filter sets pid and tid

1 files changed, 8 insertions, 4 deletions

diff --git a/internal/c/tracepoints/write.c b/internal/c/tracepoints/write.c
index 262cb48..7caff5d 100644
--- a/internal/c/tracepoints/write.c
+++ b/internal/c/tracepoints/write.c
@@ -2,7 +2,8 @@
 
 SEC("tracepoint/syscalls/sys_enter_write")
 int handle_enter_write(struct trace_event_raw_sys_enter *ctx) {
-    if (filter())
+    __u32 pid, tid;
+    if (filter(&pid, &tid))
         return 0;
 
     struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0);
@@ -10,7 +11,8 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) {
         return 0;
 
     ev->op_id = WRITE_ENTER_OP_ID;
-    ev->pid_tgid = bpf_get_current_pid_tgid();
+    ev->pid = pid;
+    ev->tid = tid;
     ev->time = bpf_ktime_get_ns();
     ev->fd = (int)ctx->args[0];
 
@@ -20,7 +22,8 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) {
 
 SEC("tracepoint/syscalls/sys_exit_write")
 int handle_exit_write(struct trace_event_raw_sys_enter *ctx) {
-    if (filter())
+    __u32 pid, tid;
+    if (filter(&pid, &tid))
         return 0;
 
     struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
@@ -28,7 +31,8 @@ int handle_exit_write(struct trace_event_raw_sys_enter *ctx) {
         return 0;
 
     ev->op_id = WRITE_EXIT_OP_ID;
-    ev->pid_tgid = bpf_get_current_pid_tgid();
+    ev->pid = pid;
+    ev->tid = tid;
     ev->time = bpf_ktime_get_ns();
 
     bpf_ringbuf_submit(ev, 0);