kernel/bpf-developer-tutorial
1
0
Fork 0
mirror of https://github.com/eunomia-bpf/bpf-developer-tutorial.git synced 2026-04-05 03:28:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

Deploying to gh-pages from @ eunomia-bpf/bpf-developer-tutorial@31c92abad8 🚀

Browse Source
This commit is contained in:
yunwei37
2023-08-12 19:05:25 +00:00
parent 8a1cc9cb29
commit a11dbe5999
5 changed files with 65 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
8-exitsnoop/exitsnoop.bpf.c
View File

@@ -19,7 +19,7 @@ int handle_exit(struct trace_event_raw_sched_process_template* ctx)
struct task_struct *task; struct task_struct *task;
struct event *e; struct event *e;
pid_t pid, tid; pid_t pid, tid;
u64 id, ts, *start_ts, duration_ns = 0; u64 id, ts, *start_ts, start_time = 0;
/* get PID and TID of exiting thread/process */ /* get PID and TID of exiting thread/process */
id = bpf_get_current_pid_tgid(); id = bpf_get_current_pid_tgid();
@@ -37,8 +37,9 @@ int handle_exit(struct trace_event_raw_sched_process_template* ctx)
/* fill out the sample with data */ /* fill out the sample with data */
task = (struct task_struct *)bpf_get_current_task(); task = (struct task_struct *)bpf_get_current_task();
start_time = BPF_CORE_READ(task, start_time);
e->duration_ns = duration_ns; e->duration_ns = bpf_ktime_get_ns() - start_time;
e->pid = pid; e->pid = pid;
e->ppid = BPF_CORE_READ(task, real_parent, tgid); e->ppid = BPF_CORE_READ(task, real_parent, tgid);
e->exit_code = (BPF_CORE_READ(task, exit_code) >> 8) & 0xff; e->exit_code = (BPF_CORE_READ(task, exit_code) >> 8) & 0xff;

6
8-exitsnoop/index.html
View File

@@ -212,6 +212,7 @@ struct event {
#include <bpf/bpf_tracing.h> #include <bpf/bpf_tracing.h>
#include <bpf/bpf_core_read.h> #include <bpf/bpf_core_read.h>
#include "exitsnoop.h" #include "exitsnoop.h"
char LICENSE[] SEC("license") = "Dual BSD/GPL"; char LICENSE[] SEC("license") = "Dual BSD/GPL";
struct { struct {
@@ -225,7 +226,7 @@ int handle_exit(struct trace_event_raw_sched_process_template* ctx)
struct task_struct *task; struct task_struct *task;
struct event *e; struct event *e;
pid_t pid, tid; pid_t pid, tid;
u64 id, ts, *start_ts, duration_ns = 0; u64 id, ts, *start_ts, start_time = 0;
/* get PID and TID of exiting thread/process */ /* get PID and TID of exiting thread/process */
id = bpf_get_current_pid_tgid(); id = bpf_get_current_pid_tgid();
@@ -243,8 +244,9 @@ int handle_exit(struct trace_event_raw_sched_process_template* ctx)
/* fill out the sample with data */ /* fill out the sample with data */
task = (struct task_struct *)bpf_get_current_task(); task = (struct task_struct *)bpf_get_current_task();
start_time = BPF_CORE_READ(task, start_time);
e->duration_ns = duration_ns; e->duration_ns = bpf_ktime_get_ns() - start_time;
e->pid = pid; e->pid = pid;
e->ppid = BPF_CORE_READ(task, real_parent, tgid); e->ppid = BPF_CORE_READ(task, real_parent, tgid);
e->exit_code = (BPF_CORE_READ(task, exit_code) >> 8) & 0xff; e->exit_code = (BPF_CORE_READ(task, exit_code) >> 8) & 0xff;

6
print.html
View File

@@ -1050,6 +1050,7 @@ struct event {
#include <bpf/bpf_tracing.h> #include <bpf/bpf_tracing.h>
#include <bpf/bpf_core_read.h> #include <bpf/bpf_core_read.h>
#include "exitsnoop.h" #include "exitsnoop.h"
char LICENSE[] SEC("license") = "Dual BSD/GPL"; char LICENSE[] SEC("license") = "Dual BSD/GPL";
struct { struct {
@@ -1063,7 +1064,7 @@ int handle_exit(struct trace_event_raw_sched_process_template* ctx)
struct task_struct *task; struct task_struct *task;
struct event *e; struct event *e;
pid_t pid, tid; pid_t pid, tid;
u64 id, ts, *start_ts, duration_ns = 0; u64 id, ts, *start_ts, start_time = 0;
/* get PID and TID of exiting thread/process */ /* get PID and TID of exiting thread/process */
id = bpf_get_current_pid_tgid(); id = bpf_get_current_pid_tgid();
@@ -1081,8 +1082,9 @@ int handle_exit(struct trace_event_raw_sched_process_template* ctx)
/* fill out the sample with data */ /* fill out the sample with data */
task = (struct task_struct *)bpf_get_current_task(); task = (struct task_struct *)bpf_get_current_task();
start_time = BPF_CORE_READ(task, start_time);
e->duration_ns = duration_ns; e->duration_ns = bpf_ktime_get_ns() - start_time;
e->pid = pid; e->pid = pid;
e->ppid = BPF_CORE_READ(task, real_parent, tgid); e->ppid = BPF_CORE_READ(task, real_parent, tgid);
e->exit_code = (BPF_CORE_READ(task, exit_code) >> 8) & 0xff; e->exit_code = (BPF_CORE_READ(task, exit_code) >> 8) & 0xff;

2
searchindex.js
View File

File diff suppressed because one or more lines are too long

2
searchindex.json
View File

File diff suppressed because one or more lines are too long