diff options
| author | Paul Buetow <paul@buetow.org> | 2024-02-24 13:45:45 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2024-02-26 00:46:47 +0200 |
| commit | 4da5a26edd1046872fd9dc4de767389c6385e2b9 (patch) | |
| tree | 97c261a9ca3b133e4709890a5fd039b677807b69 | |
| parent | 306ebf54a2f270f1cbdf1307ad4c860caad579a9 (diff) | |
initial BPF C code generation based on debugfs
| -rw-r--r-- | Makefile | 1 | ||||
| -rw-r--r-- | internal/c/generated/Makefile | 9 | ||||
| -rw-r--r-- | internal/c/generated/tracepoints.c | 1096 | ||||
| -rw-r--r-- | internal/c/generated/tracepoints.raku | 117 | ||||
| -rw-r--r-- | internal/c/ioriotng.bpf.c | 5 | ||||
| -rw-r--r-- | internal/generated/tracepoints.raku | 2 | ||||
| -rw-r--r-- | internal/generated/tracepoints/tracepoints.go | 2 |
7 files changed, 1231 insertions, 1 deletions
@@ -17,6 +17,7 @@ generate: generated .PHONY: generated generated: + #make -C ./internal/c/generated make -C ./internal/generated .PHONY: gobuild diff --git a/internal/c/generated/Makefile b/internal/c/generated/Makefile new file mode 100644 index 0000000..16a1c4e --- /dev/null +++ b/internal/c/generated/Makefile @@ -0,0 +1,9 @@ +all: generate + +generate: tracepoints + +.PHONY: tracepoints +tracepoints: + sudo sh -c 'cat /sys/kernel/tracing/events/syscalls/sys_{enter,exit}_*/format' \ + | raku tracepoints.raku > ./tracepoints.c + diff --git a/internal/c/generated/tracepoints.c b/internal/c/generated/tracepoints.c new file mode 100644 index 0000000..1cbb4e6 --- /dev/null +++ b/internal/c/generated/tracepoints.c @@ -0,0 +1,1096 @@ +// Code generated - don't change manually! + +#define SYS_ENTER_PREAD64 757 +#define SYS_EXIT_PREAD64 756 +#define SYS_ENTER_FCHDIR 723 +#define SYS_EXIT_FCHDIR 722 +#define SYS_ENTER_WRITE 759 +#define SYS_EXIT_WRITE 758 +#define SYS_ENTER_FDATASYNC 917 +#define SYS_EXIT_FDATASYNC 916 +#define SYS_ENTER_CLOSE 695 +#define SYS_EXIT_CLOSE 694 +#define SYS_ENTER_FTRUNCATE 735 +#define SYS_EXIT_FTRUNCATE 734 +#define SYS_ENTER_FSYNC 919 +#define SYS_EXIT_FSYNC 918 +#define SYS_ENTER_FCNTL 815 +#define SYS_EXIT_FCNTL 814 +#define SYS_ENTER_FCHOWN 705 +#define SYS_EXIT_FCHOWN 704 +#define SYS_ENTER_FLOCK 1013 +#define SYS_EXIT_FLOCK 1012 +#define SYS_ENTER_IO_URING_REGISTER 1367 +#define SYS_EXIT_IO_URING_REGISTER 1366 +#define SYS_ENTER_IO_URING_ENTER 1371 +#define SYS_EXIT_IO_URING_ENTER 1370 +#define SYS_ENTER_GETDENTS 821 +#define SYS_EXIT_GETDENTS 820 +#define SYS_ENTER_QUOTACTL_FD 1044 +#define SYS_EXIT_QUOTACTL_FD 1043 +#define SYS_ENTER_NEWFSTAT 771 +#define SYS_EXIT_NEWFSTAT 770 +#define SYS_ENTER_IOCTL 817 +#define SYS_EXIT_IOCTL 816 +#define SYS_ENTER_FSTATFS 937 +#define SYS_EXIT_FSTATFS 936 +#define SYS_ENTER_GETDENTS64 819 +#define SYS_EXIT_GETDENTS64 818 +#define SYS_ENTER_LSEEK 763 +#define SYS_EXIT_LSEEK 762 +#define SYS_ENTER_READ 761 +#define SYS_EXIT_READ 760 +#define SYS_ENTER_CLOSE_RANGE 693 +#define SYS_ENTER_COPY_FILE_RANGE 739 +#define SYS_ENTER_SYNC_FILE_RANGE 915 +#define SYS_EXIT_CLOSE_RANGE 692 +#define SYS_EXIT_COPY_FILE_RANGE 738 +#define SYS_EXIT_SYNC_FILE_RANGE 914 +#define SYS_ENTER_PWRITE64 755 +#define SYS_EXIT_PWRITE64 754 +#define SYS_ENTER_CACHESTAT 521 +#define SYS_EXIT_CACHESTAT 520 +#define SYS_ENTER_FCHMOD 719 +#define SYS_EXIT_FCHMOD 718 + +SEC("tracepoint/syscalls/sys_enter_pread64") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_PREAD64; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_pread64") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_PREAD64; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_enter_fchdir") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_FCHDIR; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_fchdir") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_FCHDIR; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_enter_write") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_WRITE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_write") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_WRITE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_enter_fdatasync") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_FDATASYNC; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_fdatasync") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_FDATASYNC; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_enter_close") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_CLOSE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_close") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_CLOSE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_enter_ftruncate") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_FTRUNCATE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_ftruncate") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_FTRUNCATE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_enter_fsync") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_FSYNC; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_fsync") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_FSYNC; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_enter_fcntl") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_FCNTL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_fcntl") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_FCNTL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_enter_fchown") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_FCHOWN; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_fchown") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_FCHOWN; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_enter_flock") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_FLOCK; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_flock") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_FLOCK; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_enter_io_uring_register") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_IO_URING_REGISTER; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_io_uring_register") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_IO_URING_REGISTER; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_enter_io_uring_enter") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_IO_URING_ENTER; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_io_uring_enter") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_IO_URING_ENTER; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_enter_getdents") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_GETDENTS; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_getdents") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_GETDENTS; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_enter_quotactl_fd") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_QUOTACTL_FD; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_quotactl_fd") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_QUOTACTL_FD; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_enter_newfstat") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_NEWFSTAT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_newfstat") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_NEWFSTAT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_enter_ioctl") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_IOCTL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_ioctl") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_IOCTL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_enter_fstatfs") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_FSTATFS; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_fstatfs") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_FSTATFS; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_enter_getdents64") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_GETDENTS64; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_getdents64") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_GETDENTS64; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_enter_lseek") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_LSEEK; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_lseek") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_LSEEK; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_enter_read") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_READ; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_read") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_READ; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_enter_close_range") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_CLOSE_RANGE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_enter_copy_file_range") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_COPY_FILE_RANGE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_enter_sync_file_range") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_SYNC_FILE_RANGE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_close_range") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_CLOSE_RANGE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_copy_file_range") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_COPY_FILE_RANGE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_sync_file_range") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_SYNC_FILE_RANGE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_enter_pwrite64") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_PWRITE64; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_pwrite64") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_PWRITE64; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_enter_cachestat") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_CACHESTAT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_cachestat") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_CACHESTAT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_enter_fchmod") +int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_ENTER_FCHMOD; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + ev->fd = (int)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +SEC("tracepoint/syscalls/sys_exit_fchmod") +int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->op_id = SYS_EXIT_FCHMOD; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + + + bpf_ringbuf_submit(ev, 0); + return 0; +} + + diff --git a/internal/c/generated/tracepoints.raku b/internal/c/generated/tracepoints.raku new file mode 100644 index 0000000..d6fc89e --- /dev/null +++ b/internal/c/generated/tracepoints.raku @@ -0,0 +1,117 @@ +#!/usr/bin/env raku + +use v6.d; +#use Grammar::Debugger; + +grammar SysTraceFormat { + rule TOP { <wholeformatsection>* } + rule wholeformatsection { <name> <id> <format> <print-fmt> } + rule name { 'name:' <identifier> } + rule id { 'ID:' <number> } + rule format { 'format:' <field>* } + + rule field { 'field:' <field-elements> } + rule field-elements { <field-declaration> <field-offset> <field-size> <field-signed> } + rule field-declaration { <field-type>+ <identifier> ';' } + token field-type { <-[ \t]> } + token field-offset { 'offset:' <number> ';' } + token field-size { 'size:' <number> ';' } + token field-signed { 'signed:' <cbool> ';' } + + token identifier { <[a..zA..Z0..9_]>+ } + token number { \d+ } + token cbool { '0' | '1' } + token print-fmt { 'print fmt' <-[\n]>+ "\n" } +} + +class Field { + has Str $.type is rw; + has Str $.name is rw; + has Int $.offset is rw; + has Int $.size is rw; + has Bool $.signed is rw; +} + +class Format { + has Str $.name is rw; + has Int $.id is rw; + has Field @.fields is rw; + has Bool $.has-fd is rw = False; + + method push(Field $field) { + push @!fields: $field; + $!has-fd = True if ($field.name eq 'fd' && $field.type eq 'unsigned int'); + } + + method generate-constant returns Str { + "#define {$!name.uc} {$!id}" + } + + method generate-probe returns Str { + my \is-enter = $!name.split('_')[1] eq 'enter'; + my \ctx-struct = is-enter ?? 'trace_event_raw_sys_enter' !! 'trace_event_raw_sys_exit'; + my \event-struct = is-enter ?? 'fd_event' !! 'null_event'; + + qq:to/END/; + SEC("tracepoint/syscalls/{$!name}") + int handle_enter_write(struct {ctx-struct} *ctx) \{ + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct {event-struct} *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct {event-struct}), 0); + if (!ev) + return 0; + + ev->op_id = {$!name.uc}; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_ns() / 1000; + {is-enter ?? 'ev->fd = (int)ctx->args[0];' !! ''} + + bpf_ringbuf_submit(ev, 0); + return 0; + \} + END + } +} + +class SysTraceFormatActions { + has Format @!formats; + has Format $!current-format = Format.new; + has Field $!current-field = Field.new; + + method TOP($/) { make @!formats } + + method wholeformatsection($/) { + push @!formats: $!current-format; + $!current-format = Format.new; + } + + method name($/) { $!current-format.name = ~$/<identifier> } + method id($/) { $!current-format.id = +$/<number> } + + method field-declaration($/) { + $!current-field.name = ~$/<identifier>; + $!current-field.type = $/<field-type>.join('').trim-trailing; + $!current-format.push($!current-field); + $!current-field = Field.new; + } + + method field-offset($/) { $!current-field.offset = +$/<number> } + method field-size($/) { $!current-field.size = +$/<number> } + method field-signed($/) { $!current-field.signed = +$/<cbool> == 0 ?? False !! True } +} + +my Format @formats = gather for SysTraceFormat + .parse($*IN.slurp,:actions(SysTraceFormatActions.new)).made + .classify(*.name.split('_').tail).values + .grep(*.grep(*.has-fd).elems > 0) -> @_ { .take for @_ } + +say qq:to/END/; +// Code generated - don't change manually! + +{@formats.map(*.generate-constant).join("\n")} + +{@formats.map(*.generate-probe).join("\n")} +END diff --git a/internal/c/ioriotng.bpf.c b/internal/c/ioriotng.bpf.c index a48c944..e1ef51d 100644 --- a/internal/c/ioriotng.bpf.c +++ b/internal/c/ioriotng.bpf.c @@ -13,8 +13,13 @@ * splitting the code up into several smaller files. */ #include "filter.c" + +// Tracepoints with custom handling. #include "tracepoints/open.c" #include "tracepoints/close.c" #include "tracepoints/write.c" +// More tracepoints, but auto-generated. May lack per-syscall special case handling. +// #include "generated/tracepoints.c" + char LICENSE[] SEC("license") = "Dual BSD/GPL"; diff --git a/internal/generated/tracepoints.raku b/internal/generated/tracepoints.raku index 7435888..e5cb29a 100644 --- a/internal/generated/tracepoints.raku +++ b/internal/generated/tracepoints.raku @@ -11,6 +11,6 @@ say qq:to/END/; package tracepoints var List = []string\{ -\t{@tracepoints.map({ "\"$_\"," }).join("\n\t") } + t{@tracepoints.map({ "\"$_\"," }).join("\n\t") } \} END diff --git a/internal/generated/tracepoints/tracepoints.go b/internal/generated/tracepoints/tracepoints.go index 6641385..cfd1fd3 100644 --- a/internal/generated/tracepoints/tracepoints.go +++ b/internal/generated/tracepoints/tracepoints.go @@ -10,4 +10,6 @@ var List = []string{ "exit_open", "enter_write", "exit_write", + "enter_write", + "exit_write", } |