$ echo global > /sys/kernel/debug/tracing/trace_clock
$ echo 'p:kprobes/tcp_reset tcp_reset port=+12(%di):u16 dst=+0(%di):u32 state=+18(%di):u8' >> /sys/kernel/debug/tracing/kprobe_events
$ echo 1 > /sys/kernel/debug/tracing/events/kprobes/tcp_reset/enable
$ echo 'p:kprobes/tcp_retransmit tcp_retransmit_skb port=+12(%di):u16 dst=+0(%di):u32 state=+18(%di):u8' >> /sys/kernel/debug/tracing/kprobe_events
$ echo 1 > /sys/kernel/debug/tracing/events/kprobes/tcp_retransmit/enable$ cat /sys/kernel/debug/tracing/trace
See the arch-specific ABI docs.
Use GDB.
$ sudo apt install linux-image-unsigned-5.8.0-37-generic-dbgsym
$ gdb /usr/lib/debug/boot/vmlinux-5.8.0-37-generic
(gdb) ptype struct sock
(gdb) print (int)&((struct sock*)0)->__sk_common.skc_dport- https://www.kernel.org/doc/html/latest/trace/kprobetrace.html
- http://manpages.ubuntu.com/manpages/xenial/en/man8/kprobe.8.html
- https://lwn.net/Articles/132196/
- Figure 3.4: Register Usage, Page 23
- https://stackoverflow.com/questions/9788679/how-to-get-the-relative-address-of-a-field-in-a-structure-dump-c
- https://stackoverflow.com/questions/58967047/how-can-i-find-out-the-field-offsets-of-a-kernel-struct
- http://www.alexlambert.com/2017/12/18/kernel-debugging-for-newbies.html
- https://wiki.ubuntu.com/Kernel/Systemtap#Where_to_get_debug_symbols_for_kernel_X.3F
- kprobe event trace
- ftrace