This repository has been archived by the owner on Oct 24, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 61
/
Copy pathtcptracer-bpf.h
114 lines (100 loc) · 2.08 KB
/
tcptracer-bpf.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#ifndef __TCPTRACER_BPF_H
#define __TCPTRACER_BPF_H
#include <linux/types.h>
#define TCP_EVENT_TYPE_CONNECT 1
#define TCP_EVENT_TYPE_ACCEPT 2
#define TCP_EVENT_TYPE_CLOSE 3
#define TCP_EVENT_TYPE_FD_INSTALL 4
#define GUESS_SADDR 0
#define GUESS_DADDR 1
#define GUESS_FAMILY 2
#define GUESS_SPORT 3
#define GUESS_DPORT 4
#define GUESS_NETNS 5
#define GUESS_DADDR_IPV6 6
#ifndef TASK_COMM_LEN
#define TASK_COMM_LEN 16
#endif
struct tcp_ipv4_event_t {
__u64 timestamp;
__u64 cpu;
__u32 type;
__u32 pid;
char comm[TASK_COMM_LEN];
__u32 saddr;
__u32 daddr;
__u16 sport;
__u16 dport;
__u32 netns;
__u32 fd;
__u32 dummy;
};
struct tcp_ipv6_event_t {
__u64 timestamp;
__u64 cpu;
__u32 type;
__u32 pid;
char comm[TASK_COMM_LEN];
/* Using the type unsigned __int128 generates an error in the ebpf verifier */
__u64 saddr_h;
__u64 saddr_l;
__u64 daddr_h;
__u64 daddr_l;
__u16 sport;
__u16 dport;
__u32 netns;
__u32 fd;
__u32 dummy;
};
// tcp_set_state doesn't run in the context of the process that initiated the
// connection so we need to store a map TUPLE -> PID to send the right PID on
// the event
struct ipv4_tuple_t {
__u32 saddr;
__u32 daddr;
__u16 sport;
__u16 dport;
__u32 netns;
};
struct ipv6_tuple_t {
/* Using the type unsigned __int128 generates an error in the ebpf verifier */
__u64 saddr_h;
__u64 saddr_l;
__u64 daddr_h;
__u64 daddr_l;
__u16 sport;
__u16 dport;
__u32 netns;
};
struct pid_comm_t {
__u64 pid;
char comm[TASK_COMM_LEN];
};
#define TCPTRACER_STATE_UNINITIALIZED 0
#define TCPTRACER_STATE_CHECKING 1
#define TCPTRACER_STATE_CHECKED 2
#define TCPTRACER_STATE_READY 3
struct tcptracer_status_t {
__u64 state;
/* checking */
__u64 pid_tgid;
__u64 what;
__u64 offset_saddr;
__u64 offset_daddr;
__u64 offset_sport;
__u64 offset_dport;
__u64 offset_netns;
__u64 offset_ino;
__u64 offset_family;
__u64 offset_daddr_ipv6;
__u64 err;
__u32 daddr_ipv6[4];
__u32 netns;
__u32 saddr;
__u32 daddr;
__u16 sport;
__u16 dport;
__u16 family;
__u16 padding;
};
#endif