task-47: add KindExec for execve paths

author: Paul Buetow <paul@buetow.org> 2026-05-20 23:42:12 +0300
committer: Paul Buetow <paul@buetow.org> 2026-05-20 23:42:12 +0300
commit: be6d4e8ffc722bf0d36c5b01ff46f817539a1525 (patch)
tree: 7bb0aeb51e29cfbc6735af15bb812b888f4b3574 /internal/eventloop_exit.go
parent: 2156d6e51b18e29fe8dfe8e1a519e1a84e0a1fe6 (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/internal/eventloop_exit.go b/internal/eventloop_exit.go
index 5ee31f5..598adba 100644
--- a/internal/eventloop_exit.go
+++ b/internal/eventloop_exit.go
@@ -16,6 +16,8 @@ func (e *eventLoop) handleTracepointExit(ep *event.Pair) bool {
 	switch ev := ep.EnterEv.(type) {
 	case *types.OpenEvent:
 		return e.handleOpenExit(ep, ev)
+	case *types.ExecEvent:
+		return e.handleExecExit(ep, ev)
 	case *types.NameEvent:
 		return e.handleNameExit(ep, ev)
 	case *types.PathEvent:
@@ -83,6 +85,22 @@ func (e *eventLoop) handleOpenExit(ep *event.Pair, openEv *types.OpenEvent) bool
 	return true
 }
 
+func (e *eventLoop) handleExecExit(ep *event.Pair, execEv *types.ExecEvent) bool {
+	if _, ok := ep.ExitEv.(*types.RetEvent); !ok {
+		e.recyclePair(ep, "Dropped malformed exec exit event")
+		return false
+	}
+	comm := types.StringValue(execEv.Comm[:])
+	ep.Comm = comm
+	ep.File = file.NewPathname(execEv.Filename[:])
+	e.setCachedComm(execEv.Tid, comm)
+	if !e.Filter().MatchPair(ep) {
+		ep.Recycle()
+		return false
+	}
+	return true
+}
+
 func (e *eventLoop) handleNameExit(ep *event.Pair, nameEv *types.NameEvent) bool {
 	ep.File = file.NewOldnameNewname(nameEv.Oldname[:], nameEv.Newname[:])
 	ep.Comm = e.comm(nameEv.GetTid())
author	Paul Buetow <paul@buetow.org>	2026-05-20 23:42:12 +0300
committer	Paul Buetow <paul@buetow.org>	2026-05-20 23:42:12 +0300
commit	be6d4e8ffc722bf0d36c5b01ff46f817539a1525 (patch)
tree	7bb0aeb51e29cfbc6735af15bb812b888f4b3574 /internal/eventloop_exit.go
parent	2156d6e51b18e29fe8dfe8e1a519e1a84e0a1fe6 (diff)