def attach_type_to_tramp(attach_type): # bpf_tramp_prog_type is available since linux kernel 5.5, this code should # be called only after checking for bpf_prog.aux.trampoline to be present # though so no error checking here. BpfProgTrampType = enum_type_to_class( prog.type("enum bpf_tramp_prog_type"), "BpfProgTrampType") at = BpfAttachType(attach_type) if at == BpfAttachType.BPF_TRACE_FENTRY: return BpfProgTrampType.BPF_TRAMP_FENTRY if at == BpfAttachType.BPF_TRACE_FEXIT: return BpfProgTrampType.BPF_TRAMP_FEXIT return BpfProgTrampType.BPF_TRAMP_REPLACE
drgn script to list BPF programs or maps and their properties unavailable via kernel API. """ import argparse import sys from drgn.helpers import enum_type_to_class from drgn.helpers.linux import ( bpf_map_for_each, bpf_prog_for_each, hlist_for_each_entry, ) BpfMapType = enum_type_to_class(prog.type("enum bpf_map_type"), "BpfMapType") BpfProgType = enum_type_to_class(prog.type("enum bpf_prog_type"), "BpfProgType") BpfAttachType = enum_type_to_class(prog.type("enum bpf_attach_type"), "BpfAttachType") def get_btf_name(btf, btf_id): type_ = btf.types[btf_id] if type_.name_off < btf.hdr.str_len: return btf.strings[type_.name_off].address_of_().string_().decode() return "" def get_prog_btf_name(bpf_prog): aux = bpf_prog.aux if aux.btf: # func_info[0] points to BPF program function itself.
from drgn.helpers import enum_type_to_class from drgn.helpers.linux import ( cgroup_path, hlist_for_each, hlist_nulls_empty, sk_fullsock, sk_nulls_for_each, sk_tcpstate, sock_cgroup_ptr, ) TcpState = enum_type_to_class( prog["TCP_ESTABLISHED"].type_, "TcpState", exclude=("TCP_MAX_STATES",), prefix="TCP_", ) def inet_sk(sk): return cast("struct inet_sock *", sk) def _ipv4(be32): return ipaddress.IPv4Address(struct.pack("I", be32.value_())) def _ipv6(in6_addr): return ipaddress.IPv6Address(struct.pack("IIII", *in6_addr.in6_u.u6_addr32))
import os import sys from drgn import cast from drgn.helpers import enum_type_to_class from drgn.helpers.linux import ( cgroup_bpf_prog_for_each, cgroup_path, css_for_each_descendant_pre, fget, find_task, ) BpfAttachType = enum_type_to_class( prog.type("enum bpf_attach_type"), "BpfAttachType", exclude=("__MAX_BPF_ATTACH_TYPE", ), ) @contextmanager def open_dir(*args, **kwds): # Built-in open() context manager can't deal with directories. fd = os.open(*args, **kwds) try: yield fd finally: os.close(fd) def get_cgroup():