iovisor-dev@lists.iovisor.org | about kprobe/kretprobe matching

Home Messages Hashtags Subgroups

This group is locked. No changes can be made to the group while it is locked.

Date Date 1 - 1 of 1

about kprobe/kretprobe matching

ovinee@... #1592 Hi, I'm trying to access the packet content in tcp_transmit_skb using eBPF/BCC. I defined kprobe____tcp_transmit_skb/kretprobe____tcp_transmit_skb functions. Since in kretprobe we cannot access the function arguments (I'm not sure), I stored skb(struct sk_buff *) in kprobe____tcp_transmit_skb by using the pid as the key. u64 pid = bpf_get_current_pid_tgid(); curr_skb.update(&pid, &skb); However, the issue is that tcp_transmit_skb function can be called multiple times before kretprobe____tcp_transmit_skb is executed with the same pid. So I cannot correctly match between kprobe____tcp_transmit_skb and kretprobe____tcp_transmit_skb functions for the same skb. Is there any good way to match between kprobe and kretprobe for the same function call? Or is there any method that I can access the function arguments in kretprobe? Thanks, Youngbin

1 - 1 of 1

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms