tools: filter/display using PID intead of TID

Signed-off-by: Hengqi Chen <[email protected]>
githubTang-T · May 17, 2021 · 151fe19 · 151fe19
1 parent 89c96a8
commit 151fe19
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 28 deletions.
diff --git a/tools/gethostlatency.py b/tools/gethostlatency.py
@@ -61,14 +61,16 @@
  return 0;
 
  struct val_t val = {};
- u32 pid = bpf_get_current_pid_tgid();
+ u64 pid_tgid = bpf_get_current_pid_tgid();
+ u32 pid = pid_tgid >> 32;
+ u32 tid = (u32)pid_tgid;
 
  if (bpf_get_current_comm(&val.comm, sizeof(val.comm)) == 0) {
  bpf_probe_read_user(&val.host, sizeof(val.host),
  (void *)PT_REGS_PARM1(ctx));
- val.pid = bpf_get_current_pid_tgid();
+ val.pid = pid;
  val.ts = bpf_ktime_get_ns();
- start.update(&pid, &val);
+ start.update(&tid, &val);
  }
 
  return 0;
@@ -78,11 +80,12 @@
  struct val_t *valp;
  struct data_t data = {};
  u64 delta;
- u32 pid = bpf_get_current_pid_tgid();
+ u64 pid_tgid = bpf_get_current_pid_tgid();
+ u32 tid = (u32)pid_tgid;
 
  u64 tsp = bpf_ktime_get_ns();
 
- valp = start.lookup(&pid);
+ valp = start.lookup(&tid);
  if (valp == 0)
  return 0; // missed start
 
@@ -91,7 +94,7 @@
  data.pid = valp->pid;
  data.delta = tsp - valp->ts;
  events.perf_submit(ctx, &data, sizeof(data));
- start.delete(&pid);
+ start.delete(&tid);
  return 0;
 }
 """
@@ -113,11 +116,11 @@
  pid=args.pid)
 
 # header
-print("%-9s %-6s %-16s %10s %s" % ("TIME", "PID", "COMM", "LATms", "HOST"))
+print("%-9s %-7s %-16s %10s %s" % ("TIME", "PID", "COMM", "LATms", "HOST"))
 
 def print_event(cpu, data, size):
  event = b["events"].event(data)
- print("%-9s %-6d %-16s %10.2f %s" % (strftime("%H:%M:%S"), event.pid,
+ print("%-9s %-7d %-16s %10.2f %s" % (strftime("%H:%M:%S"), event.pid,
  event.comm.decode('utf-8', 'replace'), (float(event.delta) / 1000000),
  event.host.decode('utf-8', 'replace')))
 

diff --git a/tools/solisten.py b/tools/solisten.py
@@ -58,7 +58,7 @@
 // Common structure for UDP/TCP IPv4/IPv6
 struct listen_evt_t {
  u64 ts_us;
- u64 pid_tgid;
+ u64 pid;
  u64 backlog;
  u64 netns;
  u64 proto; // familiy << 16 | type
@@ -90,7 +90,7 @@
  evt.proto = family << 16 | SOCK_STREAM;
 
  // Get PID
- evt.pid_tgid = bpf_get_current_pid_tgid();
+ evt.pid = bpf_get_current_pid_tgid() >> 32;
 
  ##FILTER_PID##
 
@@ -130,7 +130,7 @@ def print_event(cpu, data, size):
  # Decode event
  event = b["listen_evt"].event(data)
 
- pid = event.pid_tgid & 0xffffffff
+ pid = event.pid
  proto_family = event.proto & 0xff
  proto_type = event.proto >> 16 & 0xff
 
@@ -151,12 +151,12 @@ def print_event(cpu, data, size):
 
  # Display
  if show_netns:
- printb(b"%-6d %-12.12s %-12d %-6s %-8d %-5d %-39s" % (
+ printb(b"%-7d %-12.12s %-12d %-6s %-8d %-5d %-39s" % (
  pid, event.task, event.netns, protocol.encode(), event.backlog,
  event.lport, address.encode(),
  ))
  else:
- printb(b"%-6d %-12.12s %-6s %-8d %-5d %-39s" % (
+ printb(b"%-7d %-12.12s %-6s %-8d %-5d %-39s" % (
  pid, event.task, protocol.encode(), event.backlog,
  event.lport, address.encode(),
  ))
@@ -171,7 +171,7 @@ def print_event(cpu, data, size):
  netns_filter = ""
 
  if args.pid:
- pid_filter = "if (evt.pid_tgid != %d) return 0;" % args.pid
+ pid_filter = "if (evt.pid != %d) return 0;" % args.pid
  if args.netns:
  netns_filter = "if (evt.netns != %d) return 0;" % args.netns
 
@@ -188,10 +188,10 @@ def print_event(cpu, data, size):
 
  # Print headers
  if args.show_netns:
- print("%-6s %-12s %-12s %-6s %-8s %-5s %-39s" %
+ print("%-7s %-12s %-12s %-6s %-8s %-5s %-39s" %
  ("PID", "COMM", "NETNS", "PROTO", "BACKLOG", "PORT", "ADDR"))
  else:
- print("%-6s %-12s %-6s %-8s %-5s %-39s" %
+ print("%-7s %-12s %-6s %-8s %-5s %-39s" %
  ("PID", "COMM", "PROTO", "BACKLOG", "PORT", "ADDR"))
 
  # Read events

diff --git a/tools/sslsniff.py b/tools/sslsniff.py
@@ -66,7 +66,9 @@
 BPF_PERF_OUTPUT(perf_SSL_write);
 
 int probe_SSL_write(struct pt_regs *ctx, void *ssl, void *buf, int num) {
- u32 pid = bpf_get_current_pid_tgid();
+ u64 pid_tgid = bpf_get_current_pid_tgid();
+ u32 pid = pid_tgid >> 32;
+
  FILTER
 
  struct probe_SSL_data_t __data = {0};
@@ -89,18 +91,24 @@
 BPF_HASH(bufs, u32, u64);
 
 int probe_SSL_read_enter(struct pt_regs *ctx, void *ssl, void *buf, int num) {
- u32 pid = bpf_get_current_pid_tgid();
+ u64 pid_tgid = bpf_get_current_pid_tgid();
+ u32 pid = pid_tgid >> 32;
+ u32 tid = (u32)pid_tgid;
+
  FILTER
 
- bufs.update(&pid, (u64*)&buf);
+ bufs.update(&tid, (u64*)&buf);
  return 0;
 }
 
 int probe_SSL_read_exit(struct pt_regs *ctx, void *ssl, void *buf, int num) {
- u32 pid = bpf_get_current_pid_tgid();
+ u64 pid_tgid = bpf_get_current_pid_tgid();
+ u32 pid = pid_tgid >> 32;
+ u32 tid = (u32)pid_tgid;
+
  FILTER
 
- u64 *bufp = bufs.lookup(&pid);
+ u64 *bufp = bufs.lookup(&tid);
  if (bufp == 0) {
  return 0;
  }
@@ -116,7 +124,7 @@
  bpf_probe_read_user(&__data.v0, sizeof(__data.v0), (char *)*bufp);
  }
 
- bufs.delete(&pid);
+ bufs.delete(&tid);
 
  perf_SSL_read.perf_submit(ctx, &__data, sizeof(__data));
  return 0;
@@ -176,7 +184,7 @@
 
 
 # header
-print("%-12s %-18s %-16s %-6s %-6s" % ("FUNC", "TIME(s)", "COMM", "PID",
+print("%-12s %-18s %-16s %-7s %-6s" % ("FUNC", "TIME(s)", "COMM", "PID",
  "LEN"))
 
 # process event
@@ -213,7 +221,7 @@ def print_event(cpu, data, size, rw, evt):
  e_mark = "-" * 5 + " END DATA (TRUNCATED, " + str(truncated_bytes) + \
  " bytes lost) " + "-" * 5
 
- fmt = "%-12s %-18.9f %-16s %-6d %-6d\n%s\n%s\n%s\n\n"
+ fmt = "%-12s %-18.9f %-16s %-7d %-6d\n%s\n%s\n%s\n\n"
  if args.hexdump:
  unwrapped_data = binascii.hexlify(event.v0)
  data = textwrap.fill(unwrapped_data.decode('utf-8', 'replace'),width=32)

diff --git a/tools/tcpdrop.py b/tools/tcpdrop.py
@@ -97,7 +97,7 @@
 {
  if (sk == NULL)
  return 0;
- u32 pid = bpf_get_current_pid_tgid();
+ u32 pid = bpf_get_current_pid_tgid() >> 32;
 
  // pull in details from the packet headers and the sock struct
  u16 family = sk->__sk_common.skc_family;
@@ -155,7 +155,7 @@
 # process event
 def print_ipv4_event(cpu, data, size):
  event = b["ipv4_events"].event(data)
- print("%-8s %-6d %-2d %-20s > %-20s %s (%s)" % (
+ print("%-8s %-7d %-2d %-20s > %-20s %s (%s)" % (
  strftime("%H:%M:%S"), event.pid, event.ip,
  "%s:%d" % (inet_ntop(AF_INET, pack('I', event.saddr)), event.sport),
  "%s:%s" % (inet_ntop(AF_INET, pack('I', event.daddr)), event.dport),
@@ -167,7 +167,7 @@ def print_ipv4_event(cpu, data, size):
 
 def print_ipv6_event(cpu, data, size):
  event = b["ipv6_events"].event(data)
- print("%-8s %-6d %-2d %-20s > %-20s %s (%s)" % (
+ print("%-8s %-7d %-2d %-20s > %-20s %s (%s)" % (
  strftime("%H:%M:%S"), event.pid, event.ip,
  "%s:%d" % (inet_ntop(AF_INET6, event.saddr), event.sport),
  "%s:%d" % (inet_ntop(AF_INET6, event.daddr), event.dport),
@@ -188,7 +188,7 @@ def print_ipv6_event(cpu, data, size):
 stack_traces = b.get_table("stack_traces")
 
 # header
-print("%-8s %-6s %-2s %-20s > %-20s %s (%s)" % ("TIME", "PID", "IP",
+print("%-8s %-7s %-2s %-20s > %-20s %s (%s)" % ("TIME", "PID", "IP",
  "SADDR:SPORT", "DADDR:DPORT", "STATE", "FLAGS"))
 
 # read events