Merge branch 'linuxkerneltravel:develop' into develop

.github/workflows/ebpf_stack_analyser.yml

@@ -30,4 +30,22 @@ jobs:
         run: |
           cd eBPF_Supermarket/Stack_Analyser
           make
-          sudo ./stack_analyzer on_cpu off_cpu memleak io readahead -t 5
+          sudo ./stack_analyzer on_cpu off_cpu memleak io readahead llc_stat probe vfs_open -t 5
+
+  magic-eyes-build-and-test:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install native lib dependencies
+        run: |
+          git submodule update --init --recursive
+          sudo apt install clang libelf1 libelf-dev zlib1g-dev
+        
+      - name: Run app with native lib
+        run: |
+          mkdir -p MagicEyes/build
+          cd MagicEyes/build
+          cmake -DBUILD_STACK_ANALYZER=ON ..
+          make
+          sudo ./src/backend/system_diagnosis/stack_analyzer/stack_analyzer on_cpu off_cpu memleak io readahead llc_stat probe vfs_open -t 5

.github/workflows/net_watcher.yml

@@ -44,4 +44,5 @@ jobs:
           sudo timeout -s SIGINT 5 ./netwatcher -n || if [[ $? != 124 && $? != 0 ]];then exit $?;fi
           sudo timeout -s SIGINT 5 ./netwatcher -k || if [[ $? != 124 && $? != 0 ]];then exit $?;fi
           sudo timeout -s SIGINT 5 ./netwatcher -k -T || if [[ $? != 124 && $? != 0 ]];then exit $?;fi
+          sudo timeout -s SIGINT 5 ./netwatcher -I || if [[ $? != 124 && $? != 0 ]];then exit $?;fi
         timeout-minutes: 5

eBPF_Supermarket/Network_Subsystem/net_watcher/netwatcher.bpf.c

@@ -58,6 +58,11 @@ struct filtertime {
     u64 ip_finish_output_time;    
 
 };
+struct ip_packet
+{
+    unsigned int saddr;         // 源地址
+    unsigned int daddr;         // 目的地址
+};
 // 操作BPF映射的一个辅助函数
 static __always_inline void * //__always_inline强制内联
 bpf_map_lookup_or_try_init(void *map, const void *key, const void *init) {
@@ -109,6 +114,10 @@ struct {
     __uint(max_entries, 256 * 1024);
 } kfree_rb SEC(".maps");
 
+struct {
+    __uint(type, BPF_MAP_TYPE_RINGBUF);
+    __uint(max_entries, 256 * 1024);
+} icmp_rb SEC(".maps");
 // 存储每个tcp连接所对应的conn_t
 struct {
     __uint(type, BPF_MAP_TYPE_LRU_HASH);
@@ -148,11 +157,17 @@ struct {
     __type(value, struct packet_tuple);
 } kfree  SEC(".maps");
 
+struct {
+    __uint(type, BPF_MAP_TYPE_LRU_HASH);
+    __uint(max_entries, MAX_CONN * MAX_PACKET);
+    __type(key, struct ip_packet);
+    __type(value,unsigned long long);
+} icmp_time SEC(".maps");
 
 const volatile int filter_dport = 0;
 const volatile int filter_sport = 0;
 const volatile int all_conn = 0, err_packet = 0, extra_conn_info = 0,
-                   layer_time = 0, http_info = 0, retrans_info = 0, udp_info =0,net_filter = 0,kfree_info = 0;
+                   layer_time = 0, http_info = 0, retrans_info = 0, udp_info =0,net_filter = 0,kfree_info = 0,icmp_info = 0 ;
 
 /* help macro */
 
@@ -327,7 +342,11 @@ static inline struct ipv6hdr *skb_to_ipv6hdr(const struct sk_buff *skb) {
     return (struct ipv6hdr *)(BPF_CORE_READ(skb, head) +
                               BPF_CORE_READ(skb, network_header));
 }
-
+// 初始化ip_packet
+static void get_ip_pkt_tuple(struct ip_packet *ipk, struct iphdr *ip) {
+    ipk->saddr = BPF_CORE_READ(ip, saddr);
+    ipk->daddr = BPF_CORE_READ(ip, daddr);
+}
 // 初始化packet_tuple结构指针pkt_tuple
 static void get_pkt_tuple(struct packet_tuple *pkt_tuple, struct iphdr *ip,
                           struct tcphdr *tcp) {
@@ -1562,4 +1581,69 @@ int tp_kfree(struct trace_event_raw_kfree_skb *ctx) {
     message->drop_reason = ctx->reason;
     bpf_ringbuf_submit(message,0);
     return 0;
-}
+}
+SEC("kprobe/icmp_rcv")
+int BPF_KPROBE(icmp_rcv,struct sk_buff *skb) {
+    if(!icmp_info||skb==NULL)
+        return 0;
+    struct iphdr *ip = skb_to_iphdr(skb);
+    struct ip_packet ipk = {0};
+    get_ip_pkt_tuple(&ipk, ip);
+    unsigned long long time= bpf_ktime_get_ns() / 1000;
+    bpf_map_update_elem(&icmp_time, &ipk, &time, BPF_ANY);
+
+    return 0;
+}
+
+SEC("kprobe/__sock_queue_rcv_skb")
+int BPF_KPROBE(__sock_queue_rcv_skb,struct sock *sk, struct sk_buff *skb) {
+   if(!icmp_info||skb==NULL)
+        return 0;
+    struct iphdr *ip = skb_to_iphdr(skb);
+    struct ip_packet ipk = {0};
+    get_ip_pkt_tuple(&ipk, ip);
+    unsigned long long *pre_time = bpf_map_lookup_elem(&icmp_time, &ipk);
+    if(pre_time==NULL)
+        return 0;
+
+    unsigned long long new_time= bpf_ktime_get_ns() / 1000;
+    unsigned long long time=new_time-*pre_time;
+    struct icmptime *message;
+    message = bpf_ringbuf_reserve(&icmp_rb, sizeof(*message), 0);
+    if(!message){
+        return 0;
+    }
+
+    message->saddr = ipk.saddr;
+    message->daddr =ipk.daddr;
+    message->icmp_tran_time =time; 
+    message->flag =0; 
+    bpf_ringbuf_submit(message,0);
+    return 0;
+}
+
+SEC("kprobe/icmp_reply")
+int BPF_KPROBE(icmp_reply,struct icmp_bxm *icmp_param, struct sk_buff *skb) {
+   if(!icmp_info||skb==NULL)
+        return 0;
+    struct iphdr *ip = skb_to_iphdr(skb);
+    struct ip_packet ipk = {0};
+    get_ip_pkt_tuple(&ipk, ip);
+    unsigned long long *pre_time = bpf_map_lookup_elem(&icmp_time, &ipk);
+    if(pre_time==NULL)
+        return 0;
+    unsigned long long new_time= bpf_ktime_get_ns() / 1000;
+    unsigned long long time=new_time-*pre_time;
+    struct icmptime *message;
+    message = bpf_ringbuf_reserve(&icmp_rb, sizeof(*message), 0);
+    if(!message){
+        return 0;
+    }
+
+    message->saddr = ipk.saddr;
+    message->daddr =ipk.daddr;
+    message->icmp_tran_time =time; 
+    message->flag =1; 
+    bpf_ringbuf_submit(message,0);
+    return 0;
+}

eBPF_Supermarket/Network_Subsystem/net_watcher/netwatcher.c

@@ -40,7 +40,7 @@ static char udp_file_path[1024];
 
 static int sport = 0, dport = 0; // for filter
 static int all_conn = 0, err_packet = 0, extra_conn_info = 0, layer_time = 0,
-           http_info = 0, retrans_info = 0, udp_info = 0,net_filter = 0,kfree_info = 0,addr_to_func=0; // flag
+           http_info = 0, retrans_info = 0, udp_info = 0,net_filter = 0,kfree_info = 0,addr_to_func=0,icmp_info=0; // flag
 
 static const char argp_program_doc[] = "Watch tcp/ip in network subsystem \n";
 
@@ -57,6 +57,7 @@ static const struct argp_option opts[] = {
     {"net_filter",'n',0,0,"trace ipv4 packget filter "},
     {"kfree_info",'k',0,0,"trace kfree "},
     {"addr_to_func",'T',0,0,"translation addr to func and offset"},
+    {"icmptime", 'I', 0, 0, "set to trace layer time of icmp"},
     {}};
 
 static error_t parse_arg(int key, char *arg, struct argp_state *state) {
@@ -98,6 +99,9 @@ static error_t parse_arg(int key, char *arg, struct argp_state *state) {
     case 'T':
         addr_to_func = 1;
         break;
+    case 'I':
+        icmp_info = 1;
+        break;
     default:
         return ARGP_ERR_UNKNOWN;
     }
@@ -261,7 +265,7 @@ static int print_conns(struct netwatcher_bpf *skel) {
 }
 
 static int print_packet(void *ctx, void *packet_info, size_t size) {
-    if (udp_info || net_filter || kfree_info)
+    if (udp_info || net_filter || kfree_info|| icmp_info)
         return 0;
     const struct pack_t *pack_info = packet_info;
     if (pack_info->err) {
@@ -412,6 +416,22 @@ static int print_kfree(void *ctx, void *packet_info, size_t size) {
     printf("%s\n", SKB_Drop_Reason_Strings[pack_info->drop_reason]);
     return 0;
 }
+
+static int print_icmptime(void *ctx, void *packet_info, size_t size) {
+    if(!icmp_info)
+        return 0;
+    char d_str[INET_ADDRSTRLEN];
+    char s_str[INET_ADDRSTRLEN]; 
+    const struct icmptime *pack_info = packet_info;
+    unsigned int saddr = pack_info->saddr;
+    unsigned int daddr = pack_info->daddr;
+    printf("%-20s %-20s %-10lld %-10d\n",
+            inet_ntop(AF_INET, &saddr, s_str, sizeof(s_str)),
+            inet_ntop(AF_INET, &daddr, d_str, sizeof(d_str)),
+            pack_info->icmp_tran_time,
+            pack_info->flag);    
+    return 0;
+}
 int main(int argc, char **argv) {
     char *last_slash = strrchr(argv[0], '/');
     if (last_slash) {
@@ -429,6 +449,7 @@ int main(int argc, char **argv) {
     struct ring_buffer *udp_rb = NULL;
     struct ring_buffer *netfilter_rb = NULL;
     struct ring_buffer *kfree_rb = NULL;
+    struct ring_buffer *icmp_rb = NULL;
     struct netwatcher_bpf *skel;
     int err;
     /* Parse command line arguments */
@@ -461,6 +482,7 @@ int main(int argc, char **argv) {
     skel->rodata->udp_info = udp_info;
     skel->rodata->net_filter = net_filter;
     skel->rodata->kfree_info = kfree_info;
+    skel->rodata->icmp_info = icmp_info;
 
     if(addr_to_func)
         readallsym();
@@ -489,6 +511,10 @@ int main(int argc, char **argv) {
     {
         printf("%-20s %-20s %-10s %-10s %-9s %-24s %-25s\n", "saddr", "daddr","sprot", "dprot","prot","addr","reason");
     }
+    else if(icmp_info)
+    {
+        printf("%-20s %-20s %-10s %-10s\n", "saddr", "daddr","time","flag");
+    }
     else{
           printf("%-22s %-10s %-10s %-10s %-10s %-10s %-5s %s\n", "SOCK", "SEQ",
             "ACK", "MAC_TIME", "IP_TIME", "TRAN_TIME", "RX", "HTTP");
@@ -511,6 +537,12 @@ int main(int argc, char **argv) {
         fprintf(stderr, "Failed to create ring buffer\n");
         goto cleanup;
     }
+    icmp_rb =ring_buffer__new(bpf_map__fd(skel->maps.icmp_rb), print_icmptime, NULL, NULL);
+    if (!icmp_rb) {
+        err = -1;
+        fprintf(stderr, "Failed to create ring buffer(icmp)\n");
+        goto cleanup;
+    }
     /* Set up ring buffer polling */
     rb = ring_buffer__new(bpf_map__fd(skel->maps.rb), print_packet, NULL, NULL);
     if (!rb) {
@@ -543,6 +575,7 @@ int main(int argc, char **argv) {
         err = ring_buffer__poll(udp_rb, 100 /* timeout, ms */);
         err = ring_buffer__poll(netfilter_rb, 100 /* timeout, ms */);
         err = ring_buffer__poll(kfree_rb, 100 /* timeout, ms */);
+        err = ring_buffer__poll(icmp_rb, 100 /* timeout, ms */);
         print_conns(skel);
         sleep(1);
         /* Ctrl-C will cause -EINTR */

eBPF_Supermarket/Network_Subsystem/net_watcher/netwatcher.h

@@ -118,5 +118,11 @@ struct  reasonissue
     unsigned short protocol;
     int  drop_reason;
 };
+struct icmptime{
+    unsigned int saddr;
+    unsigned int daddr;
+    unsigned long long icmp_tran_time;
+    unsigned int flag; //0 send 1 rcv
+};
 
 #endif /* __NETWATCHER_H */

eBPF_Supermarket/Stack_Analyser/Makefile

@@ -35,12 +35,11 @@ VMLINUX := libbpf-bootstrap/vmlinux/$(ARCH)/vmlinux.h
 # Use our own libbpf API headers and Linux UAPI headers distributed with
 # libbpf to avoid dependency on system-wide headers, which could be missing or
 # outdated
-INCLUDES := -I./include -I$(OUTPUT) -I$(BPF_SKEL) -I./libbpf-bootstrap/libbpf/include/uapi -I$(dir $(VMLINUX))
-CFLAGS := -g -Wall -Wno-sign-compare -fpermissive
+INCLUDES := -I./include -I./$(OUTPUT) -I./$(BPF_SKEL) -I./libbpf-bootstrap/libbpf/include/uapi -I$(dir $(VMLINUX))
+CFLAGS := -Og -Wall
 ALL_LDFLAGS := $(LDFLAGS) $(EXTRA_LDFLAGS)
 
 BIN = $(patsubst src/%.cpp, %, ${wildcard src/*.cpp})
-BPF_WAPPER = $(patsubst src/bpf_wapper/%.cpp, %, ${wildcard src/bpf_wapper/*.cpp})
 BPF = $(patsubst bpf/%.bpf.c, %, ${wildcard bpf/*.bpf.c})
 
 TARGETS = stack_analyzer
@@ -84,13 +83,9 @@ all: $(TARGETS)
 .PHONY: clean
 clean:
 	$(call msg,CLEAN)
-	$(Q)rm -rf $(OUTPUT) $(TARGETS) include/bpf/*.skel.h
+	$(Q)rm -rf $(OUTPUT) $(TARGETS) $(BPF_SKEL)
 
-$(OUTPUT) $(OUTPUT)/libbpf $(BPFTOOL_OUTPUT):
-	$(call msg,MKDIR,$@)
-	$(Q)mkdir -p $@
-
-$(BPF_SKEL):
+$(OUTPUT) $(OUTPUT)/libbpf $(BPFTOOL_OUTPUT) $(BPF_SKEL):
 	$(call msg,MKDIR,$@)
 	$(Q)mkdir -p $@
 
@@ -108,7 +103,7 @@ $(BPFTOOL): | $(BPFTOOL_OUTPUT)
 	$(Q)$(MAKE) ARCH= CROSS_COMPILE= OUTPUT=$(BPFTOOL_OUTPUT)/ -C $(BPFTOOL_SRC) bootstrap
 
 # Build BPF code
-$(OUTPUT)/%.bpf.o: bpf/%.bpf.c $(LIBBPF_OBJ) $(wildcard %.h) $(VMLINUX) | $(OUTPUT) $(BPFTOOL)
+$(OUTPUT)/%.bpf.o: bpf/%.bpf.c include/sa_ebpf.h $(LIBBPF_OBJ) $(VMLINUX) | $(OUTPUT) $(BPFTOOL)
 	$(call msg,BPF,$@)
 	$(Q)$(CLANG) -g -O2 -target bpf -D__TARGET_ARCH_$(ARCH)		      \
 		     $(INCLUDES) $(CLANG_BPF_SYS_INCLUDES)		      \
@@ -117,22 +112,27 @@ $(OUTPUT)/%.bpf.o: bpf/%.bpf.c $(LIBBPF_OBJ) $(wildcard %.h) $(VMLINUX) | $(OUTP
 
 # Generate BPF skeletons
 .PHONY: $(BPF)
-$(BPF): %: $(OUTPUT)/%.bpf.o | $(OUTPUT) $(BPFTOOL) $(BPF_SKEL)
+$(BPF_SKEL)/%.skel.h: $(OUTPUT)/%.bpf.o | $(OUTPUT) $(BPFTOOL) $(BPF_SKEL)
 	$(call msg,GEN-SKEL,$@)
-	$(Q)$(BPFTOOL) gen skeleton $< > $(BPF_SKEL)/$@.skel.h
+	$(Q)$(BPFTOOL) gen skeleton $< > $@
+
+$(patsubst %,include/bpf_wapper/%.h,$(BPF)): include/bpf_wapper/%.h: $(BPF_SKEL)/%.skel.h
 
-$(patsubst %,$(OUTPUT)/%.o,$(BPF_WAPPER)): $(OUTPUT)/%.o: src/bpf_wapper/%.cpp $(BPF)
+$(patsubst %,$(OUTPUT)/%.o,$(BPF)): $(OUTPUT)/%.o: src/bpf_wapper/%.cpp include/bpf_wapper/%.h $(OUTPUT)/eBPFStackCollector.o
 	$(call msg,CXX,$@)
 	$(Q)$(CXX) $(CFLAGS) $(INCLUDES) -c $< -o $@
 
 # Build depending library
-$(patsubst %,$(OUTPUT)/%.o,$(BIN)): $(OUTPUT)/%.o: src/%.cpp
+$(patsubst %,$(OUTPUT)/%.o,$(BIN)): $(OUTPUT)/%.o: src/%.cpp $(patsubst %,include/bpf_wapper/%.h,$(BPF))
+	$(call msg,CXX,$@)
+	$(Q)$(CXX) $(CFLAGS) $(INCLUDES) -c $< -o $@
+
+$(OUTPUT)/eBPFStackCollector.o: src/bpf_wapper/eBPFStackCollector.cpp | $(LIBBPF_OBJ)
 	$(call msg,CXX,$@)
 	$(Q)$(CXX) $(CFLAGS) $(INCLUDES) -c $< -o $@
-# $(Q)$(CXX) $(CFLAGS) $(INCLUDES) $< -E > log
 
 # Build application binary
-$(TARGETS): $(patsubst %,$(OUTPUT)/%.o,$(BIN)) $(patsubst %,$(OUTPUT)/%.o,$(BPF_WAPPER)) $(LIBBPF_OBJ) | $(OUTPUT)
+$(TARGETS): $(OUTPUT)/eBPFStackCollector.o $(patsubst %,$(OUTPUT)/%.o,$(BIN)) $(patsubst %,$(OUTPUT)/%.o,$(BPF)) $(LIBBPF_OBJ)
 	$(call msg,BINARY,$@)
 	$(Q)$(CXX) $^ $(ALL_LDFLAGS) -lstdc++ -lelf -lz -o $@
 

eBPF_Supermarket/Stack_Analyser/bpf/io.bpf.c

@@ -33,18 +33,19 @@ const char LICENSE[] SEC("license") = "GPL";
 
 static int do_stack(struct trace_event_raw_sys_enter *ctx)
 {
+    CHECK_ACTIVE;
     struct task_struct *curr = (struct task_struct *)bpf_get_current_task(); // 利用bpf_get_current_task()获得当前的进程tsk
     RET_IF_KERN(curr);
     u32 pid = BPF_CORE_READ(curr, pid); // 利用帮助函数获得当前进程的pid
     if ((target_pid >= 0 && pid != target_pid) || !pid || pid == self_pid)
         return 0;
-        
+
     SAVE_TASK_INFO(pid, curr);
 
     // record time delta
     psid apsid = GET_COUNT_KEY(pid, ctx);
     io_tuple *d = bpf_map_lookup_elem(&psid_count_map, &apsid); // count指向psid_count表当中的apsid表项，即size
-    u64 len = BPF_CORE_READ(ctx, args[2]); // 读取系统调用的第三个参数
+    u64 len = BPF_CORE_READ(ctx, args[2]);                      // 读取系统调用的第三个参数
 
     if (!d)
     {