use generated tracepoints.c

author: Paul Buetow <paul@buetow.org> 2024-02-27 09:52:36 +0200
committer: Paul Buetow <paul@buetow.org> 2024-02-27 09:52:36 +0200
commit: 2745f74f3db314a94ae181fb53963bf853db3833 (patch)
tree: 143cf8557089835906e3d899c8b18fcb00023cac /internal/c/tracepoints
parent: d8441fff4bbf2739cc0e6c046035bf176158954a (diff)
3 files changed, 24 insertions, 16 deletions
diff --git a/internal/c/tracepoints/close.c b/internal/c/tracepoints/close.c
index 9d0b866..f099554 100644
--- a/internal/c/tracepoints/close.c
+++ b/internal/c/tracepoints/close.c
@@ -1,6 +1,7 @@
 //+build ignore
 
-SEC("tracepoint/syscalls/sys_enter_close")
+// SEC("tracepoint/syscalls/sys_enter_close")
+/*
 int handle_enter_close(struct trace_event_raw_sys_enter *ctx) {
     __u32 pid, tid;
     if (filter(&pid, &tid))
@@ -10,7 +11,7 @@ int handle_enter_close(struct trace_event_raw_sys_enter *ctx) {
     if (!ev)
         return 0;
 
-    ev->op_id = CLOSE_ENTER_OP_ID;
+    ev->syscall_id = SYS_ENTER_CLOSE;
     ev->pid = pid;
     ev->tid = tid;
     ev->time = bpf_ktime_get_ns() / 1000;
@@ -19,8 +20,10 @@ int handle_enter_close(struct trace_event_raw_sys_enter *ctx) {
     bpf_ringbuf_submit(ev, 0);
     return 0;
 }
+*/
 
-SEC("tracepoint/syscalls/sys_exit_close")
+// SEC("tracepoint/syscalls/sys_exit_close")
+/*
 int handle_exit_close(struct trace_event_raw_sys_exit *ctx) {
     __u32 pid, tid;
     if (filter(&pid, &tid))
@@ -30,13 +33,13 @@ int handle_exit_close(struct trace_event_raw_sys_exit *ctx) {
     if (!ev)
         return 0;
 
-    ev->op_id = CLOSE_EXIT_OP_ID;
+    ev->syscall_id = SYS_EXIT_CLOSE;
     ev->pid = pid;
     ev->tid = tid;
-    ev->time = bpf_ktime_get_ns() / 1000;
+    ev->time = bpf_ktime_get_ns() / 1000000;
 
     bpf_ringbuf_submit(ev, 0);
 
     return 0;
 }
-
+*/
diff --git a/internal/c/tracepoints/open.c b/internal/c/tracepoints/open.c
index fa0fbf3..0b5d825 100644
--- a/internal/c/tracepoints/open.c
+++ b/internal/c/tracepoints/open.c
@@ -1,6 +1,11 @@
 //+build ignore
 
-static __always_inline int _handle_enter_open(struct trace_event_raw_sys_enter *ctx, __u32 op_id) {
+#define SYS_ENTER_OPEN 1
+#define SYS_EXIT_OPEN 2
+#define SYS_ENTER_OPENAT 3
+#define SYS_EXIT_OPENAT 4
+
+static __always_inline int _handle_enter_open(struct trace_event_raw_sys_enter *ctx, __u32 syscall_id) {
     __u32 pid, tid;
     if (filter(&pid, &tid))
         return 0;
@@ -9,7 +14,7 @@ static __always_inline int _handle_enter_open(struct trace_event_raw_sys_enter *
     if (!ev)
         return 0;
 
-    ev->op_id = op_id;
+    ev->syscall_id = syscall_id;
     ev->pid = pid;
     ev->tid = tid;
     ev->time = bpf_ktime_get_ns() / 1000;
@@ -23,7 +28,7 @@ static __always_inline int _handle_enter_open(struct trace_event_raw_sys_enter *
     return 0;
 }
 
-static __always_inline int _handle_exit_open(struct trace_event_raw_sys_exit *ctx, __u32 op_id) {
+static __always_inline int _handle_exit_open(struct trace_event_raw_sys_exit *ctx, __u32 syscall_id) {
     __u32 pid, tid;
     if (filter(&pid, &tid))
         return 0;
@@ -32,7 +37,7 @@ static __always_inline int _handle_exit_open(struct trace_event_raw_sys_exit *ct
     if (!ev)
         return 0;
 
-    ev->op_id = op_id;
+    ev->syscall_id = syscall_id;
     ev->pid = pid;
     ev->tid = tid;
     ev->time = bpf_ktime_get_ns() / 1000;
@@ -45,20 +50,20 @@ static __always_inline int _handle_exit_open(struct trace_event_raw_sys_exit *ct
 
 SEC("tracepoint/syscalls/sys_enter_openat")
 int handle_enter_openat(struct trace_event_raw_sys_enter *ctx) {
-    return _handle_enter_open(ctx, OPENAT_ENTER_OP_ID);
+    return _handle_enter_open(ctx, SYS_ENTER_OPENAT);
 }
 
 SEC("tracepoint/syscalls/sys_exit_openat")
 int handle_exit_openat(struct trace_event_raw_sys_exit *ctx) {
-    return _handle_exit_open(ctx, OPENAT_EXIT_OP_ID);
+    return _handle_exit_open(ctx, SYS_EXIT_OPENAT);
 }
 
 SEC("tracepoint/syscalls/sys_enter_open")
 int handle_enter_open(struct trace_event_raw_sys_enter *ctx) {
-    return _handle_enter_open(ctx, OPEN_ENTER_OP_ID);
+    return _handle_enter_open(ctx, SYS_ENTER_OPEN);
 }
 
 SEC("tracepoint/syscalls/sys_exit_open")
 int handle_exit_open(struct trace_event_raw_sys_exit *ctx) {
-    return _handle_exit_open(ctx, OPEN_EXIT_OP_ID);
+    return _handle_exit_open(ctx, SYS_EXIT_OPEN);
 }
diff --git a/internal/c/tracepoints/write.c b/internal/c/tracepoints/write.c
index 9771193..9d737f7 100644
--- a/internal/c/tracepoints/write.c
+++ b/internal/c/tracepoints/write.c
@@ -10,7 +10,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) {
     if (!ev)
         return 0;
 
-    ev->op_id = WRITE_ENTER_OP_ID;
+    ev->syscall_id = SYS_ENTER_WRITE;
     ev->pid = pid;
     ev->tid = tid;
     ev->time = bpf_ktime_get_ns() / 1000;
@@ -30,7 +30,7 @@ int handle_exit_write(struct trace_event_raw_sys_exit *ctx) {
     if (!ev)
         return 0;
 
-    ev->op_id = WRITE_EXIT_OP_ID;
+    ev->syscall_id = SYS_EXIT_WRITE;
     ev->pid = pid;
     ev->tid = tid;
     ev->time = bpf_ktime_get_ns() / 1000;
author	Paul Buetow <paul@buetow.org>	2024-02-27 09:52:36 +0200
committer	Paul Buetow <paul@buetow.org>	2024-02-27 09:52:36 +0200
commit	2745f74f3db314a94ae181fb53963bf853db3833 (patch)
tree	143cf8557089835906e3d899c8b18fcb00023cac /internal/c/tracepoints
parent	d8441fff4bbf2739cc0e6c046035bf176158954a (diff)