1*387f9dfdSAndroid Build Coastguard Worker#!/usr/bin/env python 2*387f9dfdSAndroid Build Coastguard Worker# @lint-avoid-python-3-compatibility-imports 3*387f9dfdSAndroid Build Coastguard Worker# 4*387f9dfdSAndroid Build Coastguard Worker# tcpaccept Trace TCP accept()s. 5*387f9dfdSAndroid Build Coastguard Worker# For Linux, uses BCC, eBPF. Embedded C. 6*387f9dfdSAndroid Build Coastguard Worker# 7*387f9dfdSAndroid Build Coastguard Worker# USAGE: tcpaccept [-h] [-T] [-t] [-p PID] [-P PORTS] [-4 | -6] 8*387f9dfdSAndroid Build Coastguard Worker# 9*387f9dfdSAndroid Build Coastguard Worker# This uses dynamic tracing of the kernel inet_csk_accept() socket function 10*387f9dfdSAndroid Build Coastguard Worker# (from tcp_prot.accept), and will need to be modified to match kernel changes. 11*387f9dfdSAndroid Build Coastguard Worker# 12*387f9dfdSAndroid Build Coastguard Worker# Copyright (c) 2015 Brendan Gregg. 13*387f9dfdSAndroid Build Coastguard Worker# Licensed under the Apache License, Version 2.0 (the "License") 14*387f9dfdSAndroid Build Coastguard Worker# 15*387f9dfdSAndroid Build Coastguard Worker# 13-Oct-2015 Brendan Gregg Created this. 16*387f9dfdSAndroid Build Coastguard Worker# 14-Feb-2016 " " Switch to bpf_perf_output. 17*387f9dfdSAndroid Build Coastguard Worker 18*387f9dfdSAndroid Build Coastguard Workerfrom __future__ import print_function 19*387f9dfdSAndroid Build Coastguard Workerfrom bcc.containers import filter_by_containers 20*387f9dfdSAndroid Build Coastguard Workerfrom bcc import BPF 21*387f9dfdSAndroid Build Coastguard Workerfrom socket import inet_ntop, AF_INET, AF_INET6 22*387f9dfdSAndroid Build Coastguard Workerfrom struct import pack 23*387f9dfdSAndroid Build Coastguard Workerimport argparse 24*387f9dfdSAndroid Build Coastguard Workerfrom bcc.utils import printb 25*387f9dfdSAndroid Build Coastguard Workerfrom time import strftime 26*387f9dfdSAndroid Build Coastguard Worker 27*387f9dfdSAndroid Build Coastguard Worker# arguments 28*387f9dfdSAndroid Build Coastguard Workerexamples = """examples: 29*387f9dfdSAndroid Build Coastguard Worker ./tcpaccept # trace all TCP accept()s 30*387f9dfdSAndroid Build Coastguard Worker ./tcpaccept -t # include timestamps 31*387f9dfdSAndroid Build Coastguard Worker ./tcpaccept -P 80,81 # only trace port 80 and 81 32*387f9dfdSAndroid Build Coastguard Worker ./tcpaccept -p 181 # only trace PID 181 33*387f9dfdSAndroid Build Coastguard Worker ./tcpaccept --cgroupmap mappath # only trace cgroups in this BPF map 34*387f9dfdSAndroid Build Coastguard Worker ./tcpaccept --mntnsmap mappath # only trace mount namespaces in the map 35*387f9dfdSAndroid Build Coastguard Worker ./tcpaccept -4 # trace IPv4 family 36*387f9dfdSAndroid Build Coastguard Worker ./tcpaccept -6 # trace IPv6 family 37*387f9dfdSAndroid Build Coastguard Worker""" 38*387f9dfdSAndroid Build Coastguard Workerparser = argparse.ArgumentParser( 39*387f9dfdSAndroid Build Coastguard Worker description="Trace TCP accepts", 40*387f9dfdSAndroid Build Coastguard Worker formatter_class=argparse.RawDescriptionHelpFormatter, 41*387f9dfdSAndroid Build Coastguard Worker epilog=examples) 42*387f9dfdSAndroid Build Coastguard Workerparser.add_argument("-T", "--time", action="store_true", 43*387f9dfdSAndroid Build Coastguard Worker help="include time column on output (HH:MM:SS)") 44*387f9dfdSAndroid Build Coastguard Workerparser.add_argument("-t", "--timestamp", action="store_true", 45*387f9dfdSAndroid Build Coastguard Worker help="include timestamp on output") 46*387f9dfdSAndroid Build Coastguard Workerparser.add_argument("-p", "--pid", 47*387f9dfdSAndroid Build Coastguard Worker help="trace this PID only") 48*387f9dfdSAndroid Build Coastguard Workerparser.add_argument("-P", "--port", 49*387f9dfdSAndroid Build Coastguard Worker help="comma-separated list of local ports to trace") 50*387f9dfdSAndroid Build Coastguard Workergroup = parser.add_mutually_exclusive_group() 51*387f9dfdSAndroid Build Coastguard Workergroup.add_argument("-4", "--ipv4", action="store_true", 52*387f9dfdSAndroid Build Coastguard Worker help="trace IPv4 family only") 53*387f9dfdSAndroid Build Coastguard Workergroup.add_argument("-6", "--ipv6", action="store_true", 54*387f9dfdSAndroid Build Coastguard Worker help="trace IPv6 family only") 55*387f9dfdSAndroid Build Coastguard Workerparser.add_argument("--cgroupmap", 56*387f9dfdSAndroid Build Coastguard Worker help="trace cgroups in this BPF map only") 57*387f9dfdSAndroid Build Coastguard Workerparser.add_argument("--mntnsmap", 58*387f9dfdSAndroid Build Coastguard Worker help="trace mount namespaces in this BPF map only") 59*387f9dfdSAndroid Build Coastguard Workerparser.add_argument("--ebpf", action="store_true", 60*387f9dfdSAndroid Build Coastguard Worker help=argparse.SUPPRESS) 61*387f9dfdSAndroid Build Coastguard Workerargs = parser.parse_args() 62*387f9dfdSAndroid Build Coastguard Workerdebug = 0 63*387f9dfdSAndroid Build Coastguard Worker 64*387f9dfdSAndroid Build Coastguard Worker# define BPF program 65*387f9dfdSAndroid Build Coastguard Workerbpf_text = """ 66*387f9dfdSAndroid Build Coastguard Worker#include <uapi/linux/ptrace.h> 67*387f9dfdSAndroid Build Coastguard Worker#include <net/sock.h> 68*387f9dfdSAndroid Build Coastguard Worker#include <bcc/proto.h> 69*387f9dfdSAndroid Build Coastguard Worker 70*387f9dfdSAndroid Build Coastguard Worker// separate data structs for ipv4 and ipv6 71*387f9dfdSAndroid Build Coastguard Workerstruct ipv4_data_t { 72*387f9dfdSAndroid Build Coastguard Worker u64 ts_us; 73*387f9dfdSAndroid Build Coastguard Worker u32 pid; 74*387f9dfdSAndroid Build Coastguard Worker u32 saddr; 75*387f9dfdSAndroid Build Coastguard Worker u32 daddr; 76*387f9dfdSAndroid Build Coastguard Worker u64 ip; 77*387f9dfdSAndroid Build Coastguard Worker u16 lport; 78*387f9dfdSAndroid Build Coastguard Worker u16 dport; 79*387f9dfdSAndroid Build Coastguard Worker char task[TASK_COMM_LEN]; 80*387f9dfdSAndroid Build Coastguard Worker}; 81*387f9dfdSAndroid Build Coastguard WorkerBPF_PERF_OUTPUT(ipv4_events); 82*387f9dfdSAndroid Build Coastguard Worker 83*387f9dfdSAndroid Build Coastguard Workerstruct ipv6_data_t { 84*387f9dfdSAndroid Build Coastguard Worker u64 ts_us; 85*387f9dfdSAndroid Build Coastguard Worker u32 pid; 86*387f9dfdSAndroid Build Coastguard Worker unsigned __int128 saddr; 87*387f9dfdSAndroid Build Coastguard Worker unsigned __int128 daddr; 88*387f9dfdSAndroid Build Coastguard Worker u64 ip; 89*387f9dfdSAndroid Build Coastguard Worker u16 lport; 90*387f9dfdSAndroid Build Coastguard Worker u16 dport; 91*387f9dfdSAndroid Build Coastguard Worker char task[TASK_COMM_LEN]; 92*387f9dfdSAndroid Build Coastguard Worker}; 93*387f9dfdSAndroid Build Coastguard WorkerBPF_PERF_OUTPUT(ipv6_events); 94*387f9dfdSAndroid Build Coastguard Worker""" 95*387f9dfdSAndroid Build Coastguard Worker 96*387f9dfdSAndroid Build Coastguard Worker# 97*387f9dfdSAndroid Build Coastguard Worker# The following code uses kprobes to instrument inet_csk_accept(). 98*387f9dfdSAndroid Build Coastguard Worker# On Linux 4.16 and later, we could use sock:inet_sock_set_state 99*387f9dfdSAndroid Build Coastguard Worker# tracepoint for efficiency, but it may output wrong PIDs. This is 100*387f9dfdSAndroid Build Coastguard Worker# because sock:inet_sock_set_state may run outside of process context. 101*387f9dfdSAndroid Build Coastguard Worker# Hence, we stick to kprobes until we find a proper solution. 102*387f9dfdSAndroid Build Coastguard Worker# 103*387f9dfdSAndroid Build Coastguard Workerbpf_text_kprobe = """ 104*387f9dfdSAndroid Build Coastguard Workerint kretprobe__inet_csk_accept(struct pt_regs *ctx) 105*387f9dfdSAndroid Build Coastguard Worker{ 106*387f9dfdSAndroid Build Coastguard Worker if (container_should_be_filtered()) { 107*387f9dfdSAndroid Build Coastguard Worker return 0; 108*387f9dfdSAndroid Build Coastguard Worker } 109*387f9dfdSAndroid Build Coastguard Worker 110*387f9dfdSAndroid Build Coastguard Worker struct sock *newsk = (struct sock *)PT_REGS_RC(ctx); 111*387f9dfdSAndroid Build Coastguard Worker u32 pid = bpf_get_current_pid_tgid() >> 32; 112*387f9dfdSAndroid Build Coastguard Worker 113*387f9dfdSAndroid Build Coastguard Worker ##FILTER_PID## 114*387f9dfdSAndroid Build Coastguard Worker 115*387f9dfdSAndroid Build Coastguard Worker if (newsk == NULL) 116*387f9dfdSAndroid Build Coastguard Worker return 0; 117*387f9dfdSAndroid Build Coastguard Worker 118*387f9dfdSAndroid Build Coastguard Worker // check this is TCP 119*387f9dfdSAndroid Build Coastguard Worker u16 protocol = 0; 120*387f9dfdSAndroid Build Coastguard Worker // workaround for reading the sk_protocol bitfield: 121*387f9dfdSAndroid Build Coastguard Worker 122*387f9dfdSAndroid Build Coastguard Worker // Following comments add by Joe Yin: 123*387f9dfdSAndroid Build Coastguard Worker // Unfortunately,it can not work since Linux 4.10, 124*387f9dfdSAndroid Build Coastguard Worker // because the sk_wmem_queued is not following the bitfield of sk_protocol. 125*387f9dfdSAndroid Build Coastguard Worker // And the following member is sk_gso_max_segs. 126*387f9dfdSAndroid Build Coastguard Worker // So, we can use this: 127*387f9dfdSAndroid Build Coastguard Worker // bpf_probe_read_kernel(&protocol, 1, (void *)((u64)&newsk->sk_gso_max_segs) - 3); 128*387f9dfdSAndroid Build Coastguard Worker // In order to diff the pre-4.10 and 4.10+ ,introduce the variables gso_max_segs_offset,sk_lingertime, 129*387f9dfdSAndroid Build Coastguard Worker // sk_lingertime is closed to the gso_max_segs_offset,and 130*387f9dfdSAndroid Build Coastguard Worker // the offset between the two members is 4 131*387f9dfdSAndroid Build Coastguard Worker 132*387f9dfdSAndroid Build Coastguard Worker int gso_max_segs_offset = offsetof(struct sock, sk_gso_max_segs); 133*387f9dfdSAndroid Build Coastguard Worker int sk_lingertime_offset = offsetof(struct sock, sk_lingertime); 134*387f9dfdSAndroid Build Coastguard Worker 135*387f9dfdSAndroid Build Coastguard Worker 136*387f9dfdSAndroid Build Coastguard Worker // Since kernel v5.6 sk_protocol is its own u16 field and gso_max_segs 137*387f9dfdSAndroid Build Coastguard Worker // precedes sk_lingertime. 138*387f9dfdSAndroid Build Coastguard Worker if (sk_lingertime_offset - gso_max_segs_offset == 2) 139*387f9dfdSAndroid Build Coastguard Worker protocol = newsk->sk_protocol; 140*387f9dfdSAndroid Build Coastguard Worker else if (sk_lingertime_offset - gso_max_segs_offset == 4) 141*387f9dfdSAndroid Build Coastguard Worker // 4.10+ with little endian 142*387f9dfdSAndroid Build Coastguard Worker#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ 143*387f9dfdSAndroid Build Coastguard Worker protocol = *(u8 *)((u64)&newsk->sk_gso_max_segs - 3); 144*387f9dfdSAndroid Build Coastguard Worker else 145*387f9dfdSAndroid Build Coastguard Worker // pre-4.10 with little endian 146*387f9dfdSAndroid Build Coastguard Worker protocol = *(u8 *)((u64)&newsk->sk_wmem_queued - 3); 147*387f9dfdSAndroid Build Coastguard Worker#elif __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ 148*387f9dfdSAndroid Build Coastguard Worker // 4.10+ with big endian 149*387f9dfdSAndroid Build Coastguard Worker protocol = *(u8 *)((u64)&newsk->sk_gso_max_segs - 1); 150*387f9dfdSAndroid Build Coastguard Worker else 151*387f9dfdSAndroid Build Coastguard Worker // pre-4.10 with big endian 152*387f9dfdSAndroid Build Coastguard Worker protocol = *(u8 *)((u64)&newsk->sk_wmem_queued - 1); 153*387f9dfdSAndroid Build Coastguard Worker#else 154*387f9dfdSAndroid Build Coastguard Worker# error "Fix your compiler's __BYTE_ORDER__?!" 155*387f9dfdSAndroid Build Coastguard Worker#endif 156*387f9dfdSAndroid Build Coastguard Worker 157*387f9dfdSAndroid Build Coastguard Worker if (protocol != IPPROTO_TCP) 158*387f9dfdSAndroid Build Coastguard Worker return 0; 159*387f9dfdSAndroid Build Coastguard Worker 160*387f9dfdSAndroid Build Coastguard Worker // pull in details 161*387f9dfdSAndroid Build Coastguard Worker u16 family = 0, lport = 0, dport; 162*387f9dfdSAndroid Build Coastguard Worker family = newsk->__sk_common.skc_family; 163*387f9dfdSAndroid Build Coastguard Worker lport = newsk->__sk_common.skc_num; 164*387f9dfdSAndroid Build Coastguard Worker dport = newsk->__sk_common.skc_dport; 165*387f9dfdSAndroid Build Coastguard Worker dport = ntohs(dport); 166*387f9dfdSAndroid Build Coastguard Worker 167*387f9dfdSAndroid Build Coastguard Worker ##FILTER_FAMILY## 168*387f9dfdSAndroid Build Coastguard Worker 169*387f9dfdSAndroid Build Coastguard Worker ##FILTER_PORT## 170*387f9dfdSAndroid Build Coastguard Worker 171*387f9dfdSAndroid Build Coastguard Worker if (family == AF_INET) { 172*387f9dfdSAndroid Build Coastguard Worker struct ipv4_data_t data4 = {.pid = pid, .ip = 4}; 173*387f9dfdSAndroid Build Coastguard Worker data4.ts_us = bpf_ktime_get_ns() / 1000; 174*387f9dfdSAndroid Build Coastguard Worker data4.saddr = newsk->__sk_common.skc_rcv_saddr; 175*387f9dfdSAndroid Build Coastguard Worker data4.daddr = newsk->__sk_common.skc_daddr; 176*387f9dfdSAndroid Build Coastguard Worker data4.lport = lport; 177*387f9dfdSAndroid Build Coastguard Worker data4.dport = dport; 178*387f9dfdSAndroid Build Coastguard Worker bpf_get_current_comm(&data4.task, sizeof(data4.task)); 179*387f9dfdSAndroid Build Coastguard Worker ipv4_events.perf_submit(ctx, &data4, sizeof(data4)); 180*387f9dfdSAndroid Build Coastguard Worker 181*387f9dfdSAndroid Build Coastguard Worker } else if (family == AF_INET6) { 182*387f9dfdSAndroid Build Coastguard Worker struct ipv6_data_t data6 = {.pid = pid, .ip = 6}; 183*387f9dfdSAndroid Build Coastguard Worker data6.ts_us = bpf_ktime_get_ns() / 1000; 184*387f9dfdSAndroid Build Coastguard Worker bpf_probe_read_kernel(&data6.saddr, sizeof(data6.saddr), 185*387f9dfdSAndroid Build Coastguard Worker &newsk->__sk_common.skc_v6_rcv_saddr.in6_u.u6_addr32); 186*387f9dfdSAndroid Build Coastguard Worker bpf_probe_read_kernel(&data6.daddr, sizeof(data6.daddr), 187*387f9dfdSAndroid Build Coastguard Worker &newsk->__sk_common.skc_v6_daddr.in6_u.u6_addr32); 188*387f9dfdSAndroid Build Coastguard Worker data6.lport = lport; 189*387f9dfdSAndroid Build Coastguard Worker data6.dport = dport; 190*387f9dfdSAndroid Build Coastguard Worker bpf_get_current_comm(&data6.task, sizeof(data6.task)); 191*387f9dfdSAndroid Build Coastguard Worker ipv6_events.perf_submit(ctx, &data6, sizeof(data6)); 192*387f9dfdSAndroid Build Coastguard Worker } 193*387f9dfdSAndroid Build Coastguard Worker // else drop 194*387f9dfdSAndroid Build Coastguard Worker 195*387f9dfdSAndroid Build Coastguard Worker return 0; 196*387f9dfdSAndroid Build Coastguard Worker} 197*387f9dfdSAndroid Build Coastguard Worker""" 198*387f9dfdSAndroid Build Coastguard Worker 199*387f9dfdSAndroid Build Coastguard Workerbpf_text += bpf_text_kprobe 200*387f9dfdSAndroid Build Coastguard Worker 201*387f9dfdSAndroid Build Coastguard Worker# code substitutions 202*387f9dfdSAndroid Build Coastguard Workerif args.pid: 203*387f9dfdSAndroid Build Coastguard Worker bpf_text = bpf_text.replace('##FILTER_PID##', 204*387f9dfdSAndroid Build Coastguard Worker 'if (pid != %s) { return 0; }' % args.pid) 205*387f9dfdSAndroid Build Coastguard Workerelse: 206*387f9dfdSAndroid Build Coastguard Worker bpf_text = bpf_text.replace('##FILTER_PID##', '') 207*387f9dfdSAndroid Build Coastguard Workerif args.port: 208*387f9dfdSAndroid Build Coastguard Worker lports = [int(lport) for lport in args.port.split(',')] 209*387f9dfdSAndroid Build Coastguard Worker lports_if = ' && '.join(['lport != %d' % lport for lport in lports]) 210*387f9dfdSAndroid Build Coastguard Worker bpf_text = bpf_text.replace('##FILTER_PORT##', 211*387f9dfdSAndroid Build Coastguard Worker 'if (%s) { return 0; }' % lports_if) 212*387f9dfdSAndroid Build Coastguard Workerif args.ipv4: 213*387f9dfdSAndroid Build Coastguard Worker bpf_text = bpf_text.replace('##FILTER_FAMILY##', 214*387f9dfdSAndroid Build Coastguard Worker 'if (family != AF_INET) { return 0; }') 215*387f9dfdSAndroid Build Coastguard Workerelif args.ipv6: 216*387f9dfdSAndroid Build Coastguard Worker bpf_text = bpf_text.replace('##FILTER_FAMILY##', 217*387f9dfdSAndroid Build Coastguard Worker 'if (family != AF_INET6) { return 0; }') 218*387f9dfdSAndroid Build Coastguard Worker 219*387f9dfdSAndroid Build Coastguard Workerbpf_text = filter_by_containers(args) + bpf_text 220*387f9dfdSAndroid Build Coastguard Workerif debug or args.ebpf: 221*387f9dfdSAndroid Build Coastguard Worker print(bpf_text) 222*387f9dfdSAndroid Build Coastguard Worker if args.ebpf: 223*387f9dfdSAndroid Build Coastguard Worker exit() 224*387f9dfdSAndroid Build Coastguard Worker 225*387f9dfdSAndroid Build Coastguard Workerbpf_text = bpf_text.replace('##FILTER_PORT##', '') 226*387f9dfdSAndroid Build Coastguard Workerbpf_text = bpf_text.replace('##FILTER_FAMILY##', '') 227*387f9dfdSAndroid Build Coastguard Worker 228*387f9dfdSAndroid Build Coastguard Worker# process event 229*387f9dfdSAndroid Build Coastguard Workerdef print_ipv4_event(cpu, data, size): 230*387f9dfdSAndroid Build Coastguard Worker event = b["ipv4_events"].event(data) 231*387f9dfdSAndroid Build Coastguard Worker global start_ts 232*387f9dfdSAndroid Build Coastguard Worker if args.time: 233*387f9dfdSAndroid Build Coastguard Worker printb(b"%-9s" % strftime("%H:%M:%S").encode('ascii'), nl="") 234*387f9dfdSAndroid Build Coastguard Worker if args.timestamp: 235*387f9dfdSAndroid Build Coastguard Worker if start_ts == 0: 236*387f9dfdSAndroid Build Coastguard Worker start_ts = event.ts_us 237*387f9dfdSAndroid Build Coastguard Worker printb(b"%-9.3f" % ((float(event.ts_us) - start_ts) / 1000000), nl="") 238*387f9dfdSAndroid Build Coastguard Worker printb(b"%-7d %-12.12s %-2d %-16s %-5d %-16s %-5d" % (event.pid, 239*387f9dfdSAndroid Build Coastguard Worker event.task, event.ip, 240*387f9dfdSAndroid Build Coastguard Worker inet_ntop(AF_INET, pack("I", event.daddr)).encode(), 241*387f9dfdSAndroid Build Coastguard Worker event.dport, 242*387f9dfdSAndroid Build Coastguard Worker inet_ntop(AF_INET, pack("I", event.saddr)).encode(), 243*387f9dfdSAndroid Build Coastguard Worker event.lport)) 244*387f9dfdSAndroid Build Coastguard Worker 245*387f9dfdSAndroid Build Coastguard Workerdef print_ipv6_event(cpu, data, size): 246*387f9dfdSAndroid Build Coastguard Worker event = b["ipv6_events"].event(data) 247*387f9dfdSAndroid Build Coastguard Worker global start_ts 248*387f9dfdSAndroid Build Coastguard Worker if args.time: 249*387f9dfdSAndroid Build Coastguard Worker printb(b"%-9s" % strftime("%H:%M:%S").encode('ascii'), nl="") 250*387f9dfdSAndroid Build Coastguard Worker if args.timestamp: 251*387f9dfdSAndroid Build Coastguard Worker if start_ts == 0: 252*387f9dfdSAndroid Build Coastguard Worker start_ts = event.ts_us 253*387f9dfdSAndroid Build Coastguard Worker printb(b"%-9.3f" % ((float(event.ts_us) - start_ts) / 1000000), nl="") 254*387f9dfdSAndroid Build Coastguard Worker printb(b"%-7d %-12.12s %-2d %-16s %-5d %-16s %-5d" % (event.pid, 255*387f9dfdSAndroid Build Coastguard Worker event.task, event.ip, 256*387f9dfdSAndroid Build Coastguard Worker inet_ntop(AF_INET6, event.daddr).encode(), 257*387f9dfdSAndroid Build Coastguard Worker event.dport, 258*387f9dfdSAndroid Build Coastguard Worker inet_ntop(AF_INET6, event.saddr).encode(), 259*387f9dfdSAndroid Build Coastguard Worker event.lport)) 260*387f9dfdSAndroid Build Coastguard Worker 261*387f9dfdSAndroid Build Coastguard Worker# initialize BPF 262*387f9dfdSAndroid Build Coastguard Workerb = BPF(text=bpf_text) 263*387f9dfdSAndroid Build Coastguard Worker 264*387f9dfdSAndroid Build Coastguard Worker# header 265*387f9dfdSAndroid Build Coastguard Workerif args.time: 266*387f9dfdSAndroid Build Coastguard Worker print("%-9s" % ("TIME"), end="") 267*387f9dfdSAndroid Build Coastguard Workerif args.timestamp: 268*387f9dfdSAndroid Build Coastguard Worker print("%-9s" % ("TIME(s)"), end="") 269*387f9dfdSAndroid Build Coastguard Workerprint("%-7s %-12s %-2s %-16s %-5s %-16s %-5s" % ("PID", "COMM", "IP", "RADDR", 270*387f9dfdSAndroid Build Coastguard Worker "RPORT", "LADDR", "LPORT")) 271*387f9dfdSAndroid Build Coastguard Worker 272*387f9dfdSAndroid Build Coastguard Workerstart_ts = 0 273*387f9dfdSAndroid Build Coastguard Worker 274*387f9dfdSAndroid Build Coastguard Worker# read events 275*387f9dfdSAndroid Build Coastguard Workerb["ipv4_events"].open_perf_buffer(print_ipv4_event) 276*387f9dfdSAndroid Build Coastguard Workerb["ipv6_events"].open_perf_buffer(print_ipv6_event) 277*387f9dfdSAndroid Build Coastguard Workerwhile 1: 278*387f9dfdSAndroid Build Coastguard Worker try: 279*387f9dfdSAndroid Build Coastguard Worker b.perf_buffer_poll() 280*387f9dfdSAndroid Build Coastguard Worker except KeyboardInterrupt: 281*387f9dfdSAndroid Build Coastguard Worker exit() 282