diff --git a/eBPF_Supermarket/CPU_Subsystem/eBPF_proc_image/bpf/syscall_image.bpf.c b/eBPF_Supermarket/CPU_Subsystem/eBPF_proc_image/bpf/syscall_image.bpf.c index c33ef5f88..b608d77be 100644 --- a/eBPF_Supermarket/CPU_Subsystem/eBPF_proc_image/bpf/syscall_image.bpf.c +++ b/eBPF_Supermarket/CPU_Subsystem/eBPF_proc_image/bpf/syscall_image.bpf.c @@ -23,8 +23,9 @@ #include "proc_image.h" char LICENSE[] SEC("license") = "Dual BSD/GPL"; - +#define MAX_NODENAME_LEN 64 const volatile pid_t ignore_tgid = -1; +const volatile char hostname[MAX_NODENAME_LEN] = ""; const int key = 0; pid_t pre_target_pid = -1;//上一个监测的进程; int pre_target_tgid = -1;//上一个监测的进程组; @@ -48,14 +49,69 @@ struct { __uint(max_entries,256 * 10240); } syscall_rb SEC(".maps"); +struct { + __uint(type,BPF_MAP_TYPE_HASH); + __uint(max_entries, 8192); + __type(key, pid_t); + __type(value,struct container_id); +}container_id_map SEC(".maps"); + +struct container_id{ + char container_id[20]; +}; + +struct data_t { + char nodename[MAX_NODENAME_LEN]; +}; + +static bool is_container_task(const volatile char hostname[MAX_NODENAME_LEN]){ + struct task_struct *task; + struct nsproxy *ns; + struct uts_namespace *uts; + struct data_t data = {}; + // 获取当前任务的 task_struct + task = (struct task_struct *)bpf_get_current_task(); + // 获取 nsproxy + bpf_probe_read_kernel(&ns, sizeof(ns), &task->nsproxy); + if (!ns) { + return false; + } + // 获取 uts_namespace + bpf_probe_read_kernel(&uts, sizeof(uts), &ns->uts_ns); + if (!uts) { + return false; + } + // 读取主机名 + bpf_probe_read_kernel_str(&data.nodename, sizeof(data.nodename), uts->name.nodename); + // 打印主机名 + bool is_equal = true; + for(int i = 0;isc_func) + if(!sc_ctrl || !sc_ctrl->sc_func) return 0; - + if(sc_ctrl->is_container) + if(!is_container_task(hostname)) + return 0; pid_t pid = bpf_get_current_pid_tgid(); int tgid = bpf_get_current_pid_tgid() >> 32; @@ -104,7 +160,9 @@ int sys_exit(struct trace_event_raw_sys_exit *args) sc_ctrl = bpf_map_lookup_elem(&sc_ctrl_map,&key); if(!sc_ctrl || !sc_ctrl->sc_func) return 0; - + if(sc_ctrl->is_container) + if(!is_container_task(hostname)) + return 0; pid_t pid = bpf_get_current_pid_tgid(); int tgid = bpf_get_current_pid_tgid() >> 32; diff --git a/eBPF_Supermarket/CPU_Subsystem/eBPF_proc_image/controller.c b/eBPF_Supermarket/CPU_Subsystem/eBPF_proc_image/controller.c index 121a8fdb1..718feda25 100644 --- a/eBPF_Supermarket/CPU_Subsystem/eBPF_proc_image/controller.c +++ b/eBPF_Supermarket/CPU_Subsystem/eBPF_proc_image/controller.c @@ -49,6 +49,7 @@ static struct env { bool enable_lock; bool enable_syscall; bool enable_schedule; + bool is_container; } env = { .usemode = 0, .pid = -1, @@ -68,6 +69,7 @@ static struct env { .enable_lock = false, .enable_syscall = false, .enable_schedule = false, + .is_container = false, }; const char argp_program_doc[] ="Trace process to get process image.\n"; @@ -78,6 +80,7 @@ static const struct argp_option opts[] = { { "finish", 'f', NULL, 0, "Finish to run eBPF tool" }, { "pid", 'p', "PID", 0, "Process ID to trace" }, { "tgid", 'P', "TGID", 0, "Thread group to trace" }, + { "containerproc", 'o', NULL, 0, "Thread of containerproc to trace" }, { "cpuid", 'c', "CPUID", 0, "Set For Tracing per-CPU Process(other processes don't need to set this parameter)" }, { "time", 't', "TIME-SEC", 0, "Max Running Time(0 for infinite)" }, { "myproc", 'm', NULL, 0, "Trace the process of the tool itself (not tracked by default)" }, @@ -143,6 +146,9 @@ static error_t parse_arg(int key, char *arg, struct argp_state *state) case 'm': env.enable_myproc = true; break; + case 'o': + env.is_container = true; + break; case 'r': env.enable_resource = true; break; @@ -201,7 +207,7 @@ int deactivate_mode(){ } if(env.enable_syscall){ - struct sc_ctrl sc_ctrl = {false,false,-1,-1,0}; + struct sc_ctrl sc_ctrl = {false,false,false,-1,-1,0}; err = update_sc_ctrl_map(sc_ctrl); if(err < 0) return err; } @@ -257,7 +263,7 @@ int main(int argc, char **argv) } if(env.enable_syscall){ - struct sc_ctrl sc_ctrl = {true,env.enable_myproc,env.pid,env.tgid,env.syscalls}; + struct sc_ctrl sc_ctrl = {true,env.enable_myproc, env.is_container,env.pid,env.tgid,env.syscalls}; err = update_sc_ctrl_map(sc_ctrl); if(err < 0) return err; } diff --git a/eBPF_Supermarket/CPU_Subsystem/eBPF_proc_image/include/proc_image.h b/eBPF_Supermarket/CPU_Subsystem/eBPF_proc_image/include/proc_image.h index ecfc1905f..589ca5063 100644 --- a/eBPF_Supermarket/CPU_Subsystem/eBPF_proc_image/include/proc_image.h +++ b/eBPF_Supermarket/CPU_Subsystem/eBPF_proc_image/include/proc_image.h @@ -65,6 +65,7 @@ struct total_rsc{ struct sc_ctrl { bool sc_func; bool enable_myproc; + bool is_container; pid_t target_pid; pid_t target_tgid; int syscalls; diff --git a/eBPF_Supermarket/CPU_Subsystem/eBPF_proc_image/proc_image.c b/eBPF_Supermarket/CPU_Subsystem/eBPF_proc_image/proc_image.c index b52a77712..9577b3482 100644 --- a/eBPF_Supermarket/CPU_Subsystem/eBPF_proc_image/proc_image.c +++ b/eBPF_Supermarket/CPU_Subsystem/eBPF_proc_image/proc_image.c @@ -65,6 +65,7 @@ static struct env { int lock_prev_tgid; int sched_prev_tgid; int sc_prev_tgid; + char hostname[64]; } env = { .output_resourse = false, .output_schedule = false, @@ -88,6 +89,7 @@ static struct env { .lock_prev_tgid = 0, .sched_prev_tgid = 0, .sc_prev_tgid = 0, + .hostname = "", }; struct hashmap *map = NULL; @@ -723,6 +725,16 @@ static void sig_handler(int signo) exiting = true; } +void get_hostname() { + char hostname[64]; + int result = gethostname(hostname, sizeof(hostname)); + if (result == 0) { + strcpy(env.hostname,hostname); + } else { + perror("gethostname"); + } +} + int main(int argc, char **argv) { struct resource_image_bpf *resource_skel = NULL; @@ -802,7 +814,9 @@ int main(int argc, char **argv) } syscall_skel->rodata->ignore_tgid = env.ignore_tgid; - + get_hostname(); + strcpy(syscall_skel->rodata->hostname,env.hostname); + err = syscall_image_bpf__load(syscall_skel); if (err) { fprintf(stderr, "Failed to load and verify BPF syscall skeleton\n");