mod_pr

Monkey857 · Jul 9, 2024 · 801f469 · 801f469
1 parent c2059d6
commit 801f469
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 28 deletions.
diff --git a/eBPF_Supermarket/kvm_watcher/include/bpf/container.h b/eBPF_Supermarket/kvm_watcher/include/bpf/container.h
@@ -50,7 +50,7 @@ struct {
 static int trace_container_sys_entry(struct trace_event_raw_sys_enter *args){
     u64 st = bpf_ktime_get_ns();
     pid_t pid = bpf_get_current_pid_tgid();
-    u64 syscall_id = (u64)args->id;
+    u64 syscall_id = (u64)args->id; 
     bpf_map_update_elem(&time_info,&pid,&st,BPF_ANY);
     bpf_map_update_elem(&id,&pid,&syscall_id,BPF_ANY);
     return 0;

diff --git a/eBPF_Supermarket/kvm_watcher/src/kvm_watcher.bpf.c b/eBPF_Supermarket/kvm_watcher/src/kvm_watcher.bpf.c
@@ -248,23 +248,22 @@ int BPF_KPROBE(kp_start_sw_timer, struct kvm_lapic *apic) {
 
 //采集容器的系统用调用信息
 SEC("tracepoint/raw_syscalls/sys_enter")
-int tp_container_sys_entry(struct trace_event_raw_sys_enter *args){
+int tp_container_sys_entry(struct trace_event_raw_sys_enter *args) {
     //过滤进程
     bool is_container = is_container_task(hostname);
-    if(is_container){
+    if (is_container) {
         return trace_container_sys_entry(args);
-    }else{
+    } else {
         return 0;
     }
 }
 SEC("tracepoint/raw_syscalls/sys_exit")
-int tracepoint__syscalls__sys_exit(struct trace_event_raw_sys_exit *args){
+int tracepoint__syscalls__sys_exit(struct trace_event_raw_sys_exit *args) {
     //过滤进程
     bool is_container = is_container_task(hostname);
-    if(is_container){
-        return trace_container_sys_exit(args,&rb,e);
-    }else{
+    if (is_container) {
+        return trace_container_sys_exit(args, &rb, e);
+    } else {
         return 0;
     }
-
 }
diff --git a/eBPF_Supermarket/kvm_watcher/src/kvm_watcher.c b/eBPF_Supermarket/kvm_watcher/src/kvm_watcher.c
@@ -398,7 +398,15 @@ static error_t parse_arg(int key, char *arg, struct argp_state *state) {
             env.show = true;
             break;
         case 'a':
-            SET_OPTION_AND_CHECK_USAGE(option_selected, env.execute_container_syscall);
+            SET_OPTION_AND_CHECK_USAGE(option_selected,
+                                       env.execute_container_syscall);
+            char hostname[64];
+            int result = gethostname(hostname, sizeof(hostname));
+            if (result == 0) {
+                strcpy(env.hostname, hostname);
+            } else {
+                perror("gethostname");
+            }
             break;
         case 'H':
             argp_state_help(state, stderr, ARGP_HELP_STD_HELP);
@@ -524,7 +532,7 @@ static int determineEventType(struct env *env) {
         env->event_type = VCPU_LOAD;
     } else if (env->execute_timer) {
         env->event_type = TIMER;
-    }else if(env->execute_container_syscall){
+    } else if (env->execute_container_syscall) {
         env->event_type = CONTAINER_SYSCALL;
     } else {
         env->event_type = NONE_TYPE;  // 或者根据需要设置一个默认的事件类型
@@ -554,9 +562,10 @@ static int handle_event(void *ctx, void *data, size_t data_sz) {
         case VCPU_LOAD: {
             break;
         }
-        case CONTAINER_SYSCALL:{
-            printf("%-8u %-22s %-10lld %-10lld %-16s\n",
-            e->syscall_data.pid,e->syscall_data.container_id,e->syscall_data.delay,e->syscall_data.syscall_id,e->syscall_data.comm);
+        case CONTAINER_SYSCALL: {
+            printf("%-8u %-22s %-10lld %-10lld %-16s\n", e->syscall_data.pid,
+                   e->syscall_data.container_id, e->syscall_data.delay,
+                   e->syscall_data.syscall_id, e->syscall_data.comm);
             break;
         }
         case HALT_POLL: {
@@ -770,7 +779,7 @@ static int print_event_head(struct env *env) {
                    "VAILD?");
             break;
         case CONTAINER_SYSCALL:
-            printf("%-8s %-22s %-9s %10s %-16s\n", "PID","CONTAINER_ID",
+            printf("%-8s %-22s %-9s %10s %-16s\n", "PID", "CONTAINER_ID",
                    "DELAY(us)", "SYSCALLID", "COMM");
             break;
         case EXIT:
@@ -884,7 +893,7 @@ static void set_disable_load(struct kvm_watcher_bpf *skel) {
     bpf_program__set_autoload(skel->progs.tp_container_sys_entry,
                               env.execute_container_syscall ? true : false);
     bpf_program__set_autoload(skel->progs.tracepoint__syscalls__sys_exit,
-                              env.execute_container_syscall ? true : false);                         
+                              env.execute_container_syscall ? true : false);
     bpf_program__set_autoload(skel->progs.tp_vcpu_wakeup,
                               env.execute_vcpu_wakeup ? true : false);
     bpf_program__set_autoload(skel->progs.tp_exit,
@@ -1243,15 +1252,6 @@ int attach_probe(struct kvm_watcher_bpf *skel) {
     }
     return kvm_watcher_bpf__attach(skel);
 }
-void get_hostname() {
-    char hostname[64];
-    int result = gethostname(hostname, sizeof(hostname));
-    if (result == 0) {
-        strcpy(env.hostname,hostname); 
-    } else {
-        perror("gethostname");
-    }
-}
 int main(int argc, char **argv) {
     // 定义一个环形缓冲区
     struct ring_buffer *rb = NULL;
@@ -1263,8 +1263,6 @@ int main(int argc, char **argv) {
         return err;
     /*设置libbpf的错误和调试信息回调*/
     libbpf_set_print(libbpf_print_fn);
-    //获取hostname
-    get_hostname();
     /* Cleaner handling of Ctrl-C */
     signal(SIGINT, sig_handler);
     signal(SIGTERM, sig_handler);
@@ -1278,7 +1276,7 @@ int main(int argc, char **argv) {
 
     /* Parameterize BPF code with parameter */
     skel->rodata->vm_pid = env.vm_pid;
-    strcpy(skel->rodata->hostname,env.hostname);
+    strcpy(skel->rodata->hostname, env.hostname);
     /* 禁用或加载内核挂钩函数 */
     set_disable_load(skel);