commit 40ec2e831cd7e2df973d32b54adf74b2a982d4ef parent b6a2b0fcee6e0d79ea998b97420cacf429aada1c Author: William Casarin <jb55@jb55.com> Date: Wed, 5 May 2021 13:50:24 -0700 bin: add nettrack Signed-off-by: William Casarin <jb55@jb55.com> Diffstat:
| A | bin/nettrack | | | 40 | ++++++++++++++++++++++++++++++++++++++++ |
1 file changed, 40 insertions(+), 0 deletions(-)
diff --git a/bin/nettrack b/bin/nettrack @@ -0,0 +1,40 @@ +#!/usr/bin/env bpftrace +#include <net/sock.h> + +BEGIN +{ + printf("Tracing per-PID, per-thread network traffic. Ctrl-C to stop\n"); +} + +kprobe:sock_recvmsg, +kprobe:sock_sendmsg +{ + $sock = (struct socket *)arg0; + $family = $sock->sk->__sk_common.skc_family; + if ($family == AF_INET || $family == AF_INET6) { + @inetsocket[tid] = 1; + } else { + @inetsocket[tid] = 0; + } +} + +kretprobe:sock_recvmsg +{ + if (@inetsocket[tid] && retval < 0x7fffffff) { + @recv_bytes[pid, comm] = sum(retval); + } + delete(@inetsocket[tid]) +} + +kretprobe:sock_sendmsg +{ + if (@inetsocket[tid] && retval < 0x7fffffff) { + @send_bytes[pid, comm] = sum(retval); + } + delete(@inetsocket[tid]) +} + +END +{ + clear(@inetsocket); +}