
-    // 将进程 ID 关联到 `struct sock` 指针  
-    bpf_map_update_elem(&socket_map, &pid_tgid, &sk, BPF_ANY);  
-
-    return 0;
-}
-
-struct sys_exit_accept4_ctx {
-	__u64 __unused_syscall_header;
-	__u32 __unused_syscall_nr;
-	long ret;
-};
-struct sys_enter_accept4_ctx {
-	__u64 __unused_syscall_header;
-	__u32 __unused_syscall_nr;
-
-	long fd;
-	__u64 *sockaddr;
-	int addrlen;
-};
+// struct {  
+//     __uint(type, BPF_MAP_TYPE_HASH);  
+//     __type(key, __u64);  // 使用进程 ID 作为键  
+//     __type(value, struct sock *);  
+//     __uint(max_entries, 1024);  
+// } socket_map SEC(".maps");  
+
+
+// struct ipv4_tuple_t {  
+//     __u32 saddr;  
+//     __u32 daddr;  
+//     __u16 sport;  
+//     __u16 dport;  
+//     __u8  protocol;  
+// };
+
+// SEC("kretprobe/inet_csk_accept")
+// int kprobeinet_csk_accept(struct pt_regs *ctx) {
+//     cw_bpf_debug("socket inet_csk_accept Connection exit pid_tgid: pid_tgid=\n");
+//     __u64 pid_tgid = bpf_get_current_pid_tgid();
+//     cw_bpf_debug("socket inet_csk_accept Connection exit pid_tgid: pid_tgid=%d\n", pid_tgid);
+//     struct sock *sk = (struct sock *)PT_REGS_RC(ctx);
+//     // __u16 family = 0;
+//     // bpf_probe_read(&family, sizeof(family), &sk->__sk_common.skc_family);
+//     // cw_bpf_debug("socket inet_csk_accept Connection family: family=%d\n", family);
+//     // if (family == AF_INET)
+// 	// {
+//     //     cw_bpf_debug("socket inet_csk_accept Connection family: IPv4=%d\n", family);
+//     // }
+//     // struct ipv4_tuple_t tuple = {};  
+//     // // 从 __sk_common 获取信息  
+//     // bpf_probe_read(&tuple.saddr, sizeof(tuple.saddr), &sk->__sk_common.skc_rcv_saddr);  
+//     // bpf_probe_read(&tuple.daddr, sizeof(tuple.daddr), &sk->__sk_common.skc_daddr);  
+//     // bpf_probe_read(&tuple.sport, sizeof(tuple.sport), &sk->__sk_common.skc_num);  
+//     // bpf_probe_read(&tuple.dport, sizeof(tuple.dport), &sk->__sk_common.skc_dport);  
+
+//     // tuple.sport = bpf_ntohs(tuple.sport);  
+//     // tuple.dport = bpf_ntohs(tuple.dport);
+
+//     // __u64 hash;
+//     // bpf_probe_read(&hash, sizeof(hash), &sk->__sk_common.skc_hash);
+
+//     // cw_bpf_debug("socket inet_csk_accept Connection accepted: sk=%x, hash: %lld\n", sk, hash);
+//     // cw_bpf_debug("socket inet_csk_accept Connection accepted: dport=%d, lport=%d\n", tuple.dport, tuple.sport);
+//     // cw_bpf_debug("socket inet_csk_accept Connection accepted: saddr=%lld, daddr=%lld\n", tuple.saddr, tuple.daddr);
+//     // u32_to_ip(tuple.saddr);
+//     // u32_to_ip(tuple.daddr);
+//     // 将进程 ID 关联到 `struct sock` 指针  
+//     bpf_map_update_elem(&socket_map, &pid_tgid, &sk, BPF_ANY);  
+
+//     return 0;
+// }
+
+// struct sys_exit_accept4_ctx {
+// 	__u64 __unused_syscall_header;
+// 	__u32 __unused_syscall_nr;
+// 	long ret;
+// };
+// struct sys_enter_accept4_ctx {
+// 	__u64 __unused_syscall_header;
+// 	__u32 __unused_syscall_nr;
+
+// 	long fd;
+// 	__u64 *sockaddr;
+// 	int addrlen;
+// };
 // 在系统调用accept返回时挂钩获取文件描述符  
-SEC("tracepoint/syscalls/sys_enter_accept4")  
-int tracepoint__sys_enter_accept4(struct sys_enter_accept4_ctx *ctx) {  
-    __u64 pid_tgid = bpf_get_current_pid_tgid();  
-    cw_bpf_debug("[Go] [socket/tracepoint__sys_entry_accept4]getget: rdi_ptr::pid: %d,-- %d\n", pid_tgid, ctx->fd);
-    return 0;  
-}  
+// SEC("tracepoint/syscalls/sys_enter_accept4")  
+// int tracepoint__sys_enter_accept4(struct sys_enter_accept4_ctx *ctx) {  
+//     __u64 pid_tgid = bpf_get_current_pid_tgid();  
+//     cw_bpf_debug("[Go] [socket/tracepoint__sys_entry_accept4]getget: rdi_ptr::pid: %d,-- %d\n", pid_tgid, ctx->fd);
+//     return 0;  
+// }  
 
 // 在系统调用accept返回时挂钩获取文件描述符  
-SEC("tracepoint/syscalls/sys_exit_accept4")  
-int tracepoint__sys_exit_accept4(struct sys_exit_accept4_ctx *ctx) {  
-    long fd = ctx->ret;  
-    __u64 pid_tgid = bpf_get_current_pid_tgid();  
-    cw_bpf_debug("[Go] [socket/tracepoint__sys_exit_accept4]getget: rdi_ptr::pid: %d,-- %d\n", pid_tgid, fd);
-    // bpf_map_update_elem(&fd_by_pid_tgid, &pid_tgid, &fd, BPF_ANY);
-    struct sock **skp;  
-    // 从 map 中获取 `struct sock` 指针  
-    skp = bpf_map_lookup_elem(&socket_map, &pid_tgid);  
-    if (skp && fd > 0) {
-        struct sock *sk = *skp;
-        __u16 family = 0;
-        bpf_probe_read(&family, sizeof(family), &sk->__sk_common.skc_family);
-        cw_bpf_debug("socket sys_exit_accept4 family: family=%d\n", family);
-        if (family == AF_INET)
-        {
-            cw_bpf_debug("socket sys_exit_accept4 family: IPv4=%d\n", family);
-        }
-        struct ipv4_tuple_t tuple = {};  
-        // 从 __sk_common 获取信息  
-        bpf_probe_read(&tuple.saddr, sizeof(tuple.saddr), &sk->__sk_common.skc_rcv_saddr);  
-        bpf_probe_read(&tuple.daddr, sizeof(tuple.daddr), &sk->__sk_common.skc_daddr);  
-        bpf_probe_read(&tuple.sport, sizeof(tuple.sport), &sk->__sk_common.skc_num);  
-        bpf_probe_read(&tuple.dport, sizeof(tuple.dport), &sk->__sk_common.skc_dport);  
-
-        tuple.sport = bpf_ntohs(tuple.sport);  
-        tuple.dport = bpf_ntohs(tuple.dport);
-
-        __u64 hash;
-        bpf_probe_read(&hash, sizeof(hash), &sk->__sk_common.skc_hash);
-
-        cw_bpf_debug("socket sys_exit_accept4 sk=%x, hash: %lld\n", sk, hash);
-        cw_bpf_debug("socket sys_exit_accept4 dport=%d, lport=%d\n", tuple.dport, tuple.sport);
-        cw_bpf_debug("socket sys_exit_accept4 saddr=%lld, daddr=%lld\n", tuple.saddr, tuple.daddr);
-        unsigned char saddr[16] = {};
-        unsigned char daddr[16] = {};
-        u32_to_ip(tuple.saddr, saddr);
-        u32_to_ip(tuple.daddr, daddr);
-
-        void *map = &tcp_accept_events;
-
-        struct tcp_event e = {};
-
-        e.type = EVENT_TYPE_ACCEPT_OPEN;
-        e.duration = 0;
-        e.timestamp = 0;
-        e.pid = pid_tgid >> 32;
-        e.sport = tuple.sport;
-        e.dport = tuple.dport;
-        e.fd = fd;
-        __builtin_memcpy(&e.saddr, &saddr, sizeof(e.saddr));
-        __builtin_memcpy(&e.daddr, &daddr, sizeof(e.daddr));
-        cw_bpf_debug("socket sys_exit_accept4 addraddraddr saddr=%llu, saddr=%llu\n", e.saddr[10], e.saddr[11]);
-        cw_bpf_debug("socket sys_exit_accept4 addraddraddr saddr=%llu, saddr=%llu\n", e.saddr[12], e.saddr[13]);
-        cw_bpf_debug("socket sys_exit_accept4 addraddraddr saddr=%llu, saddr=%llu\n", e.saddr[14], e.saddr[15]);
-
-        cw_bpf_debug("socket sys_exit_accept4 addraddraddr daddr=%llu, daddr=%llu\n", e.daddr[10], e.daddr[11]);
-        cw_bpf_debug("socket sys_exit_accept4 addraddraddr daddr=%llu, daddr=%llu\n", e.daddr[12], e.daddr[13]);
-        cw_bpf_debug("socket sys_exit_accept4 addraddraddr daddr=%llu, daddr=%llu\n", e.daddr[14], e.daddr[15]);
-
-        bpf_perf_event_output(ctx, map, BPF_F_CURRENT_CPU, &e, sizeof(e));
-        struct connection_id cid = {};
-        cid.pid = pid_tgid >> 32;
-        cid.fd = fd;
-
-        struct connection conn = {};
-        conn.timestamp = bpf_ktime_get_ns();
-        cw_bpf_debug("socket accept update active_accepts before cid.pid=%d, cid.fd=%lld\n", cid.pid, cid.fd);
-        bpf_map_update_elem(&active_accepts, &cid, &conn, BPF_ANY);
-        cw_bpf_debug("socket accept update active_accepts after cid.pid=%d, cid.fd=%lld\n", cid.pid, cid.fd);
-
-        // TODO 1: tcp_accept_events 把数据发到go层。update active_accept 定义一个 e.type
-    }
-
-    // 从地图中移除项目，避免泄漏  
-    bpf_map_delete_elem(&socket_map, &pid_tgid);  
-
-    return 0;  
-}  
+// SEC("tracepoint/syscalls/sys_exit_accept4")  
+// int tracepoint__sys_exit_accept4(struct sys_exit_accept4_ctx *ctx) {  
+//     long fd = ctx->ret;  
+//     __u64 pid_tgid = bpf_get_current_pid_tgid();  
+//     cw_bpf_debug("[Go] [socket/tracepoint__sys_exit_accept4]getget: rdi_ptr::pid: %d,-- %d\n", pid_tgid, fd);
+//     // bpf_map_update_elem(&fd_by_pid_tgid, &pid_tgid, &fd, BPF_ANY);
+//     struct sock **skp;  
+//     // 从 map 中获取 `struct sock` 指针  
+//     skp = bpf_map_lookup_elem(&socket_map, &pid_tgid);  
+//     if (skp && fd > 0) {
+//         struct sock *sk = *skp;
+//         __u16 family = 0;
+//         bpf_probe_read(&family, sizeof(family), &sk->__sk_common.skc_family);
+//         cw_bpf_debug("socket sys_exit_accept4 family: family=%d\n", family);
+//         if (family == AF_INET)
+//         {
+//             cw_bpf_debug("socket sys_exit_accept4 family: IPv4=%d\n", family);
+//         }
+//         struct ipv4_tuple_t tuple = {};  
+//         // 从 __sk_common 获取信息  
+//         bpf_probe_read(&tuple.saddr, sizeof(tuple.saddr), &sk->__sk_common.skc_rcv_saddr);  
+//         bpf_probe_read(&tuple.daddr, sizeof(tuple.daddr), &sk->__sk_common.skc_daddr);  
+//         bpf_probe_read(&tuple.sport, sizeof(tuple.sport), &sk->__sk_common.skc_num);  
+//         bpf_probe_read(&tuple.dport, sizeof(tuple.dport), &sk->__sk_common.skc_dport);  
+
+//         tuple.sport = bpf_ntohs(tuple.sport);  
+//         tuple.dport = bpf_ntohs(tuple.dport);
+
+//         __u64 hash;
+//         bpf_probe_read(&hash, sizeof(hash), &sk->__sk_common.skc_hash);
+
+//         cw_bpf_debug("socket sys_exit_accept4 sk=%x, hash: %lld\n", sk, hash);
+//         cw_bpf_debug("socket sys_exit_accept4 dport=%d, lport=%d\n", tuple.dport, tuple.sport);
+//         cw_bpf_debug("socket sys_exit_accept4 saddr=%lld, daddr=%lld\n", tuple.saddr, tuple.daddr);
+//         unsigned char saddr[16] = {};
+//         unsigned char daddr[16] = {};
+//         u32_to_ip(tuple.saddr, saddr);
+//         u32_to_ip(tuple.daddr, daddr);
+
+//         void *map = &tcp_accept_events;
+
+//         struct tcp_event e = {};
+
+//         e.type = EVENT_TYPE_ACCEPT_OPEN;
+//         e.duration = 0;
+//         e.timestamp = 0;
+//         e.pid = pid_tgid >> 32;
+//         e.sport = tuple.sport;
+//         e.dport = tuple.dport;
+//         e.fd = fd;
+//         __builtin_memcpy(&e.saddr, &saddr, sizeof(e.saddr));
+//         __builtin_memcpy(&e.daddr, &daddr, sizeof(e.daddr));
+//         cw_bpf_debug("socket sys_exit_accept4 addraddraddr saddr=%llu, saddr=%llu\n", e.saddr[10], e.saddr[11]);
+//         cw_bpf_debug("socket sys_exit_accept4 addraddraddr saddr=%llu, saddr=%llu\n", e.saddr[12], e.saddr[13]);
+//         cw_bpf_debug("socket sys_exit_accept4 addraddraddr saddr=%llu, saddr=%llu\n", e.saddr[14], e.saddr[15]);
+
+//         cw_bpf_debug("socket sys_exit_accept4 addraddraddr daddr=%llu, daddr=%llu\n", e.daddr[10], e.daddr[11]);
+//         cw_bpf_debug("socket sys_exit_accept4 addraddraddr daddr=%llu, daddr=%llu\n", e.daddr[12], e.daddr[13]);
+//         cw_bpf_debug("socket sys_exit_accept4 addraddraddr daddr=%llu, daddr=%llu\n", e.daddr[14], e.daddr[15]);
+
+//         bpf_perf_event_output(ctx, map, BPF_F_CURRENT_CPU, &e, sizeof(e));
+//         struct connection_id cid = {};
+//         cid.pid = pid_tgid >> 32;
+//         cid.fd = fd;
+
+//         struct connection conn = {};
+//         conn.timestamp = bpf_ktime_get_ns();
+//         cw_bpf_debug("socket accept update active_accepts before cid.pid=%d, cid.fd=%lld\n", cid.pid, cid.fd);
+//         bpf_map_update_elem(&active_accepts, &cid, &conn, BPF_ANY);
+//         cw_bpf_debug("socket accept update active_accepts after cid.pid=%d, cid.fd=%lld\n", cid.pid, cid.fd);
+
+//         // TODO 1: tcp_accept_events 把数据发到go层。update active_accept 定义一个 e.type
+//     }
+
+//     // 从地图中移除项目，避免泄漏  
+//     bpf_map_delete_elem(&socket_map, &pid_tgid);  
+
+//     return 0;  
+// }  

ebpftracer/tracer.go

@@ -312,7 +312,7 @@ func (t *Tracer) ebpf(ch chan<- Event) error {
 		{name: "proc_events", typ: perfMapTypeProcEvents, perCPUBufferSizePages: 4},
 		{name: "tcp_listen_events", typ: perfMapTypeTCPEvents, perCPUBufferSizePages: 4},
 		{name: "tcp_connect_events", typ: perfMapTypeTCPEvents, perCPUBufferSizePages: 8},
-		{name: "tcp_accept_events", typ: perfMapTypeTCPEvents, perCPUBufferSizePages: 8},
+		// {name: "tcp_accept_events", typ: perfMapTypeTCPEvents, perCPUBufferSizePages: 8},
 		{name: "tcp_retransmit_events", typ: perfMapTypeTCPEvents, perCPUBufferSizePages: 4},
 		{name: "file_events", typ: perfMapTypeFileEvents, perCPUBufferSizePages: 4},
 		{name: "event_queue", typ: perfMapTypeEventQueue, perCPUBufferSizePages: 32},
@@ -752,12 +752,12 @@ func runEventsReader(name string, r *perf.Reader, ch chan<- Event, typ perfMapTy
 					BytesReceived: v.BytesReceived,
 				}
 			}
-			if v.Type == EventTypeAcceptClose {
-				event.TrafficStats = &TrafficStats{
-					BytesSent:     v.BytesSent,
-					BytesReceived: v.BytesReceived,
-				}
-			}
+			// if v.Type == EventTypeAcceptClose {
+			// 	event.TrafficStats = &TrafficStats{
+			// 		BytesSent:     v.BytesSent,
+			// 		BytesReceived: v.BytesReceived,
+			// 	}
+			// }
 		case perfMapTypePythonThreadEvents:
 			v := &pythonThreadEvent{}
 			if err := binary.Read(bytes.NewBuffer(rec.RawSample), binary.LittleEndian, v); err != nil {