libbpf-tools: add tcpdrop to trace TCP packet drops #5329
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -60,6 +60,7 @@ | |
| /tcpconnect | ||
| /tcpconnlat | ||
| /tcplife | ||
| /tcpdrop | ||
| /tcppktlat | ||
| /tcptracer | ||
| /tcprtt | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,177 @@ | ||
| #include "tcpdrop.h" | ||
| #include "vmlinux.h" | ||
| #include <bpf/bpf_core_read.h> | ||
| #include <bpf/bpf_endian.h> | ||
| #include <bpf/bpf_helpers.h> | ||
| #include <bpf/bpf_tracing.h> | ||
|
|
||
| #ifndef AF_INET | ||
| #define AF_INET 2 | ||
| #endif | ||
| #ifndef AF_INET6 | ||
| #define AF_INET6 10 | ||
| #endif | ||
| #ifndef ETH_P_IP | ||
| #define ETH_P_IP 0x0800 | ||
| #endif | ||
| #ifndef ETH_P_IPV6 | ||
| #define ETH_P_IPV6 0x86dd | ||
| #endif | ||
|
|
||
| struct { | ||
| __uint(type, BPF_MAP_TYPE_RINGBUF); | ||
| __uint(max_entries, 512); | ||
| } events SEC(".maps"); | ||
|
|
||
| #define MAX_STACK_DEPTH 15 | ||
| struct { | ||
| __uint(type, BPF_MAP_TYPE_STACK_TRACE); | ||
| __uint(max_entries, 512); | ||
| __uint(key_size, sizeof(u32)); | ||
| __uint(value_size, MAX_STACK_DEPTH * sizeof(u64)); | ||
| } stack_traces SEC(".maps"); | ||
|
|
||
| char ipv4_only = 0; | ||
| char ipv6_only = 0; | ||
| __u32 netns_id = 0; | ||
Amaindex marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| SEC("tracepoint/skb/kfree_skb") | ||
| int tp__skb_free_skb(struct trace_event_raw_kfree_skb *args) | ||
|
Collaborator
There was a problem hiding this comment. Use raw tracepoint instead ? |
||
| { | ||
| struct event *event = bpf_ringbuf_reserve(&events, sizeof(*event), 0); | ||
Amaindex marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| if (!event) { | ||
| return 0; | ||
| } | ||
|
|
||
| // Check if reason field is available | ||
| if (bpf_core_field_exists(args->reason)) { | ||
| if (args->reason <= SKB_DROP_REASON_NOT_SPECIFIED) { | ||
| bpf_ringbuf_discard(event, 0); | ||
| return 0; | ||
| } | ||
| event->drop_reason = args->reason; | ||
| } else { | ||
| event->drop_reason = -1; | ||
| } | ||
|
|
||
| if (bpf_ringbuf_query(&events, BPF_RB_AVAIL_DATA) >= 511) { | ||
Amaindex marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| bpf_ringbuf_discard(event, 0); | ||
| return 0; | ||
| } | ||
|
|
||
| u64 pid_tgid = bpf_get_current_pid_tgid(); | ||
| u32 pid = pid_tgid >> 32; | ||
|
|
||
| struct sk_buff *skb = args->skbaddr; | ||
Amaindex marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| if (!skb) { | ||
| bpf_ringbuf_discard(event, 0); | ||
| return 0; | ||
| } | ||
| struct sock *sk = NULL; | ||
| bpf_core_read(&sk, sizeof(sk), &skb->sk); | ||
|
|
||
| // Get packet headers | ||
| void *head; | ||
| u16 network_header, transport_header; | ||
| if (bpf_core_read(&head, sizeof(head), &skb->head) || | ||
| bpf_core_read(&network_header, sizeof(network_header), | ||
| &skb->network_header) || | ||
| bpf_core_read(&transport_header, sizeof(transport_header), | ||
| &skb->transport_header)) { | ||
| bpf_ringbuf_discard(event, 0); | ||
| return 0; | ||
| } | ||
|
|
||
| // Check protocol and filter by IP family | ||
| u16 protocol = args->protocol; | ||
| if (protocol != ETH_P_IP && protocol != ETH_P_IPV6) { | ||
| bpf_ringbuf_discard(event, 0); | ||
| return 0; | ||
| } | ||
| if (ipv4_only && protocol != ETH_P_IP) { | ||
| bpf_ringbuf_discard(event, 0); | ||
| return 0; | ||
| } | ||
| if (ipv6_only && protocol != ETH_P_IPV6) { | ||
| bpf_ringbuf_discard(event, 0); | ||
| return 0; | ||
| } | ||
|
|
||
| // Filter by network namespace | ||
| if (netns_id && sk) { | ||
| struct net *net = NULL; | ||
| bpf_core_read(&net, sizeof(net), &sk->__sk_common.skc_net.net); | ||
| if (net) { | ||
| u32 inum; | ||
| bpf_core_read(&inum, sizeof(inum), &net->ns.inum); | ||
| if (inum != netns_id) { | ||
| bpf_ringbuf_discard(event, 0); | ||
| return 0; | ||
| } | ||
| } | ||
| } | ||
|
|
||
| event->timestamp = bpf_ktime_get_ns(); | ||
| event->pid = pid; | ||
| bpf_get_current_comm(&event->comm, sizeof(event->comm)); | ||
| event->stack_id = bpf_get_stackid(args, &stack_traces, 0); | ||
| event->state = 127; | ||
| if (sk) { | ||
| u8 state; | ||
| if (!bpf_core_read(&state, sizeof(state), | ||
| &sk->__sk_common.skc_state)) { | ||
| event->state = state; | ||
| } | ||
| } | ||
|
|
||
| if (protocol == ETH_P_IP) { | ||
Amaindex marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| struct iphdr ip; | ||
| if (bpf_core_read(&ip, sizeof(ip), head + network_header)) { | ||
| bpf_ringbuf_discard(event, 0); | ||
| return 0; | ||
| } | ||
| if (ip.protocol != IPPROTO_TCP) { | ||
| bpf_ringbuf_discard(event, 0); | ||
| return 0; | ||
| } | ||
| struct tcphdr tcp; | ||
| if (bpf_core_read(&tcp, sizeof(tcp), head + transport_header)) { | ||
| bpf_ringbuf_discard(event, 0); | ||
| return 0; | ||
| } | ||
| event->ip_version = 4; | ||
| event->saddr_v4 = ip.saddr; | ||
| event->daddr_v4 = ip.daddr; | ||
| event->sport = bpf_ntohs(tcp.source); | ||
| event->dport = bpf_ntohs(tcp.dest); | ||
| event->tcpflags = ((u8 *)&tcp)[13]; | ||
| } else { | ||
| struct ipv6hdr ip6; | ||
| if (bpf_core_read(&ip6, sizeof(ip6), head + network_header)) { | ||
| bpf_ringbuf_discard(event, 0); | ||
| return 0; | ||
| } | ||
| if (ip6.nexthdr != IPPROTO_TCP) { | ||
| bpf_ringbuf_discard(event, 0); | ||
| return 0; | ||
| } | ||
| struct tcphdr tcp; | ||
| if (bpf_core_read(&tcp, sizeof(tcp), head + transport_header)) { | ||
| bpf_ringbuf_discard(event, 0); | ||
| return 0; | ||
| } | ||
| event->ip_version = 6; | ||
| bpf_core_read(&event->saddr_v6, sizeof(event->saddr_v6), | ||
| &ip6.saddr.in6_u.u6_addr32); | ||
| bpf_core_read(&event->daddr_v6, sizeof(event->daddr_v6), | ||
| &ip6.daddr.in6_u.u6_addr32); | ||
| event->sport = bpf_ntohs(tcp.source); | ||
| event->dport = bpf_ntohs(tcp.dest); | ||
| event->tcpflags = ((u8 *)&tcp)[13]; | ||
| } | ||
|
|
||
| bpf_ringbuf_submit(event, 0); | ||
| return 0; | ||
| } | ||
|
|
||
| char _license[] SEC("license") = "Dual BSD/GPL"; | ||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.