googerteller/netsendmsg.bt

21 lines
446 B
Plaintext
Raw Permalink Normal View History

#!/usr/bin/bpftrace
#include <net/sock.h>
kprobe:udp_sendmsg,
kprobe:tcp_sendmsg
{
$sk = (struct sock *)arg0;
2024-04-26 00:21:49 +02:00
if($sk->__sk_common.skc_family==2) {
$daddr = ntop($sk->__sk_common.skc_daddr);
}
else if($sk->__sk_common.skc_family==10) {
$daddr = ntop($sk->__sk_common.skc_v6_daddr.in6_u.u6_addr8);
}
2024-04-26 00:21:49 +02:00
/* skc_v6_daddr, skc_family */
printf("direct\t%s\tpid%d\t%d\t%s\n", $daddr , pid, $sk->__sk_common.skc_family, comm);
}
2024-04-26 00:21:49 +02:00