diff --git a/eBPF_Supermarket/kvm_watcher/include/bpf/container.h b/eBPF_Supermarket/kvm_watcher/include/bpf/container.h index 0bb0ae68e..6dda002cb 100644 --- a/eBPF_Supermarket/kvm_watcher/include/bpf/container.h +++ b/eBPF_Supermarket/kvm_watcher/include/bpf/container.h @@ -61,7 +61,8 @@ static int trace_container_sys_entry(struct trace_event_raw_sys_enter *args){ bpf_map_update_elem(&id,&pid,&syscall_id,BPF_ANY); return 0; } -static int trace_container_sys_exit(struct trace_event_raw_sys_exit *args,void *rb,struct common_event *e){ + +static int trace_container_sys_exit(struct trace_event_raw_sys_exit *args){ u64 exit_time = bpf_ktime_get_ns(); pid_t pid = bpf_get_current_pid_tgid(); u64 delay,start_time,syscallid; @@ -89,7 +90,12 @@ static int trace_container_sys_exit(struct trace_event_raw_sys_exit *args,void * if (!syscall_value) { return 0; } - + //检查 syscallid 是否超出范围 + //逻辑检查应该放到获取结构体之后的第一步操作,提前的检查让路径变得显式且安全,否则验证器可能无法通过 + if (syscallid >= MAX_SYSCALL_NUM || syscallid < 0) { + return 0; // 如果超出范围,直接返回 + } + // 读取 container_id int ret = bpf_probe_read_kernel_str(syscall_value->container_id, sizeof(syscall_value->container_id), contain_id); if (ret < 0) { @@ -97,19 +103,12 @@ static int trace_container_sys_exit(struct trace_event_raw_sys_exit *args,void * return 0; } - // 打印读取的 container_id - bpf_printk("container_id: %s\n", syscall_value->container_id); - // 获取进程名并存储 ret = bpf_get_current_comm(syscall_value->proc_name, sizeof(syscall_value->proc_name)); if (ret < 0) { bpf_printk("Failed to read process name, error code: %d\n", ret); return 0; } - //检查 syscallid 是否超出范围 - if (syscallid >= MAX_SYSCALL_NUM || syscallid < 0) { - return 0; // 如果超出范围,直接返回 - } syscall_value->syscall_total_delay[syscallid] += delay; // 加上 delay 的值 syscall_value->syscall_id_counts[syscallid] += 1; // 计数加 1 return 0; @@ -118,4 +117,44 @@ static int trace_container_sys_exit(struct trace_event_raw_sys_exit *args,void * struct data_t { char nodename[MAX_NODENAME_LEN]; }; +static bool is_container_task(const volatile char *hostname){ + struct task_struct *task; + struct nsproxy *ns; + struct uts_namespace *uts; + struct data_t data = {}; + // 获取当前任务的 task_struct + task = (struct task_struct *)bpf_get_current_task(); + + // 获取 nsproxy + bpf_probe_read_kernel(&ns, sizeof(ns), &task->nsproxy); + if (!ns) { + return false; + } + + // 获取 uts_namespace + bpf_probe_read_kernel(&uts, sizeof(uts), &ns->uts_ns); + if (!uts) { + return false; + } + // 读取主机名 + bpf_probe_read_kernel_str(&data.nodename, sizeof(data.nodename), uts->name.nodename); + // 打印主机名 + bool is_equal = true; + for(int i = 0;insproxy); - if (!ns) { - return false; - } - - // 获取 uts_namespace - bpf_probe_read_kernel(&uts, sizeof(uts), &ns->uts_ns); - if (!uts) { - return false; - } - // 读取主机名 - bpf_probe_read_kernel_str(&data.nodename, sizeof(data.nodename), uts->name.nodename); - // 打印主机名 - - for(int i = 0;insproxy); - if (!ns) { - return false; - } - - // 获取 uts_namespace - bpf_probe_read_kernel(&uts, sizeof(uts), &ns->uts_ns); - if (!uts) { - return false; - } - // 读取主机名 - bpf_probe_read_kernel_str(&data.nodename, sizeof(data.nodename), uts->name.nodename); - // 打印主机名 - - for(int i = 0;i