使用 BPF 工具对类型“struct mnt_namespace”的定义和前向声明不完整?
[英]Incomplete definition and forward declaration of type 'struct mnt_namespace' using BPF tools?
问题描述
我想要的是:
将 .network 命名空间选项添加到execsnoop bcc 工具以仅跟踪具有指定 .network 命名空间的日志,就像我们在许多其他 bcc 工具中有过滤器 PID 选项一样。 例如: execsnoop -N "ns_id"
我尝试了什么:
int syscall__execve(struct pt_regs *ctx,
const char __user *filename,
const char __user *const __user *__argv,
const char __user *const __user *__envp)
{
// create data here and pass to submit_arg to save stack space (#555)
struct data_t data = {};
struct task_struct *task;
data.pid = bpf_get_current_pid_tgid() >> 32;
task = (struct task_struct *)bpf_get_current_task();
// Some kernels, like Ubuntu 4.13.0-generic, return 0
// as the real_parent->tgid.
// We use the get_ppid function as a fallback in those cases. (#1883)
data.ppid = task->real_parent->tgid;
data.netns = task->nsproxy->mnt_ns->ns.inum; // I tried to mount namespace here
bpf_get_current_comm(&data.comm, sizeof(data.comm));
data.type = EVENT_ARG;
__submit_arg(ctx, (void *)filename, &data);
// skip first arg, as we submitted filename
#pragma unroll
for (int i = 1; i < MAXARG; i++) {
if (submit_arg(ctx, (void *)&__argv[i], &data) == 0)
goto out;
}
// handle truncated argument list
char ellipsis[] = "...";
__submit_arg(ctx, (void *)ellipsis, &data);
out:
return 0;
}
收到错误:
/virtual/main.c:98:39: error: incomplete definition of type 'struct mnt_namespace'
data.netns = task->nsproxy->mnt_ns->ns.inum;
~~~~~~~~~~~~~~~~~~~~~^
include/linux/nsproxy.h:8:8: note: forward declaration of 'struct mnt_namespace'
struct mnt_namespace;
^
1 error generated.
Traceback (most recent call last):
File "./execsnoop", line 230, in <module>
b = BPF(text=bpf_text)
File "/usr/lib/python2.7/dist-packages/bcc/__init__.py", line 325, in __init__
raise Exception("Failed to compile BPF text")
Exception: Failed to compile BPF text
我也尝试包含 mnt_namespace.h header 文件,但没有解决。
1 个解决方案
解决方案1
0 已采纳 2020-05-17 10:13:12
bcc 工具mountsnoop.py似乎可以实现您想要实现的目标。 他们重新定义了一些结构,注释如下:
/*
* XXX: struct mnt_namespace is defined in fs/mount.h, which is private to the
* VFS and not installed in any kernel-devel packages. So, let's duplicate the
* important part of the definition. There are actually more members in the
* real struct, but we don't need them, and they're more likely to change.
*/
struct mnt_namespace {
atomic_t count;
struct ns_common ns;
};
事实上, fs/mount.h中的结构没有被导出。 所以我怀疑你只需要在你的代码中做同样的事情:部分重新定义struct mnt_namespace 。
编译错误“类型'struct proc'的定义不完整”
[英]Compilation error “Incomplete definition of type 'struct proc'”
使用OpenSSL对类型'struct ec_key_st'的错误定义不完整
[英]Error incomplete definition of type 'struct ec_key_st' using OpenSSL
循环依赖结构,使用前向声明时对结构进行错误重新定义
[英]Circular dependency struct, error redefinition of struct when using forward declaration
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.