summaryrefslogtreecommitdiff
path: root/internal/c/generated
diff options
context:
space:
mode:
authorPaul Buetow <paul@buetow.org>2024-03-08 08:46:00 +0200
committerPaul Buetow <paul@buetow.org>2024-03-08 08:46:00 +0200
commit0b94a7cced7d4bb9a44c9e9e827c4e3b09e5e8dc (patch)
tree3401f36473884d72f88de53339def3e314cf7c1b /internal/c/generated
parentb215bafceeecbe97de19fb3111dc080196224ab9 (diff)
as per https://codeberg.org/snonux/ioriotng/issues/19
Diffstat (limited to 'internal/c/generated')
-rw-r--r--internal/c/generated/tracepoints.c898
-rw-r--r--internal/c/generated/tracepoints.raku15
2 files changed, 911 insertions, 2 deletions
diff --git a/internal/c/generated/tracepoints.c b/internal/c/generated/tracepoints.c
index 89c473a..8ba2028 100644
--- a/internal/c/generated/tracepoints.c
+++ b/internal/c/generated/tracepoints.c
@@ -6,6 +6,8 @@
#define SYS_ENTER_CLOSE_RANGE 701
#define SYS_EXIT_CLOSE 702
#define SYS_ENTER_CLOSE 703
+#define SYS_EXIT_CREAT 704
+#define SYS_ENTER_CREAT 705
#define SYS_EXIT_FCHOWN 712
#define SYS_ENTER_FCHOWN 713
#define SYS_EXIT_FCHMOD 726
@@ -26,6 +28,8 @@
#define SYS_ENTER_READ 769
#define SYS_EXIT_LSEEK 770
#define SYS_ENTER_LSEEK 771
+#define SYS_EXIT_READLINKAT 776
+#define SYS_ENTER_READLINKAT 777
#define SYS_EXIT_NEWFSTAT 778
#define SYS_ENTER_NEWFSTAT 779
#define SYS_EXIT_RENAME 794
@@ -42,6 +46,16 @@
#define SYS_ENTER_SYMLINK 805
#define SYS_EXIT_SYMLINKAT 806
#define SYS_ENTER_SYMLINKAT 807
+#define SYS_EXIT_UNLINK 808
+#define SYS_ENTER_UNLINK 809
+#define SYS_EXIT_UNLINKAT 810
+#define SYS_ENTER_UNLINKAT 811
+#define SYS_EXIT_RMDIR 812
+#define SYS_ENTER_RMDIR 813
+#define SYS_EXIT_MKDIR 814
+#define SYS_ENTER_MKDIR 815
+#define SYS_EXIT_MKDIRAT 816
+#define SYS_ENTER_MKDIRAT 817
#define SYS_EXIT_FCNTL 822
#define SYS_ENTER_FCNTL 823
#define SYS_EXIT_IOCTL 824
@@ -50,6 +64,22 @@
#define SYS_ENTER_GETDENTS64 827
#define SYS_EXIT_GETDENTS 828
#define SYS_ENTER_GETDENTS 829
+#define SYS_EXIT_LREMOVEXATTR 862
+#define SYS_ENTER_LREMOVEXATTR 863
+#define SYS_EXIT_REMOVEXATTR 864
+#define SYS_ENTER_REMOVEXATTR 865
+#define SYS_EXIT_LLISTXATTR 868
+#define SYS_ENTER_LLISTXATTR 869
+#define SYS_EXIT_LISTXATTR 870
+#define SYS_ENTER_LISTXATTR 871
+#define SYS_EXIT_LGETXATTR 874
+#define SYS_ENTER_LGETXATTR 875
+#define SYS_EXIT_GETXATTR 876
+#define SYS_ENTER_GETXATTR 877
+#define SYS_EXIT_LSETXATTR 880
+#define SYS_ENTER_LSETXATTR 881
+#define SYS_EXIT_SETXATTR 882
+#define SYS_ENTER_SETXATTR 883
#define SYS_EXIT_SYNC_FILE_RANGE 922
#define SYS_ENTER_SYNC_FILE_RANGE 923
#define SYS_EXIT_FDATASYNC 924
@@ -58,10 +88,20 @@
#define SYS_ENTER_FSYNC 927
#define SYS_EXIT_FSTATFS 944
#define SYS_ENTER_FSTATFS 945
+#define SYS_EXIT_STATFS 946
+#define SYS_ENTER_STATFS 947
+#define SYS_EXIT_INOTIFY_RM_WATCH 954
+#define SYS_ENTER_INOTIFY_RM_WATCH 955
+#define SYS_EXIT_INOTIFY_ADD_WATCH 956
+#define SYS_ENTER_INOTIFY_ADD_WATCH 957
+#define SYS_EXIT_FANOTIFY_MARK 962
+#define SYS_ENTER_FANOTIFY_MARK 963
#define SYS_EXIT_FLOCK 1020
#define SYS_ENTER_FLOCK 1021
#define SYS_EXIT_QUOTACTL_FD 1051
#define SYS_ENTER_QUOTACTL_FD 1052
+#define SYS_EXIT_MQ_UNLINK 1321
+#define SYS_ENTER_MQ_UNLINK 1322
#define SYS_EXIT_IO_URING_REGISTER 1377
#define SYS_ENTER_IO_URING_REGISTER 1378
#define SYS_EXIT_IO_URING_ENTER 1381
@@ -193,6 +233,49 @@ int handle_sys_enter_close(struct trace_event_raw_sys_enter *ctx) {
return 0;
}
+SEC("tracepoint/syscalls/sys_exit_creat")
+int handle_sys_exit_creat(struct trace_event_raw_sys_exit *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = EXIT_RET_EVENT;
+ ev->trace_id = SYS_EXIT_CREAT;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ ev->ret = ctx->ret;
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_enter_creat")
+int handle_sys_enter_creat(struct trace_event_raw_sys_enter *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct path_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct path_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = ENTER_PATH_EVENT;
+ ev->trace_id = SYS_ENTER_CREAT;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ __builtin_memset(&(ev->pathname), 0, sizeof(ev->pathname));
+ bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[0]);
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
SEC("tracepoint/syscalls/sys_exit_fchown")
int handle_sys_exit_fchown(struct trace_event_raw_sys_exit *ctx) {
__u32 pid, tid;
@@ -613,6 +696,49 @@ int handle_sys_enter_lseek(struct trace_event_raw_sys_enter *ctx) {
return 0;
}
+SEC("tracepoint/syscalls/sys_exit_readlinkat")
+int handle_sys_exit_readlinkat(struct trace_event_raw_sys_exit *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = EXIT_RET_EVENT;
+ ev->trace_id = SYS_EXIT_READLINKAT;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ ev->ret = ctx->ret;
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_enter_readlinkat")
+int handle_sys_enter_readlinkat(struct trace_event_raw_sys_enter *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct path_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct path_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = ENTER_PATH_EVENT;
+ ev->trace_id = SYS_ENTER_READLINKAT;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ __builtin_memset(&(ev->pathname), 0, sizeof(ev->pathname));
+ bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[1]);
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
SEC("tracepoint/syscalls/sys_exit_newfstat")
int handle_sys_exit_newfstat(struct trace_event_raw_sys_exit *ctx) {
__u32 pid, tid;
@@ -963,6 +1089,221 @@ int handle_sys_enter_symlinkat(struct trace_event_raw_sys_enter *ctx) {
return 0;
}
+SEC("tracepoint/syscalls/sys_exit_unlink")
+int handle_sys_exit_unlink(struct trace_event_raw_sys_exit *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = EXIT_RET_EVENT;
+ ev->trace_id = SYS_EXIT_UNLINK;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ ev->ret = ctx->ret;
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_enter_unlink")
+int handle_sys_enter_unlink(struct trace_event_raw_sys_enter *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct path_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct path_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = ENTER_PATH_EVENT;
+ ev->trace_id = SYS_ENTER_UNLINK;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ __builtin_memset(&(ev->pathname), 0, sizeof(ev->pathname));
+ bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[0]);
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_exit_unlinkat")
+int handle_sys_exit_unlinkat(struct trace_event_raw_sys_exit *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = EXIT_RET_EVENT;
+ ev->trace_id = SYS_EXIT_UNLINKAT;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ ev->ret = ctx->ret;
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_enter_unlinkat")
+int handle_sys_enter_unlinkat(struct trace_event_raw_sys_enter *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct path_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct path_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = ENTER_PATH_EVENT;
+ ev->trace_id = SYS_ENTER_UNLINKAT;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ __builtin_memset(&(ev->pathname), 0, sizeof(ev->pathname));
+ bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[1]);
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_exit_rmdir")
+int handle_sys_exit_rmdir(struct trace_event_raw_sys_exit *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = EXIT_RET_EVENT;
+ ev->trace_id = SYS_EXIT_RMDIR;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ ev->ret = ctx->ret;
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_enter_rmdir")
+int handle_sys_enter_rmdir(struct trace_event_raw_sys_enter *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct path_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct path_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = ENTER_PATH_EVENT;
+ ev->trace_id = SYS_ENTER_RMDIR;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ __builtin_memset(&(ev->pathname), 0, sizeof(ev->pathname));
+ bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[0]);
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_exit_mkdir")
+int handle_sys_exit_mkdir(struct trace_event_raw_sys_exit *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = EXIT_RET_EVENT;
+ ev->trace_id = SYS_EXIT_MKDIR;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ ev->ret = ctx->ret;
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_enter_mkdir")
+int handle_sys_enter_mkdir(struct trace_event_raw_sys_enter *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct path_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct path_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = ENTER_PATH_EVENT;
+ ev->trace_id = SYS_ENTER_MKDIR;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ __builtin_memset(&(ev->pathname), 0, sizeof(ev->pathname));
+ bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[0]);
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_exit_mkdirat")
+int handle_sys_exit_mkdirat(struct trace_event_raw_sys_exit *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = EXIT_RET_EVENT;
+ ev->trace_id = SYS_EXIT_MKDIRAT;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ ev->ret = ctx->ret;
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_enter_mkdirat")
+int handle_sys_enter_mkdirat(struct trace_event_raw_sys_enter *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct path_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct path_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = ENTER_PATH_EVENT;
+ ev->trace_id = SYS_ENTER_MKDIRAT;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ __builtin_memset(&(ev->pathname), 0, sizeof(ev->pathname));
+ bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[1]);
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
SEC("tracepoint/syscalls/sys_exit_fcntl")
int handle_sys_exit_fcntl(struct trace_event_raw_sys_exit *ctx) {
__u32 pid, tid;
@@ -1131,6 +1472,350 @@ int handle_sys_enter_getdents(struct trace_event_raw_sys_enter *ctx) {
return 0;
}
+SEC("tracepoint/syscalls/sys_exit_lremovexattr")
+int handle_sys_exit_lremovexattr(struct trace_event_raw_sys_exit *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = EXIT_RET_EVENT;
+ ev->trace_id = SYS_EXIT_LREMOVEXATTR;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ ev->ret = ctx->ret;
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_enter_lremovexattr")
+int handle_sys_enter_lremovexattr(struct trace_event_raw_sys_enter *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct path_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct path_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = ENTER_PATH_EVENT;
+ ev->trace_id = SYS_ENTER_LREMOVEXATTR;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ __builtin_memset(&(ev->pathname), 0, sizeof(ev->pathname));
+ bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[0]);
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_exit_removexattr")
+int handle_sys_exit_removexattr(struct trace_event_raw_sys_exit *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = EXIT_RET_EVENT;
+ ev->trace_id = SYS_EXIT_REMOVEXATTR;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ ev->ret = ctx->ret;
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_enter_removexattr")
+int handle_sys_enter_removexattr(struct trace_event_raw_sys_enter *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct path_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct path_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = ENTER_PATH_EVENT;
+ ev->trace_id = SYS_ENTER_REMOVEXATTR;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ __builtin_memset(&(ev->pathname), 0, sizeof(ev->pathname));
+ bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[0]);
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_exit_llistxattr")
+int handle_sys_exit_llistxattr(struct trace_event_raw_sys_exit *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = EXIT_RET_EVENT;
+ ev->trace_id = SYS_EXIT_LLISTXATTR;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ ev->ret = ctx->ret;
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_enter_llistxattr")
+int handle_sys_enter_llistxattr(struct trace_event_raw_sys_enter *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct path_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct path_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = ENTER_PATH_EVENT;
+ ev->trace_id = SYS_ENTER_LLISTXATTR;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ __builtin_memset(&(ev->pathname), 0, sizeof(ev->pathname));
+ bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[0]);
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_exit_listxattr")
+int handle_sys_exit_listxattr(struct trace_event_raw_sys_exit *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = EXIT_RET_EVENT;
+ ev->trace_id = SYS_EXIT_LISTXATTR;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ ev->ret = ctx->ret;
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_enter_listxattr")
+int handle_sys_enter_listxattr(struct trace_event_raw_sys_enter *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct path_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct path_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = ENTER_PATH_EVENT;
+ ev->trace_id = SYS_ENTER_LISTXATTR;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ __builtin_memset(&(ev->pathname), 0, sizeof(ev->pathname));
+ bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[0]);
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_exit_lgetxattr")
+int handle_sys_exit_lgetxattr(struct trace_event_raw_sys_exit *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = EXIT_RET_EVENT;
+ ev->trace_id = SYS_EXIT_LGETXATTR;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ ev->ret = ctx->ret;
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_enter_lgetxattr")
+int handle_sys_enter_lgetxattr(struct trace_event_raw_sys_enter *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct path_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct path_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = ENTER_PATH_EVENT;
+ ev->trace_id = SYS_ENTER_LGETXATTR;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ __builtin_memset(&(ev->pathname), 0, sizeof(ev->pathname));
+ bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[0]);
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_exit_getxattr")
+int handle_sys_exit_getxattr(struct trace_event_raw_sys_exit *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = EXIT_RET_EVENT;
+ ev->trace_id = SYS_EXIT_GETXATTR;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ ev->ret = ctx->ret;
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_enter_getxattr")
+int handle_sys_enter_getxattr(struct trace_event_raw_sys_enter *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct path_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct path_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = ENTER_PATH_EVENT;
+ ev->trace_id = SYS_ENTER_GETXATTR;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ __builtin_memset(&(ev->pathname), 0, sizeof(ev->pathname));
+ bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[0]);
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_exit_lsetxattr")
+int handle_sys_exit_lsetxattr(struct trace_event_raw_sys_exit *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = EXIT_RET_EVENT;
+ ev->trace_id = SYS_EXIT_LSETXATTR;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ ev->ret = ctx->ret;
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_enter_lsetxattr")
+int handle_sys_enter_lsetxattr(struct trace_event_raw_sys_enter *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct path_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct path_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = ENTER_PATH_EVENT;
+ ev->trace_id = SYS_ENTER_LSETXATTR;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ __builtin_memset(&(ev->pathname), 0, sizeof(ev->pathname));
+ bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[0]);
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_exit_setxattr")
+int handle_sys_exit_setxattr(struct trace_event_raw_sys_exit *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = EXIT_RET_EVENT;
+ ev->trace_id = SYS_EXIT_SETXATTR;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ ev->ret = ctx->ret;
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_enter_setxattr")
+int handle_sys_enter_setxattr(struct trace_event_raw_sys_enter *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct path_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct path_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = ENTER_PATH_EVENT;
+ ev->trace_id = SYS_ENTER_SETXATTR;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ __builtin_memset(&(ev->pathname), 0, sizeof(ev->pathname));
+ bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[0]);
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
SEC("tracepoint/syscalls/sys_exit_sync_file_range")
int handle_sys_exit_sync_file_range(struct trace_event_raw_sys_exit *ctx) {
__u32 pid, tid;
@@ -1299,6 +1984,177 @@ int handle_sys_enter_fstatfs(struct trace_event_raw_sys_enter *ctx) {
return 0;
}
+SEC("tracepoint/syscalls/sys_exit_statfs")
+int handle_sys_exit_statfs(struct trace_event_raw_sys_exit *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = EXIT_RET_EVENT;
+ ev->trace_id = SYS_EXIT_STATFS;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ ev->ret = ctx->ret;
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_enter_statfs")
+int handle_sys_enter_statfs(struct trace_event_raw_sys_enter *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct path_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct path_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = ENTER_PATH_EVENT;
+ ev->trace_id = SYS_ENTER_STATFS;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ __builtin_memset(&(ev->pathname), 0, sizeof(ev->pathname));
+ bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[0]);
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_exit_inotify_rm_watch")
+int handle_sys_exit_inotify_rm_watch(struct trace_event_raw_sys_exit *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = EXIT_RET_EVENT;
+ ev->trace_id = SYS_EXIT_INOTIFY_RM_WATCH;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ ev->ret = ctx->ret;
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_enter_inotify_rm_watch")
+int handle_sys_enter_inotify_rm_watch(struct trace_event_raw_sys_enter *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = ENTER_NULL_EVENT;
+ ev->trace_id = SYS_ENTER_INOTIFY_RM_WATCH;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_exit_inotify_add_watch")
+int handle_sys_exit_inotify_add_watch(struct trace_event_raw_sys_exit *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = EXIT_RET_EVENT;
+ ev->trace_id = SYS_EXIT_INOTIFY_ADD_WATCH;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ ev->ret = ctx->ret;
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_enter_inotify_add_watch")
+int handle_sys_enter_inotify_add_watch(struct trace_event_raw_sys_enter *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct path_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct path_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = ENTER_PATH_EVENT;
+ ev->trace_id = SYS_ENTER_INOTIFY_ADD_WATCH;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ __builtin_memset(&(ev->pathname), 0, sizeof(ev->pathname));
+ bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[1]);
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_exit_fanotify_mark")
+int handle_sys_exit_fanotify_mark(struct trace_event_raw_sys_exit *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = EXIT_RET_EVENT;
+ ev->trace_id = SYS_EXIT_FANOTIFY_MARK;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ ev->ret = ctx->ret;
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_enter_fanotify_mark")
+int handle_sys_enter_fanotify_mark(struct trace_event_raw_sys_enter *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct path_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct path_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = ENTER_PATH_EVENT;
+ ev->trace_id = SYS_ENTER_FANOTIFY_MARK;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ __builtin_memset(&(ev->pathname), 0, sizeof(ev->pathname));
+ bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[4]);
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
SEC("tracepoint/syscalls/sys_exit_flock")
int handle_sys_exit_flock(struct trace_event_raw_sys_exit *ctx) {
__u32 pid, tid;
@@ -1383,6 +2239,48 @@ int handle_sys_enter_quotactl_fd(struct trace_event_raw_sys_enter *ctx) {
return 0;
}
+SEC("tracepoint/syscalls/sys_exit_mq_unlink")
+int handle_sys_exit_mq_unlink(struct trace_event_raw_sys_exit *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = EXIT_RET_EVENT;
+ ev->trace_id = SYS_EXIT_MQ_UNLINK;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+ ev->ret = ctx->ret;
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_enter_mq_unlink")
+int handle_sys_enter_mq_unlink(struct trace_event_raw_sys_enter *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = ENTER_NULL_EVENT;
+ ev->trace_id = SYS_ENTER_MQ_UNLINK;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_ns() / 1000;
+
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
SEC("tracepoint/syscalls/sys_exit_io_uring_register")
int handle_sys_exit_io_uring_register(struct trace_event_raw_sys_exit *ctx) {
__u32 pid, tid;
diff --git a/internal/c/generated/tracepoints.raku b/internal/c/generated/tracepoints.raku
index ad95559..de801a7 100644
--- a/internal/c/generated/tracepoints.raku
+++ b/internal/c/generated/tracepoints.raku
@@ -45,8 +45,10 @@ class Format {
# file descriptor passed to syscalls.
has Bool $.has-fd is rw = False;
- # Has tracepoint has got oldname and name
+ # Tracepoint has oldname/newname
has Bool $.has-name is rw = False;
+ # Tracepoint has pathname
+ has Bool $.has-path is rw = False;
# Syscall returns with a long value (e.g. bytes read/written)
has Bool $.has-long-ret is rw = False;
@@ -65,6 +67,8 @@ class Format {
$!has-fd = True;
} elsif (field.name eq 'newname' && field.type eq 'const char *') {
$!has-name = True;
+ } elsif (field.name eq 'pathname' && field.type eq 'const char *') {
+ $!has-path = True;
} elsif (field.name eq 'ret' && field.type eq 'long') {
$.has-long-ret = True;
}
@@ -85,6 +89,7 @@ class Format {
my \event-struct = do if $!has-fd { 'fd_event' }
elsif $!has-long-ret { 'ret_event' }
elsif $!has-name { 'name_event' }
+ elsif $!has-path { 'path_event' }
else { 'null_event' };
my \extra-data = do if $!has-fd { 'ev->fd = (__s32)ctx->args[0];' }
elsif $!has-long-ret { 'ev->ret = ctx->ret;' }
@@ -96,6 +101,12 @@ class Format {
bpf_probe_read_user_str(ev->oldname, sizeof(ev->oldname), (void*)ctx->args[{oldname-index}]);
bpf_probe_read_user_str(ev->newname, sizeof(ev->newname), (void*)ctx->args[{newname-index}]);
END
+ } elsif $!has-path {
+ my Int \pathname-index = self!field-number('pathname');
+ qq:to/END/.trim-trailing;
+ __builtin_memset(\&(ev->pathname), 0, sizeof(ev->pathname));
+ bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[{pathname-index}]);
+ END
}
else { '' };
qq:to/END/;
@@ -154,7 +165,7 @@ my Format @formats = gather for SysTraceFormat
.parse($*IN.slurp,:actions(SysTraceFormatActions.new)).made
# For each enter there is an exit tracepoint. E.g. sys_enter_open and sys_exit_open
.classify(*.name.split('_').tail).values
- .grep({ $_.grep(*.has-fd) || $_.grep(*.has-name) }) -> @_ { .take for @_ }
+ .grep({ $_.grep(*.has-fd) || $_.grep(*.has-name) || $_.grep(*.has-path) }) -> @_ { .take for @_ }
@formats .= sort(*.id);
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-16 18:55:19 +0000