0

我正在尝试阅读以下跟踪点程序的参数:


// Declared at /sys/kernel/debug/tracing/events/net/netif_receive_skb/format
struct netif_receive_skb_context {
    unsigned short  type;
    unsigned char   flags;
    unsigned char   preempt_count;
    int             pid;
    const void *skbaddr;
    unsigned int len;
    int data_loc_name;
};


// Userspace path: /sys/kernel/debug/tracing/events/net/netif_receive_skb
SEC("tracepoint/net/netif_receive_skb")
int netif_receive_skb(struct netif_receive_skb_context *ctx) {
    // Attempt to read socket buffer from kernel structure.
    struct __sk_buff skb;
    bpf_probe_read(&skb, sizeof(skb), ctx->skbaddr);
    
    void *data_end = (void *)(long)skb.data_end;
    void *data     = (void *)(long)skb.data;
    struct ethhdr *eth = data;
    // Retrieve L2 header.
    if ((void*)eth + sizeof(*eth) > data_end) {
        return 0;
    }

    
    // Retrieve IP header.
    struct iphdr *ip = data + sizeof(*eth);
    if ((void*)ip + sizeof(*ip) > data_end) {
        return 0;
    }

    unsigned char proto;
    bpf_probe_read(&proto, sizeof(proto), &ip->protocol);
    bpf_printk("Got here in netif_rx_entry with proto: %d\n", proto);

    return 0;
}

但是我一直看到 IP 协议等于零,这是没有意义的(我正在发送一个带有 TCP,proto=6 的数据包).. 在分配给之后我应该如何读取内存和字段skb

4

0 回答 0