trace writev syscall

getanteon · May 31, 2024 · cb1c32f · cb1c32f
1 parent fd6b294
commit cb1c32f
Show file tree

Hide file tree

Showing 7 changed files with 62 additions and 0 deletions.
diff --git a/ebpf/c/bpf_bpfeb.go b/ebpf/c/bpf_bpfeb.go
diff --git a/ebpf/c/bpf_bpfeb.o b/ebpf/c/bpf_bpfeb.o
diff --git a/ebpf/c/bpf_bpfel.go b/ebpf/c/bpf_bpfel.go
diff --git a/ebpf/c/bpf_bpfel.o b/ebpf/c/bpf_bpfel.o
diff --git a/ebpf/c/l7.c b/ebpf/c/l7.c
@@ -858,6 +858,25 @@ int sys_enter_write(struct trace_event_raw_sys_enter_write* ctx) {
    return process_enter_of_syscalls_write_sendto(ctx, ctx->fd, 0, ctx->buf, ctx->count);
 }
 
+// SEC("tracepoint/syscalls/sys_enter_writev")
+// int sys_enter_writev(struct trace_event_raw_sys_enter_write* ctx) {
+//    return process_enter_of_syscalls_write_sendto(ctx, ctx->fd, 0, ctx->buf, ctx->count);
+// }
+
+
+struct iov {
+    char* buf;
+    __u64 size;
+};
+SEC("tracepoint/syscalls/sys_enter_writev")
+int sys_enter_writev(struct trace_event_raw_sys_enter_writev* ctx) {
+    struct iov iov0 = {};
+    if (bpf_probe_read(&iov0, sizeof(struct iov), (void *)ctx->vec) < 0) {
+        return 0;
+    }
+    return process_enter_of_syscalls_write_sendto(ctx, ctx->fd, 0, iov0.buf, iov0.size);
+}
+
 SEC("tracepoint/syscalls/sys_enter_sendto")
 int sys_enter_sendto(struct trace_event_raw_sys_enter_sendto* ctx) {
    return process_enter_of_syscalls_write_sendto(ctx, ctx->fd, 0 ,ctx->buff, ctx->len);
@@ -868,6 +887,11 @@ int sys_exit_write(struct trace_event_raw_sys_exit_write* ctx) {
     return process_exit_of_syscalls_write_sendto(ctx, ctx->ret);
 }
 
+SEC("tracepoint/syscalls/sys_exit_writev")
+int sys_exit_writev(struct trace_event_raw_sys_exit_writev* ctx) {
+    return process_exit_of_syscalls_write_sendto(ctx, ctx->ret);
+}
+
 SEC("tracepoint/syscalls/sys_exit_sendto")
 int sys_exit_sendto(struct trace_event_raw_sys_exit_sendto* ctx) {
     return process_exit_of_syscalls_write_sendto(ctx, ctx->ret);

diff --git a/ebpf/headers/l7_req.h b/ebpf/headers/l7_req.h
@@ -56,6 +56,12 @@ struct trace_event_raw_sys_exit_sendto {
     __s64 ret;
 };
 
+
+struct trace_event_raw_sys_exit_writev {
+    __u64 unused;
+    __s32 id;
+    __s64 ret;
+};
 struct trace_event_raw_sys_enter_write {
 	struct trace_entry ent;
     __s32 __syscall_nr;
@@ -64,6 +70,14 @@ struct trace_event_raw_sys_enter_write {
     __u64 count;
 };
 
+struct trace_event_raw_sys_enter_writev {
+	struct trace_entry ent;
+    __s32 __syscall_nr;
+    __u64 fd;
+    struct iovec * vec; // struct iovec * 
+    __u64 vlen;
+};
+
 // TODO: remove unused fields ?
 struct trace_event_raw_sys_enter_sendto {
 	struct trace_entry ent;

diff --git a/ebpf/l7_req/l7.go b/ebpf/l7_req/l7.go
@@ -388,6 +388,18 @@ func (l7p *L7Prog) Attach() {
 		log.Logger.Fatal().Err(err).Msg("link sys_exit_write tracepoint")
 	}
 	l7p.links["syscalls/sys_exit_write"] = l7
+
+	l8, err := link.Tracepoint("syscalls", "sys_enter_writev", c.BpfObjs.SysEnterWritev, nil)
+	if err != nil {
+		log.Logger.Fatal().Err(err).Msg("link sys_enter_writev tracepoint")
+	}
+	l7p.links["syscalls/sys_enter_writev"] = l8
+
+	l9, err := link.Tracepoint("syscalls", "sys_exit_writev", c.BpfObjs.SysExitWritev, nil)
+	if err != nil {
+		log.Logger.Fatal().Err(err).Msg("link sys_exit_writev tracepoint")
+	}
+	l7p.links["syscalls/sys_exit_writev"] = l9
 }
 
 func (l7p *L7Prog) InitMaps() {