Skip to content

Fix potential verification failure for opensnoop.py #5364

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
yonghong-song merged 1 commit into from
Jul 13, 2025
+25 −13
Merged

Fix potential verification failure for opensnoop.py #5364

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 25 additions & 13 deletions tools/opensnoop.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -227,9 +227,9 @@
u32 tid = id; // Cast and get the lower part
u32 uid = bpf_get_current_uid_gid();

PID_TID_FILTER
UID_FILTER
FLAGS_FILTER
KPROBE_PID_TID_FILTER
KPROBE_UID_FILTER
KPROBE_FLAGS_FILTER

if (container_should_be_filtered()) {
return 0;
Expand Down Expand Up @@ -327,10 +327,11 @@
if (!data)
return 0;

PID_TID_FILTER
UID_FILTER
FLAGS_FILTER
KFUNC_PID_TID_FILTER
KFUNC_UID_FILTER
KFUNC_FLAGS_FILTER
if (container_should_be_filtered()) {
events.ringbuf_discard(data, 0);
return 0;
}

Expand Down Expand Up @@ -389,28 +390,39 @@
bpf_text += bpf_text_kprobe_body

if args.tid: # TID trumps PID
bpf_text = bpf_text.replace('PID_TID_FILTER',
bpf_text = bpf_text.replace('KPROBE_PID_TID_FILTER',
'if (tid != %s) { return 0; }' % args.tid)
bpf_text = bpf_text.replace('KFUNC_PID_TID_FILTER',
'if (tid != %s) { events.ringbuf_discard(data, 0); return 0; }' % args.tid)
elif args.pid:
bpf_text = bpf_text.replace('PID_TID_FILTER',
bpf_text = bpf_text.replace('KPROBE_PID_TID_FILTER',
'if (pid != %s) { return 0; }' % args.pid)
bpf_text = bpf_text.replace('KFUNC_PID_TID_FILTER',
'if (pid != %s) { events.ringbuf_discard(data, 0); return 0; }' % args.pid)
else:
bpf_text = bpf_text.replace('PID_TID_FILTER', '')
bpf_text = bpf_text.replace('KPROBE_PID_TID_FILTER', '')
bpf_text = bpf_text.replace('KFUNC_PID_TID_FILTER', '')
if args.uid:
bpf_text = bpf_text.replace('UID_FILTER',
bpf_text = bpf_text.replace('KPROBE_UID_FILTER',
'if (uid != %s) { return 0; }' % args.uid)
bpf_text = bpf_text.replace('KFUNC_UID_FILTER',
'if (uid != %s) { events.ringbuf_discard(data, 0); return 0; }' % args.uid)
else:
bpf_text = bpf_text.replace('UID_FILTER', '')
bpf_text = bpf_text.replace('KPROBE_UID_FILTER', '')
bpf_text = bpf_text.replace('KFUNC_UID_FILTER', '')
if args.buffer_pages:
bpf_text = bpf_text.replace('BUFFER_PAGES', '%s' % args.buffer_pages)
else:
bpf_text = bpf_text.replace('BUFFER_PAGES', '%d' % 64)
bpf_text = filter_by_containers(args) + bpf_text
if args.flag_filter:
bpf_text = bpf_text.replace('FLAGS_FILTER',
bpf_text = bpf_text.replace('KPROBE_FLAGS_FILTER',
'if (!(flags & %d)) { return 0; }' % flag_filter_mask)
bpf_text = bpf_text.replace('KFUNC_FLAGS_FILTER',
'if (!(flags & %d)) { events.ringbuf_discard(data, 0); return 0; }' % flag_filter_mask)
else:
bpf_text = bpf_text.replace('FLAGS_FILTER', '')
bpf_text = bpf_text.replace('KPROBE_FLAGS_FILTER', '')
bpf_text = bpf_text.replace('KFUNC_FLAGS_FILTER', '')
if not (args.extended_fields or args.flag_filter):
bpf_text = '\n'.join(x for x in bpf_text.split('\n')
if 'EXTENDED_STRUCT_MEMBER' not in x)
Expand Down
Loading