Skip to content

Implement --filter-non-skb-funcs #355

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 19, 2024
Merged

Implement --filter-non-skb-funcs #355

merged 2 commits into from
Apr 19, 2024

Conversation

jschwinger233
Copy link
Member

By enabling --filter-track-skb-by-stackid, we can track kernel functions without skb parameter.

For example, to observe xfrm state lookup, we can use command: pwru --filter-non-skb-funcs xfrm_state_look_at,xfrm_state_lookup,xfrm_state_lookup_byaddr,xfrm_state_lookup_byspi.

Also, this is another step towards "tailcall tracing". This PR allows us to attach bpf helpers (that are probably not skb functions). By fetching bpf helpers' caller pc and converting pc into symbol, we'll see the bpf prog name.

Signed-off-by: Zhichuan Liang gray.liang@isovalent.com

@jschwinger233 jschwinger233 requested a review from a team as a code owner April 19, 2024 10:03
@jschwinger233 jschwinger233 requested review from brb and removed request for a team April 19, 2024 10:03
jschwinger233
jschwinger233 commented Apr 19, 2024
View reviewed changes
@jschwinger233 jschwinger233 force-pushed the gray/trace-non-skb-funcs branch from fae4f99 to ab70ae0 Compare April 19, 2024 10:37
@jschwinger233
bpf: kprobe_skb_by_stackid
50d0d97 
Signed-off-by: Zhichuan Liang <gray.liang@isovalent.com>
@jschwinger233
Add --filter-non-skb-funcs
1a048d0 
Usage: --filter-non-skb-funcs xfrm_state_look_at

Signed-off-by: Zhichuan Liang <gray.liang@isovalent.com>
@jschwinger233 jschwinger233 force-pushed the gray/trace-non-skb-funcs branch from ab70ae0 to 1a048d0 Compare April 19, 2024 10:41
brb
brb reviewed Apr 19, 2024
View reviewed changes
bpf/kprobe_pwru.c
u64 stackid = get_stackid(ctx);

struct sk_buff **skb = bpf_map_lookup_elem(&stackid_skb, &stackid);
if (skb && *skb)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why if (skb) is not enough?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right, it's MS Copilot! Let me fix it.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay.. you merged ...

brb
brb approved these changes Apr 19, 2024
View reviewed changes
Copy link
Member

@brb brb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Amazing! I will cut a new release next week.

@brb brb merged commit 65d506d into cilium:main Apr 19, 2024
6 checks passed
@jschwinger233 jschwinger233 deleted the gray/trace-non-skb-funcs branch April 19, 2024 12:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brb brb brb approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jschwinger233 @brb