diff options
| author | Paul Buetow <paul@buetow.org> | 2025-03-28 22:08:14 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2025-03-28 22:08:14 +0200 |
| commit | 34e1d043743c9f6881d57b8a072c5489c78a8197 (patch) | |
| tree | 817d069272a93eb808f85086b7aa422af81d4e9f | |
| parent | 6733f393a71d8282fce2d459af45691830de139e (diff) | |
creat opens a new file
| -rw-r--r-- | internal/c/generate_tracepoints_c.raku | 1 | ||||
| -rw-r--r-- | internal/eventloop.go | 24 |
2 files changed, 13 insertions, 12 deletions
diff --git a/internal/c/generate_tracepoints_c.raku b/internal/c/generate_tracepoints_c.raku index 395720a..3e8b03e 100644 --- a/internal/c/generate_tracepoints_c.raku +++ b/internal/c/generate_tracepoints_c.raku @@ -2,7 +2,6 @@ use v6.d; -# TODO: check for the *stat* family sysalls, there might be more not yet traced, e.g. ones with pathnames. Check also all other syscalls whether they are I/O or not. Make this script to alert when there is a new uncaptured syscall tracepoint! # TODO: Also add sys_enter_open_by_handler_at # TOOD: creat is an open_event? diff --git a/internal/eventloop.go b/internal/eventloop.go index cd72827..b2392ab 100644 --- a/internal/eventloop.go +++ b/internal/eventloop.go @@ -208,18 +208,11 @@ func (e *eventLoop) syscallExit(exitEv event.Event, ch chan<- *event.Pair) { switch v := ev.EnterEv.(type) { case *OpenEvent: openEv := ev.EnterEv.(*OpenEvent) - - fd := int32(ev.ExitEv.(*RetEvent).Ret) - file := file.NewFd(fd, openEv.Filename[:], v.Flags) - if file.Flags == -1 { - // Issue here is that some open_event's aren't really open_event's - // need to double check all tracepoints - fmt.Println("DEBUG with -1 flags", openEv, file) - } - if fd >= 0 { + if fd := int32(ev.ExitEv.(*RetEvent).Ret); fd >= 0 { + file := file.NewFd(fd, openEv.Filename[:], v.Flags) e.files[fd] = file + ev.File = file } - ev.File = file e.comms[openEv.Tid] = string(openEv.Comm[:]) case *NameEvent: @@ -229,7 +222,16 @@ func (e *eventLoop) syscallExit(exitEv event.Event, ch chan<- *event.Pair) { case *PathEvent: nameEvent := ev.EnterEv.(*PathEvent) - ev.File = file.NewPathname(nameEvent.Pathname[:]) + if ev.Is(SYS_ENTER_CREAT) { + if fd := int32(ev.ExitEv.(*RetEvent).Ret); fd >= 0 { + file := file.NewFd(fd, nameEvent.Pathname[:], + syscall.O_CREAT|syscall.O_WRONLY|syscall.O_TRUNC) + e.files[fd] = file + ev.File = file + } + } else { + ev.File = file.NewPathname(nameEvent.Pathname[:]) + } ev.Comm = e.comm(ev.EnterEv.GetTid()) case *FdEvent: |