Update contents

feiskyer · Dec 14, 2024 · fe1dfe8 · fe1dfe8
1 parent 79ce995
commit fe1dfe8
Show file tree

Hide file tree

Showing 38 changed files with 188,248 additions and 175,633 deletions.
diff --git a/.gitignore b/.gitignore
@@ -48,6 +48,7 @@ bpf-apps/xdppass
 bpf-apps/http_trace
 bpf-apps/https_trace
 bpf-apps/https_trace_bad
+bpf-apps/xdp_drop_test
 
 # Debug files
 *.dSYM/

diff --git a/bcc-apps/README.md b/bcc-apps/README.md
@@ -29,7 +29,7 @@ sudo yum install bcc-tools bcc-devel
 Please follow [INSTALL.md](https://github.com/iovisor/bcc/blob/master/INSTALL.md#source) to see the detailed guides. For example, on Ubuntu 20.04+:
 
 ```sh
-sudo apt install -y bison build-essential cmake flex git libedit-dev llvm-dev libclang-dev python zlib1g-dev libelf-dev libfl-dev python3-distutils
+sudo apt install -y bison build-essential cmake flex git libedit-dev llvm-dev libclang-dev python3 zlib1g-dev libelf-dev libfl-dev python3-setuptools libpolly-18-dev
 
 git clone https://github.com/iovisor/bcc.git
 mkdir bcc/build; cd bcc/build

diff --git a/bpf-apps/Makefile b/bpf-apps/Makefile
@@ -1,4 +1,4 @@
-APPS = hello execsnoop execsnoop_v2 bashreadline hello_btf block_shell xdppass tc_block_tcp http_trace https_trace https_trace_bad
+APPS = hello execsnoop execsnoop_v2 bashreadline hello_btf block_shell xdppass tc_block_tcp http_trace https_trace https_trace_bad xdp_drop_test
 bpftool = $(shell which bpftool || ../tools/bpftool)
 LIBBPF_SRC := $(abspath ../libbpf/src)
 LIBBPF_OBJ := $(abspath libbpf/libbpf.a)
@@ -11,7 +11,7 @@ $(APPS): %: %.bpf.c %.c $(LIBBPF_OBJ) $(wildcard %.h)
 	clang -g -O2 -target bpf -D__TARGET_ARCH_x86 $(INCLUDES) -c $@.bpf.c -o $@.bpf.o
 	$(bpftool) gen skeleton $@.bpf.o > $@.skel.h
 	clang -g -O2 -Wall $(INCLUDES) -c $@.c -o $@.o
-	clang -Wall -O2 -g $@.o -static $(LIBBPF_OBJ) -lelf -lz -o $@
+	clang -Wall -O2 -g $@.o -static $(LIBBPF_OBJ) -lelf -lz -lzstd -o $@
 
 vmlinux:
 	$(bpftool) btf dump file /sys/kernel/btf/vmlinux format c > vmlinux.h

diff --git a/bpf-apps/bashreadline.bpf.c b/bpf-apps/bashreadline.bpf.c
@@ -12,7 +12,8 @@ struct {
 	__uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
 	__uint(key_size, sizeof(__u32));
 	__uint(value_size, sizeof(__u32));
-} events SEC(".maps");
+}
+events SEC(".maps");
 
 SEC("uretprobe/readline")
 int BPF_KRETPROBE(printret, const void *ret)

diff --git a/bpf-apps/bashreadline.skel.h b/bpf-apps/bashreadline.skel.h
diff --git a/bpf-apps/block_shell.skel.h b/bpf-apps/block_shell.skel.h
diff --git a/bpf-apps/execsnoop.bpf.c b/bpf-apps/execsnoop.bpf.c
@@ -19,8 +19,7 @@ struct {
 	__uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
 	__uint(key_size, sizeof(u32));
 	__uint(value_size, sizeof(u32));
-}
-events SEC(".maps");
+} events SEC(".maps");
 
 // tracepoint for sys_enter_execve.
 SEC("tracepoint/syscalls/sys_enter_execve")

diff --git a/bpf-apps/execsnoop.skel.h b/bpf-apps/execsnoop.skel.h
diff --git a/bpf-apps/execsnoop_v2.bpf.c b/bpf-apps/execsnoop_v2.bpf.c
@@ -21,7 +21,8 @@ struct {
 	__uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
 	__uint(key_size, sizeof(u32));
 	__uint(value_size, sizeof(u32));
-} events SEC(".maps");
+}
+events SEC(".maps");
 
 static __always_inline bool valid_uid(uid_t uid)
 {

diff --git a/bpf-apps/execsnoop_v2.skel.h b/bpf-apps/execsnoop_v2.skel.h
diff --git a/bpf-apps/hello.skel.h b/bpf-apps/hello.skel.h
diff --git a/bpf-apps/hello_btf.skel.h b/bpf-apps/hello_btf.skel.h
diff --git a/bpf-apps/http_trace.skel.h b/bpf-apps/http_trace.skel.h
diff --git a/bpf-apps/https_trace.bpf.c b/bpf-apps/https_trace.bpf.c
@@ -12,8 +12,7 @@ struct {
 	__uint(key_size, sizeof(__u32));
 	__uint(value_size, sizeof(__u32));
 	__uint(max_entries, 1024);
-}
-events SEC(".maps");
+} events SEC(".maps");
 
 // 用于存储大量数据的缓冲区（避免在BPF程序中分配大量内存）
 struct {
@@ -51,13 +50,11 @@ static int SSL_rw_exit(struct pt_regs *ctx, int rw)
 	if (!bufp) {
 		return 0;
 	}
-
 	// 从寄存器中读取函数调用的返回值
 	int len = PT_REGS_RC(ctx);
 	if (len <= 0) {
 		return 0;
 	}
-
 	// 分配一个数据缓冲区
 	__u32 zero = 0;
 	struct event_t *event = bpf_map_lookup_elem(&data_buffer_heap, &zero);
@@ -71,12 +68,13 @@ static int SSL_rw_exit(struct pt_regs *ctx, int rw)
 	bpf_get_current_comm(&event->comm, sizeof(event->comm));
 
 	// 读取SSL读写缓冲区的数据
-	event->len = (size_t)MAX_BUF_LENGTH < (size_t)len ? (size_t) MAX_BUF_LENGTH : (size_t) len;
+	event->len =
+	    (size_t)MAX_BUF_LENGTH <
+	    (size_t)len ? (size_t)MAX_BUF_LENGTH : (size_t)len;
 	if (bufp != NULL) {
 		bpf_probe_read_user(event->buf, event->len,
 				    (const char *)*bufp);
 	}
-
 	// 将数据缓冲区的数据发送到perf event
 	bpf_map_delete_elem(&bufs, &tid);
 	bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, event,

diff --git a/bpf-apps/https_trace.c b/bpf-apps/https_trace.c
@@ -88,7 +88,6 @@ char *find_library_path(const char *libname)
 		fprintf(stderr, "Failed to run command: %s\n", cmd);
 		return NULL;
 	}
-
 	// 格式: libssl3.so (libc6,x86-64) => /lib/x86_64-linux-gnu/libssl3.so
 	if (fgets(path, sizeof(path) - 1, fp) != NULL) {
 		char *p = strrchr(path, '>');
@@ -129,22 +128,19 @@ int main(int argc, char **argv)
 		fprintf(stderr, "Failed to find libssl.so\n");
 		return 1;
 	}
-
 	// 加载BPF程序
 	skel = https_trace_bpf__open_and_load();
 	if (!skel) {
 		fprintf(stderr, "Failed to open and load BPF skeleton\n");
 		return 1;
 	}
-
 	// 创建buffer并绑定事件处理回调
 	pb = perf_buffer__new(bpf_map__fd(skel->maps.events), 16,
 			      handle_event, NULL, NULL, NULL);
 	if (!pb) {
 		fprintf(stderr, "Failed to create perf buffer\n");
 		goto cleanup;
 	}
-
 	// 挂载uprobe到OpenSSL库
 	printf("Attaching uprobe to %s\n", libssl_path);
 	// SSL_read