diff options
| author | Paul Buetow <paul@buetow.org> | 2026-05-19 15:00:02 +0300 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-05-19 15:00:02 +0300 |
| commit | 71ef23ae16b0e310e66f3bf622cebefb9ec6b208 (patch) | |
| tree | d61bc007207fbd3f4e21de34874de0248692b9b2 /internal/c | |
| parent | 9cc2c7b3c4c7a1f1837a4a5260f11ccea5814c83 (diff) | |
v6: add KindAccept and wire accept/accept4
Diffstat (limited to 'internal/c')
| -rw-r--r-- | internal/c/generated_tracepoints.c | 30 | ||||
| -rw-r--r-- | internal/c/generated_tracepoints_result.txt | 8 | ||||
| -rw-r--r-- | internal/c/types.h | 12 |
3 files changed, 32 insertions, 18 deletions
diff --git a/internal/c/generated_tracepoints.c b/internal/c/generated_tracepoints.c index 03cf2b4..0f83f35 100644 --- a/internal/c/generated_tracepoints.c +++ b/internal/c/generated_tracepoints.c @@ -952,91 +952,93 @@ int handle_sys_exit_listen(struct syscall_trace_exit *ctx) { return 0; } -/// sys_enter_accept4 is a struct fd_event +/// sys_enter_accept4 is a struct accept_event SEC("tracepoint/syscalls/sys_enter_accept4") int handle_sys_enter_accept4(struct syscall_trace_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; - struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + struct accept_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct accept_event), 0); if (!ev) return 0; - ev->event_type = ENTER_FD_EVENT; + ev->event_type = ENTER_ACCEPT_EVENT; ev->trace_id = SYS_ENTER_ACCEPT4; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_boot_ns(); ev->fd = (__s32)ctx->args[0]; + ev->ret = -1; bpf_ringbuf_submit(ev, 0); return 0; } -/// sys_exit_accept4 is a struct ret_event (UNCLASSIFIED) +/// sys_exit_accept4 is a struct accept_event SEC("tracepoint/syscalls/sys_exit_accept4") int handle_sys_exit_accept4(struct syscall_trace_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; - struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + struct accept_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct accept_event), 0); if (!ev) return 0; - ev->event_type = EXIT_RET_EVENT; + ev->event_type = EXIT_ACCEPT_EVENT; ev->trace_id = SYS_EXIT_ACCEPT4; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_boot_ns(); + ev->fd = -1; ev->ret = ctx->ret; - ev->ret_type = UNCLASSIFIED; bpf_ringbuf_submit(ev, 0); return 0; } -/// sys_enter_accept is a struct fd_event +/// sys_enter_accept is a struct accept_event SEC("tracepoint/syscalls/sys_enter_accept") int handle_sys_enter_accept(struct syscall_trace_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; - struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + struct accept_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct accept_event), 0); if (!ev) return 0; - ev->event_type = ENTER_FD_EVENT; + ev->event_type = ENTER_ACCEPT_EVENT; ev->trace_id = SYS_ENTER_ACCEPT; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_boot_ns(); ev->fd = (__s32)ctx->args[0]; + ev->ret = -1; bpf_ringbuf_submit(ev, 0); return 0; } -/// sys_exit_accept is a struct ret_event (UNCLASSIFIED) +/// sys_exit_accept is a struct accept_event SEC("tracepoint/syscalls/sys_exit_accept") int handle_sys_exit_accept(struct syscall_trace_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; - struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + struct accept_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct accept_event), 0); if (!ev) return 0; - ev->event_type = EXIT_RET_EVENT; + ev->event_type = EXIT_ACCEPT_EVENT; ev->trace_id = SYS_EXIT_ACCEPT; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_boot_ns(); + ev->fd = -1; ev->ret = ctx->ret; - ev->ret_type = UNCLASSIFIED; bpf_ringbuf_submit(ev, 0); return 0; diff --git a/internal/c/generated_tracepoints_result.txt b/internal/c/generated_tracepoints_result.txt index 560e24b..a2ad3ca 100644 --- a/internal/c/generated_tracepoints_result.txt +++ b/internal/c/generated_tracepoints_result.txt @@ -1,5 +1,5 @@ -sys_enter_accept is a struct fd_event -sys_enter_accept4 is a struct fd_event +sys_enter_accept is a struct accept_event +sys_enter_accept4 is a struct accept_event sys_enter_access is a struct path_event sys_enter_acct is a struct null_event sys_enter_add_key is a struct null_event @@ -365,8 +365,8 @@ sys_enter_wait4 is a struct null_event sys_enter_waitid is a struct null_event sys_enter_write is a struct fd_event sys_enter_writev is a struct fd_event -sys_exit_accept is a struct ret_event (UNCLASSIFIED) -sys_exit_accept4 is a struct ret_event (UNCLASSIFIED) +sys_exit_accept is a struct accept_event +sys_exit_accept4 is a struct accept_event sys_exit_access is a struct ret_event (UNCLASSIFIED) sys_exit_acct is a struct ret_event (UNCLASSIFIED) sys_exit_add_key is a struct ret_event (UNCLASSIFIED) diff --git a/internal/c/types.h b/internal/c/types.h index 29f18e1..6365e3f 100644 --- a/internal/c/types.h +++ b/internal/c/types.h @@ -25,6 +25,8 @@ #define EXIT_SOCKET_EVENT 20 #define ENTER_SOCKETPAIR_EVENT 21 #define EXIT_SOCKETPAIR_EVENT 22 +#define ENTER_ACCEPT_EVENT 23 +#define EXIT_ACCEPT_EVENT 24 #define UNCLASSIFIED 0 #define READ_CLASSIFIED 1 @@ -143,3 +145,13 @@ struct socketpair_event { __s32 sv1; __s64 ret; }; + +struct accept_event { + __u32 event_type; + __u32 trace_id; + __u64 time; + __u32 pid; + __u32 tid; + __s32 fd; + __s64 ret; +}; |