diff options
| author | Paul Buetow <paul@buetow.org> | 2024-02-19 12:19:11 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2024-02-19 12:19:11 +0200 |
| commit | 4950710f87d8fe65e00d855760ea4b3f71de73e5 (patch) | |
| tree | 4a706891b2068740dafbb1fc479c99b710836a2e /internal/c | |
| parent | db553759bbc60cf6e0ed1c1e40e7567b5838cc61 (diff) | |
refactor open, re-use some code
Diffstat (limited to 'internal/c')
| -rw-r--r-- | internal/c/tracepoints/open.c | 26 | ||||
| -rw-r--r-- | internal/c/types.h | 16 |
2 files changed, 27 insertions, 15 deletions
diff --git a/internal/c/tracepoints/open.c b/internal/c/tracepoints/open.c index b405c0e..7e15f85 100644 --- a/internal/c/tracepoints/open.c +++ b/internal/c/tracepoints/open.c @@ -1,7 +1,6 @@ //+build ignore -SEC("tracepoint/syscalls/sys_enter_openat") -int handle_enter_openat(struct trace_event_raw_sys_enter *ctx) { +static __always_inline int _handle_enter_open(struct trace_event_raw_sys_enter *ctx, __u32 op_id) { if (filter()) return 0; @@ -9,10 +8,11 @@ int handle_enter_openat(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = OPENAT_ENTER_OP_ID; + ev->op_id = op_id; ev->pid_tgid = bpf_get_current_pid_tgid(); ev->time = bpf_ktime_get_ns(); + // Reset memory, as structure is re-used (ringbuffer) __builtin_memset(&(ev->filename), 0, sizeof(ev->filename) + sizeof(ev->comm)); bpf_probe_read_user_str(ev->filename, sizeof(ev->filename), (void *)ctx->args[1]); bpf_get_current_comm(&ev->comm, sizeof(ev->comm)); @@ -21,8 +21,7 @@ int handle_enter_openat(struct trace_event_raw_sys_enter *ctx) { return 0; } -SEC("tracepoint/syscalls/sys_exit_openat") -int handle_exit_openat(struct trace_event_raw_sys_exit *ctx) { +static __always_inline int _handle_exit_open(struct trace_event_raw_sys_exit *ctx, __u32 op_id) { if (filter()) return 0; @@ -30,7 +29,7 @@ int handle_exit_openat(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = OPENAT_EXIT_OP_ID; + ev->op_id = op_id; ev->pid_tgid = bpf_get_current_pid_tgid(); ev->time = bpf_ktime_get_ns(); ev->fd = ctx->ret; @@ -40,13 +39,22 @@ int handle_exit_openat(struct trace_event_raw_sys_exit *ctx) { return 0; } +SEC("tracepoint/syscalls/sys_enter_openat") +int handle_enter_openat(struct trace_event_raw_sys_enter *ctx) { + return _handle_enter_open(ctx, OPENAT_ENTER_OP_ID); +} + +SEC("tracepoint/syscalls/sys_exit_openat") +int handle_exit_openat(struct trace_event_raw_sys_exit *ctx) { + return _handle_exit_open(ctx, OPENAT_EXIT_OP_ID); +} + SEC("tracepoint/syscalls/sys_enter_open") int handle_enter_open(struct trace_event_raw_sys_enter *ctx) { - return handle_enter_openat(ctx); + return _handle_enter_open(ctx, OPEN_ENTER_OP_ID); } SEC("tracepoint/syscalls/sys_exit_open") int handle_exit_open(struct trace_event_raw_sys_exit *ctx) { - return handle_exit_openat(ctx); + return _handle_exit_open(ctx, OPEN_EXIT_OP_ID); } - diff --git a/internal/c/types.h b/internal/c/types.h index 25cfcd8..9f0ddd5 100644 --- a/internal/c/types.h +++ b/internal/c/types.h @@ -7,12 +7,16 @@ #define OPENAT_ENTER_OP_ID 1 #define OPENAT_EXIT_OP_ID 2 -#define CLOSE_ENTER_OP_ID 3 -#define CLOSE_EXIT_OP_ID 4 -#define WRITE_ENTER_OP_ID 5 -#define WRITE_EXIT_OP_ID 6 -#define WRITEV_ENTER_OP_ID 7 -#define WRITEV_EXIT_OP_ID 8 +#define OPEN_ENTER_OP_ID 3 +#define OPEN_EXIT_OP_ID 4 + +#define CLOSE_ENTER_OP_ID 5 +#define CLOSE_EXIT_OP_ID 6 + +#define WRITE_ENTER_OP_ID 7 +#define WRITE_EXIT_OP_ID 8 +#define WRITEV_ENTER_OP_ID 9 +#define WRITEV_EXIT_OP_ID 10 struct null_event { __u32 op_id; |