diff --git a/common.h b/common.h index 4a963a0..4dd82a4 100644 --- a/common.h +++ b/common.h @@ -2,10 +2,11 @@ #define H_COMMON struct reset { - __u8 saddr[4]; - __u8 daddr[4]; __u16 sport; __u16 dport; + __u32 saddr; +// __u8 saddr[4]; +// __u8 daddr[4]; }; #endif diff --git a/exec.sh b/exec.sh new file mode 100755 index 0000000..7f02103 --- /dev/null +++ b/exec.sh @@ -0,0 +1,6 @@ +#!/usr/bin/sh + + +clang-11 -g -O2 -target bpf -c tp_tcp.c -o tp_tcp.o +gcc load_bpf.c -o load_bpf -lbpf +sudo ./load_bpf diff --git a/load_bpf b/load_bpf index c2d9e15..b2f52da 100755 Binary files a/load_bpf and b/load_bpf differ diff --git a/load_bpf.c b/load_bpf.c index 0f5ab34..7f0a3f1 100644 --- a/load_bpf.c +++ b/load_bpf.c @@ -27,7 +27,7 @@ int main(void){ return -1; } //LIBBPF_OPTS(bpf_map_create_opts, opts, .map_flags = BPF_F_MMAPABLE); - map_fd = bpf_create_map(BPF_MAP_TYPE_HASH, sizeof(int), sizeof(struct reset), 4096, BPF_ANY); + map_fd = bpf_create_map(BPF_MAP_TYPE_ARRAY, sizeof(int), sizeof(struct reset), 4096, BPF_ANY); printf("Create map: %d\n", map_fd); err = bpf_object__load(obj); @@ -63,9 +63,16 @@ int main(void){ int e = bpf_map_lookup_elem(map_fd, &keys, &s_reset); if (e == 0){ //printf("%lld\n", stats); - struct in_addr *src = (struct in_addr*)&s_reset.saddr; - struct in_addr *dest = (struct in_addr*)&s_reset.daddr; - printf("Sport: %d; dport: %d %s %s\n", s_reset.sport, s_reset.dport, inet_ntoa(*src), inet_ntoa(*dest)); + __u8 saddr[4]; + saddr[0] = s_reset.saddr & 0xFF; + saddr[1] = (s_reset.saddr >> 8) & 0xFF; + saddr[2] = (s_reset.saddr >> 16) & 0xFF; + saddr[3] = (s_reset.saddr >> 24) & 0xFF; + //struct in_addr *src = (struct in_addr*)&s_reset.saddr; + struct in_addr *src = (struct in_addr*)&saddr; + //struct in_addr *dest = (struct in_addr*)&s_reset.daddr; + //printf("Sport: %d; dport: %d %s %s\n", s_reset.sport, s_reset.dport, inet_ntoa(*src), inet_ntoa(*dest)); + printf("Sport: %d; dport: %d %s\n", s_reset.sport, s_reset.dport, inet_ntoa(*src)); } } diff --git a/tp_tcp.c b/tp_tcp.c index 1601494..fd07093 100644 --- a/tp_tcp.c +++ b/tp_tcp.c @@ -27,8 +27,8 @@ struct ctx_reset { }; struct { -// __uint(type, BPF_MAP_TYPE_ARRAY); - __uint(type, BPF_MAP_TYPE_HASH); + __uint(type, BPF_MAP_TYPE_ARRAY); +// __uint(type, BPF_MAP_TYPE_HASH); __uint(max_entries, 4096); __type(key, int); __type(value, sizeof(struct reset)); @@ -53,25 +53,44 @@ struct { */ //SEC("tp/tcp_retransmit_synack") -SEC("tracepoint/tcp/tcp_receive_reset") //int tcp_retransmit(struct sock *sk){ +//SEC("tracepoint/tcp/tcp_receive_reset") +SEC("tracepoint/tcp/tcp_send_reset") int tcp_retransmit(struct ctx_reset *ctx){ - long long *stats; struct reset *s_reset; int keys = 0; s_reset = bpf_map_lookup_elem(&tcp_reset_stats, &keys); - if (!s_reset) + if (!s_reset){ + bpf_printk("Failed to get the map"); return 0; + } - if (!ctx) - return 0; - - //*stats += 1; - s_reset->saddr[0] = ctx->saddr[0]; + /*s_reset->saddr[0] = ctx->saddr[0]; s_reset->saddr[1] = ctx->saddr[1]; s_reset->saddr[2] = ctx->saddr[2]; - s_reset->saddr[3] = ctx->saddr[3]; + s_reset->saddr[3] = ctx->saddr[3];*/ + //memcpy(s_reset->saddr, ctx->saddr, 4); + s_reset->saddr = (ctx->saddr[0]) + + (ctx->saddr[1] << 8) + + (ctx->saddr[2] << 16) + + (ctx->saddr[3] << 24); + __u8 saddr[4]; + saddr[0] = s_reset->saddr & 0xFF; + saddr[1] = (s_reset->saddr >> 8) & 0xFF; + saddr[2] = (s_reset->saddr >> 16) & 0xFF; + saddr[3] = (s_reset->saddr >> 24) & 0xFF; + bpf_printk("Saddr: %d %d", ctx->saddr[0], ctx->saddr[1]); + bpf_printk("Saddr: %d %d", ctx->saddr[2], ctx->saddr[3]); + bpf_printk("Saddr: %d %d", saddr[0], saddr[1]); + bpf_printk("Saddr: %d %d", saddr[2], saddr[3]); + + //bpf_printk("Daddr: %d %d\n", ctx->daddr[0], ctx->daddr[1]); + //bpf_printk("Daddr: %d %d\n", ctx->daddr[2], ctx->daddr[3]); + //bpf_printk("D: %d %d", s_reset->daddr[0], s_reset->daddr[1]); + //if (sizeof(ctx->daddr) == 4) + bpf_printk("%d", sizeof(struct reset)); + //memcpy(s_reset->daddr, ctx->daddr, 4); /*s_reset->daddr[0] = ctx->daddr[0]; s_reset->daddr[1] = ctx->daddr[1]; s_reset->daddr[2] = ctx->daddr[2]; diff --git a/tp_tcp.o b/tp_tcp.o index 8fa2941..5ea79bb 100644 Binary files a/tp_tcp.o and b/tp_tcp.o differ