我正在尝试阅读以下跟踪点程序的参数:
// Declared at /sys/kernel/debug/tracing/events/net/netif_receive_skb/format
struct netif_receive_skb_context {
unsigned short type;
unsigned char flags;
unsigned char preempt_count;
int pid;
const void *skbaddr;
unsigned int len;
int data_loc_name;
};
// Userspace path: /sys/kernel/debug/tracing/events/net/netif_receive_skb
SEC("tracepoint/net/netif_receive_skb")
int netif_receive_skb(struct netif_receive_skb_context *ctx) {
// Attempt to read socket buffer from kernel structure.
struct __sk_buff skb;
bpf_probe_read(&skb, sizeof(skb), ctx->skbaddr);
void *data_end = (void *)(long)skb.data_end;
void *data = (void *)(long)skb.data;
struct ethhdr *eth = data;
// Retrieve L2 header.
if ((void*)eth + sizeof(*eth) > data_end) {
return 0;
}
// Retrieve IP header.
struct iphdr *ip = data + sizeof(*eth);
if ((void*)ip + sizeof(*ip) > data_end) {
return 0;
}
unsigned char proto;
bpf_probe_read(&proto, sizeof(proto), &ip->protocol);
bpf_printk("Got here in netif_rx_entry with proto: %d\n", proto);
return 0;
}
但是我一直看到 IP 协议等于零,这是没有意义的(我正在发送一个带有 TCP,proto=6 的数据包).. 在分配给之后我应该如何读取内存和字段skb?