PID filter

6 files changed, 24 insertions, 30 deletions

diff --git a/Makefile b/Makefile
index 76f2ee1..7037e78 100644
--- a/Makefile
+++ b/Makefile
@@ -5,9 +5,7 @@ export GOARCH = amd64
 export CGO_CFLAGS = -I$(LIBBPFGO)/output -I$(LIBBPFGO)/selftest/common
 export CGO_LDFLAGS = -lelf -lzstd $(LIBBPFGO)/output/libbpf.a
 
-all: build run
-
-build: bpfbuild gobuild
+all: bpfbuild gobuild
 
 .PHONY: bpfbuild
 bpfbuild:
@@ -27,7 +25,3 @@ clean:
 	find . -type f -name ioriotng -delete
 	if [ -e ioriotng.bpf.o ]; then rm ioriotng.bpf.o; fi
 	make -C ./internal/c clean
-
-.PHONY: run
-run:
-	sudo ./ioriotng -uid $$(id -u)
diff --git a/TODO.md b/TODO.md
deleted file mode 100644
index b2bc4f6..0000000
--- a/TODO.md
+++ /dev/null
@@ -1,15 +0,0 @@
-# TODO
-
-## Functionality 
-
-* Send PID and/or file pattern dynamically to the BPF program (command line flags)
-* Capture all *open* and *close* syscalls (e.g. from debugfs?)
-    * Could write a Go code to check for available syscalls and then alert?
-* ...
-
-## Refactor
-
-* Error wrapping
-* vet 
-* Move have a ./internal/ioriot.bpf.c and ./internal/ioriot.go as starting points
-* Move main.go to ./cmd/ioriot
diff --git a/internal/c/filter.c b/internal/c/filter.c
index a91eb84..93497c7 100644
--- a/internal/c/filter.c
+++ b/internal/c/filter.c
@@ -1,5 +1,13 @@
 //+build ignore
 
 static __always_inline int filter() {
-    return (bpf_get_current_uid_gid() & 0xFFFFFFFF) != UID_FILTER;
+    if ((bpf_get_current_pid_tgid() >> 32) == PID_FILTER)
+        return 0;
+
+    /*
+    if ((bpf_get_current_uid_gid() & 0xFFFFFFFF) == UID_FILTER)
+        return 0;
+    */
+
+    return 1;
 }
diff --git a/internal/c/flags.h b/internal/c/flags.h
index 53b9492..eb7ec83 100644
--- a/internal/c/flags.h
+++ b/internal/c/flags.h
@@ -1,4 +1,4 @@
 //+build ignore
 
-const volatile u32 UID_FILTER = 0;
-volatile u32 DYNAMIC_UID_FILTER = 0;
+// const volatile u32 UID_FILTER = -1;
+const volatile u32 PID_FILTER = -1;
diff --git a/internal/flags/flags.go b/internal/flags/flags.go
index f139654..fbb0569 100644
--- a/internal/flags/flags.go
+++ b/internal/flags/flags.go
@@ -9,11 +9,13 @@ import (
 
 type Flags struct {
 	UidFilter    int
+	PidFilter    int
 	EventMapSize int
 }
 
 func New() (flags Flags) {
-	flag.IntVar(&flags.UidFilter, "uid", 0, "Filter for processes with UID")
+	// flag.IntVar(&flags.UidFilter, "uid", 0, "Filter for user ID")
+	flag.IntVar(&flags.PidFilter, "pid", 0, "Filter for processes ID")
 	flag.IntVar(&flags.EventMapSize, "mapSize", 4096*16, "BPF FD event ring buffer map size")
 	flag.Parse()
 
@@ -21,8 +23,13 @@ func New() (flags Flags) {
 }
 
 func (flags Flags) SetBPF(bpfModule *bpf.Module) error {
-	if err := bpfModule.InitGlobalVariable("UID_FILTER", uint32(flags.UidFilter)); err != nil {
-		return fmt.Errorf("unable to set up UID_FILTER global variable: %w", err)
+	/*
+		if err := bpfModule.InitGlobalVariable("UID_FILTER", uint32(flags.UidFilter)); err != nil {
+			return fmt.Errorf("unable to set up UID_FILTER global variable: %w", err)
+		}
+	*/
+	if err := bpfModule.InitGlobalVariable("PID_FILTER", uint32(flags.PidFilter)); err != nil {
+		return fmt.Errorf("unable to set up PID_FILTER global variable: %w", err)
 	}
 	return nil
 }
diff --git a/internal/generated/Makefile b/internal/generated/Makefile
index 7734ff5..1f5bf05 100644
--- a/internal/generated/Makefile
+++ b/internal/generated/Makefile
@@ -4,9 +4,9 @@ generate: tracepoints types
 
 .PHONY: tracepoints
 tracepoints:
-	cat ../c/tracepoints/*.c | raku tracepoints.raku | goimports | gofmt | tee tracepoints/tracepoints.go
+	cat ../c/tracepoints/*.c | raku tracepoints.raku | goimports | gofmt > tracepoints/tracepoints.go
 
 .PHONY: types
 types:
-	cat ../c/types.h | raku nqc.raku | goimports | gofmt | tee types/types.go
+	cat ../c/types.h | raku nqc.raku | goimports | gofmt > types/types.go