lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CADxym3YB4ywpSp92Zctmh_k1K5OL7vTUAadFOsFuV=RdEvvwgA@mail.gmail.com>
Date: Wed, 23 Oct 2024 21:00:38 +0800
From: Menglong Dong <menglong8.dong@...il.com>
To: Yafang Shao <laoar.shao@...il.com>
Cc: edumazet@...gle.com, davem@...emloft.net, dsahern@...nel.org, 
	kuba@...nel.org, pabeni@...hat.com, rostedt@...dmis.org, mhiramat@...nel.org, 
	mathieu.desnoyers@...icios.com, netdev@...r.kernel.org, 
	linux-trace-kernel@...r.kernel.org
Subject: Re: [PATCH] net: Add tcp_drop_reason tracepoint

On Wed, Oct 23, 2024 at 8:33 PM Yafang Shao <laoar.shao@...il.com> wrote:
>
> We previously hooked the tcp_drop_reason() function using BPF to monitor
> TCP drop reasons. However, after upgrading our compiler from GCC 9 to GCC
> 11, tcp_drop_reason() is now inlined, preventing us from hooking into it.
> To address this, it would be beneficial to introduce a dedicated tracepoint
> for monitoring.

Hello,

Can the existing tracepoint kfree_skb do this work? AFAIK, you
can attach you BPF to the kfree_skb tracepoint and do some filter
according to the "protocol" field, or the information "sk" field. And
this works fine in my tool.

I hope I'm not missing something :/

BTW, I do such filter in probe_parse_skb_sk() in
https://github.com/OpenCloudOS/nettrace/blob/master/shared/bpf/skb_parse.h

Thanks!
Menglong Dong
>
> Signed-off-by: Yafang Shao <laoar.shao@...il.com>
> Cc: Menglong Dong <menglong8.dong@...il.com>
> ---
>  include/trace/events/tcp.h | 53 ++++++++++++++++++++++++++++++++++++++
>  net/ipv4/tcp_input.c       |  1 +
>  2 files changed, 54 insertions(+)
>
> diff --git a/include/trace/events/tcp.h b/include/trace/events/tcp.h
> index a27c4b619dff..056f7026224c 100644
> --- a/include/trace/events/tcp.h
> +++ b/include/trace/events/tcp.h
> @@ -12,6 +12,7 @@
>  #include <net/tcp.h>
>  #include <linux/sock_diag.h>
>  #include <net/rstreason.h>
> +#include <net/dropreason-core.h>
>
>  /*
>   * tcp event with arguments sk and skb
> @@ -728,6 +729,58 @@ DEFINE_EVENT(tcp_ao_event_sne, tcp_ao_rcv_sne_update,
>         TP_ARGS(sk, new_sne)
>  );
>
> +#undef FN
> +#undef FNe
> +#define FN(reason)     { SKB_DROP_REASON_##reason, #reason },
> +#define FNe(reason)    { SKB_DROP_REASON_##reason, #reason }
> +
> +TRACE_EVENT(tcp_drop_reason,
> +
> +       TP_PROTO(const struct sock *sk, const struct sk_buff *skb,
> +                const enum skb_drop_reason reason),
> +
> +       TP_ARGS(sk, skb, reason),
> +
> +       TP_STRUCT__entry(
> +               __field(const void *, skbaddr)
> +               __field(const void *, skaddr)
> +               __field(int, state)
> +               __field(enum skb_drop_reason, reason)
> +               __array(__u8, saddr, sizeof(struct sockaddr_in6))
> +               __array(__u8, daddr, sizeof(struct sockaddr_in6))
> +       ),
> +
> +       TP_fast_assign(
> +               __entry->skbaddr = skb;
> +               __entry->skaddr = sk;
> +               /* Zero means unknown state. */
> +               __entry->state = sk ? sk->sk_state : 0;
> +
> +               memset(__entry->saddr, 0, sizeof(struct sockaddr_in6));
> +               memset(__entry->daddr, 0, sizeof(struct sockaddr_in6));
> +
> +               if (sk && sk_fullsock(sk)) {
> +                       const struct inet_sock *inet = inet_sk(sk);
> +
> +                       TP_STORE_ADDR_PORTS(__entry, inet, sk);
> +               } else {
> +                       const struct tcphdr *th = (const struct tcphdr *)skb->data;
> +
> +                       TP_STORE_ADDR_PORTS_SKB(skb, th, entry->saddr, entry->daddr);
> +               }
> +               __entry->reason = reason;
> +       ),
> +
> +       TP_printk("skbaddr=%p skaddr=%p src=%pISpc dest=%pISpc state=%s reason=%s",
> +                 __entry->skbaddr, __entry->skaddr,
> +                 __entry->saddr, __entry->daddr,
> +                 __entry->state ? show_tcp_state_name(__entry->state) : "UNKNOWN",
> +                 __print_symbolic(__entry->reason, DEFINE_DROP_REASON(FN, FNe)))
> +);
> +
> +#undef FN
> +#undef FNe
> +
>  #endif /* _TRACE_TCP_H */
>
>  /* This part must be outside protection */
> diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
> index cc05ec1faac8..44795555596a 100644
> --- a/net/ipv4/tcp_input.c
> +++ b/net/ipv4/tcp_input.c
> @@ -4897,6 +4897,7 @@ static bool tcp_ooo_try_coalesce(struct sock *sk,
>  static void tcp_drop_reason(struct sock *sk, struct sk_buff *skb,
>                             enum skb_drop_reason reason)
>  {
> +       trace_tcp_drop_reason(sk, skb, reason);
>         sk_drops_add(sk, skb);
>         sk_skb_reason_drop(sk, skb, reason);
>  }
> --
> 2.43.5
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ