diff options
| author | Paul Buetow <paul@buetow.org> | 2026-05-18 14:14:33 +0300 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-05-18 14:14:33 +0300 |
| commit | 519cd996b5a7fede23b8b23f3c101d10b26111de (patch) | |
| tree | 93f14954325e936d459003f334b667d2afec93b6 /internal | |
| parent | d68e12c92f2aec9b59a849480e0788ab5d798b2a (diff) | |
k6: emit tracepoints for all syscall families
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/c/generated_tracepoints.c | 12219 | ||||
| -rw-r--r-- | internal/c/generated_tracepoints_result.txt | 750 | ||||
| -rw-r--r-- | internal/generate/classify.go | 38 | ||||
| -rw-r--r-- | internal/generate/classify_test.go | 105 | ||||
| -rw-r--r-- | internal/generate/codegen.go | 12 | ||||
| -rw-r--r-- | internal/generate/codegen_test.go | 54 | ||||
| -rw-r--r-- | internal/generate/family.go | 166 | ||||
| -rw-r--r-- | internal/generate/family_test.go | 51 | ||||
| -rw-r--r-- | internal/generate/format.go | 2 | ||||
| -rw-r--r-- | internal/tracepoints/generated_tracepoints.go | 500 | ||||
| -rw-r--r-- | internal/types/generated_types.go | 944 |
11 files changed, 13791 insertions, 1050 deletions
diff --git a/internal/c/generated_tracepoints.c b/internal/c/generated_tracepoints.c index 1633966..be6606d 100644 --- a/internal/c/generated_tracepoints.c +++ b/internal/c/generated_tracepoints.c @@ -1,490 +1,1592 @@ // Code generated - don't change manually! -/// Ignoring sys_enter_accept sys_exit_accept as possibly not file I/O related -/// Ignoring sys_enter_accept4 sys_exit_accept4 as possibly not file I/O related -/// Ignoring sys_enter_acct sys_exit_acct as possibly not file I/O related -/// Ignoring sys_enter_add_key sys_exit_add_key as possibly not file I/O related -/// Ignoring sys_enter_adjtimex sys_exit_adjtimex as possibly not file I/O related -/// Ignoring sys_enter_alarm sys_exit_alarm as possibly not file I/O related -/// Ignoring sys_enter_arch_prctl sys_exit_arch_prctl as possibly not file I/O related -/// Ignoring sys_enter_bind sys_exit_bind as possibly not file I/O related -/// Ignoring sys_enter_bpf sys_exit_bpf as possibly not file I/O related -/// Ignoring sys_enter_brk sys_exit_brk as possibly not file I/O related -/// Ignoring sys_enter_capget sys_exit_capget as possibly not file I/O related -/// Ignoring sys_enter_capset sys_exit_capset as possibly not file I/O related -/// Ignoring sys_enter_clock_adjtime sys_exit_clock_adjtime as possibly not file I/O related -/// Ignoring sys_enter_clock_getres sys_exit_clock_getres as possibly not file I/O related -/// Ignoring sys_enter_clock_gettime sys_exit_clock_gettime as possibly not file I/O related -/// Ignoring sys_enter_clock_nanosleep sys_exit_clock_nanosleep as possibly not file I/O related -/// Ignoring sys_enter_clock_settime sys_exit_clock_settime as possibly not file I/O related -/// Ignoring sys_enter_clone sys_exit_clone as possibly not file I/O related -/// Ignoring sys_enter_clone3 sys_exit_clone3 as possibly not file I/O related -/// Ignoring sys_enter_connect sys_exit_connect as possibly not file I/O related -/// Ignoring sys_enter_delete_module sys_exit_delete_module as possibly not file I/O related -/// Ignoring sys_enter_epoll_create sys_exit_epoll_create as possibly not file I/O related -/// Ignoring sys_enter_epoll_create1 sys_exit_epoll_create1 as possibly not file I/O related -/// Ignoring sys_enter_epoll_ctl sys_exit_epoll_ctl as possibly not file I/O related -/// Ignoring sys_enter_epoll_pwait sys_exit_epoll_pwait as possibly not file I/O related -/// Ignoring sys_enter_epoll_pwait2 sys_exit_epoll_pwait2 as possibly not file I/O related -/// Ignoring sys_enter_epoll_wait sys_exit_epoll_wait as possibly not file I/O related -/// Ignoring sys_enter_eventfd sys_exit_eventfd as possibly not file I/O related -/// Ignoring sys_enter_eventfd2 sys_exit_eventfd2 as possibly not file I/O related -/// Ignoring sys_enter_execve sys_exit_execve as possibly not file I/O related -/// Ignoring sys_enter_execveat sys_exit_execveat as possibly not file I/O related -/// Ignoring sys_enter_exit sys_exit_exit as possibly not file I/O related -/// Ignoring sys_enter_exit_group sys_exit_exit_group as possibly not file I/O related -/// Ignoring sys_enter_fanotify_init sys_exit_fanotify_init as possibly not file I/O related -/// Ignoring sys_enter_fork sys_exit_fork as possibly not file I/O related -/// Ignoring sys_enter_fsmount sys_exit_fsmount as possibly not file I/O related -/// Ignoring sys_enter_fsopen sys_exit_fsopen as possibly not file I/O related -/// Ignoring sys_enter_futex sys_exit_futex as possibly not file I/O related -/// Ignoring sys_enter_futex_requeue sys_exit_futex_requeue as possibly not file I/O related -/// Ignoring sys_enter_futex_wait sys_exit_futex_wait as possibly not file I/O related -/// Ignoring sys_enter_futex_waitv sys_exit_futex_waitv as possibly not file I/O related -/// Ignoring sys_enter_futex_wake sys_exit_futex_wake as possibly not file I/O related -/// Ignoring sys_enter_get_mempolicy sys_exit_get_mempolicy as possibly not file I/O related -/// Ignoring sys_enter_get_robust_list sys_exit_get_robust_list as possibly not file I/O related -/// Ignoring sys_enter_getcpu sys_exit_getcpu as possibly not file I/O related -/// Ignoring sys_enter_getegid sys_exit_getegid as possibly not file I/O related -/// Ignoring sys_enter_geteuid sys_exit_geteuid as possibly not file I/O related -/// Ignoring sys_enter_getgid sys_exit_getgid as possibly not file I/O related -/// Ignoring sys_enter_getgroups sys_exit_getgroups as possibly not file I/O related -/// Ignoring sys_enter_getitimer sys_exit_getitimer as possibly not file I/O related -/// Ignoring sys_enter_getpeername sys_exit_getpeername as possibly not file I/O related -/// Ignoring sys_enter_getpgid sys_exit_getpgid as possibly not file I/O related -/// Ignoring sys_enter_getpgrp sys_exit_getpgrp as possibly not file I/O related -/// Ignoring sys_enter_getpid sys_exit_getpid as possibly not file I/O related -/// Ignoring sys_enter_getppid sys_exit_getppid as possibly not file I/O related -/// Ignoring sys_enter_getpriority sys_exit_getpriority as possibly not file I/O related -/// Ignoring sys_enter_getrandom sys_exit_getrandom as possibly not file I/O related -/// Ignoring sys_enter_getresgid sys_exit_getresgid as possibly not file I/O related -/// Ignoring sys_enter_getresuid sys_exit_getresuid as possibly not file I/O related -/// Ignoring sys_enter_getrlimit sys_exit_getrlimit as possibly not file I/O related -/// Ignoring sys_enter_getrusage sys_exit_getrusage as possibly not file I/O related -/// Ignoring sys_enter_getsid sys_exit_getsid as possibly not file I/O related -/// Ignoring sys_enter_getsockname sys_exit_getsockname as possibly not file I/O related -/// Ignoring sys_enter_getsockopt sys_exit_getsockopt as possibly not file I/O related -/// Ignoring sys_enter_gettid sys_exit_gettid as possibly not file I/O related -/// Ignoring sys_enter_gettimeofday sys_exit_gettimeofday as possibly not file I/O related -/// Ignoring sys_enter_getuid sys_exit_getuid as possibly not file I/O related -/// Ignoring sys_enter_init_module sys_exit_init_module as possibly not file I/O related -/// Ignoring sys_enter_inotify_add_watch sys_exit_inotify_add_watch as possibly not file I/O related -/// Ignoring sys_enter_inotify_init sys_exit_inotify_init as possibly not file I/O related -/// Ignoring sys_enter_inotify_init1 sys_exit_inotify_init1 as possibly not file I/O related -/// Ignoring sys_enter_inotify_rm_watch sys_exit_inotify_rm_watch as possibly not file I/O related -/// Ignoring sys_enter_ioperm sys_exit_ioperm as possibly not file I/O related -/// Ignoring sys_enter_iopl sys_exit_iopl as possibly not file I/O related -/// Ignoring sys_enter_ioprio_get sys_exit_ioprio_get as possibly not file I/O related -/// Ignoring sys_enter_ioprio_set sys_exit_ioprio_set as possibly not file I/O related -/// Ignoring sys_enter_kcmp sys_exit_kcmp as possibly not file I/O related -/// Ignoring sys_enter_kexec_file_load sys_exit_kexec_file_load as possibly not file I/O related -/// Ignoring sys_enter_kexec_load sys_exit_kexec_load as possibly not file I/O related -/// Ignoring sys_enter_keyctl sys_exit_keyctl as possibly not file I/O related -/// Ignoring sys_enter_kill sys_exit_kill as possibly not file I/O related -/// Ignoring sys_enter_landlock_add_rule sys_exit_landlock_add_rule as possibly not file I/O related -/// Ignoring sys_enter_landlock_create_ruleset sys_exit_landlock_create_ruleset as possibly not file I/O related -/// Ignoring sys_enter_landlock_restrict_self sys_exit_landlock_restrict_self as possibly not file I/O related -/// Ignoring sys_enter_listen sys_exit_listen as possibly not file I/O related -/// Ignoring sys_enter_listmount sys_exit_listmount as possibly not file I/O related -/// Ignoring sys_enter_listns sys_exit_listns as possibly not file I/O related -/// Ignoring sys_enter_lsm_get_self_attr sys_exit_lsm_get_self_attr as possibly not file I/O related -/// Ignoring sys_enter_lsm_list_modules sys_exit_lsm_list_modules as possibly not file I/O related -/// Ignoring sys_enter_lsm_set_self_attr sys_exit_lsm_set_self_attr as possibly not file I/O related -/// Ignoring sys_enter_madvise sys_exit_madvise as possibly not file I/O related -/// Ignoring sys_enter_map_shadow_stack sys_exit_map_shadow_stack as possibly not file I/O related -/// Ignoring sys_enter_mbind sys_exit_mbind as possibly not file I/O related -/// Ignoring sys_enter_membarrier sys_exit_membarrier as possibly not file I/O related -/// Ignoring sys_enter_memfd_create sys_exit_memfd_create as possibly not file I/O related -/// Ignoring sys_enter_memfd_secret sys_exit_memfd_secret as possibly not file I/O related -/// Ignoring sys_enter_migrate_pages sys_exit_migrate_pages as possibly not file I/O related -/// Ignoring sys_enter_mincore sys_exit_mincore as possibly not file I/O related -/// Ignoring sys_enter_mknod sys_exit_mknod as possibly not file I/O related -/// Ignoring sys_enter_mknodat sys_exit_mknodat as possibly not file I/O related -/// Ignoring sys_enter_mlock sys_exit_mlock as possibly not file I/O related -/// Ignoring sys_enter_mlock2 sys_exit_mlock2 as possibly not file I/O related -/// Ignoring sys_enter_mlockall sys_exit_mlockall as possibly not file I/O related -/// Ignoring sys_enter_modify_ldt sys_exit_modify_ldt as possibly not file I/O related -/// Ignoring sys_enter_mount sys_exit_mount as possibly not file I/O related -/// Ignoring sys_enter_move_mount sys_exit_move_mount as possibly not file I/O related -/// Ignoring sys_enter_move_pages sys_exit_move_pages as possibly not file I/O related -/// Ignoring sys_enter_mprotect sys_exit_mprotect as possibly not file I/O related -/// Ignoring sys_enter_mq_getsetattr sys_exit_mq_getsetattr as possibly not file I/O related -/// Ignoring sys_enter_mq_notify sys_exit_mq_notify as possibly not file I/O related -/// Ignoring sys_enter_mq_open sys_exit_mq_open as possibly not file I/O related -/// Ignoring sys_enter_mq_timedreceive sys_exit_mq_timedreceive as possibly not file I/O related -/// Ignoring sys_enter_mq_timedsend sys_exit_mq_timedsend as possibly not file I/O related -/// Ignoring sys_enter_mq_unlink sys_exit_mq_unlink as possibly not file I/O related -/// Ignoring sys_enter_mremap sys_exit_mremap as possibly not file I/O related -/// Ignoring sys_enter_mseal sys_exit_mseal as possibly not file I/O related -/// Ignoring sys_enter_msgctl sys_exit_msgctl as possibly not file I/O related -/// Ignoring sys_enter_msgget sys_exit_msgget as possibly not file I/O related -/// Ignoring sys_enter_msgrcv sys_exit_msgrcv as possibly not file I/O related -/// Ignoring sys_enter_msgsnd sys_exit_msgsnd as possibly not file I/O related -/// Ignoring sys_enter_munlock sys_exit_munlock as possibly not file I/O related -/// Ignoring sys_enter_munlockall sys_exit_munlockall as possibly not file I/O related -/// Ignoring sys_enter_munmap sys_exit_munmap as possibly not file I/O related -/// Ignoring sys_enter_nanosleep sys_exit_nanosleep as possibly not file I/O related -/// Ignoring sys_enter_newuname sys_exit_newuname as possibly not file I/O related -/// Ignoring sys_enter_pause sys_exit_pause as possibly not file I/O related -/// Ignoring sys_enter_perf_event_open sys_exit_perf_event_open as possibly not file I/O related -/// Ignoring sys_enter_personality sys_exit_personality as possibly not file I/O related -/// Ignoring sys_enter_pidfd_open sys_exit_pidfd_open as possibly not file I/O related -/// Ignoring sys_enter_pidfd_send_signal sys_exit_pidfd_send_signal as possibly not file I/O related -/// Ignoring sys_enter_pipe sys_exit_pipe as possibly not file I/O related -/// Ignoring sys_enter_pipe2 sys_exit_pipe2 as possibly not file I/O related -/// Ignoring sys_enter_pivot_root sys_exit_pivot_root as possibly not file I/O related -/// Ignoring sys_enter_pkey_alloc sys_exit_pkey_alloc as possibly not file I/O related -/// Ignoring sys_enter_pkey_free sys_exit_pkey_free as possibly not file I/O related -/// Ignoring sys_enter_pkey_mprotect sys_exit_pkey_mprotect as possibly not file I/O related -/// Ignoring sys_enter_poll sys_exit_poll as possibly not file I/O related -/// Ignoring sys_enter_ppoll sys_exit_ppoll as possibly not file I/O related -/// Ignoring sys_enter_prctl sys_exit_prctl as possibly not file I/O related -/// Ignoring sys_enter_prlimit64 sys_exit_prlimit64 as possibly not file I/O related -/// Ignoring sys_enter_process_madvise sys_exit_process_madvise as possibly not file I/O related -/// Ignoring sys_enter_process_mrelease sys_exit_process_mrelease as possibly not file I/O related -/// Ignoring sys_enter_process_vm_readv sys_exit_process_vm_readv as possibly not file I/O related -/// Ignoring sys_enter_process_vm_writev sys_exit_process_vm_writev as possibly not file I/O related -/// Ignoring sys_enter_pselect6 sys_exit_pselect6 as possibly not file I/O related -/// Ignoring sys_enter_ptrace sys_exit_ptrace as possibly not file I/O related -/// Ignoring sys_enter_quotactl sys_exit_quotactl as possibly not file I/O related -/// Ignoring sys_enter_reboot sys_exit_reboot as possibly not file I/O related -/// Ignoring sys_enter_recvfrom sys_exit_recvfrom as possibly not file I/O related -/// Ignoring sys_enter_recvmmsg sys_exit_recvmmsg as possibly not file I/O related -/// Ignoring sys_enter_recvmsg sys_exit_recvmsg as possibly not file I/O related -/// Ignoring sys_enter_remap_file_pages sys_exit_remap_file_pages as possibly not file I/O related -/// Ignoring sys_enter_request_key sys_exit_request_key as possibly not file I/O related -/// Ignoring sys_enter_restart_syscall sys_exit_restart_syscall as possibly not file I/O related -/// Ignoring sys_enter_rseq sys_exit_rseq as possibly not file I/O related -/// Ignoring sys_enter_rt_sigaction sys_exit_rt_sigaction as possibly not file I/O related -/// Ignoring sys_enter_rt_sigpending sys_exit_rt_sigpending as possibly not file I/O related -/// Ignoring sys_enter_rt_sigprocmask sys_exit_rt_sigprocmask as possibly not file I/O related -/// Ignoring sys_enter_rt_sigqueueinfo sys_exit_rt_sigqueueinfo as possibly not file I/O related -/// Ignoring sys_enter_rt_sigreturn sys_exit_rt_sigreturn as possibly not file I/O related -/// Ignoring sys_enter_rt_sigsuspend sys_exit_rt_sigsuspend as possibly not file I/O related -/// Ignoring sys_enter_rt_sigtimedwait sys_exit_rt_sigtimedwait as possibly not file I/O related -/// Ignoring sys_enter_rt_tgsigqueueinfo sys_exit_rt_tgsigqueueinfo as possibly not file I/O related -/// Ignoring sys_enter_sched_get_priority_max sys_exit_sched_get_priority_max as possibly not file I/O related -/// Ignoring sys_enter_sched_get_priority_min sys_exit_sched_get_priority_min as possibly not file I/O related -/// Ignoring sys_enter_sched_getaffinity sys_exit_sched_getaffinity as possibly not file I/O related -/// Ignoring sys_enter_sched_getattr sys_exit_sched_getattr as possibly not file I/O related -/// Ignoring sys_enter_sched_getparam sys_exit_sched_getparam as possibly not file I/O related -/// Ignoring sys_enter_sched_getscheduler sys_exit_sched_getscheduler as possibly not file I/O related -/// Ignoring sys_enter_sched_rr_get_interval sys_exit_sched_rr_get_interval as possibly not file I/O related -/// Ignoring sys_enter_sched_setaffinity sys_exit_sched_setaffinity as possibly not file I/O related -/// Ignoring sys_enter_sched_setattr sys_exit_sched_setattr as possibly not file I/O related -/// Ignoring sys_enter_sched_setparam sys_exit_sched_setparam as possibly not file I/O related -/// Ignoring sys_enter_sched_setscheduler sys_exit_sched_setscheduler as possibly not file I/O related -/// Ignoring sys_enter_sched_yield sys_exit_sched_yield as possibly not file I/O related -/// Ignoring sys_enter_seccomp sys_exit_seccomp as possibly not file I/O related -/// Ignoring sys_enter_select sys_exit_select as possibly not file I/O related -/// Ignoring sys_enter_semctl sys_exit_semctl as possibly not file I/O related -/// Ignoring sys_enter_semget sys_exit_semget as possibly not file I/O related -/// Ignoring sys_enter_semop sys_exit_semop as possibly not file I/O related -/// Ignoring sys_enter_semtimedop sys_exit_semtimedop as possibly not file I/O related -/// Ignoring sys_enter_sendfile64 sys_exit_sendfile64 as possibly not file I/O related -/// Ignoring sys_enter_sendmmsg sys_exit_sendmmsg as possibly not file I/O related -/// Ignoring sys_enter_sendmsg sys_exit_sendmsg as possibly not file I/O related -/// Ignoring sys_enter_sendto sys_exit_sendto as possibly not file I/O related -/// Ignoring sys_enter_set_mempolicy sys_exit_set_mempolicy as possibly not file I/O related -/// Ignoring sys_enter_set_mempolicy_home_node sys_exit_set_mempolicy_home_node as possibly not file I/O related -/// Ignoring sys_enter_set_robust_list sys_exit_set_robust_list as possibly not file I/O related -/// Ignoring sys_enter_set_tid_address sys_exit_set_tid_address as possibly not file I/O related -/// Ignoring sys_enter_setdomainname sys_exit_setdomainname as possibly not file I/O related -/// Ignoring sys_enter_setfsgid sys_exit_setfsgid as possibly not file I/O related -/// Ignoring sys_enter_setfsuid sys_exit_setfsuid as possibly not file I/O related -/// Ignoring sys_enter_setgid sys_exit_setgid as possibly not file I/O related -/// Ignoring sys_enter_setgroups sys_exit_setgroups as possibly not file I/O related -/// Ignoring sys_enter_sethostname sys_exit_sethostname as possibly not file I/O related -/// Ignoring sys_enter_setitimer sys_exit_setitimer as possibly not file I/O related -/// Ignoring sys_enter_setns sys_exit_setns as possibly not file I/O related -/// Ignoring sys_enter_setpgid sys_exit_setpgid as possibly not file I/O related -/// Ignoring sys_enter_setpriority sys_exit_setpriority as possibly not file I/O related -/// Ignoring sys_enter_setregid sys_exit_setregid as possibly not file I/O related -/// Ignoring sys_enter_setresgid sys_exit_setresgid as possibly not file I/O related -/// Ignoring sys_enter_setresuid sys_exit_setresuid as possibly not file I/O related -/// Ignoring sys_enter_setreuid sys_exit_setreuid as possibly not file I/O related -/// Ignoring sys_enter_setrlimit sys_exit_setrlimit as possibly not file I/O related -/// Ignoring sys_enter_setsid sys_exit_setsid as possibly not file I/O related -/// Ignoring sys_enter_setsockopt sys_exit_setsockopt as possibly not file I/O related -/// Ignoring sys_enter_settimeofday sys_exit_settimeofday as possibly not file I/O related -/// Ignoring sys_enter_setuid sys_exit_setuid as possibly not file I/O related -/// Ignoring sys_enter_shmat sys_exit_shmat as possibly not file I/O related -/// Ignoring sys_enter_shmctl sys_exit_shmctl as possibly not file I/O related -/// Ignoring sys_enter_shmdt sys_exit_shmdt as possibly not file I/O related -/// Ignoring sys_enter_shmget sys_exit_shmget as possibly not file I/O related -/// Ignoring sys_enter_shutdown sys_exit_shutdown as possibly not file I/O related -/// Ignoring sys_enter_sigaltstack sys_exit_sigaltstack as possibly not file I/O related -/// Ignoring sys_enter_signalfd sys_exit_signalfd as possibly not file I/O related -/// Ignoring sys_enter_signalfd4 sys_exit_signalfd4 as possibly not file I/O related -/// Ignoring sys_enter_socket sys_exit_socket as possibly not file I/O related -/// Ignoring sys_enter_socketpair sys_exit_socketpair as possibly not file I/O related -/// Ignoring sys_enter_splice sys_exit_splice as possibly not file I/O related -/// Ignoring sys_enter_statmount sys_exit_statmount as possibly not file I/O related -/// Ignoring sys_enter_swapoff sys_exit_swapoff as possibly not file I/O related -/// Ignoring sys_enter_swapon sys_exit_swapon as possibly not file I/O related -/// Ignoring sys_enter_sysfs sys_exit_sysfs as possibly not file I/O related -/// Ignoring sys_enter_sysinfo sys_exit_sysinfo as possibly not file I/O related -/// Ignoring sys_enter_tee sys_exit_tee as possibly not file I/O related -/// Ignoring sys_enter_tgkill sys_exit_tgkill as possibly not file I/O related -/// Ignoring sys_enter_time sys_exit_time as possibly not file I/O related -/// Ignoring sys_enter_timer_create sys_exit_timer_create as possibly not file I/O related -/// Ignoring sys_enter_timer_delete sys_exit_timer_delete as possibly not file I/O related -/// Ignoring sys_enter_timer_getoverrun sys_exit_timer_getoverrun as possibly not file I/O related -/// Ignoring sys_enter_timer_gettime sys_exit_timer_gettime as possibly not file I/O related -/// Ignoring sys_enter_timer_settime sys_exit_timer_settime as possibly not file I/O related -/// Ignoring sys_enter_timerfd_create sys_exit_timerfd_create as possibly not file I/O related -/// Ignoring sys_enter_timerfd_gettime sys_exit_timerfd_gettime as possibly not file I/O related -/// Ignoring sys_enter_timerfd_settime sys_exit_timerfd_settime as possibly not file I/O related -/// Ignoring sys_enter_times sys_exit_times as possibly not file I/O related -/// Ignoring sys_enter_tkill sys_exit_tkill as possibly not file I/O related -/// Ignoring sys_enter_umask sys_exit_umask as possibly not file I/O related -/// Ignoring sys_enter_umount sys_exit_umount as possibly not file I/O related -/// Ignoring sys_enter_unshare sys_exit_unshare as possibly not file I/O related -/// Ignoring sys_enter_uprobe sys_exit_uprobe as possibly not file I/O related -/// Ignoring sys_enter_uretprobe sys_exit_uretprobe as possibly not file I/O related -/// Ignoring sys_enter_userfaultfd sys_exit_userfaultfd as possibly not file I/O related -/// Ignoring sys_enter_ustat sys_exit_ustat as possibly not file I/O related -/// Ignoring sys_enter_utime sys_exit_utime as possibly not file I/O related -/// Ignoring sys_enter_utimes sys_exit_utimes as possibly not file I/O related -/// Ignoring sys_enter_vfork sys_exit_vfork as possibly not file I/O related -/// Ignoring sys_enter_vhangup sys_exit_vhangup as possibly not file I/O related -/// Ignoring sys_enter_wait4 sys_exit_wait4 as possibly not file I/O related -/// Ignoring sys_enter_waitid sys_exit_waitid as possibly not file I/O related - -#define SYS_ENTER_IO_URING_REGISTER 1521 -#define SYS_EXIT_IO_URING_REGISTER 1520 -#define SYS_ENTER_IO_URING_ENTER 1502 -#define SYS_EXIT_IO_URING_ENTER 1501 -#define SYS_ENTER_IO_URING_SETUP 1500 -#define SYS_EXIT_IO_URING_SETUP 1499 -#define SYS_ENTER_QUOTACTL_FD 1155 -#define SYS_EXIT_QUOTACTL_FD 1154 -#define SYS_ENTER_NAME_TO_HANDLE_AT 1139 -#define SYS_EXIT_NAME_TO_HANDLE_AT 1138 -#define SYS_ENTER_OPEN_BY_HANDLE_AT 1137 -#define SYS_EXIT_OPEN_BY_HANDLE_AT 1136 -#define SYS_ENTER_FLOCK 1123 -#define SYS_EXIT_FLOCK 1122 -#define SYS_ENTER_IO_SETUP 1109 -#define SYS_EXIT_IO_SETUP 1108 -#define SYS_ENTER_IO_DESTROY 1107 -#define SYS_EXIT_IO_DESTROY 1106 -#define SYS_ENTER_IO_SUBMIT 1105 -#define SYS_EXIT_IO_SUBMIT 1104 -#define SYS_ENTER_IO_CANCEL 1103 -#define SYS_EXIT_IO_CANCEL 1102 -#define SYS_ENTER_IO_GETEVENTS 1101 -#define SYS_EXIT_IO_GETEVENTS 1100 -#define SYS_ENTER_IO_PGETEVENTS 1099 -#define SYS_EXIT_IO_PGETEVENTS 1098 -#define SYS_ENTER_FANOTIFY_MARK 1067 -#define SYS_EXIT_FANOTIFY_MARK 1066 -#define SYS_ENTER_FILE_GETATTR 1057 -#define SYS_EXIT_FILE_GETATTR 1056 -#define SYS_ENTER_FILE_SETATTR 1055 -#define SYS_EXIT_FILE_SETATTR 1054 -#define SYS_ENTER_FSPICK 1051 -#define SYS_EXIT_FSPICK 1050 -#define SYS_ENTER_FSCONFIG 1049 -#define SYS_EXIT_FSCONFIG 1048 -#define SYS_ENTER_STATFS 1047 -#define SYS_EXIT_STATFS 1046 -#define SYS_ENTER_FSTATFS 1045 -#define SYS_EXIT_FSTATFS 1044 -#define SYS_ENTER_GETCWD 1041 -#define SYS_EXIT_GETCWD 1040 -#define SYS_ENTER_UTIMENSAT 1039 -#define SYS_EXIT_UTIMENSAT 1038 -#define SYS_ENTER_FUTIMESAT 1037 -#define SYS_EXIT_FUTIMESAT 1036 -#define SYS_ENTER_SYNC 1031 -#define SYS_EXIT_SYNC 1030 -#define SYS_ENTER_SYNCFS 1029 -#define SYS_EXIT_SYNCFS 1028 -#define SYS_ENTER_FSYNC 1027 -#define SYS_EXIT_FSYNC 1026 -#define SYS_ENTER_FDATASYNC 1025 -#define SYS_EXIT_FDATASYNC 1024 -#define SYS_ENTER_SYNC_FILE_RANGE 1023 -#define SYS_EXIT_SYNC_FILE_RANGE 1022 -#define SYS_ENTER_VMSPLICE 1021 -#define SYS_EXIT_VMSPLICE 1020 -#define SYS_ENTER_SETXATTRAT 982 -#define SYS_EXIT_SETXATTRAT 981 -#define SYS_ENTER_SETXATTR 980 -#define SYS_EXIT_SETXATTR 979 -#define SYS_ENTER_LSETXATTR 978 -#define SYS_EXIT_LSETXATTR 977 -#define SYS_ENTER_FSETXATTR 976 -#define SYS_EXIT_FSETXATTR 975 -#define SYS_ENTER_GETXATTRAT 974 -#define SYS_EXIT_GETXATTRAT 973 -#define SYS_ENTER_GETXATTR 972 -#define SYS_EXIT_GETXATTR 971 -#define SYS_ENTER_LGETXATTR 970 -#define SYS_EXIT_LGETXATTR 969 -#define SYS_ENTER_FGETXATTR 968 -#define SYS_EXIT_FGETXATTR 967 -#define SYS_ENTER_LISTXATTRAT 966 -#define SYS_EXIT_LISTXATTRAT 965 -#define SYS_ENTER_LISTXATTR 964 -#define SYS_EXIT_LISTXATTR 963 -#define SYS_ENTER_LLISTXATTR 962 -#define SYS_EXIT_LLISTXATTR 961 -#define SYS_ENTER_FLISTXATTR 960 -#define SYS_EXIT_FLISTXATTR 959 -#define SYS_ENTER_REMOVEXATTRAT 958 -#define SYS_EXIT_REMOVEXATTRAT 957 -#define SYS_ENTER_REMOVEXATTR 956 -#define SYS_EXIT_REMOVEXATTR 955 -#define SYS_ENTER_LREMOVEXATTR 954 -#define SYS_EXIT_LREMOVEXATTR 953 -#define SYS_ENTER_FREMOVEXATTR 952 -#define SYS_EXIT_FREMOVEXATTR 951 -#define SYS_ENTER_OPEN_TREE 948 -#define SYS_EXIT_OPEN_TREE 947 -#define SYS_ENTER_MOUNT_SETATTR 938 -#define SYS_EXIT_MOUNT_SETATTR 937 -#define SYS_ENTER_OPEN_TREE_ATTR 936 -#define SYS_EXIT_OPEN_TREE_ATTR 935 -#define SYS_ENTER_CLOSE_RANGE 928 -#define SYS_EXIT_CLOSE_RANGE 927 -#define SYS_ENTER_DUP3 926 -#define SYS_EXIT_DUP3 925 -#define SYS_ENTER_DUP2 924 -#define SYS_EXIT_DUP2 923 -#define SYS_ENTER_DUP 922 -#define SYS_EXIT_DUP 921 -#define SYS_ENTER_GETDENTS 908 -#define SYS_EXIT_GETDENTS 907 -#define SYS_ENTER_GETDENTS64 906 -#define SYS_EXIT_GETDENTS64 905 -#define SYS_ENTER_IOCTL 904 -#define SYS_EXIT_IOCTL 903 -#define SYS_ENTER_FCNTL 902 -#define SYS_EXIT_FCNTL 901 -#define SYS_ENTER_MKDIRAT 896 -#define SYS_EXIT_MKDIRAT 895 -#define SYS_ENTER_MKDIR 894 -#define SYS_EXIT_MKDIR 893 -#define SYS_ENTER_RMDIR 892 -#define SYS_EXIT_RMDIR 891 -#define SYS_ENTER_UNLINKAT 890 -#define SYS_EXIT_UNLINKAT 889 -#define SYS_ENTER_UNLINK 888 -#define SYS_EXIT_UNLINK 887 -#define SYS_ENTER_SYMLINKAT 886 -#define SYS_EXIT_SYMLINKAT 885 -#define SYS_ENTER_SYMLINK 884 -#define SYS_EXIT_SYMLINK 883 -#define SYS_ENTER_LINKAT 882 -#define SYS_EXIT_LINKAT 881 -#define SYS_ENTER_LINK 880 -#define SYS_EXIT_LINK 879 -#define SYS_ENTER_RENAMEAT2 878 -#define SYS_EXIT_RENAMEAT2 877 -#define SYS_ENTER_RENAMEAT 876 -#define SYS_EXIT_RENAMEAT 875 -#define SYS_ENTER_RENAME 874 -#define SYS_EXIT_RENAME 873 -#define SYS_ENTER_NEWSTAT 864 -#define SYS_EXIT_NEWSTAT 863 -#define SYS_ENTER_NEWLSTAT 862 -#define SYS_EXIT_NEWLSTAT 861 -#define SYS_ENTER_NEWFSTATAT 860 -#define SYS_EXIT_NEWFSTATAT 859 -#define SYS_ENTER_NEWFSTAT 858 -#define SYS_EXIT_NEWFSTAT 857 -#define SYS_ENTER_READLINKAT 856 -#define SYS_EXIT_READLINKAT 855 -#define SYS_ENTER_READLINK 854 -#define SYS_EXIT_READLINK 853 -#define SYS_ENTER_STATX 852 -#define SYS_EXIT_STATX 851 -#define SYS_ENTER_LSEEK 850 -#define SYS_EXIT_LSEEK 849 -#define SYS_ENTER_READ 848 -#define SYS_EXIT_READ 847 -#define SYS_ENTER_WRITE 846 -#define SYS_EXIT_WRITE 845 -#define SYS_ENTER_PREAD64 844 -#define SYS_EXIT_PREAD64 843 -#define SYS_ENTER_PWRITE64 842 -#define SYS_EXIT_PWRITE64 841 -#define SYS_ENTER_READV 840 -#define SYS_EXIT_READV 839 -#define SYS_ENTER_WRITEV 838 -#define SYS_EXIT_WRITEV 837 -#define SYS_ENTER_PREADV 836 -#define SYS_EXIT_PREADV 835 -#define SYS_ENTER_PREADV2 834 -#define SYS_EXIT_PREADV2 833 -#define SYS_ENTER_PWRITEV 832 -#define SYS_EXIT_PWRITEV 831 -#define SYS_ENTER_PWRITEV2 830 -#define SYS_EXIT_PWRITEV2 829 -#define SYS_ENTER_COPY_FILE_RANGE 826 -#define SYS_EXIT_COPY_FILE_RANGE 825 -#define SYS_ENTER_TRUNCATE 824 -#define SYS_EXIT_TRUNCATE 823 -#define SYS_ENTER_FTRUNCATE 822 -#define SYS_EXIT_FTRUNCATE 821 -#define SYS_ENTER_FALLOCATE 820 -#define SYS_EXIT_FALLOCATE 819 -#define SYS_ENTER_FACCESSAT 818 -#define SYS_EXIT_FACCESSAT 817 -#define SYS_ENTER_FACCESSAT2 816 -#define SYS_EXIT_FACCESSAT2 815 -#define SYS_ENTER_ACCESS 814 -#define SYS_EXIT_ACCESS 813 -#define SYS_ENTER_CHDIR 812 -#define SYS_EXIT_CHDIR 811 -#define SYS_ENTER_FCHDIR 810 -#define SYS_EXIT_FCHDIR 809 -#define SYS_ENTER_CHROOT 808 -#define SYS_EXIT_CHROOT 807 -#define SYS_ENTER_FCHMOD 806 -#define SYS_EXIT_FCHMOD 805 -#define SYS_ENTER_FCHMODAT2 804 -#define SYS_EXIT_FCHMODAT2 803 -#define SYS_ENTER_FCHMODAT 802 -#define SYS_EXIT_FCHMODAT 801 -#define SYS_ENTER_CHMOD 800 -#define SYS_EXIT_CHMOD 799 -#define SYS_ENTER_FCHOWNAT 798 -#define SYS_EXIT_FCHOWNAT 797 -#define SYS_ENTER_CHOWN 796 -#define SYS_EXIT_CHOWN 795 -#define SYS_ENTER_LCHOWN 794 -#define SYS_EXIT_LCHOWN 793 -#define SYS_ENTER_FCHOWN 792 -#define SYS_EXIT_FCHOWN 791 -#define SYS_ENTER_OPEN 790 -#define SYS_EXIT_OPEN 789 -#define SYS_ENTER_OPENAT 788 -#define SYS_EXIT_OPENAT 787 -#define SYS_ENTER_OPENAT2 786 -#define SYS_EXIT_OPENAT2 785 -#define SYS_ENTER_CREAT 784 -#define SYS_EXIT_CREAT 783 -#define SYS_ENTER_CLOSE 782 -#define SYS_EXIT_CLOSE 781 -#define SYS_ENTER_MSYNC 710 -#define SYS_EXIT_MSYNC 709 + +#define SYS_ENTER_SOCKET 1847 +#define SYS_EXIT_SOCKET 1846 +#define SYS_ENTER_SOCKETPAIR 1845 +#define SYS_EXIT_SOCKETPAIR 1844 +#define SYS_ENTER_BIND 1843 +#define SYS_EXIT_BIND 1842 +#define SYS_ENTER_LISTEN 1841 +#define SYS_EXIT_LISTEN 1840 +#define SYS_ENTER_ACCEPT4 1839 +#define SYS_EXIT_ACCEPT4 1838 +#define SYS_ENTER_ACCEPT 1837 +#define SYS_EXIT_ACCEPT 1836 +#define SYS_ENTER_CONNECT 1835 +#define SYS_EXIT_CONNECT 1834 +#define SYS_ENTER_GETSOCKNAME 1833 +#define SYS_EXIT_GETSOCKNAME 1832 +#define SYS_ENTER_GETPEERNAME 1831 +#define SYS_EXIT_GETPEERNAME 1830 +#define SYS_ENTER_SENDTO 1829 +#define SYS_EXIT_SENDTO 1828 +#define SYS_ENTER_RECVFROM 1827 +#define SYS_EXIT_RECVFROM 1826 +#define SYS_ENTER_SETSOCKOPT 1825 +#define SYS_EXIT_SETSOCKOPT 1824 +#define SYS_ENTER_GETSOCKOPT 1823 +#define SYS_EXIT_GETSOCKOPT 1822 +#define SYS_ENTER_SHUTDOWN 1821 +#define SYS_EXIT_SHUTDOWN 1820 +#define SYS_ENTER_SENDMSG 1819 +#define SYS_EXIT_SENDMSG 1818 +#define SYS_ENTER_SENDMMSG 1817 +#define SYS_EXIT_SENDMMSG 1816 +#define SYS_ENTER_RECVMSG 1815 +#define SYS_EXIT_RECVMSG 1814 +#define SYS_ENTER_RECVMMSG 1813 +#define SYS_EXIT_RECVMMSG 1812 +#define SYS_ENTER_GETRANDOM 1575 +#define SYS_EXIT_GETRANDOM 1574 +#define SYS_ENTER_IO_URING_REGISTER 1528 +#define SYS_EXIT_IO_URING_REGISTER 1527 +#define SYS_ENTER_IO_URING_ENTER 1509 +#define SYS_EXIT_IO_URING_ENTER 1508 +#define SYS_ENTER_IO_URING_SETUP 1507 +#define SYS_EXIT_IO_URING_SETUP 1506 +#define SYS_ENTER_IOPRIO_SET 1491 +#define SYS_EXIT_IOPRIO_SET 1490 +#define SYS_ENTER_IOPRIO_GET 1489 +#define SYS_EXIT_IOPRIO_GET 1488 +#define SYS_ENTER_LANDLOCK_CREATE_RULESET 1463 +#define SYS_EXIT_LANDLOCK_CREATE_RULESET 1462 +#define SYS_ENTER_LANDLOCK_ADD_RULE 1461 +#define SYS_EXIT_LANDLOCK_ADD_RULE 1460 +#define SYS_ENTER_LANDLOCK_RESTRICT_SELF 1459 +#define SYS_EXIT_LANDLOCK_RESTRICT_SELF 1458 +#define SYS_ENTER_LSM_SET_SELF_ATTR 1456 +#define SYS_EXIT_LSM_SET_SELF_ATTR 1455 +#define SYS_ENTER_LSM_GET_SELF_ATTR 1454 +#define SYS_EXIT_LSM_GET_SELF_ATTR 1453 +#define SYS_ENTER_LSM_LIST_MODULES 1452 +#define SYS_EXIT_LSM_LIST_MODULES 1451 +#define SYS_ENTER_ADD_KEY 1449 +#define SYS_EXIT_ADD_KEY 1448 +#define SYS_ENTER_REQUEST_KEY 1447 +#define SYS_EXIT_REQUEST_KEY 1446 +#define SYS_ENTER_KEYCTL 1445 +#define SYS_EXIT_KEYCTL 1444 +#define SYS_ENTER_MQ_OPEN 1443 +#define SYS_EXIT_MQ_OPEN 1442 +#define SYS_ENTER_MQ_UNLINK 1441 +#define SYS_EXIT_MQ_UNLINK 1440 +#define SYS_ENTER_MQ_TIMEDSEND 1439 +#define SYS_EXIT_MQ_TIMEDSEND 1438 +#define SYS_ENTER_MQ_TIMEDRECEIVE 1437 +#define SYS_EXIT_MQ_TIMEDRECEIVE 1436 +#define SYS_ENTER_MQ_NOTIFY 1435 +#define SYS_EXIT_MQ_NOTIFY 1434 +#define SYS_ENTER_MQ_GETSETATTR 1433 +#define SYS_EXIT_MQ_GETSETATTR 1432 +#define SYS_ENTER_SHMGET 1431 +#define SYS_EXIT_SHMGET 1430 +#define SYS_ENTER_SHMCTL 1429 +#define SYS_EXIT_SHMCTL 1428 +#define SYS_ENTER_SHMAT 1427 +#define SYS_EXIT_SHMAT 1426 +#define SYS_ENTER_SHMDT 1425 +#define SYS_EXIT_SHMDT 1424 +#define SYS_ENTER_SEMGET 1423 +#define SYS_EXIT_SEMGET 1422 +#define SYS_ENTER_SEMCTL 1421 +#define SYS_EXIT_SEMCTL 1420 +#define SYS_ENTER_SEMTIMEDOP 1419 +#define SYS_EXIT_SEMTIMEDOP 1418 +#define SYS_ENTER_SEMOP 1417 +#define SYS_EXIT_SEMOP 1416 +#define SYS_ENTER_MSGGET 1415 +#define SYS_EXIT_MSGGET 1414 +#define SYS_ENTER_MSGCTL 1413 +#define SYS_EXIT_MSGCTL 1412 +#define SYS_ENTER_MSGSND 1411 +#define SYS_EXIT_MSGSND 1410 +#define SYS_ENTER_MSGRCV 1409 +#define SYS_EXIT_MSGRCV 1408 +#define SYS_ENTER_QUOTACTL 1164 +#define SYS_EXIT_QUOTACTL 1163 +#define SYS_ENTER_QUOTACTL_FD 1162 +#define SYS_EXIT_QUOTACTL_FD 1161 +#define SYS_ENTER_NAME_TO_HANDLE_AT 1146 +#define SYS_EXIT_NAME_TO_HANDLE_AT 1145 +#define SYS_ENTER_OPEN_BY_HANDLE_AT 1144 +#define SYS_EXIT_OPEN_BY_HANDLE_AT 1143 +#define SYS_ENTER_FLOCK 1130 +#define SYS_EXIT_FLOCK 1129 +#define SYS_ENTER_IO_SETUP 1111 +#define SYS_EXIT_IO_SETUP 1110 +#define SYS_ENTER_IO_DESTROY 1109 +#define SYS_EXIT_IO_DESTROY 1108 +#define SYS_ENTER_IO_SUBMIT 1107 +#define SYS_EXIT_IO_SUBMIT 1106 +#define SYS_ENTER_IO_CANCEL 1105 +#define SYS_EXIT_IO_CANCEL 1104 +#define SYS_ENTER_IO_GETEVENTS 1103 +#define SYS_EXIT_IO_GETEVENTS 1102 +#define SYS_ENTER_IO_PGETEVENTS 1101 +#define SYS_EXIT_IO_PGETEVENTS 1100 +#define SYS_ENTER_USERFAULTFD 1099 +#define SYS_EXIT_USERFAULTFD 1098 +#define SYS_ENTER_EVENTFD2 1097 +#define SYS_EXIT_EVENTFD2 1096 +#define SYS_ENTER_EVENTFD 1095 +#define SYS_EXIT_EVENTFD 1094 +#define SYS_ENTER_TIMERFD_CREATE 1093 +#define SYS_EXIT_TIMERFD_CREATE 1092 +#define SYS_ENTER_TIMERFD_SETTIME 1091 +#define SYS_EXIT_TIMERFD_SETTIME 1090 +#define SYS_ENTER_TIMERFD_GETTIME 1089 +#define SYS_EXIT_TIMERFD_GETTIME 1088 +#define SYS_ENTER_SIGNALFD4 1087 +#define SYS_EXIT_SIGNALFD4 1086 +#define SYS_ENTER_SIGNALFD 1085 +#define SYS_EXIT_SIGNALFD 1084 +#define SYS_ENTER_EPOLL_CREATE1 1083 +#define SYS_EXIT_EPOLL_CREATE1 1082 +#define SYS_ENTER_EPOLL_CREATE 1081 +#define SYS_EXIT_EPOLL_CREATE 1080 +#define SYS_ENTER_EPOLL_CTL 1079 +#define SYS_EXIT_EPOLL_CTL 1078 +#define SYS_ENTER_EPOLL_WAIT 1077 +#define SYS_EXIT_EPOLL_WAIT 1076 +#define SYS_ENTER_EPOLL_PWAIT 1075 +#define SYS_EXIT_EPOLL_PWAIT 1074 +#define SYS_ENTER_EPOLL_PWAIT2 1073 +#define SYS_EXIT_EPOLL_PWAIT2 1072 +#define SYS_ENTER_FANOTIFY_INIT 1071 +#define SYS_EXIT_FANOTIFY_INIT 1070 +#define SYS_ENTER_FANOTIFY_MARK 1069 +#define SYS_EXIT_FANOTIFY_MARK 1068 +#define SYS_ENTER_INOTIFY_INIT1 1067 +#define SYS_EXIT_INOTIFY_INIT1 1066 +#define SYS_ENTER_INOTIFY_INIT 1065 +#define SYS_EXIT_INOTIFY_INIT 1064 +#define SYS_ENTER_INOTIFY_ADD_WATCH 1063 +#define SYS_EXIT_INOTIFY_ADD_WATCH 1062 +#define SYS_ENTER_INOTIFY_RM_WATCH 1061 +#define SYS_EXIT_INOTIFY_RM_WATCH 1060 +#define SYS_ENTER_FILE_GETATTR 1059 +#define SYS_EXIT_FILE_GETATTR 1058 +#define SYS_ENTER_FILE_SETATTR 1057 +#define SYS_EXIT_FILE_SETATTR 1056 +#define SYS_ENTER_FSOPEN 1055 +#define SYS_EXIT_FSOPEN 1054 +#define SYS_ENTER_FSPICK 1053 +#define SYS_EXIT_FSPICK 1052 +#define SYS_ENTER_FSCONFIG 1051 +#define SYS_EXIT_FSCONFIG 1050 +#define SYS_ENTER_STATFS 1049 +#define SYS_EXIT_STATFS 1048 +#define SYS_ENTER_FSTATFS 1047 +#define SYS_EXIT_FSTATFS 1046 +#define SYS_ENTER_USTAT 1045 +#define SYS_EXIT_USTAT 1044 +#define SYS_ENTER_GETCWD 1043 +#define SYS_EXIT_GETCWD 1042 +#define SYS_ENTER_UTIMENSAT 1041 +#define SYS_EXIT_UTIMENSAT 1040 +#define SYS_ENTER_FUTIMESAT 1039 +#define SYS_EXIT_FUTIMESAT 1038 +#define SYS_ENTER_UTIMES 1037 +#define SYS_EXIT_UTIMES 1036 +#define SYS_ENTER_UTIME 1035 +#define SYS_EXIT_UTIME 1034 +#define SYS_ENTER_SYNC 1033 +#define SYS_EXIT_SYNC 1032 +#define SYS_ENTER_SYNCFS 1031 +#define SYS_EXIT_SYNCFS 1030 +#define SYS_ENTER_FSYNC 1029 +#define SYS_EXIT_FSYNC 1028 +#define SYS_ENTER_FDATASYNC 1027 +#define SYS_EXIT_FDATASYNC 1026 +#define SYS_ENTER_SYNC_FILE_RANGE 1025 +#define SYS_EXIT_SYNC_FILE_RANGE 1024 +#define SYS_ENTER_VMSPLICE 1023 +#define SYS_EXIT_VMSPLICE 1022 +#define SYS_ENTER_SPLICE 1021 +#define SYS_EXIT_SPLICE 1020 +#define SYS_ENTER_TEE 1019 +#define SYS_EXIT_TEE 1018 +#define SYS_ENTER_SETXATTRAT 985 +#define SYS_EXIT_SETXATTRAT 984 +#define SYS_ENTER_SETXATTR 983 +#define SYS_EXIT_SETXATTR 982 +#define SYS_ENTER_LSETXATTR 981 +#define SYS_EXIT_LSETXATTR 980 +#define SYS_ENTER_FSETXATTR 979 +#define SYS_EXIT_FSETXATTR 978 +#define SYS_ENTER_GETXATTRAT 977 +#define SYS_EXIT_GETXATTRAT 976 +#define SYS_ENTER_GETXATTR 975 +#define SYS_EXIT_GETXATTR 974 +#define SYS_ENTER_LGETXATTR 973 +#define SYS_EXIT_LGETXATTR 972 +#define SYS_ENTER_FGETXATTR 971 +#define SYS_EXIT_FGETXATTR 970 +#define SYS_ENTER_LISTXATTRAT 969 +#define SYS_EXIT_LISTXATTRAT 968 +#define SYS_ENTER_LISTXATTR 967 +#define SYS_EXIT_LISTXATTR 966 +#define SYS_ENTER_LLISTXATTR 965 +#define SYS_EXIT_LLISTXATTR 964 +#define SYS_ENTER_FLISTXATTR 963 +#define SYS_EXIT_FLISTXATTR 962 +#define SYS_ENTER_REMOVEXATTRAT 961 +#define SYS_EXIT_REMOVEXATTRAT 960 +#define SYS_ENTER_REMOVEXATTR 959 +#define SYS_EXIT_REMOVEXATTR 958 +#define SYS_ENTER_LREMOVEXATTR 957 +#define SYS_EXIT_LREMOVEXATTR 956 +#define SYS_ENTER_FREMOVEXATTR 955 +#define SYS_EXIT_FREMOVEXATTR 954 +#define SYS_ENTER_UMOUNT 953 +#define SYS_EXIT_UMOUNT 952 +#define SYS_ENTER_OPEN_TREE 951 +#define SYS_EXIT_OPEN_TREE 950 +#define SYS_ENTER_MOUNT 949 +#define SYS_EXIT_MOUNT 948 +#define SYS_ENTER_FSMOUNT 947 +#define SYS_EXIT_FSMOUNT 946 +#define SYS_ENTER_MOVE_MOUNT 945 +#define SYS_EXIT_MOVE_MOUNT 944 +#define SYS_ENTER_PIVOT_ROOT 943 +#define SYS_EXIT_PIVOT_ROOT 942 +#define SYS_ENTER_MOUNT_SETATTR 941 +#define SYS_EXIT_MOUNT_SETATTR 940 +#define SYS_ENTER_OPEN_TREE_ATTR 939 +#define SYS_EXIT_OPEN_TREE_ATTR 938 +#define SYS_ENTER_STATMOUNT 937 +#define SYS_EXIT_STATMOUNT 936 +#define SYS_ENTER_LISTMOUNT 935 +#define SYS_EXIT_LISTMOUNT 934 +#define SYS_ENTER_SYSFS 933 +#define SYS_EXIT_SYSFS 932 +#define SYS_ENTER_CLOSE_RANGE 931 +#define SYS_EXIT_CLOSE_RANGE 930 +#define SYS_ENTER_DUP3 929 +#define SYS_EXIT_DUP3 928 +#define SYS_ENTER_DUP2 927 +#define SYS_EXIT_DUP2 926 +#define SYS_ENTER_DUP 925 +#define SYS_EXIT_DUP 924 +#define SYS_ENTER_SELECT 919 +#define SYS_EXIT_SELECT 918 +#define SYS_ENTER_PSELECT6 917 +#define SYS_EXIT_PSELECT6 916 +#define SYS_ENTER_POLL 915 +#define SYS_EXIT_POLL 914 +#define SYS_ENTER_PPOLL 913 +#define SYS_EXIT_PPOLL 912 +#define SYS_ENTER_GETDENTS 911 +#define SYS_EXIT_GETDENTS 910 +#define SYS_ENTER_GETDENTS64 909 +#define SYS_EXIT_GETDENTS64 908 +#define SYS_ENTER_IOCTL 907 +#define SYS_EXIT_IOCTL 906 +#define SYS_ENTER_FCNTL 905 +#define SYS_EXIT_FCNTL 904 +#define SYS_ENTER_MKNODAT 903 +#define SYS_EXIT_MKNODAT 902 +#define SYS_ENTER_MKNOD 901 +#define SYS_EXIT_MKNOD 900 +#define SYS_ENTER_MKDIRAT 899 +#define SYS_EXIT_MKDIRAT 898 +#define SYS_ENTER_MKDIR 897 +#define SYS_EXIT_MKDIR 896 +#define SYS_ENTER_RMDIR 895 +#define SYS_EXIT_RMDIR 894 +#define SYS_ENTER_UNLINKAT 893 +#define SYS_EXIT_UNLINKAT 892 +#define SYS_ENTER_UNLINK 891 +#define SYS_EXIT_UNLINK 890 +#define SYS_ENTER_SYMLINKAT 889 +#define SYS_EXIT_SYMLINKAT 888 +#define SYS_ENTER_SYMLINK 887 +#define SYS_EXIT_SYMLINK 886 +#define SYS_ENTER_LINKAT 885 +#define SYS_EXIT_LINKAT 884 +#define SYS_ENTER_LINK 883 +#define SYS_EXIT_LINK 882 +#define SYS_ENTER_RENAMEAT2 881 +#define SYS_EXIT_RENAMEAT2 880 +#define SYS_ENTER_RENAMEAT 879 +#define SYS_EXIT_RENAMEAT 878 +#define SYS_ENTER_RENAME 877 +#define SYS_EXIT_RENAME 876 +#define SYS_ENTER_PIPE2 875 +#define SYS_EXIT_PIPE2 874 +#define SYS_ENTER_PIPE 873 +#define SYS_EXIT_PIPE 872 +#define SYS_ENTER_EXECVE 871 +#define SYS_EXIT_EXECVE 870 +#define SYS_ENTER_EXECVEAT 869 +#define SYS_EXIT_EXECVEAT 868 +#define SYS_ENTER_NEWSTAT 867 +#define SYS_EXIT_NEWSTAT 866 +#define SYS_ENTER_NEWLSTAT 865 +#define SYS_EXIT_NEWLSTAT 864 +#define SYS_ENTER_NEWFSTATAT 863 +#define SYS_EXIT_NEWFSTATAT 862 +#define SYS_ENTER_NEWFSTAT 861 +#define SYS_EXIT_NEWFSTAT 860 +#define SYS_ENTER_READLINKAT 859 +#define SYS_EXIT_READLINKAT 858 +#define SYS_ENTER_READLINK 857 +#define SYS_EXIT_READLINK 856 +#define SYS_ENTER_STATX 855 +#define SYS_EXIT_STATX 854 +#define SYS_ENTER_LSEEK 853 +#define SYS_EXIT_LSEEK 852 +#define SYS_ENTER_READ 851 +#define SYS_EXIT_READ 850 +#define SYS_ENTER_WRITE 849 +#define SYS_EXIT_WRITE 848 +#define SYS_ENTER_PREAD64 847 +#define SYS_EXIT_PREAD64 846 +#define SYS_ENTER_PWRITE64 845 +#define SYS_EXIT_PWRITE64 844 +#define SYS_ENTER_READV 843 +#define SYS_EXIT_READV 842 +#define SYS_ENTER_WRITEV 841 +#define SYS_EXIT_WRITEV 840 +#define SYS_ENTER_PREADV 839 +#define SYS_EXIT_PREADV 838 +#define SYS_ENTER_PREADV2 837 +#define SYS_EXIT_PREADV2 836 +#define SYS_ENTER_PWRITEV 835 +#define SYS_EXIT_PWRITEV 834 +#define SYS_ENTER_PWRITEV2 833 +#define SYS_EXIT_PWRITEV2 832 +#define SYS_ENTER_SENDFILE64 831 +#define SYS_EXIT_SENDFILE64 830 +#define SYS_ENTER_COPY_FILE_RANGE 829 +#define SYS_EXIT_COPY_FILE_RANGE 828 +#define SYS_ENTER_TRUNCATE 827 +#define SYS_EXIT_TRUNCATE 826 +#define SYS_ENTER_FTRUNCATE 825 +#define SYS_EXIT_FTRUNCATE 824 +#define SYS_ENTER_FALLOCATE 823 +#define SYS_EXIT_FALLOCATE 822 +#define SYS_ENTER_FACCESSAT 821 +#define SYS_EXIT_FACCESSAT 820 +#define SYS_ENTER_FACCESSAT2 819 +#define SYS_EXIT_FACCESSAT2 818 +#define SYS_ENTER_ACCESS 817 +#define SYS_EXIT_ACCESS 816 +#define SYS_ENTER_CHDIR 815 +#define SYS_EXIT_CHDIR 814 +#define SYS_ENTER_FCHDIR 813 +#define SYS_EXIT_FCHDIR 812 +#define SYS_ENTER_CHROOT 811 +#define SYS_EXIT_CHROOT 810 +#define SYS_ENTER_FCHMOD 809 +#define SYS_EXIT_FCHMOD 808 +#define SYS_ENTER_FCHMODAT2 807 +#define SYS_EXIT_FCHMODAT2 806 +#define SYS_ENTER_FCHMODAT 805 +#define SYS_EXIT_FCHMODAT 804 +#define SYS_ENTER_CHMOD 803 +#define SYS_EXIT_CHMOD 802 +#define SYS_ENTER_FCHOWNAT 801 +#define SYS_EXIT_FCHOWNAT 800 +#define SYS_ENTER_CHOWN 799 +#define SYS_EXIT_CHOWN 798 +#define SYS_ENTER_LCHOWN 797 +#define SYS_EXIT_LCHOWN 796 +#define SYS_ENTER_FCHOWN 795 +#define SYS_EXIT_FCHOWN 794 +#define SYS_ENTER_OPEN 793 +#define SYS_EXIT_OPEN 792 +#define SYS_ENTER_OPENAT 791 +#define SYS_EXIT_OPENAT 790 +#define SYS_ENTER_OPENAT2 789 +#define SYS_EXIT_OPENAT2 788 +#define SYS_ENTER_CREAT 787 +#define SYS_EXIT_CREAT 786 +#define SYS_ENTER_CLOSE 785 +#define SYS_EXIT_CLOSE 784 +#define SYS_ENTER_VHANGUP 783 +#define SYS_EXIT_VHANGUP 782 +#define SYS_ENTER_MEMFD_CREATE 781 +#define SYS_EXIT_MEMFD_CREATE 780 +#define SYS_ENTER_MEMFD_SECRET 774 +#define SYS_EXIT_MEMFD_SECRET 773 +#define SYS_ENTER_MOVE_PAGES 754 +#define SYS_EXIT_MOVE_PAGES 753 +#define SYS_ENTER_SET_MEMPOLICY_HOME_NODE 743 +#define SYS_EXIT_SET_MEMPOLICY_HOME_NODE 742 +#define SYS_ENTER_MBIND 741 +#define SYS_EXIT_MBIND 740 +#define SYS_ENTER_SET_MEMPOLICY 739 +#define SYS_EXIT_SET_MEMPOLICY 738 +#define SYS_ENTER_MIGRATE_PAGES 737 +#define SYS_EXIT_MIGRATE_PAGES 736 +#define SYS_ENTER_GET_MEMPOLICY 735 +#define SYS_EXIT_GET_MEMPOLICY 734 +#define SYS_ENTER_SWAPOFF 733 +#define SYS_EXIT_SWAPOFF 732 +#define SYS_ENTER_SWAPON 731 +#define SYS_EXIT_SWAPON 730 +#define SYS_ENTER_MADVISE 729 +#define SYS_EXIT_MADVISE 728 +#define SYS_ENTER_PROCESS_MADVISE 727 +#define SYS_EXIT_PROCESS_MADVISE 726 +#define SYS_ENTER_MSEAL 725 +#define SYS_EXIT_MSEAL 724 +#define SYS_ENTER_PROCESS_VM_READV 723 +#define SYS_EXIT_PROCESS_VM_READV 722 +#define SYS_ENTER_PROCESS_VM_WRITEV 721 +#define SYS_EXIT_PROCESS_VM_WRITEV 720 +#define SYS_ENTER_MSYNC 712 +#define SYS_EXIT_MSYNC 711 +#define SYS_ENTER_MREMAP 710 +#define SYS_EXIT_MREMAP 709 +#define SYS_ENTER_MPROTECT 708 +#define SYS_EXIT_MPROTECT 707 +#define SYS_ENTER_PKEY_MPROTECT 706 +#define SYS_EXIT_PKEY_MPROTECT 705 +#define SYS_ENTER_PKEY_ALLOC 704 +#define SYS_EXIT_PKEY_ALLOC 703 +#define SYS_ENTER_PKEY_FREE 702 +#define SYS_EXIT_PKEY_FREE 701 +#define SYS_ENTER_BRK 698 +#define SYS_EXIT_BRK 697 +#define SYS_ENTER_MUNMAP 696 +#define SYS_EXIT_MUNMAP 695 +#define SYS_ENTER_REMAP_FILE_PAGES 694 +#define SYS_EXIT_REMAP_FILE_PAGES 693 +#define SYS_ENTER_MLOCK 692 +#define SYS_EXIT_MLOCK 691 +#define SYS_ENTER_MLOCK2 690 +#define SYS_EXIT_MLOCK2 689 +#define SYS_ENTER_MUNLOCK 688 +#define SYS_EXIT_MUNLOCK 687 +#define SYS_ENTER_MLOCKALL 686 +#define SYS_EXIT_MLOCKALL 685 +#define SYS_ENTER_MUNLOCKALL 684 +#define SYS_EXIT_MUNLOCKALL 683 +#define SYS_ENTER_MINCORE 682 +#define SYS_EXIT_MINCORE 681 #define SYS_ENTER_READAHEAD 616 #define SYS_EXIT_READAHEAD 615 #define SYS_ENTER_FADVISE64 614 #define SYS_EXIT_FADVISE64 613 +#define SYS_ENTER_PROCESS_MRELEASE 604 +#define SYS_EXIT_PROCESS_MRELEASE 603 #define SYS_ENTER_CACHESTAT 595 #define SYS_EXIT_CACHESTAT 594 +#define SYS_ENTER_RSEQ 591 +#define SYS_EXIT_RSEQ 590 +#define SYS_ENTER_PERF_EVENT_OPEN 587 +#define SYS_EXIT_PERF_EVENT_OPEN 586 +#define SYS_ENTER_BPF 585 +#define SYS_EXIT_BPF 584 +#define SYS_ENTER_SECCOMP 526 +#define SYS_EXIT_SECCOMP 525 +#define SYS_ENTER_KEXEC_FILE_LOAD 508 +#define SYS_EXIT_KEXEC_FILE_LOAD 507 +#define SYS_ENTER_KEXEC_LOAD 506 +#define SYS_EXIT_KEXEC_LOAD 505 +#define SYS_ENTER_ACCT 504 +#define SYS_EXIT_ACCT 503 +#define SYS_ENTER_SET_ROBUST_LIST 499 +#define SYS_EXIT_SET_ROBUST_LIST 498 +#define SYS_ENTER_GET_ROBUST_LIST 497 +#define SYS_EXIT_GET_ROBUST_LIST 496 +#define SYS_ENTER_FUTEX 495 +#define SYS_EXIT_FUTEX 494 +#define SYS_ENTER_FUTEX_WAITV 493 +#define SYS_EXIT_FUTEX_WAITV 492 +#define SYS_ENTER_FUTEX_WAKE 491 +#define SYS_EXIT_FUTEX_WAKE 490 +#define SYS_ENTER_FUTEX_WAIT 489 +#define SYS_EXIT_FUTEX_WAIT 488 +#define SYS_ENTER_FUTEX_REQUEUE 487 +#define SYS_EXIT_FUTEX_REQUEUE 486 +#define SYS_ENTER_GETITIMER 471 +#define SYS_EXIT_GETITIMER 470 +#define SYS_ENTER_ALARM 469 +#define SYS_EXIT_ALARM 468 +#define SYS_ENTER_SETITIMER 467 +#define SYS_EXIT_SETITIMER 466 +#define SYS_ENTER_TIMER_CREATE 465 +#define SYS_EXIT_TIMER_CREATE 464 +#define SYS_ENTER_TIMER_GETTIME 463 +#define SYS_EXIT_TIMER_GETTIME 462 +#define SYS_ENTER_TIMER_GETOVERRUN 461 +#define SYS_EXIT_TIMER_GETOVERRUN 460 +#define SYS_ENTER_TIMER_SETTIME 459 +#define SYS_EXIT_TIMER_SETTIME 458 +#define SYS_ENTER_TIMER_DELETE 457 +#define SYS_EXIT_TIMER_DELETE 456 +#define SYS_ENTER_CLOCK_SETTIME 455 +#define SYS_EXIT_CLOCK_SETTIME 454 +#define SYS_ENTER_CLOCK_GETTIME 453 +#define SYS_EXIT_CLOCK_GETTIME 452 +#define SYS_ENTER_CLOCK_ADJTIME 451 +#define SYS_EXIT_CLOCK_ADJTIME 450 +#define SYS_ENTER_CLOCK_GETRES 449 +#define SYS_EXIT_CLOCK_GETRES 448 +#define SYS_ENTER_CLOCK_NANOSLEEP 447 +#define SYS_EXIT_CLOCK_NANOSLEEP 446 +#define SYS_ENTER_NANOSLEEP 441 +#define SYS_EXIT_NANOSLEEP 440 +#define SYS_ENTER_TIME 425 +#define SYS_EXIT_TIME 424 +#define SYS_ENTER_GETTIMEOFDAY 423 +#define SYS_EXIT_GETTIMEOFDAY 422 +#define SYS_ENTER_SETTIMEOFDAY 421 +#define SYS_EXIT_SETTIMEOFDAY 420 +#define SYS_ENTER_ADJTIMEX 419 +#define SYS_EXIT_ADJTIMEX 418 +#define SYS_ENTER_KCMP 417 +#define SYS_EXIT_KCMP 416 +#define SYS_ENTER_DELETE_MODULE 410 +#define SYS_EXIT_DELETE_MODULE 409 +#define SYS_ENTER_INIT_MODULE 408 +#define SYS_EXIT_INIT_MODULE 407 #define SYS_ENTER_FINIT_MODULE 406 #define SYS_EXIT_FINIT_MODULE 405 #define SYS_ENTER_SYSLOG 350 #define SYS_EXIT_SYSLOG 349 +#define SYS_ENTER_MEMBARRIER 346 +#define SYS_EXIT_MEMBARRIER 345 +#define SYS_ENTER_SCHED_SETSCHEDULER 341 +#define SYS_EXIT_SCHED_SETSCHEDULER 340 +#define SYS_ENTER_SCHED_SETPARAM 339 +#define SYS_EXIT_SCHED_SETPARAM 338 +#define SYS_ENTER_SCHED_SETATTR 337 +#define SYS_EXIT_SCHED_SETATTR 336 +#define SYS_ENTER_SCHED_GETSCHEDULER 335 +#define SYS_EXIT_SCHED_GETSCHEDULER 334 +#define SYS_ENTER_SCHED_GETPARAM 333 +#define SYS_EXIT_SCHED_GETPARAM 332 +#define SYS_ENTER_SCHED_GETATTR 331 +#define SYS_EXIT_SCHED_GETATTR 330 +#define SYS_ENTER_SCHED_SETAFFINITY 329 +#define SYS_EXIT_SCHED_SETAFFINITY 328 +#define SYS_ENTER_SCHED_GETAFFINITY 327 +#define SYS_EXIT_SCHED_GETAFFINITY 326 +#define SYS_ENTER_SCHED_YIELD 325 +#define SYS_EXIT_SCHED_YIELD 324 +#define SYS_ENTER_SCHED_GET_PRIORITY_MAX 323 +#define SYS_EXIT_SCHED_GET_PRIORITY_MAX 322 +#define SYS_ENTER_SCHED_GET_PRIORITY_MIN 321 +#define SYS_EXIT_SCHED_GET_PRIORITY_MIN 320 +#define SYS_ENTER_SCHED_RR_GET_INTERVAL 319 +#define SYS_EXIT_SCHED_RR_GET_INTERVAL 318 +#define SYS_ENTER_GETGROUPS 286 +#define SYS_EXIT_GETGROUPS 285 +#define SYS_ENTER_SETGROUPS 284 +#define SYS_EXIT_SETGROUPS 283 +#define SYS_ENTER_REBOOT 282 +#define SYS_EXIT_REBOOT 281 +#define SYS_ENTER_LISTNS 277 +#define SYS_EXIT_LISTNS 276 +#define SYS_ENTER_SETNS 275 +#define SYS_EXIT_SETNS 274 +#define SYS_ENTER_PIDFD_OPEN 273 +#define SYS_EXIT_PIDFD_OPEN 272 #define SYS_ENTER_PIDFD_GETFD 271 #define SYS_EXIT_PIDFD_GETFD 270 +#define SYS_ENTER_SETPRIORITY 265 +#define SYS_EXIT_SETPRIORITY 264 +#define SYS_ENTER_GETPRIORITY 263 +#define SYS_EXIT_GETPRIORITY 262 +#define SYS_ENTER_SETREGID 261 +#define SYS_EXIT_SETREGID 260 +#define SYS_ENTER_SETGID 259 +#define SYS_EXIT_SETGID 258 +#define SYS_ENTER_SETREUID 257 +#define SYS_EXIT_SETREUID 256 +#define SYS_ENTER_SETUID 255 +#define SYS_EXIT_SETUID 254 +#define SYS_ENTER_SETRESUID 253 +#define SYS_EXIT_SETRESUID 252 +#define SYS_ENTER_GETRESUID 251 +#define SYS_EXIT_GETRESUID 250 +#define SYS_ENTER_SETRESGID 249 +#define SYS_EXIT_SETRESGID 248 +#define SYS_ENTER_GETRESGID 247 +#define SYS_EXIT_GETRESGID 246 +#define SYS_ENTER_SETFSUID 245 +#define SYS_EXIT_SETFSUID 244 +#define SYS_ENTER_SETFSGID 243 +#define SYS_EXIT_SETFSGID 242 +#define SYS_ENTER_GETPID 241 +#define SYS_EXIT_GETPID 240 +#define SYS_ENTER_GETTID 239 +#define SYS_EXIT_GETTID 238 +#define SYS_ENTER_GETPPID 237 +#define SYS_EXIT_GETPPID 236 +#define SYS_ENTER_GETUID 235 +#define SYS_EXIT_GETUID 234 +#define SYS_ENTER_GETEUID 233 +#define SYS_EXIT_GETEUID 232 +#define SYS_ENTER_GETGID 231 +#define SYS_EXIT_GETGID 230 +#define SYS_ENTER_GETEGID 229 +#define SYS_EXIT_GETEGID 228 +#define SYS_ENTER_TIMES 227 +#define SYS_EXIT_TIMES 226 +#define SYS_ENTER_SETPGID 225 +#define SYS_EXIT_SETPGID 224 +#define SYS_ENTER_GETPGID 223 +#define SYS_EXIT_GETPGID 222 +#define SYS_ENTER_GETPGRP 221 +#define SYS_EXIT_GETPGRP 220 +#define SYS_ENTER_GETSID 219 +#define SYS_EXIT_GETSID 218 +#define SYS_ENTER_SETSID 217 +#define SYS_EXIT_SETSID 216 +#define SYS_ENTER_NEWUNAME 215 +#define SYS_EXIT_NEWUNAME 214 +#define SYS_ENTER_SETHOSTNAME 213 +#define SYS_EXIT_SETHOSTNAME 212 +#define SYS_ENTER_SETDOMAINNAME 211 +#define SYS_EXIT_SETDOMAINNAME 210 +#define SYS_ENTER_GETRLIMIT 209 +#define SYS_EXIT_GETRLIMIT 208 +#define SYS_ENTER_PRLIMIT64 207 +#define SYS_EXIT_PRLIMIT64 206 +#define SYS_ENTER_SETRLIMIT 205 +#define SYS_EXIT_SETRLIMIT 204 +#define SYS_ENTER_GETRUSAGE 203 +#define SYS_EXIT_GETRUSAGE 202 +#define SYS_ENTER_UMASK 201 +#define SYS_EXIT_UMASK 200 +#define SYS_ENTER_PRCTL 199 +#define SYS_EXIT_PRCTL 198 +#define SYS_ENTER_GETCPU 197 +#define SYS_EXIT_GETCPU 196 +#define SYS_ENTER_SYSINFO 195 +#define SYS_EXIT_SYSINFO 194 +#define SYS_ENTER_RESTART_SYSCALL 191 +#define SYS_EXIT_RESTART_SYSCALL 190 +#define SYS_ENTER_RT_SIGPROCMASK 189 +#define SYS_EXIT_RT_SIGPROCMASK 188 +#define SYS_ENTER_RT_SIGPENDING 187 +#define SYS_EXIT_RT_SIGPENDING 186 +#define SYS_ENTER_RT_SIGTIMEDWAIT 185 +#define SYS_EXIT_RT_SIGTIMEDWAIT 184 +#define SYS_ENTER_KILL 183 +#define SYS_EXIT_KILL 182 +#define SYS_ENTER_PIDFD_SEND_SIGNAL 181 +#define SYS_EXIT_PIDFD_SEND_SIGNAL 180 +#define SYS_ENTER_TGKILL 179 +#define SYS_EXIT_TGKILL 178 +#define SYS_ENTER_TKILL 177 +#define SYS_EXIT_TKILL 176 +#define SYS_ENTER_RT_SIGQUEUEINFO 175 +#define SYS_EXIT_RT_SIGQUEUEINFO 174 +#define SYS_ENTER_RT_TGSIGQUEUEINFO 173 +#define SYS_EXIT_RT_TGSIGQUEUEINFO 172 +#define SYS_ENTER_SIGALTSTACK 171 +#define SYS_EXIT_SIGALTSTACK 170 +#define SYS_ENTER_RT_SIGACTION 169 +#define SYS_EXIT_RT_SIGACTION 168 +#define SYS_ENTER_PAUSE 167 +#define SYS_EXIT_PAUSE 166 +#define SYS_ENTER_RT_SIGSUSPEND 165 +#define SYS_EXIT_RT_SIGSUSPEND 164 +#define SYS_ENTER_PTRACE 163 +#define SYS_EXIT_PTRACE 162 +#define SYS_ENTER_CAPGET 161 +#define SYS_EXIT_CAPGET 160 +#define SYS_ENTER_CAPSET 159 +#define SYS_EXIT_CAPSET 158 +#define SYS_ENTER_EXIT 150 +#define SYS_EXIT_EXIT 149 +#define SYS_ENTER_EXIT_GROUP 148 +#define SYS_EXIT_EXIT_GROUP 147 +#define SYS_ENTER_WAITID 146 +#define SYS_EXIT_WAITID 145 +#define SYS_ENTER_WAIT4 144 +#define SYS_EXIT_WAIT4 143 +#define SYS_ENTER_PERSONALITY 139 +#define SYS_EXIT_PERSONALITY 138 +#define SYS_ENTER_SET_TID_ADDRESS 134 +#define SYS_EXIT_SET_TID_ADDRESS 133 +#define SYS_ENTER_FORK 132 +#define SYS_EXIT_FORK 131 +#define SYS_ENTER_VFORK 130 +#define SYS_EXIT_VFORK 129 +#define SYS_ENTER_CLONE 128 +#define SYS_EXIT_CLONE 127 +#define SYS_ENTER_CLONE3 126 +#define SYS_EXIT_CLONE3 125 +#define SYS_ENTER_UNSHARE 124 +#define SYS_EXIT_UNSHARE 123 +#define SYS_ENTER_MAP_SHADOW_STACK 119 +#define SYS_EXIT_MAP_SHADOW_STACK 118 +#define SYS_ENTER_URETPROBE 117 +#define SYS_EXIT_URETPROBE 116 +#define SYS_ENTER_UPROBE 115 +#define SYS_EXIT_UPROBE 114 +#define SYS_ENTER_ARCH_PRCTL 102 +#define SYS_EXIT_ARCH_PRCTL 101 #define SYS_ENTER_MMAP 100 #define SYS_EXIT_MMAP 99 +#define SYS_ENTER_MODIFY_LDT 98 +#define SYS_EXIT_MODIFY_LDT 97 +#define SYS_ENTER_IOPERM 95 +#define SYS_EXIT_IOPERM 94 +#define SYS_ENTER_IOPL 93 +#define SYS_EXIT_IOPL 92 +#define SYS_ENTER_RT_SIGRETURN 57 +#define SYS_EXIT_RT_SIGRETURN 56 + +/// sys_enter_socket is a struct null_event +SEC("tracepoint/syscalls/sys_enter_socket") +int handle_sys_enter_socket(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SOCKET; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_socket is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_socket") +int handle_sys_exit_socket(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SOCKET; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_socketpair is a struct null_event +SEC("tracepoint/syscalls/sys_enter_socketpair") +int handle_sys_enter_socketpair(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SOCKETPAIR; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_socketpair is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_socketpair") +int handle_sys_exit_socketpair(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SOCKETPAIR; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_bind is a struct fd_event +SEC("tracepoint/syscalls/sys_enter_bind") +int handle_sys_enter_bind(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_FD_EVENT; + ev->trace_id = SYS_ENTER_BIND; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_bind is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_bind") +int handle_sys_exit_bind(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_BIND; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_listen is a struct fd_event +SEC("tracepoint/syscalls/sys_enter_listen") +int handle_sys_enter_listen(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_FD_EVENT; + ev->trace_id = SYS_ENTER_LISTEN; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_listen is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_listen") +int handle_sys_exit_listen(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_LISTEN; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_accept4 is a struct fd_event +SEC("tracepoint/syscalls/sys_enter_accept4") +int handle_sys_enter_accept4(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_FD_EVENT; + ev->trace_id = SYS_ENTER_ACCEPT4; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_accept4 is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_accept4") +int handle_sys_exit_accept4(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_ACCEPT4; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_accept is a struct fd_event +SEC("tracepoint/syscalls/sys_enter_accept") +int handle_sys_enter_accept(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_FD_EVENT; + ev->trace_id = SYS_ENTER_ACCEPT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_accept is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_accept") +int handle_sys_exit_accept(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_ACCEPT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_connect is a struct fd_event +SEC("tracepoint/syscalls/sys_enter_connect") +int handle_sys_enter_connect(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_FD_EVENT; + ev->trace_id = SYS_ENTER_CONNECT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_connect is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_connect") +int handle_sys_exit_connect(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_CONNECT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_getsockname is a struct fd_event +SEC("tracepoint/syscalls/sys_enter_getsockname") +int handle_sys_enter_getsockname(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_FD_EVENT; + ev->trace_id = SYS_ENTER_GETSOCKNAME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_getsockname is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_getsockname") +int handle_sys_exit_getsockname(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_GETSOCKNAME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_getpeername is a struct fd_event +SEC("tracepoint/syscalls/sys_enter_getpeername") +int handle_sys_enter_getpeername(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_FD_EVENT; + ev->trace_id = SYS_ENTER_GETPEERNAME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_getpeername is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_getpeername") +int handle_sys_exit_getpeername(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_GETPEERNAME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_sendto is a struct fd_event +SEC("tracepoint/syscalls/sys_enter_sendto") +int handle_sys_enter_sendto(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_FD_EVENT; + ev->trace_id = SYS_ENTER_SENDTO; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_sendto is a struct ret_event (WRITE_CLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_sendto") +int handle_sys_exit_sendto(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SENDTO; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = WRITE_CLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_recvfrom is a struct fd_event +SEC("tracepoint/syscalls/sys_enter_recvfrom") +int handle_sys_enter_recvfrom(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_FD_EVENT; + ev->trace_id = SYS_ENTER_RECVFROM; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_recvfrom is a struct ret_event (READ_CLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_recvfrom") +int handle_sys_exit_recvfrom(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_RECVFROM; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = READ_CLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_setsockopt is a struct fd_event +SEC("tracepoint/syscalls/sys_enter_setsockopt") +int handle_sys_enter_setsockopt(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_FD_EVENT; + ev->trace_id = SYS_ENTER_SETSOCKOPT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_setsockopt is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_setsockopt") +int handle_sys_exit_setsockopt(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SETSOCKOPT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_getsockopt is a struct fd_event +SEC("tracepoint/syscalls/sys_enter_getsockopt") +int handle_sys_enter_getsockopt(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_FD_EVENT; + ev->trace_id = SYS_ENTER_GETSOCKOPT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_getsockopt is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_getsockopt") +int handle_sys_exit_getsockopt(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_GETSOCKOPT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_shutdown is a struct fd_event +SEC("tracepoint/syscalls/sys_enter_shutdown") +int handle_sys_enter_shutdown(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_FD_EVENT; + ev->trace_id = SYS_ENTER_SHUTDOWN; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_shutdown is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_shutdown") +int handle_sys_exit_shutdown(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SHUTDOWN; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_sendmsg is a struct fd_event +SEC("tracepoint/syscalls/sys_enter_sendmsg") +int handle_sys_enter_sendmsg(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_FD_EVENT; + ev->trace_id = SYS_ENTER_SENDMSG; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_sendmsg is a struct ret_event (WRITE_CLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_sendmsg") +int handle_sys_exit_sendmsg(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SENDMSG; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = WRITE_CLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_sendmmsg is a struct fd_event +SEC("tracepoint/syscalls/sys_enter_sendmmsg") +int handle_sys_enter_sendmmsg(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_FD_EVENT; + ev->trace_id = SYS_ENTER_SENDMMSG; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_sendmmsg is a struct ret_event (WRITE_CLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_sendmmsg") +int handle_sys_exit_sendmmsg(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SENDMMSG; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = WRITE_CLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_recvmsg is a struct fd_event +SEC("tracepoint/syscalls/sys_enter_recvmsg") +int handle_sys_enter_recvmsg(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_FD_EVENT; + ev->trace_id = SYS_ENTER_RECVMSG; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_recvmsg is a struct ret_event (READ_CLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_recvmsg") +int handle_sys_exit_recvmsg(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_RECVMSG; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = READ_CLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_recvmmsg is a struct fd_event +SEC("tracepoint/syscalls/sys_enter_recvmmsg") +int handle_sys_enter_recvmmsg(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_FD_EVENT; + ev->trace_id = SYS_ENTER_RECVMMSG; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_recvmmsg is a struct ret_event (READ_CLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_recvmmsg") +int handle_sys_exit_recvmmsg(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_RECVMMSG; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = READ_CLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_getrandom is a struct null_event +SEC("tracepoint/syscalls/sys_enter_getrandom") +int handle_sys_enter_getrandom(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_GETRANDOM; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_getrandom is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_getrandom") +int handle_sys_exit_getrandom(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_GETRANDOM; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} /// sys_enter_io_uring_register is a struct fd_event SEC("tracepoint/syscalls/sys_enter_io_uring_register") @@ -620,6 +1722,1326 @@ int handle_sys_exit_io_uring_setup(struct syscall_trace_exit *ctx) { return 0; } +/// sys_enter_ioprio_set is a struct null_event +SEC("tracepoint/syscalls/sys_enter_ioprio_set") +int handle_sys_enter_ioprio_set(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_IOPRIO_SET; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_ioprio_set is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_ioprio_set") +int handle_sys_exit_ioprio_set(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_IOPRIO_SET; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_ioprio_get is a struct null_event +SEC("tracepoint/syscalls/sys_enter_ioprio_get") +int handle_sys_enter_ioprio_get(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_IOPRIO_GET; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_ioprio_get is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_ioprio_get") +int handle_sys_exit_ioprio_get(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_IOPRIO_GET; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_landlock_create_ruleset is a struct null_event +SEC("tracepoint/syscalls/sys_enter_landlock_create_ruleset") +int handle_sys_enter_landlock_create_ruleset(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_LANDLOCK_CREATE_RULESET; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_landlock_create_ruleset is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_landlock_create_ruleset") +int handle_sys_exit_landlock_create_ruleset(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_LANDLOCK_CREATE_RULESET; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_landlock_add_rule is a struct null_event +SEC("tracepoint/syscalls/sys_enter_landlock_add_rule") +int handle_sys_enter_landlock_add_rule(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_LANDLOCK_ADD_RULE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_landlock_add_rule is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_landlock_add_rule") +int handle_sys_exit_landlock_add_rule(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_LANDLOCK_ADD_RULE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_landlock_restrict_self is a struct null_event +SEC("tracepoint/syscalls/sys_enter_landlock_restrict_self") +int handle_sys_enter_landlock_restrict_self(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_LANDLOCK_RESTRICT_SELF; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_landlock_restrict_self is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_landlock_restrict_self") +int handle_sys_exit_landlock_restrict_self(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_LANDLOCK_RESTRICT_SELF; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_lsm_set_self_attr is a struct null_event +SEC("tracepoint/syscalls/sys_enter_lsm_set_self_attr") +int handle_sys_enter_lsm_set_self_attr(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_LSM_SET_SELF_ATTR; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_lsm_set_self_attr is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_lsm_set_self_attr") +int handle_sys_exit_lsm_set_self_attr(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_LSM_SET_SELF_ATTR; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_lsm_get_self_attr is a struct null_event +SEC("tracepoint/syscalls/sys_enter_lsm_get_self_attr") +int handle_sys_enter_lsm_get_self_attr(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_LSM_GET_SELF_ATTR; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_lsm_get_self_attr is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_lsm_get_self_attr") +int handle_sys_exit_lsm_get_self_attr(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_LSM_GET_SELF_ATTR; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_lsm_list_modules is a struct null_event +SEC("tracepoint/syscalls/sys_enter_lsm_list_modules") +int handle_sys_enter_lsm_list_modules(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_LSM_LIST_MODULES; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_lsm_list_modules is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_lsm_list_modules") +int handle_sys_exit_lsm_list_modules(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_LSM_LIST_MODULES; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_add_key is a struct null_event +SEC("tracepoint/syscalls/sys_enter_add_key") +int handle_sys_enter_add_key(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_ADD_KEY; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_add_key is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_add_key") +int handle_sys_exit_add_key(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_ADD_KEY; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_request_key is a struct null_event +SEC("tracepoint/syscalls/sys_enter_request_key") +int handle_sys_enter_request_key(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_REQUEST_KEY; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_request_key is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_request_key") +int handle_sys_exit_request_key(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_REQUEST_KEY; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_keyctl is a struct null_event +SEC("tracepoint/syscalls/sys_enter_keyctl") +int handle_sys_enter_keyctl(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_KEYCTL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_keyctl is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_keyctl") +int handle_sys_exit_keyctl(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_KEYCTL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_mq_open is a struct null_event +SEC("tracepoint/syscalls/sys_enter_mq_open") +int handle_sys_enter_mq_open(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MQ_OPEN; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_mq_open is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_mq_open") +int handle_sys_exit_mq_open(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MQ_OPEN; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_mq_unlink is a struct null_event +SEC("tracepoint/syscalls/sys_enter_mq_unlink") +int handle_sys_enter_mq_unlink(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MQ_UNLINK; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_mq_unlink is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_mq_unlink") +int handle_sys_exit_mq_unlink(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MQ_UNLINK; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_mq_timedsend is a struct null_event +SEC("tracepoint/syscalls/sys_enter_mq_timedsend") +int handle_sys_enter_mq_timedsend(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MQ_TIMEDSEND; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_mq_timedsend is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_mq_timedsend") +int handle_sys_exit_mq_timedsend(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MQ_TIMEDSEND; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_mq_timedreceive is a struct null_event +SEC("tracepoint/syscalls/sys_enter_mq_timedreceive") +int handle_sys_enter_mq_timedreceive(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MQ_TIMEDRECEIVE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_mq_timedreceive is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_mq_timedreceive") +int handle_sys_exit_mq_timedreceive(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MQ_TIMEDRECEIVE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_mq_notify is a struct null_event +SEC("tracepoint/syscalls/sys_enter_mq_notify") +int handle_sys_enter_mq_notify(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MQ_NOTIFY; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_mq_notify is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_mq_notify") +int handle_sys_exit_mq_notify(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MQ_NOTIFY; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_mq_getsetattr is a struct null_event +SEC("tracepoint/syscalls/sys_enter_mq_getsetattr") +int handle_sys_enter_mq_getsetattr(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MQ_GETSETATTR; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_mq_getsetattr is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_mq_getsetattr") +int handle_sys_exit_mq_getsetattr(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MQ_GETSETATTR; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_shmget is a struct null_event +SEC("tracepoint/syscalls/sys_enter_shmget") +int handle_sys_enter_shmget(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SHMGET; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_shmget is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_shmget") +int handle_sys_exit_shmget(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SHMGET; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_shmctl is a struct null_event +SEC("tracepoint/syscalls/sys_enter_shmctl") +int handle_sys_enter_shmctl(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SHMCTL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_shmctl is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_shmctl") +int handle_sys_exit_shmctl(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SHMCTL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_shmat is a struct null_event +SEC("tracepoint/syscalls/sys_enter_shmat") +int handle_sys_enter_shmat(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SHMAT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_shmat is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_shmat") +int handle_sys_exit_shmat(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SHMAT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_shmdt is a struct null_event +SEC("tracepoint/syscalls/sys_enter_shmdt") +int handle_sys_enter_shmdt(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SHMDT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_shmdt is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_shmdt") +int handle_sys_exit_shmdt(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SHMDT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_semget is a struct null_event +SEC("tracepoint/syscalls/sys_enter_semget") +int handle_sys_enter_semget(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SEMGET; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_semget is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_semget") +int handle_sys_exit_semget(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SEMGET; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_semctl is a struct null_event +SEC("tracepoint/syscalls/sys_enter_semctl") +int handle_sys_enter_semctl(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SEMCTL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_semctl is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_semctl") +int handle_sys_exit_semctl(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SEMCTL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_semtimedop is a struct null_event +SEC("tracepoint/syscalls/sys_enter_semtimedop") +int handle_sys_enter_semtimedop(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SEMTIMEDOP; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_semtimedop is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_semtimedop") +int handle_sys_exit_semtimedop(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SEMTIMEDOP; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_semop is a struct null_event +SEC("tracepoint/syscalls/sys_enter_semop") +int handle_sys_enter_semop(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SEMOP; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_semop is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_semop") +int handle_sys_exit_semop(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SEMOP; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_msgget is a struct null_event +SEC("tracepoint/syscalls/sys_enter_msgget") +int handle_sys_enter_msgget(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MSGGET; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_msgget is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_msgget") +int handle_sys_exit_msgget(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MSGGET; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_msgctl is a struct null_event +SEC("tracepoint/syscalls/sys_enter_msgctl") +int handle_sys_enter_msgctl(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MSGCTL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_msgctl is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_msgctl") +int handle_sys_exit_msgctl(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MSGCTL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_msgsnd is a struct null_event +SEC("tracepoint/syscalls/sys_enter_msgsnd") +int handle_sys_enter_msgsnd(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MSGSND; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_msgsnd is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_msgsnd") +int handle_sys_exit_msgsnd(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MSGSND; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_msgrcv is a struct null_event +SEC("tracepoint/syscalls/sys_enter_msgrcv") +int handle_sys_enter_msgrcv(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MSGRCV; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_msgrcv is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_msgrcv") +int handle_sys_exit_msgrcv(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MSGRCV; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_quotactl is a struct null_event +SEC("tracepoint/syscalls/sys_enter_quotactl") +int handle_sys_enter_quotactl(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_QUOTACTL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_quotactl is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_quotactl") +int handle_sys_exit_quotactl(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_QUOTACTL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + /// sys_enter_quotactl_fd is a struct fd_event SEC("tracepoint/syscalls/sys_enter_quotactl_fd") int handle_sys_enter_quotactl_fd(struct syscall_trace_enter *ctx) { @@ -1065,6 +3487,667 @@ int handle_sys_exit_io_pgetevents(struct syscall_trace_exit *ctx) { return 0; } +/// sys_enter_userfaultfd is a struct null_event +SEC("tracepoint/syscalls/sys_enter_userfaultfd") +int handle_sys_enter_userfaultfd(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_USERFAULTFD; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_userfaultfd is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_userfaultfd") +int handle_sys_exit_userfaultfd(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_USERFAULTFD; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_eventfd2 is a struct null_event +SEC("tracepoint/syscalls/sys_enter_eventfd2") +int handle_sys_enter_eventfd2(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_EVENTFD2; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_eventfd2 is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_eventfd2") +int handle_sys_exit_eventfd2(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_EVENTFD2; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_eventfd is a struct null_event +SEC("tracepoint/syscalls/sys_enter_eventfd") +int handle_sys_enter_eventfd(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_EVENTFD; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_eventfd is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_eventfd") +int handle_sys_exit_eventfd(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_EVENTFD; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_timerfd_create is a struct null_event +SEC("tracepoint/syscalls/sys_enter_timerfd_create") +int handle_sys_enter_timerfd_create(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_TIMERFD_CREATE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_timerfd_create is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_timerfd_create") +int handle_sys_exit_timerfd_create(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_TIMERFD_CREATE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_timerfd_settime is a struct null_event +SEC("tracepoint/syscalls/sys_enter_timerfd_settime") +int handle_sys_enter_timerfd_settime(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_TIMERFD_SETTIME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_timerfd_settime is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_timerfd_settime") +int handle_sys_exit_timerfd_settime(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_TIMERFD_SETTIME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_timerfd_gettime is a struct null_event +SEC("tracepoint/syscalls/sys_enter_timerfd_gettime") +int handle_sys_enter_timerfd_gettime(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_TIMERFD_GETTIME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_timerfd_gettime is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_timerfd_gettime") +int handle_sys_exit_timerfd_gettime(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_TIMERFD_GETTIME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_signalfd4 is a struct null_event +SEC("tracepoint/syscalls/sys_enter_signalfd4") +int handle_sys_enter_signalfd4(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SIGNALFD4; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_signalfd4 is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_signalfd4") +int handle_sys_exit_signalfd4(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SIGNALFD4; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_signalfd is a struct null_event +SEC("tracepoint/syscalls/sys_enter_signalfd") +int handle_sys_enter_signalfd(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SIGNALFD; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_signalfd is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_signalfd") +int handle_sys_exit_signalfd(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SIGNALFD; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_epoll_create1 is a struct null_event +SEC("tracepoint/syscalls/sys_enter_epoll_create1") +int handle_sys_enter_epoll_create1(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_EPOLL_CREATE1; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_epoll_create1 is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_epoll_create1") +int handle_sys_exit_epoll_create1(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_EPOLL_CREATE1; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_epoll_create is a struct null_event +SEC("tracepoint/syscalls/sys_enter_epoll_create") +int handle_sys_enter_epoll_create(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_EPOLL_CREATE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_epoll_create is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_epoll_create") +int handle_sys_exit_epoll_create(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_EPOLL_CREATE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_epoll_ctl is a struct fd_event +SEC("tracepoint/syscalls/sys_enter_epoll_ctl") +int handle_sys_enter_epoll_ctl(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_FD_EVENT; + ev->trace_id = SYS_ENTER_EPOLL_CTL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[2]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_epoll_ctl is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_epoll_ctl") +int handle_sys_exit_epoll_ctl(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_EPOLL_CTL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_epoll_wait is a struct null_event +SEC("tracepoint/syscalls/sys_enter_epoll_wait") +int handle_sys_enter_epoll_wait(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_EPOLL_WAIT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_epoll_wait is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_epoll_wait") +int handle_sys_exit_epoll_wait(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_EPOLL_WAIT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_epoll_pwait is a struct null_event +SEC("tracepoint/syscalls/sys_enter_epoll_pwait") +int handle_sys_enter_epoll_pwait(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_EPOLL_PWAIT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_epoll_pwait is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_epoll_pwait") +int handle_sys_exit_epoll_pwait(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_EPOLL_PWAIT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_epoll_pwait2 is a struct null_event +SEC("tracepoint/syscalls/sys_enter_epoll_pwait2") +int handle_sys_enter_epoll_pwait2(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_EPOLL_PWAIT2; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_epoll_pwait2 is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_epoll_pwait2") +int handle_sys_exit_epoll_pwait2(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_EPOLL_PWAIT2; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_fanotify_init is a struct null_event +SEC("tracepoint/syscalls/sys_enter_fanotify_init") +int handle_sys_enter_fanotify_init(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_FANOTIFY_INIT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_fanotify_init is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_fanotify_init") +int handle_sys_exit_fanotify_init(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_FANOTIFY_INIT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + /// sys_enter_fanotify_mark is a struct path_event SEC("tracepoint/syscalls/sys_enter_fanotify_mark") int handle_sys_enter_fanotify_mark(struct syscall_trace_enter *ctx) { @@ -1111,6 +4194,184 @@ int handle_sys_exit_fanotify_mark(struct syscall_trace_exit *ctx) { return 0; } +/// sys_enter_inotify_init1 is a struct null_event +SEC("tracepoint/syscalls/sys_enter_inotify_init1") +int handle_sys_enter_inotify_init1(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_INOTIFY_INIT1; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_inotify_init1 is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_inotify_init1") +int handle_sys_exit_inotify_init1(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_INOTIFY_INIT1; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_inotify_init is a struct null_event +SEC("tracepoint/syscalls/sys_enter_inotify_init") +int handle_sys_enter_inotify_init(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_INOTIFY_INIT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_inotify_init is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_inotify_init") +int handle_sys_exit_inotify_init(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_INOTIFY_INIT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_inotify_add_watch is a struct fd_event +SEC("tracepoint/syscalls/sys_enter_inotify_add_watch") +int handle_sys_enter_inotify_add_watch(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_FD_EVENT; + ev->trace_id = SYS_ENTER_INOTIFY_ADD_WATCH; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_inotify_add_watch is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_inotify_add_watch") +int handle_sys_exit_inotify_add_watch(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_INOTIFY_ADD_WATCH; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_inotify_rm_watch is a struct fd_event +SEC("tracepoint/syscalls/sys_enter_inotify_rm_watch") +int handle_sys_enter_inotify_rm_watch(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_FD_EVENT; + ev->trace_id = SYS_ENTER_INOTIFY_RM_WATCH; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_inotify_rm_watch is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_inotify_rm_watch") +int handle_sys_exit_inotify_rm_watch(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_INOTIFY_RM_WATCH; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + /// sys_enter_file_getattr is a struct path_event SEC("tracepoint/syscalls/sys_enter_file_getattr") int handle_sys_enter_file_getattr(struct syscall_trace_enter *ctx) { @@ -1203,6 +4464,50 @@ int handle_sys_exit_file_setattr(struct syscall_trace_exit *ctx) { return 0; } +/// sys_enter_fsopen is a struct null_event +SEC("tracepoint/syscalls/sys_enter_fsopen") +int handle_sys_enter_fsopen(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_FSOPEN; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_fsopen is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_fsopen") +int handle_sys_exit_fsopen(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_FSOPEN; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + /// sys_enter_fspick is a struct path_event SEC("tracepoint/syscalls/sys_enter_fspick") int handle_sys_enter_fspick(struct syscall_trace_enter *ctx) { @@ -1385,6 +4690,50 @@ int handle_sys_exit_fstatfs(struct syscall_trace_exit *ctx) { return 0; } +/// sys_enter_ustat is a struct null_event +SEC("tracepoint/syscalls/sys_enter_ustat") +int handle_sys_enter_ustat(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_USTAT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_ustat is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_ustat") +int handle_sys_exit_ustat(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_USTAT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + /// sys_enter_getcwd is a struct null_event SEC("tracepoint/syscalls/sys_enter_getcwd") int handle_sys_enter_getcwd(struct syscall_trace_enter *ctx) { @@ -1521,6 +4870,94 @@ int handle_sys_exit_futimesat(struct syscall_trace_exit *ctx) { return 0; } +/// sys_enter_utimes is a struct null_event +SEC("tracepoint/syscalls/sys_enter_utimes") +int handle_sys_enter_utimes(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_UTIMES; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_utimes is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_utimes") +int handle_sys_exit_utimes(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_UTIMES; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_utime is a struct null_event +SEC("tracepoint/syscalls/sys_enter_utime") +int handle_sys_enter_utime(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_UTIME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_utime is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_utime") +int handle_sys_exit_utime(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_UTIME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + /// sys_enter_sync is a struct null_event SEC("tracepoint/syscalls/sys_enter_sync") int handle_sys_enter_sync(struct syscall_trace_enter *ctx) { @@ -1790,6 +5227,94 @@ int handle_sys_exit_vmsplice(struct syscall_trace_exit *ctx) { return 0; } +/// sys_enter_splice is a struct null_event +SEC("tracepoint/syscalls/sys_enter_splice") +int handle_sys_enter_splice(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SPLICE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_splice is a struct ret_event (TRANSFER_CLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_splice") +int handle_sys_exit_splice(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SPLICE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = TRANSFER_CLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_tee is a struct null_event +SEC("tracepoint/syscalls/sys_enter_tee") +int handle_sys_enter_tee(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_TEE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_tee is a struct ret_event (TRANSFER_CLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_tee") +int handle_sys_exit_tee(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_TEE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = TRANSFER_CLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + /// sys_enter_setxattrat is a struct path_event SEC("tracepoint/syscalls/sys_enter_setxattrat") int handle_sys_enter_setxattrat(struct syscall_trace_enter *ctx) { @@ -2522,6 +6047,50 @@ int handle_sys_exit_fremovexattr(struct syscall_trace_exit *ctx) { return 0; } +/// sys_enter_umount is a struct null_event +SEC("tracepoint/syscalls/sys_enter_umount") +int handle_sys_enter_umount(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_UMOUNT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_umount is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_umount") +int handle_sys_exit_umount(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_UMOUNT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + /// sys_enter_open_tree is a struct open_event SEC("tracepoint/syscalls/sys_enter_open_tree") int handle_sys_enter_open_tree(struct syscall_trace_enter *ctx) { @@ -2570,6 +6139,182 @@ int handle_sys_exit_open_tree(struct syscall_trace_exit *ctx) { return 0; } +/// sys_enter_mount is a struct null_event +SEC("tracepoint/syscalls/sys_enter_mount") +int handle_sys_enter_mount(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MOUNT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_mount is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_mount") +int handle_sys_exit_mount(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MOUNT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_fsmount is a struct null_event +SEC("tracepoint/syscalls/sys_enter_fsmount") +int handle_sys_enter_fsmount(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_FSMOUNT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_fsmount is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_fsmount") +int handle_sys_exit_fsmount(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_FSMOUNT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_move_mount is a struct null_event +SEC("tracepoint/syscalls/sys_enter_move_mount") +int handle_sys_enter_move_mount(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MOVE_MOUNT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_move_mount is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_move_mount") +int handle_sys_exit_move_mount(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MOVE_MOUNT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_pivot_root is a struct null_event +SEC("tracepoint/syscalls/sys_enter_pivot_root") +int handle_sys_enter_pivot_root(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_PIVOT_ROOT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_pivot_root is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_pivot_root") +int handle_sys_exit_pivot_root(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_PIVOT_ROOT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + /// sys_enter_mount_setattr is a struct path_event SEC("tracepoint/syscalls/sys_enter_mount_setattr") int handle_sys_enter_mount_setattr(struct syscall_trace_enter *ctx) { @@ -2664,6 +6409,138 @@ int handle_sys_exit_open_tree_attr(struct syscall_trace_exit *ctx) { return 0; } +/// sys_enter_statmount is a struct null_event +SEC("tracepoint/syscalls/sys_enter_statmount") +int handle_sys_enter_statmount(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_STATMOUNT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_statmount is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_statmount") +int handle_sys_exit_statmount(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_STATMOUNT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_listmount is a struct null_event +SEC("tracepoint/syscalls/sys_enter_listmount") +int handle_sys_enter_listmount(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_LISTMOUNT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_listmount is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_listmount") +int handle_sys_exit_listmount(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_LISTMOUNT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_sysfs is a struct null_event +SEC("tracepoint/syscalls/sys_enter_sysfs") +int handle_sys_enter_sysfs(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SYSFS; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_sysfs is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_sysfs") +int handle_sys_exit_sysfs(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SYSFS; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + /// sys_enter_close_range is a struct fd_event SEC("tracepoint/syscalls/sys_enter_close_range") int handle_sys_enter_close_range(struct syscall_trace_enter *ctx) { @@ -2845,6 +6722,182 @@ int handle_sys_exit_dup(struct syscall_trace_exit *ctx) { return 0; } +/// sys_enter_select is a struct null_event +SEC("tracepoint/syscalls/sys_enter_select") +int handle_sys_enter_select(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SELECT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_select is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_select") +int handle_sys_exit_select(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SELECT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_pselect6 is a struct null_event +SEC("tracepoint/syscalls/sys_enter_pselect6") +int handle_sys_enter_pselect6(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_PSELECT6; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_pselect6 is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_pselect6") +int handle_sys_exit_pselect6(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_PSELECT6; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_poll is a struct null_event +SEC("tracepoint/syscalls/sys_enter_poll") +int handle_sys_enter_poll(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_POLL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_poll is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_poll") +int handle_sys_exit_poll(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_POLL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_ppoll is a struct null_event +SEC("tracepoint/syscalls/sys_enter_ppoll") +int handle_sys_enter_ppoll(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_PPOLL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_ppoll is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_ppoll") +int handle_sys_exit_ppoll(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_PPOLL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + /// sys_enter_getdents is a struct fd_event SEC("tracepoint/syscalls/sys_enter_getdents") int handle_sys_enter_getdents(struct syscall_trace_enter *ctx) { @@ -3027,6 +7080,98 @@ int handle_sys_exit_fcntl(struct syscall_trace_exit *ctx) { return 0; } +/// sys_enter_mknodat is a struct path_event +SEC("tracepoint/syscalls/sys_enter_mknodat") +int handle_sys_enter_mknodat(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct path_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct path_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_PATH_EVENT; + ev->trace_id = SYS_ENTER_MKNODAT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + __builtin_memset(&(ev->pathname), 0, sizeof(ev->pathname)); + bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[1]); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_mknodat is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_mknodat") +int handle_sys_exit_mknodat(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MKNODAT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_mknod is a struct path_event +SEC("tracepoint/syscalls/sys_enter_mknod") +int handle_sys_enter_mknod(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct path_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct path_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_PATH_EVENT; + ev->trace_id = SYS_ENTER_MKNOD; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + __builtin_memset(&(ev->pathname), 0, sizeof(ev->pathname)); + bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[0]); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_mknod is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_mknod") +int handle_sys_exit_mknod(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MKNOD; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + /// sys_enter_mkdirat is a struct path_event SEC("tracepoint/syscalls/sys_enter_mkdirat") int handle_sys_enter_mkdirat(struct syscall_trace_enter *ctx) { @@ -3586,6 +7731,185 @@ int handle_sys_exit_rename(struct syscall_trace_exit *ctx) { return 0; } +/// sys_enter_pipe2 is a struct null_event +SEC("tracepoint/syscalls/sys_enter_pipe2") +int handle_sys_enter_pipe2(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_PIPE2; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_pipe2 is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_pipe2") +int handle_sys_exit_pipe2(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_PIPE2; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_pipe is a struct null_event +SEC("tracepoint/syscalls/sys_enter_pipe") +int handle_sys_enter_pipe(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_PIPE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_pipe is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_pipe") +int handle_sys_exit_pipe(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_PIPE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_execve is a struct path_event +SEC("tracepoint/syscalls/sys_enter_execve") +int handle_sys_enter_execve(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct path_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct path_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_PATH_EVENT; + ev->trace_id = SYS_ENTER_EXECVE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + __builtin_memset(&(ev->pathname), 0, sizeof(ev->pathname)); + bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[0]); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_execve is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_execve") +int handle_sys_exit_execve(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_EXECVE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_execveat is a struct fd_event +SEC("tracepoint/syscalls/sys_enter_execveat") +int handle_sys_enter_execveat(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_FD_EVENT; + ev->trace_id = SYS_ENTER_EXECVEAT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_execveat is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_execveat") +int handle_sys_exit_execveat(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_EXECVEAT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + /// sys_enter_newstat is a struct path_event SEC("tracepoint/syscalls/sys_enter_newstat") int handle_sys_enter_newstat(struct syscall_trace_enter *ctx) { @@ -4402,6 +8726,50 @@ int handle_sys_exit_pwritev2(struct syscall_trace_exit *ctx) { return 0; } +/// sys_enter_sendfile64 is a struct null_event +SEC("tracepoint/syscalls/sys_enter_sendfile64") +int handle_sys_enter_sendfile64(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SENDFILE64; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_sendfile64 is a struct ret_event (TRANSFER_CLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_sendfile64") +int handle_sys_exit_sendfile64(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SENDFILE64; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = TRANSFER_CLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + /// sys_enter_copy_file_range is a struct fd_event SEC("tracepoint/syscalls/sys_enter_copy_file_range") int handle_sys_enter_copy_file_range(struct syscall_trace_enter *ctx) { @@ -5459,6 +9827,710 @@ int handle_sys_exit_close(struct syscall_trace_exit *ctx) { return 0; } +/// sys_enter_vhangup is a struct null_event +SEC("tracepoint/syscalls/sys_enter_vhangup") +int handle_sys_enter_vhangup(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_VHANGUP; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_vhangup is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_vhangup") +int handle_sys_exit_vhangup(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_VHANGUP; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_memfd_create is a struct null_event +SEC("tracepoint/syscalls/sys_enter_memfd_create") +int handle_sys_enter_memfd_create(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MEMFD_CREATE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_memfd_create is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_memfd_create") +int handle_sys_exit_memfd_create(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MEMFD_CREATE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_memfd_secret is a struct null_event +SEC("tracepoint/syscalls/sys_enter_memfd_secret") +int handle_sys_enter_memfd_secret(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MEMFD_SECRET; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_memfd_secret is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_memfd_secret") +int handle_sys_exit_memfd_secret(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MEMFD_SECRET; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_move_pages is a struct null_event +SEC("tracepoint/syscalls/sys_enter_move_pages") +int handle_sys_enter_move_pages(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MOVE_PAGES; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_move_pages is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_move_pages") +int handle_sys_exit_move_pages(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MOVE_PAGES; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_set_mempolicy_home_node is a struct null_event +SEC("tracepoint/syscalls/sys_enter_set_mempolicy_home_node") +int handle_sys_enter_set_mempolicy_home_node(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SET_MEMPOLICY_HOME_NODE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_set_mempolicy_home_node is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_set_mempolicy_home_node") +int handle_sys_exit_set_mempolicy_home_node(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SET_MEMPOLICY_HOME_NODE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_mbind is a struct null_event +SEC("tracepoint/syscalls/sys_enter_mbind") +int handle_sys_enter_mbind(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MBIND; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_mbind is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_mbind") +int handle_sys_exit_mbind(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MBIND; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_set_mempolicy is a struct null_event +SEC("tracepoint/syscalls/sys_enter_set_mempolicy") +int handle_sys_enter_set_mempolicy(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SET_MEMPOLICY; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_set_mempolicy is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_set_mempolicy") +int handle_sys_exit_set_mempolicy(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SET_MEMPOLICY; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_migrate_pages is a struct null_event +SEC("tracepoint/syscalls/sys_enter_migrate_pages") +int handle_sys_enter_migrate_pages(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MIGRATE_PAGES; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_migrate_pages is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_migrate_pages") +int handle_sys_exit_migrate_pages(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MIGRATE_PAGES; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_get_mempolicy is a struct null_event +SEC("tracepoint/syscalls/sys_enter_get_mempolicy") +int handle_sys_enter_get_mempolicy(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_GET_MEMPOLICY; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_get_mempolicy is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_get_mempolicy") +int handle_sys_exit_get_mempolicy(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_GET_MEMPOLICY; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_swapoff is a struct null_event +SEC("tracepoint/syscalls/sys_enter_swapoff") +int handle_sys_enter_swapoff(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SWAPOFF; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_swapoff is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_swapoff") +int handle_sys_exit_swapoff(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SWAPOFF; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_swapon is a struct null_event +SEC("tracepoint/syscalls/sys_enter_swapon") +int handle_sys_enter_swapon(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SWAPON; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_swapon is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_swapon") +int handle_sys_exit_swapon(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SWAPON; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_madvise is a struct null_event +SEC("tracepoint/syscalls/sys_enter_madvise") +int handle_sys_enter_madvise(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MADVISE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_madvise is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_madvise") +int handle_sys_exit_madvise(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MADVISE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_process_madvise is a struct null_event +SEC("tracepoint/syscalls/sys_enter_process_madvise") +int handle_sys_enter_process_madvise(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_PROCESS_MADVISE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_process_madvise is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_process_madvise") +int handle_sys_exit_process_madvise(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_PROCESS_MADVISE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_mseal is a struct null_event +SEC("tracepoint/syscalls/sys_enter_mseal") +int handle_sys_enter_mseal(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MSEAL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_mseal is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_mseal") +int handle_sys_exit_mseal(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MSEAL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_process_vm_readv is a struct null_event +SEC("tracepoint/syscalls/sys_enter_process_vm_readv") +int handle_sys_enter_process_vm_readv(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_PROCESS_VM_READV; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_process_vm_readv is a struct ret_event (READ_CLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_process_vm_readv") +int handle_sys_exit_process_vm_readv(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_PROCESS_VM_READV; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = READ_CLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_process_vm_writev is a struct null_event +SEC("tracepoint/syscalls/sys_enter_process_vm_writev") +int handle_sys_enter_process_vm_writev(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_PROCESS_VM_WRITEV; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_process_vm_writev is a struct ret_event (WRITE_CLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_process_vm_writev") +int handle_sys_exit_process_vm_writev(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_PROCESS_VM_WRITEV; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = WRITE_CLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + /// sys_enter_msync is a struct null_event SEC("tracepoint/syscalls/sys_enter_msync") int handle_sys_enter_msync(struct syscall_trace_enter *ctx) { @@ -5503,6 +10575,622 @@ int handle_sys_exit_msync(struct syscall_trace_exit *ctx) { return 0; } +/// sys_enter_mremap is a struct null_event +SEC("tracepoint/syscalls/sys_enter_mremap") +int handle_sys_enter_mremap(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MREMAP; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_mremap is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_mremap") +int handle_sys_exit_mremap(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MREMAP; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_mprotect is a struct null_event +SEC("tracepoint/syscalls/sys_enter_mprotect") +int handle_sys_enter_mprotect(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MPROTECT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_mprotect is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_mprotect") +int handle_sys_exit_mprotect(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MPROTECT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_pkey_mprotect is a struct null_event +SEC("tracepoint/syscalls/sys_enter_pkey_mprotect") +int handle_sys_enter_pkey_mprotect(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_PKEY_MPROTECT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_pkey_mprotect is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_pkey_mprotect") +int handle_sys_exit_pkey_mprotect(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_PKEY_MPROTECT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_pkey_alloc is a struct null_event +SEC("tracepoint/syscalls/sys_enter_pkey_alloc") +int handle_sys_enter_pkey_alloc(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_PKEY_ALLOC; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_pkey_alloc is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_pkey_alloc") +int handle_sys_exit_pkey_alloc(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_PKEY_ALLOC; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_pkey_free is a struct null_event +SEC("tracepoint/syscalls/sys_enter_pkey_free") +int handle_sys_enter_pkey_free(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_PKEY_FREE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_pkey_free is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_pkey_free") +int handle_sys_exit_pkey_free(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_PKEY_FREE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_brk is a struct null_event +SEC("tracepoint/syscalls/sys_enter_brk") +int handle_sys_enter_brk(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_BRK; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_brk is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_brk") +int handle_sys_exit_brk(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_BRK; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_munmap is a struct null_event +SEC("tracepoint/syscalls/sys_enter_munmap") +int handle_sys_enter_munmap(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MUNMAP; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_munmap is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_munmap") +int handle_sys_exit_munmap(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MUNMAP; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_remap_file_pages is a struct null_event +SEC("tracepoint/syscalls/sys_enter_remap_file_pages") +int handle_sys_enter_remap_file_pages(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_REMAP_FILE_PAGES; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_remap_file_pages is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_remap_file_pages") +int handle_sys_exit_remap_file_pages(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_REMAP_FILE_PAGES; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_mlock is a struct null_event +SEC("tracepoint/syscalls/sys_enter_mlock") +int handle_sys_enter_mlock(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MLOCK; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_mlock is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_mlock") +int handle_sys_exit_mlock(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MLOCK; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_mlock2 is a struct null_event +SEC("tracepoint/syscalls/sys_enter_mlock2") +int handle_sys_enter_mlock2(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MLOCK2; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_mlock2 is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_mlock2") +int handle_sys_exit_mlock2(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MLOCK2; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_munlock is a struct null_event +SEC("tracepoint/syscalls/sys_enter_munlock") +int handle_sys_enter_munlock(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MUNLOCK; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_munlock is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_munlock") +int handle_sys_exit_munlock(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MUNLOCK; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_mlockall is a struct null_event +SEC("tracepoint/syscalls/sys_enter_mlockall") +int handle_sys_enter_mlockall(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MLOCKALL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_mlockall is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_mlockall") +int handle_sys_exit_mlockall(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MLOCKALL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_munlockall is a struct null_event +SEC("tracepoint/syscalls/sys_enter_munlockall") +int handle_sys_enter_munlockall(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MUNLOCKALL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_munlockall is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_munlockall") +int handle_sys_exit_munlockall(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MUNLOCKALL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_mincore is a struct null_event +SEC("tracepoint/syscalls/sys_enter_mincore") +int handle_sys_enter_mincore(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MINCORE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_mincore is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_mincore") +int handle_sys_exit_mincore(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MINCORE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + /// sys_enter_readahead is a struct fd_event SEC("tracepoint/syscalls/sys_enter_readahead") int handle_sys_enter_readahead(struct syscall_trace_enter *ctx) { @@ -5593,6 +11281,50 @@ int handle_sys_exit_fadvise64(struct syscall_trace_exit *ctx) { return 0; } +/// sys_enter_process_mrelease is a struct null_event +SEC("tracepoint/syscalls/sys_enter_process_mrelease") +int handle_sys_enter_process_mrelease(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_PROCESS_MRELEASE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_process_mrelease is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_process_mrelease") +int handle_sys_exit_process_mrelease(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_PROCESS_MRELEASE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + /// sys_enter_cachestat is a struct fd_event SEC("tracepoint/syscalls/sys_enter_cachestat") int handle_sys_enter_cachestat(struct syscall_trace_enter *ctx) { @@ -5638,6 +11370,1546 @@ int handle_sys_exit_cachestat(struct syscall_trace_exit *ctx) { return 0; } +/// sys_enter_rseq is a struct null_event +SEC("tracepoint/syscalls/sys_enter_rseq") +int handle_sys_enter_rseq(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_RSEQ; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_rseq is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_rseq") +int handle_sys_exit_rseq(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_RSEQ; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_perf_event_open is a struct null_event +SEC("tracepoint/syscalls/sys_enter_perf_event_open") +int handle_sys_enter_perf_event_open(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_PERF_EVENT_OPEN; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_perf_event_open is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_perf_event_open") +int handle_sys_exit_perf_event_open(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_PERF_EVENT_OPEN; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_bpf is a struct null_event +SEC("tracepoint/syscalls/sys_enter_bpf") +int handle_sys_enter_bpf(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_BPF; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_bpf is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_bpf") +int handle_sys_exit_bpf(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_BPF; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_seccomp is a struct null_event +SEC("tracepoint/syscalls/sys_enter_seccomp") +int handle_sys_enter_seccomp(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SECCOMP; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_seccomp is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_seccomp") +int handle_sys_exit_seccomp(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SECCOMP; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_kexec_file_load is a struct null_event +SEC("tracepoint/syscalls/sys_enter_kexec_file_load") +int handle_sys_enter_kexec_file_load(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_KEXEC_FILE_LOAD; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_kexec_file_load is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_kexec_file_load") +int handle_sys_exit_kexec_file_load(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_KEXEC_FILE_LOAD; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_kexec_load is a struct null_event +SEC("tracepoint/syscalls/sys_enter_kexec_load") +int handle_sys_enter_kexec_load(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_KEXEC_LOAD; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_kexec_load is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_kexec_load") +int handle_sys_exit_kexec_load(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_KEXEC_LOAD; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_acct is a struct null_event +SEC("tracepoint/syscalls/sys_enter_acct") +int handle_sys_enter_acct(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_ACCT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_acct is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_acct") +int handle_sys_exit_acct(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_ACCT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_set_robust_list is a struct null_event +SEC("tracepoint/syscalls/sys_enter_set_robust_list") +int handle_sys_enter_set_robust_list(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SET_ROBUST_LIST; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_set_robust_list is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_set_robust_list") +int handle_sys_exit_set_robust_list(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SET_ROBUST_LIST; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_get_robust_list is a struct null_event +SEC("tracepoint/syscalls/sys_enter_get_robust_list") +int handle_sys_enter_get_robust_list(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_GET_ROBUST_LIST; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_get_robust_list is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_get_robust_list") +int handle_sys_exit_get_robust_list(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_GET_ROBUST_LIST; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_futex is a struct null_event +SEC("tracepoint/syscalls/sys_enter_futex") +int handle_sys_enter_futex(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_FUTEX; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_futex is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_futex") +int handle_sys_exit_futex(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_FUTEX; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_futex_waitv is a struct null_event +SEC("tracepoint/syscalls/sys_enter_futex_waitv") +int handle_sys_enter_futex_waitv(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_FUTEX_WAITV; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_futex_waitv is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_futex_waitv") +int handle_sys_exit_futex_waitv(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_FUTEX_WAITV; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_futex_wake is a struct null_event +SEC("tracepoint/syscalls/sys_enter_futex_wake") +int handle_sys_enter_futex_wake(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_FUTEX_WAKE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_futex_wake is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_futex_wake") +int handle_sys_exit_futex_wake(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_FUTEX_WAKE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_futex_wait is a struct null_event +SEC("tracepoint/syscalls/sys_enter_futex_wait") +int handle_sys_enter_futex_wait(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_FUTEX_WAIT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_futex_wait is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_futex_wait") +int handle_sys_exit_futex_wait(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_FUTEX_WAIT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_futex_requeue is a struct null_event +SEC("tracepoint/syscalls/sys_enter_futex_requeue") +int handle_sys_enter_futex_requeue(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_FUTEX_REQUEUE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_futex_requeue is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_futex_requeue") +int handle_sys_exit_futex_requeue(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_FUTEX_REQUEUE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_getitimer is a struct null_event +SEC("tracepoint/syscalls/sys_enter_getitimer") +int handle_sys_enter_getitimer(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_GETITIMER; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_getitimer is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_getitimer") +int handle_sys_exit_getitimer(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_GETITIMER; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_alarm is a struct null_event +SEC("tracepoint/syscalls/sys_enter_alarm") +int handle_sys_enter_alarm(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_ALARM; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_alarm is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_alarm") +int handle_sys_exit_alarm(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_ALARM; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_setitimer is a struct null_event +SEC("tracepoint/syscalls/sys_enter_setitimer") +int handle_sys_enter_setitimer(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SETITIMER; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_setitimer is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_setitimer") +int handle_sys_exit_setitimer(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SETITIMER; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_timer_create is a struct null_event +SEC("tracepoint/syscalls/sys_enter_timer_create") +int handle_sys_enter_timer_create(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_TIMER_CREATE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_timer_create is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_timer_create") +int handle_sys_exit_timer_create(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_TIMER_CREATE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_timer_gettime is a struct null_event +SEC("tracepoint/syscalls/sys_enter_timer_gettime") +int handle_sys_enter_timer_gettime(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_TIMER_GETTIME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_timer_gettime is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_timer_gettime") +int handle_sys_exit_timer_gettime(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_TIMER_GETTIME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_timer_getoverrun is a struct null_event +SEC("tracepoint/syscalls/sys_enter_timer_getoverrun") +int handle_sys_enter_timer_getoverrun(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_TIMER_GETOVERRUN; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_timer_getoverrun is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_timer_getoverrun") +int handle_sys_exit_timer_getoverrun(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_TIMER_GETOVERRUN; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_timer_settime is a struct null_event +SEC("tracepoint/syscalls/sys_enter_timer_settime") +int handle_sys_enter_timer_settime(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_TIMER_SETTIME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_timer_settime is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_timer_settime") +int handle_sys_exit_timer_settime(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_TIMER_SETTIME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_timer_delete is a struct null_event +SEC("tracepoint/syscalls/sys_enter_timer_delete") +int handle_sys_enter_timer_delete(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_TIMER_DELETE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_timer_delete is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_timer_delete") +int handle_sys_exit_timer_delete(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_TIMER_DELETE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_clock_settime is a struct null_event +SEC("tracepoint/syscalls/sys_enter_clock_settime") +int handle_sys_enter_clock_settime(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_CLOCK_SETTIME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_clock_settime is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_clock_settime") +int handle_sys_exit_clock_settime(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_CLOCK_SETTIME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_clock_gettime is a struct null_event +SEC("tracepoint/syscalls/sys_enter_clock_gettime") +int handle_sys_enter_clock_gettime(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_CLOCK_GETTIME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_clock_gettime is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_clock_gettime") +int handle_sys_exit_clock_gettime(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_CLOCK_GETTIME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_clock_adjtime is a struct null_event +SEC("tracepoint/syscalls/sys_enter_clock_adjtime") +int handle_sys_enter_clock_adjtime(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_CLOCK_ADJTIME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_clock_adjtime is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_clock_adjtime") +int handle_sys_exit_clock_adjtime(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_CLOCK_ADJTIME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_clock_getres is a struct null_event +SEC("tracepoint/syscalls/sys_enter_clock_getres") +int handle_sys_enter_clock_getres(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_CLOCK_GETRES; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_clock_getres is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_clock_getres") +int handle_sys_exit_clock_getres(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_CLOCK_GETRES; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_clock_nanosleep is a struct null_event +SEC("tracepoint/syscalls/sys_enter_clock_nanosleep") +int handle_sys_enter_clock_nanosleep(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_CLOCK_NANOSLEEP; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_clock_nanosleep is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_clock_nanosleep") +int handle_sys_exit_clock_nanosleep(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_CLOCK_NANOSLEEP; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_nanosleep is a struct null_event +SEC("tracepoint/syscalls/sys_enter_nanosleep") +int handle_sys_enter_nanosleep(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_NANOSLEEP; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_nanosleep is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_nanosleep") +int handle_sys_exit_nanosleep(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_NANOSLEEP; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_time is a struct null_event +SEC("tracepoint/syscalls/sys_enter_time") +int handle_sys_enter_time(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_TIME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_time is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_time") +int handle_sys_exit_time(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_TIME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_gettimeofday is a struct null_event +SEC("tracepoint/syscalls/sys_enter_gettimeofday") +int handle_sys_enter_gettimeofday(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_GETTIMEOFDAY; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_gettimeofday is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_gettimeofday") +int handle_sys_exit_gettimeofday(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_GETTIMEOFDAY; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_settimeofday is a struct null_event +SEC("tracepoint/syscalls/sys_enter_settimeofday") +int handle_sys_enter_settimeofday(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SETTIMEOFDAY; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_settimeofday is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_settimeofday") +int handle_sys_exit_settimeofday(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SETTIMEOFDAY; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_adjtimex is a struct null_event +SEC("tracepoint/syscalls/sys_enter_adjtimex") +int handle_sys_enter_adjtimex(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_ADJTIMEX; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_adjtimex is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_adjtimex") +int handle_sys_exit_adjtimex(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_ADJTIMEX; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_kcmp is a struct null_event +SEC("tracepoint/syscalls/sys_enter_kcmp") +int handle_sys_enter_kcmp(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_KCMP; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_kcmp is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_kcmp") +int handle_sys_exit_kcmp(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_KCMP; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_delete_module is a struct null_event +SEC("tracepoint/syscalls/sys_enter_delete_module") +int handle_sys_enter_delete_module(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_DELETE_MODULE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_delete_module is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_delete_module") +int handle_sys_exit_delete_module(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_DELETE_MODULE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_init_module is a struct null_event +SEC("tracepoint/syscalls/sys_enter_init_module") +int handle_sys_enter_init_module(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_INIT_MODULE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_init_module is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_init_module") +int handle_sys_exit_init_module(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_INIT_MODULE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + /// sys_enter_finit_module is a struct fd_event SEC("tracepoint/syscalls/sys_enter_finit_module") int handle_sys_enter_finit_module(struct syscall_trace_enter *ctx) { @@ -5727,6 +12999,843 @@ int handle_sys_exit_syslog(struct syscall_trace_exit *ctx) { return 0; } +/// sys_enter_membarrier is a struct null_event +SEC("tracepoint/syscalls/sys_enter_membarrier") +int handle_sys_enter_membarrier(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MEMBARRIER; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_membarrier is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_membarrier") +int handle_sys_exit_membarrier(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MEMBARRIER; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_sched_setscheduler is a struct null_event +SEC("tracepoint/syscalls/sys_enter_sched_setscheduler") +int handle_sys_enter_sched_setscheduler(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SCHED_SETSCHEDULER; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_sched_setscheduler is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_sched_setscheduler") +int handle_sys_exit_sched_setscheduler(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SCHED_SETSCHEDULER; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_sched_setparam is a struct null_event +SEC("tracepoint/syscalls/sys_enter_sched_setparam") +int handle_sys_enter_sched_setparam(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SCHED_SETPARAM; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_sched_setparam is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_sched_setparam") +int handle_sys_exit_sched_setparam(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SCHED_SETPARAM; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_sched_setattr is a struct null_event +SEC("tracepoint/syscalls/sys_enter_sched_setattr") +int handle_sys_enter_sched_setattr(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SCHED_SETATTR; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_sched_setattr is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_sched_setattr") +int handle_sys_exit_sched_setattr(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SCHED_SETATTR; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_sched_getscheduler is a struct null_event +SEC("tracepoint/syscalls/sys_enter_sched_getscheduler") +int handle_sys_enter_sched_getscheduler(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SCHED_GETSCHEDULER; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_sched_getscheduler is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_sched_getscheduler") +int handle_sys_exit_sched_getscheduler(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SCHED_GETSCHEDULER; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_sched_getparam is a struct null_event +SEC("tracepoint/syscalls/sys_enter_sched_getparam") +int handle_sys_enter_sched_getparam(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SCHED_GETPARAM; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_sched_getparam is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_sched_getparam") +int handle_sys_exit_sched_getparam(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SCHED_GETPARAM; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_sched_getattr is a struct null_event +SEC("tracepoint/syscalls/sys_enter_sched_getattr") +int handle_sys_enter_sched_getattr(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SCHED_GETATTR; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_sched_getattr is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_sched_getattr") +int handle_sys_exit_sched_getattr(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SCHED_GETATTR; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_sched_setaffinity is a struct null_event +SEC("tracepoint/syscalls/sys_enter_sched_setaffinity") +int handle_sys_enter_sched_setaffinity(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SCHED_SETAFFINITY; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_sched_setaffinity is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_sched_setaffinity") +int handle_sys_exit_sched_setaffinity(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SCHED_SETAFFINITY; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_sched_getaffinity is a struct null_event +SEC("tracepoint/syscalls/sys_enter_sched_getaffinity") +int handle_sys_enter_sched_getaffinity(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SCHED_GETAFFINITY; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_sched_getaffinity is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_sched_getaffinity") +int handle_sys_exit_sched_getaffinity(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SCHED_GETAFFINITY; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_sched_yield is a struct null_event +SEC("tracepoint/syscalls/sys_enter_sched_yield") +int handle_sys_enter_sched_yield(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SCHED_YIELD; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_sched_yield is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_sched_yield") +int handle_sys_exit_sched_yield(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SCHED_YIELD; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_sched_get_priority_max is a struct null_event +SEC("tracepoint/syscalls/sys_enter_sched_get_priority_max") +int handle_sys_enter_sched_get_priority_max(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SCHED_GET_PRIORITY_MAX; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_sched_get_priority_max is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_sched_get_priority_max") +int handle_sys_exit_sched_get_priority_max(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SCHED_GET_PRIORITY_MAX; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_sched_get_priority_min is a struct null_event +SEC("tracepoint/syscalls/sys_enter_sched_get_priority_min") +int handle_sys_enter_sched_get_priority_min(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SCHED_GET_PRIORITY_MIN; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_sched_get_priority_min is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_sched_get_priority_min") +int handle_sys_exit_sched_get_priority_min(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SCHED_GET_PRIORITY_MIN; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_sched_rr_get_interval is a struct null_event +SEC("tracepoint/syscalls/sys_enter_sched_rr_get_interval") +int handle_sys_enter_sched_rr_get_interval(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SCHED_RR_GET_INTERVAL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_sched_rr_get_interval is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_sched_rr_get_interval") +int handle_sys_exit_sched_rr_get_interval(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SCHED_RR_GET_INTERVAL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_getgroups is a struct null_event +SEC("tracepoint/syscalls/sys_enter_getgroups") +int handle_sys_enter_getgroups(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_GETGROUPS; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_getgroups is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_getgroups") +int handle_sys_exit_getgroups(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_GETGROUPS; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_setgroups is a struct null_event +SEC("tracepoint/syscalls/sys_enter_setgroups") +int handle_sys_enter_setgroups(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SETGROUPS; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_setgroups is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_setgroups") +int handle_sys_exit_setgroups(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SETGROUPS; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_reboot is a struct null_event +SEC("tracepoint/syscalls/sys_enter_reboot") +int handle_sys_enter_reboot(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_REBOOT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_reboot is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_reboot") +int handle_sys_exit_reboot(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_REBOOT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_listns is a struct null_event +SEC("tracepoint/syscalls/sys_enter_listns") +int handle_sys_enter_listns(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_LISTNS; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_listns is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_listns") +int handle_sys_exit_listns(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_LISTNS; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_setns is a struct fd_event +SEC("tracepoint/syscalls/sys_enter_setns") +int handle_sys_enter_setns(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_FD_EVENT; + ev->trace_id = SYS_ENTER_SETNS; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_setns is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_setns") +int handle_sys_exit_setns(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SETNS; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_pidfd_open is a struct null_event +SEC("tracepoint/syscalls/sys_enter_pidfd_open") +int handle_sys_enter_pidfd_open(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_PIDFD_OPEN; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_pidfd_open is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_pidfd_open") +int handle_sys_exit_pidfd_open(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_PIDFD_OPEN; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + /// sys_enter_pidfd_getfd is a struct fd_event SEC("tracepoint/syscalls/sys_enter_pidfd_getfd") int handle_sys_enter_pidfd_getfd(struct syscall_trace_enter *ctx) { @@ -5772,6 +13881,2998 @@ int handle_sys_exit_pidfd_getfd(struct syscall_trace_exit *ctx) { return 0; } +/// sys_enter_setpriority is a struct null_event +SEC("tracepoint/syscalls/sys_enter_setpriority") +int handle_sys_enter_setpriority(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SETPRIORITY; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_setpriority is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_setpriority") +int handle_sys_exit_setpriority(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SETPRIORITY; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_getpriority is a struct null_event +SEC("tracepoint/syscalls/sys_enter_getpriority") +int handle_sys_enter_getpriority(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_GETPRIORITY; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_getpriority is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_getpriority") +int handle_sys_exit_getpriority(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_GETPRIORITY; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_setregid is a struct null_event +SEC("tracepoint/syscalls/sys_enter_setregid") +int handle_sys_enter_setregid(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SETREGID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_setregid is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_setregid") +int handle_sys_exit_setregid(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SETREGID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_setgid is a struct null_event +SEC("tracepoint/syscalls/sys_enter_setgid") +int handle_sys_enter_setgid(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SETGID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_setgid is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_setgid") +int handle_sys_exit_setgid(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SETGID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_setreuid is a struct null_event +SEC("tracepoint/syscalls/sys_enter_setreuid") +int handle_sys_enter_setreuid(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SETREUID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_setreuid is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_setreuid") +int handle_sys_exit_setreuid(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SETREUID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_setuid is a struct null_event +SEC("tracepoint/syscalls/sys_enter_setuid") +int handle_sys_enter_setuid(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SETUID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_setuid is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_setuid") +int handle_sys_exit_setuid(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SETUID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_setresuid is a struct null_event +SEC("tracepoint/syscalls/sys_enter_setresuid") +int handle_sys_enter_setresuid(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SETRESUID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_setresuid is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_setresuid") +int handle_sys_exit_setresuid(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SETRESUID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_getresuid is a struct null_event +SEC("tracepoint/syscalls/sys_enter_getresuid") +int handle_sys_enter_getresuid(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_GETRESUID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_getresuid is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_getresuid") +int handle_sys_exit_getresuid(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_GETRESUID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_setresgid is a struct null_event +SEC("tracepoint/syscalls/sys_enter_setresgid") +int handle_sys_enter_setresgid(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SETRESGID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_setresgid is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_setresgid") +int handle_sys_exit_setresgid(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SETRESGID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_getresgid is a struct null_event +SEC("tracepoint/syscalls/sys_enter_getresgid") +int handle_sys_enter_getresgid(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_GETRESGID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_getresgid is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_getresgid") +int handle_sys_exit_getresgid(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_GETRESGID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_setfsuid is a struct null_event +SEC("tracepoint/syscalls/sys_enter_setfsuid") +int handle_sys_enter_setfsuid(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SETFSUID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_setfsuid is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_setfsuid") +int handle_sys_exit_setfsuid(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SETFSUID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_setfsgid is a struct null_event +SEC("tracepoint/syscalls/sys_enter_setfsgid") +int handle_sys_enter_setfsgid(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SETFSGID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_setfsgid is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_setfsgid") +int handle_sys_exit_setfsgid(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SETFSGID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_getpid is a struct null_event +SEC("tracepoint/syscalls/sys_enter_getpid") +int handle_sys_enter_getpid(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_GETPID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_getpid is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_getpid") +int handle_sys_exit_getpid(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_GETPID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_gettid is a struct null_event +SEC("tracepoint/syscalls/sys_enter_gettid") +int handle_sys_enter_gettid(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_GETTID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_gettid is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_gettid") +int handle_sys_exit_gettid(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_GETTID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_getppid is a struct null_event +SEC("tracepoint/syscalls/sys_enter_getppid") +int handle_sys_enter_getppid(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_GETPPID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_getppid is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_getppid") +int handle_sys_exit_getppid(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_GETPPID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_getuid is a struct null_event +SEC("tracepoint/syscalls/sys_enter_getuid") +int handle_sys_enter_getuid(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_GETUID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_getuid is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_getuid") +int handle_sys_exit_getuid(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_GETUID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_geteuid is a struct null_event +SEC("tracepoint/syscalls/sys_enter_geteuid") +int handle_sys_enter_geteuid(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_GETEUID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_geteuid is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_geteuid") +int handle_sys_exit_geteuid(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_GETEUID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_getgid is a struct null_event +SEC("tracepoint/syscalls/sys_enter_getgid") +int handle_sys_enter_getgid(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_GETGID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_getgid is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_getgid") +int handle_sys_exit_getgid(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_GETGID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_getegid is a struct null_event +SEC("tracepoint/syscalls/sys_enter_getegid") +int handle_sys_enter_getegid(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_GETEGID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_getegid is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_getegid") +int handle_sys_exit_getegid(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_GETEGID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_times is a struct null_event +SEC("tracepoint/syscalls/sys_enter_times") +int handle_sys_enter_times(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_TIMES; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_times is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_times") +int handle_sys_exit_times(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_TIMES; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_setpgid is a struct null_event +SEC("tracepoint/syscalls/sys_enter_setpgid") +int handle_sys_enter_setpgid(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SETPGID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_setpgid is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_setpgid") +int handle_sys_exit_setpgid(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SETPGID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_getpgid is a struct null_event +SEC("tracepoint/syscalls/sys_enter_getpgid") +int handle_sys_enter_getpgid(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_GETPGID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_getpgid is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_getpgid") +int handle_sys_exit_getpgid(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_GETPGID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_getpgrp is a struct null_event +SEC("tracepoint/syscalls/sys_enter_getpgrp") +int handle_sys_enter_getpgrp(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_GETPGRP; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_getpgrp is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_getpgrp") +int handle_sys_exit_getpgrp(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_GETPGRP; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_getsid is a struct null_event +SEC("tracepoint/syscalls/sys_enter_getsid") +int handle_sys_enter_getsid(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_GETSID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_getsid is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_getsid") +int handle_sys_exit_getsid(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_GETSID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_setsid is a struct null_event +SEC("tracepoint/syscalls/sys_enter_setsid") +int handle_sys_enter_setsid(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SETSID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_setsid is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_setsid") +int handle_sys_exit_setsid(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SETSID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_newuname is a struct null_event +SEC("tracepoint/syscalls/sys_enter_newuname") +int handle_sys_enter_newuname(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_NEWUNAME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_newuname is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_newuname") +int handle_sys_exit_newuname(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_NEWUNAME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_sethostname is a struct null_event +SEC("tracepoint/syscalls/sys_enter_sethostname") +int handle_sys_enter_sethostname(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SETHOSTNAME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_sethostname is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_sethostname") +int handle_sys_exit_sethostname(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SETHOSTNAME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_setdomainname is a struct null_event +SEC("tracepoint/syscalls/sys_enter_setdomainname") +int handle_sys_enter_setdomainname(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SETDOMAINNAME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_setdomainname is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_setdomainname") +int handle_sys_exit_setdomainname(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SETDOMAINNAME; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_getrlimit is a struct null_event +SEC("tracepoint/syscalls/sys_enter_getrlimit") +int handle_sys_enter_getrlimit(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_GETRLIMIT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_getrlimit is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_getrlimit") +int handle_sys_exit_getrlimit(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_GETRLIMIT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_prlimit64 is a struct null_event +SEC("tracepoint/syscalls/sys_enter_prlimit64") +int handle_sys_enter_prlimit64(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_PRLIMIT64; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_prlimit64 is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_prlimit64") +int handle_sys_exit_prlimit64(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_PRLIMIT64; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_setrlimit is a struct null_event +SEC("tracepoint/syscalls/sys_enter_setrlimit") +int handle_sys_enter_setrlimit(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SETRLIMIT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_setrlimit is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_setrlimit") +int handle_sys_exit_setrlimit(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SETRLIMIT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_getrusage is a struct null_event +SEC("tracepoint/syscalls/sys_enter_getrusage") +int handle_sys_enter_getrusage(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_GETRUSAGE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_getrusage is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_getrusage") +int handle_sys_exit_getrusage(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_GETRUSAGE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_umask is a struct null_event +SEC("tracepoint/syscalls/sys_enter_umask") +int handle_sys_enter_umask(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_UMASK; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_umask is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_umask") +int handle_sys_exit_umask(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_UMASK; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_prctl is a struct null_event +SEC("tracepoint/syscalls/sys_enter_prctl") +int handle_sys_enter_prctl(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_PRCTL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_prctl is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_prctl") +int handle_sys_exit_prctl(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_PRCTL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_getcpu is a struct null_event +SEC("tracepoint/syscalls/sys_enter_getcpu") +int handle_sys_enter_getcpu(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_GETCPU; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_getcpu is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_getcpu") +int handle_sys_exit_getcpu(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_GETCPU; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_sysinfo is a struct null_event +SEC("tracepoint/syscalls/sys_enter_sysinfo") +int handle_sys_enter_sysinfo(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SYSINFO; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_sysinfo is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_sysinfo") +int handle_sys_exit_sysinfo(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SYSINFO; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_restart_syscall is a struct null_event +SEC("tracepoint/syscalls/sys_enter_restart_syscall") +int handle_sys_enter_restart_syscall(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_RESTART_SYSCALL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_restart_syscall is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_restart_syscall") +int handle_sys_exit_restart_syscall(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_RESTART_SYSCALL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_rt_sigprocmask is a struct null_event +SEC("tracepoint/syscalls/sys_enter_rt_sigprocmask") +int handle_sys_enter_rt_sigprocmask(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_RT_SIGPROCMASK; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_rt_sigprocmask is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_rt_sigprocmask") +int handle_sys_exit_rt_sigprocmask(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_RT_SIGPROCMASK; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_rt_sigpending is a struct null_event +SEC("tracepoint/syscalls/sys_enter_rt_sigpending") +int handle_sys_enter_rt_sigpending(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_RT_SIGPENDING; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_rt_sigpending is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_rt_sigpending") +int handle_sys_exit_rt_sigpending(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_RT_SIGPENDING; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_rt_sigtimedwait is a struct null_event +SEC("tracepoint/syscalls/sys_enter_rt_sigtimedwait") +int handle_sys_enter_rt_sigtimedwait(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_RT_SIGTIMEDWAIT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_rt_sigtimedwait is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_rt_sigtimedwait") +int handle_sys_exit_rt_sigtimedwait(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_RT_SIGTIMEDWAIT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_kill is a struct null_event +SEC("tracepoint/syscalls/sys_enter_kill") +int handle_sys_enter_kill(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_KILL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_kill is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_kill") +int handle_sys_exit_kill(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_KILL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_pidfd_send_signal is a struct null_event +SEC("tracepoint/syscalls/sys_enter_pidfd_send_signal") +int handle_sys_enter_pidfd_send_signal(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_PIDFD_SEND_SIGNAL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_pidfd_send_signal is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_pidfd_send_signal") +int handle_sys_exit_pidfd_send_signal(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_PIDFD_SEND_SIGNAL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_tgkill is a struct null_event +SEC("tracepoint/syscalls/sys_enter_tgkill") +int handle_sys_enter_tgkill(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_TGKILL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_tgkill is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_tgkill") +int handle_sys_exit_tgkill(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_TGKILL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_tkill is a struct null_event +SEC("tracepoint/syscalls/sys_enter_tkill") +int handle_sys_enter_tkill(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_TKILL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_tkill is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_tkill") +int handle_sys_exit_tkill(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_TKILL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_rt_sigqueueinfo is a struct null_event +SEC("tracepoint/syscalls/sys_enter_rt_sigqueueinfo") +int handle_sys_enter_rt_sigqueueinfo(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_RT_SIGQUEUEINFO; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_rt_sigqueueinfo is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_rt_sigqueueinfo") +int handle_sys_exit_rt_sigqueueinfo(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_RT_SIGQUEUEINFO; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_rt_tgsigqueueinfo is a struct null_event +SEC("tracepoint/syscalls/sys_enter_rt_tgsigqueueinfo") +int handle_sys_enter_rt_tgsigqueueinfo(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_RT_TGSIGQUEUEINFO; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_rt_tgsigqueueinfo is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_rt_tgsigqueueinfo") +int handle_sys_exit_rt_tgsigqueueinfo(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_RT_TGSIGQUEUEINFO; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_sigaltstack is a struct null_event +SEC("tracepoint/syscalls/sys_enter_sigaltstack") +int handle_sys_enter_sigaltstack(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SIGALTSTACK; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_sigaltstack is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_sigaltstack") +int handle_sys_exit_sigaltstack(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SIGALTSTACK; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_rt_sigaction is a struct null_event +SEC("tracepoint/syscalls/sys_enter_rt_sigaction") +int handle_sys_enter_rt_sigaction(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_RT_SIGACTION; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_rt_sigaction is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_rt_sigaction") +int handle_sys_exit_rt_sigaction(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_RT_SIGACTION; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_pause is a struct null_event +SEC("tracepoint/syscalls/sys_enter_pause") +int handle_sys_enter_pause(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_PAUSE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_pause is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_pause") +int handle_sys_exit_pause(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_PAUSE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_rt_sigsuspend is a struct null_event +SEC("tracepoint/syscalls/sys_enter_rt_sigsuspend") +int handle_sys_enter_rt_sigsuspend(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_RT_SIGSUSPEND; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_rt_sigsuspend is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_rt_sigsuspend") +int handle_sys_exit_rt_sigsuspend(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_RT_SIGSUSPEND; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_ptrace is a struct null_event +SEC("tracepoint/syscalls/sys_enter_ptrace") +int handle_sys_enter_ptrace(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_PTRACE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_ptrace is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_ptrace") +int handle_sys_exit_ptrace(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_PTRACE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_capget is a struct null_event +SEC("tracepoint/syscalls/sys_enter_capget") +int handle_sys_enter_capget(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_CAPGET; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_capget is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_capget") +int handle_sys_exit_capget(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_CAPGET; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_capset is a struct null_event +SEC("tracepoint/syscalls/sys_enter_capset") +int handle_sys_enter_capset(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_CAPSET; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_capset is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_capset") +int handle_sys_exit_capset(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_CAPSET; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_exit is a struct null_event +SEC("tracepoint/syscalls/sys_enter_exit") +int handle_sys_enter_exit(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_EXIT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_exit is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_exit") +int handle_sys_exit_exit(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_EXIT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_exit_group is a struct null_event +SEC("tracepoint/syscalls/sys_enter_exit_group") +int handle_sys_enter_exit_group(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_EXIT_GROUP; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_exit_group is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_exit_group") +int handle_sys_exit_exit_group(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_EXIT_GROUP; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_waitid is a struct null_event +SEC("tracepoint/syscalls/sys_enter_waitid") +int handle_sys_enter_waitid(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_WAITID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_waitid is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_waitid") +int handle_sys_exit_waitid(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_WAITID; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_wait4 is a struct null_event +SEC("tracepoint/syscalls/sys_enter_wait4") +int handle_sys_enter_wait4(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_WAIT4; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_wait4 is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_wait4") +int handle_sys_exit_wait4(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_WAIT4; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_personality is a struct null_event +SEC("tracepoint/syscalls/sys_enter_personality") +int handle_sys_enter_personality(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_PERSONALITY; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_personality is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_personality") +int handle_sys_exit_personality(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_PERSONALITY; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_set_tid_address is a struct null_event +SEC("tracepoint/syscalls/sys_enter_set_tid_address") +int handle_sys_enter_set_tid_address(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_SET_TID_ADDRESS; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_set_tid_address is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_set_tid_address") +int handle_sys_exit_set_tid_address(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_SET_TID_ADDRESS; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_fork is a struct null_event +SEC("tracepoint/syscalls/sys_enter_fork") +int handle_sys_enter_fork(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_FORK; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_fork is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_fork") +int handle_sys_exit_fork(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_FORK; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_vfork is a struct null_event +SEC("tracepoint/syscalls/sys_enter_vfork") +int handle_sys_enter_vfork(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_VFORK; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_vfork is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_vfork") +int handle_sys_exit_vfork(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_VFORK; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_clone is a struct null_event +SEC("tracepoint/syscalls/sys_enter_clone") +int handle_sys_enter_clone(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_CLONE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_clone is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_clone") +int handle_sys_exit_clone(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_CLONE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_clone3 is a struct null_event +SEC("tracepoint/syscalls/sys_enter_clone3") +int handle_sys_enter_clone3(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_CLONE3; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_clone3 is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_clone3") +int handle_sys_exit_clone3(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_CLONE3; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_unshare is a struct null_event +SEC("tracepoint/syscalls/sys_enter_unshare") +int handle_sys_enter_unshare(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_UNSHARE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_unshare is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_unshare") +int handle_sys_exit_unshare(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_UNSHARE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_map_shadow_stack is a struct null_event +SEC("tracepoint/syscalls/sys_enter_map_shadow_stack") +int handle_sys_enter_map_shadow_stack(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MAP_SHADOW_STACK; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_map_shadow_stack is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_map_shadow_stack") +int handle_sys_exit_map_shadow_stack(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MAP_SHADOW_STACK; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_uretprobe is a struct null_event +SEC("tracepoint/syscalls/sys_enter_uretprobe") +int handle_sys_enter_uretprobe(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_URETPROBE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_uretprobe is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_uretprobe") +int handle_sys_exit_uretprobe(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_URETPROBE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_uprobe is a struct null_event +SEC("tracepoint/syscalls/sys_enter_uprobe") +int handle_sys_enter_uprobe(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_UPROBE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_uprobe is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_uprobe") +int handle_sys_exit_uprobe(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_UPROBE; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_arch_prctl is a struct null_event +SEC("tracepoint/syscalls/sys_enter_arch_prctl") +int handle_sys_enter_arch_prctl(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_ARCH_PRCTL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_arch_prctl is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_arch_prctl") +int handle_sys_exit_arch_prctl(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_ARCH_PRCTL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + /// sys_enter_mmap is a struct fd_event SEC("tracepoint/syscalls/sys_enter_mmap") int handle_sys_enter_mmap(struct syscall_trace_enter *ctx) { @@ -5817,3 +16918,179 @@ int handle_sys_exit_mmap(struct syscall_trace_exit *ctx) { return 0; } +/// sys_enter_modify_ldt is a struct null_event +SEC("tracepoint/syscalls/sys_enter_modify_ldt") +int handle_sys_enter_modify_ldt(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_MODIFY_LDT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_modify_ldt is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_modify_ldt") +int handle_sys_exit_modify_ldt(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_MODIFY_LDT; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_ioperm is a struct null_event +SEC("tracepoint/syscalls/sys_enter_ioperm") +int handle_sys_enter_ioperm(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_IOPERM; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_ioperm is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_ioperm") +int handle_sys_exit_ioperm(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_IOPERM; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_iopl is a struct null_event +SEC("tracepoint/syscalls/sys_enter_iopl") +int handle_sys_enter_iopl(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_IOPL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_iopl is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_iopl") +int handle_sys_exit_iopl(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_IOPL; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_enter_rt_sigreturn is a struct null_event +SEC("tracepoint/syscalls/sys_enter_rt_sigreturn") +int handle_sys_enter_rt_sigreturn(struct syscall_trace_enter *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + if (!ev) + return 0; + + ev->event_type = ENTER_NULL_EVENT; + ev->trace_id = SYS_ENTER_RT_SIGRETURN; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + + bpf_ringbuf_submit(ev, 0); + return 0; +} + +/// sys_exit_rt_sigreturn is a struct ret_event (UNCLASSIFIED) +SEC("tracepoint/syscalls/sys_exit_rt_sigreturn") +int handle_sys_exit_rt_sigreturn(struct syscall_trace_exit *ctx) { + __u32 pid, tid; + if (filter(&pid, &tid)) + return 0; + + struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0); + if (!ev) + return 0; + + ev->event_type = EXIT_RET_EVENT; + ev->trace_id = SYS_EXIT_RT_SIGRETURN; + ev->pid = pid; + ev->tid = tid; + ev->time = bpf_ktime_get_boot_ns(); + ev->ret = ctx->ret; + ev->ret_type = UNCLASSIFIED; + + bpf_ringbuf_submit(ev, 0); + return 0; +} + diff --git a/internal/c/generated_tracepoints_result.txt b/internal/c/generated_tracepoints_result.txt index 0d439b4..2cc1e52 100644 --- a/internal/c/generated_tracepoints_result.txt +++ b/internal/c/generated_tracepoints_result.txt @@ -1,270 +1,54 @@ -Ignoring sys_enter_accept sys_exit_accept as possibly not file I/O related -Ignoring sys_enter_accept4 sys_exit_accept4 as possibly not file I/O related -Ignoring sys_enter_acct sys_exit_acct as possibly not file I/O related -Ignoring sys_enter_add_key sys_exit_add_key as possibly not file I/O related -Ignoring sys_enter_adjtimex sys_exit_adjtimex as possibly not file I/O related -Ignoring sys_enter_alarm sys_exit_alarm as possibly not file I/O related -Ignoring sys_enter_arch_prctl sys_exit_arch_prctl as possibly not file I/O related -Ignoring sys_enter_bind sys_exit_bind as possibly not file I/O related -Ignoring sys_enter_bpf sys_exit_bpf as possibly not file I/O related -Ignoring sys_enter_brk sys_exit_brk as possibly not file I/O related -Ignoring sys_enter_capget sys_exit_capget as possibly not file I/O related -Ignoring sys_enter_capset sys_exit_capset as possibly not file I/O related -Ignoring sys_enter_clock_adjtime sys_exit_clock_adjtime as possibly not file I/O related -Ignoring sys_enter_clock_getres sys_exit_clock_getres as possibly not file I/O related -Ignoring sys_enter_clock_gettime sys_exit_clock_gettime as possibly not file I/O related -Ignoring sys_enter_clock_nanosleep sys_exit_clock_nanosleep as possibly not file I/O related -Ignoring sys_enter_clock_settime sys_exit_clock_settime as possibly not file I/O related -Ignoring sys_enter_clone sys_exit_clone as possibly not file I/O related -Ignoring sys_enter_clone3 sys_exit_clone3 as possibly not file I/O related -Ignoring sys_enter_connect sys_exit_connect as possibly not file I/O related -Ignoring sys_enter_delete_module sys_exit_delete_module as possibly not file I/O related -Ignoring sys_enter_epoll_create sys_exit_epoll_create as possibly not file I/O related -Ignoring sys_enter_epoll_create1 sys_exit_epoll_create1 as possibly not file I/O related -Ignoring sys_enter_epoll_ctl sys_exit_epoll_ctl as possibly not file I/O related -Ignoring sys_enter_epoll_pwait sys_exit_epoll_pwait as possibly not file I/O related -Ignoring sys_enter_epoll_pwait2 sys_exit_epoll_pwait2 as possibly not file I/O related -Ignoring sys_enter_epoll_wait sys_exit_epoll_wait as possibly not file I/O related -Ignoring sys_enter_eventfd sys_exit_eventfd as possibly not file I/O related -Ignoring sys_enter_eventfd2 sys_exit_eventfd2 as possibly not file I/O related -Ignoring sys_enter_execve sys_exit_execve as possibly not file I/O related -Ignoring sys_enter_execveat sys_exit_execveat as possibly not file I/O related -Ignoring sys_enter_exit sys_exit_exit as possibly not file I/O related -Ignoring sys_enter_exit_group sys_exit_exit_group as possibly not file I/O related -Ignoring sys_enter_fanotify_init sys_exit_fanotify_init as possibly not file I/O related -Ignoring sys_enter_fork sys_exit_fork as possibly not file I/O related -Ignoring sys_enter_fsmount sys_exit_fsmount as possibly not file I/O related -Ignoring sys_enter_fsopen sys_exit_fsopen as possibly not file I/O related -Ignoring sys_enter_futex sys_exit_futex as possibly not file I/O related -Ignoring sys_enter_futex_requeue sys_exit_futex_requeue as possibly not file I/O related -Ignoring sys_enter_futex_wait sys_exit_futex_wait as possibly not file I/O related -Ignoring sys_enter_futex_waitv sys_exit_futex_waitv as possibly not file I/O related -Ignoring sys_enter_futex_wake sys_exit_futex_wake as possibly not file I/O related -Ignoring sys_enter_get_mempolicy sys_exit_get_mempolicy as possibly not file I/O related -Ignoring sys_enter_get_robust_list sys_exit_get_robust_list as possibly not file I/O related -Ignoring sys_enter_getcpu sys_exit_getcpu as possibly not file I/O related -Ignoring sys_enter_getegid sys_exit_getegid as possibly not file I/O related -Ignoring sys_enter_geteuid sys_exit_geteuid as possibly not file I/O related -Ignoring sys_enter_getgid sys_exit_getgid as possibly not file I/O related -Ignoring sys_enter_getgroups sys_exit_getgroups as possibly not file I/O related -Ignoring sys_enter_getitimer sys_exit_getitimer as possibly not file I/O related -Ignoring sys_enter_getpeername sys_exit_getpeername as possibly not file I/O related -Ignoring sys_enter_getpgid sys_exit_getpgid as possibly not file I/O related -Ignoring sys_enter_getpgrp sys_exit_getpgrp as possibly not file I/O related -Ignoring sys_enter_getpid sys_exit_getpid as possibly not file I/O related -Ignoring sys_enter_getppid sys_exit_getppid as possibly not file I/O related -Ignoring sys_enter_getpriority sys_exit_getpriority as possibly not file I/O related -Ignoring sys_enter_getrandom sys_exit_getrandom as possibly not file I/O related -Ignoring sys_enter_getresgid sys_exit_getresgid as possibly not file I/O related -Ignoring sys_enter_getresuid sys_exit_getresuid as possibly not file I/O related -Ignoring sys_enter_getrlimit sys_exit_getrlimit as possibly not file I/O related -Ignoring sys_enter_getrusage sys_exit_getrusage as possibly not file I/O related -Ignoring sys_enter_getsid sys_exit_getsid as possibly not file I/O related -Ignoring sys_enter_getsockname sys_exit_getsockname as possibly not file I/O related -Ignoring sys_enter_getsockopt sys_exit_getsockopt as possibly not file I/O related -Ignoring sys_enter_gettid sys_exit_gettid as possibly not file I/O related -Ignoring sys_enter_gettimeofday sys_exit_gettimeofday as possibly not file I/O related -Ignoring sys_enter_getuid sys_exit_getuid as possibly not file I/O related -Ignoring sys_enter_init_module sys_exit_init_module as possibly not file I/O related -Ignoring sys_enter_inotify_add_watch sys_exit_inotify_add_watch as possibly not file I/O related -Ignoring sys_enter_inotify_init sys_exit_inotify_init as possibly not file I/O related -Ignoring sys_enter_inotify_init1 sys_exit_inotify_init1 as possibly not file I/O related -Ignoring sys_enter_inotify_rm_watch sys_exit_inotify_rm_watch as possibly not file I/O related -Ignoring sys_enter_ioperm sys_exit_ioperm as possibly not file I/O related -Ignoring sys_enter_iopl sys_exit_iopl as possibly not file I/O related -Ignoring sys_enter_ioprio_get sys_exit_ioprio_get as possibly not file I/O related -Ignoring sys_enter_ioprio_set sys_exit_ioprio_set as possibly not file I/O related -Ignoring sys_enter_kcmp sys_exit_kcmp as possibly not file I/O related -Ignoring sys_enter_kexec_file_load sys_exit_kexec_file_load as possibly not file I/O related -Ignoring sys_enter_kexec_load sys_exit_kexec_load as possibly not file I/O related -Ignoring sys_enter_keyctl sys_exit_keyctl as possibly not file I/O related -Ignoring sys_enter_kill sys_exit_kill as possibly not file I/O related -Ignoring sys_enter_landlock_add_rule sys_exit_landlock_add_rule as possibly not file I/O related -Ignoring sys_enter_landlock_create_ruleset sys_exit_landlock_create_ruleset as possibly not file I/O related -Ignoring sys_enter_landlock_restrict_self sys_exit_landlock_restrict_self as possibly not file I/O related -Ignoring sys_enter_listen sys_exit_listen as possibly not file I/O related -Ignoring sys_enter_listmount sys_exit_listmount as possibly not file I/O related -Ignoring sys_enter_listns sys_exit_listns as possibly not file I/O related -Ignoring sys_enter_lsm_get_self_attr sys_exit_lsm_get_self_attr as possibly not file I/O related -Ignoring sys_enter_lsm_list_modules sys_exit_lsm_list_modules as possibly not file I/O related -Ignoring sys_enter_lsm_set_self_attr sys_exit_lsm_set_self_attr as possibly not file I/O related -Ignoring sys_enter_madvise sys_exit_madvise as possibly not file I/O related -Ignoring sys_enter_map_shadow_stack sys_exit_map_shadow_stack as possibly not file I/O related -Ignoring sys_enter_mbind sys_exit_mbind as possibly not file I/O related -Ignoring sys_enter_membarrier sys_exit_membarrier as possibly not file I/O related -Ignoring sys_enter_memfd_create sys_exit_memfd_create as possibly not file I/O related -Ignoring sys_enter_memfd_secret sys_exit_memfd_secret as possibly not file I/O related -Ignoring sys_enter_migrate_pages sys_exit_migrate_pages as possibly not file I/O related -Ignoring sys_enter_mincore sys_exit_mincore as possibly not file I/O related -Ignoring sys_enter_mknod sys_exit_mknod as possibly not file I/O related -Ignoring sys_enter_mknodat sys_exit_mknodat as possibly not file I/O related -Ignoring sys_enter_mlock sys_exit_mlock as possibly not file I/O related -Ignoring sys_enter_mlock2 sys_exit_mlock2 as possibly not file I/O related -Ignoring sys_enter_mlockall sys_exit_mlockall as possibly not file I/O related -Ignoring sys_enter_modify_ldt sys_exit_modify_ldt as possibly not file I/O related -Ignoring sys_enter_mount sys_exit_mount as possibly not file I/O related -Ignoring sys_enter_move_mount sys_exit_move_mount as possibly not file I/O related -Ignoring sys_enter_move_pages sys_exit_move_pages as possibly not file I/O related -Ignoring sys_enter_mprotect sys_exit_mprotect as possibly not file I/O related -Ignoring sys_enter_mq_getsetattr sys_exit_mq_getsetattr as possibly not file I/O related -Ignoring sys_enter_mq_notify sys_exit_mq_notify as possibly not file I/O related -Ignoring sys_enter_mq_open sys_exit_mq_open as possibly not file I/O related -Ignoring sys_enter_mq_timedreceive sys_exit_mq_timedreceive as possibly not file I/O related -Ignoring sys_enter_mq_timedsend sys_exit_mq_timedsend as possibly not file I/O related -Ignoring sys_enter_mq_unlink sys_exit_mq_unlink as possibly not file I/O related -Ignoring sys_enter_mremap sys_exit_mremap as possibly not file I/O related -Ignoring sys_enter_mseal sys_exit_mseal as possibly not file I/O related -Ignoring sys_enter_msgctl sys_exit_msgctl as possibly not file I/O related -Ignoring sys_enter_msgget sys_exit_msgget as possibly not file I/O related -Ignoring sys_enter_msgrcv sys_exit_msgrcv as possibly not file I/O related -Ignoring sys_enter_msgsnd sys_exit_msgsnd as possibly not file I/O related -Ignoring sys_enter_munlock sys_exit_munlock as possibly not file I/O related -Ignoring sys_enter_munlockall sys_exit_munlockall as possibly not file I/O related -Ignoring sys_enter_munmap sys_exit_munmap as possibly not file I/O related -Ignoring sys_enter_nanosleep sys_exit_nanosleep as possibly not file I/O related -Ignoring sys_enter_newuname sys_exit_newuname as possibly not file I/O related -Ignoring sys_enter_pause sys_exit_pause as possibly not file I/O related -Ignoring sys_enter_perf_event_open sys_exit_perf_event_open as possibly not file I/O related -Ignoring sys_enter_personality sys_exit_personality as possibly not file I/O related -Ignoring sys_enter_pidfd_open sys_exit_pidfd_open as possibly not file I/O related -Ignoring sys_enter_pidfd_send_signal sys_exit_pidfd_send_signal as possibly not file I/O related -Ignoring sys_enter_pipe sys_exit_pipe as possibly not file I/O related -Ignoring sys_enter_pipe2 sys_exit_pipe2 as possibly not file I/O related -Ignoring sys_enter_pivot_root sys_exit_pivot_root as possibly not file I/O related -Ignoring sys_enter_pkey_alloc sys_exit_pkey_alloc as possibly not file I/O related -Ignoring sys_enter_pkey_free sys_exit_pkey_free as possibly not file I/O related -Ignoring sys_enter_pkey_mprotect sys_exit_pkey_mprotect as possibly not file I/O related -Ignoring sys_enter_poll sys_exit_poll as possibly not file I/O related -Ignoring sys_enter_ppoll sys_exit_ppoll as possibly not file I/O related -Ignoring sys_enter_prctl sys_exit_prctl as possibly not file I/O related -Ignoring sys_enter_prlimit64 sys_exit_prlimit64 as possibly not file I/O related -Ignoring sys_enter_process_madvise sys_exit_process_madvise as possibly not file I/O related -Ignoring sys_enter_process_mrelease sys_exit_process_mrelease as possibly not file I/O related -Ignoring sys_enter_process_vm_readv sys_exit_process_vm_readv as possibly not file I/O related -Ignoring sys_enter_process_vm_writev sys_exit_process_vm_writev as possibly not file I/O related -Ignoring sys_enter_pselect6 sys_exit_pselect6 as possibly not file I/O related -Ignoring sys_enter_ptrace sys_exit_ptrace as possibly not file I/O related -Ignoring sys_enter_quotactl sys_exit_quotactl as possibly not file I/O related -Ignoring sys_enter_reboot sys_exit_reboot as possibly not file I/O related -Ignoring sys_enter_recvfrom sys_exit_recvfrom as possibly not file I/O related -Ignoring sys_enter_recvmmsg sys_exit_recvmmsg as possibly not file I/O related -Ignoring sys_enter_recvmsg sys_exit_recvmsg as possibly not file I/O related -Ignoring sys_enter_remap_file_pages sys_exit_remap_file_pages as possibly not file I/O related -Ignoring sys_enter_request_key sys_exit_request_key as possibly not file I/O related -Ignoring sys_enter_restart_syscall sys_exit_restart_syscall as possibly not file I/O related -Ignoring sys_enter_rseq sys_exit_rseq as possibly not file I/O related -Ignoring sys_enter_rt_sigaction sys_exit_rt_sigaction as possibly not file I/O related -Ignoring sys_enter_rt_sigpending sys_exit_rt_sigpending as possibly not file I/O related -Ignoring sys_enter_rt_sigprocmask sys_exit_rt_sigprocmask as possibly not file I/O related -Ignoring sys_enter_rt_sigqueueinfo sys_exit_rt_sigqueueinfo as possibly not file I/O related -Ignoring sys_enter_rt_sigreturn sys_exit_rt_sigreturn as possibly not file I/O related -Ignoring sys_enter_rt_sigsuspend sys_exit_rt_sigsuspend as possibly not file I/O related -Ignoring sys_enter_rt_sigtimedwait sys_exit_rt_sigtimedwait as possibly not file I/O related -Ignoring sys_enter_rt_tgsigqueueinfo sys_exit_rt_tgsigqueueinfo as possibly not file I/O related -Ignoring sys_enter_sched_get_priority_max sys_exit_sched_get_priority_max as possibly not file I/O related -Ignoring sys_enter_sched_get_priority_min sys_exit_sched_get_priority_min as possibly not file I/O related -Ignoring sys_enter_sched_getaffinity sys_exit_sched_getaffinity as possibly not file I/O related -Ignoring sys_enter_sched_getattr sys_exit_sched_getattr as possibly not file I/O related -Ignoring sys_enter_sched_getparam sys_exit_sched_getparam as possibly not file I/O related -Ignoring sys_enter_sched_getscheduler sys_exit_sched_getscheduler as possibly not file I/O related -Ignoring sys_enter_sched_rr_get_interval sys_exit_sched_rr_get_interval as possibly not file I/O related -Ignoring sys_enter_sched_setaffinity sys_exit_sched_setaffinity as possibly not file I/O related -Ignoring sys_enter_sched_setattr sys_exit_sched_setattr as possibly not file I/O related -Ignoring sys_enter_sched_setparam sys_exit_sched_setparam as possibly not file I/O related -Ignoring sys_enter_sched_setscheduler sys_exit_sched_setscheduler as possibly not file I/O related -Ignoring sys_enter_sched_yield sys_exit_sched_yield as possibly not file I/O related -Ignoring sys_enter_seccomp sys_exit_seccomp as possibly not file I/O related -Ignoring sys_enter_select sys_exit_select as possibly not file I/O related -Ignoring sys_enter_semctl sys_exit_semctl as possibly not file I/O related -Ignoring sys_enter_semget sys_exit_semget as possibly not file I/O related -Ignoring sys_enter_semop sys_exit_semop as possibly not file I/O related -Ignoring sys_enter_semtimedop sys_exit_semtimedop as possibly not file I/O related -Ignoring sys_enter_sendfile64 sys_exit_sendfile64 as possibly not file I/O related -Ignoring sys_enter_sendmmsg sys_exit_sendmmsg as possibly not file I/O related -Ignoring sys_enter_sendmsg sys_exit_sendmsg as possibly not file I/O related -Ignoring sys_enter_sendto sys_exit_sendto as possibly not file I/O related -Ignoring sys_enter_set_mempolicy sys_exit_set_mempolicy as possibly not file I/O related -Ignoring sys_enter_set_mempolicy_home_node sys_exit_set_mempolicy_home_node as possibly not file I/O related -Ignoring sys_enter_set_robust_list sys_exit_set_robust_list as possibly not file I/O related -Ignoring sys_enter_set_tid_address sys_exit_set_tid_address as possibly not file I/O related -Ignoring sys_enter_setdomainname sys_exit_setdomainname as possibly not file I/O related -Ignoring sys_enter_setfsgid sys_exit_setfsgid as possibly not file I/O related -Ignoring sys_enter_setfsuid sys_exit_setfsuid as possibly not file I/O related -Ignoring sys_enter_setgid sys_exit_setgid as possibly not file I/O related -Ignoring sys_enter_setgroups sys_exit_setgroups as possibly not file I/O related -Ignoring sys_enter_sethostname sys_exit_sethostname as possibly not file I/O related -Ignoring sys_enter_setitimer sys_exit_setitimer as possibly not file I/O related -Ignoring sys_enter_setns sys_exit_setns as possibly not file I/O related -Ignoring sys_enter_setpgid sys_exit_setpgid as possibly not file I/O related -Ignoring sys_enter_setpriority sys_exit_setpriority as possibly not file I/O related -Ignoring sys_enter_setregid sys_exit_setregid as possibly not file I/O related -Ignoring sys_enter_setresgid sys_exit_setresgid as possibly not file I/O related -Ignoring sys_enter_setresuid sys_exit_setresuid as possibly not file I/O related -Ignoring sys_enter_setreuid sys_exit_setreuid as possibly not file I/O related -Ignoring sys_enter_setrlimit sys_exit_setrlimit as possibly not file I/O related -Ignoring sys_enter_setsid sys_exit_setsid as possibly not file I/O related -Ignoring sys_enter_setsockopt sys_exit_setsockopt as possibly not file I/O related -Ignoring sys_enter_settimeofday sys_exit_settimeofday as possibly not file I/O related -Ignoring sys_enter_setuid sys_exit_setuid as possibly not file I/O related -Ignoring sys_enter_shmat sys_exit_shmat as possibly not file I/O related -Ignoring sys_enter_shmctl sys_exit_shmctl as possibly not file I/O related -Ignoring sys_enter_shmdt sys_exit_shmdt as possibly not file I/O related -Ignoring sys_enter_shmget sys_exit_shmget as possibly not file I/O related -Ignoring sys_enter_shutdown sys_exit_shutdown as possibly not file I/O related -Ignoring sys_enter_sigaltstack sys_exit_sigaltstack as possibly not file I/O related -Ignoring sys_enter_signalfd sys_exit_signalfd as possibly not file I/O related -Ignoring sys_enter_signalfd4 sys_exit_signalfd4 as possibly not file I/O related -Ignoring sys_enter_socket sys_exit_socket as possibly not file I/O related -Ignoring sys_enter_socketpair sys_exit_socketpair as possibly not file I/O related -Ignoring sys_enter_splice sys_exit_splice as possibly not file I/O related -Ignoring sys_enter_statmount sys_exit_statmount as possibly not file I/O related -Ignoring sys_enter_swapoff sys_exit_swapoff as possibly not file I/O related -Ignoring sys_enter_swapon sys_exit_swapon as possibly not file I/O related -Ignoring sys_enter_sysfs sys_exit_sysfs as possibly not file I/O related -Ignoring sys_enter_sysinfo sys_exit_sysinfo as possibly not file I/O related -Ignoring sys_enter_tee sys_exit_tee as possibly not file I/O related -Ignoring sys_enter_tgkill sys_exit_tgkill as possibly not file I/O related -Ignoring sys_enter_time sys_exit_time as possibly not file I/O related -Ignoring sys_enter_timer_create sys_exit_timer_create as possibly not file I/O related -Ignoring sys_enter_timer_delete sys_exit_timer_delete as possibly not file I/O related -Ignoring sys_enter_timer_getoverrun sys_exit_timer_getoverrun as possibly not file I/O related -Ignoring sys_enter_timer_gettime sys_exit_timer_gettime as possibly not file I/O related -Ignoring sys_enter_timer_settime sys_exit_timer_settime as possibly not file I/O related -Ignoring sys_enter_timerfd_create sys_exit_timerfd_create as possibly not file I/O related -Ignoring sys_enter_timerfd_gettime sys_exit_timerfd_gettime as possibly not file I/O related -Ignoring sys_enter_timerfd_settime sys_exit_timerfd_settime as possibly not file I/O related -Ignoring sys_enter_times sys_exit_times as possibly not file I/O related -Ignoring sys_enter_tkill sys_exit_tkill as possibly not file I/O related -Ignoring sys_enter_umask sys_exit_umask as possibly not file I/O related -Ignoring sys_enter_umount sys_exit_umount as possibly not file I/O related -Ignoring sys_enter_unshare sys_exit_unshare as possibly not file I/O related -Ignoring sys_enter_uprobe sys_exit_uprobe as possibly not file I/O related -Ignoring sys_enter_uretprobe sys_exit_uretprobe as possibly not file I/O related -Ignoring sys_enter_userfaultfd sys_exit_userfaultfd as possibly not file I/O related -Ignoring sys_enter_ustat sys_exit_ustat as possibly not file I/O related -Ignoring sys_enter_utime sys_exit_utime as possibly not file I/O related -Ignoring sys_enter_utimes sys_exit_utimes as possibly not file I/O related -Ignoring sys_enter_vfork sys_exit_vfork as possibly not file I/O related -Ignoring sys_enter_vhangup sys_exit_vhangup as possibly not file I/O related -Ignoring sys_enter_wait4 sys_exit_wait4 as possibly not file I/O related -Ignoring sys_enter_waitid sys_exit_waitid as possibly not file I/O related +sys_enter_accept is a struct fd_event +sys_enter_accept4 is a struct fd_event sys_enter_access is a struct path_event +sys_enter_acct is a struct null_event +sys_enter_add_key is a struct null_event +sys_enter_adjtimex is a struct null_event +sys_enter_alarm is a struct null_event +sys_enter_arch_prctl is a struct null_event +sys_enter_bind is a struct fd_event +sys_enter_bpf is a struct null_event +sys_enter_brk is a struct null_event sys_enter_cachestat is a struct fd_event +sys_enter_capget is a struct null_event +sys_enter_capset is a struct null_event sys_enter_chdir is a struct path_event sys_enter_chmod is a struct path_event sys_enter_chown is a struct path_event sys_enter_chroot is a struct path_event +sys_enter_clock_adjtime is a struct null_event +sys_enter_clock_getres is a struct null_event +sys_enter_clock_gettime is a struct null_event +sys_enter_clock_nanosleep is a struct null_event +sys_enter_clock_settime is a struct null_event +sys_enter_clone is a struct null_event +sys_enter_clone3 is a struct null_event sys_enter_close is a struct fd_event sys_enter_close_range is a struct fd_event +sys_enter_connect is a struct fd_event sys_enter_copy_file_range is a struct fd_event sys_enter_creat is a struct path_event +sys_enter_delete_module is a struct null_event sys_enter_dup is a struct fd_event sys_enter_dup2 is a struct fd_event sys_enter_dup3 is a struct dup3_event +sys_enter_epoll_create is a struct null_event +sys_enter_epoll_create1 is a struct null_event +sys_enter_epoll_ctl is a struct fd_event +sys_enter_epoll_pwait is a struct null_event +sys_enter_epoll_pwait2 is a struct null_event +sys_enter_epoll_wait is a struct null_event +sys_enter_eventfd is a struct null_event +sys_enter_eventfd2 is a struct null_event +sys_enter_execve is a struct path_event +sys_enter_execveat is a struct fd_event +sys_enter_exit is a struct null_event +sys_enter_exit_group is a struct null_event sys_enter_faccessat is a struct path_event sys_enter_faccessat2 is a struct path_event sys_enter_fadvise64 is a struct fd_event sys_enter_fallocate is a struct fd_event +sys_enter_fanotify_init is a struct null_event sys_enter_fanotify_mark is a struct path_event sys_enter_fchdir is a struct fd_event sys_enter_fchmod is a struct fd_event @@ -280,19 +64,57 @@ sys_enter_file_setattr is a struct path_event sys_enter_finit_module is a struct fd_event sys_enter_flistxattr is a struct fd_event sys_enter_flock is a struct fd_event +sys_enter_fork is a struct null_event sys_enter_fremovexattr is a struct fd_event sys_enter_fsconfig is a struct fd_event sys_enter_fsetxattr is a struct fd_event +sys_enter_fsmount is a struct null_event +sys_enter_fsopen is a struct null_event sys_enter_fspick is a struct path_event sys_enter_fstatfs is a struct fd_event sys_enter_fsync is a struct fd_event sys_enter_ftruncate is a struct fd_event +sys_enter_futex is a struct null_event +sys_enter_futex_requeue is a struct null_event +sys_enter_futex_wait is a struct null_event +sys_enter_futex_waitv is a struct null_event +sys_enter_futex_wake is a struct null_event sys_enter_futimesat is a struct path_event +sys_enter_get_mempolicy is a struct null_event +sys_enter_get_robust_list is a struct null_event +sys_enter_getcpu is a struct null_event sys_enter_getcwd is a struct null_event sys_enter_getdents is a struct fd_event sys_enter_getdents64 is a struct fd_event +sys_enter_getegid is a struct null_event +sys_enter_geteuid is a struct null_event +sys_enter_getgid is a struct null_event +sys_enter_getgroups is a struct null_event +sys_enter_getitimer is a struct null_event +sys_enter_getpeername is a struct fd_event +sys_enter_getpgid is a struct null_event +sys_enter_getpgrp is a struct null_event +sys_enter_getpid is a struct null_event +sys_enter_getppid is a struct null_event +sys_enter_getpriority is a struct null_event +sys_enter_getrandom is a struct null_event +sys_enter_getresgid is a struct null_event +sys_enter_getresuid is a struct null_event +sys_enter_getrlimit is a struct null_event +sys_enter_getrusage is a struct null_event +sys_enter_getsid is a struct null_event +sys_enter_getsockname is a struct fd_event +sys_enter_getsockopt is a struct fd_event +sys_enter_gettid is a struct null_event +sys_enter_gettimeofday is a struct null_event +sys_enter_getuid is a struct null_event sys_enter_getxattr is a struct path_event sys_enter_getxattrat is a struct path_event +sys_enter_init_module is a struct null_event +sys_enter_inotify_add_watch is a struct fd_event +sys_enter_inotify_init is a struct null_event +sys_enter_inotify_init1 is a struct null_event +sys_enter_inotify_rm_watch is a struct fd_event sys_enter_io_cancel is a struct null_event sys_enter_io_destroy is a struct null_event sys_enter_io_getevents is a struct null_event @@ -303,85 +125,297 @@ sys_enter_io_uring_enter is a struct fd_event sys_enter_io_uring_register is a struct fd_event sys_enter_io_uring_setup is a struct null_event sys_enter_ioctl is a struct fd_event +sys_enter_ioperm is a struct null_event +sys_enter_iopl is a struct null_event +sys_enter_ioprio_get is a struct null_event +sys_enter_ioprio_set is a struct null_event +sys_enter_kcmp is a struct null_event +sys_enter_kexec_file_load is a struct null_event +sys_enter_kexec_load is a struct null_event +sys_enter_keyctl is a struct null_event +sys_enter_kill is a struct null_event +sys_enter_landlock_add_rule is a struct null_event +sys_enter_landlock_create_ruleset is a struct null_event +sys_enter_landlock_restrict_self is a struct null_event sys_enter_lchown is a struct path_event sys_enter_lgetxattr is a struct path_event sys_enter_link is a struct name_event sys_enter_linkat is a struct name_event +sys_enter_listen is a struct fd_event +sys_enter_listmount is a struct null_event +sys_enter_listns is a struct null_event sys_enter_listxattr is a struct path_event sys_enter_listxattrat is a struct path_event sys_enter_llistxattr is a struct path_event sys_enter_lremovexattr is a struct path_event sys_enter_lseek is a struct fd_event sys_enter_lsetxattr is a struct path_event +sys_enter_lsm_get_self_attr is a struct null_event +sys_enter_lsm_list_modules is a struct null_event +sys_enter_lsm_set_self_attr is a struct null_event +sys_enter_madvise is a struct null_event +sys_enter_map_shadow_stack is a struct null_event +sys_enter_mbind is a struct null_event +sys_enter_membarrier is a struct null_event +sys_enter_memfd_create is a struct null_event +sys_enter_memfd_secret is a struct null_event +sys_enter_migrate_pages is a struct null_event +sys_enter_mincore is a struct null_event sys_enter_mkdir is a struct path_event sys_enter_mkdirat is a struct path_event +sys_enter_mknod is a struct path_event +sys_enter_mknodat is a struct path_event +sys_enter_mlock is a struct null_event +sys_enter_mlock2 is a struct null_event +sys_enter_mlockall is a struct null_event sys_enter_mmap is a struct fd_event +sys_enter_modify_ldt is a struct null_event +sys_enter_mount is a struct null_event sys_enter_mount_setattr is a struct path_event +sys_enter_move_mount is a struct null_event +sys_enter_move_pages is a struct null_event +sys_enter_mprotect is a struct null_event +sys_enter_mq_getsetattr is a struct null_event +sys_enter_mq_notify is a struct null_event +sys_enter_mq_open is a struct null_event +sys_enter_mq_timedreceive is a struct null_event +sys_enter_mq_timedsend is a struct null_event +sys_enter_mq_unlink is a struct null_event +sys_enter_mremap is a struct null_event +sys_enter_mseal is a struct null_event +sys_enter_msgctl is a struct null_event +sys_enter_msgget is a struct null_event +sys_enter_msgrcv is a struct null_event +sys_enter_msgsnd is a struct null_event sys_enter_msync is a struct null_event +sys_enter_munlock is a struct null_event +sys_enter_munlockall is a struct null_event +sys_enter_munmap is a struct null_event sys_enter_name_to_handle_at is a struct path_event +sys_enter_nanosleep is a struct null_event sys_enter_newfstat is a struct fd_event sys_enter_newfstatat is a struct path_event sys_enter_newlstat is a struct path_event sys_enter_newstat is a struct path_event +sys_enter_newuname is a struct null_event sys_enter_open is a struct open_event sys_enter_open_by_handle_at is a struct open_by_handle_at_event sys_enter_open_tree is a struct open_event sys_enter_open_tree_attr is a struct open_event sys_enter_openat is a struct open_event sys_enter_openat2 is a struct open_event +sys_enter_pause is a struct null_event +sys_enter_perf_event_open is a struct null_event +sys_enter_personality is a struct null_event sys_enter_pidfd_getfd is a struct fd_event +sys_enter_pidfd_open is a struct null_event +sys_enter_pidfd_send_signal is a struct null_event +sys_enter_pipe is a struct null_event +sys_enter_pipe2 is a struct null_event +sys_enter_pivot_root is a struct null_event +sys_enter_pkey_alloc is a struct null_event +sys_enter_pkey_free is a struct null_event +sys_enter_pkey_mprotect is a struct null_event +sys_enter_poll is a struct null_event +sys_enter_ppoll is a struct null_event +sys_enter_prctl is a struct null_event sys_enter_pread64 is a struct fd_event sys_enter_preadv is a struct fd_event sys_enter_preadv2 is a struct fd_event +sys_enter_prlimit64 is a struct null_event +sys_enter_process_madvise is a struct null_event +sys_enter_process_mrelease is a struct null_event +sys_enter_process_vm_readv is a struct null_event +sys_enter_process_vm_writev is a struct null_event +sys_enter_pselect6 is a struct null_event +sys_enter_ptrace is a struct null_event sys_enter_pwrite64 is a struct fd_event sys_enter_pwritev is a struct fd_event sys_enter_pwritev2 is a struct fd_event +sys_enter_quotactl is a struct null_event sys_enter_quotactl_fd is a struct fd_event sys_enter_read is a struct fd_event sys_enter_readahead is a struct fd_event sys_enter_readlink is a struct path_event sys_enter_readlinkat is a struct path_event sys_enter_readv is a struct fd_event +sys_enter_reboot is a struct null_event +sys_enter_recvfrom is a struct fd_event +sys_enter_recvmmsg is a struct fd_event +sys_enter_recvmsg is a struct fd_event +sys_enter_remap_file_pages is a struct null_event sys_enter_removexattr is a struct path_event sys_enter_removexattrat is a struct path_event sys_enter_rename is a struct name_event sys_enter_renameat is a struct name_event sys_enter_renameat2 is a struct name_event +sys_enter_request_key is a struct null_event +sys_enter_restart_syscall is a struct null_event sys_enter_rmdir is a struct path_event +sys_enter_rseq is a struct null_event +sys_enter_rt_sigaction is a struct null_event +sys_enter_rt_sigpending is a struct null_event +sys_enter_rt_sigprocmask is a struct null_event +sys_enter_rt_sigqueueinfo is a struct null_event +sys_enter_rt_sigreturn is a struct null_event +sys_enter_rt_sigsuspend is a struct null_event +sys_enter_rt_sigtimedwait is a struct null_event +sys_enter_rt_tgsigqueueinfo is a struct null_event +sys_enter_sched_get_priority_max is a struct null_event +sys_enter_sched_get_priority_min is a struct null_event +sys_enter_sched_getaffinity is a struct null_event +sys_enter_sched_getattr is a struct null_event +sys_enter_sched_getparam is a struct null_event +sys_enter_sched_getscheduler is a struct null_event +sys_enter_sched_rr_get_interval is a struct null_event +sys_enter_sched_setaffinity is a struct null_event +sys_enter_sched_setattr is a struct null_event +sys_enter_sched_setparam is a struct null_event +sys_enter_sched_setscheduler is a struct null_event +sys_enter_sched_yield is a struct null_event +sys_enter_seccomp is a struct null_event +sys_enter_select is a struct null_event +sys_enter_semctl is a struct null_event +sys_enter_semget is a struct null_event +sys_enter_semop is a struct null_event +sys_enter_semtimedop is a struct null_event +sys_enter_sendfile64 is a struct null_event +sys_enter_sendmmsg is a struct fd_event +sys_enter_sendmsg is a struct fd_event +sys_enter_sendto is a struct fd_event +sys_enter_set_mempolicy is a struct null_event +sys_enter_set_mempolicy_home_node is a struct null_event +sys_enter_set_robust_list is a struct null_event +sys_enter_set_tid_address is a struct null_event +sys_enter_setdomainname is a struct null_event +sys_enter_setfsgid is a struct null_event +sys_enter_setfsuid is a struct null_event +sys_enter_setgid is a struct null_event +sys_enter_setgroups is a struct null_event +sys_enter_sethostname is a struct null_event +sys_enter_setitimer is a struct null_event +sys_enter_setns is a struct fd_event +sys_enter_setpgid is a struct null_event +sys_enter_setpriority is a struct null_event +sys_enter_setregid is a struct null_event +sys_enter_setresgid is a struct null_event +sys_enter_setresuid is a struct null_event +sys_enter_setreuid is a struct null_event +sys_enter_setrlimit is a struct null_event +sys_enter_setsid is a struct null_event +sys_enter_setsockopt is a struct fd_event +sys_enter_settimeofday is a struct null_event +sys_enter_setuid is a struct null_event sys_enter_setxattr is a struct path_event sys_enter_setxattrat is a struct path_event +sys_enter_shmat is a struct null_event +sys_enter_shmctl is a struct null_event +sys_enter_shmdt is a struct null_event +sys_enter_shmget is a struct null_event +sys_enter_shutdown is a struct fd_event +sys_enter_sigaltstack is a struct null_event +sys_enter_signalfd is a struct null_event +sys_enter_signalfd4 is a struct null_event +sys_enter_socket is a struct null_event +sys_enter_socketpair is a struct null_event +sys_enter_splice is a struct null_event sys_enter_statfs is a struct path_event +sys_enter_statmount is a struct null_event sys_enter_statx is a struct path_event +sys_enter_swapoff is a struct null_event +sys_enter_swapon is a struct null_event sys_enter_symlink is a struct name_event sys_enter_symlinkat is a struct name_event sys_enter_sync is a struct null_event sys_enter_sync_file_range is a struct fd_event sys_enter_syncfs is a struct fd_event +sys_enter_sysfs is a struct null_event +sys_enter_sysinfo is a struct null_event sys_enter_syslog is a struct null_event +sys_enter_tee is a struct null_event +sys_enter_tgkill is a struct null_event +sys_enter_time is a struct null_event +sys_enter_timer_create is a struct null_event +sys_enter_timer_delete is a struct null_event +sys_enter_timer_getoverrun is a struct null_event +sys_enter_timer_gettime is a struct null_event +sys_enter_timer_settime is a struct null_event +sys_enter_timerfd_create is a struct null_event +sys_enter_timerfd_gettime is a struct null_event +sys_enter_timerfd_settime is a struct null_event +sys_enter_times is a struct null_event +sys_enter_tkill is a struct null_event sys_enter_truncate is a struct path_event +sys_enter_umask is a struct null_event +sys_enter_umount is a struct null_event sys_enter_unlink is a struct path_event sys_enter_unlinkat is a struct path_event +sys_enter_unshare is a struct null_event +sys_enter_uprobe is a struct null_event +sys_enter_uretprobe is a struct null_event +sys_enter_userfaultfd is a struct null_event +sys_enter_ustat is a struct null_event +sys_enter_utime is a struct null_event sys_enter_utimensat is a struct path_event +sys_enter_utimes is a struct null_event +sys_enter_vfork is a struct null_event +sys_enter_vhangup is a struct null_event sys_enter_vmsplice is a struct fd_event +sys_enter_wait4 is a struct null_event +sys_enter_waitid is a struct null_event sys_enter_write is a struct fd_event sys_enter_writev is a struct fd_event +sys_exit_accept is a struct ret_event (UNCLASSIFIED) +sys_exit_accept4 is a struct ret_event (UNCLASSIFIED) sys_exit_access is a struct ret_event (UNCLASSIFIED) +sys_exit_acct is a struct ret_event (UNCLASSIFIED) +sys_exit_add_key is a struct ret_event (UNCLASSIFIED) +sys_exit_adjtimex is a struct ret_event (UNCLASSIFIED) +sys_exit_alarm is a struct ret_event (UNCLASSIFIED) +sys_exit_arch_prctl is a struct ret_event (UNCLASSIFIED) +sys_exit_bind is a struct ret_event (UNCLASSIFIED) +sys_exit_bpf is a struct ret_event (UNCLASSIFIED) +sys_exit_brk is a struct ret_event (UNCLASSIFIED) sys_exit_cachestat is a struct ret_event (UNCLASSIFIED) +sys_exit_capget is a struct ret_event (UNCLASSIFIED) +sys_exit_capset is a struct ret_event (UNCLASSIFIED) sys_exit_chdir is a struct ret_event (UNCLASSIFIED) sys_exit_chmod is a struct ret_event (UNCLASSIFIED) sys_exit_chown is a struct ret_event (UNCLASSIFIED) sys_exit_chroot is a struct ret_event (UNCLASSIFIED) +sys_exit_clock_adjtime is a struct ret_event (UNCLASSIFIED) +sys_exit_clock_getres is a struct ret_event (UNCLASSIFIED) +sys_exit_clock_gettime is a struct ret_event (UNCLASSIFIED) +sys_exit_clock_nanosleep is a struct ret_event (UNCLASSIFIED) +sys_exit_clock_settime is a struct ret_event (UNCLASSIFIED) +sys_exit_clone is a struct ret_event (UNCLASSIFIED) +sys_exit_clone3 is a struct ret_event (UNCLASSIFIED) sys_exit_close is a struct ret_event (UNCLASSIFIED) sys_exit_close_range is a struct ret_event (UNCLASSIFIED) +sys_exit_connect is a struct ret_event (UNCLASSIFIED) sys_exit_copy_file_range is a struct ret_event (TRANSFER_CLASSIFIED) sys_exit_creat is a struct ret_event (UNCLASSIFIED) +sys_exit_delete_module is a struct ret_event (UNCLASSIFIED) sys_exit_dup is a struct ret_event (UNCLASSIFIED) sys_exit_dup2 is a struct ret_event (UNCLASSIFIED) sys_exit_dup3 is a struct ret_event (UNCLASSIFIED) +sys_exit_epoll_create is a struct ret_event (UNCLASSIFIED) +sys_exit_epoll_create1 is a struct ret_event (UNCLASSIFIED) +sys_exit_epoll_ctl is a struct ret_event (UNCLASSIFIED) +sys_exit_epoll_pwait is a struct ret_event (UNCLASSIFIED) +sys_exit_epoll_pwait2 is a struct ret_event (UNCLASSIFIED) +sys_exit_epoll_wait is a struct ret_event (UNCLASSIFIED) +sys_exit_eventfd is a struct ret_event (UNCLASSIFIED) +sys_exit_eventfd2 is a struct ret_event (UNCLASSIFIED) +sys_exit_execve is a struct ret_event (UNCLASSIFIED) +sys_exit_execveat is a struct ret_event (UNCLASSIFIED) +sys_exit_exit is a struct ret_event (UNCLASSIFIED) +sys_exit_exit_group is a struct ret_event (UNCLASSIFIED) sys_exit_faccessat is a struct ret_event (UNCLASSIFIED) sys_exit_faccessat2 is a struct ret_event (UNCLASSIFIED) sys_exit_fadvise64 is a struct ret_event (UNCLASSIFIED) sys_exit_fallocate is a struct ret_event (UNCLASSIFIED) +sys_exit_fanotify_init is a struct ret_event (UNCLASSIFIED) sys_exit_fanotify_mark is a struct ret_event (UNCLASSIFIED) sys_exit_fchdir is a struct ret_event (UNCLASSIFIED) sys_exit_fchmod is a struct ret_event (UNCLASSIFIED) @@ -397,19 +431,57 @@ sys_exit_file_setattr is a struct ret_event (UNCLASSIFIED) sys_exit_finit_module is a struct ret_event (UNCLASSIFIED) sys_exit_flistxattr is a struct ret_event (READ_CLASSIFIED) sys_exit_flock is a struct ret_event (UNCLASSIFIED) +sys_exit_fork is a struct ret_event (UNCLASSIFIED) sys_exit_fremovexattr is a struct ret_event (UNCLASSIFIED) sys_exit_fsconfig is a struct ret_event (UNCLASSIFIED) sys_exit_fsetxattr is a struct ret_event (UNCLASSIFIED) +sys_exit_fsmount is a struct ret_event (UNCLASSIFIED) +sys_exit_fsopen is a struct ret_event (UNCLASSIFIED) sys_exit_fspick is a struct ret_event (UNCLASSIFIED) sys_exit_fstatfs is a struct ret_event (UNCLASSIFIED) sys_exit_fsync is a struct ret_event (UNCLASSIFIED) sys_exit_ftruncate is a struct ret_event (UNCLASSIFIED) +sys_exit_futex is a struct ret_event (UNCLASSIFIED) +sys_exit_futex_requeue is a struct ret_event (UNCLASSIFIED) +sys_exit_futex_wait is a struct ret_event (UNCLASSIFIED) +sys_exit_futex_waitv is a struct ret_event (UNCLASSIFIED) +sys_exit_futex_wake is a struct ret_event (UNCLASSIFIED) sys_exit_futimesat is a struct ret_event (UNCLASSIFIED) +sys_exit_get_mempolicy is a struct ret_event (UNCLASSIFIED) +sys_exit_get_robust_list is a struct ret_event (UNCLASSIFIED) +sys_exit_getcpu is a struct ret_event (UNCLASSIFIED) sys_exit_getcwd is a struct ret_event (UNCLASSIFIED) sys_exit_getdents is a struct ret_event (READ_CLASSIFIED) sys_exit_getdents64 is a struct ret_event (READ_CLASSIFIED) +sys_exit_getegid is a struct ret_event (UNCLASSIFIED) +sys_exit_geteuid is a struct ret_event (UNCLASSIFIED) +sys_exit_getgid is a struct ret_event (UNCLASSIFIED) +sys_exit_getgroups is a struct ret_event (UNCLASSIFIED) +sys_exit_getitimer is a struct ret_event (UNCLASSIFIED) +sys_exit_getpeername is a struct ret_event (UNCLASSIFIED) +sys_exit_getpgid is a struct ret_event (UNCLASSIFIED) +sys_exit_getpgrp is a struct ret_event (UNCLASSIFIED) +sys_exit_getpid is a struct ret_event (UNCLASSIFIED) +sys_exit_getppid is a struct ret_event (UNCLASSIFIED) +sys_exit_getpriority is a struct ret_event (UNCLASSIFIED) +sys_exit_getrandom is a struct ret_event (UNCLASSIFIED) +sys_exit_getresgid is a struct ret_event (UNCLASSIFIED) +sys_exit_getresuid is a struct ret_event (UNCLASSIFIED) +sys_exit_getrlimit is a struct ret_event (UNCLASSIFIED) +sys_exit_getrusage is a struct ret_event (UNCLASSIFIED) +sys_exit_getsid is a struct ret_event (UNCLASSIFIED) +sys_exit_getsockname is a struct ret_event (UNCLASSIFIED) +sys_exit_getsockopt is a struct ret_event (UNCLASSIFIED) +sys_exit_gettid is a struct ret_event (UNCLASSIFIED) +sys_exit_gettimeofday is a struct ret_event (UNCLASSIFIED) +sys_exit_getuid is a struct ret_event (UNCLASSIFIED) sys_exit_getxattr is a struct ret_event (READ_CLASSIFIED) sys_exit_getxattrat is a struct ret_event (UNCLASSIFIED) +sys_exit_init_module is a struct ret_event (UNCLASSIFIED) +sys_exit_inotify_add_watch is a struct ret_event (UNCLASSIFIED) +sys_exit_inotify_init is a struct ret_event (UNCLASSIFIED) +sys_exit_inotify_init1 is a struct ret_event (UNCLASSIFIED) +sys_exit_inotify_rm_watch is a struct ret_event (UNCLASSIFIED) sys_exit_io_cancel is a struct ret_event (UNCLASSIFIED) sys_exit_io_destroy is a struct ret_event (UNCLASSIFIED) sys_exit_io_getevents is a struct ret_event (UNCLASSIFIED) @@ -420,65 +492,243 @@ sys_exit_io_uring_enter is a struct ret_event (UNCLASSIFIED) sys_exit_io_uring_register is a struct ret_event (UNCLASSIFIED) sys_exit_io_uring_setup is a struct ret_event (UNCLASSIFIED) sys_exit_ioctl is a struct ret_event (UNCLASSIFIED) +sys_exit_ioperm is a struct ret_event (UNCLASSIFIED) +sys_exit_iopl is a struct ret_event (UNCLASSIFIED) +sys_exit_ioprio_get is a struct ret_event (UNCLASSIFIED) +sys_exit_ioprio_set is a struct ret_event (UNCLASSIFIED) +sys_exit_kcmp is a struct ret_event (UNCLASSIFIED) +sys_exit_kexec_file_load is a struct ret_event (UNCLASSIFIED) +sys_exit_kexec_load is a struct ret_event (UNCLASSIFIED) +sys_exit_keyctl is a struct ret_event (UNCLASSIFIED) +sys_exit_kill is a struct ret_event (UNCLASSIFIED) +sys_exit_landlock_add_rule is a struct ret_event (UNCLASSIFIED) +sys_exit_landlock_create_ruleset is a struct ret_event (UNCLASSIFIED) +sys_exit_landlock_restrict_self is a struct ret_event (UNCLASSIFIED) sys_exit_lchown is a struct ret_event (UNCLASSIFIED) sys_exit_lgetxattr is a struct ret_event (READ_CLASSIFIED) sys_exit_link is a struct ret_event (UNCLASSIFIED) sys_exit_linkat is a struct ret_event (UNCLASSIFIED) +sys_exit_listen is a struct ret_event (UNCLASSIFIED) +sys_exit_listmount is a struct ret_event (UNCLASSIFIED) +sys_exit_listns is a struct ret_event (UNCLASSIFIED) sys_exit_listxattr is a struct ret_event (READ_CLASSIFIED) sys_exit_listxattrat is a struct ret_event (UNCLASSIFIED) sys_exit_llistxattr is a struct ret_event (READ_CLASSIFIED) sys_exit_lremovexattr is a struct ret_event (UNCLASSIFIED) sys_exit_lseek is a struct ret_event (UNCLASSIFIED) sys_exit_lsetxattr is a struct ret_event (UNCLASSIFIED) +sys_exit_lsm_get_self_attr is a struct ret_event (UNCLASSIFIED) +sys_exit_lsm_list_modules is a struct ret_event (UNCLASSIFIED) +sys_exit_lsm_set_self_attr is a struct ret_event (UNCLASSIFIED) +sys_exit_madvise is a struct ret_event (UNCLASSIFIED) +sys_exit_map_shadow_stack is a struct ret_event (UNCLASSIFIED) +sys_exit_mbind is a struct ret_event (UNCLASSIFIED) +sys_exit_membarrier is a struct ret_event (UNCLASSIFIED) +sys_exit_memfd_create is a struct ret_event (UNCLASSIFIED) +sys_exit_memfd_secret is a struct ret_event (UNCLASSIFIED) +sys_exit_migrate_pages is a struct ret_event (UNCLASSIFIED) +sys_exit_mincore is a struct ret_event (UNCLASSIFIED) sys_exit_mkdir is a struct ret_event (UNCLASSIFIED) sys_exit_mkdirat is a struct ret_event (UNCLASSIFIED) +sys_exit_mknod is a struct ret_event (UNCLASSIFIED) +sys_exit_mknodat is a struct ret_event (UNCLASSIFIED) +sys_exit_mlock is a struct ret_event (UNCLASSIFIED) +sys_exit_mlock2 is a struct ret_event (UNCLASSIFIED) +sys_exit_mlockall is a struct ret_event (UNCLASSIFIED) sys_exit_mmap is a struct ret_event (UNCLASSIFIED) +sys_exit_modify_ldt is a struct ret_event (UNCLASSIFIED) +sys_exit_mount is a struct ret_event (UNCLASSIFIED) sys_exit_mount_setattr is a struct ret_event (UNCLASSIFIED) +sys_exit_move_mount is a struct ret_event (UNCLASSIFIED) +sys_exit_move_pages is a struct ret_event (UNCLASSIFIED) +sys_exit_mprotect is a struct ret_event (UNCLASSIFIED) +sys_exit_mq_getsetattr is a struct ret_event (UNCLASSIFIED) +sys_exit_mq_notify is a struct ret_event (UNCLASSIFIED) +sys_exit_mq_open is a struct ret_event (UNCLASSIFIED) +sys_exit_mq_timedreceive is a struct ret_event (UNCLASSIFIED) +sys_exit_mq_timedsend is a struct ret_event (UNCLASSIFIED) +sys_exit_mq_unlink is a struct ret_event (UNCLASSIFIED) +sys_exit_mremap is a struct ret_event (UNCLASSIFIED) +sys_exit_mseal is a struct ret_event (UNCLASSIFIED) +sys_exit_msgctl is a struct ret_event (UNCLASSIFIED) +sys_exit_msgget is a struct ret_event (UNCLASSIFIED) +sys_exit_msgrcv is a struct ret_event (UNCLASSIFIED) +sys_exit_msgsnd is a struct ret_event (UNCLASSIFIED) sys_exit_msync is a struct ret_event (UNCLASSIFIED) +sys_exit_munlock is a struct ret_event (UNCLASSIFIED) +sys_exit_munlockall is a struct ret_event (UNCLASSIFIED) +sys_exit_munmap is a struct ret_event (UNCLASSIFIED) sys_exit_name_to_handle_at is a struct ret_event (UNCLASSIFIED) +sys_exit_nanosleep is a struct ret_event (UNCLASSIFIED) sys_exit_newfstat is a struct ret_event (UNCLASSIFIED) sys_exit_newfstatat is a struct ret_event (UNCLASSIFIED) sys_exit_newlstat is a struct ret_event (UNCLASSIFIED) sys_exit_newstat is a struct ret_event (UNCLASSIFIED) +sys_exit_newuname is a struct ret_event (UNCLASSIFIED) sys_exit_open is a struct ret_event (UNCLASSIFIED) sys_exit_open_by_handle_at is a struct ret_event (UNCLASSIFIED) sys_exit_open_tree is a struct ret_event (UNCLASSIFIED) sys_exit_open_tree_attr is a struct ret_event (UNCLASSIFIED) sys_exit_openat is a struct ret_event (UNCLASSIFIED) sys_exit_openat2 is a struct ret_event (UNCLASSIFIED) +sys_exit_pause is a struct ret_event (UNCLASSIFIED) +sys_exit_perf_event_open is a struct ret_event (UNCLASSIFIED) +sys_exit_personality is a struct ret_event (UNCLASSIFIED) sys_exit_pidfd_getfd is a struct ret_event (UNCLASSIFIED) +sys_exit_pidfd_open is a struct ret_event (UNCLASSIFIED) +sys_exit_pidfd_send_signal is a struct ret_event (UNCLASSIFIED) +sys_exit_pipe is a struct ret_event (UNCLASSIFIED) +sys_exit_pipe2 is a struct ret_event (UNCLASSIFIED) +sys_exit_pivot_root is a struct ret_event (UNCLASSIFIED) +sys_exit_pkey_alloc is a struct ret_event (UNCLASSIFIED) +sys_exit_pkey_free is a struct ret_event (UNCLASSIFIED) +sys_exit_pkey_mprotect is a struct ret_event (UNCLASSIFIED) +sys_exit_poll is a struct ret_event (UNCLASSIFIED) +sys_exit_ppoll is a struct ret_event (UNCLASSIFIED) +sys_exit_prctl is a struct ret_event (UNCLASSIFIED) sys_exit_pread64 is a struct ret_event (READ_CLASSIFIED) sys_exit_preadv is a struct ret_event (READ_CLASSIFIED) sys_exit_preadv2 is a struct ret_event (READ_CLASSIFIED) +sys_exit_prlimit64 is a struct ret_event (UNCLASSIFIED) +sys_exit_process_madvise is a struct ret_event (UNCLASSIFIED) +sys_exit_process_mrelease is a struct ret_event (UNCLASSIFIED) +sys_exit_process_vm_readv is a struct ret_event (READ_CLASSIFIED) +sys_exit_process_vm_writev is a struct ret_event (WRITE_CLASSIFIED) +sys_exit_pselect6 is a struct ret_event (UNCLASSIFIED) +sys_exit_ptrace is a struct ret_event (UNCLASSIFIED) sys_exit_pwrite64 is a struct ret_event (WRITE_CLASSIFIED) sys_exit_pwritev is a struct ret_event (WRITE_CLASSIFIED) sys_exit_pwritev2 is a struct ret_event (WRITE_CLASSIFIED) +sys_exit_quotactl is a struct ret_event (UNCLASSIFIED) sys_exit_quotactl_fd is a struct ret_event (UNCLASSIFIED) sys_exit_read is a struct ret_event (READ_CLASSIFIED) sys_exit_readahead is a struct ret_event (UNCLASSIFIED) sys_exit_readlink is a struct ret_event (READ_CLASSIFIED) sys_exit_readlinkat is a struct ret_event (READ_CLASSIFIED) sys_exit_readv is a struct ret_event (READ_CLASSIFIED) +sys_exit_reboot is a struct ret_event (UNCLASSIFIED) +sys_exit_recvfrom is a struct ret_event (READ_CLASSIFIED) +sys_exit_recvmmsg is a struct ret_event (READ_CLASSIFIED) +sys_exit_recvmsg is a struct ret_event (READ_CLASSIFIED) +sys_exit_remap_file_pages is a struct ret_event (UNCLASSIFIED) sys_exit_removexattr is a struct ret_event (UNCLASSIFIED) sys_exit_removexattrat is a struct ret_event (UNCLASSIFIED) sys_exit_rename is a struct ret_event (UNCLASSIFIED) sys_exit_renameat is a struct ret_event (UNCLASSIFIED) sys_exit_renameat2 is a struct ret_event (UNCLASSIFIED) +sys_exit_request_key is a struct ret_event (UNCLASSIFIED) +sys_exit_restart_syscall is a struct ret_event (UNCLASSIFIED) sys_exit_rmdir is a struct ret_event (UNCLASSIFIED) +sys_exit_rseq is a struct ret_event (UNCLASSIFIED) +sys_exit_rt_sigaction is a struct ret_event (UNCLASSIFIED) +sys_exit_rt_sigpending is a struct ret_event (UNCLASSIFIED) +sys_exit_rt_sigprocmask is a struct ret_event (UNCLASSIFIED) +sys_exit_rt_sigqueueinfo is a struct ret_event (UNCLASSIFIED) +sys_exit_rt_sigreturn is a struct ret_event (UNCLASSIFIED) +sys_exit_rt_sigsuspend is a struct ret_event (UNCLASSIFIED) +sys_exit_rt_sigtimedwait is a struct ret_event (UNCLASSIFIED) +sys_exit_rt_tgsigqueueinfo is a struct ret_event (UNCLASSIFIED) +sys_exit_sched_get_priority_max is a struct ret_event (UNCLASSIFIED) +sys_exit_sched_get_priority_min is a struct ret_event (UNCLASSIFIED) +sys_exit_sched_getaffinity is a struct ret_event (UNCLASSIFIED) +sys_exit_sched_getattr is a struct ret_event (UNCLASSIFIED) +sys_exit_sched_getparam is a struct ret_event (UNCLASSIFIED) +sys_exit_sched_getscheduler is a struct ret_event (UNCLASSIFIED) +sys_exit_sched_rr_get_interval is a struct ret_event (UNCLASSIFIED) +sys_exit_sched_setaffinity is a struct ret_event (UNCLASSIFIED) +sys_exit_sched_setattr is a struct ret_event (UNCLASSIFIED) +sys_exit_sched_setparam is a struct ret_event (UNCLASSIFIED) +sys_exit_sched_setscheduler is a struct ret_event (UNCLASSIFIED) +sys_exit_sched_yield is a struct ret_event (UNCLASSIFIED) +sys_exit_seccomp is a struct ret_event (UNCLASSIFIED) +sys_exit_select is a struct ret_event (UNCLASSIFIED) +sys_exit_semctl is a struct ret_event (UNCLASSIFIED) +sys_exit_semget is a struct ret_event (UNCLASSIFIED) +sys_exit_semop is a struct ret_event (UNCLASSIFIED) +sys_exit_semtimedop is a struct ret_event (UNCLASSIFIED) +sys_exit_sendfile64 is a struct ret_event (TRANSFER_CLASSIFIED) +sys_exit_sendmmsg is a struct ret_event (WRITE_CLASSIFIED) +sys_exit_sendmsg is a struct ret_event (WRITE_CLASSIFIED) +sys_exit_sendto is a struct ret_event (WRITE_CLASSIFIED) +sys_exit_set_mempolicy is a struct ret_event (UNCLASSIFIED) +sys_exit_set_mempolicy_home_node is a struct ret_event (UNCLASSIFIED) +sys_exit_set_robust_list is a struct ret_event (UNCLASSIFIED) +sys_exit_set_tid_address is a struct ret_event (UNCLASSIFIED) +sys_exit_setdomainname is a struct ret_event (UNCLASSIFIED) +sys_exit_setfsgid is a struct ret_event (UNCLASSIFIED) +sys_exit_setfsuid is a struct ret_event (UNCLASSIFIED) +sys_exit_setgid is a struct ret_event (UNCLASSIFIED) +sys_exit_setgroups is a struct ret_event (UNCLASSIFIED) +sys_exit_sethostname is a struct ret_event (UNCLASSIFIED) +sys_exit_setitimer is a struct ret_event (UNCLASSIFIED) +sys_exit_setns is a struct ret_event (UNCLASSIFIED) +sys_exit_setpgid is a struct ret_event (UNCLASSIFIED) +sys_exit_setpriority is a struct ret_event (UNCLASSIFIED) +sys_exit_setregid is a struct ret_event (UNCLASSIFIED) +sys_exit_setresgid is a struct ret_event (UNCLASSIFIED) +sys_exit_setresuid is a struct ret_event (UNCLASSIFIED) +sys_exit_setreuid is a struct ret_event (UNCLASSIFIED) +sys_exit_setrlimit is a struct ret_event (UNCLASSIFIED) +sys_exit_setsid is a struct ret_event (UNCLASSIFIED) +sys_exit_setsockopt is a struct ret_event (UNCLASSIFIED) +sys_exit_settimeofday is a struct ret_event (UNCLASSIFIED) +sys_exit_setuid is a struct ret_event (UNCLASSIFIED) sys_exit_setxattr is a struct ret_event (UNCLASSIFIED) sys_exit_setxattrat is a struct ret_event (UNCLASSIFIED) +sys_exit_shmat is a struct ret_event (UNCLASSIFIED) +sys_exit_shmctl is a struct ret_event (UNCLASSIFIED) +sys_exit_shmdt is a struct ret_event (UNCLASSIFIED) +sys_exit_shmget is a struct ret_event (UNCLASSIFIED) +sys_exit_shutdown is a struct ret_event (UNCLASSIFIED) +sys_exit_sigaltstack is a struct ret_event (UNCLASSIFIED) +sys_exit_signalfd is a struct ret_event (UNCLASSIFIED) +sys_exit_signalfd4 is a struct ret_event (UNCLASSIFIED) +sys_exit_socket is a struct ret_event (UNCLASSIFIED) +sys_exit_socketpair is a struct ret_event (UNCLASSIFIED) +sys_exit_splice is a struct ret_event (TRANSFER_CLASSIFIED) sys_exit_statfs is a struct ret_event (UNCLASSIFIED) +sys_exit_statmount is a struct ret_event (UNCLASSIFIED) sys_exit_statx is a struct ret_event (UNCLASSIFIED) +sys_exit_swapoff is a struct ret_event (UNCLASSIFIED) +sys_exit_swapon is a struct ret_event (UNCLASSIFIED) sys_exit_symlink is a struct ret_event (UNCLASSIFIED) sys_exit_symlinkat is a struct ret_event (UNCLASSIFIED) sys_exit_sync is a struct ret_event (UNCLASSIFIED) sys_exit_sync_file_range is a struct ret_event (UNCLASSIFIED) sys_exit_syncfs is a struct ret_event (UNCLASSIFIED) +sys_exit_sysfs is a struct ret_event (UNCLASSIFIED) +sys_exit_sysinfo is a struct ret_event (UNCLASSIFIED) sys_exit_syslog is a struct ret_event (READ_CLASSIFIED) +sys_exit_tee is a struct ret_event (TRANSFER_CLASSIFIED) +sys_exit_tgkill is a struct ret_event (UNCLASSIFIED) +sys_exit_time is a struct ret_event (UNCLASSIFIED) +sys_exit_timer_create is a struct ret_event (UNCLASSIFIED) +sys_exit_timer_delete is a struct ret_event (UNCLASSIFIED) +sys_exit_timer_getoverrun is a struct ret_event (UNCLASSIFIED) +sys_exit_timer_gettime is a struct ret_event (UNCLASSIFIED) +sys_exit_timer_settime is a struct ret_event (UNCLASSIFIED) +sys_exit_timerfd_create is a struct ret_event (UNCLASSIFIED) +sys_exit_timerfd_gettime is a struct ret_event (UNCLASSIFIED) +sys_exit_timerfd_settime is a struct ret_event (UNCLASSIFIED) +sys_exit_times is a struct ret_event (UNCLASSIFIED) +sys_exit_tkill is a struct ret_event (UNCLASSIFIED) sys_exit_truncate is a struct ret_event (UNCLASSIFIED) +sys_exit_umask is a struct ret_event (UNCLASSIFIED) +sys_exit_umount is a struct ret_event (UNCLASSIFIED) sys_exit_unlink is a struct ret_event (UNCLASSIFIED) sys_exit_unlinkat is a struct ret_event (UNCLASSIFIED) +sys_exit_unshare is a struct ret_event (UNCLASSIFIED) +sys_exit_uprobe is a struct ret_event (UNCLASSIFIED) +sys_exit_uretprobe is a struct ret_event (UNCLASSIFIED) +sys_exit_userfaultfd is a struct ret_event (UNCLASSIFIED) +sys_exit_ustat is a struct ret_event (UNCLASSIFIED) +sys_exit_utime is a struct ret_event (UNCLASSIFIED) sys_exit_utimensat is a struct ret_event (UNCLASSIFIED) +sys_exit_utimes is a struct ret_event (UNCLASSIFIED) +sys_exit_vfork is a struct ret_event (UNCLASSIFIED) +sys_exit_vhangup is a struct ret_event (UNCLASSIFIED) sys_exit_vmsplice is a struct ret_event (TRANSFER_CLASSIFIED) +sys_exit_wait4 is a struct ret_event (UNCLASSIFIED) +sys_exit_waitid is a struct ret_event (UNCLASSIFIED) sys_exit_write is a struct ret_event (WRITE_CLASSIFIED) sys_exit_writev is a struct ret_event (WRITE_CLASSIFIED) diff --git a/internal/generate/classify.go b/internal/generate/classify.go index f3b9a44..b96ee0d 100644 --- a/internal/generate/classify.go +++ b/internal/generate/classify.go @@ -40,10 +40,6 @@ func ClassifyFormat(f *Format) ClassificationResult { return ClassificationResult{Kind: KindNone} } - if shouldIgnore(f.Name) { - return ClassificationResult{Kind: KindNone} - } - if r, ok := classifyNameOnly(f.Name); ok { return r } @@ -63,40 +59,6 @@ func ClassifyFormat(f *Format) ClassificationResult { return ClassificationResult{Kind: KindNone} } -func shouldIgnore(name string) bool { - prefixIgnores := []string{ - "sys_enter_mknod", - "sys_enter_execve", - "sys_enter_accept", - "sys_enter_listen", - "sys_enter_epoll", - } - for _, p := range prefixIgnores { - if strings.HasPrefix(name, p) { - return true - } - } - - if strings.HasPrefix(name, "sys_enter_") { - containsIgnores := []string{"recv", "send", "sock", "inotify"} - for _, sub := range containsIgnores { - if strings.Contains(name, sub) { - return true - } - } - } - - exactIgnores := map[string]bool{ - "sys_enter_bind": true, - "sys_enter_setns": true, - "sys_enter_shutdown": true, - "sys_enter_connect": true, - "sys_enter_fanotify_init": true, - "sys_enter_getpeername": true, - } - return exactIgnores[name] -} - // classifyNameOnly handles tracepoints classified by name alone, // independent of any field. func classifyNameOnly(name string) (ClassificationResult, bool) { diff --git a/internal/generate/classify_test.go b/internal/generate/classify_test.go index 301d4bc..f02f7de 100644 --- a/internal/generate/classify_test.go +++ b/internal/generate/classify_test.go @@ -223,77 +223,38 @@ func TestClassifyRetExitSymlink(t *testing.T) { } } -// --- Ignore tests --- - -func TestIgnoreMknod(t *testing.T) { +func TestClassifyPathnameMknod(t *testing.T) { r := classifyFromData(t, FormatMknod) - if r.Kind != KindNone { - t.Errorf("mknod: got kind %d, want KindNone (ignored)", r.Kind) + if r.Kind != KindPathname { + t.Errorf("mknod: got kind %d, want KindPathname", r.Kind) } } -func TestIgnoreExecve(t *testing.T) { +func TestClassifyPathnameExecve(t *testing.T) { r := classifyFromData(t, FormatExecve) - if r.Kind != KindNone { - t.Errorf("execve: got kind %d, want KindNone (ignored)", r.Kind) + if r.Kind != KindPathname { + t.Errorf("execve: got kind %d, want KindPathname", r.Kind) } } -func TestIgnoreAccept(t *testing.T) { +func TestClassifyFdAccept(t *testing.T) { r := classifyFromData(t, FormatAccept) - if r.Kind != KindNone { - t.Errorf("accept: got kind %d, want KindNone (ignored)", r.Kind) + if r.Kind != KindFd { + t.Errorf("accept: got kind %d, want KindFd", r.Kind) } } -func TestIgnoreSocket(t *testing.T) { +func TestClassifySocketRequiresGenerationFallback(t *testing.T) { r := classifyFromData(t, FormatSocket) if r.Kind != KindNone { - t.Errorf("socket: got kind %d, want KindNone (ignored)", r.Kind) + t.Errorf("socket: got kind %d, want KindNone before generation fallback", r.Kind) } } -func TestIgnoreKill(t *testing.T) { +func TestClassifyKillRequiresGenerationFallback(t *testing.T) { r := classifyFromData(t, FormatKill) if r.Kind != KindNone { - t.Errorf("kill: got kind %d, want KindNone (no matching type)", r.Kind) - } -} - -func TestShouldIgnorePatterns(t *testing.T) { - ignoreNames := []string{ - "sys_enter_mknod", "sys_enter_mknodat", - "sys_enter_execve", "sys_enter_execveat", - "sys_enter_accept", "sys_enter_accept4", - "sys_enter_listen", - "sys_enter_epoll_ctl", "sys_enter_epoll_pwait", - "sys_enter_recvfrom", "sys_enter_recvmsg", "sys_enter_recvmmsg", - "sys_enter_sendto", "sys_enter_sendmsg", "sys_enter_sendmmsg", - "sys_enter_socket", "sys_enter_socketpair", "sys_enter_getsockname", - "sys_enter_inotify_init", "sys_enter_inotify_add_watch", - "sys_enter_bind", "sys_enter_setns", "sys_enter_shutdown", - "sys_enter_connect", "sys_enter_fanotify_init", "sys_enter_getpeername", - } - for _, name := range ignoreNames { - if !shouldIgnore(name) { - t.Errorf("shouldIgnore(%q) = false, want true", name) - } - } -} - -func TestShouldNotIgnore(t *testing.T) { - noIgnore := []string{ - "sys_enter_read", "sys_enter_write", "sys_enter_openat", - "sys_enter_close", "sys_enter_rename", "sys_enter_unlink", - "sys_enter_copy_file_range", - "sys_enter_msync", - "sys_enter_pidfd_getfd", - "sys_exit_read", "sys_exit_openat", - } - for _, name := range noIgnore { - if shouldIgnore(name) { - t.Errorf("shouldIgnore(%q) = true, want false", name) - } + t.Errorf("kill: got kind %d, want KindNone before generation fallback", r.Kind) } } @@ -324,6 +285,11 @@ func TestClassifySyscallPairAccepted(t *testing.T) { {"io_uring_register", FormatIoUringRegister, FormatExitIoUringRegister, KindFd}, {"pread64", FormatPread64, FormatExitPread64, KindFd}, {"symlink", FormatSymlink, FormatExitSymlink, KindName}, + {"mknod", FormatMknod, FormatExitMknod, KindPathname}, + {"execve", FormatExecve, FormatExitExecve, KindPathname}, + {"accept", FormatAccept, FormatExitAccept, KindFd}, + {"socket", FormatSocket, FormatExitSocket, KindNull}, + {"kill", FormatKill, FormatExitKill, KindNull}, } for _, tt := range tests { @@ -337,25 +303,36 @@ func TestClassifySyscallPairAccepted(t *testing.T) { } } -func TestClassifySyscallPairIgnored(t *testing.T) { +func TestClassifySyscallPairEmitsAllFamilies(t *testing.T) { tests := []struct { - name string - enter string - exit string + name string + enter string + exit string + family SyscallFamily }{ - {"mknod", FormatMknod, FormatExitMknod}, - {"execve", FormatExecve, FormatExitExecve}, - {"accept", FormatAccept, FormatExitAccept}, - {"socket", FormatSocket, FormatExitSocket}, - {"kill", FormatKill, FormatExitKill}, + {"mknod", FormatMknod, FormatExitMknod, FamilyFS}, + {"execve", FormatExecve, FormatExitExecve, FamilyProcess}, + {"accept", FormatAccept, FormatExitAccept, FamilyNetwork}, + {"socket", FormatSocket, FormatExitSocket, FamilyNetwork}, + {"kill", FormatKill, FormatExitKill, FamilySignals}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { input := tt.enter + "\n" + tt.exit - output := GenerateTracepointsC(mustParseAll(t, input)) - if !strings.Contains(output, "Ignoring") { - t.Errorf("syscall %s was accepted, expected ignored", tt.name) + formats := mustParseAll(t, input) + if formats[0].Family != tt.family { + t.Fatalf("%s family = %s, want %s", tt.name, formats[0].Family, tt.family) + } + output := GenerateTracepointsC(formats) + if strings.Contains(output, "Ignoring") { + t.Errorf("syscall %s was ignored, expected accepted", tt.name) + } + if !strings.Contains(output, `SEC("tracepoint/syscalls/sys_enter_`+tt.name+`")`) { + t.Errorf("syscall %s missing enter handler", tt.name) + } + if !strings.Contains(output, `SEC("tracepoint/syscalls/sys_exit_`+tt.name+`")`) { + t.Errorf("syscall %s missing exit handler", tt.name) } }) } diff --git a/internal/generate/codegen.go b/internal/generate/codegen.go index e3ec0ef..3848b93 100644 --- a/internal/generate/codegen.go +++ b/internal/generate/codegen.go @@ -94,7 +94,7 @@ func classifySyscall(sc Syscall) ([]GeneratedTracepoint, string) { allCanGenerate := true if sc.Enter != nil { - enterClass = ClassifyFormat(sc.Enter) + enterClass = classifyEnterForGeneration(sc.Enter) if enterClass.Kind == KindNone { allCanGenerate = false } @@ -113,7 +113,7 @@ func classifySyscall(sc Syscall) ([]GeneratedTracepoint, string) { if !allCanGenerate { names := syscallFormatNames(sc) - return nil, fmt.Sprintf("Ignoring %s as possibly not file I/O related", strings.Join(names, " ")) + return nil, fmt.Sprintf("Skipping %s as incomplete or unclassifiable", strings.Join(names, " ")) } if isEnterRejected(enterClass.Kind) { @@ -131,6 +131,14 @@ func classifySyscall(sc Syscall) ([]GeneratedTracepoint, string) { return result, "" } +func classifyEnterForGeneration(f *Format) ClassificationResult { + classification := ClassifyFormat(f) + if classification.Kind != KindNone || len(f.ExternalFields) == 0 { + return classification + } + return ClassificationResult{Kind: KindNull} +} + // isEnterRejected reports whether kind must not appear on a syscall-enter // tracepoint. The answer comes from the kindRegistry so no switch statement // needs updating when a new TracepointKind is added. diff --git a/internal/generate/codegen_test.go b/internal/generate/codegen_test.go index 7a7d469..a448162 100644 --- a/internal/generate/codegen_test.go +++ b/internal/generate/codegen_test.go @@ -195,10 +195,50 @@ func TestGenerateNameToHandleAtHandler(t *testing.T) { requireContains(t, output, "bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[1]);") } -func TestGenerateIgnoredComment(t *testing.T) { +func TestGenerateFallbackNullHandler(t *testing.T) { output := generateFromPair(t, FormatKill, FormatExitKill) - requireContains(t, output, "/// Ignoring sys_enter_kill sys_exit_kill as possibly not file I/O related") + requireContains(t, output, `SEC("tracepoint/syscalls/sys_enter_kill")`) + requireContains(t, output, "struct null_event *ev") + requireContains(t, output, "ev->event_type = ENTER_NULL_EVENT;") + requireContains(t, output, `SEC("tracepoint/syscalls/sys_exit_kill")`) + requireContains(t, output, "ev->event_type = EXIT_RET_EVENT;") +} + +func TestGenerateHandlersForEverySyscallFamily(t *testing.T) { + tests := []struct { + syscall string + family SyscallFamily + }{ + {"accept", FamilyNetwork}, + {"pipe2", FamilyIPC}, + {"munmap", FamilyMemory}, + {"execve", FamilyProcess}, + {"kill", FamilySignals}, + {"nanosleep", FamilyTime}, + {"sched_yield", FamilySched}, + {"mknod", FamilyFS}, + {"epoll_wait", FamilyPolling}, + {"io_setup", FamilyAIO}, + {"bpf", FamilySecurity}, + {"sysinfo", FamilyMisc}, + } + + for _, tt := range tests { + t.Run(tt.syscall, func(t *testing.T) { + input := syntheticPair(tt.syscall) + formats := mustParseAll(t, input) + if formats[0].Family != tt.family { + t.Fatalf("%s family = %s, want %s", tt.syscall, formats[0].Family, tt.family) + } + output := GenerateTracepointsC(formats) + if strings.Contains(output, "Skipping") { + t.Fatalf("%s was skipped: %s", tt.syscall, output) + } + requireContains(t, output, `SEC("tracepoint/syscalls/sys_enter_`+tt.syscall+`")`) + requireContains(t, output, `SEC("tracepoint/syscalls/sys_exit_`+tt.syscall+`")`) + }) + } } func TestGenerateDefineConstants(t *testing.T) { @@ -333,12 +373,20 @@ func TestGroupBySyscallInvalid(t *testing.T) { func TestClassifySyscallNoExit(t *testing.T) { formats := mustParseAll(t, FormatRead) output := GenerateTracepointsC(formats) - requireContains(t, output, "Ignoring") + requireContains(t, output, "Skipping") if strings.Contains(output, "SEC(") { t.Error("syscall with only enter and no exit should be ignored") } } +func syntheticPair(syscall string) string { + enter := strings.Replace(FormatKill, "sys_enter_kill", "sys_enter_"+syscall, 1) + enter = strings.Replace(enter, "ID: 183", "ID: 1001", 1) + exit := strings.Replace(FormatExitKill, "sys_exit_kill", "sys_exit_"+syscall, 1) + exit = strings.Replace(exit, "ID: 182", "ID: 1000", 1) + return enter + "\n" + exit +} + func requireContains(t *testing.T, haystack, needle string) { t.Helper() if !strings.Contains(haystack, needle) { diff --git a/internal/generate/family.go b/internal/generate/family.go new file mode 100644 index 0000000..f39b13f --- /dev/null +++ b/internal/generate/family.go @@ -0,0 +1,166 @@ +package generate + +import "strings" + +// SyscallFamily is the broad syscall grouping attached to every parsed format. +type SyscallFamily string + +const ( + FamilyNetwork SyscallFamily = "Network" + FamilyIPC SyscallFamily = "IPC" + FamilyMemory SyscallFamily = "Memory" + FamilyProcess SyscallFamily = "Process" + FamilySignals SyscallFamily = "Signals" + FamilyTime SyscallFamily = "Time" + FamilySched SyscallFamily = "Sched" + FamilyFS SyscallFamily = "FS" + FamilyPolling SyscallFamily = "Polling" + FamilyAIO SyscallFamily = "AIO" + FamilySecurity SyscallFamily = "Security" + FamilyMisc SyscallFamily = "Misc" +) + +var syscallFamilies = map[string]SyscallFamily{ + "accept": FamilyNetwork, "accept4": FamilyNetwork, "bind": FamilyNetwork, + "connect": FamilyNetwork, "getpeername": FamilyNetwork, "getsockname": FamilyNetwork, + "getsockopt": FamilyNetwork, "listen": FamilyNetwork, "recvfrom": FamilyNetwork, + "recvmmsg": FamilyNetwork, "recvmsg": FamilyNetwork, "sendfile64": FamilyNetwork, + "sendmmsg": FamilyNetwork, "sendmsg": FamilyNetwork, "sendto": FamilyNetwork, + "setsockopt": FamilyNetwork, "shutdown": FamilyNetwork, "socket": FamilyNetwork, + "socketpair": FamilyNetwork, "splice": FamilyNetwork, "tee": FamilyNetwork, + + "eventfd": FamilyIPC, "eventfd2": FamilyIPC, "inotify_add_watch": FamilyIPC, + "inotify_init": FamilyIPC, "inotify_init1": FamilyIPC, "inotify_rm_watch": FamilyIPC, + "memfd_create": FamilyIPC, "memfd_secret": FamilyIPC, "mq_getsetattr": FamilyIPC, + "mq_notify": FamilyIPC, "mq_open": FamilyIPC, "mq_timedreceive": FamilyIPC, + "mq_timedsend": FamilyIPC, "mq_unlink": FamilyIPC, "msgctl": FamilyIPC, + "msgget": FamilyIPC, "msgrcv": FamilyIPC, "msgsnd": FamilyIPC, + "pidfd_getfd": FamilyIPC, "pidfd_open": FamilyIPC, "pidfd_send_signal": FamilyIPC, + "pipe": FamilyIPC, "pipe2": FamilyIPC, "semctl": FamilyIPC, "semget": FamilyIPC, + "semop": FamilyIPC, "semtimedop": FamilyIPC, "shmat": FamilyIPC, + "shmctl": FamilyIPC, "shmdt": FamilyIPC, "shmget": FamilyIPC, + "signalfd": FamilyIPC, "signalfd4": FamilyIPC, "timerfd_create": FamilyIPC, + "timerfd_gettime": FamilyIPC, "timerfd_settime": FamilyIPC, "userfaultfd": FamilyIPC, + + "brk": FamilyMemory, "madvise": FamilyMemory, "map_shadow_stack": FamilyMemory, + "mbind": FamilyMemory, "membarrier": FamilyMemory, "migrate_pages": FamilyMemory, + "mincore": FamilyMemory, "mlock": FamilyMemory, "mlock2": FamilyMemory, + "mlockall": FamilyMemory, "mmap": FamilyMemory, "mmap2": FamilyMemory, + "mprotect": FamilyMemory, "mremap": FamilyMemory, "mseal": FamilyMemory, + "munlock": FamilyMemory, "munlockall": FamilyMemory, "munmap": FamilyMemory, + "move_pages": FamilyMemory, "pkey_alloc": FamilyMemory, "pkey_free": FamilyMemory, + "pkey_mprotect": FamilyMemory, "process_madvise": FamilyMemory, + "process_mrelease": FamilyMemory, "process_vm_readv": FamilyMemory, + "process_vm_writev": FamilyMemory, "remap_file_pages": FamilyMemory, + "set_mempolicy": FamilyMemory, "set_mempolicy_home_node": FamilyMemory, + + "arch_prctl": FamilyProcess, "clone": FamilyProcess, "clone3": FamilyProcess, + "execve": FamilyProcess, "execveat": FamilyProcess, "exit": FamilyProcess, + "exit_group": FamilyProcess, "fork": FamilyProcess, "getegid": FamilyProcess, + "geteuid": FamilyProcess, "getgid": FamilyProcess, "getgroups": FamilyProcess, + "getpgid": FamilyProcess, "getpgrp": FamilyProcess, "getpid": FamilyProcess, + "getppid": FamilyProcess, "getpriority": FamilyProcess, "getresgid": FamilyProcess, + "getresuid": FamilyProcess, "getrlimit": FamilyProcess, "getrusage": FamilyProcess, + "getsid": FamilyProcess, "gettid": FamilyProcess, "getuid": FamilyProcess, + "kcmp": FamilyProcess, "personality": FamilyProcess, "pivot_root": FamilyProcess, + "prctl": FamilyProcess, "prlimit64": FamilyProcess, "reboot": FamilyProcess, + "restart_syscall": FamilyProcess, "set_tid_address": FamilyProcess, + "setfsuid": FamilyProcess, "setfsgid": FamilyProcess, "setgid": FamilyProcess, + "setgroups": FamilyProcess, "setns": FamilyProcess, "setpgid": FamilyProcess, + "setpriority": FamilyProcess, "setregid": FamilyProcess, "setresgid": FamilyProcess, + "setresuid": FamilyProcess, "setreuid": FamilyProcess, "setrlimit": FamilyProcess, + "setsid": FamilyProcess, "setuid": FamilyProcess, "umask": FamilyProcess, + "unshare": FamilyProcess, "vfork": FamilyProcess, "vhangup": FamilyProcess, + "wait4": FamilyProcess, "waitid": FamilyProcess, + + "kill": FamilySignals, "pause": FamilySignals, "rt_sigaction": FamilySignals, + "rt_sigpending": FamilySignals, "rt_sigprocmask": FamilySignals, + "rt_sigqueueinfo": FamilySignals, "rt_sigreturn": FamilySignals, + "rt_sigsuspend": FamilySignals, "rt_sigtimedwait": FamilySignals, + "rt_tgsigqueueinfo": FamilySignals, "sigaltstack": FamilySignals, + "tgkill": FamilySignals, "tkill": FamilySignals, + + "clock_adjtime": FamilyTime, "clock_getres": FamilyTime, "clock_gettime": FamilyTime, + "clock_nanosleep": FamilyTime, "clock_settime": FamilyTime, "getitimer": FamilyTime, + "gettimeofday": FamilyTime, "nanosleep": FamilyTime, "setitimer": FamilyTime, + "settimeofday": FamilyTime, "time": FamilyTime, "timer_create": FamilyTime, + "timer_delete": FamilyTime, "timer_getoverrun": FamilyTime, + "timer_gettime": FamilyTime, "timer_settime": FamilyTime, "times": FamilyTime, + + "sched_get_priority_max": FamilySched, "sched_get_priority_min": FamilySched, + "sched_getaffinity": FamilySched, "sched_getattr": FamilySched, + "sched_getparam": FamilySched, "sched_getscheduler": FamilySched, + "sched_rr_get_interval": FamilySched, "sched_setaffinity": FamilySched, + "sched_setattr": FamilySched, "sched_setparam": FamilySched, + "sched_setscheduler": FamilySched, "sched_yield": FamilySched, + + "epoll_create": FamilyPolling, "epoll_create1": FamilyPolling, + "epoll_ctl": FamilyPolling, "epoll_pwait": FamilyPolling, + "epoll_pwait2": FamilyPolling, "epoll_wait": FamilyPolling, + "poll": FamilyPolling, "ppoll": FamilyPolling, "pselect6": FamilyPolling, + "select": FamilyPolling, + + "io_cancel": FamilyAIO, "io_destroy": FamilyAIO, "io_getevents": FamilyAIO, + "io_pgetevents": FamilyAIO, "io_setup": FamilyAIO, "io_submit": FamilyAIO, + "io_uring_enter": FamilyAIO, "io_uring_register": FamilyAIO, + "io_uring_setup": FamilyAIO, + + "add_key": FamilySecurity, "bpf": FamilySecurity, "capget": FamilySecurity, + "capset": FamilySecurity, "delete_module": FamilySecurity, "finit_module": FamilySecurity, + "get_mempolicy": FamilySecurity, "getrandom": FamilySecurity, "init_module": FamilySecurity, + "kexec_file_load": FamilySecurity, "keyctl": FamilySecurity, + "landlock_add_rule": FamilySecurity, "landlock_create_ruleset": FamilySecurity, + "landlock_restrict_self": FamilySecurity, "lookup_dcookie": FamilySecurity, + "perf_event_open": FamilySecurity, "ptrace": FamilySecurity, + "request_key": FamilySecurity, "seccomp": FamilySecurity, +} + +// ClassifySyscallFamily returns the high-level syscall family for a tracepoint. +func ClassifySyscallFamily(tracepointName string) SyscallFamily { + syscall := syscallName(tracepointName) + if family, ok := syscallFamilies[syscall]; ok { + return family + } + if isFSSyscall(syscall) { + return FamilyFS + } + return FamilyMisc +} + +func syscallName(tracepointName string) string { + name := strings.TrimPrefix(tracepointName, "sys_enter_") + return strings.TrimPrefix(name, "sys_exit_") +} + +func isFSSyscall(syscall string) bool { + for _, marker := range fsNameMarkers { + if strings.Contains(syscall, marker) { + return true + } + } + _, ok := fsSyscalls[syscall] + return ok +} + +var fsNameMarkers = []string{"xattr", "stat", "chmod", "chown"} + +var fsSyscalls = map[string]struct{}{ + "access": {}, "cachestat": {}, "chdir": {}, "chroot": {}, "close": {}, + "close_range": {}, "copy_file_range": {}, "creat": {}, "dup": {}, "dup2": {}, + "dup3": {}, "faccessat": {}, "faccessat2": {}, "fadvise64": {}, "fallocate": {}, + "fcntl": {}, "fdatasync": {}, "fchdir": {}, "flock": {}, "fsconfig": {}, + "fsmount": {}, "fsopen": {}, "fspick": {}, "fsync": {}, "ftruncate": {}, + "futimesat": {}, "getcwd": {}, "getdents": {}, "getdents64": {}, "ioctl": {}, + "link": {}, "linkat": {}, "lseek": {}, "mkdir": {}, "mkdirat": {}, + "mknod": {}, "mknodat": {}, "mount": {}, "mount_setattr": {}, "move_mount": {}, + "msync": {}, + "name_to_handle_at": {}, "newfstat": {}, "newfstatat": {}, "newlstat": {}, + "newstat": {}, "open": {}, "open_by_handle_at": {}, "open_tree": {}, + "open_tree_attr": {}, "openat": {}, "openat2": {}, "quotactl": {}, + "quotactl_fd": {}, "read": {}, "readahead": {}, "readlink": {}, "readlinkat": {}, + "readv": {}, "rename": {}, "renameat": {}, "renameat2": {}, "rmdir": {}, + "statfs": {}, "sync": {}, "sync_file_range": {}, "syncfs": {}, "symlink": {}, + "symlinkat": {}, "truncate": {}, "umount2": {}, "unlink": {}, "unlinkat": {}, + "utimensat": {}, "write": {}, "writev": {}, "pread64": {}, "preadv": {}, + "preadv2": {}, "pwrite64": {}, "pwritev": {}, "pwritev2": {}, +} diff --git a/internal/generate/family_test.go b/internal/generate/family_test.go new file mode 100644 index 0000000..93431b4 --- /dev/null +++ b/internal/generate/family_test.go @@ -0,0 +1,51 @@ +package generate + +import "testing" + +func TestClassifySyscallFamily(t *testing.T) { + tests := []struct { + name string + want SyscallFamily + }{ + {"sys_enter_accept", FamilyNetwork}, + {"sys_exit_accept", FamilyNetwork}, + {"sys_enter_pipe2", FamilyIPC}, + {"sys_enter_munmap", FamilyMemory}, + {"sys_enter_execve", FamilyProcess}, + {"sys_enter_rt_sigaction", FamilySignals}, + {"sys_enter_clock_gettime", FamilyTime}, + {"sys_enter_sched_yield", FamilySched}, + {"sys_enter_openat", FamilyFS}, + {"sys_enter_epoll_wait", FamilyPolling}, + {"sys_enter_io_uring_enter", FamilyAIO}, + {"sys_enter_bpf", FamilySecurity}, + {"sys_enter_unlisted_future_syscall", FamilyMisc}, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := ClassifySyscallFamily(tt.name); got != tt.want { + t.Errorf("ClassifySyscallFamily(%q) = %s, want %s", tt.name, got, tt.want) + } + }) + } +} + +func TestParseFormatsTagsEveryFormatWithFamily(t *testing.T) { + formats := mustParseAll(t, FormatRead+"\n"+FormatExitSocket+"\n"+FormatExitKill) + + tests := []struct { + index int + want SyscallFamily + }{ + {0, FamilyFS}, + {1, FamilyNetwork}, + {2, FamilySignals}, + } + + for _, tt := range tests { + if got := formats[tt.index].Family; got != tt.want { + t.Errorf("formats[%d].Family = %s, want %s", tt.index, got, tt.want) + } + } +} diff --git a/internal/generate/format.go b/internal/generate/format.go index ef51ba8..597d496 100644 --- a/internal/generate/format.go +++ b/internal/generate/format.go @@ -19,6 +19,7 @@ type Field struct { type Format struct { Name string ID int + Family SyscallFamily InternalFields []Field ExternalFields []Field } @@ -64,6 +65,7 @@ func applyFormatLine(line string, _ []Format, current *Format, isExternal bool, case strings.HasPrefix(trimmed, "name:"): f := Format{} f.Name = strings.TrimSpace(strings.TrimPrefix(trimmed, "name:")) + f.Family = ClassifySyscallFamily(f.Name) *formats = append(*formats, f) current = &(*formats)[len(*formats)-1] isExternal = false diff --git a/internal/tracepoints/generated_tracepoints.go b/internal/tracepoints/generated_tracepoints.go index 4b6cae9..8277cbf 100644 --- a/internal/tracepoints/generated_tracepoints.go +++ b/internal/tracepoints/generated_tracepoints.go @@ -2,12 +2,110 @@ package tracepoints var List = []string{ + "sys_enter_socket", + "sys_exit_socket", + "sys_enter_socketpair", + "sys_exit_socketpair", + "sys_enter_bind", + "sys_exit_bind", + "sys_enter_listen", + "sys_exit_listen", + "sys_enter_accept4", + "sys_exit_accept4", + "sys_enter_accept", + "sys_exit_accept", + "sys_enter_connect", + "sys_exit_connect", + "sys_enter_getsockname", + "sys_exit_getsockname", + "sys_enter_getpeername", + "sys_exit_getpeername", + "sys_enter_sendto", + "sys_exit_sendto", + "sys_enter_recvfrom", + "sys_exit_recvfrom", + "sys_enter_setsockopt", + "sys_exit_setsockopt", + "sys_enter_getsockopt", + "sys_exit_getsockopt", + "sys_enter_shutdown", + "sys_exit_shutdown", + "sys_enter_sendmsg", + "sys_exit_sendmsg", + "sys_enter_sendmmsg", + "sys_exit_sendmmsg", + "sys_enter_recvmsg", + "sys_exit_recvmsg", + "sys_enter_recvmmsg", + "sys_exit_recvmmsg", + "sys_enter_getrandom", + "sys_exit_getrandom", "sys_enter_io_uring_register", "sys_exit_io_uring_register", "sys_enter_io_uring_enter", "sys_exit_io_uring_enter", "sys_enter_io_uring_setup", "sys_exit_io_uring_setup", + "sys_enter_ioprio_set", + "sys_exit_ioprio_set", + "sys_enter_ioprio_get", + "sys_exit_ioprio_get", + "sys_enter_landlock_create_ruleset", + "sys_exit_landlock_create_ruleset", + "sys_enter_landlock_add_rule", + "sys_exit_landlock_add_rule", + "sys_enter_landlock_restrict_self", + "sys_exit_landlock_restrict_self", + "sys_enter_lsm_set_self_attr", + "sys_exit_lsm_set_self_attr", + "sys_enter_lsm_get_self_attr", + "sys_exit_lsm_get_self_attr", + "sys_enter_lsm_list_modules", + "sys_exit_lsm_list_modules", + "sys_enter_add_key", + "sys_exit_add_key", + "sys_enter_request_key", + "sys_exit_request_key", + "sys_enter_keyctl", + "sys_exit_keyctl", + "sys_enter_mq_open", + "sys_exit_mq_open", + "sys_enter_mq_unlink", + "sys_exit_mq_unlink", + "sys_enter_mq_timedsend", + "sys_exit_mq_timedsend", + "sys_enter_mq_timedreceive", + "sys_exit_mq_timedreceive", + "sys_enter_mq_notify", + "sys_exit_mq_notify", + "sys_enter_mq_getsetattr", + "sys_exit_mq_getsetattr", + "sys_enter_shmget", + "sys_exit_shmget", + "sys_enter_shmctl", + "sys_exit_shmctl", + "sys_enter_shmat", + "sys_exit_shmat", + "sys_enter_shmdt", + "sys_exit_shmdt", + "sys_enter_semget", + "sys_exit_semget", + "sys_enter_semctl", + "sys_exit_semctl", + "sys_enter_semtimedop", + "sys_exit_semtimedop", + "sys_enter_semop", + "sys_exit_semop", + "sys_enter_msgget", + "sys_exit_msgget", + "sys_enter_msgctl", + "sys_exit_msgctl", + "sys_enter_msgsnd", + "sys_exit_msgsnd", + "sys_enter_msgrcv", + "sys_exit_msgrcv", + "sys_enter_quotactl", + "sys_exit_quotactl", "sys_enter_quotactl_fd", "sys_exit_quotactl_fd", "sys_enter_name_to_handle_at", @@ -28,12 +126,52 @@ var List = []string{ "sys_exit_io_getevents", "sys_enter_io_pgetevents", "sys_exit_io_pgetevents", + "sys_enter_userfaultfd", + "sys_exit_userfaultfd", + "sys_enter_eventfd2", + "sys_exit_eventfd2", + "sys_enter_eventfd", + "sys_exit_eventfd", + "sys_enter_timerfd_create", + "sys_exit_timerfd_create", + "sys_enter_timerfd_settime", + "sys_exit_timerfd_settime", + "sys_enter_timerfd_gettime", + "sys_exit_timerfd_gettime", + "sys_enter_signalfd4", + "sys_exit_signalfd4", + "sys_enter_signalfd", + "sys_exit_signalfd", + "sys_enter_epoll_create1", + "sys_exit_epoll_create1", + "sys_enter_epoll_create", + "sys_exit_epoll_create", + "sys_enter_epoll_ctl", + "sys_exit_epoll_ctl", + "sys_enter_epoll_wait", + "sys_exit_epoll_wait", + "sys_enter_epoll_pwait", + "sys_exit_epoll_pwait", + "sys_enter_epoll_pwait2", + "sys_exit_epoll_pwait2", + "sys_enter_fanotify_init", + "sys_exit_fanotify_init", "sys_enter_fanotify_mark", "sys_exit_fanotify_mark", + "sys_enter_inotify_init1", + "sys_exit_inotify_init1", + "sys_enter_inotify_init", + "sys_exit_inotify_init", + "sys_enter_inotify_add_watch", + "sys_exit_inotify_add_watch", + "sys_enter_inotify_rm_watch", + "sys_exit_inotify_rm_watch", "sys_enter_file_getattr", "sys_exit_file_getattr", "sys_enter_file_setattr", "sys_exit_file_setattr", + "sys_enter_fsopen", + "sys_exit_fsopen", "sys_enter_fspick", "sys_exit_fspick", "sys_enter_fsconfig", @@ -42,12 +180,18 @@ var List = []string{ "sys_exit_statfs", "sys_enter_fstatfs", "sys_exit_fstatfs", + "sys_enter_ustat", + "sys_exit_ustat", "sys_enter_getcwd", "sys_exit_getcwd", "sys_enter_utimensat", "sys_exit_utimensat", "sys_enter_futimesat", "sys_exit_futimesat", + "sys_enter_utimes", + "sys_exit_utimes", + "sys_enter_utime", + "sys_exit_utime", "sys_enter_sync", "sys_exit_sync", "sys_enter_syncfs", @@ -60,6 +204,10 @@ var List = []string{ "sys_exit_sync_file_range", "sys_enter_vmsplice", "sys_exit_vmsplice", + "sys_enter_splice", + "sys_exit_splice", + "sys_enter_tee", + "sys_exit_tee", "sys_enter_setxattrat", "sys_exit_setxattrat", "sys_enter_setxattr", @@ -92,12 +240,28 @@ var List = []string{ "sys_exit_lremovexattr", "sys_enter_fremovexattr", "sys_exit_fremovexattr", + "sys_enter_umount", + "sys_exit_umount", "sys_enter_open_tree", "sys_exit_open_tree", + "sys_enter_mount", + "sys_exit_mount", + "sys_enter_fsmount", + "sys_exit_fsmount", + "sys_enter_move_mount", + "sys_exit_move_mount", + "sys_enter_pivot_root", + "sys_exit_pivot_root", "sys_enter_mount_setattr", "sys_exit_mount_setattr", "sys_enter_open_tree_attr", "sys_exit_open_tree_attr", + "sys_enter_statmount", + "sys_exit_statmount", + "sys_enter_listmount", + "sys_exit_listmount", + "sys_enter_sysfs", + "sys_exit_sysfs", "sys_enter_close_range", "sys_exit_close_range", "sys_enter_dup3", @@ -106,6 +270,14 @@ var List = []string{ "sys_exit_dup2", "sys_enter_dup", "sys_exit_dup", + "sys_enter_select", + "sys_exit_select", + "sys_enter_pselect6", + "sys_exit_pselect6", + "sys_enter_poll", + "sys_exit_poll", + "sys_enter_ppoll", + "sys_exit_ppoll", "sys_enter_getdents", "sys_exit_getdents", "sys_enter_getdents64", @@ -114,6 +286,10 @@ var List = []string{ "sys_exit_ioctl", "sys_enter_fcntl", "sys_exit_fcntl", + "sys_enter_mknodat", + "sys_exit_mknodat", + "sys_enter_mknod", + "sys_exit_mknod", "sys_enter_mkdirat", "sys_exit_mkdirat", "sys_enter_mkdir", @@ -138,6 +314,14 @@ var List = []string{ "sys_exit_renameat", "sys_enter_rename", "sys_exit_rename", + "sys_enter_pipe2", + "sys_exit_pipe2", + "sys_enter_pipe", + "sys_exit_pipe", + "sys_enter_execve", + "sys_exit_execve", + "sys_enter_execveat", + "sys_exit_execveat", "sys_enter_newstat", "sys_exit_newstat", "sys_enter_newlstat", @@ -174,6 +358,8 @@ var List = []string{ "sys_exit_pwritev", "sys_enter_pwritev2", "sys_exit_pwritev2", + "sys_enter_sendfile64", + "sys_exit_sendfile64", "sys_enter_copy_file_range", "sys_exit_copy_file_range", "sys_enter_truncate", @@ -220,20 +406,334 @@ var List = []string{ "sys_exit_creat", "sys_enter_close", "sys_exit_close", + "sys_enter_vhangup", + "sys_exit_vhangup", + "sys_enter_memfd_create", + "sys_exit_memfd_create", + "sys_enter_memfd_secret", + "sys_exit_memfd_secret", + "sys_enter_move_pages", + "sys_exit_move_pages", + "sys_enter_set_mempolicy_home_node", + "sys_exit_set_mempolicy_home_node", + "sys_enter_mbind", + "sys_exit_mbind", + "sys_enter_set_mempolicy", + "sys_exit_set_mempolicy", + "sys_enter_migrate_pages", + "sys_exit_migrate_pages", + "sys_enter_get_mempolicy", + "sys_exit_get_mempolicy", + "sys_enter_swapoff", + "sys_exit_swapoff", + "sys_enter_swapon", + "sys_exit_swapon", + "sys_enter_madvise", + "sys_exit_madvise", + "sys_enter_process_madvise", + "sys_exit_process_madvise", + "sys_enter_mseal", + "sys_exit_mseal", + "sys_enter_process_vm_readv", + "sys_exit_process_vm_readv", + "sys_enter_process_vm_writev", + "sys_exit_process_vm_writev", "sys_enter_msync", "sys_exit_msync", + "sys_enter_mremap", + "sys_exit_mremap", + "sys_enter_mprotect", + "sys_exit_mprotect", + "sys_enter_pkey_mprotect", + "sys_exit_pkey_mprotect", + "sys_enter_pkey_alloc", + "sys_exit_pkey_alloc", + "sys_enter_pkey_free", + "sys_exit_pkey_free", + "sys_enter_brk", + "sys_exit_brk", + "sys_enter_munmap", + "sys_exit_munmap", + "sys_enter_remap_file_pages", + "sys_exit_remap_file_pages", + "sys_enter_mlock", + "sys_exit_mlock", + "sys_enter_mlock2", + "sys_exit_mlock2", + "sys_enter_munlock", + "sys_exit_munlock", + "sys_enter_mlockall", + "sys_exit_mlockall", + "sys_enter_munlockall", + "sys_exit_munlockall", + "sys_enter_mincore", + "sys_exit_mincore", "sys_enter_readahead", "sys_exit_readahead", "sys_enter_fadvise64", "sys_exit_fadvise64", + "sys_enter_process_mrelease", + "sys_exit_process_mrelease", "sys_enter_cachestat", "sys_exit_cachestat", + "sys_enter_rseq", + "sys_exit_rseq", + "sys_enter_perf_event_open", + "sys_exit_perf_event_open", + "sys_enter_bpf", + "sys_exit_bpf", + "sys_enter_seccomp", + "sys_exit_seccomp", + "sys_enter_kexec_file_load", + "sys_exit_kexec_file_load", + "sys_enter_kexec_load", + "sys_exit_kexec_load", + "sys_enter_acct", + "sys_exit_acct", + "sys_enter_set_robust_list", + "sys_exit_set_robust_list", + "sys_enter_get_robust_list", + "sys_exit_get_robust_list", + "sys_enter_futex", + "sys_exit_futex", + "sys_enter_futex_waitv", + "sys_exit_futex_waitv", + "sys_enter_futex_wake", + "sys_exit_futex_wake", + "sys_enter_futex_wait", + "sys_exit_futex_wait", + "sys_enter_futex_requeue", + "sys_exit_futex_requeue", + "sys_enter_getitimer", + "sys_exit_getitimer", + "sys_enter_alarm", + "sys_exit_alarm", + "sys_enter_setitimer", + "sys_exit_setitimer", + "sys_enter_timer_create", + "sys_exit_timer_create", + "sys_enter_timer_gettime", + "sys_exit_timer_gettime", + "sys_enter_timer_getoverrun", + "sys_exit_timer_getoverrun", + "sys_enter_timer_settime", + "sys_exit_timer_settime", + "sys_enter_timer_delete", + "sys_exit_timer_delete", + "sys_enter_clock_settime", + "sys_exit_clock_settime", + "sys_enter_clock_gettime", + "sys_exit_clock_gettime", + "sys_enter_clock_adjtime", + "sys_exit_clock_adjtime", + "sys_enter_clock_getres", + "sys_exit_clock_getres", + "sys_enter_clock_nanosleep", + "sys_exit_clock_nanosleep", + "sys_enter_nanosleep", + "sys_exit_nanosleep", + "sys_enter_time", + "sys_exit_time", + "sys_enter_gettimeofday", + "sys_exit_gettimeofday", + "sys_enter_settimeofday", + "sys_exit_settimeofday", + "sys_enter_adjtimex", + "sys_exit_adjtimex", + "sys_enter_kcmp", + "sys_exit_kcmp", + "sys_enter_delete_module", + "sys_exit_delete_module", + "sys_enter_init_module", + "sys_exit_init_module", "sys_enter_finit_module", "sys_exit_finit_module", "sys_enter_syslog", "sys_exit_syslog", + "sys_enter_membarrier", + "sys_exit_membarrier", + "sys_enter_sched_setscheduler", + "sys_exit_sched_setscheduler", + "sys_enter_sched_setparam", + "sys_exit_sched_setparam", + "sys_enter_sched_setattr", + "sys_exit_sched_setattr", + "sys_enter_sched_getscheduler", + "sys_exit_sched_getscheduler", + "sys_enter_sched_getparam", + "sys_exit_sched_getparam", + "sys_enter_sched_getattr", + "sys_exit_sched_getattr", + "sys_enter_sched_setaffinity", + "sys_exit_sched_setaffinity", + "sys_enter_sched_getaffinity", + "sys_exit_sched_getaffinity", + "sys_enter_sched_yield", + "sys_exit_sched_yield", + "sys_enter_sched_get_priority_max", + "sys_exit_sched_get_priority_max", + "sys_enter_sched_get_priority_min", + "sys_exit_sched_get_priority_min", + "sys_enter_sched_rr_get_interval", + "sys_exit_sched_rr_get_interval", + "sys_enter_getgroups", + "sys_exit_getgroups", + "sys_enter_setgroups", + "sys_exit_setgroups", + "sys_enter_reboot", + "sys_exit_reboot", + "sys_enter_listns", + "sys_exit_listns", + "sys_enter_setns", + "sys_exit_setns", + "sys_enter_pidfd_open", + "sys_exit_pidfd_open", "sys_enter_pidfd_getfd", "sys_exit_pidfd_getfd", + "sys_enter_setpriority", + "sys_exit_setpriority", + "sys_enter_getpriority", + "sys_exit_getpriority", + "sys_enter_setregid", + "sys_exit_setregid", + "sys_enter_setgid", + "sys_exit_setgid", + "sys_enter_setreuid", + "sys_exit_setreuid", + "sys_enter_setuid", + "sys_exit_setuid", + "sys_enter_setresuid", + "sys_exit_setresuid", + "sys_enter_getresuid", + "sys_exit_getresuid", + "sys_enter_setresgid", + "sys_exit_setresgid", + "sys_enter_getresgid", + "sys_exit_getresgid", + "sys_enter_setfsuid", + "sys_exit_setfsuid", + "sys_enter_setfsgid", + "sys_exit_setfsgid", + "sys_enter_getpid", + "sys_exit_getpid", + "sys_enter_gettid", + "sys_exit_gettid", + "sys_enter_getppid", + "sys_exit_getppid", + "sys_enter_getuid", + "sys_exit_getuid", + "sys_enter_geteuid", + "sys_exit_geteuid", + "sys_enter_getgid", + "sys_exit_getgid", + "sys_enter_getegid", + "sys_exit_getegid", + "sys_enter_times", + "sys_exit_times", + "sys_enter_setpgid", + "sys_exit_setpgid", + "sys_enter_getpgid", + "sys_exit_getpgid", + "sys_enter_getpgrp", + "sys_exit_getpgrp", + "sys_enter_getsid", + "sys_exit_getsid", + "sys_enter_setsid", + "sys_exit_setsid", + "sys_enter_newuname", + "sys_exit_newuname", + "sys_enter_sethostname", + "sys_exit_sethostname", + "sys_enter_setdomainname", + "sys_exit_setdomainname", + "sys_enter_getrlimit", + "sys_exit_getrlimit", + "sys_enter_prlimit64", + "sys_exit_prlimit64", + "sys_enter_setrlimit", + "sys_exit_setrlimit", + "sys_enter_getrusage", + "sys_exit_getrusage", + "sys_enter_umask", + "sys_exit_umask", + "sys_enter_prctl", + "sys_exit_prctl", + "sys_enter_getcpu", + "sys_exit_getcpu", + "sys_enter_sysinfo", + "sys_exit_sysinfo", + "sys_enter_restart_syscall", + "sys_exit_restart_syscall", + "sys_enter_rt_sigprocmask", + "sys_exit_rt_sigprocmask", + "sys_enter_rt_sigpending", + "sys_exit_rt_sigpending", + "sys_enter_rt_sigtimedwait", + "sys_exit_rt_sigtimedwait", + "sys_enter_kill", + "sys_exit_kill", + "sys_enter_pidfd_send_signal", + "sys_exit_pidfd_send_signal", + "sys_enter_tgkill", + "sys_exit_tgkill", + "sys_enter_tkill", + "sys_exit_tkill", + "sys_enter_rt_sigqueueinfo", + "sys_exit_rt_sigqueueinfo", + "sys_enter_rt_tgsigqueueinfo", + "sys_exit_rt_tgsigqueueinfo", + "sys_enter_sigaltstack", + "sys_exit_sigaltstack", + "sys_enter_rt_sigaction", + "sys_exit_rt_sigaction", + "sys_enter_pause", + "sys_exit_pause", + "sys_enter_rt_sigsuspend", + "sys_exit_rt_sigsuspend", + "sys_enter_ptrace", + "sys_exit_ptrace", + "sys_enter_capget", + "sys_exit_capget", + "sys_enter_capset", + "sys_exit_capset", + "sys_enter_exit", + "sys_exit_exit", + "sys_enter_exit_group", + "sys_exit_exit_group", + "sys_enter_waitid", + "sys_exit_waitid", + "sys_enter_wait4", + "sys_exit_wait4", + "sys_enter_personality", + "sys_exit_personality", + "sys_enter_set_tid_address", + "sys_exit_set_tid_address", + "sys_enter_fork", + "sys_exit_fork", + "sys_enter_vfork", + "sys_exit_vfork", + "sys_enter_clone", + "sys_exit_clone", + "sys_enter_clone3", + "sys_exit_clone3", + "sys_enter_unshare", + "sys_exit_unshare", + "sys_enter_map_shadow_stack", + "sys_exit_map_shadow_stack", + "sys_enter_uretprobe", + "sys_exit_uretprobe", + "sys_enter_uprobe", + "sys_exit_uprobe", + "sys_enter_arch_prctl", + "sys_exit_arch_prctl", "sys_enter_mmap", "sys_exit_mmap", + "sys_enter_modify_ldt", + "sys_exit_modify_ldt", + "sys_enter_ioperm", + "sys_exit_ioperm", + "sys_enter_iopl", + "sys_exit_iopl", + "sys_enter_rt_sigreturn", + "sys_exit_rt_sigreturn", } diff --git a/internal/types/generated_types.go b/internal/types/generated_types.go index 8e4a584..543898b 100644 --- a/internal/types/generated_types.go +++ b/internal/types/generated_types.go @@ -12,11 +12,11 @@ type EventType uint32 type TraceId uint32 var traceId2String = map[TraceId]string{ - 1521: "enter_io_uring_register", 1520: "exit_io_uring_register", 1502: "enter_io_uring_enter", 1501: "exit_io_uring_enter", 1500: "enter_io_uring_setup", 1499: "exit_io_uring_setup", 1155: "enter_quotactl_fd", 1154: "exit_quotactl_fd", 1139: "enter_name_to_handle_at", 1138: "exit_name_to_handle_at", 1137: "enter_open_by_handle_at", 1136: "exit_open_by_handle_at", 1123: "enter_flock", 1122: "exit_flock", 1109: "enter_io_setup", 1108: "exit_io_setup", 1107: "enter_io_destroy", 1106: "exit_io_destroy", 1105: "enter_io_submit", 1104: "exit_io_submit", 1103: "enter_io_cancel", 1102: "exit_io_cancel", 1101: "enter_io_getevents", 1100: "exit_io_getevents", 1099: "enter_io_pgetevents", 1098: "exit_io_pgetevents", 1067: "enter_fanotify_mark", 1066: "exit_fanotify_mark", 1057: "enter_file_getattr", 1056: "exit_file_getattr", 1055: "enter_file_setattr", 1054: "exit_file_setattr", 1051: "enter_fspick", 1050: "exit_fspick", 1049: "enter_fsconfig", 1048: "exit_fsconfig", 1047: "enter_statfs", 1046: "exit_statfs", 1045: "enter_fstatfs", 1044: "exit_fstatfs", 1041: "enter_getcwd", 1040: "exit_getcwd", 1039: "enter_utimensat", 1038: "exit_utimensat", 1037: "enter_futimesat", 1036: "exit_futimesat", 1031: "enter_sync", 1030: "exit_sync", 1029: "enter_syncfs", 1028: "exit_syncfs", 1027: "enter_fsync", 1026: "exit_fsync", 1025: "enter_fdatasync", 1024: "exit_fdatasync", 1023: "enter_sync_file_range", 1022: "exit_sync_file_range", 1021: "enter_vmsplice", 1020: "exit_vmsplice", 982: "enter_setxattrat", 981: "exit_setxattrat", 980: "enter_setxattr", 979: "exit_setxattr", 978: "enter_lsetxattr", 977: "exit_lsetxattr", 976: "enter_fsetxattr", 975: "exit_fsetxattr", 974: "enter_getxattrat", 973: "exit_getxattrat", 972: "enter_getxattr", 971: "exit_getxattr", 970: "enter_lgetxattr", 969: "exit_lgetxattr", 968: "enter_fgetxattr", 967: "exit_fgetxattr", 966: "enter_listxattrat", 965: "exit_listxattrat", 964: "enter_listxattr", 963: "exit_listxattr", 962: "enter_llistxattr", 961: "exit_llistxattr", 960: "enter_flistxattr", 959: "exit_flistxattr", 958: "enter_removexattrat", 957: "exit_removexattrat", 956: "enter_removexattr", 955: "exit_removexattr", 954: "enter_lremovexattr", 953: "exit_lremovexattr", 952: "enter_fremovexattr", 951: "exit_fremovexattr", 948: "enter_open_tree", 947: "exit_open_tree", 938: "enter_mount_setattr", 937: "exit_mount_setattr", 936: "enter_open_tree_attr", 935: "exit_open_tree_attr", 928: "enter_close_range", 927: "exit_close_range", 926: "enter_dup3", 925: "exit_dup3", 924: "enter_dup2", 923: "exit_dup2", 922: "enter_dup", 921: "exit_dup", 908: "enter_getdents", 907: "exit_getdents", 906: "enter_getdents64", 905: "exit_getdents64", 904: "enter_ioctl", 903: "exit_ioctl", 902: "enter_fcntl", 901: "exit_fcntl", 896: "enter_mkdirat", 895: "exit_mkdirat", 894: "enter_mkdir", 893: "exit_mkdir", 892: "enter_rmdir", 891: "exit_rmdir", 890: "enter_unlinkat", 889: "exit_unlinkat", 888: "enter_unlink", 887: "exit_unlink", 886: "enter_symlinkat", 885: "exit_symlinkat", 884: "enter_symlink", 883: "exit_symlink", 882: "enter_linkat", 881: "exit_linkat", 880: "enter_link", 879: "exit_link", 878: "enter_renameat2", 877: "exit_renameat2", 876: "enter_renameat", 875: "exit_renameat", 874: "enter_rename", 873: "exit_rename", 864: "enter_newstat", 863: "exit_newstat", 862: "enter_newlstat", 861: "exit_newlstat", 860: "enter_newfstatat", 859: "exit_newfstatat", 858: "enter_newfstat", 857: "exit_newfstat", 856: "enter_readlinkat", 855: "exit_readlinkat", 854: "enter_readlink", 853: "exit_readlink", 852: "enter_statx", 851: "exit_statx", 850: "enter_lseek", 849: "exit_lseek", 848: "enter_read", 847: "exit_read", 846: "enter_write", 845: "exit_write", 844: "enter_pread64", 843: "exit_pread64", 842: "enter_pwrite64", 841: "exit_pwrite64", 840: "enter_readv", 839: "exit_readv", 838: "enter_writev", 837: "exit_writev", 836: "enter_preadv", 835: "exit_preadv", 834: "enter_preadv2", 833: "exit_preadv2", 832: "enter_pwritev", 831: "exit_pwritev", 830: "enter_pwritev2", 829: "exit_pwritev2", 826: "enter_copy_file_range", 825: "exit_copy_file_range", 824: "enter_truncate", 823: "exit_truncate", 822: "enter_ftruncate", 821: "exit_ftruncate", 820: "enter_fallocate", 819: "exit_fallocate", 818: "enter_faccessat", 817: "exit_faccessat", 816: "enter_faccessat2", 815: "exit_faccessat2", 814: "enter_access", 813: "exit_access", 812: "enter_chdir", 811: "exit_chdir", 810: "enter_fchdir", 809: "exit_fchdir", 808: "enter_chroot", 807: "exit_chroot", 806: "enter_fchmod", 805: "exit_fchmod", 804: "enter_fchmodat2", 803: "exit_fchmodat2", 802: "enter_fchmodat", 801: "exit_fchmodat", 800: "enter_chmod", 799: "exit_chmod", 798: "enter_fchownat", 797: "exit_fchownat", 796: "enter_chown", 795: "exit_chown", 794: "enter_lchown", 793: "exit_lchown", 792: "enter_fchown", 791: "exit_fchown", 790: "enter_open", 789: "exit_open", 788: "enter_openat", 787: "exit_openat", 786: "enter_openat2", 785: "exit_openat2", 784: "enter_creat", 783: "exit_creat", 782: "enter_close", 781: "exit_close", 710: "enter_msync", 709: "exit_msync", 616: "enter_readahead", 615: "exit_readahead", 614: "enter_fadvise64", 613: "exit_fadvise64", 595: "enter_cachestat", 594: "exit_cachestat", 406: "enter_finit_module", 405: "exit_finit_module", 350: "enter_syslog", 349: "exit_syslog", 271: "enter_pidfd_getfd", 270: "exit_pidfd_getfd", 100: "enter_mmap", 99: "exit_mmap", + 1847: "enter_socket", 1846: "exit_socket", 1845: "enter_socketpair", 1844: "exit_socketpair", 1843: "enter_bind", 1842: "exit_bind", 1841: "enter_listen", 1840: "exit_listen", 1839: "enter_accept4", 1838: "exit_accept4", 1837: "enter_accept", 1836: "exit_accept", 1835: "enter_connect", 1834: "exit_connect", 1833: "enter_getsockname", 1832: "exit_getsockname", 1831: "enter_getpeername", 1830: "exit_getpeername", 1829: "enter_sendto", 1828: "exit_sendto", 1827: "enter_recvfrom", 1826: "exit_recvfrom", 1825: "enter_setsockopt", 1824: "exit_setsockopt", 1823: "enter_getsockopt", 1822: "exit_getsockopt", 1821: "enter_shutdown", 1820: "exit_shutdown", 1819: "enter_sendmsg", 1818: "exit_sendmsg", 1817: "enter_sendmmsg", 1816: "exit_sendmmsg", 1815: "enter_recvmsg", 1814: "exit_recvmsg", 1813: "enter_recvmmsg", 1812: "exit_recvmmsg", 1575: "enter_getrandom", 1574: "exit_getrandom", 1528: "enter_io_uring_register", 1527: "exit_io_uring_register", 1509: "enter_io_uring_enter", 1508: "exit_io_uring_enter", 1507: "enter_io_uring_setup", 1506: "exit_io_uring_setup", 1491: "enter_ioprio_set", 1490: "exit_ioprio_set", 1489: "enter_ioprio_get", 1488: "exit_ioprio_get", 1463: "enter_landlock_create_ruleset", 1462: "exit_landlock_create_ruleset", 1461: "enter_landlock_add_rule", 1460: "exit_landlock_add_rule", 1459: "enter_landlock_restrict_self", 1458: "exit_landlock_restrict_self", 1456: "enter_lsm_set_self_attr", 1455: "exit_lsm_set_self_attr", 1454: "enter_lsm_get_self_attr", 1453: "exit_lsm_get_self_attr", 1452: "enter_lsm_list_modules", 1451: "exit_lsm_list_modules", 1449: "enter_add_key", 1448: "exit_add_key", 1447: "enter_request_key", 1446: "exit_request_key", 1445: "enter_keyctl", 1444: "exit_keyctl", 1443: "enter_mq_open", 1442: "exit_mq_open", 1441: "enter_mq_unlink", 1440: "exit_mq_unlink", 1439: "enter_mq_timedsend", 1438: "exit_mq_timedsend", 1437: "enter_mq_timedreceive", 1436: "exit_mq_timedreceive", 1435: "enter_mq_notify", 1434: "exit_mq_notify", 1433: "enter_mq_getsetattr", 1432: "exit_mq_getsetattr", 1431: "enter_shmget", 1430: "exit_shmget", 1429: "enter_shmctl", 1428: "exit_shmctl", 1427: "enter_shmat", 1426: "exit_shmat", 1425: "enter_shmdt", 1424: "exit_shmdt", 1423: "enter_semget", 1422: "exit_semget", 1421: "enter_semctl", 1420: "exit_semctl", 1419: "enter_semtimedop", 1418: "exit_semtimedop", 1417: "enter_semop", 1416: "exit_semop", 1415: "enter_msgget", 1414: "exit_msgget", 1413: "enter_msgctl", 1412: "exit_msgctl", 1411: "enter_msgsnd", 1410: "exit_msgsnd", 1409: "enter_msgrcv", 1408: "exit_msgrcv", 1164: "enter_quotactl", 1163: "exit_quotactl", 1162: "enter_quotactl_fd", 1161: "exit_quotactl_fd", 1146: "enter_name_to_handle_at", 1145: "exit_name_to_handle_at", 1144: "enter_open_by_handle_at", 1143: "exit_open_by_handle_at", 1130: "enter_flock", 1129: "exit_flock", 1111: "enter_io_setup", 1110: "exit_io_setup", 1109: "enter_io_destroy", 1108: "exit_io_destroy", 1107: "enter_io_submit", 1106: "exit_io_submit", 1105: "enter_io_cancel", 1104: "exit_io_cancel", 1103: "enter_io_getevents", 1102: "exit_io_getevents", 1101: "enter_io_pgetevents", 1100: "exit_io_pgetevents", 1099: "enter_userfaultfd", 1098: "exit_userfaultfd", 1097: "enter_eventfd2", 1096: "exit_eventfd2", 1095: "enter_eventfd", 1094: "exit_eventfd", 1093: "enter_timerfd_create", 1092: "exit_timerfd_create", 1091: "enter_timerfd_settime", 1090: "exit_timerfd_settime", 1089: "enter_timerfd_gettime", 1088: "exit_timerfd_gettime", 1087: "enter_signalfd4", 1086: "exit_signalfd4", 1085: "enter_signalfd", 1084: "exit_signalfd", 1083: "enter_epoll_create1", 1082: "exit_epoll_create1", 1081: "enter_epoll_create", 1080: "exit_epoll_create", 1079: "enter_epoll_ctl", 1078: "exit_epoll_ctl", 1077: "enter_epoll_wait", 1076: "exit_epoll_wait", 1075: "enter_epoll_pwait", 1074: "exit_epoll_pwait", 1073: "enter_epoll_pwait2", 1072: "exit_epoll_pwait2", 1071: "enter_fanotify_init", 1070: "exit_fanotify_init", 1069: "enter_fanotify_mark", 1068: "exit_fanotify_mark", 1067: "enter_inotify_init1", 1066: "exit_inotify_init1", 1065: "enter_inotify_init", 1064: "exit_inotify_init", 1063: "enter_inotify_add_watch", 1062: "exit_inotify_add_watch", 1061: "enter_inotify_rm_watch", 1060: "exit_inotify_rm_watch", 1059: "enter_file_getattr", 1058: "exit_file_getattr", 1057: "enter_file_setattr", 1056: "exit_file_setattr", 1055: "enter_fsopen", 1054: "exit_fsopen", 1053: "enter_fspick", 1052: "exit_fspick", 1051: "enter_fsconfig", 1050: "exit_fsconfig", 1049: "enter_statfs", 1048: "exit_statfs", 1047: "enter_fstatfs", 1046: "exit_fstatfs", 1045: "enter_ustat", 1044: "exit_ustat", 1043: "enter_getcwd", 1042: "exit_getcwd", 1041: "enter_utimensat", 1040: "exit_utimensat", 1039: "enter_futimesat", 1038: "exit_futimesat", 1037: "enter_utimes", 1036: "exit_utimes", 1035: "enter_utime", 1034: "exit_utime", 1033: "enter_sync", 1032: "exit_sync", 1031: "enter_syncfs", 1030: "exit_syncfs", 1029: "enter_fsync", 1028: "exit_fsync", 1027: "enter_fdatasync", 1026: "exit_fdatasync", 1025: "enter_sync_file_range", 1024: "exit_sync_file_range", 1023: "enter_vmsplice", 1022: "exit_vmsplice", 1021: "enter_splice", 1020: "exit_splice", 1019: "enter_tee", 1018: "exit_tee", 985: "enter_setxattrat", 984: "exit_setxattrat", 983: "enter_setxattr", 982: "exit_setxattr", 981: "enter_lsetxattr", 980: "exit_lsetxattr", 979: "enter_fsetxattr", 978: "exit_fsetxattr", 977: "enter_getxattrat", 976: "exit_getxattrat", 975: "enter_getxattr", 974: "exit_getxattr", 973: "enter_lgetxattr", 972: "exit_lgetxattr", 971: "enter_fgetxattr", 970: "exit_fgetxattr", 969: "enter_listxattrat", 968: "exit_listxattrat", 967: "enter_listxattr", 966: "exit_listxattr", 965: "enter_llistxattr", 964: "exit_llistxattr", 963: "enter_flistxattr", 962: "exit_flistxattr", 961: "enter_removexattrat", 960: "exit_removexattrat", 959: "enter_removexattr", 958: "exit_removexattr", 957: "enter_lremovexattr", 956: "exit_lremovexattr", 955: "enter_fremovexattr", 954: "exit_fremovexattr", 953: "enter_umount", 952: "exit_umount", 951: "enter_open_tree", 950: "exit_open_tree", 949: "enter_mount", 948: "exit_mount", 947: "enter_fsmount", 946: "exit_fsmount", 945: "enter_move_mount", 944: "exit_move_mount", 943: "enter_pivot_root", 942: "exit_pivot_root", 941: "enter_mount_setattr", 940: "exit_mount_setattr", 939: "enter_open_tree_attr", 938: "exit_open_tree_attr", 937: "enter_statmount", 936: "exit_statmount", 935: "enter_listmount", 934: "exit_listmount", 933: "enter_sysfs", 932: "exit_sysfs", 931: "enter_close_range", 930: "exit_close_range", 929: "enter_dup3", 928: "exit_dup3", 927: "enter_dup2", 926: "exit_dup2", 925: "enter_dup", 924: "exit_dup", 919: "enter_select", 918: "exit_select", 917: "enter_pselect6", 916: "exit_pselect6", 915: "enter_poll", 914: "exit_poll", 913: "enter_ppoll", 912: "exit_ppoll", 911: "enter_getdents", 910: "exit_getdents", 909: "enter_getdents64", 908: "exit_getdents64", 907: "enter_ioctl", 906: "exit_ioctl", 905: "enter_fcntl", 904: "exit_fcntl", 903: "enter_mknodat", 902: "exit_mknodat", 901: "enter_mknod", 900: "exit_mknod", 899: "enter_mkdirat", 898: "exit_mkdirat", 897: "enter_mkdir", 896: "exit_mkdir", 895: "enter_rmdir", 894: "exit_rmdir", 893: "enter_unlinkat", 892: "exit_unlinkat", 891: "enter_unlink", 890: "exit_unlink", 889: "enter_symlinkat", 888: "exit_symlinkat", 887: "enter_symlink", 886: "exit_symlink", 885: "enter_linkat", 884: "exit_linkat", 883: "enter_link", 882: "exit_link", 881: "enter_renameat2", 880: "exit_renameat2", 879: "enter_renameat", 878: "exit_renameat", 877: "enter_rename", 876: "exit_rename", 875: "enter_pipe2", 874: "exit_pipe2", 873: "enter_pipe", 872: "exit_pipe", 871: "enter_execve", 870: "exit_execve", 869: "enter_execveat", 868: "exit_execveat", 867: "enter_newstat", 866: "exit_newstat", 865: "enter_newlstat", 864: "exit_newlstat", 863: "enter_newfstatat", 862: "exit_newfstatat", 861: "enter_newfstat", 860: "exit_newfstat", 859: "enter_readlinkat", 858: "exit_readlinkat", 857: "enter_readlink", 856: "exit_readlink", 855: "enter_statx", 854: "exit_statx", 853: "enter_lseek", 852: "exit_lseek", 851: "enter_read", 850: "exit_read", 849: "enter_write", 848: "exit_write", 847: "enter_pread64", 846: "exit_pread64", 845: "enter_pwrite64", 844: "exit_pwrite64", 843: "enter_readv", 842: "exit_readv", 841: "enter_writev", 840: "exit_writev", 839: "enter_preadv", 838: "exit_preadv", 837: "enter_preadv2", 836: "exit_preadv2", 835: "enter_pwritev", 834: "exit_pwritev", 833: "enter_pwritev2", 832: "exit_pwritev2", 831: "enter_sendfile64", 830: "exit_sendfile64", 829: "enter_copy_file_range", 828: "exit_copy_file_range", 827: "enter_truncate", 826: "exit_truncate", 825: "enter_ftruncate", 824: "exit_ftruncate", 823: "enter_fallocate", 822: "exit_fallocate", 821: "enter_faccessat", 820: "exit_faccessat", 819: "enter_faccessat2", 818: "exit_faccessat2", 817: "enter_access", 816: "exit_access", 815: "enter_chdir", 814: "exit_chdir", 813: "enter_fchdir", 812: "exit_fchdir", 811: "enter_chroot", 810: "exit_chroot", 809: "enter_fchmod", 808: "exit_fchmod", 807: "enter_fchmodat2", 806: "exit_fchmodat2", 805: "enter_fchmodat", 804: "exit_fchmodat", 803: "enter_chmod", 802: "exit_chmod", 801: "enter_fchownat", 800: "exit_fchownat", 799: "enter_chown", 798: "exit_chown", 797: "enter_lchown", 796: "exit_lchown", 795: "enter_fchown", 794: "exit_fchown", 793: "enter_open", 792: "exit_open", 791: "enter_openat", 790: "exit_openat", 789: "enter_openat2", 788: "exit_openat2", 787: "enter_creat", 786: "exit_creat", 785: "enter_close", 784: "exit_close", 783: "enter_vhangup", 782: "exit_vhangup", 781: "enter_memfd_create", 780: "exit_memfd_create", 774: "enter_memfd_secret", 773: "exit_memfd_secret", 754: "enter_move_pages", 753: "exit_move_pages", 743: "enter_set_mempolicy_home_node", 742: "exit_set_mempolicy_home_node", 741: "enter_mbind", 740: "exit_mbind", 739: "enter_set_mempolicy", 738: "exit_set_mempolicy", 737: "enter_migrate_pages", 736: "exit_migrate_pages", 735: "enter_get_mempolicy", 734: "exit_get_mempolicy", 733: "enter_swapoff", 732: "exit_swapoff", 731: "enter_swapon", 730: "exit_swapon", 729: "enter_madvise", 728: "exit_madvise", 727: "enter_process_madvise", 726: "exit_process_madvise", 725: "enter_mseal", 724: "exit_mseal", 723: "enter_process_vm_readv", 722: "exit_process_vm_readv", 721: "enter_process_vm_writev", 720: "exit_process_vm_writev", 712: "enter_msync", 711: "exit_msync", 710: "enter_mremap", 709: "exit_mremap", 708: "enter_mprotect", 707: "exit_mprotect", 706: "enter_pkey_mprotect", 705: "exit_pkey_mprotect", 704: "enter_pkey_alloc", 703: "exit_pkey_alloc", 702: "enter_pkey_free", 701: "exit_pkey_free", 698: "enter_brk", 697: "exit_brk", 696: "enter_munmap", 695: "exit_munmap", 694: "enter_remap_file_pages", 693: "exit_remap_file_pages", 692: "enter_mlock", 691: "exit_mlock", 690: "enter_mlock2", 689: "exit_mlock2", 688: "enter_munlock", 687: "exit_munlock", 686: "enter_mlockall", 685: "exit_mlockall", 684: "enter_munlockall", 683: "exit_munlockall", 682: "enter_mincore", 681: "exit_mincore", 616: "enter_readahead", 615: "exit_readahead", 614: "enter_fadvise64", 613: "exit_fadvise64", 604: "enter_process_mrelease", 603: "exit_process_mrelease", 595: "enter_cachestat", 594: "exit_cachestat", 591: "enter_rseq", 590: "exit_rseq", 587: "enter_perf_event_open", 586: "exit_perf_event_open", 585: "enter_bpf", 584: "exit_bpf", 526: "enter_seccomp", 525: "exit_seccomp", 508: "enter_kexec_file_load", 507: "exit_kexec_file_load", 506: "enter_kexec_load", 505: "exit_kexec_load", 504: "enter_acct", 503: "exit_acct", 499: "enter_set_robust_list", 498: "exit_set_robust_list", 497: "enter_get_robust_list", 496: "exit_get_robust_list", 495: "enter_futex", 494: "exit_futex", 493: "enter_futex_waitv", 492: "exit_futex_waitv", 491: "enter_futex_wake", 490: "exit_futex_wake", 489: "enter_futex_wait", 488: "exit_futex_wait", 487: "enter_futex_requeue", 486: "exit_futex_requeue", 471: "enter_getitimer", 470: "exit_getitimer", 469: "enter_alarm", 468: "exit_alarm", 467: "enter_setitimer", 466: "exit_setitimer", 465: "enter_timer_create", 464: "exit_timer_create", 463: "enter_timer_gettime", 462: "exit_timer_gettime", 461: "enter_timer_getoverrun", 460: "exit_timer_getoverrun", 459: "enter_timer_settime", 458: "exit_timer_settime", 457: "enter_timer_delete", 456: "exit_timer_delete", 455: "enter_clock_settime", 454: "exit_clock_settime", 453: "enter_clock_gettime", 452: "exit_clock_gettime", 451: "enter_clock_adjtime", 450: "exit_clock_adjtime", 449: "enter_clock_getres", 448: "exit_clock_getres", 447: "enter_clock_nanosleep", 446: "exit_clock_nanosleep", 441: "enter_nanosleep", 440: "exit_nanosleep", 425: "enter_time", 424: "exit_time", 423: "enter_gettimeofday", 422: "exit_gettimeofday", 421: "enter_settimeofday", 420: "exit_settimeofday", 419: "enter_adjtimex", 418: "exit_adjtimex", 417: "enter_kcmp", 416: "exit_kcmp", 410: "enter_delete_module", 409: "exit_delete_module", 408: "enter_init_module", 407: "exit_init_module", 406: "enter_finit_module", 405: "exit_finit_module", 350: "enter_syslog", 349: "exit_syslog", 346: "enter_membarrier", 345: "exit_membarrier", 341: "enter_sched_setscheduler", 340: "exit_sched_setscheduler", 339: "enter_sched_setparam", 338: "exit_sched_setparam", 337: "enter_sched_setattr", 336: "exit_sched_setattr", 335: "enter_sched_getscheduler", 334: "exit_sched_getscheduler", 333: "enter_sched_getparam", 332: "exit_sched_getparam", 331: "enter_sched_getattr", 330: "exit_sched_getattr", 329: "enter_sched_setaffinity", 328: "exit_sched_setaffinity", 327: "enter_sched_getaffinity", 326: "exit_sched_getaffinity", 325: "enter_sched_yield", 324: "exit_sched_yield", 323: "enter_sched_get_priority_max", 322: "exit_sched_get_priority_max", 321: "enter_sched_get_priority_min", 320: "exit_sched_get_priority_min", 319: "enter_sched_rr_get_interval", 318: "exit_sched_rr_get_interval", 286: "enter_getgroups", 285: "exit_getgroups", 284: "enter_setgroups", 283: "exit_setgroups", 282: "enter_reboot", 281: "exit_reboot", 277: "enter_listns", 276: "exit_listns", 275: "enter_setns", 274: "exit_setns", 273: "enter_pidfd_open", 272: "exit_pidfd_open", 271: "enter_pidfd_getfd", 270: "exit_pidfd_getfd", 265: "enter_setpriority", 264: "exit_setpriority", 263: "enter_getpriority", 262: "exit_getpriority", 261: "enter_setregid", 260: "exit_setregid", 259: "enter_setgid", 258: "exit_setgid", 257: "enter_setreuid", 256: "exit_setreuid", 255: "enter_setuid", 254: "exit_setuid", 253: "enter_setresuid", 252: "exit_setresuid", 251: "enter_getresuid", 250: "exit_getresuid", 249: "enter_setresgid", 248: "exit_setresgid", 247: "enter_getresgid", 246: "exit_getresgid", 245: "enter_setfsuid", 244: "exit_setfsuid", 243: "enter_setfsgid", 242: "exit_setfsgid", 241: "enter_getpid", 240: "exit_getpid", 239: "enter_gettid", 238: "exit_gettid", 237: "enter_getppid", 236: "exit_getppid", 235: "enter_getuid", 234: "exit_getuid", 233: "enter_geteuid", 232: "exit_geteuid", 231: "enter_getgid", 230: "exit_getgid", 229: "enter_getegid", 228: "exit_getegid", 227: "enter_times", 226: "exit_times", 225: "enter_setpgid", 224: "exit_setpgid", 223: "enter_getpgid", 222: "exit_getpgid", 221: "enter_getpgrp", 220: "exit_getpgrp", 219: "enter_getsid", 218: "exit_getsid", 217: "enter_setsid", 216: "exit_setsid", 215: "enter_newuname", 214: "exit_newuname", 213: "enter_sethostname", 212: "exit_sethostname", 211: "enter_setdomainname", 210: "exit_setdomainname", 209: "enter_getrlimit", 208: "exit_getrlimit", 207: "enter_prlimit64", 206: "exit_prlimit64", 205: "enter_setrlimit", 204: "exit_setrlimit", 203: "enter_getrusage", 202: "exit_getrusage", 201: "enter_umask", 200: "exit_umask", 199: "enter_prctl", 198: "exit_prctl", 197: "enter_getcpu", 196: "exit_getcpu", 195: "enter_sysinfo", 194: "exit_sysinfo", 191: "enter_restart_syscall", 190: "exit_restart_syscall", 189: "enter_rt_sigprocmask", 188: "exit_rt_sigprocmask", 187: "enter_rt_sigpending", 186: "exit_rt_sigpending", 185: "enter_rt_sigtimedwait", 184: "exit_rt_sigtimedwait", 183: "enter_kill", 182: "exit_kill", 181: "enter_pidfd_send_signal", 180: "exit_pidfd_send_signal", 179: "enter_tgkill", 178: "exit_tgkill", 177: "enter_tkill", 176: "exit_tkill", 175: "enter_rt_sigqueueinfo", 174: "exit_rt_sigqueueinfo", 173: "enter_rt_tgsigqueueinfo", 172: "exit_rt_tgsigqueueinfo", 171: "enter_sigaltstack", 170: "exit_sigaltstack", 169: "enter_rt_sigaction", 168: "exit_rt_sigaction", 167: "enter_pause", 166: "exit_pause", 165: "enter_rt_sigsuspend", 164: "exit_rt_sigsuspend", 163: "enter_ptrace", 162: "exit_ptrace", 161: "enter_capget", 160: "exit_capget", 159: "enter_capset", 158: "exit_capset", 150: "enter_exit", 149: "exit_exit", 148: "enter_exit_group", 147: "exit_exit_group", 146: "enter_waitid", 145: "exit_waitid", 144: "enter_wait4", 143: "exit_wait4", 139: "enter_personality", 138: "exit_personality", 134: "enter_set_tid_address", 133: "exit_set_tid_address", 132: "enter_fork", 131: "exit_fork", 130: "enter_vfork", 129: "exit_vfork", 128: "enter_clone", 127: "exit_clone", 126: "enter_clone3", 125: "exit_clone3", 124: "enter_unshare", 123: "exit_unshare", 119: "enter_map_shadow_stack", 118: "exit_map_shadow_stack", 117: "enter_uretprobe", 116: "exit_uretprobe", 115: "enter_uprobe", 114: "exit_uprobe", 102: "enter_arch_prctl", 101: "exit_arch_prctl", 100: "enter_mmap", 99: "exit_mmap", 98: "enter_modify_ldt", 97: "exit_modify_ldt", 95: "enter_ioperm", 94: "exit_ioperm", 93: "enter_iopl", 92: "exit_iopl", 57: "enter_rt_sigreturn", 56: "exit_rt_sigreturn", } var traceId2Name = map[TraceId]string{ - 1521: "io_uring_register", 1520: "io_uring_register", 1502: "io_uring_enter", 1501: "io_uring_enter", 1500: "io_uring_setup", 1499: "io_uring_setup", 1155: "quotactl_fd", 1154: "quotactl_fd", 1139: "name_to_handle_at", 1138: "name_to_handle_at", 1137: "open_by_handle_at", 1136: "open_by_handle_at", 1123: "flock", 1122: "flock", 1109: "io_setup", 1108: "io_setup", 1107: "io_destroy", 1106: "io_destroy", 1105: "io_submit", 1104: "io_submit", 1103: "io_cancel", 1102: "io_cancel", 1101: "io_getevents", 1100: "io_getevents", 1099: "io_pgetevents", 1098: "io_pgetevents", 1067: "fanotify_mark", 1066: "fanotify_mark", 1057: "file_getattr", 1056: "file_getattr", 1055: "file_setattr", 1054: "file_setattr", 1051: "fspick", 1050: "fspick", 1049: "fsconfig", 1048: "fsconfig", 1047: "statfs", 1046: "statfs", 1045: "fstatfs", 1044: "fstatfs", 1041: "getcwd", 1040: "getcwd", 1039: "utimensat", 1038: "utimensat", 1037: "futimesat", 1036: "futimesat", 1031: "sync", 1030: "sync", 1029: "syncfs", 1028: "syncfs", 1027: "fsync", 1026: "fsync", 1025: "fdatasync", 1024: "fdatasync", 1023: "sync_file_range", 1022: "sync_file_range", 1021: "vmsplice", 1020: "vmsplice", 982: "setxattrat", 981: "setxattrat", 980: "setxattr", 979: "setxattr", 978: "lsetxattr", 977: "lsetxattr", 976: "fsetxattr", 975: "fsetxattr", 974: "getxattrat", 973: "getxattrat", 972: "getxattr", 971: "getxattr", 970: "lgetxattr", 969: "lgetxattr", 968: "fgetxattr", 967: "fgetxattr", 966: "listxattrat", 965: "listxattrat", 964: "listxattr", 963: "listxattr", 962: "llistxattr", 961: "llistxattr", 960: "flistxattr", 959: "flistxattr", 958: "removexattrat", 957: "removexattrat", 956: "removexattr", 955: "removexattr", 954: "lremovexattr", 953: "lremovexattr", 952: "fremovexattr", 951: "fremovexattr", 948: "open_tree", 947: "open_tree", 938: "mount_setattr", 937: "mount_setattr", 936: "open_tree_attr", 935: "open_tree_attr", 928: "close_range", 927: "close_range", 926: "dup3", 925: "dup3", 924: "dup2", 923: "dup2", 922: "dup", 921: "dup", 908: "getdents", 907: "getdents", 906: "getdents64", 905: "getdents64", 904: "ioctl", 903: "ioctl", 902: "fcntl", 901: "fcntl", 896: "mkdirat", 895: "mkdirat", 894: "mkdir", 893: "mkdir", 892: "rmdir", 891: "rmdir", 890: "unlinkat", 889: "unlinkat", 888: "unlink", 887: "unlink", 886: "symlinkat", 885: "symlinkat", 884: "symlink", 883: "symlink", 882: "linkat", 881: "linkat", 880: "link", 879: "link", 878: "renameat2", 877: "renameat2", 876: "renameat", 875: "renameat", 874: "rename", 873: "rename", 864: "newstat", 863: "newstat", 862: "newlstat", 861: "newlstat", 860: "newfstatat", 859: "newfstatat", 858: "newfstat", 857: "newfstat", 856: "readlinkat", 855: "readlinkat", 854: "readlink", 853: "readlink", 852: "statx", 851: "statx", 850: "lseek", 849: "lseek", 848: "read", 847: "read", 846: "write", 845: "write", 844: "pread64", 843: "pread64", 842: "pwrite64", 841: "pwrite64", 840: "readv", 839: "readv", 838: "writev", 837: "writev", 836: "preadv", 835: "preadv", 834: "preadv2", 833: "preadv2", 832: "pwritev", 831: "pwritev", 830: "pwritev2", 829: "pwritev2", 826: "copy_file_range", 825: "copy_file_range", 824: "truncate", 823: "truncate", 822: "ftruncate", 821: "ftruncate", 820: "fallocate", 819: "fallocate", 818: "faccessat", 817: "faccessat", 816: "faccessat2", 815: "faccessat2", 814: "access", 813: "access", 812: "chdir", 811: "chdir", 810: "fchdir", 809: "fchdir", 808: "chroot", 807: "chroot", 806: "fchmod", 805: "fchmod", 804: "fchmodat2", 803: "fchmodat2", 802: "fchmodat", 801: "fchmodat", 800: "chmod", 799: "chmod", 798: "fchownat", 797: "fchownat", 796: "chown", 795: "chown", 794: "lchown", 793: "lchown", 792: "fchown", 791: "fchown", 790: "open", 789: "open", 788: "openat", 787: "openat", 786: "openat2", 785: "openat2", 784: "creat", 783: "creat", 782: "close", 781: "close", 710: "msync", 709: "msync", 616: "readahead", 615: "readahead", 614: "fadvise64", 613: "fadvise64", 595: "cachestat", 594: "cachestat", 406: "finit_module", 405: "finit_module", 350: "syslog", 349: "syslog", 271: "pidfd_getfd", 270: "pidfd_getfd", 100: "mmap", 99: "mmap", + 1847: "socket", 1846: "socket", 1845: "socketpair", 1844: "socketpair", 1843: "bind", 1842: "bind", 1841: "listen", 1840: "listen", 1839: "accept4", 1838: "accept4", 1837: "accept", 1836: "accept", 1835: "connect", 1834: "connect", 1833: "getsockname", 1832: "getsockname", 1831: "getpeername", 1830: "getpeername", 1829: "sendto", 1828: "sendto", 1827: "recvfrom", 1826: "recvfrom", 1825: "setsockopt", 1824: "setsockopt", 1823: "getsockopt", 1822: "getsockopt", 1821: "shutdown", 1820: "shutdown", 1819: "sendmsg", 1818: "sendmsg", 1817: "sendmmsg", 1816: "sendmmsg", 1815: "recvmsg", 1814: "recvmsg", 1813: "recvmmsg", 1812: "recvmmsg", 1575: "getrandom", 1574: "getrandom", 1528: "io_uring_register", 1527: "io_uring_register", 1509: "io_uring_enter", 1508: "io_uring_enter", 1507: "io_uring_setup", 1506: "io_uring_setup", 1491: "ioprio_set", 1490: "ioprio_set", 1489: "ioprio_get", 1488: "ioprio_get", 1463: "landlock_create_ruleset", 1462: "landlock_create_ruleset", 1461: "landlock_add_rule", 1460: "landlock_add_rule", 1459: "landlock_restrict_self", 1458: "landlock_restrict_self", 1456: "lsm_set_self_attr", 1455: "lsm_set_self_attr", 1454: "lsm_get_self_attr", 1453: "lsm_get_self_attr", 1452: "lsm_list_modules", 1451: "lsm_list_modules", 1449: "add_key", 1448: "add_key", 1447: "request_key", 1446: "request_key", 1445: "keyctl", 1444: "keyctl", 1443: "mq_open", 1442: "mq_open", 1441: "mq_unlink", 1440: "mq_unlink", 1439: "mq_timedsend", 1438: "mq_timedsend", 1437: "mq_timedreceive", 1436: "mq_timedreceive", 1435: "mq_notify", 1434: "mq_notify", 1433: "mq_getsetattr", 1432: "mq_getsetattr", 1431: "shmget", 1430: "shmget", 1429: "shmctl", 1428: "shmctl", 1427: "shmat", 1426: "shmat", 1425: "shmdt", 1424: "shmdt", 1423: "semget", 1422: "semget", 1421: "semctl", 1420: "semctl", 1419: "semtimedop", 1418: "semtimedop", 1417: "semop", 1416: "semop", 1415: "msgget", 1414: "msgget", 1413: "msgctl", 1412: "msgctl", 1411: "msgsnd", 1410: "msgsnd", 1409: "msgrcv", 1408: "msgrcv", 1164: "quotactl", 1163: "quotactl", 1162: "quotactl_fd", 1161: "quotactl_fd", 1146: "name_to_handle_at", 1145: "name_to_handle_at", 1144: "open_by_handle_at", 1143: "open_by_handle_at", 1130: "flock", 1129: "flock", 1111: "io_setup", 1110: "io_setup", 1109: "io_destroy", 1108: "io_destroy", 1107: "io_submit", 1106: "io_submit", 1105: "io_cancel", 1104: "io_cancel", 1103: "io_getevents", 1102: "io_getevents", 1101: "io_pgetevents", 1100: "io_pgetevents", 1099: "userfaultfd", 1098: "userfaultfd", 1097: "eventfd2", 1096: "eventfd2", 1095: "eventfd", 1094: "eventfd", 1093: "timerfd_create", 1092: "timerfd_create", 1091: "timerfd_settime", 1090: "timerfd_settime", 1089: "timerfd_gettime", 1088: "timerfd_gettime", 1087: "signalfd4", 1086: "signalfd4", 1085: "signalfd", 1084: "signalfd", 1083: "epoll_create1", 1082: "epoll_create1", 1081: "epoll_create", 1080: "epoll_create", 1079: "epoll_ctl", 1078: "epoll_ctl", 1077: "epoll_wait", 1076: "epoll_wait", 1075: "epoll_pwait", 1074: "epoll_pwait", 1073: "epoll_pwait2", 1072: "epoll_pwait2", 1071: "fanotify_init", 1070: "fanotify_init", 1069: "fanotify_mark", 1068: "fanotify_mark", 1067: "inotify_init1", 1066: "inotify_init1", 1065: "inotify_init", 1064: "inotify_init", 1063: "inotify_add_watch", 1062: "inotify_add_watch", 1061: "inotify_rm_watch", 1060: "inotify_rm_watch", 1059: "file_getattr", 1058: "file_getattr", 1057: "file_setattr", 1056: "file_setattr", 1055: "fsopen", 1054: "fsopen", 1053: "fspick", 1052: "fspick", 1051: "fsconfig", 1050: "fsconfig", 1049: "statfs", 1048: "statfs", 1047: "fstatfs", 1046: "fstatfs", 1045: "ustat", 1044: "ustat", 1043: "getcwd", 1042: "getcwd", 1041: "utimensat", 1040: "utimensat", 1039: "futimesat", 1038: "futimesat", 1037: "utimes", 1036: "utimes", 1035: "utime", 1034: "utime", 1033: "sync", 1032: "sync", 1031: "syncfs", 1030: "syncfs", 1029: "fsync", 1028: "fsync", 1027: "fdatasync", 1026: "fdatasync", 1025: "sync_file_range", 1024: "sync_file_range", 1023: "vmsplice", 1022: "vmsplice", 1021: "splice", 1020: "splice", 1019: "tee", 1018: "tee", 985: "setxattrat", 984: "setxattrat", 983: "setxattr", 982: "setxattr", 981: "lsetxattr", 980: "lsetxattr", 979: "fsetxattr", 978: "fsetxattr", 977: "getxattrat", 976: "getxattrat", 975: "getxattr", 974: "getxattr", 973: "lgetxattr", 972: "lgetxattr", 971: "fgetxattr", 970: "fgetxattr", 969: "listxattrat", 968: "listxattrat", 967: "listxattr", 966: "listxattr", 965: "llistxattr", 964: "llistxattr", 963: "flistxattr", 962: "flistxattr", 961: "removexattrat", 960: "removexattrat", 959: "removexattr", 958: "removexattr", 957: "lremovexattr", 956: "lremovexattr", 955: "fremovexattr", 954: "fremovexattr", 953: "umount", 952: "umount", 951: "open_tree", 950: "open_tree", 949: "mount", 948: "mount", 947: "fsmount", 946: "fsmount", 945: "move_mount", 944: "move_mount", 943: "pivot_root", 942: "pivot_root", 941: "mount_setattr", 940: "mount_setattr", 939: "open_tree_attr", 938: "open_tree_attr", 937: "statmount", 936: "statmount", 935: "listmount", 934: "listmount", 933: "sysfs", 932: "sysfs", 931: "close_range", 930: "close_range", 929: "dup3", 928: "dup3", 927: "dup2", 926: "dup2", 925: "dup", 924: "dup", 919: "select", 918: "select", 917: "pselect6", 916: "pselect6", 915: "poll", 914: "poll", 913: "ppoll", 912: "ppoll", 911: "getdents", 910: "getdents", 909: "getdents64", 908: "getdents64", 907: "ioctl", 906: "ioctl", 905: "fcntl", 904: "fcntl", 903: "mknodat", 902: "mknodat", 901: "mknod", 900: "mknod", 899: "mkdirat", 898: "mkdirat", 897: "mkdir", 896: "mkdir", 895: "rmdir", 894: "rmdir", 893: "unlinkat", 892: "unlinkat", 891: "unlink", 890: "unlink", 889: "symlinkat", 888: "symlinkat", 887: "symlink", 886: "symlink", 885: "linkat", 884: "linkat", 883: "link", 882: "link", 881: "renameat2", 880: "renameat2", 879: "renameat", 878: "renameat", 877: "rename", 876: "rename", 875: "pipe2", 874: "pipe2", 873: "pipe", 872: "pipe", 871: "execve", 870: "execve", 869: "execveat", 868: "execveat", 867: "newstat", 866: "newstat", 865: "newlstat", 864: "newlstat", 863: "newfstatat", 862: "newfstatat", 861: "newfstat", 860: "newfstat", 859: "readlinkat", 858: "readlinkat", 857: "readlink", 856: "readlink", 855: "statx", 854: "statx", 853: "lseek", 852: "lseek", 851: "read", 850: "read", 849: "write", 848: "write", 847: "pread64", 846: "pread64", 845: "pwrite64", 844: "pwrite64", 843: "readv", 842: "readv", 841: "writev", 840: "writev", 839: "preadv", 838: "preadv", 837: "preadv2", 836: "preadv2", 835: "pwritev", 834: "pwritev", 833: "pwritev2", 832: "pwritev2", 831: "sendfile64", 830: "sendfile64", 829: "copy_file_range", 828: "copy_file_range", 827: "truncate", 826: "truncate", 825: "ftruncate", 824: "ftruncate", 823: "fallocate", 822: "fallocate", 821: "faccessat", 820: "faccessat", 819: "faccessat2", 818: "faccessat2", 817: "access", 816: "access", 815: "chdir", 814: "chdir", 813: "fchdir", 812: "fchdir", 811: "chroot", 810: "chroot", 809: "fchmod", 808: "fchmod", 807: "fchmodat2", 806: "fchmodat2", 805: "fchmodat", 804: "fchmodat", 803: "chmod", 802: "chmod", 801: "fchownat", 800: "fchownat", 799: "chown", 798: "chown", 797: "lchown", 796: "lchown", 795: "fchown", 794: "fchown", 793: "open", 792: "open", 791: "openat", 790: "openat", 789: "openat2", 788: "openat2", 787: "creat", 786: "creat", 785: "close", 784: "close", 783: "vhangup", 782: "vhangup", 781: "memfd_create", 780: "memfd_create", 774: "memfd_secret", 773: "memfd_secret", 754: "move_pages", 753: "move_pages", 743: "set_mempolicy_home_node", 742: "set_mempolicy_home_node", 741: "mbind", 740: "mbind", 739: "set_mempolicy", 738: "set_mempolicy", 737: "migrate_pages", 736: "migrate_pages", 735: "get_mempolicy", 734: "get_mempolicy", 733: "swapoff", 732: "swapoff", 731: "swapon", 730: "swapon", 729: "madvise", 728: "madvise", 727: "process_madvise", 726: "process_madvise", 725: "mseal", 724: "mseal", 723: "process_vm_readv", 722: "process_vm_readv", 721: "process_vm_writev", 720: "process_vm_writev", 712: "msync", 711: "msync", 710: "mremap", 709: "mremap", 708: "mprotect", 707: "mprotect", 706: "pkey_mprotect", 705: "pkey_mprotect", 704: "pkey_alloc", 703: "pkey_alloc", 702: "pkey_free", 701: "pkey_free", 698: "brk", 697: "brk", 696: "munmap", 695: "munmap", 694: "remap_file_pages", 693: "remap_file_pages", 692: "mlock", 691: "mlock", 690: "mlock2", 689: "mlock2", 688: "munlock", 687: "munlock", 686: "mlockall", 685: "mlockall", 684: "munlockall", 683: "munlockall", 682: "mincore", 681: "mincore", 616: "readahead", 615: "readahead", 614: "fadvise64", 613: "fadvise64", 604: "process_mrelease", 603: "process_mrelease", 595: "cachestat", 594: "cachestat", 591: "rseq", 590: "rseq", 587: "perf_event_open", 586: "perf_event_open", 585: "bpf", 584: "bpf", 526: "seccomp", 525: "seccomp", 508: "kexec_file_load", 507: "kexec_file_load", 506: "kexec_load", 505: "kexec_load", 504: "acct", 503: "acct", 499: "set_robust_list", 498: "set_robust_list", 497: "get_robust_list", 496: "get_robust_list", 495: "futex", 494: "futex", 493: "futex_waitv", 492: "futex_waitv", 491: "futex_wake", 490: "futex_wake", 489: "futex_wait", 488: "futex_wait", 487: "futex_requeue", 486: "futex_requeue", 471: "getitimer", 470: "getitimer", 469: "alarm", 468: "alarm", 467: "setitimer", 466: "setitimer", 465: "timer_create", 464: "timer_create", 463: "timer_gettime", 462: "timer_gettime", 461: "timer_getoverrun", 460: "timer_getoverrun", 459: "timer_settime", 458: "timer_settime", 457: "timer_delete", 456: "timer_delete", 455: "clock_settime", 454: "clock_settime", 453: "clock_gettime", 452: "clock_gettime", 451: "clock_adjtime", 450: "clock_adjtime", 449: "clock_getres", 448: "clock_getres", 447: "clock_nanosleep", 446: "clock_nanosleep", 441: "nanosleep", 440: "nanosleep", 425: "time", 424: "time", 423: "gettimeofday", 422: "gettimeofday", 421: "settimeofday", 420: "settimeofday", 419: "adjtimex", 418: "adjtimex", 417: "kcmp", 416: "kcmp", 410: "delete_module", 409: "delete_module", 408: "init_module", 407: "init_module", 406: "finit_module", 405: "finit_module", 350: "syslog", 349: "syslog", 346: "membarrier", 345: "membarrier", 341: "sched_setscheduler", 340: "sched_setscheduler", 339: "sched_setparam", 338: "sched_setparam", 337: "sched_setattr", 336: "sched_setattr", 335: "sched_getscheduler", 334: "sched_getscheduler", 333: "sched_getparam", 332: "sched_getparam", 331: "sched_getattr", 330: "sched_getattr", 329: "sched_setaffinity", 328: "sched_setaffinity", 327: "sched_getaffinity", 326: "sched_getaffinity", 325: "sched_yield", 324: "sched_yield", 323: "sched_get_priority_max", 322: "sched_get_priority_max", 321: "sched_get_priority_min", 320: "sched_get_priority_min", 319: "sched_rr_get_interval", 318: "sched_rr_get_interval", 286: "getgroups", 285: "getgroups", 284: "setgroups", 283: "setgroups", 282: "reboot", 281: "reboot", 277: "listns", 276: "listns", 275: "setns", 274: "setns", 273: "pidfd_open", 272: "pidfd_open", 271: "pidfd_getfd", 270: "pidfd_getfd", 265: "setpriority", 264: "setpriority", 263: "getpriority", 262: "getpriority", 261: "setregid", 260: "setregid", 259: "setgid", 258: "setgid", 257: "setreuid", 256: "setreuid", 255: "setuid", 254: "setuid", 253: "setresuid", 252: "setresuid", 251: "getresuid", 250: "getresuid", 249: "setresgid", 248: "setresgid", 247: "getresgid", 246: "getresgid", 245: "setfsuid", 244: "setfsuid", 243: "setfsgid", 242: "setfsgid", 241: "getpid", 240: "getpid", 239: "gettid", 238: "gettid", 237: "getppid", 236: "getppid", 235: "getuid", 234: "getuid", 233: "geteuid", 232: "geteuid", 231: "getgid", 230: "getgid", 229: "getegid", 228: "getegid", 227: "times", 226: "times", 225: "setpgid", 224: "setpgid", 223: "getpgid", 222: "getpgid", 221: "getpgrp", 220: "getpgrp", 219: "getsid", 218: "getsid", 217: "setsid", 216: "setsid", 215: "newuname", 214: "newuname", 213: "sethostname", 212: "sethostname", 211: "setdomainname", 210: "setdomainname", 209: "getrlimit", 208: "getrlimit", 207: "prlimit64", 206: "prlimit64", 205: "setrlimit", 204: "setrlimit", 203: "getrusage", 202: "getrusage", 201: "umask", 200: "umask", 199: "prctl", 198: "prctl", 197: "getcpu", 196: "getcpu", 195: "sysinfo", 194: "sysinfo", 191: "restart_syscall", 190: "restart_syscall", 189: "rt_sigprocmask", 188: "rt_sigprocmask", 187: "rt_sigpending", 186: "rt_sigpending", 185: "rt_sigtimedwait", 184: "rt_sigtimedwait", 183: "kill", 182: "kill", 181: "pidfd_send_signal", 180: "pidfd_send_signal", 179: "tgkill", 178: "tgkill", 177: "tkill", 176: "tkill", 175: "rt_sigqueueinfo", 174: "rt_sigqueueinfo", 173: "rt_tgsigqueueinfo", 172: "rt_tgsigqueueinfo", 171: "sigaltstack", 170: "sigaltstack", 169: "rt_sigaction", 168: "rt_sigaction", 167: "pause", 166: "pause", 165: "rt_sigsuspend", 164: "rt_sigsuspend", 163: "ptrace", 162: "ptrace", 161: "capget", 160: "capget", 159: "capset", 158: "capset", 150: "exit", 149: "exit", 148: "exit_group", 147: "exit_group", 146: "waitid", 145: "waitid", 144: "wait4", 143: "wait4", 139: "personality", 138: "personality", 134: "set_tid_address", 133: "set_tid_address", 132: "fork", 131: "fork", 130: "vfork", 129: "vfork", 128: "clone", 127: "clone", 126: "clone3", 125: "clone3", 124: "unshare", 123: "unshare", 119: "map_shadow_stack", 118: "map_shadow_stack", 117: "uretprobe", 116: "uretprobe", 115: "uprobe", 114: "uprobe", 102: "arch_prctl", 101: "arch_prctl", 100: "mmap", 99: "mmap", 98: "modify_ldt", 97: "modify_ldt", 95: "ioperm", 94: "ioperm", 93: "iopl", 92: "iopl", 57: "rt_sigreturn", 56: "rt_sigreturn", } func (s TraceId) String() string { @@ -59,240 +59,740 @@ const UNCLASSIFIED = 0 const READ_CLASSIFIED = 1 const WRITE_CLASSIFIED = 2 const TRANSFER_CLASSIFIED = 3 -const SYS_ENTER_IO_URING_REGISTER TraceId = 1521 -const SYS_EXIT_IO_URING_REGISTER TraceId = 1520 -const SYS_ENTER_IO_URING_ENTER TraceId = 1502 -const SYS_EXIT_IO_URING_ENTER TraceId = 1501 -const SYS_ENTER_IO_URING_SETUP TraceId = 1500 -const SYS_EXIT_IO_URING_SETUP TraceId = 1499 -const SYS_ENTER_QUOTACTL_FD TraceId = 1155 -const SYS_EXIT_QUOTACTL_FD TraceId = 1154 -const SYS_ENTER_NAME_TO_HANDLE_AT TraceId = 1139 -const SYS_EXIT_NAME_TO_HANDLE_AT TraceId = 1138 -const SYS_ENTER_OPEN_BY_HANDLE_AT TraceId = 1137 -const SYS_EXIT_OPEN_BY_HANDLE_AT TraceId = 1136 -const SYS_ENTER_FLOCK TraceId = 1123 -const SYS_EXIT_FLOCK TraceId = 1122 -const SYS_ENTER_IO_SETUP TraceId = 1109 -const SYS_EXIT_IO_SETUP TraceId = 1108 -const SYS_ENTER_IO_DESTROY TraceId = 1107 -const SYS_EXIT_IO_DESTROY TraceId = 1106 -const SYS_ENTER_IO_SUBMIT TraceId = 1105 -const SYS_EXIT_IO_SUBMIT TraceId = 1104 -const SYS_ENTER_IO_CANCEL TraceId = 1103 -const SYS_EXIT_IO_CANCEL TraceId = 1102 -const SYS_ENTER_IO_GETEVENTS TraceId = 1101 -const SYS_EXIT_IO_GETEVENTS TraceId = 1100 -const SYS_ENTER_IO_PGETEVENTS TraceId = 1099 -const SYS_EXIT_IO_PGETEVENTS TraceId = 1098 -const SYS_ENTER_FANOTIFY_MARK TraceId = 1067 -const SYS_EXIT_FANOTIFY_MARK TraceId = 1066 -const SYS_ENTER_FILE_GETATTR TraceId = 1057 -const SYS_EXIT_FILE_GETATTR TraceId = 1056 -const SYS_ENTER_FILE_SETATTR TraceId = 1055 -const SYS_EXIT_FILE_SETATTR TraceId = 1054 -const SYS_ENTER_FSPICK TraceId = 1051 -const SYS_EXIT_FSPICK TraceId = 1050 -const SYS_ENTER_FSCONFIG TraceId = 1049 -const SYS_EXIT_FSCONFIG TraceId = 1048 -const SYS_ENTER_STATFS TraceId = 1047 -const SYS_EXIT_STATFS TraceId = 1046 -const SYS_ENTER_FSTATFS TraceId = 1045 -const SYS_EXIT_FSTATFS TraceId = 1044 -const SYS_ENTER_GETCWD TraceId = 1041 -const SYS_EXIT_GETCWD TraceId = 1040 -const SYS_ENTER_UTIMENSAT TraceId = 1039 -const SYS_EXIT_UTIMENSAT TraceId = 1038 -const SYS_ENTER_FUTIMESAT TraceId = 1037 -const SYS_EXIT_FUTIMESAT TraceId = 1036 -const SYS_ENTER_SYNC TraceId = 1031 -const SYS_EXIT_SYNC TraceId = 1030 -const SYS_ENTER_SYNCFS TraceId = 1029 -const SYS_EXIT_SYNCFS TraceId = 1028 -const SYS_ENTER_FSYNC TraceId = 1027 -const SYS_EXIT_FSYNC TraceId = 1026 -const SYS_ENTER_FDATASYNC TraceId = 1025 -const SYS_EXIT_FDATASYNC TraceId = 1024 -const SYS_ENTER_SYNC_FILE_RANGE TraceId = 1023 -const SYS_EXIT_SYNC_FILE_RANGE TraceId = 1022 -const SYS_ENTER_VMSPLICE TraceId = 1021 -const SYS_EXIT_VMSPLICE TraceId = 1020 -const SYS_ENTER_SETXATTRAT TraceId = 982 -const SYS_EXIT_SETXATTRAT TraceId = 981 -const SYS_ENTER_SETXATTR TraceId = 980 -const SYS_EXIT_SETXATTR TraceId = 979 -const SYS_ENTER_LSETXATTR TraceId = 978 -const SYS_EXIT_LSETXATTR TraceId = 977 -const SYS_ENTER_FSETXATTR TraceId = 976 -const SYS_EXIT_FSETXATTR TraceId = 975 -const SYS_ENTER_GETXATTRAT TraceId = 974 -const SYS_EXIT_GETXATTRAT TraceId = 973 -const SYS_ENTER_GETXATTR TraceId = 972 -const SYS_EXIT_GETXATTR TraceId = 971 -const SYS_ENTER_LGETXATTR TraceId = 970 -const SYS_EXIT_LGETXATTR TraceId = 969 -const SYS_ENTER_FGETXATTR TraceId = 968 -const SYS_EXIT_FGETXATTR TraceId = 967 -const SYS_ENTER_LISTXATTRAT TraceId = 966 -const SYS_EXIT_LISTXATTRAT TraceId = 965 -const SYS_ENTER_LISTXATTR TraceId = 964 -const SYS_EXIT_LISTXATTR TraceId = 963 -const SYS_ENTER_LLISTXATTR TraceId = 962 -const SYS_EXIT_LLISTXATTR TraceId = 961 -const SYS_ENTER_FLISTXATTR TraceId = 960 -const SYS_EXIT_FLISTXATTR TraceId = 959 -const SYS_ENTER_REMOVEXATTRAT TraceId = 958 -const SYS_EXIT_REMOVEXATTRAT TraceId = 957 -const SYS_ENTER_REMOVEXATTR TraceId = 956 -const SYS_EXIT_REMOVEXATTR TraceId = 955 -const SYS_ENTER_LREMOVEXATTR TraceId = 954 -const SYS_EXIT_LREMOVEXATTR TraceId = 953 -const SYS_ENTER_FREMOVEXATTR TraceId = 952 -const SYS_EXIT_FREMOVEXATTR TraceId = 951 -const SYS_ENTER_OPEN_TREE TraceId = 948 -const SYS_EXIT_OPEN_TREE TraceId = 947 -const SYS_ENTER_MOUNT_SETATTR TraceId = 938 -const SYS_EXIT_MOUNT_SETATTR TraceId = 937 -const SYS_ENTER_OPEN_TREE_ATTR TraceId = 936 -const SYS_EXIT_OPEN_TREE_ATTR TraceId = 935 -const SYS_ENTER_CLOSE_RANGE TraceId = 928 -const SYS_EXIT_CLOSE_RANGE TraceId = 927 -const SYS_ENTER_DUP3 TraceId = 926 -const SYS_EXIT_DUP3 TraceId = 925 -const SYS_ENTER_DUP2 TraceId = 924 -const SYS_EXIT_DUP2 TraceId = 923 -const SYS_ENTER_DUP TraceId = 922 -const SYS_EXIT_DUP TraceId = 921 -const SYS_ENTER_GETDENTS TraceId = 908 -const SYS_EXIT_GETDENTS TraceId = 907 -const SYS_ENTER_GETDENTS64 TraceId = 906 -const SYS_EXIT_GETDENTS64 TraceId = 905 -const SYS_ENTER_IOCTL TraceId = 904 -const SYS_EXIT_IOCTL TraceId = 903 -const SYS_ENTER_FCNTL TraceId = 902 -const SYS_EXIT_FCNTL TraceId = 901 -const SYS_ENTER_MKDIRAT TraceId = 896 -const SYS_EXIT_MKDIRAT TraceId = 895 -const SYS_ENTER_MKDIR TraceId = 894 -const SYS_EXIT_MKDIR TraceId = 893 -const SYS_ENTER_RMDIR TraceId = 892 -const SYS_EXIT_RMDIR TraceId = 891 -const SYS_ENTER_UNLINKAT TraceId = 890 -const SYS_EXIT_UNLINKAT TraceId = 889 -const SYS_ENTER_UNLINK TraceId = 888 -const SYS_EXIT_UNLINK TraceId = 887 -const SYS_ENTER_SYMLINKAT TraceId = 886 -const SYS_EXIT_SYMLINKAT TraceId = 885 -const SYS_ENTER_SYMLINK TraceId = 884 -const SYS_EXIT_SYMLINK TraceId = 883 -const SYS_ENTER_LINKAT TraceId = 882 -const SYS_EXIT_LINKAT TraceId = 881 -const SYS_ENTER_LINK TraceId = 880 -const SYS_EXIT_LINK TraceId = 879 -const SYS_ENTER_RENAMEAT2 TraceId = 878 -const SYS_EXIT_RENAMEAT2 TraceId = 877 -const SYS_ENTER_RENAMEAT TraceId = 876 -const SYS_EXIT_RENAMEAT TraceId = 875 -const SYS_ENTER_RENAME TraceId = 874 -const SYS_EXIT_RENAME TraceId = 873 -const SYS_ENTER_NEWSTAT TraceId = 864 -const SYS_EXIT_NEWSTAT TraceId = 863 -const SYS_ENTER_NEWLSTAT TraceId = 862 -const SYS_EXIT_NEWLSTAT TraceId = 861 -const SYS_ENTER_NEWFSTATAT TraceId = 860 -const SYS_EXIT_NEWFSTATAT TraceId = 859 -const SYS_ENTER_NEWFSTAT TraceId = 858 -const SYS_EXIT_NEWFSTAT TraceId = 857 -const SYS_ENTER_READLINKAT TraceId = 856 -const SYS_EXIT_READLINKAT TraceId = 855 -const SYS_ENTER_READLINK TraceId = 854 -const SYS_EXIT_READLINK TraceId = 853 -const SYS_ENTER_STATX TraceId = 852 -const SYS_EXIT_STATX TraceId = 851 -const SYS_ENTER_LSEEK TraceId = 850 -const SYS_EXIT_LSEEK TraceId = 849 -const SYS_ENTER_READ TraceId = 848 -const SYS_EXIT_READ TraceId = 847 -const SYS_ENTER_WRITE TraceId = 846 -const SYS_EXIT_WRITE TraceId = 845 -const SYS_ENTER_PREAD64 TraceId = 844 -const SYS_EXIT_PREAD64 TraceId = 843 -const SYS_ENTER_PWRITE64 TraceId = 842 -const SYS_EXIT_PWRITE64 TraceId = 841 -const SYS_ENTER_READV TraceId = 840 -const SYS_EXIT_READV TraceId = 839 -const SYS_ENTER_WRITEV TraceId = 838 -const SYS_EXIT_WRITEV TraceId = 837 -const SYS_ENTER_PREADV TraceId = 836 -const SYS_EXIT_PREADV TraceId = 835 -const SYS_ENTER_PREADV2 TraceId = 834 -const SYS_EXIT_PREADV2 TraceId = 833 -const SYS_ENTER_PWRITEV TraceId = 832 -const SYS_EXIT_PWRITEV TraceId = 831 -const SYS_ENTER_PWRITEV2 TraceId = 830 -const SYS_EXIT_PWRITEV2 TraceId = 829 -const SYS_ENTER_COPY_FILE_RANGE TraceId = 826 -const SYS_EXIT_COPY_FILE_RANGE TraceId = 825 -const SYS_ENTER_TRUNCATE TraceId = 824 -const SYS_EXIT_TRUNCATE TraceId = 823 -const SYS_ENTER_FTRUNCATE TraceId = 822 -const SYS_EXIT_FTRUNCATE TraceId = 821 -const SYS_ENTER_FALLOCATE TraceId = 820 -const SYS_EXIT_FALLOCATE TraceId = 819 -const SYS_ENTER_FACCESSAT TraceId = 818 -const SYS_EXIT_FACCESSAT TraceId = 817 -const SYS_ENTER_FACCESSAT2 TraceId = 816 -const SYS_EXIT_FACCESSAT2 TraceId = 815 -const SYS_ENTER_ACCESS TraceId = 814 -const SYS_EXIT_ACCESS TraceId = 813 -const SYS_ENTER_CHDIR TraceId = 812 -const SYS_EXIT_CHDIR TraceId = 811 -const SYS_ENTER_FCHDIR TraceId = 810 -const SYS_EXIT_FCHDIR TraceId = 809 -const SYS_ENTER_CHROOT TraceId = 808 -const SYS_EXIT_CHROOT TraceId = 807 -const SYS_ENTER_FCHMOD TraceId = 806 -const SYS_EXIT_FCHMOD TraceId = 805 -const SYS_ENTER_FCHMODAT2 TraceId = 804 -const SYS_EXIT_FCHMODAT2 TraceId = 803 -const SYS_ENTER_FCHMODAT TraceId = 802 -const SYS_EXIT_FCHMODAT TraceId = 801 -const SYS_ENTER_CHMOD TraceId = 800 -const SYS_EXIT_CHMOD TraceId = 799 -const SYS_ENTER_FCHOWNAT TraceId = 798 -const SYS_EXIT_FCHOWNAT TraceId = 797 -const SYS_ENTER_CHOWN TraceId = 796 -const SYS_EXIT_CHOWN TraceId = 795 -const SYS_ENTER_LCHOWN TraceId = 794 -const SYS_EXIT_LCHOWN TraceId = 793 -const SYS_ENTER_FCHOWN TraceId = 792 -const SYS_EXIT_FCHOWN TraceId = 791 -const SYS_ENTER_OPEN TraceId = 790 -const SYS_EXIT_OPEN TraceId = 789 -const SYS_ENTER_OPENAT TraceId = 788 -const SYS_EXIT_OPENAT TraceId = 787 -const SYS_ENTER_OPENAT2 TraceId = 786 -const SYS_EXIT_OPENAT2 TraceId = 785 -const SYS_ENTER_CREAT TraceId = 784 -const SYS_EXIT_CREAT TraceId = 783 -const SYS_ENTER_CLOSE TraceId = 782 -const SYS_EXIT_CLOSE TraceId = 781 -const SYS_ENTER_MSYNC TraceId = 710 -const SYS_EXIT_MSYNC TraceId = 709 +const SYS_ENTER_SOCKET TraceId = 1847 +const SYS_EXIT_SOCKET TraceId = 1846 +const SYS_ENTER_SOCKETPAIR TraceId = 1845 +const SYS_EXIT_SOCKETPAIR TraceId = 1844 +const SYS_ENTER_BIND TraceId = 1843 +const SYS_EXIT_BIND TraceId = 1842 +const SYS_ENTER_LISTEN TraceId = 1841 +const SYS_EXIT_LISTEN TraceId = 1840 +const SYS_ENTER_ACCEPT4 TraceId = 1839 +const SYS_EXIT_ACCEPT4 TraceId = 1838 +const SYS_ENTER_ACCEPT TraceId = 1837 +const SYS_EXIT_ACCEPT TraceId = 1836 +const SYS_ENTER_CONNECT TraceId = 1835 +const SYS_EXIT_CONNECT TraceId = 1834 +const SYS_ENTER_GETSOCKNAME TraceId = 1833 +const SYS_EXIT_GETSOCKNAME TraceId = 1832 +const SYS_ENTER_GETPEERNAME TraceId = 1831 +const SYS_EXIT_GETPEERNAME TraceId = 1830 +const SYS_ENTER_SENDTO TraceId = 1829 +const SYS_EXIT_SENDTO TraceId = 1828 +const SYS_ENTER_RECVFROM TraceId = 1827 +const SYS_EXIT_RECVFROM TraceId = 1826 +const SYS_ENTER_SETSOCKOPT TraceId = 1825 +const SYS_EXIT_SETSOCKOPT TraceId = 1824 +const SYS_ENTER_GETSOCKOPT TraceId = 1823 +const SYS_EXIT_GETSOCKOPT TraceId = 1822 +const SYS_ENTER_SHUTDOWN TraceId = 1821 +const SYS_EXIT_SHUTDOWN TraceId = 1820 +const SYS_ENTER_SENDMSG TraceId = 1819 +const SYS_EXIT_SENDMSG TraceId = 1818 +const SYS_ENTER_SENDMMSG TraceId = 1817 +const SYS_EXIT_SENDMMSG TraceId = 1816 +const SYS_ENTER_RECVMSG TraceId = 1815 +const SYS_EXIT_RECVMSG TraceId = 1814 +const SYS_ENTER_RECVMMSG TraceId = 1813 +const SYS_EXIT_RECVMMSG TraceId = 1812 +const SYS_ENTER_GETRANDOM TraceId = 1575 +const SYS_EXIT_GETRANDOM TraceId = 1574 +const SYS_ENTER_IO_URING_REGISTER TraceId = 1528 +const SYS_EXIT_IO_URING_REGISTER TraceId = 1527 +const SYS_ENTER_IO_URING_ENTER TraceId = 1509 +const SYS_EXIT_IO_URING_ENTER TraceId = 1508 +const SYS_ENTER_IO_URING_SETUP TraceId = 1507 +const SYS_EXIT_IO_URING_SETUP TraceId = 1506 +const SYS_ENTER_IOPRIO_SET TraceId = 1491 +const SYS_EXIT_IOPRIO_SET TraceId = 1490 +const SYS_ENTER_IOPRIO_GET TraceId = 1489 +const SYS_EXIT_IOPRIO_GET TraceId = 1488 +const SYS_ENTER_LANDLOCK_CREATE_RULESET TraceId = 1463 +const SYS_EXIT_LANDLOCK_CREATE_RULESET TraceId = 1462 +const SYS_ENTER_LANDLOCK_ADD_RULE TraceId = 1461 +const SYS_EXIT_LANDLOCK_ADD_RULE TraceId = 1460 +const SYS_ENTER_LANDLOCK_RESTRICT_SELF TraceId = 1459 +const SYS_EXIT_LANDLOCK_RESTRICT_SELF TraceId = 1458 +const SYS_ENTER_LSM_SET_SELF_ATTR TraceId = 1456 +const SYS_EXIT_LSM_SET_SELF_ATTR TraceId = 1455 +const SYS_ENTER_LSM_GET_SELF_ATTR TraceId = 1454 +const SYS_EXIT_LSM_GET_SELF_ATTR TraceId = 1453 +const SYS_ENTER_LSM_LIST_MODULES TraceId = 1452 +const SYS_EXIT_LSM_LIST_MODULES TraceId = 1451 +const SYS_ENTER_ADD_KEY TraceId = 1449 +const SYS_EXIT_ADD_KEY TraceId = 1448 +const SYS_ENTER_REQUEST_KEY TraceId = 1447 +const SYS_EXIT_REQUEST_KEY TraceId = 1446 +const SYS_ENTER_KEYCTL TraceId = 1445 +const SYS_EXIT_KEYCTL TraceId = 1444 +const SYS_ENTER_MQ_OPEN TraceId = 1443 +const SYS_EXIT_MQ_OPEN TraceId = 1442 +const SYS_ENTER_MQ_UNLINK TraceId = 1441 +const SYS_EXIT_MQ_UNLINK TraceId = 1440 +const SYS_ENTER_MQ_TIMEDSEND TraceId = 1439 +const SYS_EXIT_MQ_TIMEDSEND TraceId = 1438 +const SYS_ENTER_MQ_TIMEDRECEIVE TraceId = 1437 +const SYS_EXIT_MQ_TIMEDRECEIVE TraceId = 1436 +const SYS_ENTER_MQ_NOTIFY TraceId = 1435 +const SYS_EXIT_MQ_NOTIFY TraceId = 1434 +const SYS_ENTER_MQ_GETSETATTR TraceId = 1433 +const SYS_EXIT_MQ_GETSETATTR TraceId = 1432 +const SYS_ENTER_SHMGET TraceId = 1431 +const SYS_EXIT_SHMGET TraceId = 1430 +const SYS_ENTER_SHMCTL TraceId = 1429 +const SYS_EXIT_SHMCTL TraceId = 1428 +const SYS_ENTER_SHMAT TraceId = 1427 +const SYS_EXIT_SHMAT TraceId = 1426 +const SYS_ENTER_SHMDT TraceId = 1425 +const SYS_EXIT_SHMDT TraceId = 1424 +const SYS_ENTER_SEMGET TraceId = 1423 +const SYS_EXIT_SEMGET TraceId = 1422 +const SYS_ENTER_SEMCTL TraceId = 1421 +const SYS_EXIT_SEMCTL TraceId = 1420 +const SYS_ENTER_SEMTIMEDOP TraceId = 1419 +const SYS_EXIT_SEMTIMEDOP TraceId = 1418 +const SYS_ENTER_SEMOP TraceId = 1417 +const SYS_EXIT_SEMOP TraceId = 1416 +const SYS_ENTER_MSGGET TraceId = 1415 +const SYS_EXIT_MSGGET TraceId = 1414 +const SYS_ENTER_MSGCTL TraceId = 1413 +const SYS_EXIT_MSGCTL TraceId = 1412 +const SYS_ENTER_MSGSND TraceId = 1411 +const SYS_EXIT_MSGSND TraceId = 1410 +const SYS_ENTER_MSGRCV TraceId = 1409 +const SYS_EXIT_MSGRCV TraceId = 1408 +const SYS_ENTER_QUOTACTL TraceId = 1164 +const SYS_EXIT_QUOTACTL TraceId = 1163 +const SYS_ENTER_QUOTACTL_FD TraceId = 1162 +const SYS_EXIT_QUOTACTL_FD TraceId = 1161 +const SYS_ENTER_NAME_TO_HANDLE_AT TraceId = 1146 +const SYS_EXIT_NAME_TO_HANDLE_AT TraceId = 1145 +const SYS_ENTER_OPEN_BY_HANDLE_AT TraceId = 1144 +const SYS_EXIT_OPEN_BY_HANDLE_AT TraceId = 1143 +const SYS_ENTER_FLOCK TraceId = 1130 +const SYS_EXIT_FLOCK TraceId = 1129 +const SYS_ENTER_IO_SETUP TraceId = 1111 +const SYS_EXIT_IO_SETUP TraceId = 1110 +const SYS_ENTER_IO_DESTROY TraceId = 1109 +const SYS_EXIT_IO_DESTROY TraceId = 1108 +const SYS_ENTER_IO_SUBMIT TraceId = 1107 +const SYS_EXIT_IO_SUBMIT TraceId = 1106 +const SYS_ENTER_IO_CANCEL TraceId = 1105 +const SYS_EXIT_IO_CANCEL TraceId = 1104 +const SYS_ENTER_IO_GETEVENTS TraceId = 1103 +const SYS_EXIT_IO_GETEVENTS TraceId = 1102 +const SYS_ENTER_IO_PGETEVENTS TraceId = 1101 +const SYS_EXIT_IO_PGETEVENTS TraceId = 1100 +const SYS_ENTER_USERFAULTFD TraceId = 1099 +const SYS_EXIT_USERFAULTFD TraceId = 1098 +const SYS_ENTER_EVENTFD2 TraceId = 1097 +const SYS_EXIT_EVENTFD2 TraceId = 1096 +const SYS_ENTER_EVENTFD TraceId = 1095 +const SYS_EXIT_EVENTFD TraceId = 1094 +const SYS_ENTER_TIMERFD_CREATE TraceId = 1093 +const SYS_EXIT_TIMERFD_CREATE TraceId = 1092 +const SYS_ENTER_TIMERFD_SETTIME TraceId = 1091 +const SYS_EXIT_TIMERFD_SETTIME TraceId = 1090 +const SYS_ENTER_TIMERFD_GETTIME TraceId = 1089 +const SYS_EXIT_TIMERFD_GETTIME TraceId = 1088 +const SYS_ENTER_SIGNALFD4 TraceId = 1087 +const SYS_EXIT_SIGNALFD4 TraceId = 1086 +const SYS_ENTER_SIGNALFD TraceId = 1085 +const SYS_EXIT_SIGNALFD TraceId = 1084 +const SYS_ENTER_EPOLL_CREATE1 TraceId = 1083 +const SYS_EXIT_EPOLL_CREATE1 TraceId = 1082 +const SYS_ENTER_EPOLL_CREATE TraceId = 1081 +const SYS_EXIT_EPOLL_CREATE TraceId = 1080 +const SYS_ENTER_EPOLL_CTL TraceId = 1079 +const SYS_EXIT_EPOLL_CTL TraceId = 1078 +const SYS_ENTER_EPOLL_WAIT TraceId = 1077 +const SYS_EXIT_EPOLL_WAIT TraceId = 1076 +const SYS_ENTER_EPOLL_PWAIT TraceId = 1075 +const SYS_EXIT_EPOLL_PWAIT TraceId = 1074 +const SYS_ENTER_EPOLL_PWAIT2 TraceId = 1073 +const SYS_EXIT_EPOLL_PWAIT2 TraceId = 1072 +const SYS_ENTER_FANOTIFY_INIT TraceId = 1071 +const SYS_EXIT_FANOTIFY_INIT TraceId = 1070 +const SYS_ENTER_FANOTIFY_MARK TraceId = 1069 +const SYS_EXIT_FANOTIFY_MARK TraceId = 1068 +const SYS_ENTER_INOTIFY_INIT1 TraceId = 1067 +const SYS_EXIT_INOTIFY_INIT1 TraceId = 1066 +const SYS_ENTER_INOTIFY_INIT TraceId = 1065 +const SYS_EXIT_INOTIFY_INIT TraceId = 1064 +const SYS_ENTER_INOTIFY_ADD_WATCH TraceId = 1063 +const SYS_EXIT_INOTIFY_ADD_WATCH TraceId = 1062 +const SYS_ENTER_INOTIFY_RM_WATCH TraceId = 1061 +const SYS_EXIT_INOTIFY_RM_WATCH TraceId = 1060 +const SYS_ENTER_FILE_GETATTR TraceId = 1059 +const SYS_EXIT_FILE_GETATTR TraceId = 1058 +const SYS_ENTER_FILE_SETATTR TraceId = 1057 +const SYS_EXIT_FILE_SETATTR TraceId = 1056 +const SYS_ENTER_FSOPEN TraceId = 1055 +const SYS_EXIT_FSOPEN TraceId = 1054 +const SYS_ENTER_FSPICK TraceId = 1053 +const SYS_EXIT_FSPICK TraceId = 1052 +const SYS_ENTER_FSCONFIG TraceId = 1051 +const SYS_EXIT_FSCONFIG TraceId = 1050 +const SYS_ENTER_STATFS TraceId = 1049 +const SYS_EXIT_STATFS TraceId = 1048 +const SYS_ENTER_FSTATFS TraceId = 1047 +const SYS_EXIT_FSTATFS TraceId = 1046 +const SYS_ENTER_USTAT TraceId = 1045 +const SYS_EXIT_USTAT TraceId = 1044 +const SYS_ENTER_GETCWD TraceId = 1043 +const SYS_EXIT_GETCWD TraceId = 1042 +const SYS_ENTER_UTIMENSAT TraceId = 1041 +const SYS_EXIT_UTIMENSAT TraceId = 1040 +const SYS_ENTER_FUTIMESAT TraceId = 1039 +const SYS_EXIT_FUTIMESAT TraceId = 1038 +const SYS_ENTER_UTIMES TraceId = 1037 +const SYS_EXIT_UTIMES TraceId = 1036 +const SYS_ENTER_UTIME TraceId = 1035 +const SYS_EXIT_UTIME TraceId = 1034 +const SYS_ENTER_SYNC TraceId = 1033 +const SYS_EXIT_SYNC TraceId = 1032 +const SYS_ENTER_SYNCFS TraceId = 1031 +const SYS_EXIT_SYNCFS TraceId = 1030 +const SYS_ENTER_FSYNC TraceId = 1029 +const SYS_EXIT_FSYNC TraceId = 1028 +const SYS_ENTER_FDATASYNC TraceId = 1027 +const SYS_EXIT_FDATASYNC TraceId = 1026 +const SYS_ENTER_SYNC_FILE_RANGE TraceId = 1025 +const SYS_EXIT_SYNC_FILE_RANGE TraceId = 1024 +const SYS_ENTER_VMSPLICE TraceId = 1023 +const SYS_EXIT_VMSPLICE TraceId = 1022 +const SYS_ENTER_SPLICE TraceId = 1021 +const SYS_EXIT_SPLICE TraceId = 1020 +const SYS_ENTER_TEE TraceId = 1019 +const SYS_EXIT_TEE TraceId = 1018 +const SYS_ENTER_SETXATTRAT TraceId = 985 +const SYS_EXIT_SETXATTRAT TraceId = 984 +const SYS_ENTER_SETXATTR TraceId = 983 +const SYS_EXIT_SETXATTR TraceId = 982 +const SYS_ENTER_LSETXATTR TraceId = 981 +const SYS_EXIT_LSETXATTR TraceId = 980 +const SYS_ENTER_FSETXATTR TraceId = 979 +const SYS_EXIT_FSETXATTR TraceId = 978 +const SYS_ENTER_GETXATTRAT TraceId = 977 +const SYS_EXIT_GETXATTRAT TraceId = 976 +const SYS_ENTER_GETXATTR TraceId = 975 +const SYS_EXIT_GETXATTR TraceId = 974 +const SYS_ENTER_LGETXATTR TraceId = 973 +const SYS_EXIT_LGETXATTR TraceId = 972 +const SYS_ENTER_FGETXATTR TraceId = 971 +const SYS_EXIT_FGETXATTR TraceId = 970 +const SYS_ENTER_LISTXATTRAT TraceId = 969 +const SYS_EXIT_LISTXATTRAT TraceId = 968 +const SYS_ENTER_LISTXATTR TraceId = 967 +const SYS_EXIT_LISTXATTR TraceId = 966 +const SYS_ENTER_LLISTXATTR TraceId = 965 +const SYS_EXIT_LLISTXATTR TraceId = 964 +const SYS_ENTER_FLISTXATTR TraceId = 963 +const SYS_EXIT_FLISTXATTR TraceId = 962 +const SYS_ENTER_REMOVEXATTRAT TraceId = 961 +const SYS_EXIT_REMOVEXATTRAT TraceId = 960 +const SYS_ENTER_REMOVEXATTR TraceId = 959 +const SYS_EXIT_REMOVEXATTR TraceId = 958 +const SYS_ENTER_LREMOVEXATTR TraceId = 957 +const SYS_EXIT_LREMOVEXATTR TraceId = 956 +const SYS_ENTER_FREMOVEXATTR TraceId = 955 +const SYS_EXIT_FREMOVEXATTR TraceId = 954 +const SYS_ENTER_UMOUNT TraceId = 953 +const SYS_EXIT_UMOUNT TraceId = 952 +const SYS_ENTER_OPEN_TREE TraceId = 951 +const SYS_EXIT_OPEN_TREE TraceId = 950 +const SYS_ENTER_MOUNT TraceId = 949 +const SYS_EXIT_MOUNT TraceId = 948 +const SYS_ENTER_FSMOUNT TraceId = 947 +const SYS_EXIT_FSMOUNT TraceId = 946 +const SYS_ENTER_MOVE_MOUNT TraceId = 945 +const SYS_EXIT_MOVE_MOUNT TraceId = 944 +const SYS_ENTER_PIVOT_ROOT TraceId = 943 +const SYS_EXIT_PIVOT_ROOT TraceId = 942 +const SYS_ENTER_MOUNT_SETATTR TraceId = 941 +const SYS_EXIT_MOUNT_SETATTR TraceId = 940 +const SYS_ENTER_OPEN_TREE_ATTR TraceId = 939 +const SYS_EXIT_OPEN_TREE_ATTR TraceId = 938 +const SYS_ENTER_STATMOUNT TraceId = 937 +const SYS_EXIT_STATMOUNT TraceId = 936 +const SYS_ENTER_LISTMOUNT TraceId = 935 +const SYS_EXIT_LISTMOUNT TraceId = 934 +const SYS_ENTER_SYSFS TraceId = 933 +const SYS_EXIT_SYSFS TraceId = 932 +const SYS_ENTER_CLOSE_RANGE TraceId = 931 +const SYS_EXIT_CLOSE_RANGE TraceId = 930 +const SYS_ENTER_DUP3 TraceId = 929 +const SYS_EXIT_DUP3 TraceId = 928 +const SYS_ENTER_DUP2 TraceId = 927 +const SYS_EXIT_DUP2 TraceId = 926 +const SYS_ENTER_DUP TraceId = 925 +const SYS_EXIT_DUP TraceId = 924 +const SYS_ENTER_SELECT TraceId = 919 +const SYS_EXIT_SELECT TraceId = 918 +const SYS_ENTER_PSELECT6 TraceId = 917 +const SYS_EXIT_PSELECT6 TraceId = 916 +const SYS_ENTER_POLL TraceId = 915 +const SYS_EXIT_POLL TraceId = 914 +const SYS_ENTER_PPOLL TraceId = 913 +const SYS_EXIT_PPOLL TraceId = 912 +const SYS_ENTER_GETDENTS TraceId = 911 +const SYS_EXIT_GETDENTS TraceId = 910 +const SYS_ENTER_GETDENTS64 TraceId = 909 +const SYS_EXIT_GETDENTS64 TraceId = 908 +const SYS_ENTER_IOCTL TraceId = 907 +const SYS_EXIT_IOCTL TraceId = 906 +const SYS_ENTER_FCNTL TraceId = 905 +const SYS_EXIT_FCNTL TraceId = 904 +const SYS_ENTER_MKNODAT TraceId = 903 +const SYS_EXIT_MKNODAT TraceId = 902 +const SYS_ENTER_MKNOD TraceId = 901 +const SYS_EXIT_MKNOD TraceId = 900 +const SYS_ENTER_MKDIRAT TraceId = 899 +const SYS_EXIT_MKDIRAT TraceId = 898 +const SYS_ENTER_MKDIR TraceId = 897 +const SYS_EXIT_MKDIR TraceId = 896 +const SYS_ENTER_RMDIR TraceId = 895 +const SYS_EXIT_RMDIR TraceId = 894 +const SYS_ENTER_UNLINKAT TraceId = 893 +const SYS_EXIT_UNLINKAT TraceId = 892 +const SYS_ENTER_UNLINK TraceId = 891 +const SYS_EXIT_UNLINK TraceId = 890 +const SYS_ENTER_SYMLINKAT TraceId = 889 +const SYS_EXIT_SYMLINKAT TraceId = 888 +const SYS_ENTER_SYMLINK TraceId = 887 +const SYS_EXIT_SYMLINK TraceId = 886 +const SYS_ENTER_LINKAT TraceId = 885 +const SYS_EXIT_LINKAT TraceId = 884 +const SYS_ENTER_LINK TraceId = 883 +const SYS_EXIT_LINK TraceId = 882 +const SYS_ENTER_RENAMEAT2 TraceId = 881 +const SYS_EXIT_RENAMEAT2 TraceId = 880 +const SYS_ENTER_RENAMEAT TraceId = 879 +const SYS_EXIT_RENAMEAT TraceId = 878 +const SYS_ENTER_RENAME TraceId = 877 +const SYS_EXIT_RENAME TraceId = 876 +const SYS_ENTER_PIPE2 TraceId = 875 +const SYS_EXIT_PIPE2 TraceId = 874 +const SYS_ENTER_PIPE TraceId = 873 +const SYS_EXIT_PIPE TraceId = 872 +const SYS_ENTER_EXECVE TraceId = 871 +const SYS_EXIT_EXECVE TraceId = 870 +const SYS_ENTER_EXECVEAT TraceId = 869 +const SYS_EXIT_EXECVEAT TraceId = 868 +const SYS_ENTER_NEWSTAT TraceId = 867 +const SYS_EXIT_NEWSTAT TraceId = 866 +const SYS_ENTER_NEWLSTAT TraceId = 865 +const SYS_EXIT_NEWLSTAT TraceId = 864 +const SYS_ENTER_NEWFSTATAT TraceId = 863 +const SYS_EXIT_NEWFSTATAT TraceId = 862 +const SYS_ENTER_NEWFSTAT TraceId = 861 +const SYS_EXIT_NEWFSTAT TraceId = 860 +const SYS_ENTER_READLINKAT TraceId = 859 +const SYS_EXIT_READLINKAT TraceId = 858 +const SYS_ENTER_READLINK TraceId = 857 +const SYS_EXIT_READLINK TraceId = 856 +const SYS_ENTER_STATX TraceId = 855 +const SYS_EXIT_STATX TraceId = 854 +const SYS_ENTER_LSEEK TraceId = 853 +const SYS_EXIT_LSEEK TraceId = 852 +const SYS_ENTER_READ TraceId = 851 +const SYS_EXIT_READ TraceId = 850 +const SYS_ENTER_WRITE TraceId = 849 +const SYS_EXIT_WRITE TraceId = 848 +const SYS_ENTER_PREAD64 TraceId = 847 +const SYS_EXIT_PREAD64 TraceId = 846 +const SYS_ENTER_PWRITE64 TraceId = 845 +const SYS_EXIT_PWRITE64 TraceId = 844 +const SYS_ENTER_READV TraceId = 843 +const SYS_EXIT_READV TraceId = 842 +const SYS_ENTER_WRITEV TraceId = 841 +const SYS_EXIT_WRITEV TraceId = 840 +const SYS_ENTER_PREADV TraceId = 839 +const SYS_EXIT_PREADV TraceId = 838 +const SYS_ENTER_PREADV2 TraceId = 837 +const SYS_EXIT_PREADV2 TraceId = 836 +const SYS_ENTER_PWRITEV TraceId = 835 +const SYS_EXIT_PWRITEV TraceId = 834 +const SYS_ENTER_PWRITEV2 TraceId = 833 +const SYS_EXIT_PWRITEV2 TraceId = 832 +const SYS_ENTER_SENDFILE64 TraceId = 831 +const SYS_EXIT_SENDFILE64 TraceId = 830 +const SYS_ENTER_COPY_FILE_RANGE TraceId = 829 +const SYS_EXIT_COPY_FILE_RANGE TraceId = 828 +const SYS_ENTER_TRUNCATE TraceId = 827 +const SYS_EXIT_TRUNCATE TraceId = 826 +const SYS_ENTER_FTRUNCATE TraceId = 825 +const SYS_EXIT_FTRUNCATE TraceId = 824 +const SYS_ENTER_FALLOCATE TraceId = 823 +const SYS_EXIT_FALLOCATE TraceId = 822 +const SYS_ENTER_FACCESSAT TraceId = 821 +const SYS_EXIT_FACCESSAT TraceId = 820 +const SYS_ENTER_FACCESSAT2 TraceId = 819 +const SYS_EXIT_FACCESSAT2 TraceId = 818 +const SYS_ENTER_ACCESS TraceId = 817 +const SYS_EXIT_ACCESS TraceId = 816 +const SYS_ENTER_CHDIR TraceId = 815 +const SYS_EXIT_CHDIR TraceId = 814 +const SYS_ENTER_FCHDIR TraceId = 813 +const SYS_EXIT_FCHDIR TraceId = 812 +const SYS_ENTER_CHROOT TraceId = 811 +const SYS_EXIT_CHROOT TraceId = 810 +const SYS_ENTER_FCHMOD TraceId = 809 +const SYS_EXIT_FCHMOD TraceId = 808 +const SYS_ENTER_FCHMODAT2 TraceId = 807 +const SYS_EXIT_FCHMODAT2 TraceId = 806 +const SYS_ENTER_FCHMODAT TraceId = 805 +const SYS_EXIT_FCHMODAT TraceId = 804 +const SYS_ENTER_CHMOD TraceId = 803 +const SYS_EXIT_CHMOD TraceId = 802 +const SYS_ENTER_FCHOWNAT TraceId = 801 +const SYS_EXIT_FCHOWNAT TraceId = 800 +const SYS_ENTER_CHOWN TraceId = 799 +const SYS_EXIT_CHOWN TraceId = 798 +const SYS_ENTER_LCHOWN TraceId = 797 +const SYS_EXIT_LCHOWN TraceId = 796 +const SYS_ENTER_FCHOWN TraceId = 795 +const SYS_EXIT_FCHOWN TraceId = 794 +const SYS_ENTER_OPEN TraceId = 793 +const SYS_EXIT_OPEN TraceId = 792 +const SYS_ENTER_OPENAT TraceId = 791 +const SYS_EXIT_OPENAT TraceId = 790 +const SYS_ENTER_OPENAT2 TraceId = 789 +const SYS_EXIT_OPENAT2 TraceId = 788 +const SYS_ENTER_CREAT TraceId = 787 +const SYS_EXIT_CREAT TraceId = 786 +const SYS_ENTER_CLOSE TraceId = 785 +const SYS_EXIT_CLOSE TraceId = 784 +const SYS_ENTER_VHANGUP TraceId = 783 +const SYS_EXIT_VHANGUP TraceId = 782 +const SYS_ENTER_MEMFD_CREATE TraceId = 781 +const SYS_EXIT_MEMFD_CREATE TraceId = 780 +const SYS_ENTER_MEMFD_SECRET TraceId = 774 +const SYS_EXIT_MEMFD_SECRET TraceId = 773 +const SYS_ENTER_MOVE_PAGES TraceId = 754 +const SYS_EXIT_MOVE_PAGES TraceId = 753 +const SYS_ENTER_SET_MEMPOLICY_HOME_NODE TraceId = 743 +const SYS_EXIT_SET_MEMPOLICY_HOME_NODE TraceId = 742 +const SYS_ENTER_MBIND TraceId = 741 +const SYS_EXIT_MBIND TraceId = 740 +const SYS_ENTER_SET_MEMPOLICY TraceId = 739 +const SYS_EXIT_SET_MEMPOLICY TraceId = 738 +const SYS_ENTER_MIGRATE_PAGES TraceId = 737 +const SYS_EXIT_MIGRATE_PAGES TraceId = 736 +const SYS_ENTER_GET_MEMPOLICY TraceId = 735 +const SYS_EXIT_GET_MEMPOLICY TraceId = 734 +const SYS_ENTER_SWAPOFF TraceId = 733 +const SYS_EXIT_SWAPOFF TraceId = 732 +const SYS_ENTER_SWAPON TraceId = 731 +const SYS_EXIT_SWAPON TraceId = 730 +const SYS_ENTER_MADVISE TraceId = 729 +const SYS_EXIT_MADVISE TraceId = 728 +const SYS_ENTER_PROCESS_MADVISE TraceId = 727 +const SYS_EXIT_PROCESS_MADVISE TraceId = 726 +const SYS_ENTER_MSEAL TraceId = 725 +const SYS_EXIT_MSEAL TraceId = 724 +const SYS_ENTER_PROCESS_VM_READV TraceId = 723 +const SYS_EXIT_PROCESS_VM_READV TraceId = 722 +const SYS_ENTER_PROCESS_VM_WRITEV TraceId = 721 +const SYS_EXIT_PROCESS_VM_WRITEV TraceId = 720 +const SYS_ENTER_MSYNC TraceId = 712 +const SYS_EXIT_MSYNC TraceId = 711 +const SYS_ENTER_MREMAP TraceId = 710 +const SYS_EXIT_MREMAP TraceId = 709 +const SYS_ENTER_MPROTECT TraceId = 708 +const SYS_EXIT_MPROTECT TraceId = 707 +const SYS_ENTER_PKEY_MPROTECT TraceId = 706 +const SYS_EXIT_PKEY_MPROTECT TraceId = 705 +const SYS_ENTER_PKEY_ALLOC TraceId = 704 +const SYS_EXIT_PKEY_ALLOC TraceId = 703 +const SYS_ENTER_PKEY_FREE TraceId = 702 +const SYS_EXIT_PKEY_FREE TraceId = 701 +const SYS_ENTER_BRK TraceId = 698 +const SYS_EXIT_BRK TraceId = 697 +const SYS_ENTER_MUNMAP TraceId = 696 +const SYS_EXIT_MUNMAP TraceId = 695 +const SYS_ENTER_REMAP_FILE_PAGES TraceId = 694 +const SYS_EXIT_REMAP_FILE_PAGES TraceId = 693 +const SYS_ENTER_MLOCK TraceId = 692 +const SYS_EXIT_MLOCK TraceId = 691 +const SYS_ENTER_MLOCK2 TraceId = 690 +const SYS_EXIT_MLOCK2 TraceId = 689 +const SYS_ENTER_MUNLOCK TraceId = 688 +const SYS_EXIT_MUNLOCK TraceId = 687 +const SYS_ENTER_MLOCKALL TraceId = 686 +const SYS_EXIT_MLOCKALL TraceId = 685 +const SYS_ENTER_MUNLOCKALL TraceId = 684 +const SYS_EXIT_MUNLOCKALL TraceId = 683 +const SYS_ENTER_MINCORE TraceId = 682 +const SYS_EXIT_MINCORE TraceId = 681 const SYS_ENTER_READAHEAD TraceId = 616 const SYS_EXIT_READAHEAD TraceId = 615 const SYS_ENTER_FADVISE64 TraceId = 614 const SYS_EXIT_FADVISE64 TraceId = 613 +const SYS_ENTER_PROCESS_MRELEASE TraceId = 604 +const SYS_EXIT_PROCESS_MRELEASE TraceId = 603 const SYS_ENTER_CACHESTAT TraceId = 595 const SYS_EXIT_CACHESTAT TraceId = 594 +const SYS_ENTER_RSEQ TraceId = 591 +const SYS_EXIT_RSEQ TraceId = 590 +const SYS_ENTER_PERF_EVENT_OPEN TraceId = 587 +const SYS_EXIT_PERF_EVENT_OPEN TraceId = 586 +const SYS_ENTER_BPF TraceId = 585 +const SYS_EXIT_BPF TraceId = 584 +const SYS_ENTER_SECCOMP TraceId = 526 +const SYS_EXIT_SECCOMP TraceId = 525 +const SYS_ENTER_KEXEC_FILE_LOAD TraceId = 508 +const SYS_EXIT_KEXEC_FILE_LOAD TraceId = 507 +const SYS_ENTER_KEXEC_LOAD TraceId = 506 +const SYS_EXIT_KEXEC_LOAD TraceId = 505 +const SYS_ENTER_ACCT TraceId = 504 +const SYS_EXIT_ACCT TraceId = 503 +const SYS_ENTER_SET_ROBUST_LIST TraceId = 499 +const SYS_EXIT_SET_ROBUST_LIST TraceId = 498 +const SYS_ENTER_GET_ROBUST_LIST TraceId = 497 +const SYS_EXIT_GET_ROBUST_LIST TraceId = 496 +const SYS_ENTER_FUTEX TraceId = 495 +const SYS_EXIT_FUTEX TraceId = 494 +const SYS_ENTER_FUTEX_WAITV TraceId = 493 +const SYS_EXIT_FUTEX_WAITV TraceId = 492 +const SYS_ENTER_FUTEX_WAKE TraceId = 491 +const SYS_EXIT_FUTEX_WAKE TraceId = 490 +const SYS_ENTER_FUTEX_WAIT TraceId = 489 +const SYS_EXIT_FUTEX_WAIT TraceId = 488 +const SYS_ENTER_FUTEX_REQUEUE TraceId = 487 +const SYS_EXIT_FUTEX_REQUEUE TraceId = 486 +const SYS_ENTER_GETITIMER TraceId = 471 +const SYS_EXIT_GETITIMER TraceId = 470 +const SYS_ENTER_ALARM TraceId = 469 +const SYS_EXIT_ALARM TraceId = 468 +const SYS_ENTER_SETITIMER TraceId = 467 +const SYS_EXIT_SETITIMER TraceId = 466 +const SYS_ENTER_TIMER_CREATE TraceId = 465 +const SYS_EXIT_TIMER_CREATE TraceId = 464 +const SYS_ENTER_TIMER_GETTIME TraceId = 463 +const SYS_EXIT_TIMER_GETTIME TraceId = 462 +const SYS_ENTER_TIMER_GETOVERRUN TraceId = 461 +const SYS_EXIT_TIMER_GETOVERRUN TraceId = 460 +const SYS_ENTER_TIMER_SETTIME TraceId = 459 +const SYS_EXIT_TIMER_SETTIME TraceId = 458 +const SYS_ENTER_TIMER_DELETE TraceId = 457 +const SYS_EXIT_TIMER_DELETE TraceId = 456 +const SYS_ENTER_CLOCK_SETTIME TraceId = 455 +const SYS_EXIT_CLOCK_SETTIME TraceId = 454 +const SYS_ENTER_CLOCK_GETTIME TraceId = 453 +const SYS_EXIT_CLOCK_GETTIME TraceId = 452 +const SYS_ENTER_CLOCK_ADJTIME TraceId = 451 +const SYS_EXIT_CLOCK_ADJTIME TraceId = 450 +const SYS_ENTER_CLOCK_GETRES TraceId = 449 +const SYS_EXIT_CLOCK_GETRES TraceId = 448 +const SYS_ENTER_CLOCK_NANOSLEEP TraceId = 447 +const SYS_EXIT_CLOCK_NANOSLEEP TraceId = 446 +const SYS_ENTER_NANOSLEEP TraceId = 441 +const SYS_EXIT_NANOSLEEP TraceId = 440 +const SYS_ENTER_TIME TraceId = 425 +const SYS_EXIT_TIME TraceId = 424 +const SYS_ENTER_GETTIMEOFDAY TraceId = 423 +const SYS_EXIT_GETTIMEOFDAY TraceId = 422 +const SYS_ENTER_SETTIMEOFDAY TraceId = 421 +const SYS_EXIT_SETTIMEOFDAY TraceId = 420 +const SYS_ENTER_ADJTIMEX TraceId = 419 +const SYS_EXIT_ADJTIMEX TraceId = 418 +const SYS_ENTER_KCMP TraceId = 417 +const SYS_EXIT_KCMP TraceId = 416 +const SYS_ENTER_DELETE_MODULE TraceId = 410 +const SYS_EXIT_DELETE_MODULE TraceId = 409 +const SYS_ENTER_INIT_MODULE TraceId = 408 +const SYS_EXIT_INIT_MODULE TraceId = 407 const SYS_ENTER_FINIT_MODULE TraceId = 406 const SYS_EXIT_FINIT_MODULE TraceId = 405 const SYS_ENTER_SYSLOG TraceId = 350 const SYS_EXIT_SYSLOG TraceId = 349 +const SYS_ENTER_MEMBARRIER TraceId = 346 +const SYS_EXIT_MEMBARRIER TraceId = 345 +const SYS_ENTER_SCHED_SETSCHEDULER TraceId = 341 +const SYS_EXIT_SCHED_SETSCHEDULER TraceId = 340 +const SYS_ENTER_SCHED_SETPARAM TraceId = 339 +const SYS_EXIT_SCHED_SETPARAM TraceId = 338 +const SYS_ENTER_SCHED_SETATTR TraceId = 337 +const SYS_EXIT_SCHED_SETATTR TraceId = 336 +const SYS_ENTER_SCHED_GETSCHEDULER TraceId = 335 +const SYS_EXIT_SCHED_GETSCHEDULER TraceId = 334 +const SYS_ENTER_SCHED_GETPARAM TraceId = 333 +const SYS_EXIT_SCHED_GETPARAM TraceId = 332 +const SYS_ENTER_SCHED_GETATTR TraceId = 331 +const SYS_EXIT_SCHED_GETATTR TraceId = 330 +const SYS_ENTER_SCHED_SETAFFINITY TraceId = 329 +const SYS_EXIT_SCHED_SETAFFINITY TraceId = 328 +const SYS_ENTER_SCHED_GETAFFINITY TraceId = 327 +const SYS_EXIT_SCHED_GETAFFINITY TraceId = 326 +const SYS_ENTER_SCHED_YIELD TraceId = 325 +const SYS_EXIT_SCHED_YIELD TraceId = 324 +const SYS_ENTER_SCHED_GET_PRIORITY_MAX TraceId = 323 +const SYS_EXIT_SCHED_GET_PRIORITY_MAX TraceId = 322 +const SYS_ENTER_SCHED_GET_PRIORITY_MIN TraceId = 321 +const SYS_EXIT_SCHED_GET_PRIORITY_MIN TraceId = 320 +const SYS_ENTER_SCHED_RR_GET_INTERVAL TraceId = 319 +const SYS_EXIT_SCHED_RR_GET_INTERVAL TraceId = 318 +const SYS_ENTER_GETGROUPS TraceId = 286 +const SYS_EXIT_GETGROUPS TraceId = 285 +const SYS_ENTER_SETGROUPS TraceId = 284 +const SYS_EXIT_SETGROUPS TraceId = 283 +const SYS_ENTER_REBOOT TraceId = 282 +const SYS_EXIT_REBOOT TraceId = 281 +const SYS_ENTER_LISTNS TraceId = 277 +const SYS_EXIT_LISTNS TraceId = 276 +const SYS_ENTER_SETNS TraceId = 275 +const SYS_EXIT_SETNS TraceId = 274 +const SYS_ENTER_PIDFD_OPEN TraceId = 273 +const SYS_EXIT_PIDFD_OPEN TraceId = 272 const SYS_ENTER_PIDFD_GETFD TraceId = 271 const SYS_EXIT_PIDFD_GETFD TraceId = 270 +const SYS_ENTER_SETPRIORITY TraceId = 265 +const SYS_EXIT_SETPRIORITY TraceId = 264 +const SYS_ENTER_GETPRIORITY TraceId = 263 +const SYS_EXIT_GETPRIORITY TraceId = 262 +const SYS_ENTER_SETREGID TraceId = 261 +const SYS_EXIT_SETREGID TraceId = 260 +const SYS_ENTER_SETGID TraceId = 259 +const SYS_EXIT_SETGID TraceId = 258 +const SYS_ENTER_SETREUID TraceId = 257 +const SYS_EXIT_SETREUID TraceId = 256 +const SYS_ENTER_SETUID TraceId = 255 +const SYS_EXIT_SETUID TraceId = 254 +const SYS_ENTER_SETRESUID TraceId = 253 +const SYS_EXIT_SETRESUID TraceId = 252 +const SYS_ENTER_GETRESUID TraceId = 251 +const SYS_EXIT_GETRESUID TraceId = 250 +const SYS_ENTER_SETRESGID TraceId = 249 +const SYS_EXIT_SETRESGID TraceId = 248 +const SYS_ENTER_GETRESGID TraceId = 247 +const SYS_EXIT_GETRESGID TraceId = 246 +const SYS_ENTER_SETFSUID TraceId = 245 +const SYS_EXIT_SETFSUID TraceId = 244 +const SYS_ENTER_SETFSGID TraceId = 243 +const SYS_EXIT_SETFSGID TraceId = 242 +const SYS_ENTER_GETPID TraceId = 241 +const SYS_EXIT_GETPID TraceId = 240 +const SYS_ENTER_GETTID TraceId = 239 +const SYS_EXIT_GETTID TraceId = 238 +const SYS_ENTER_GETPPID TraceId = 237 +const SYS_EXIT_GETPPID TraceId = 236 +const SYS_ENTER_GETUID TraceId = 235 +const SYS_EXIT_GETUID TraceId = 234 +const SYS_ENTER_GETEUID TraceId = 233 +const SYS_EXIT_GETEUID TraceId = 232 +const SYS_ENTER_GETGID TraceId = 231 +const SYS_EXIT_GETGID TraceId = 230 +const SYS_ENTER_GETEGID TraceId = 229 +const SYS_EXIT_GETEGID TraceId = 228 +const SYS_ENTER_TIMES TraceId = 227 +const SYS_EXIT_TIMES TraceId = 226 +const SYS_ENTER_SETPGID TraceId = 225 +const SYS_EXIT_SETPGID TraceId = 224 +const SYS_ENTER_GETPGID TraceId = 223 +const SYS_EXIT_GETPGID TraceId = 222 +const SYS_ENTER_GETPGRP TraceId = 221 +const SYS_EXIT_GETPGRP TraceId = 220 +const SYS_ENTER_GETSID TraceId = 219 +const SYS_EXIT_GETSID TraceId = 218 +const SYS_ENTER_SETSID TraceId = 217 +const SYS_EXIT_SETSID TraceId = 216 +const SYS_ENTER_NEWUNAME TraceId = 215 +const SYS_EXIT_NEWUNAME TraceId = 214 +const SYS_ENTER_SETHOSTNAME TraceId = 213 +const SYS_EXIT_SETHOSTNAME TraceId = 212 +const SYS_ENTER_SETDOMAINNAME TraceId = 211 +const SYS_EXIT_SETDOMAINNAME TraceId = 210 +const SYS_ENTER_GETRLIMIT TraceId = 209 +const SYS_EXIT_GETRLIMIT TraceId = 208 +const SYS_ENTER_PRLIMIT64 TraceId = 207 +const SYS_EXIT_PRLIMIT64 TraceId = 206 +const SYS_ENTER_SETRLIMIT TraceId = 205 +const SYS_EXIT_SETRLIMIT TraceId = 204 +const SYS_ENTER_GETRUSAGE TraceId = 203 +const SYS_EXIT_GETRUSAGE TraceId = 202 +const SYS_ENTER_UMASK TraceId = 201 +const SYS_EXIT_UMASK TraceId = 200 +const SYS_ENTER_PRCTL TraceId = 199 +const SYS_EXIT_PRCTL TraceId = 198 +const SYS_ENTER_GETCPU TraceId = 197 +const SYS_EXIT_GETCPU TraceId = 196 +const SYS_ENTER_SYSINFO TraceId = 195 +const SYS_EXIT_SYSINFO TraceId = 194 +const SYS_ENTER_RESTART_SYSCALL TraceId = 191 +const SYS_EXIT_RESTART_SYSCALL TraceId = 190 +const SYS_ENTER_RT_SIGPROCMASK TraceId = 189 +const SYS_EXIT_RT_SIGPROCMASK TraceId = 188 +const SYS_ENTER_RT_SIGPENDING TraceId = 187 +const SYS_EXIT_RT_SIGPENDING TraceId = 186 +const SYS_ENTER_RT_SIGTIMEDWAIT TraceId = 185 +const SYS_EXIT_RT_SIGTIMEDWAIT TraceId = 184 +const SYS_ENTER_KILL TraceId = 183 +const SYS_EXIT_KILL TraceId = 182 +const SYS_ENTER_PIDFD_SEND_SIGNAL TraceId = 181 +const SYS_EXIT_PIDFD_SEND_SIGNAL TraceId = 180 +const SYS_ENTER_TGKILL TraceId = 179 +const SYS_EXIT_TGKILL TraceId = 178 +const SYS_ENTER_TKILL TraceId = 177 +const SYS_EXIT_TKILL TraceId = 176 +const SYS_ENTER_RT_SIGQUEUEINFO TraceId = 175 +const SYS_EXIT_RT_SIGQUEUEINFO TraceId = 174 +const SYS_ENTER_RT_TGSIGQUEUEINFO TraceId = 173 +const SYS_EXIT_RT_TGSIGQUEUEINFO TraceId = 172 +const SYS_ENTER_SIGALTSTACK TraceId = 171 +const SYS_EXIT_SIGALTSTACK TraceId = 170 +const SYS_ENTER_RT_SIGACTION TraceId = 169 +const SYS_EXIT_RT_SIGACTION TraceId = 168 +const SYS_ENTER_PAUSE TraceId = 167 +const SYS_EXIT_PAUSE TraceId = 166 +const SYS_ENTER_RT_SIGSUSPEND TraceId = 165 +const SYS_EXIT_RT_SIGSUSPEND TraceId = 164 +const SYS_ENTER_PTRACE TraceId = 163 +const SYS_EXIT_PTRACE TraceId = 162 +const SYS_ENTER_CAPGET TraceId = 161 +const SYS_EXIT_CAPGET TraceId = 160 +const SYS_ENTER_CAPSET TraceId = 159 +const SYS_EXIT_CAPSET TraceId = 158 +const SYS_ENTER_EXIT TraceId = 150 +const SYS_EXIT_EXIT TraceId = 149 +const SYS_ENTER_EXIT_GROUP TraceId = 148 +const SYS_EXIT_EXIT_GROUP TraceId = 147 +const SYS_ENTER_WAITID TraceId = 146 +const SYS_EXIT_WAITID TraceId = 145 +const SYS_ENTER_WAIT4 TraceId = 144 +const SYS_EXIT_WAIT4 TraceId = 143 +const SYS_ENTER_PERSONALITY TraceId = 139 +const SYS_EXIT_PERSONALITY TraceId = 138 +const SYS_ENTER_SET_TID_ADDRESS TraceId = 134 +const SYS_EXIT_SET_TID_ADDRESS TraceId = 133 +const SYS_ENTER_FORK TraceId = 132 +const SYS_EXIT_FORK TraceId = 131 +const SYS_ENTER_VFORK TraceId = 130 +const SYS_EXIT_VFORK TraceId = 129 +const SYS_ENTER_CLONE TraceId = 128 +const SYS_EXIT_CLONE TraceId = 127 +const SYS_ENTER_CLONE3 TraceId = 126 +const SYS_EXIT_CLONE3 TraceId = 125 +const SYS_ENTER_UNSHARE TraceId = 124 +const SYS_EXIT_UNSHARE TraceId = 123 +const SYS_ENTER_MAP_SHADOW_STACK TraceId = 119 +const SYS_EXIT_MAP_SHADOW_STACK TraceId = 118 +const SYS_ENTER_URETPROBE TraceId = 117 +const SYS_EXIT_URETPROBE TraceId = 116 +const SYS_ENTER_UPROBE TraceId = 115 +const SYS_EXIT_UPROBE TraceId = 114 +const SYS_ENTER_ARCH_PRCTL TraceId = 102 +const SYS_EXIT_ARCH_PRCTL TraceId = 101 const SYS_ENTER_MMAP TraceId = 100 const SYS_EXIT_MMAP TraceId = 99 +const SYS_ENTER_MODIFY_LDT TraceId = 98 +const SYS_EXIT_MODIFY_LDT TraceId = 97 +const SYS_ENTER_IOPERM TraceId = 95 +const SYS_EXIT_IOPERM TraceId = 94 +const SYS_ENTER_IOPL TraceId = 93 +const SYS_EXIT_IOPL TraceId = 92 +const SYS_ENTER_RT_SIGRETURN TraceId = 57 +const SYS_EXIT_RT_SIGRETURN TraceId = 56 type OpenEvent struct { EventType EventType |