diff options
| author | Paul Buetow <paul@buetow.org> | 2024-03-09 18:18:41 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2024-03-09 23:48:02 +0200 |
| commit | 60defe5b1312b0cdcaaa62659ec851971b3c018d (patch) | |
| tree | 7fa215b3e7e03e62f45e0834bbf5bd8bea75828e /internal/c/tracepoints | |
| parent | 478a1eb094a7d9e050cef60f80d9a8af1835dfcf (diff) | |
Also auto-generate open syscalls.
Diffstat (limited to 'internal/c/tracepoints')
| -rw-r--r-- | internal/c/tracepoints/open.c | 71 |
1 files changed, 0 insertions, 71 deletions
diff --git a/internal/c/tracepoints/open.c b/internal/c/tracepoints/open.c deleted file mode 100644 index b4e8757..0000000 --- a/internal/c/tracepoints/open.c +++ /dev/null @@ -1,71 +0,0 @@ -//+build ignore - -#define SYS_EXIT_OPEN 1 -#define SYS_ENTER_OPEN 2 -#define SYS_EXIT_OPENAT 3 -#define SYS_ENTER_OPENAT 4 - -static __always_inline int _handle_sys_enter_open(struct trace_event_raw_sys_enter *ctx, __u32 trace_id) { - __u32 pid, tid; - if (filter(&pid, &tid)) - return 0; - - struct open_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct open_event), 0); - if (!ev) - return 0; - - ev->event_type = ENTER_OPEN_EVENT; - ev->trace_id = trace_id; - ev->pid = pid; - ev->tid = tid; - ev->time = bpf_ktime_get_ns() / 1000; - - // Reset memory, as structure is re-used (ringbuffer) - __builtin_memset(&(ev->filename), 0, sizeof(ev->filename) + sizeof(ev->comm)); - bpf_probe_read_user_str(ev->filename, sizeof(ev->filename), (void *)ctx->args[1]); - bpf_get_current_comm(&ev->comm, sizeof(ev->comm)); - bpf_ringbuf_submit(ev, 0); - - return 0; -} - -static __always_inline int _handle_sys_exit_open(struct trace_event_raw_sys_exit *ctx, __u32 trace_id) { - __u32 pid, tid; - if (filter(&pid, &tid)) - return 0; - - struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); - if (!ev) - return 0; - - ev->event_type = EXIT_FD_EVENT; - ev->trace_id = trace_id; - ev->pid = pid; - ev->tid = tid; - ev->time = bpf_ktime_get_ns() / 1000; - ev->fd = ctx->ret; - - bpf_ringbuf_submit(ev, 0); - - return 0; -} - -SEC("tracepoint/syscalls/sys_enter_openat") -int handle_sys_enter_openat(struct trace_event_raw_sys_enter *ctx) { - return _handle_sys_enter_open(ctx, SYS_ENTER_OPENAT); -} - -SEC("tracepoint/syscalls/sys_exit_openat") -int handle_sys_exit_openat(struct trace_event_raw_sys_exit *ctx) { - return _handle_sys_exit_open(ctx, SYS_EXIT_OPENAT); -} - -SEC("tracepoint/syscalls/sys_enter_open") -int handle_sys_enter_open(struct trace_event_raw_sys_enter *ctx) { - return _handle_sys_enter_open(ctx, SYS_ENTER_OPEN); -} - -SEC("tracepoint/syscalls/sys_exit_open") -int handle_sys_exit_open(struct trace_event_raw_sys_exit *ctx) { - return _handle_sys_exit_open(ctx, SYS_EXIT_OPEN); -} |