#!/usr/bin/bpftrace
#include <net/sock.h>

kprobe:udp_sendmsg,
kprobe:tcp_sendmsg
{
  $sk = (struct sock *)arg0;

  if($sk->__sk_common.skc_family==2) {
    $daddr = ntop($sk->__sk_common.skc_daddr);
  }
  else if($sk->__sk_common.skc_family==10) {
    $daddr = ntop($sk->__sk_common.skc_v6_daddr.in6_u.u6_addr8);
  }

  /* skc_v6_daddr, skc_family */

  printf("direct\t%s\tpid%d\t%d\t%s\n", $daddr , pid, $sk->__sk_common.skc_family, comm);
}