Comments (3)
u64 flags = BPF_F_CURRENT_CPU;
flags |= (u64)skb->len << 32;
size_t pkt_size = TC_PACKET_MIN_SIZE;
bpf_perf_event_output(skb, &skb_events, flags, &event, pkt_size);
重点是flags
参数, 以及 bpf_perf_event_output 函数的使用。
long bpf_perf_event_output(void *ctx, struct bpf_map *map, u64
flags, void *data, u64 size)Description Write raw data blob into a special BPF perf event held by map of type BPF_MAP_TYPE_PERF_EVENT_ARRAY. This perf event must have the following attributes: PERF_SAMPLE_RAW as sample_type, PERF_TYPE_SOFTWARE as type, and PERF_COUNT_SW_BPF_OUTPUT as config. The flags are used to indicate the index in map for which the value must be put, masked with BPF_F_INDEX_MASK. Alternatively, flags can be set to BPF_F_CURRENT_CPU to indicate that the index of the current CPU core should be used. The value to write, of size, is passed through eBPF stack and pointed by data. The context of the program ctx needs also be passed to the helper. On user space, a program willing to read the values needs to call perf_event_open() on the perf event (either for one or for all CPUs) and to store the file descriptor into the map. This must be done before the eBPF program can send data into it. An example is available in file samples/bpf/trace_output_user.c in the Linux kernel source tree (the eBPF program counterpart is in samples/bpf/trace_output_kern.c). bpf_perf_event_output() achieves better performance than bpf_trace_printk() for sharing data with user space, and is much better suitable for streaming data from eBPF programs. Note that this helper is not restricted to tracing use cases and can be used with programs attached to TC or XDP as well, where it allows for passing data to user space listeners. Data can be: • Only custom structs, • Only the packet payload, or • A combination of both. Return 0 on success, or a negative error in case of failure.
Linux Kernel demo : https://elixir.bootlin.com/linux/v5.4/source/samples/bpf/xdp_sample_pkts_kern.c
from ecapture.
还有其他问题吗?
from ecapture.
没有了,谢谢您慷慨的解答'◡'
from ecapture.
Related Issues (20)
- 执行时报Permission denied HOT 4
- 数据抓不全的问题 HOT 8
- 获取https request response header+ body HOT 5
- BoringSSL is not supported on linux HOT 4
- Keylog capture not working with OpenSSL 1.1.0 HOT 3
- support updated versions of OpenSSL such as 1.1.1u, v, w, etc.
- masterKey被多次写入pcapng文件中 HOT 3
- load bpf failed on kernel 4.18.0
- android version compilation has failed. HOT 1
- gotls shared object not supported HOT 11
- FTL module run failed, skip it. error="couldn't init manager xxx error:program probe_entry_SSL_read HOT 3
- unsupported arch library HOT 2
- ecapture cannot work on linux with boringssl HOT 9
- panic on pixel 6 pro(android13) HOT 1
- tls module couldn't find binPath stat /usr/lib/firefox/libnspr4.so: no such file or directory HOT 6
- the handshake State judgment is not completely accurate on boringssl with the branch main-with-bazel HOT 8
- 使用-l参数时出现WRN failed to create multiLogger error="open : no such file or directory" HOT 1
- master secret length is too long for every connection HOT 2
- can not open /apex/com.android.conscrypt/lib64/libssl.so HOT 6
- DTLS protocol support HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ecapture.