forked from linuxkerneltravel/lmp
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'linuxkerneltravel:develop' into develop
- Loading branch information
Showing
81 changed files
with
102,280 additions
and
1,493 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
## ToDo Lists | ||
|
||
- [ ] kvm_watcher 放入 | ||
- [ ] fs_watcher 放入 | ||
- [x] fs_watcher 放入 | ||
- [ ] 交叉编译支持,x64平台一键编译出arm64架构程序 | ||
- [ ] bridge可视化 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
# \copyright | ||
# Copyright (c) 2024 by the lmp/magic_eyes project authors. All Rights Reserved. | ||
# | ||
# This file is open source software, licensed to you under the terms | ||
# of the Apache License, Version 2.0 (the "License"). See the NOTICE file | ||
# distributed with this work for additional information regarding copyright | ||
# ownership. You may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 | ||
# ----------------------------------------------------------------------------------------- | ||
# \brief | ||
# fs_watcher 工具 CMakeLists 文件 | ||
# ----------------------------------------------------------------------------------------- | ||
set(TOOL_NAME fs_watcher) | ||
set(TOOL_BELONG_TO_MODULE fs) | ||
|
||
file(GLOB apps ${CMAKE_CURRENT_SOURCE_DIR}/bpf/*.bpf.c) | ||
# 若不用Rust,则排除 profile.bpf.c | ||
if(NOT CARGO_EXISTS) | ||
list(REMOVE_ITEM apps ${CMAKE_CURRENT_SOURCE_DIR}/bpf/profile.bpf.c) | ||
endif() | ||
|
||
# 设置并创建 <>/src-gen/TOOL_BELONG_TO_MODULE/TOOL_NAME 文件夹 | ||
set(SRC_GEN_TARGET_DIR ${CONFIG_SRC_GEN_DIR}/${TOOL_BELONG_TO_MODULE}/${TOOL_NAME}) | ||
if (NOT EXISTS ${SRC_GEN_TARGET_DIR}) | ||
file(MAKE_DIRECTORY ${SRC_GEN_TARGET_DIR}) | ||
message(STATUS "directory create success") | ||
endif () | ||
|
||
# 遍历文件夹内所有的bpf.c | ||
foreach(app ${apps}) | ||
get_filename_component(app_stem ${app} NAME_WE) | ||
# Build object skeleton and depend skeleton on libbpf build | ||
bpf_object(${app_stem} ${app_stem}.bpf.c ${SRC_GEN_TARGET_DIR}) | ||
add_dependencies(${app_stem}_skel libbpf-build bpftool-build) | ||
endforeach() | ||
|
||
add_executable(${TOOL_NAME} src/${TOOL_NAME}.c) | ||
foreach (app ${apps}) | ||
get_filename_component(app_stem ${app} NAME_WE) | ||
target_link_libraries(${TOOL_NAME} ${app_stem}_skel) | ||
|
||
if(${app_stem} STREQUAL "profile") | ||
target_include_directories(${app_stem} PRIVATE | ||
${CMAKE_SOURCE_DIR}/blazesym/include) | ||
target_link_libraries(${app_stem} | ||
${CMAKE_SOURCE_DIR}/blazesym/target/release/libblazesym.a -lpthread -lrt -ldl) | ||
endif() | ||
endforeach () | ||
|
||
# 将可执行文件,配置文件等安装在对应的位置 | ||
# 设置安装目录 | ||
set(CPU_WATCHER_INSTALL_DIR backend/${TOOL_BELONG_TO_MODULE}/${TOOL_NAME}) | ||
# 安装可执行文件到 ${CPU_WATCHER_INSTALL_DIR}/bin | ||
install(TARGETS ${TOOL_NAME} | ||
RUNTIME DESTINATION ${CPU_WATCHER_INSTALL_DIR}/bin) | ||
# 安装配置文件到 ${CPU_WATCHER_INSTALL_DIR}/etc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,5 @@ | ||
1. 项目简介 | ||
2. 安装与编译 | ||
3. 运行 | ||
1.项目简介 | ||
|
||
2.安装与编译 | ||
|
||
3.运行 |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
#include "vmlinux.h" | ||
#include <bpf/bpf_helpers.h> //包含了BPF 辅助函数 | ||
#include <bpf/bpf_tracing.h> | ||
#include "open.h" | ||
|
||
char LICENSE[] SEC("license") = "Dual BSD/GPL"; | ||
|
||
// 定义哈希映射 | ||
struct { | ||
__uint(type, BPF_MAP_TYPE_HASH); | ||
__uint(max_entries, 1024); | ||
__type(key, pid_t); | ||
__type(value, u64); | ||
} fdtmp SEC(".maps"); | ||
|
||
struct { | ||
__uint(type, BPF_MAP_TYPE_RINGBUF); | ||
__uint(max_entries, 256 * 1024); | ||
} rb SEC(".maps"); | ||
|
||
SEC("kprobe/do_sys_openat2") | ||
int BPF_KPROBE(do_sys_openat2) | ||
{ | ||
struct fs_t fs; | ||
pid_t pid; | ||
|
||
//pid | ||
pid = bpf_get_current_pid_tgid() >> 32; | ||
fs.pid = pid; | ||
|
||
//uid | ||
fs.uid = bpf_get_current_uid_gid(); | ||
|
||
//fd,file descriptor | ||
int fd = PT_REGS_RC(ctx); | ||
if (fd >= 0) | ||
fs.fd = fd; | ||
else | ||
fs.fd= -1; | ||
|
||
//time | ||
unsigned long long ts = bpf_ktime_get_ns(); | ||
fs.ts = ts; | ||
bpf_map_update_elem(&fdtmp, &pid, &ts, BPF_ANY); | ||
|
||
//从环形缓冲区(ring buffer)中分配一块内存来存储一个名为 struct fs_t 类型的数据,并将该内存块的指针赋值给指针变量 e | ||
struct fs_t *e; | ||
e = bpf_ringbuf_reserve(&rb, sizeof(*e), 0); | ||
if (!e) return 0; | ||
|
||
//给变量e赋值 | ||
e->pid = fs.pid; | ||
e->uid = fs.uid; | ||
e->fd = fs.fd; | ||
e->ts = fs.ts; | ||
bpf_get_current_comm(e->comm, sizeof(e->comm)); | ||
|
||
// 成功地将其提交到用户空间进行后期处理 | ||
bpf_ringbuf_submit(e, 0); | ||
|
||
return 0; | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
#include "vmlinux.h" | ||
#include <bpf/bpf_helpers.h> | ||
#include <bpf/bpf_tracing.h> | ||
#include "read.h" | ||
|
||
char LICENSE[] SEC("license") = "Dual BSD/GPL"; | ||
|
||
struct { | ||
__uint(type, BPF_MAP_TYPE_HASH); | ||
__uint(max_entries, 1024); | ||
__type(key, pid_t); | ||
__type(value, u64); | ||
} data SEC(".maps"); | ||
|
||
struct { | ||
__uint(type, BPF_MAP_TYPE_RINGBUF); | ||
__uint(max_entries, 256 * 1024); | ||
} rb SEC(".maps"); | ||
|
||
const volatile unsigned long long min_duration_ns = 0; | ||
|
||
SEC("tracepoint/syscalls/sys_enter_read") | ||
|
||
int trace_enter_read(void *ctx) | ||
{ | ||
pid_t pid; | ||
struct event *e; | ||
u64 ts; | ||
pid = bpf_get_current_pid_tgid() >> 32; | ||
ts = bpf_ktime_get_ns(); | ||
bpf_map_update_elem(&data, &pid, &ts, BPF_ANY); | ||
if (min_duration_ns) | ||
return 0; | ||
/* reserve sample from BPF ringbuf */ | ||
e = bpf_ringbuf_reserve(&rb, sizeof(*e), 0); | ||
if (!e) | ||
return 0; | ||
|
||
e->pid = pid; | ||
e->duration_ns = ts; | ||
|
||
/* successfully submit it to user-space for post-processing */ | ||
bpf_ringbuf_submit(e, 0); | ||
return 0; | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
#include "vmlinux.h" | ||
#include <bpf/bpf_helpers.h> | ||
#include <bpf/bpf_tracing.h> | ||
#include "write.h" | ||
|
||
char LICENSE[] SEC("license") = "Dual BSD/GPL"; | ||
|
||
|
||
struct { | ||
__uint(type, BPF_MAP_TYPE_HASH); | ||
__uint(max_entries, 1024); | ||
__type(key, pid_t); | ||
__type(value, u64); | ||
} data SEC(".maps"); | ||
|
||
struct { | ||
__uint(type, BPF_MAP_TYPE_RINGBUF); | ||
__uint(max_entries,256 * 1024); | ||
} rb SEC(".maps"); | ||
|
||
const volatile unsigned long long min_duration_ns = 0; | ||
|
||
SEC("tracepoint/syscalls/sys_enter_write") | ||
|
||
int kprobe_sys_enter_write( void *ctx) | ||
{ | ||
pid_t pid; | ||
struct fs_t *e; | ||
u64 ts; | ||
pid = bpf_get_current_pid_tgid() >> 32; | ||
ts = bpf_ktime_get_ns(); | ||
bpf_map_update_elem(&data,&pid,&ts,BPF_ANY); | ||
if(min_duration_ns) | ||
return 0; | ||
e = bpf_ringbuf_reserve(&rb,sizeof(*e),0); | ||
if(!e) | ||
return 0; | ||
e->pid = pid; | ||
e->duration_ns = ts; | ||
|
||
bpf_ringbuf_submit(e,0); | ||
return 0; | ||
} |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
#ifndef __OPEN_H | ||
#define __OPEN_H | ||
|
||
#ifndef TASK_COMM_LEN | ||
#define TASK_COMM_LEN 16 | ||
#endif | ||
|
||
struct fs_t { | ||
int pid; | ||
unsigned long long uid; | ||
int fd; | ||
unsigned long long ts; | ||
char comm[TASK_COMM_LEN]; | ||
}; | ||
|
||
#endif /* __OPEN_H */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
#ifndef __READ_H | ||
#define __READ_H | ||
|
||
|
||
struct event { | ||
int pid; | ||
unsigned long long duration_ns; | ||
}; | ||
|
||
#endif /* __READ_H */ |
Oops, something went wrong.