You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Some applications require examining kernel state that is not conveniently stored in struct form.
For instance, tcpdrop.py implements a mechanism to read from the socket buffer, using the struct members of the socket buffer to dynamically compute the offset within the buffer.
For use cases like this, it would be great to have a command, say something called "readbuf" with an API like:
This should be possible, I have an idea of how it could be implemented but I wonder if this is something that is within the scope of what is intended for bpftrace?
I think that this sort of functionality is needed to be able to implement functionality such as above in tcpdrop.py, as well as for analysis closer to the network edge, as in this tcpaccept-like systemtap probe from cloudflare.
It should be possible to do this reasonably efficiently/safely, by checking that the the buffer doesn't overflow and having a maximum extraction size.
I tried to think of a better name than readbuf, memcpy seems misleading but is the closest C analogue to the functionality I'm looking for, the critical difference being that it should probably always return a 64 byte variable (with width masked out if size specified to less) rather than copying arbitrary bits of memory.
This could also be really useful for examining raw binary data in the kernel in general, by printing segments of 64 bytes in hex.
Thoughts? Worth implementing? Is there anything that might make this harder than I am expecting?
The text was updated successfully, but these errors were encountered:
Some applications require examining kernel state that is not conveniently stored in struct form.
For instance, tcpdrop.py implements a mechanism to read from the socket buffer, using the struct members of the socket buffer to dynamically compute the offset within the buffer.
For use cases like this, it would be great to have a command, say something called "readbuf" with an API like:
This should be possible, I have an idea of how it could be implemented but I wonder if this is something that is within the scope of what is intended for bpftrace?
I think that this sort of functionality is needed to be able to implement functionality such as above in tcpdrop.py, as well as for analysis closer to the network edge, as in this tcpaccept-like systemtap probe from cloudflare.
It should be possible to do this reasonably efficiently/safely, by checking that the the buffer doesn't overflow and having a maximum extraction size.
I tried to think of a better name than readbuf, memcpy seems misleading but is the closest C analogue to the functionality I'm looking for, the critical difference being that it should probably always return a 64 byte variable (with width masked out if size specified to less) rather than copying arbitrary bits of memory.
This could also be really useful for examining raw binary data in the kernel in general, by printing segments of 64 bytes in hex.
Thoughts? Worth implementing? Is there anything that might make this harder than I am expecting?
The text was updated successfully, but these errors were encountered: