我正在做 BPF 编程,我想在套接字映射中添加一个套接字。代码如下
当它检测到侦听/连接时,将套接字添加到套接字映射
__section("sockops")
int bpf_sockmap(struct bpf_sock_ops *skops)
{
switch (skops->op) {
case BPF_SOCK_OPS_TCP_LISTEN_CB:
if (skops->family == 2) {
bpf_sock_ops_ipv4(skops);
}
break;
case BPF_SOCK_OPS_TCP_CONNECT_CB:
if (skops->family == 2) {
bpf_sock_ops_ipv4(skops);
}
break;
default:
break;
}
return 0;
}
bpf_sock_ops_ipv4()是_
void bpf_sock_ops_ipv4(struct bpf_sock_ops *skops)
{
struct sock_key key = {};
int ret;
extract_key4_from_ops(skops, &key); // extract some field from skops to form the key structure
ret = sock_hash_update(skops, &sock_ops_map, &key, BPF_ANY);
if (ret != 0) {
printk("sock_hash_update() failed, ret: %d\n", ret);
}
printk("sockmap: op %d, port %d --> %d\n",
skops->op, skops->local_port, bpf_ntohl(skops->remote_port));
}
地图结构
struct bpf_map_def __section("maps") sock_ops_map = {
.type = BPF_MAP_TYPE_SOCKHASH,
.key_size = sizeof(struct sock_key),
.value_size = sizeof(int),
.max_entries = 65535,
.map_flags = 0,
};
关键结构
struct sock_key {
__u32 ops;
__u32 sip4;
__u32 dip4;
__u8 family;
__u8 pad1;
__u16 pad2;
__u32 pad3;
__u32 sport;
__u32 dport;
} __attribute__((packed));
当我加载它并使用初始化服务器sudo socat TCP4-LISTEN:1001,fork exec:cat时,更新失败
sudo cat /sys/kernel/debug/tracing/trace_pipe
socat-1239 [002] .... 2020.217663: 0: sock_hash_update() failed, ret: -95
socat-1239 [002] .... 2020.217682: 0: sockmap: op 11, port 1001 --> 0