Skip to content

Commit

Permalink
allow tracing more drops and avoid early return
Browse files Browse the repository at this point in the history
sometimes we can don't have socket struct valid
which we use to populate TCP state in that case
we keep state as 0 and we proceed generating drop
flow

Signed-off-by: msherif1234 <mmahmoud@redhat.com>
  • Loading branch information
msherif1234 committed Jul 21, 2023
1 parent 565d7ce commit e0566f6
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 9 deletions.
17 changes: 8 additions & 9 deletions bpf/pkt_drops.h
Original file line number Diff line number Diff line change
Expand Up @@ -7,21 +7,15 @@

#include "utils.h"

static inline int trace_pkt_drop(void *ctx, struct sock *sk,
static inline int trace_pkt_drop(void *ctx, u8 state,
struct sk_buff *skb,
enum skb_drop_reason reason) {
if (sk == NULL)
return 0;

flow_id id;
__builtin_memset(&id, 0, sizeof(id));

u8 state = 0, protocol = 0;
u8 protocol = 0;
u16 family = 0,flags = 0;

// pull in details from the packet headers and the sock struct
bpf_probe_read(&state, sizeof(u8), (u8 *)&sk->__sk_common.skc_state);

id.if_index = skb->skb_iif;

// read L2 info
Expand Down Expand Up @@ -93,7 +87,12 @@ int kfree_skb(struct trace_event_raw_kfree_skb *args) {
// SKB_CONSUMED,
// SKB_DROP_REASON_NOT_SPECIFIED,
if (reason > SKB_DROP_REASON_NOT_SPECIFIED) {
return trace_pkt_drop(args, sk, &skb, reason);
u8 state = 0;
if (sk) {
// pull in details from the packet headers and the sock struct
bpf_probe_read(&state, sizeof(u8), (u8 *)&sk->__sk_common.skc_state);
}
return trace_pkt_drop(args, state, &skb, reason);
}
return 0;
}
Expand Down
Binary file modified pkg/ebpf/bpf_bpfeb.o
Binary file not shown.
Binary file modified pkg/ebpf/bpf_bpfel.o
Binary file not shown.

0 comments on commit e0566f6

Please sign in to comment.