c_meyer/googerteller
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
985c9bb97c
googerteller/netsendmsg.bt
bert hubert 985c9bb97c fix up bpftrace-based operation
2024-04-26 00:21:49 +02:00

21 lines
446 B
Plaintext
Raw Blame History

#!/usr/bin/bpftrace
#include <net/sock.h>
kprobe:udp_sendmsg,
kprobe:tcp_sendmsg
{
$sk = (struct sock *)arg0;
if($sk->__sk_common.skc_family==2) {
$daddr = ntop($sk->__sk_common.skc_daddr);
}
else if($sk->__sk_common.skc_family==10) {
$daddr = ntop($sk->__sk_common.skc_v6_daddr.in6_u.u6_addr8);
}
/* skc_v6_daddr, skc_family */
printf("direct\t%s\tpid%d\t%d\t%s\n", $daddr , pid, $sk->__sk_common.skc_family, comm);
}
Reference in New Issue View Git Blame Copy Permalink