c - 与套接字相关的 BPF 的“输入”是什么?
问题描述
目前,我正在使用以下代码收听 NETLINK_KOBJECT_UEVENT 消息:
union UeventBuffer {
struct nlmsghdr netlink_header;
char raw[8192];
};
int sock = socket(PF_NETLINK, SOCK_RAW | SOCK_NONBLOCK, NETLINK_KOBJECT_UEVENT);
struct sockaddr_nl addr = {};
addr.nl_family = AF_NETLINK;
addr.nl_groups = 1 << 0;
bind(sock, (struct sockaddr *)&addr, sizeof(addr));
UeventBuffer buf = {};
struct iovec iov = {};
iov.iov_base = &buf;
iov.iov_len = sizeof(buf);
struct msghdr msg = {};
struct sockaddr_nl src_addr = {};
msg.msg_name = &src_addr;
msg.msg_namelen = sizeof(src_addr);
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
int bytes = recvmsg(sock, &msg, 0);
char *buf_str = buf.raw;
// parse this buf_str ...
示例buf_str
是:
add@/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2.4/1-2.4:1.0
add@/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2.4/1-2.4:1.0/input/input38
add@/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2.4/1-2.4:1.0/input/input38/event14
add@/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2.4/1-2.4:1.0/input/input38/js0
bind@/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2.4/1-2.4:1.0
add@/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2.4/1-2.4:1.1
add@/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2.4/1-2.4:1.2
bind@/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2.4
add@/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2.2
change@/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2.2
我考虑过使用 BPF 过滤以buf_str
结尾/eventXX
但是,我不明白 BPF 的输入是什么。在内核示例中,BPF 指令在哪些数据上运行?我会把它传递buf_str
给 BPF 吗?如果是这样,怎么做?
解决方案
推荐阅读
- c - 为什么我一直覆盖我在链接列表中指向的内容?
- powershell - PowerShell:使用前/后块的纠缠单元测试
- ios - React Native 推送通知 iOS - 待处理通知的数量
- php - Laravel json 解析响应()->json()
- assembly - 汇编编程错误:语法错误:指令中;结构字段中的语法错误
- javascript - jQuery将元素附加到对象数组
- jquery - JQueryUI DatePicker 的问题
- javascript - Promise {pending},异步,等待Javascript
- mongodb - Mongodb - 在相应集合上查找触发器列表
- c++ - 使用成员函数创建 std::function 无法编译