Deploying to gh-pages from @ eunomia-bpf/bpf-developer-tutorial@002414f578 🚀

6-sigsnoop/index.html

@@ -222,9 +222,9 @@ static int probe_exit(void *ctx, int ret)
 
  eventp->ret = ret;
  bpf_printk("PID %d (%s) sent signal %d ",
-		   eventp->pid, eventp->comm, eventp->sig);
+           eventp->pid, eventp->comm, eventp->sig);
  bpf_printk("to PID %d, ret = %d",
-		   eventp->tpid, ret);
+           eventp->tpid, ret);
 
 cleanup:
  bpf_map_delete_elem(&values, &tid);
@@ -265,10 +265,10 @@ Runing eBPF program...
 </code></pre>
 <p>运行这段程序后，可以通过查看 /sys/kernel/debug/tracing/trace_pipe 文件来查看 eBPF 程序的输出：</p>
 <pre><code class="language-console">$ sudo cat /sys/kernel/debug/tracing/trace_pipe
-	systemd-journal-363     [000] d...1   672.563868: bpf_trace_printk: PID 363 (systemd-journal) sent signal 0
- 	systemd-journal-363     [000] d...1   672.563869: bpf_trace_printk: to PID 1400, ret = 0
- 	systemd-journal-363     [000] d...1   672.563870: bpf_trace_printk: PID 363 (systemd-journal) sent signal 0
- 	systemd-journal-363     [000] d...1   672.563870: bpf_trace_printk: to PID 1527, ret = -3
+    systemd-journal-363     [000] d...1   672.563868: bpf_trace_printk: PID 363 (systemd-journal) sent signal 0
+     systemd-journal-363     [000] d...1   672.563869: bpf_trace_printk: to PID 1400, ret = 0
+     systemd-journal-363     [000] d...1   672.563870: bpf_trace_printk: PID 363 (systemd-journal) sent signal 0
+     systemd-journal-363     [000] d...1   672.563870: bpf_trace_printk: to PID 1527, ret = -3
 </code></pre>
 <h2 id="总结"><a class="header" href="#总结">总结</a></h2>
 <p>本文主要介绍如何实现一个 eBPF 工具，捕获进程发送信号的系统调用集合，使用 hash map 保存状态。使用 hash map 需要定义一个结构体：</p>