Add ktime

examples/c-form/ex4.bpf.c

@@ -33,7 +33,7 @@ long hello_again(void *ctx) {
         u64 delta = bpf_ktime_get_ns() - *tsp;
         if (delta < 1000000000) {
             // output if time is less than 1 second
-            bpf_trace_printk("%d\\n", delta / 1000000);
+            bpf_printk("execve called within last second");
         }
         bpf_map_delete_elem(&last, &key);
     }

examples/execve2.py

@@ -1,6 +1,6 @@
 from pythonbpf.decorators import bpf, map, section, bpfglobal
 from ctypes import c_void_p, c_int64, c_int32, c_uint64
-from pythonbpf.helpers import bpf_ktime_get_ns
+from pythonbpf.helpers import ktime
 from pythonbpf.maps import HashMap
 
 
@@ -9,6 +9,7 @@ from pythonbpf.maps import HashMap
 def last() -> HashMap:
     return HashMap(key_type=c_uint64, value_type=c_uint64, max_entries=1)
 
+
 @bpf
 @section("tracepoint/syscalls/sys_enter_execve")
 def hello(ctx: c_void_p) -> c_int32:
@@ -24,9 +25,10 @@ def hello_again(ctx: c_void_p) -> c_int64:
     key = 0
     tsp = last().lookup(key)
     print(tsp)
-    ts = bpf_ktime_get_ns()
+    ktime()
     return c_int64(0)
 
+
 @bpf
 @bpfglobal
 def LICENSE() -> str:

pythonbpf/bpf_helper_handler.py

@@ -3,7 +3,15 @@ from llvmlite import ir
 
 
 def bpf_ktime_get_ns_emitter(call, module, builder, func):
-    pass
+    """
+    Emit LLVM IR for bpf_ktime_get_ns helper function call.
+    """
+    helper_id = ir.Constant(ir.IntType(64), 5)
+    fn_type = ir.FunctionType(ir.IntType(64), [], var_arg=False)
+    fn_ptr_type = ir.PointerType(fn_type)
+    fn_ptr = builder.inttoptr(helper_id, fn_ptr_type)
+    result = builder.call(fn_ptr, [], tail=False)
+    return result
 
 
 def bpf_map_lookup_elem_emitter(map_ptr, key_ptr, module, builder):
@@ -62,3 +70,14 @@ def bpf_printk_emitter(call, module, builder, func):
 
             builder.call(fn_ptr, [fmt_ptr, ir.Constant(
                 ir.IntType(32), len(fmt_str))], tail=True)
+
+
+helper_func_list = {
+    "lookup": bpf_map_lookup_elem_emitter,
+    "print": bpf_printk_emitter,
+    "ktime": bpf_ktime_get_ns_emitter,
+}
+
+
+def handle_helper_call(call, module, builder, func):
+    return None

pythonbpf/functions_pass.py

@@ -123,7 +123,7 @@ def process_func_body(module, builder, func_node, func, ret_type, map_sym_tab):
             call = stmt.value
             if isinstance(call.func, ast.Name) and call.func.id == "print":
                 bpf_printk_emitter(call, module, builder, func)
-            if isinstance(call.func, ast.Name) and call.func.id == "bpf_ktime_get_ns":
+            if isinstance(call.func, ast.Name) and call.func.id == "ktime":
                 bpf_ktime_get_ns_emitter(call, module, builder, func)
         elif isinstance(stmt, ast.Assign):
             handle_assign(module, builder, stmt, map_sym_tab, local_sym_tab)

pythonbpf/helpers.py

@@ -1,4 +1,5 @@
 import ctypes
 
-def bpf_ktime_get_ns():
+
+def ktime():
     return ctypes.c_int64(0)