ZBLOG

注册 原创投稿

10个ebpf uprobe golang的代码案例

作者:golang云原生栏目:公开2024-09-14 11:00205

以下是10个使用eBPF、uprobes和Golang的代码案例示例:

  1. 监控函数调用次数:
  1. package main
  3. import (
  4.     "fmt"
  5.     "github.com/iovisor/gobpf/bcc"
  6. )
  8. const program = `
  9. #include <uapi/linux/ptrace.h>
  11. BPF_HASH(counts, u64);
  13. int count_calls(struct pt_regs *ctx) {
  14.     u64 key = PT_REGS_IP(ctx);
  15.     u64* val = counts.lookup_or_init(&key, 0);
  16.     (*val)++;
  17.     return 0;
  18. }
  19. `
  21. func main() {
  22.     module := bcc.NewModule(program, []string{})
  23.     defer module.Close()
  25.     uprobe, err := module.LoadUprobe("count_calls")
  26.     if err != nil {
  27.         fmt.Fprintf(os.Stderr, "Failed to load uprobe: %v\n", err)
  28.         os.Exit(1)
  29.     }
  31.     err = module.AttachUprobe("/path/to/binary", "function_name", uprobe, -1)
  32.     if err != nil {
  33.         fmt.Fprintf(os.Stderr, "Failed to attach uprobe: %v\n", err)
  34.         os.Exit(1)
  35.     }
  37.     perfMap, err := bcc.InitPerfMap(module.LookupTable("counts"), printOutput)
  38.     if err != nil {
  39.         fmt.Fprintf(os.Stderr, "Failed to initialize perf map: %v\n", err)
  40.         os.Exit(1)
  41.     }
  42.     
  43. 	perfMap.Start()
  44. 	defer perfMap.Stop()
  46. 	select {}
  47. }
  49. func printOutput() {
  50. 	fmt.Println("Function called!")
  51. }
  1. 统计函数执行时间:
  1. package main
  3. import (
  4. 	"fmt"
  5. 	"github.com/iovisor/gobpf/bcc"
  6. )
  8. const program = `
  9. #include <uapi/linux/ptrace.h>
  11. struct data_t {
  12.     u64 timestamp;
  13. };
  15. BPF_HASH(start, u32, struct data_t);
  17. int trace_start(struct pt_regs *ctx) {
  18.     u32 pid = bpf_get_current_pid_tgid();
  19.     struct data_t data = {};
  20.     data.timestamp = bpf_ktime_get_ns();
  21.     start.update(&pid, &data);
  22.     return 0;
  23. }
  25. int trace_end(struct pt_regs *ctx) {
  26.     u32 pid = bpf_get_current_pid_tgid();
  27.     struct data_t* start_data = start.lookup(&pid);
  28.     
  29. 	if (start_data == 0) {
  30.         return 0;
  31. 	}
  32. 	
  33.     u64 delta = bpf_ktime_get_ns() - start_data->timestamp;
  34.     
  35. 	bpf_trace_printk("%d: Execution time: %llu ns\\n", pid, delta / 1000);
  36. 	start.delete(&pid);
  37. 	return 0;
  38. }
  39. `
  41. func main() {
  42. 	module := bcc.NewModule(program, []string{})
  43. 	defer module.Close()
  45. 	uprobeStart, err := module.LoadUprobe("trace_start")
  46. 	if err != nil {
  47. 		fmt.Fprintf(os.Stderr, "Failed to load uprobe: %v\n", err)
  48. 		os.Exit(1)
  49. 	}
  51. 	err = module.AttachUprobe("/path/to/binary", "function_name", uprobeStart, -1)
  52. 	if err != nil {
  53. 		fmt.Fprintf(os.Stderr, "Failed to attach uprobe: %v\n", err)
  54. 		os.Exit(1)
  55. 	}
  57. 	uprobeEnd, err := module.LoadUprobe("trace_end")
  58. 	if err != nil {
  59. 		fmt.Fprintf(os.Stderr, "Failed to load uprobe: %v\n", err)
  60. 		os.Exit(1)
  61. 	}
  63. 	err = module.AttachUretprobe("/path/to/binary", "function_name", uprobeEnd, -1)
  64. 	if err != nil {
  65. 		fmt.Fprintf(os.Stderr, "Failed to attach uprobe: %v\n", err)
  66. 		os.Exit(1)
  67. 	}
  69. 	bcc.NewTable(module.TableId("start"), module).SetMaxEntries(4096)
  71. 	table := bcc.NewTable(module.TableId("counts"), module)
  73. 	channel := make(chan []byte)
  74. 	module["output"].Attach(channel)
  75. 	defer module["output"].Detach()
  77. 	go func() {
  78. 		for {
  79. 			data := <-channel
  80. 			fmt.Println(string(data))
  81. 		}
  82. 	}()
  84. 	select {}
  85. }
  1. 监控文件读写操作:
  1. package main
  3. import (
  4.     "fmt"
  5.     "github.com/iovisor/gobpf/bcc"
  6. )
  8. const program = `
  9. #include <uapi/linux/ptrace.h>
  10. #include <linux/fs.h>
  12. BPF_HASH(counts, int);
  14. int trace_read(struct pt_regs *ctx) {
  15.     int pid = bpf_get_current_pid_tgid();
  16.     counts.increment(pid);
  17.     return 0;
  18. }
  20. int trace_write(struct pt_regs *ctx) {
  21.     int pid = bpf_get_current_pid_tgid();
  22.     counts.increment(pid);
  23.     return 0;
  24. }
  25. `
  27. func main() {
  28.     module := bcc.NewModule(program, []string{})
  29.     defer module.Close()
  31.     uprobeRead, err := module.LoadUprobe("trace_read")
  32.     if err != nil {
  33.         fmt.Fprintf(os.Stderr, "Failed to load uprobe: %v\n", err)
  34.         os.Exit(1)
  35.     }
  37.     err = module.AttachUprobe("/path/to/binary", "read_function_name", uprobeRead, -1)
  38.     if err != nil {
  39.         fmt.Fprintf(os.Stderr, "Failed to attach uprobe: %v\n", err)
  40.         os.Exit(1)
  41.     }
  43. 	uprobeWrite, err := module.LoadUprobe("trace_write")
  44. 	if err != nil {
  45. 	    fmt.Fprintf(os.Stderr, "Failed to load uprobe: %v\n", err)
  46. 	    os.Exit(1)
  47. 	}
  49. 	err = module.AttachUprobe("/path/to/binary", "write_function_name", uprobeWrite, -1)
  50. 	if err != nil {
  51. 	    fmt.Fprintf(os.Stderr, "Failed to attach uprobe: %v\n", err)
  52. 	    os.Exit(1)
  53. 	}
  55. 	table := bcc.NewTable(module.TableId("counts"), module)
  57. 	channel := make(chan []byte)
  58. 	module["output"].Attach(channel)
  59. 	defer module["output"].Detach()
  61. 	go func() {
  62. 	    for {
  63. 	        data := <-channel
  64. 	        fmt.Println(string(data))
  65. 	    }
  66. 	}()
  68. 	select {}
  69. }
  1. 检测网络数据包:
  1. package main
  3. import (
  4.     "fmt"
  5.     "github.com/iovisor/gobpf/bcc"
  6. )
  8. const program = `
  9. #include <uapi/linux/ptrace.h>
  10. #include <linux/if_ether.h>
  11. #include <linux/ip.h>
  12. #include <linux/tcp.h>
  14. BPF_PERF_OUTPUT(events);
  16. int trace_packet(struct __sk_buff *skb) {
  17.     u8* cursor = 0;
  18.     struct ethhdr* eth = bpf_hdr_pointer(skb);
  19.     
  20.     if (eth->h_proto == htons(ETH_P_IP)) {
  21.         struct iphdr* ip = (struct iphdr *)(cursor + sizeof(struct ethhdr));
  22.         
  23.         if (ip->protocol == IPPROTO_TCP) {
  24.             struct tcphdr* tcp = (struct tcphdr *)(cursor + sizeof(struct ethhdr) + sizeof(struct iphdr));
  25.             
  26.             events.perf_submit(skb, skb->len);
  27.         }
  28.     }
  30.     return 0;
  31. }
  32. `
  34. func main() {
  35.     module := bcc.NewModule(program, []string{})
  36.     defer module.Close()
  38. 	uprobePacket, err := module.LoadUprobe("trace_packet")
  39. 	if err != nil {
  40. 	    fmt.Fprintf(os.Stderr, "Failed to load uprobe: %v\n", err)
  41. 	    os.Exit(1)
  42. 	}
  44. 	err = module.AttachUprobe("/path/to/binary", "packet_function_name", uprobePacket, -1)
  45. 	if err != nil {
  46. 	    fmt.Fprintf(os.Stderr, "Failed to attach uprobe: %v\n", err)
  47. 	    os.Exit(1)
  48. 	}
  50. 	table := bcc.NewTable(module.TableId("events"), module)
  52. 	channel := make(chan []byte)
  53. 	module["output"].Attach(channel)
  54. 	defer module["output"].Detach()
  56. 	go func() {
  57. 	    for {
  58. 	        data := <-channel
  59. 	        fmt.Println(string(data))
  60. 	    }
  61. 	}()
  63. 	select {}
  64. }
  1. 监控文件IO耗时:
  1. package main
  3. import (
  4.     "fmt"
  5.     "github.com/iovisor/gobpf/bcc"
  6. )
  8. const program = `
  9. #include <uapi/linux/ptrace.h>
  10. #include <linux/blkdev.h>
  12. BPF_HASH(start, u64);
  14. int trace_start(struct pt_regs *ctx) {
  15.     u64 timestamp = bpf_ktime_get_ns();
  16.     start.update(&ctx->pid, &timestamp);
  17.     return 0;
  18. }
  20. int trace_end(struct pt_regs *ctx) {
  21.     u64* timestamp_ptr = start.lookup(&ctx->pid);
  22.     
  23. 	if (timestamp_ptr == NULL) {
  24.         return 0;
  25. 	}
  26. 	
  27.     u64 delta = bpf_ktime_get_ns() - *timestamp_ptr;
  28.     
  29. 	bpf_trace_printk("%d: IO Time: %llu ns\\n", ctx->pid, delta / 1000);
  30. 	start.delete(&ctx->pid);
  31. 	return 0;
  32. }
  33. `
  35. func main() {
  36. 	module := bcc.NewModule(program, []string{})
  37. 	defer module.Close()
  39. 	uprobeStart, err := module.LoadUprobe("trace_start")
  40. 	if err != nil {
  41. 	    fmt.Fprintf(os.Stderr, "Failed to load uprobe: %v\n", err)
  42. 	    os.Exit(1)
  43. 	}
  45. 	err = module.AttachUprobe("/path/to/binary", "start_function_name", uprobeStart, -1)
  46. 	if err != nil {
  47. 	    fmt.Fprintf(os.Stderr, "Failed to attach uprobe: %v\n", err)
  48. 	    os.Exit(1)
  49. 	}
  51. 	uprobeEnd, err := module.LoadUprobe("trace_end")
  52. 	if err != nil {
  53. 	    fmt.Fprintf(os.Stderr, "Failed to load uprobe: %v\n", err)
  54. 	    os.Exit(1)
  55. 	}
  57. 	err = module.AttachUretprobe("/path/to/binary", "end_function_name", uprobeEnd, -1)
  58. 	if err != nil {
  59. 	    fmt.Fprintf(os.Stderr, "Failed to attach uprobe: %v\n", err)
  60. 	    os.Exit(1)
  61. 	}
  63. 	table := bcc.NewTable(module.TableId("counts"), module)
  65. 	channel := make(chan []byte)
  66. 	module["output"].Attach(channel)
  67. 	defer module["output"].Detach()
  69. 	go func() {
  70. 	    for {
  71. 	        data := <-channel
  72. 	        fmt.Println(string(data))
  73. 	    }
  74. 	}()
  76. 	select {}
  77. }
  1. 检测TCP连接状态:
  1. package main
  3. import (
  4.     "fmt"
  5.     "github.com/iovisor/gobpf/bcc"
  6. )
  8. const program = `
  9. #include <uapi/linux/ptrace.h>
  10. #include <linux/tcp.h>
  12. BPF_HASH(counts, u32);
  14. int trace_tcp_state(struct pt_regs *ctx) {
  15.     u32 pid = bpf_get_current_pid_tgid();
  16.     struct tcp_sock* tp = (struct tcp_sock*)bpf_get_smp_processor_id();
  18.     if (tp == NULL) {
  19.         return 0;
  20.     }
  22.     u32 state = tp->state;
  23.     counts.increment(state);
  25.     return 0;
  26. }
  27. `
  29. func main() {
  30. 	module := bcc.NewModule(program, []string{})
  31. 	defer module.Close()
  33. 	uprobeState, err := module.LoadUprobe("trace_tcp_state")
  34. 	if err != nil {
  35. 	    fmt.Fprintf(os.Stderr, "Failed to load uprobe: %v\n", err)
  36. 	    os.Exit(1)
  37. 	}
  39. 	err = module.AttachUprobe("/path/to/binary", "tcp_function_name", uprobeState, -1)
  40. 	if err != nil {
  41. 	    fmt.Fprintf(os.Stderr, "Failed to attach uprobe: %v\n", err)
  42. 	    os.Exit(1)
  43. 	}
  45. 	table := bcc.NewTable(module.TableId("counts"), module)
  47. 	channel := make(chan []byte)
  48. 	module["output"].Attach(channel)
  49. 	defer module["output"].Detach()
  51. 	go func() {
  52. 	    for {
  53. 	        data := <-channel
  54. 	        fmt.Println(string(data))
  55. 	    }
  56. 	}()
  58. 	select {}
  59. }
  1. 监控系统调用:
  1. package main
  3. import (
  4.     "fmt"
  5.     "github.com/iovisor/gobpf/bcc"
  6. )
  8. const program = `
  9. #include <uapi/linux/ptrace.h>
  11. BPF_HASH(counts, int);
  13. int trace_syscall_entry(struct pt_regs *ctx) {
  14.     int pid = bpf_get_current_pid_tgid();
  15.     counts.increment(pid);
  16.     
  17. 	return 0;
  18. }
  19. `
  21. func main() {
  22. 	module := bcc.NewModule(program, []string{})
  23. 	defer module.Close()
  25. 	uprobeSyscallEntry, err := module.LoadUprobe("trace_syscall_entry")
  26. 	if err != nil {
  27. 	    fmt.Fprintf(os.Stderr, "Failed to load uprobe: %v\n", err)
  28. 	    os.Exit(1)
  29. 	}
  31. 	err = module.AttachUprobe("/path/to/binary", "__x64_sys_function_name", uprobeSyscallEntry, -1)
  32. 	if err != nil {
  33. 	    fmt.Fprintf(os.Stderr, "Failed to attach uprobe: %v\n", err)
  34. 	    os.Exit(1)
  35. 	}
  37. 	table := bcc.NewTable(module.TableId("counts"), module)
  39. 	channel := make(chan []byte)
  40. 	module["output"].Attach(channel)
  41. 	defer module["output"].Detach()
  43. 	go func() {
  44. 	    for {
  45. 	        data := <-channel
  46. 	        fmt.Println(string(data))
  47. 	    }
  48. 	}()
  50. 	select {}
  51. }
  1. 跟踪内存分配和释放:

”`go package main

import (

  1. "fmt"
  2. "github.com/iovisor/gobpf/bcc"

)

const program = ` #include

BPF_HASH(counts, u64);

int trace_alloc(struct pt_regs *ctx) {

  1. counts.increment(0);
  2. return 0;

}

int trace_free(struct pt_regs *ctx) {

  1. counts.decrement(0);
  2. return 0;

} `

func main() {

  1. module := bcc.NewModule(program, []string{})
  2. defer module.Close()
  4. uprobeAlloc, err := module.LoadUprobe("trace_alloc")
  5. if err != nil {
  6.     fmt.Fprintf(os.Stderr, "Failed to load uprobe: %v\n", err)
  7.     os.Exit(1)
  8. }
  10. err = module.AttachUprobe("/path/to/binary", "alloc_function_name", uprobeAlloc, -1)
  11. if err != nil {
  12.     fmt.Fprintf(os.Stderr, "Failed to attach uprobe: %v\n", err)
  13.     os.Exit(1)
  14. }
  16. uprobeFree, err := module.LoadUprobe("trace_free")
  17. if err != nil {
  18.     fmt.Fprintf(os.Stderr, "Failed to load uprobe: %v\n", err)
  19.     os.Exit(1)
  20. }
  22. err = module.AttachUprobe("/path/to/binary", "free_function_name", uprobeFree, -1)
  23. if err != nil {
  24.     fmt.Fprintf(os.Stderr, "Failed to attach uprobe: %v\n", err)
  25.     os.Exit(1)
  26. }
  28. table := bcc.NewTable(module.TableId("counts"), module)
  30. channel := make(chan []byte)
  31. module["output"].Attach(channel)
  32. defer module["output"].Detach<br/><br/><br/><font size=1 color=#CCCCCC>内容由零声教学AI助手提供,问题来源于学员提问</font>

本站部分文章来源于网络,版权归原作者所有,如有侵权请联系站长删除。
转载请注明出处:https://golang.0voice.com/?id=18473

golang云原生 golang云原生 管理员
分享:
扫描分享到社交APP
上一篇
下一篇

相关推荐

发表列表
游客 游客
此处应有掌声~
评论列表

还没有评论,快来说点什么吧~

golang云原生

golang云原生

  • 23826文章
  • 0评论
  • 2粉丝
  • 0被赞
最近发布
热门排行
热评文章
猜您喜欢
热门标签
Copyright ©2022    湖南零声信息科技有限公司    版权所有     湘ICP备18009867号-1          证照中心 

联系我们

在线咨询: 点击这里给我发消息

微信号:3007537140

上班时间: 10:30-22:30

关注我们
x

注册

已经有帐号?
简单注册快人一步