67 add seccomp and module trace kinds

2 files changed, 18 insertions, 24 deletions

diff --git a/internal/c/generated_tracepoints.c b/internal/c/generated_tracepoints.c
index 9f2f283..78f29c7 100644
--- a/internal/c/generated_tracepoints.c
+++ b/internal/c/generated_tracepoints.c
@@ -13339,7 +13339,7 @@ int handle_sys_exit_bpf(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_seccomp is a struct null_event (kind=null)
+/// sys_enter_seccomp is a struct null_event (kind=seccomp)
 SEC("tracepoint/syscalls/sys_enter_seccomp")
 int handle_sys_enter_seccomp(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -13363,7 +13363,7 @@ int handle_sys_enter_seccomp(struct syscall_trace_enter *ctx) {
     return 0;
 }
 
-/// sys_exit_seccomp is a struct ret_event (UNCLASSIFIED) (kind=ret)
+/// sys_exit_seccomp is a struct null_event (kind=seccomp)
 SEC("tracepoint/syscalls/sys_exit_seccomp")
 int handle_sys_exit_seccomp(struct syscall_trace_exit *ctx) {
     __u32 pid, tid;
@@ -13373,17 +13373,15 @@ int handle_sys_exit_seccomp(struct syscall_trace_exit *ctx) {
     if (!ior_on_syscall_exit(tid, SYS_EXIT_SECCOMP, ctx->ret))
         return 0;
 
-    struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+    struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
     if (!ev)
         return 0;
 
-    ev->event_type = EXIT_RET_EVENT;
+    ev->event_type = EXIT_NULL_EVENT;
     ev->trace_id = SYS_EXIT_SECCOMP;
     ev->pid = pid;
     ev->tid = tid;
     ev->time = bpf_ktime_get_boot_ns();
-    ev->ret = ctx->ret;
-    ev->ret_type = UNCLASSIFIED;
 
     bpf_ringbuf_submit(ev, 0);
     return 0;
@@ -14863,7 +14861,7 @@ int handle_sys_exit_kcmp(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_delete_module is a struct null_event (kind=null)
+/// sys_enter_delete_module is a struct null_event (kind=module)
 SEC("tracepoint/syscalls/sys_enter_delete_module")
 int handle_sys_enter_delete_module(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -14887,7 +14885,7 @@ int handle_sys_enter_delete_module(struct syscall_trace_enter *ctx) {
     return 0;
 }
 
-/// sys_exit_delete_module is a struct ret_event (UNCLASSIFIED) (kind=ret)
+/// sys_exit_delete_module is a struct null_event (kind=module)
 SEC("tracepoint/syscalls/sys_exit_delete_module")
 int handle_sys_exit_delete_module(struct syscall_trace_exit *ctx) {
     __u32 pid, tid;
@@ -14897,23 +14895,21 @@ int handle_sys_exit_delete_module(struct syscall_trace_exit *ctx) {
     if (!ior_on_syscall_exit(tid, SYS_EXIT_DELETE_MODULE, ctx->ret))
         return 0;
 
-    struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+    struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
     if (!ev)
         return 0;
 
-    ev->event_type = EXIT_RET_EVENT;
+    ev->event_type = EXIT_NULL_EVENT;
     ev->trace_id = SYS_EXIT_DELETE_MODULE;
     ev->pid = pid;
     ev->tid = tid;
     ev->time = bpf_ktime_get_boot_ns();
-    ev->ret = ctx->ret;
-    ev->ret_type = UNCLASSIFIED;
 
     bpf_ringbuf_submit(ev, 0);
     return 0;
 }
 
-/// sys_enter_init_module is a struct null_event (kind=null)
+/// sys_enter_init_module is a struct null_event (kind=module)
 SEC("tracepoint/syscalls/sys_enter_init_module")
 int handle_sys_enter_init_module(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -14937,7 +14933,7 @@ int handle_sys_enter_init_module(struct syscall_trace_enter *ctx) {
     return 0;
 }
 
-/// sys_exit_init_module is a struct ret_event (UNCLASSIFIED) (kind=ret)
+/// sys_exit_init_module is a struct null_event (kind=module)
 SEC("tracepoint/syscalls/sys_exit_init_module")
 int handle_sys_exit_init_module(struct syscall_trace_exit *ctx) {
     __u32 pid, tid;
@@ -14947,17 +14943,15 @@ int handle_sys_exit_init_module(struct syscall_trace_exit *ctx) {
     if (!ior_on_syscall_exit(tid, SYS_EXIT_INIT_MODULE, ctx->ret))
         return 0;
 
-    struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+    struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
     if (!ev)
         return 0;
 
-    ev->event_type = EXIT_RET_EVENT;
+    ev->event_type = EXIT_NULL_EVENT;
     ev->trace_id = SYS_EXIT_INIT_MODULE;
     ev->pid = pid;
     ev->tid = tid;
     ev->time = bpf_ktime_get_boot_ns();
-    ev->ret = ctx->ret;
-    ev->ret_type = UNCLASSIFIED;
 
     bpf_ringbuf_submit(ev, 0);
     return 0;
diff --git a/internal/c/generated_tracepoints_result.txt b/internal/c/generated_tracepoints_result.txt
index ed07ec6..43b33d5 100644
--- a/internal/c/generated_tracepoints_result.txt
+++ b/internal/c/generated_tracepoints_result.txt
@@ -28,7 +28,7 @@ sys_enter_close_range is a struct fd_event (kind=fd)
 sys_enter_connect is a struct fd_event (kind=fd)
 sys_enter_copy_file_range is a struct fd_event (kind=fd)
 sys_enter_creat is a struct path_event (kind=pathname)
-sys_enter_delete_module is a struct null_event (kind=null)
+sys_enter_delete_module is a struct null_event (kind=module)
 sys_enter_dup is a struct fd_event (kind=fd)
 sys_enter_dup2 is a struct fd_event (kind=fd)
 sys_enter_dup3 is a struct dup3_event (kind=dup3)
@@ -110,7 +110,7 @@ sys_enter_gettimeofday is a struct null_event (kind=null)
 sys_enter_getuid is a struct null_event (kind=null)
 sys_enter_getxattr is a struct path_event (kind=pathname)
 sys_enter_getxattrat is a struct path_event (kind=pathname)
-sys_enter_init_module is a struct null_event (kind=null)
+sys_enter_init_module is a struct null_event (kind=module)
 sys_enter_inotify_add_watch is a struct fd_event (kind=fd)
 sys_enter_inotify_init is a struct eventfd_event (kind=eventfd)
 sys_enter_inotify_init1 is a struct eventfd_event (kind=eventfd)
@@ -273,7 +273,7 @@ sys_enter_sched_setattr is a struct null_event (kind=null)
 sys_enter_sched_setparam is a struct null_event (kind=null)
 sys_enter_sched_setscheduler is a struct null_event (kind=null)
 sys_enter_sched_yield is a struct null_event (kind=null)
-sys_enter_seccomp is a struct null_event (kind=null)
+sys_enter_seccomp is a struct null_event (kind=seccomp)
 sys_enter_select is a struct poll_event (kind=poll)
 sys_enter_semctl is a struct null_event (kind=null)
 sys_enter_semget is a struct null_event (kind=null)
@@ -395,7 +395,7 @@ sys_exit_close_range is a struct ret_event (UNCLASSIFIED) (kind=ret)
 sys_exit_connect is a struct ret_event (UNCLASSIFIED) (kind=ret)
 sys_exit_copy_file_range is a struct ret_event (TRANSFER_CLASSIFIED) (kind=ret)
 sys_exit_creat is a struct ret_event (UNCLASSIFIED) (kind=ret)
-sys_exit_delete_module is a struct ret_event (UNCLASSIFIED) (kind=ret)
+sys_exit_delete_module is a struct null_event (kind=module)
 sys_exit_dup is a struct ret_event (UNCLASSIFIED) (kind=ret)
 sys_exit_dup2 is a struct ret_event (UNCLASSIFIED) (kind=ret)
 sys_exit_dup3 is a struct ret_event (UNCLASSIFIED) (kind=ret)
@@ -477,7 +477,7 @@ sys_exit_gettimeofday is a struct ret_event (UNCLASSIFIED) (kind=ret)
 sys_exit_getuid is a struct ret_event (UNCLASSIFIED) (kind=ret)
 sys_exit_getxattr is a struct ret_event (READ_CLASSIFIED) (kind=ret)
 sys_exit_getxattrat is a struct ret_event (UNCLASSIFIED) (kind=ret)
-sys_exit_init_module is a struct ret_event (UNCLASSIFIED) (kind=ret)
+sys_exit_init_module is a struct null_event (kind=module)
 sys_exit_inotify_add_watch is a struct ret_event (UNCLASSIFIED) (kind=ret)
 sys_exit_inotify_init is a struct eventfd_event (kind=eventfd)
 sys_exit_inotify_init1 is a struct eventfd_event (kind=eventfd)
@@ -640,7 +640,7 @@ sys_exit_sched_setattr is a struct ret_event (UNCLASSIFIED) (kind=ret)
 sys_exit_sched_setparam is a struct ret_event (UNCLASSIFIED) (kind=ret)
 sys_exit_sched_setscheduler is a struct ret_event (UNCLASSIFIED) (kind=ret)
 sys_exit_sched_yield is a struct ret_event (UNCLASSIFIED) (kind=ret)
-sys_exit_seccomp is a struct ret_event (UNCLASSIFIED) (kind=ret)
+sys_exit_seccomp is a struct null_event (kind=seccomp)
 sys_exit_select is a struct ret_event (UNCLASSIFIED) (kind=ret)
 sys_exit_semctl is a struct ret_event (UNCLASSIFIED) (kind=ret)
 sys_exit_semget is a struct ret_event (UNCLASSIFIED) (kind=ret)