Skip to content

Instantly share code, notes, and snippets.

@slankdev

slankdev/trace.py Secret

Created April 30, 2017 16:09
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save slankdev/222fe842f22c48c6f8b2bd70486520ea to your computer and use it in GitHub Desktop.
Save slankdev/222fe842f22c48c6f8b2bd70486520ea to your computer and use it in GitHub Desktop.
Download ZIP
Raw
trace.py
#!/usr/bin/env python
from bcc import BPF
prog="""
#include <uapi/linux/ptrace.h>
BPF_HASH(counter, u64, u64, 1024);
int kprobe__packet_sendmsg(struct pt_regs* ctx)
{
/* Update Counter */
u64 zero = 0;
u64* val = counter.lookup_or_init(&zero, &zero);
(*val) ++;
/* Function Arguments */
struct socket *sock = (struct socket*)PT_REGS_PARM1(ctx);
struct msghdr *msg = (struct msghdr*)PT_REGS_PARM2(ctx);
size_t len = (u64)PT_REGS_PARM3(ctx);
/* Printk */
bpf_trace_printk("[%lu]: \n", *val);
bpf_trace_printk("+ sock=%p \n", sock);
bpf_trace_printk("+ msg=%p \n", msg);
bpf_trace_printk("+ len=%lu \n", len);
return 0;
}
"""
b = BPF(text=prog)
while True:
print(b.trace_fields()[5])
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment