diff options
| author | Paul Buetow <paul@buetow.org> | 2024-02-19 12:19:11 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2024-02-19 12:19:11 +0200 |
| commit | 4950710f87d8fe65e00d855760ea4b3f71de73e5 (patch) | |
| tree | 4a706891b2068740dafbb1fc479c99b710836a2e /internal/c/tracepoints/open.c | |
| parent | db553759bbc60cf6e0ed1c1e40e7567b5838cc61 (diff) | |
refactor open, re-use some code
Diffstat (limited to 'internal/c/tracepoints/open.c')
| -rw-r--r-- | internal/c/tracepoints/open.c | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/internal/c/tracepoints/open.c b/internal/c/tracepoints/open.c index b405c0e..7e15f85 100644 --- a/internal/c/tracepoints/open.c +++ b/internal/c/tracepoints/open.c @@ -1,7 +1,6 @@ //+build ignore -SEC("tracepoint/syscalls/sys_enter_openat") -int handle_enter_openat(struct trace_event_raw_sys_enter *ctx) { +static __always_inline int _handle_enter_open(struct trace_event_raw_sys_enter *ctx, __u32 op_id) { if (filter()) return 0; @@ -9,10 +8,11 @@ int handle_enter_openat(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = OPENAT_ENTER_OP_ID; + ev->op_id = op_id; ev->pid_tgid = bpf_get_current_pid_tgid(); ev->time = bpf_ktime_get_ns(); + // Reset memory, as structure is re-used (ringbuffer) __builtin_memset(&(ev->filename), 0, sizeof(ev->filename) + sizeof(ev->comm)); bpf_probe_read_user_str(ev->filename, sizeof(ev->filename), (void *)ctx->args[1]); bpf_get_current_comm(&ev->comm, sizeof(ev->comm)); @@ -21,8 +21,7 @@ int handle_enter_openat(struct trace_event_raw_sys_enter *ctx) { return 0; } -SEC("tracepoint/syscalls/sys_exit_openat") -int handle_exit_openat(struct trace_event_raw_sys_exit *ctx) { +static __always_inline int _handle_exit_open(struct trace_event_raw_sys_exit *ctx, __u32 op_id) { if (filter()) return 0; @@ -30,7 +29,7 @@ int handle_exit_openat(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = OPENAT_EXIT_OP_ID; + ev->op_id = op_id; ev->pid_tgid = bpf_get_current_pid_tgid(); ev->time = bpf_ktime_get_ns(); ev->fd = ctx->ret; @@ -40,13 +39,22 @@ int handle_exit_openat(struct trace_event_raw_sys_exit *ctx) { return 0; } +SEC("tracepoint/syscalls/sys_enter_openat") +int handle_enter_openat(struct trace_event_raw_sys_enter *ctx) { + return _handle_enter_open(ctx, OPENAT_ENTER_OP_ID); +} + +SEC("tracepoint/syscalls/sys_exit_openat") +int handle_exit_openat(struct trace_event_raw_sys_exit *ctx) { + return _handle_exit_open(ctx, OPENAT_EXIT_OP_ID); +} + SEC("tracepoint/syscalls/sys_enter_open") int handle_enter_open(struct trace_event_raw_sys_enter *ctx) { - return handle_enter_openat(ctx); + return _handle_enter_open(ctx, OPEN_ENTER_OP_ID); } SEC("tracepoint/syscalls/sys_exit_open") int handle_exit_open(struct trace_event_raw_sys_exit *ctx) { - return handle_exit_openat(ctx); + return _handle_exit_open(ctx, OPEN_EXIT_OP_ID); } - |