From d89959dc0cef22b78a0b3657bac2edbaab1802ab Mon Sep 17 00:00:00 2001
From: geoffrey <geoffrey.bucchino@protonmail.com>
Date: Fri, 12 Jul 2024 17:36:38 +0200
Subject: [PATCH] Update project

---
 exec.sh        |  13 +-
 ic_v1.c        | 325 -------------------------------------------------
 load_bpf.c     |  75 ++++++++----
 tests/main     | Bin 23312 -> 0 bytes
 tests/main.c   |  44 -------
 tests/main.py  |   9 --
 tests/read.sh  |  13 +-
 tests/write.sh |   4 +-
 tp_tcp.c       |  37 +-----
 9 files changed, 69 insertions(+), 451 deletions(-)
 delete mode 100644 ic_v1.c
 delete mode 100755 tests/main
 delete mode 100644 tests/main.c
 delete mode 100644 tests/main.py

diff --git a/exec.sh b/exec.sh
index ebe860b..5479fd9 100755
--- a/exec.sh
+++ b/exec.sh
@@ -1,6 +1,15 @@
 #!/usr/bin/sh
 
+use_influxdb=true
+influxdb_host="<ip>"
+influxdb_orgid="<org ID>"
+influxdb_token="<token>"
+influxdb_bucket="tcp_metrics"
+
 clang-11 -g -O2 -target bpf -c tp_tcp.c -o tp_tcp.o && \
 gcc ic.c load_bpf.c -o load_bpf -lbpf && \
-#sudo ./load_bpf 192.168.1.68 f32d493484526abc _HK7-cwCZuOiaBIFi17J3riUeQ8OeR6oOp9o3QZMNpehdJMTkleR4B7-CczXSzwhx656GMZi3m6h15h59burbg== tcp_metrics
-sudo ./load_bpf 10.231.246.26 392fcb79fc296d8e EwmJtlAXAlJO_e1zjYwxLL2lD3E9jgDRAbba3Wsssn7HcqXKv1OrsmZ66ZlEVwwNMG6gx3_AxqMFnpr6MjuSZQ== tcp_metrics
+if [ "$use_influxdb" = true ]; then
+    sudo ./load_bpf $influxdb_host $influxdb_orgid $influxdb_token $influxdb_bucket
+else
+    sudo ./load_bpf --no-influxdb
+fi
diff --git a/ic_v1.c b/ic_v1.c
deleted file mode 100644
index 860f465..0000000
--- a/ic_v1.c
+++ /dev/null
@@ -1,325 +0,0 @@
-/*
- * Influx C (ic) client for data capture
- * Developer: Nigel Griffiths.
- * (C) Copyright 2021 Nigel Griffiths
-
-    This program is free software: you can redistribute it and/or modify
-    it under the terms of the gnu general public license as published by
-    the free software foundation, either version 3 of the license, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but without any warranty; without even the implied warranty of
-    merchantability or fitness for a particular purpose.  see the
-    gnu general public license for more details.
-
-    You should have received a copy of the gnu general public license
-    along with this program.  if not, see <http://www.gnu.org/licenses/>.
-
-    Compile: cc ic.c -g -O3 -o ic
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <ctype.h>
-#include <math.h>
-#include <string.h>
-#include <sys/errno.h>
-#include <sys/socket.h>
-#include <arpa/inet.h>
-#include <netdb.h>
-
-#define DEBUG   if(debug)
-#define MEGABYTE ( 1024 * 1024 ) /* USed as the default buffer sizes */
-
-int debug = 0; /* 0=off, 1=on basic, 2=trace like output */
-
-char influx_hostname[1024 + 1] = { 0 };/* details of the influxdb server or telegraf */
-char influx_ip[16 + 1] = { 0 };
-long influx_port = 0;
-
-char influx_database[256+1];		/* the influxdb database  */
-char influx_username[64+1];		/* optional for influxdb access */
-char influx_password[64+1];		/* optional for influxdb access */
-
-char *output; /* all the stats must fit in this buffer */
-long output_size = 0;
-long output_char = 0;
-
-char *influx_tags; /* saved tags for every influxdb line protocol mesurement */
-
-int subended = 0;		/* stop ic_subend and ic_measureend both enig the measure */
-int first_sub = 0;		/* need to remove the ic_measure measure before adding ic_sub measure */
-char saved_section[64];
-char saved_sub[64];
-
-int sockfd;			/* file desciptor for socket connection */
-
-void error(char *buf)
-{
-    fprintf(stderr, "error: \"%s\" errno=%d meaning=\"%s\"\n", buf, errno, strerror(errno));
-    close(sockfd);
-    sleep(2);			/* this can help the socket close cleanly at the remote end */
-    exit(1);
-}
-
-void ic_debug(int level)
-{
-	debug = level;
-}
-
-/* ic_tags() argument is the measurement tags for influddb */
-/* example: "host=vm1234"   note:the comma & hostname of the virtual machine sending the data */
-/* complex: "host=lpar42,serialnum=987654,arch=power9" note:the comma separated list */
-void ic_tags(char *t)	
-{
-    DEBUG fprintf(stderr,"ic_tags(%s)\n",t);
-    if( influx_tags == (char *) 0) {
-        if( (influx_tags = (char *)malloc(MEGABYTE)) == (char *)-1)
-           error("failed to malloc() tags buffer");
-    }
-
-    strncpy(influx_tags,t,256);
-}
-
-void ic_influx_database(char *host, long port, char *db) /* note: converts influxdb hostname to ip address */
-{
-	struct hostent *he;
-	char errorbuf[1024 +1 ];
-
-	influx_port = port;
-	strncpy(influx_database,db,256);
-
-	if(host[0] <= '0' && host[0] <='9') { 
-		DEBUG fprintf(stderr,"ic_influx(ipaddr=%s,port=%ld,database=%s))\n",host,port,db);
-		strncpy(influx_ip,host,16);
-	} else {
-		DEBUG fprintf(stderr,"ic_influx_by_hostname(host=%s,port=%ld,database=%s))\n",host,port,db);
-		strncpy(influx_hostname,host,1024);
-		if (isalpha(host[0])) {
-
-		    he = gethostbyname(host);
-		    if (he == NULL) {
-			sprintf(errorbuf, "influx host=%s to ip address convertion failed gethostbyname(), bailing out\n", host);
-			error(errorbuf);
-		    }
-		    /* this could return multiple ip addresses but we assume its the first one */
-		    if (he->h_addr_list[0] != NULL) {
-			strcpy(influx_ip, inet_ntoa(*(struct in_addr *) (he->h_addr_list[0])));
-			DEBUG fprintf(stderr,"ic_influx_by_hostname hostname=%s converted to ip address %s))\n",host,influx_ip);
-		    } else {
-			sprintf(errorbuf, "influx host=%s to ip address convertion failed (empty list), bailing out\n", host);
-			error(errorbuf);
-		    }
-		} else {
-		    strcpy( influx_ip, host); /* perhaps the hostname is actually an ip address */
-		}
-        }
-}
-
-void ic_influx_userpw(char *user, char *pw)
-{
-	DEBUG fprintf(stderr,"ic_influx_userpw(username=%s,pssword=%s))\n",user,pw);
-	strncpy(influx_username,user,64);
-	strncpy(influx_password,pw,64);
-}
-
-int create_socket() 		/* returns 1 for error and 0 for ok */
-{
-    int i;
-    static char buffer[4096];
-    static struct sockaddr_in serv_addr;
-
-    if(debug) DEBUG fprintf(stderr, "socket: trying to connect to \"%s\":%ld\n", influx_ip, influx_port);
-    if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
-	error("socket() call failed");
-	return 0;
-    }
-
-    serv_addr.sin_family = AF_INET;
-    serv_addr.sin_addr.s_addr = inet_addr(influx_ip);
-    serv_addr.sin_port = htons(influx_port);
-
-    /* connect tot he socket offered by the web server */
-    if (connect(sockfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0) {
-	DEBUG fprintf(stderr, " connect() call failed errno=%d", errno);
-	return 0;
-    }
-    return 1;
-}
-
-void ic_check(long adding) /* Check the buffer space */
-{
-    if(output == (char *)0) {			/* First time create the buffer *
-	if( (output = (char *)malloc(MEGABYTE)) == (char *)-1)
-	    error("failed to malloc() output buffer");
-    }
-    if(output_char + (2*adding) > output_size) /* When near the end of the output buffer, extend it*/
-	if( (output = (char *)realloc(output, output_size + MEGABYTE)) == (char *)-1)
-	    error("failed to realloc() output buffer");
-    }
-}
-
-void remove_ending_comma_if_any()
-{
-    if (output[output_char - 1] == ',') {
-	output[output_char - 1] = 0;	/* remove the char */
-	output_char--;
-    }
-}
-
-void ic_measure(char *section)
-{
-    ic_check( strlen(section) + strlen(influx_tags) + 3);
-
-    output_char += sprintf(&output[output_char], "%s,%s ", section, influx_tags);
-    strcpy(saved_section, section);
-    first_sub = 1;
-    subended = 0;
-    DEBUG fprintf(stderr, "ic_measure(\"%s\") count=%ld\n", section, output_char);
-}
-
-void ic_measureend()
-{
-    ic_check( 4 );
-    remove_ending_comma_if_any();
-    if (!subended) {
-         output_char += sprintf(&output[output_char], "   \n");
-    }
-    subended = 0;
-    DEBUG fprintf(stderr, "ic_measureend()\n");
-}
-
-/* Note this added a further tag to the measurement of the "resource_name" */
-/* measurement might be "disks" */
-/* sub might be "sda1", "sdb1", etc */
-void ic_sub(char *resource)
-{
-    int i;
-
-    ic_check( strlen(saved_section) + strlen(influx_tags) +strlen(saved_sub) + strlen(resource) + 9);
-
-    /* remove previously added section */
-    if (first_sub) {
-	for (i = output_char - 1; i > 0; i--) {
-	    if (output[i] == '\n') {
-		output[i + 1] = 0;
-		output_char = i + 1;
-		break;
-	    }
-	}
-    }
-    first_sub = 0;
-
-    /* remove the trailing s */
-    strcpy(saved_sub, saved_section);
-    if (saved_sub[strlen(saved_sub) - 1] == 's') {
-	saved_sub[strlen(saved_sub) - 1] = 0;
-    }
-    output_char += sprintf(&output[output_char], "%s,%s,%s_name=%s ", saved_section, influx_tags, saved_sub, resource);
-    subended = 0;
-    DEBUG fprintf(stderr, "ic_sub(\"%s\") count=%ld\n", resource, output_char);
-}
-
-void ic_subend()
-{
-    ic_check( 4 );
-    remove_ending_comma_if_any();
-    output_char += sprintf(&output[output_char], "   \n");
-    subended = 1;
-    DEBUG fprintf(stderr, "ic_subend()\n");
-}
-
-void ic_long(char *name, long long value)
-{
-    ic_check( strlen(name) + 16 + 4 );
-    output_char += sprintf(&output[output_char], "%s=%lldi,", name, value);
-    DEBUG fprintf(stderr, "ic_long(\"%s\",%lld) count=%ld\n", name, value, output_char);
-}
-
-void ic_double(char *name, double value)
-{
-    ic_check( strlen(name) + 16 + 4 );
-    if (isnan(value) || isinf(value)) { /* not-a-number or infinity */
-	DEBUG fprintf(stderr, "ic_double(%s,%.1f) - nan error\n", name, value);
-    } else {
-	output_char += sprintf(&output[output_char], "%s=%.3f,", name, value);
-	DEBUG fprintf(stderr, "ic_double(\"%s\",%.1f) count=%ld\n", name, value, output_char);
-    }
-}
-
-void ic_string(char *name, char *value)
-{
-    int i;
-    int len;
-
-    ic_check( strlen(name) + strlen(value) + 4 );
-    len = strlen(value);
-    for (i = 0; i < len; i++) 	/* replace problem characters and with a space */
-	if (value[i] == '\n' || iscntrl(value[i]))
-	    value[i] = ' ';
-    output_char += sprintf(&output[output_char], "%s=\"%s\",", name, value);
-    DEBUG fprintf(stderr, "ic_string(\"%s\",\"%s\") count=%ld\n", name, value, output_char);
-}
-
-void ic_push()
-{
-    char header[1024];
-    char result[1024];
-    char buffer[1024 * 8];
-    int ret;
-    int i;
-    int total;
-    int sent;
-    int code;
-
-    if (output_char == 0)	/* nothing to send so skip this operation */
-	return;
-    if (influx_port) {
-	DEBUG fprintf(stderr, "ic_push() size=%ld\n", output_char);
-	if (create_socket() == 1) {
-
-	    sprintf(buffer, "POST /write?db=%s&u=%s&p=%s HTTP/1.1\r\nHost: %s:%ld\r\nContent-Length: %ld\r\n\r\n",
-		    influx_database, influx_username, influx_password, influx_hostname, influx_port, output_char);
-	    DEBUG fprintf(stderr, "buffer size=%ld\nbuffer=<%s>\n", strlen(buffer), buffer);
-	    if ((ret = write(sockfd, buffer, strlen(buffer))) != strlen(buffer)) {
-			fprintf(stderr, "warning: \"write post to sockfd failed.\" errno=%d\n", errno);
-	    }
-	    total = output_char;
-	    sent = 0;
-	    if (debug == 2)
-		fprintf(stderr, "output size=%d output=\n<%s>\n", total, output);
-	    while (sent < total) {
-		ret = write(sockfd, &output[sent], total - sent);
-		DEBUG fprintf(stderr, "written=%d bytes sent=%d total=%d\n", ret, sent, total);
-		if (ret < 0) {
-		    fprintf(stderr, "warning: \"write body to sockfd failed.\" errno=%d\n", errno);
-		    break;
-		}
-		sent = sent + ret;
-	    }
-	    for (i = 0; i < 1024; i++) /* empty the buffer */
-		result[i] = 0;
-	    if ((ret = read(sockfd, result, sizeof(result))) > 0) {
-		result[ret] = 0;
-		DEBUG fprintf(stderr, "received bytes=%d data=<%s>\n", ret, result);
-		sscanf(result, "HTTP/1.1 %d", &code);
-		for (i = 13; i < 1024; i++)
-		    if (result[i] == '\r')
-			result[i] = 0;
-		if (debug == 2)
-		    fprintf(stderr, "http-code=%d text=%s [204=Success]\n", code, &result[13]);
-		if (code != 204)
-		    fprintf(stderr, "code %d -->%s<--\n", code, result);
-	    }
-	    close(sockfd);
-	    sockfd = 0;
-	    DEBUG fprintf(stderr, "ic_push complete\n");
-	} else {
-	    DEBUG fprintf(stderr, "socket create failed\n");
-	}
-    } else error("influx port is not set, bailing out");
-
-    output[0] = 0;
-    output_char = 0;
-}
diff --git a/load_bpf.c b/load_bpf.c
index c021d08..fe7f9b4 100644
--- a/load_bpf.c
+++ b/load_bpf.c
@@ -1,3 +1,4 @@
+#include <stdlib.h>
 #include <stdio.h>
 #include <bpf/bpf.h>
 #include <bpf/libbpf.h>
@@ -23,6 +24,22 @@ static void clean_obj(struct bpf_object *obj){
 static void usage(char *app){
     printf("Usage: %s <host> <ordID> <token> <bucket>\n", app);
 }
+static int check_arguments(int argc, char *argv[]){
+    if (argc < 1){
+        usage(argv[0]);
+        return -1;
+    }
+
+    if (strcmp(argv[1], "--no-influxdb") == 0)
+        return 0;
+
+    if (argc < CNT_ARGS){
+        usage(argv[0]);
+        return -1;
+    }
+
+    return argc; // Return the number of arguments
+}
 int main(int argc, char *argv[]){
     const char *fileObj = "tp_tcp.o";
     struct bpf_object *obj;
@@ -42,29 +59,35 @@ int main(int argc, char *argv[]){
     char orgID[INFLUXDB_SIZE];
     char token[TOKEN_SIZE];
     char bucket[BUCKET_SIZE];
+    int use_influxdb = 0;
+    int debug = 1;
 
-    if (argc < CNT_ARGS){
-        usage(argv[0]);
+    // We get args
+    err = check_arguments(argc, argv);
+    if (err == -1)
         return -1;
+
+    if (err == CNT_ARGS){
+        strncpy(host, argv[1], INFLUXDB_SIZE);
+        strncpy(orgID, argv[2], INFLUXDB_SIZE);
+        strncpy(token, argv[3], TOKEN_SIZE);
+        strncpy(bucket, argv[4], BUCKET_SIZE);
+        use_influxdb = 1;
     }
 
-    strncpy(host, argv[1], INFLUXDB_SIZE);
-    strncpy(orgID, argv[2], INFLUXDB_SIZE);
-    strncpy(token, argv[3], TOKEN_SIZE);
-    strncpy(bucket, argv[4], BUCKET_SIZE);
-
     // Connect to InfluxDB
-    ic_influx_database(host, 8086, bucket);
-    ic_influx_orgID(orgID);
-    ic_influx_token(token);
+    if (use_influxdb) {
+        ic_influx_database(host, 8086, bucket);
+        ic_influx_orgID(orgID);
+        ic_influx_token(token);
+    }
 
     obj = bpf_object__open_file(fileObj, NULL);
     if (!obj){
         printf("Failed to open %s\n", fileObj);
         return -1;
     }
-    //LIBBPF_OPTS(bpf_map_create_opts, opts, .map_flags = BPF_F_MMAPABLE);
-    //map_fd = bpf_create_map(BPF_MAP_TYPE_HASH, sizeof(int), sizeof(struct reset), 4096, BPF_ANY);
+
     //map_fd = bpf_create_map(BPF_MAP_TYPE_ARRAY, sizeof(int), sizeof(struct reset), 4096, BPF_ANY);
 
     err = bpf_object__load(obj);
@@ -75,7 +98,7 @@ int main(int argc, char *argv[]){
         return -1;
     }
 
-    program = bpf_object__find_program_by_name(obj, "tcp_retransmit");
+    program = bpf_object__find_program_by_name(obj, "tcp_rst_stats");
     if (!program){
         printf("Failed to find the program\n");
         clean_obj(obj);
@@ -124,7 +147,6 @@ int main(int argc, char *argv[]){
     __s16 f = AF_INET;
     err = bpf_map_update_elem(map_fd_filter_family, &keys, &f, BPF_ANY);
 
-    printf("Waiting for new packets\n");    
     while(1){
         err = bpf_map_lookup_elem(map_fd_index, &keys, &indexPackets);
 
@@ -143,21 +165,22 @@ int main(int argc, char *argv[]){
                 memcpy(tmp, s, 35);
                 d = inet_ntoa(*dest);
 
-                printf("Sport: %d; dport: %d %d %d %s - %s\n", s_reset.sport, s_reset.dport, s_reset.family, s_reset.proto, tmp, d);
+                if (debug)
+                    printf("Sport: %d; dport: %d %d %d %s - %s\n", s_reset.sport, s_reset.dport, s_reset.family, s_reset.proto, tmp, d);
 
-                // Get the last value from InfluxDB
-                //lastValue = ic_read(s, d); 
+                if (use_influxdb) {
+                    printf("Send data to influx\n");
+                    // Send data to InfluxDB
+                    snprintf(buf, BUF_SIZE, "host=%s", s);
+                    ic_tags(buf);
 
-                // Send data to InfluxDB
-                snprintf(buf, BUF_SIZE, "host=%s", s);
-                ic_tags(buf);
-
-                ic_measure("tcp_reset");
-                ic_long(d, 1);
-                ic_measureend();
-                ic_push();
+                    ic_measure("tcp_reset");
+                    ic_long("value", 1);
+                    ic_measureend();
+                    ic_push();
             
-                memset(buf, 0, BUF_SIZE);
+                    memset(buf, 0, BUF_SIZE);
+                }
             }
             memset(&s_reset, 0, sizeof(struct reset));
         }
diff --git a/tests/main b/tests/main
deleted file mode 100755
index c579cf551e5baf59dd6661e9d976a7dc191d04b8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 23312
zcmeHPeRx#WnLm@{3PzF%N-%=Th(-e?Apt@|B#;2Xn{JQ@0kMk1Br_o+$xJ$P2NPNq
z3{l4GSlWuRu0GXnrMBB{{a6*LA3=P;x;~1oA8GwcE!r7Dji@zlmD%5WK5p&|8K2$#
zqt8D3aFo2~{XFk^&wI|f_uM=8y86bYSq=wNC7Uf^gdH3&D7BKYeWk1b)Uqme3jUtW
z&SED4&*3z|uN44XQQEUo;aEw}1|+@vBtIRVDdiMY9ug$IOr`x4!BLPE2%PjZs!BW^
z=AAC&6jXexy>h{4X|Ow2&=s`nQEcKhf*)U&3dd3aP^u;isPrftq&F<}hNYf@gE9~b
zs(4aN=-)Fkp6PH2cvKW5St?EM8D6UEb2)k(d|r^5f=cfa=#iiQ-J-(2LbjJFE=AIR
z1!Z^H%npCc+&MElyrmufK%~30yJ~Lf+&N|8VA(9*?+I{(LVD4~tJu$1kGb-d)qAd;
z{N~eV*BsG4zwyfdNRZ#;1KA@PDkLwP<Mp$F6QBCE*|7zGSQgQy;GYZsUh=)rIq#@>
z=Evu>I)RQ_E(i70Q8-I7(9c4Hu2JM^Tt~CBD+9ec1HCx|o#Hi`{f9EpKgdA;bq0Dz
z2Kqn-`u8%>Z_hw~Fav#FhIoEIgZ$JC^u`SINg3#r5TnI&RtEaL8R&Wj|6j}?zb6Cz
z`V4fKAJxx(&?y$_WjhGt*%^#oA~<Tjc^T-bET26rJKe4n!@<@KK7)mgP-|BY^L6_T
z)@}p?VHWNR`2$89bG!YJnK#cJ4!3#&ZLBpI2>4nJ<`4J`cfbgGNH;*rA)lwCBiKrK
zhc5s{Unmp^x<T?7{$POkUZLjkdPA&JNW0ywMo*W|-9m!U^+JoS_ZjWMu+h>J@O1iE
z+tnez;bW~G!7vc%SGdFH>p~-~-5z(FKj7)`Z}L&oP!EPc#{$&q4jZ13;qLVK11ubn
zio~FWXfC^`v0>3-_pGwnR_)tXZB|(&b2l_EbHg9sdVkpPg_@Tw?g$2a&7PJH9~xNS
z84Sn<+(L9zL0YqD)uO+n|3|!R8&AmQND5^Dt#jGzQ$V#YpXT@H(GK#pq@B+3Y&Hhs
zBomqBKbh=|7wSyyXDT1=mw7NG_bWy3lJs~JjG!pG!UvWMI<2{KOXP$>8y${WC2ph3
zOBBu<veA*PRvEU@X)U*k%xAhLp!HpqBI)NC5M)<5%Vnce^i?Ub(be8aymA|zUw24_
zDjVItf7aUQ)V3<Rjjm!xye1nR17npnHoCkt;k<P=y1Yc<^mZG4oMnZvE*m}HM(?)K
zoi_Sr8@<3r-)5uBRN&n0Hu`Bc`JFa8?NO@SZKD?|BH(>C`a~Q3ej8n0+Hvk~8@<RT
z-*2PS8n4Q;HoCf0Bi=z9U0tIReZWRPiwGymi3psCz=;U_AB}+Cdt|I`YHuyXEnr{2
zk(E5C_dYXrpXF_`@?Ef!#fR|MIi(gg!rO_T7)+uR|B-OoDia4e{xadTMJD<={v6@7
zwI}Z9_|t^bR++e)<9i6FEi$p4;|~%}TVrA~$A3jQZHb94j{l5s+6oivIDQA=v;`)b
zIR0b8Y3obWa{MO3Y0FELbNqV3X{$@PIKGK+y2MBna6CjfZFvdC@v8`@tu8Ti420qq
z!V3r=<oI_9r%RE<L5{B=oVL0|KgYjAIBju>`#HXdaN61ucXPa&aN5!m+c`dqaN5ce
zn>jw6aN5EWT^yfEIBi{tbwYjtV{O}k^HT9)L-eI9_2|2L@1dcl=Ej&d3AXiE-a}|o
zkJa1)Pm_i3<8<LO=M>zOf|P&(J*K@&VBWA%h;(=od`gFtlY`DFo5}D#2_gR&m#=(~
zz_ep}bV%R((L#OiaJKH)ufKH6m;eJiq=B)?!8YEG(%)S3Bj~Zn%vE}C%|=KuJ^G$8
zPB&}53wpd15stUx&wkAh+_6^aDVX>^n5&?(5}8}1N3V&;{a+`OCW{`3Q+)O4zW5p<
zP*zVN7tK}ihUkDEt32l{YV5#n>P|cdvZi*do{{3CP<V<`HhvArPf;?*XQM{#M6dbE
ztp6&ieF|T<uiZx^v|NCehfVEm5D}&+XzL+V(bg~;dIJ{(Rzv>;+hBi2vF_`SOn-{5
zr{g<_8r9w=s;RwBpm#VK8He!x3fl2W=p`6Wa{jX6J#;OqM_+)|_)T9WliPnU9NBWD
zJck%h#Q#S29v<Xi#{dDdPhi@XI%=ekh|<n}G}8-ed;x5MMcU3s*!=SAHrTLv*R3_R
zujca}&W1BDp{kn?3*#|v+}uH`4M>4l<*D{w-#cP>56u-lN^QPVi#DHwMq&&4V`@Jg
zF>ZXb@%M1;Wrb9?8K=V^VLSv2@lF_zKg;<ABVEy*Pxk8${D08-D04pAUrbtk{m!k2
z$TiV_3hg`4)}!^qdha#EEK;G1?&-0<A!5WTZ?}7qMXg8{bldqjL)WY=(oH^lR_msP
zn^kcKw@z_*9aA{|@_$kW-gzO9uYve}4^^wlyoVrzCJlR&%VFVggC(Qf+HRNGz+DwA
zxb+geJUr3rBei}Rwcd=@RTf$4>=e#Sfis72pd{1z`*!osLyx+(XR|e`XHX`6_T?z{
zo`MlMJ#HPbcah!R50pKmh8##g+57qN_Vj3E$ka9no9DvET5faMko0rB-R^nE+kJrg
z-3Ytze`wE0dtVZL&PaQvHb%5D*VMkA$9phCHw&xzVxs*!D0=iIJytlL2(ilNCJ{j{
zE5Cu6J?II05(&=4n$iGQqS{Z;D^rW%Z(o1UL=3}Y(2LK)Xz>Lpu?_NV2eeHP$f8x5
z)|2=Gn2Ty1prN~ufr8}4puRqwOtwX}72ISs{)#ykt6YFO_%}igt;{yH8sY!c_!6j?
zm=fA4<bSNP+3xihU~(@GYr7rrBXyaB(%H38!s@jM^+{C6eqDfGKMg#K@aSuN{=kkN
z)rKf_O)Wt{t!g>c+a-vEN;<Rf_d@JtE*5vt?8F*0BQhPq{*B;0GQ!)>ZQiR0QH}O}
zxgcA60Y)}Xj_mq^9N7maen1MK+)5P3fZp4mP3W0?eJ#9_xMto$4m6!WY`#NSd5O9g
ztL!|3F&>-vc<Np2K^UDvf{ugeY9ZI8Mrmfv1Q!3#zb2Chv~j3XC=Y1IkS0`2?f!4`
zWI7)$z9o|BT2N?%LObKo4m=Z0wZYr%y18~(tn*J{xnl8l>_~$BJHC1S5;ia<^AN6U
zg}ECEz^_>4AB$|()==NM<84wPs$GHF0j&jpshHXX;hT%b4UYo!=w6;vJdM$_AHrU|
zmb?<VK@l&(9*BLlW*&^h=b+aj;<?lYLOhiyj(reVLjtEs)T|#MZVpFjJWeL`W~`p3
z_69N>>jl<L?Qv9l<Bn+kk;8T9;9Wq?`Xl;InI*ZA3qZZmqW1Pv{vbynMD?8*n;viv
z=k|6Uar9nugkAU80qtr~s31UFQH5(y0L1mr;c2Yq0jhWKdJ}N%9^lSLa<b-!Ba^}Y
zF|n78u&)QcKL>Nw)J{hggF4LjutEo6vH9aMumiXl!zI|IM2YUjnvutOm6zapP7LMa
zWRQ=|bEM6asvorj+J5|{Vrt!$R^Hspo6wemLgvwtBABxBrVQ4O%bRj+0iv;9+Oo{T
zCSl|<0z6xOjmu5T#&pZ0Dk%`v%1}F?&B0&FX;XWD4)=(%<#(u3w$K%|%9cA}FMcZd
zlD3jy1;^wXrV-En48HXCPoVlOv}c)xyRrSi;$8x=`B~_ol$KL*1<Z<$+(61aYPXUw
zkJ?SBnOdXptW-BEdxW`3<e({b32~(|!QS1!eF`__<&@kAk2=TKTYg>+zVh>ZtY1f+
z1@%L1&a(QUP3Q9Zr_O8hHe!0TIh*%_u5Ciyd0T()kYj7VaiOX0nN6{BZha5|LhnqV
z%AGdd89-K4{(>&iG50CB@vG2aqK^v~?yBZGza<bGXGMhco)*i~&0O_Gp&BG#d04I?
z4IY*-YNl4noiK1olh-0_W^+GiJXQ^pJ*;1q%k6%=dlXj=OonD;zDFYmF@$^$*Fu8N
z`Fbpc2jUfk@+CHh(8sU|L6Wm3f)%ZgAE-ZqezC)s(o`lt!4<21t}!z{p1d~;IPY1(
zdloxF`o&xCU>4R0A*M|1XRhA*BMzuuSRenvJ;<dF+U86x!go8KOVVwbOIs(XT&gCw
zdC+tc=0RJ4nyIl_Jj*GUN`<)>D#+?Gn4+moSG|p}LqkXXivRYLl<Bup-*Tj+g!}Pf
z6#!+y7`k3HwGU|m6aEVBj7{w}*hQzN!ts41X=+|-DOQ<hH{S&FqM=n-iF=0~&OSfX
zp>zvZs=S@7#`*?dM~`B8Td<^GvZ5jS309z0++1Eh$;Aq9<Z_kIo(4?$J{!hy>tA4M
zCktn)l_iYj>LD<(#hKdk<z!(8Zvt0A(W7wkW4oPyAyMfAG|%LkPn+6Lc+)YV_yRcZ
zeoQ%W$gDr4w_+g^UW5Jt==!{U#?<(B)c7^arM%I~`|Ry3Cc~z7D>@miA3RVWrxC#X
zhiLC`mb32>pvZPF_z)`u*<3XUXLs0*9779<n@O>L@LSl$DGl-}phDLX*lYG;Pa*?R
za=1b|ti@;Y(ZUX-J%Oqj88ny0%~gl$ct)(SH*gnpdapUedd`bK{gLcV6gqGuMJ@ul
z!>1w^j`}#-zOa7Kc{AMxs~Iz%X2s6^TeU%qJfmFSa?Oz>2LIakO|6PtjKzqxN8AsQ
zyGPL;;!CYNZ#l;Mcxc3gsZABVC`K>7D6<Tp8}KcT^9w68{s2Q5@;7-_^-(L3__JN&
zbx6QdIz%}<m3!)ZM7TOXFOrwh^;b>pF0_o{ip(&DeO%v<_@ejj%|laBdsB@R#Xj<-
z=6N({lvs+hY>KhUZoAUyq@<0X%P)?f`;e~B7!WGBo`oLf-ggm)k4vfBd-se7L+xdC
zFce=31Ba_j?IQ?4whXfSq%4+9OZEbiokX&9BVR$-B^X#pzlBYRu3!&n@1REIuw(nk
z1s<&wYj6M&ed2L`F!1pG9PGFcK&C)1XJuVSmm*VOSu6x^9g#~y;%TVkHjgXz_Tv^5
z2OtV7z_L1mfq`Dq_3BsXsIapGcG4usz?!joG)Bizdi1Vs1WX-<))awChgG2N6jT?e
zxE_qrkrt@;acWZ)ZidVCXrDNk*|D2bZBD^q)kv*S)VYY&NRyzh5meO(oqM4Xx*pa|
ztC22F-O<gdsu6xGZZ*=+qk7k~1V(ytP*4X1RW&jwsBu9pNB^qOzac>#7Svi$bx@gb
zXe@79Zvu4<s0D&rB&h2^Z3opQs3n}*)Qt#rAwuPxx}%CftZy^NXoS24YJ@)hfU{~X
z)=G;tAXuVzq_x;$Jt0`!V61R1=uh4@h0pEy?=TP0mN0lAzDTUw!pMR6pOLrX_Vo)&
zjo1!hqOYH~Pq)9HJ7H`FE?KOFVx9DZi{R*iE7rUUx%g^qvb1W6Y%9S|FKVyip6aQy
zF&*OBhcRt#7gM6G%sFK%pC#MtE^Um}EWCiRy44NQ*XmX^L_e=<u8V%PN{^M6gS@hF
z+Shc39iN?mn|r^`HYQiR;he%6qemN~A1#Ugr7k()9ldv-L!b9n<O4d}zI<)n6?JRt
zuB>z8Op)zFGo+t->do6e@#jPYPDJ2D1WrWYL<CMm;6w!eUq--zrw#VP-*&8aO)U;j
zb@A6NYl^+DPM;^>53H{tYA*A)x((0za7l4^S}tqz_&a=Fml1S{*Dp(^xrpg%iL|x(
zLX3p{fwqoFcZt7?-qNfo4$tTchK!ox4(|-F$MCdx!afkE!4?%u-rdsUrdKxUh0PMG
ze6yx##3cpEAAgsN8uW$3F1%v8(HEk3MqSe1l=nePrp<7*pdaX>D;P1jBcuAk&67j$
zMHv;Hw>2jE@;~&a#Mjwn^td|kUTC^ABc2$+4Zc7L|0^Rl!V8AhH!LX$hP(|+Y|*sG
zGZOZNx~?uEAiFT5D;&NWDs~0&`fjz$2=!1n5J&lbE>&s#t1)o7Oo(ByTk+DZ3@RT#
zC7#N%QpuJt^6g#-BIaEYL!}H71kt5LK-z^PAzukKi<W|s08g7-=5o1s8cG3Qz*~a!
z;fm08s}Uj_;YiEz`hsq$As0Km{uv~W_i@*A`58n@X_R-5WW2!$Uf4zY&nPadXq)CL
zbp<>D>R~WMPSg~a&2F0^q<Q?MJoQ3q*t!CF&albjonwSvcyV0U(SBDX+>WS)@qRMR
zA~A28malAf&GdBnXKtJ|lfT})uq8roVq<X6=gEPJOK)y&npsg+k(aAuMpe6t!!(?E
zxr>7V!xu108-0QGMmy+4tc&2C>5zXDf7!a))lAt3jlA5vTqdUXhz|m<nO_`UApE)7
z6QU&pD+zbT)rIybg(z{_yfS0TM%I{ICbK|v%PW(jCRdsyD{zrkqm~}S7j}i=FJVT|
z@N}Renq}$jwgkOB-`sA<*Xr|c#5Cr1$s{dHvMVZJu41nkp?1UQDs2sV5qh-k>!$d+
zE}vCCr)FiOwH1ra+FV9#D7Z>X7Ziu*mzMHerBOo;cXoC744;}nu2#$f!zaT*U6AVr
zEs-vN*cAvG=&6yiKB-jU5NCu`u2V#Tetg}kuxGum+Eq4_-c@(ar*(0GYd%i|K)!}7
zK(b;y@qaE;>40INg@iIAm+=u7Rim{F(-Dc;8fJ2hWkkdBikJOS9FwyzqyxDk{2TZ~
zGFgO!f$lew$y&f|fOI_D`DQY?2KcLh24EcUR>1GQl}!E{;G^#(ldk}d8B8WW1H2S)
z0=B0EfO7y}{8KX73^?Om=mYiu-U@ixpK+W3co=X1@JH_@lV1Uz@qRLSCeBFv0p|n0
z@t0)s3cvy!6>J8q#tF!MfNOB{aS(7fU=clPMZvi{FOE$sn4`PEF?rmWvD+PE3W$Ct
z{_Xr@GWjhb!vBsg&)9iVe)m8!c{lpR@(Y&c7k$Th%GF~xvxSo`oId-!sbqlkm*8JH
z?2aXZEELZx@GlQBY$sY>e!&e{i}OyZ@69GZy7BKa@Nnon!n+vG0_A=JHi93u^Ru>c
z0pim!%){U>MZ7HA*>zbYK>PvxdjsRs1ZeTI{=w282Kkh?GxI4AE(E_TMSp{(Uj@Di
z{#c5Q>RWcUL$y!&5=LIEP0?Rt>34&FKlsa1_&VpiK-&raTi_4c`G{TCYg~l)@o~uf
zBXaD=cA2c0W#dioPeJbO0<?UDjqE$Qo7@InM#Yei+fr=wT7J5~{~Y{Zr0{=c@oT~V
z0rGdUy^ZXNya5+<)`5TZp=7es&L<zfC48Vf+X|U&$o=V*!zz|KWX{SFoducXehs;s
zFb7UU&Zo$olx@jTF1`Y}%{av4v0s#5@WZTz{Gwa3>+@Z)ocjEdo3$nR<u{z9=U4TP
zxhTK(s{E?D{PMc|l12HhMfpXLUz9(V|8|7t;7-^f*H4ra5jYWnzkdYO@3YkJvD94r
zRJt-wxr9dqRPqF1IXGjda)tob@4hBWT<ukpB(8q{MSBMo#sB<RGRSdSb5QUC881yI
z2`B-pl6-kN$6BPL>NiV8QjZ?H*^5-e52FMXOBXNnRE>(-pT`K4oi1U4{PC2cS4oGJ
z-?aZxQNOWL?f)$)`U4gh#WN4yzhP-8DRC8NTv~AcgOZPzBRFpP&0G2V|53jyPj8tX
z6;W9#;c5xnB-|+B4HDia;Vuauk#N6+uSxj6gnyOrBzo40GEu_wC7dhaQVCZ}*e2md
z32%__HVJo0_=tqUI<7UFMD3!*i>qBFOMESU+_P1bm(41xD4jb^)?Bm7XH}F}RFo^N
z(P1{;f>PfruuITyE}v0}XJcgJmyPjJ={Zb&2f!u{Y0a7ksq~YWnlGvJF-+xEDt#<d
z`It&SnW;QarROp=A5!U<eR8}~>EoDdRC*rkPm4e4W#jk4>bnxDcAVBalS+s2QN|)0
zzerZ!D@c_;l@;M#i1d=pPP5i6J1-lnf?BUq>4j{xd6CT~GWC1aRC%l>O?HZ?XX9>Y
za8x>0(@RE^SF7j<kJgVI_DOPtB5Jf=XCa>HKjsF7)64OSfW4d}>1zE~JPMZstNU2#
zk6N!5bNcb|xk}nm`-!r%k;@++=N+Jr=KmdB{tQ-dnXrJ7=4BWDl0Pm<S9$ka&_}bA
zDL(Z2j|0Im@U~le8O_c!T<Emp^5Ip`9qjmgcw5S=-$AQ3KH-()^D_sII%wBP%ZFvy
z0J88k71d8=XA<P;_x0=oK~du}UDB6N6m(^-n$wl`2waGJ0s8&^=2g;;G<0bO`3<1E
zM%1m^zheDzjgrqdX0USyr{}ZTGNt*w6Rh1M=}EbPEB_<#Gc9F#+YdmV{MXkASJb||
zJ43rKNc)D|sQG;%R1=^V!2coDpfJaVq<s2!4E_o_wYw&*-SbF3>-hC53-KAv|LLHU
z9haP6=q4|P8RU;<pkKi0`RpuyqtCFSiBg_Hz8-Ww?$ZBSDZes<yieNq$P2e$NcqkT
z^4Dgd-w8Ukd-rN#pibJMdrpdf`g-_S20JfipeHyzpOwo1@N*5c@ks`G4fD$-eXxTG
zppVZgvaSmh?;N7jWGojHHD2YQ(|kOaURFWj_u+uml770(H-4`S`eI4H`+SndPbvgp
zD>+>vHqe%Veh@MRls|r(FscvAIH>(pokeYi9g2U49CzjaO_E-#)_KXeL(<#j`k?05
zt_=R{;q-jw#8O6upW6UF3p)9kKELSwR`RDQZ5|CuJJ+Af%`kozf$DpbzE{R`P_WsM
zq_4r-OH}w72jDR1WPe?n{T%d<=>3vjOG+sDlHM-qDn6xhzB5TzdHZuoUw5g{-y#4z
zUD{!CpHg<tMuqZZ>{&vPpXZ=j!s$}k2Ifoo$7DY9b2#vqXOLf)fo^1=-v~P8dHT5g
z1az0p4^{mQ$<uhrd>Ahok7ls{d<Od4pifmsZSYGjpU?gvZy>ixUN&wBDQ@@R(ufK_
zivt`FI{Cw7{MERe!{xbX%Aa{kUgo*V=f({3Zcfi<Kb8Awm$KFxGQtKPVwSbCkuSEm
zjZQbd8WZq^@x2yr(7nDR*y8DMdyQZy?Dj;uar7?^_`PN2qf5}IW&CbWDCFsJ;|WHn
zhqZ<9K+)}ubawVY#fIU*sozKu^|!(sJipuMrYD<a74k6*+M-i_@Z9dDE9#cjyX!Ar
z;>I^*QZ0Cyd&y-N*DY&UoXX+fv;hg9#d6o{(t^HZ1#@52xO`DvqkH+%r7P>3-OY82
z8tcg_{}N7XIKulvPsGGS3pams06u?iY<;GuR(%zRzJMb??UO?Lrmx~a9$x}V5l4G?
zsAp@IKg^Jik4C;Cl%f;zbp|*35O6P^Nx3mdogTNp&Fu*w<UV@b!}#MnX~f;y?g`1S
z4yBmkA2Ldz(BnW~OJu$EHJ}u3*n{Uv?l8V?M4v0-pBqZyLz^Br@(&rMFpm4$PzqOu
zTRq7|#HkD7(?KKOLrPIedETAEfe-Y+UVR2Bg_r(KBDXgjbhmo~Uiw~9!*aBUc)H;S
zKEp)cMxy7IRBLVbwQjH{3T3kVK2ur)Dc^#!c;9Ai{!rKu1I=F_u-*lbPsrT#giL)Q
z%F?406OYu~;t4gJXbFd9Xv7mnH$7qG6NX%skC3TKPw13&9uhfxNH!!KatGZMk1t7D
zJk?cSwMy{-TscJQ1qc2etP~mfR6T_zK1-ECa=V+CEmqT+z8*E|C!u6({x0i#RVhaJ
zm#tDLsb9HDVZnLPTU&I{cNLf}k9cPQfwg^R%d#*V9?%E3ECQeO{F7iQq>&Jb*Af^j
z3-@&5Z4f{sBw)L$;j>|Qb%B-PVW_WceIQcS67l0hfPSwe)h%i$#egx+YxiIj%e*}S
z*b~qQ2@YNX3DZ2}ViIwK7xHy@NI}-RIt*6E6SfT1vh_ir^q`lO(b5f}AYU-beC=|v
zZpXLBEKI11Ra<DNI$H2_`diU_&>+ijjuxIW<R>emB?;Ss+I;@^khWD^vf!Rl6m?Fe
zpgNb8Y%Z(n1nF{&jwqGBI?qz@JQA`MZ09LuE-<^kI`>l0l_E{|^r>YDQ2aDBsM=TO
zV+zX4a_jt9?eEIU#i-C(vC>!P$qE+XdXWm9H&dLHei0E-=(dGKl)gG|Q&62plPndo
zVJ}w#p|fA5ug>KZTqK2Y*};pFQ*Z;Qbe61eb$+K{tx!A8e@SMWP@$MAeRa;K;D8iV
z?WgyDtJGg4<<xngg6ce-^ywBLUH=x)C?@JWpKhgikx<??NaFG1Pxo_neV5cz@b0vL
zr<rHBrs?;~3s?n}zsdoHD|lC$zPi6sutJ_&D1Ftw!v8r<Up+rjP(4Rb^6B~iOR2BM
zPu+(qSZ@VZSV(XGfi!(}PO2ciqhT-U?LP%3g;=$(&Qld!C+Cl{q2i|S-=jijkV;IQ
zkE!pyrpqf_!B?T{wCSt!*`XQ`QIwp(MsP*{6BraC)xJ8%Ro~Mcl=-8=sPt4EcS4s$
zl)gIe9asn=N{Im0U!||$2jJNCt@FNGp)x3d^;hXB_$fGceRW<kSSwVNpUQyJQ}~yt
z5KZ~7&Y6d5g@j8jbOL2A2^Bbo3bkLZ2ofrNc^qkRNtTKos@xGA@wcc>V)8*F?L*Xt
q@?W_{^TYC8st_oW2YFp;;gUSnt`eo`KAQfv6+(i(XK62KDElu%?k4mA

diff --git a/tests/main.c b/tests/main.c
deleted file mode 100644
index 5a9b353..0000000
--- a/tests/main.c
+++ /dev/null
@@ -1,44 +0,0 @@
-#include <stdio.h>
-#include <unistd.h>
-#include <string.h>
-#include "ic.h"
-
-int main(int argc, char *argv[], char *argp[]){
-    char buf[300];
-    char host[64];
-    char orgID[64];
-    char token[128];
-    int stats = 0;
-
-    if (argc < 3){
-	printf("Usage: ./main <host> <orgID> <token>");
-        return 0;
-    }
-    printf("%s %s %s\n", argv[1], argv[2], argv[3]);
-    memcpy(host, argv[1], 64);
-    memcpy(orgID, argv[2], 64);
-    memcpy(token, argv[3], 128);
-    printf("Host: %s\n", host);
-    printf("orgID: %s\n", orgID);
-    printf("Token: %s\n", token);
-
-    ic_influx_database(host, 8086, "tcp_metrics");
-    ic_influx_orgID(orgID);
-    ic_influx_token(token);
-    ic_debug(2);
-
-    while(1){
-        snprintf(buf, 300, "host=%s", host);
-        ic_tags(buf);
-
-        ic_measure("tcp_reset");
-
-        stats += 1;
-
-        ic_measureend();
-        ic_push();
-        sleep(30);
-    }
-
-    return 0;
-}
diff --git a/tests/main.py b/tests/main.py
deleted file mode 100644
index 59add27..0000000
--- a/tests/main.py
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/usr/bin/env python3
-
-from bcc import BPF
-
-with open("tp_tcp.c", 'r') as f:
-    data = f.read()
-
-b = BPF(text=data)
-#b = BPF(src_file="tp_tcp_py.c")
diff --git a/tests/read.sh b/tests/read.sh
index 2eb9b4a..223d680 100755
--- a/tests/read.sh
+++ b/tests/read.sh
@@ -4,10 +4,9 @@ curl -i -X POST "http://192.168.1.68:8086/api/v2/query?bucket=tcp_metrics&orgID=
 	--header "Authorization: Token $1" \
     --header "Accept: application/csv" \
     --header "Content-Type: application/vnd.flux" \
-    --data 'from(bucket: "tcp_metrics")|> range(start: -1m)|> filter(fn: (r) => r["_measurement"] == "tcp_reset")|> filter(fn: (r) => r["host"] == "127.0.0.1")|> filter(fn: (r) => r["_field"] == "127.0.0.1")|> last()'
-#    --data 'from(bucket: "tcp_metrics")
-#                |> range(start: -5m)
-#                |> filter(fn: (r) => r["_measurement"] == "tcp_reset")
-#                |> filter(fn: (r) => r["host"] == "127.0.0.1")
-#                |> filter(fn: (r) => r["_field"] == "127.0.0.1")
-#                |> yield(name: "mean")'
+    --data 'from(bucket: "tcp_metrics")
+                |> range(start: -5m)
+                |> filter(fn: (r) => r["_measurement"] == "tcp_reset")
+                |> filter(fn: (r) => r["host"] == "127.0.0.1")
+                |> filter(fn: (r) => r["_field"] == "value")
+                |> yield(name: "mean")'
diff --git a/tests/write.sh b/tests/write.sh
index e168010..54edc5e 100644
--- a/tests/write.sh
+++ b/tests/write.sh
@@ -1,7 +1,5 @@
 #!/usr/bin/bash
 
-#curl -i -X POST 'http://localhost:8086/api/v2/write?bucket=tcp_metrics&orgID=392fcb79fc296d8e&rp&precision=ns' \
 curl -i -X POST "http://localhost:8086/api/v2/write?bucket=tcp_metrics&orgID=392fcb79fc296d8e" \
 	--header "Authorization: Token $1" \
-  	--data "cpu_load_short,host=server01,region=us-west value=1"
-#  --data-raw 'cpu_load_short,host=server01,region=us-west value=0.64 1434055562000000000'
+  	--data "cpu_load_short,host=server01, value=1"
diff --git a/tp_tcp.c b/tp_tcp.c
index 06257f2..1c4284d 100644
--- a/tp_tcp.c
+++ b/tp_tcp.c
@@ -10,22 +10,7 @@
 char LICENSE[] SEC("license") = "Dual BSD/GPL";
 
 
-struct ctx_receive_reset {
-    __u16 common_type; // unsigned short
-    __u8 common_flags; // unsigned char
-    __u8 common_count; // unsigned char 
-    __s32 pid;         // int
-
-    const void *skaddr;
-    __u16 sport; 
-    __u16 dport;
-    __u16 family;
-    __u8 saddr[4];
-    __u8 daddr[4];
-    __u8 saddr_v6[16];
-    __u8 daddr_v6[16];
-    __u64 sock_cookie;
-};
+// Format: /sys/kernel/debug/tracing/events/tcp/tcp_send_reset/format
 struct ctx_send_reset {
     __u16 common_type; // unsigned short
     __u8 common_flags; // unsigned char
@@ -74,31 +59,13 @@ struct {
 // sudo tcpdump -i any 'tcp[13] & 4 != 0' -n -> filter TCP reset flags
 
 /*
- * This project do not trace any sniffing ports, because, the tracepoint tcp:tcp_send_reset
- * works only for an establish socket, but, if you have a lot of TCP RST, you can have 
- * an issue with your system
- */
-
-/*
- * Identify all tracepoint available
- *   - cat /sys/kernel/tracing/available_events
- * Enable an event:
- *   - echo 'tcp_receive_reset' >> /sys/kernel/tracing/set_event -> important to add the '>>'
- * Docs: https://docs.kernel.org/trace/events.html
- * https://events.linuxfoundation.org/wp-content/uploads/2022/10/elena-zannoni-tracing-tutorial-LF-2021.pdf
- * https://docs.kernel.org/trace/tracepoints.html
  * Why we need to detect RST:
  * When we scan the port, the scanner send an SYN flag and if the port is block, we receive a RST flag:
- * listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
-10:48:28.531295 lo    In  IP localhost.43961 > localhost.tproxy: Flags [S], seq 2197047013, win 1024, options [mss 1460], length 0
-10:48:28.531306 lo    In  IP localhost.tproxy > localhost.43961: Flags [R.], seq 0, ack 2197047014, win 0, length 0
  * But we can also block all receive RST: iptables -I INPUT -p tcp --dport <port> -j REJECT --reject-with tcp-reset
  */
 
-//SEC("tp/tcp_retransmit_synack")
-//SEC("tracepoint/tcp/tcp_receive_reset")
 SEC("tracepoint/tcp/tcp_send_reset")
-int tcp_retransmit(struct ctx_send_reset *ctx){
+int tcp_rst_stats(struct ctx_send_reset *ctx){
     struct reset s_reset = {};
     int *index;
     int keys = 0;