Issue
This Content is from Stack Overflow. Question asked by sa Kevin
I want to get getaddrinfo function entry params(host->PT_REGS_PARM1), attach uretprobe/getaddrinfo, but it return any garbled text, how to get plaintext?
using golang cilium/ebpf
the uretprobe.c
#include "common.h"
#include "bpf_helpers.h"
#include "bpf_tracing.h"
char __license[] SEC("license") = "Dual MIT/GPL";
struct event {
u32 pid;
u8 comm[16];
u8 host[80];
};
struct {
// __uint(type, BPF_MAP_TYPE_RINGBUF);
// __uint(max_entries, 256 * 1024 /* 256 KB */);
__uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
} events SEC(".maps");
struct event *unused __attribute__((unused));
SEC("uretprobe/getaddrinfo")
int getaddrinfo_return(struct pt_regs *ctx)
{
struct event event = {};
u64 pid_tgid = bpf_get_current_pid_tgid();
u32 pid = pid_tgid >> 32;
u32 tid = (u32)pid_tgid;
bpf_probe_read(&event.host, sizeof(event.host),
(void *)PT_REGS_PARM1(ctx));
bpf_get_current_comm(&event.comm, 16);
event.pid = pid;
bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, &event, sizeof(event));
return 0;
}the main.go and log print
//go:generate go run github.com/cilium/ebpf/cmd/bpf2go -cc $BPF_CLANG -cflags $BPF_CFLAGS --target=amd64 -type event bpf uretprobe.c -- -I../headers
binPath = "/lib/x86_64-linux-gnu/libc.so.6"
symbol = "getaddrinfo"
log.Printf("%s:%s return value:%d - %16s - %80s", binPath, symbol, event.Pid, event.Comm, event.Host,)
2022/09/18 08:47:24 /lib/x86_64-linux-gnu/libc.so.6:getaddrinfo return value:1460362 - curl - *P���qsʀv�Y��sqU\�W�� sqU�a���]�W�U�Y�Thank you in advance.
Solution
This question is not yet answered, be the first one who answer using the comment. Later the confirmed answer will be published as the solution.
This Question and Answer are collected from stackoverflow and tested by JTuto community, is licensed under the terms of CC BY-SA 2.5. - CC BY-SA 3.0. - CC BY-SA 4.0.