soumyadipdm/tcptop.patch

## tcptop.patch
--- /usr/share/bcc/tools/tcptop	2020-05-06 09:47:19.000000000 +0000
+++ my_tcptop3	2020-06-04 07:02:29.028703296 +0000
@@ -25,7 +25,7 @@
 # 02-Sep-2016   Brendan Gregg   Created this.

 from __future__ import print_function
-from bcc import BPF
+from bcc import BPF, DEBUG_BPF, DEBUG_PREPROCESSOR, DEBUG_SOURCE
 import argparse
 from socket import inet_ntop, AF_INET, AF_INET6
 from struct import pack
@@ -76,6 +76,8 @@
 #include <uapi/linux/ptrace.h>
 #include <net/sock.h>
 #include <bcc/proto.h>
+#include <linux/cgroup.h>
+#include <linux/sched.h>

 struct ipv4_key_t {
     u32 pid;
@@ -83,6 +85,7 @@
     u32 daddr;
     u16 lport;
     u16 dport;
+    char cgrouppath[16];
 };
 BPF_HASH(ipv4_send_bytes, struct ipv4_key_t);
 BPF_HASH(ipv4_recv_bytes, struct ipv4_key_t);
@@ -93,27 +96,21 @@
     u32 pid;
     u16 lport;
     u16 dport;
-    u64 __pad__;
+    char cgrouppath[16];
 };
 BPF_HASH(ipv6_send_bytes, struct ipv6_key_t);
 BPF_HASH(ipv6_recv_bytes, struct ipv6_key_t);

-#if CGROUPSET
-BPF_TABLE_PINNED("hash", u64, u64, cgroupset, 1024, "CGROUPPATH");
-#endif
-
 int kprobe__tcp_sendmsg(struct pt_regs *ctx, struct sock *sk,
     struct msghdr *msg, size_t size)
 {
     u32 pid = bpf_get_current_pid_tgid() >> 32;
-    FILTER
-#if CGROUPSET
-    u64 cgroupid = bpf_get_current_cgroup_id();
-    if (cgroupset.lookup(&cgroupid) == NULL) {
-        return 0;
-    }
-#endif
     u16 dport = 0, family = sk->__sk_common.skc_family;
+
+    char cgpath[16] = "/";
+    struct task_struct *t = NULL;
+    t = (struct task_struct *)bpf_get_current_task();
+    task_cgroup_path(t, (char *) &cgpath, sizeof(cgpath));

     if (family == AF_INET) {
         struct ipv4_key_t ipv4_key = {.pid = pid};
@@ -122,6 +119,7 @@
         ipv4_key.lport = sk->__sk_common.skc_num;
         dport = sk->__sk_common.skc_dport;
         ipv4_key.dport = ntohs(dport);
+        __builtin_memcpy(&ipv4_key.cgrouppath, &cgpath, sizeof(ipv4_key.cgrouppath));
         ipv4_send_bytes.increment(ipv4_key, size);

     } else if (family == AF_INET6) {
@@ -133,6 +131,7 @@
         ipv6_key.lport = sk->__sk_common.skc_num;
         dport = sk->__sk_common.skc_dport;
         ipv6_key.dport = ntohs(dport);
+        __builtin_memcpy(&ipv6_key.cgrouppath, &cgpath, sizeof(ipv6_key.cgrouppath));
         ipv6_send_bytes.increment(ipv6_key, size);
     }
     // else drop
@@ -149,18 +148,16 @@
 int kprobe__tcp_cleanup_rbuf(struct pt_regs *ctx, struct sock *sk, int copied)
 {
     u32 pid = bpf_get_current_pid_tgid() >> 32;
-    FILTER
-#if CGROUPSET
-    u64 cgroupid = bpf_get_current_cgroup_id();
-    if (cgroupset.lookup(&cgroupid) == NULL) {
-        return 0;
-    }
-#endif
     u16 dport = 0, family = sk->__sk_common.skc_family;
-    u64 *val, zero = 0;

-    if (copied <= 0)
+    char cgpath[16] = "/";
+    struct task_struct *t = NULL;
+    t = (struct task_struct *)bpf_get_current_task();
+    task_cgroup_path(t, (char *) &cgpath, sizeof(cgpath));
+
+    if (copied <= 0) {
         return 0;
+    }

     if (family == AF_INET) {
         struct ipv4_key_t ipv4_key = {.pid = pid};
@@ -169,6 +166,7 @@
         ipv4_key.lport = sk->__sk_common.skc_num;
         dport = sk->__sk_common.skc_dport;
         ipv4_key.dport = ntohs(dport);
+        __builtin_memcpy(&ipv4_key.cgrouppath, &cgpath, sizeof(ipv4_key.cgrouppath));
         ipv4_recv_bytes.increment(ipv4_key, copied);

     } else if (family == AF_INET6) {
@@ -180,6 +178,7 @@
         ipv6_key.lport = sk->__sk_common.skc_num;
         dport = sk->__sk_common.skc_dport;
         ipv6_key.dport = ntohs(dport);
+        __builtin_memcpy(&ipv6_key.cgrouppath, &cgpath, sizeof(ipv6_key.cgrouppath));
         ipv6_recv_bytes.increment(ipv6_key, copied);
     }
     // else drop
@@ -189,16 +188,6 @@
 """

 # code substitutions
-if args.pid:
-    bpf_text = bpf_text.replace('FILTER',
-        'if (pid != %s) { return 0; }' % args.pid)
-else:
-    bpf_text = bpf_text.replace('FILTER', '')
-if args.cgroupmap:
-    bpf_text = bpf_text.replace('CGROUPSET', '1')
-    bpf_text = bpf_text.replace('CGROUPPATH', args.cgroupmap)
-else:
-    bpf_text = bpf_text.replace('CGROUPSET', '0')
 if debug or args.ebpf:
     print(bpf_text)
     if args.ebpf:
@@ -228,7 +217,8 @@
                          dport=k.dport)

 # initialize BPF
-b = BPF(text=bpf_text)
+b = BPF(text=bpf_text, debug=DEBUG_BPF|DEBUG_PREPROCESSOR|DEBUG_SOURCE,
+        cflags=["-fmacro-backtrace-limit=0"])

 ipv4_send_bytes = b["ipv4_send_bytes"]
 ipv4_recv_bytes = b["ipv4_recv_bytes"]
	--- /usr/share/bcc/tools/tcptop 2020-05-06 09:47:19.000000000 +0000
	+++ my_tcptop3 2020-06-04 07:02:29.028703296 +0000
	@@ -25,7 +25,7 @@
	# 02-Sep-2016 Brendan Gregg Created this.

	from __future__ import print_function
	-from bcc import BPF
	+from bcc import BPF, DEBUG_BPF, DEBUG_PREPROCESSOR, DEBUG_SOURCE
	import argparse
	from socket import inet_ntop, AF_INET, AF_INET6
	from struct import pack
	@@ -76,6 +76,8 @@
	#include <uapi/linux/ptrace.h>
	#include <net/sock.h>
	#include <bcc/proto.h>
	+#include <linux/cgroup.h>
	+#include <linux/sched.h>

	struct ipv4_key_t {
	u32 pid;
	@@ -83,6 +85,7 @@
	u32 daddr;
	u16 lport;
	u16 dport;
	+ char cgrouppath[16];
	};
	BPF_HASH(ipv4_send_bytes, struct ipv4_key_t);
	BPF_HASH(ipv4_recv_bytes, struct ipv4_key_t);
	@@ -93,27 +96,21 @@
	u32 pid;
	u16 lport;
	u16 dport;
	- u64 __pad__;
	+ char cgrouppath[16];
	};
	BPF_HASH(ipv6_send_bytes, struct ipv6_key_t);
	BPF_HASH(ipv6_recv_bytes, struct ipv6_key_t);

	-#if CGROUPSET
	-BPF_TABLE_PINNED("hash", u64, u64, cgroupset, 1024, "CGROUPPATH");
	-#endif
	-
	int kprobe__tcp_sendmsg(struct pt_regs ctx, struct sock sk,
	struct msghdr *msg, size_t size)
	{
	u32 pid = bpf_get_current_pid_tgid() >> 32;
	- FILTER
	-#if CGROUPSET
	- u64 cgroupid = bpf_get_current_cgroup_id();
	- if (cgroupset.lookup(&cgroupid) == NULL) {
	- return 0;
	- }
	-#endif
	u16 dport = 0, family = sk->__sk_common.skc_family;
	+
	+ char cgpath[16] = "/";
	+ struct task_struct *t = NULL;
	+ t = (struct task_struct *)bpf_get_current_task();
	+ task_cgroup_path(t, (char *) &cgpath, sizeof(cgpath));

	if (family == AF_INET) {
	struct ipv4_key_t ipv4_key = {.pid = pid};
	@@ -122,6 +119,7 @@
	ipv4_key.lport = sk->__sk_common.skc_num;
	dport = sk->__sk_common.skc_dport;
	ipv4_key.dport = ntohs(dport);
	+ __builtin_memcpy(&ipv4_key.cgrouppath, &cgpath, sizeof(ipv4_key.cgrouppath));
	ipv4_send_bytes.increment(ipv4_key, size);

	} else if (family == AF_INET6) {
	@@ -133,6 +131,7 @@
	ipv6_key.lport = sk->__sk_common.skc_num;
	dport = sk->__sk_common.skc_dport;
	ipv6_key.dport = ntohs(dport);
	+ __builtin_memcpy(&ipv6_key.cgrouppath, &cgpath, sizeof(ipv6_key.cgrouppath));
	ipv6_send_bytes.increment(ipv6_key, size);
	}
	// else drop
	@@ -149,18 +148,16 @@
	int kprobe__tcp_cleanup_rbuf(struct pt_regs ctx, struct sock sk, int copied)
	{
	u32 pid = bpf_get_current_pid_tgid() >> 32;
	- FILTER
	-#if CGROUPSET
	- u64 cgroupid = bpf_get_current_cgroup_id();
	- if (cgroupset.lookup(&cgroupid) == NULL) {
	- return 0;
	- }
	-#endif
	u16 dport = 0, family = sk->__sk_common.skc_family;
	- u64 *val, zero = 0;

	- if (copied <= 0)
	+ char cgpath[16] = "/";
	+ struct task_struct *t = NULL;
	+ t = (struct task_struct *)bpf_get_current_task();
	+ task_cgroup_path(t, (char *) &cgpath, sizeof(cgpath));
	+
	+ if (copied <= 0) {
	return 0;
	+ }

	if (family == AF_INET) {
	struct ipv4_key_t ipv4_key = {.pid = pid};
	@@ -169,6 +166,7 @@
	ipv4_key.lport = sk->__sk_common.skc_num;
	dport = sk->__sk_common.skc_dport;
	ipv4_key.dport = ntohs(dport);
	+ __builtin_memcpy(&ipv4_key.cgrouppath, &cgpath, sizeof(ipv4_key.cgrouppath));
	ipv4_recv_bytes.increment(ipv4_key, copied);

	} else if (family == AF_INET6) {
	@@ -180,6 +178,7 @@
	ipv6_key.lport = sk->__sk_common.skc_num;
	dport = sk->__sk_common.skc_dport;
	ipv6_key.dport = ntohs(dport);
	+ __builtin_memcpy(&ipv6_key.cgrouppath, &cgpath, sizeof(ipv6_key.cgrouppath));
	ipv6_recv_bytes.increment(ipv6_key, copied);
	}
	// else drop
	@@ -189,16 +188,6 @@
	"""

	# code substitutions
	-if args.pid:
	- bpf_text = bpf_text.replace('FILTER',
	- 'if (pid != %s) { return 0; }' % args.pid)
	-else:
	- bpf_text = bpf_text.replace('FILTER', '')
	-if args.cgroupmap:
	- bpf_text = bpf_text.replace('CGROUPSET', '1')
	- bpf_text = bpf_text.replace('CGROUPPATH', args.cgroupmap)
	-else:
	- bpf_text = bpf_text.replace('CGROUPSET', '0')
	if debug or args.ebpf:
	print(bpf_text)
	if args.ebpf:
	@@ -228,7 +217,8 @@
	dport=k.dport)

	# initialize BPF
	-b = BPF(text=bpf_text)
	+b = BPF(text=bpf_text, debug=DEBUG_BPF\|DEBUG_PREPROCESSOR\|DEBUG_SOURCE,
	+ cflags=["-fmacro-backtrace-limit=0"])

	ipv4_send_bytes = b["ipv4_send_bytes"]
	ipv4_recv_bytes = b["ipv4_recv_bytes"]