diff options
| author | Paul Buetow <paul@buetow.org> | 2024-02-22 22:44:44 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2024-02-22 22:44:44 +0200 |
| commit | c1b4bee6c93265139974b1e5cf065d3f82a7154b (patch) | |
| tree | 6bffa2fdcad38aebcfa0099cd8e684ba65dbde53 /internal | |
| parent | 285eefb1f36e2298af30d8e3df63792204a5b85d (diff) | |
PID filter
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/c/filter.c | 10 | ||||
| -rw-r--r-- | internal/c/flags.h | 4 | ||||
| -rw-r--r-- | internal/flags/flags.go | 13 | ||||
| -rw-r--r-- | internal/generated/Makefile | 4 |
4 files changed, 23 insertions, 8 deletions
diff --git a/internal/c/filter.c b/internal/c/filter.c index a91eb84..93497c7 100644 --- a/internal/c/filter.c +++ b/internal/c/filter.c @@ -1,5 +1,13 @@ //+build ignore static __always_inline int filter() { - return (bpf_get_current_uid_gid() & 0xFFFFFFFF) != UID_FILTER; + if ((bpf_get_current_pid_tgid() >> 32) == PID_FILTER) + return 0; + + /* + if ((bpf_get_current_uid_gid() & 0xFFFFFFFF) == UID_FILTER) + return 0; + */ + + return 1; } diff --git a/internal/c/flags.h b/internal/c/flags.h index 53b9492..eb7ec83 100644 --- a/internal/c/flags.h +++ b/internal/c/flags.h @@ -1,4 +1,4 @@ //+build ignore -const volatile u32 UID_FILTER = 0; -volatile u32 DYNAMIC_UID_FILTER = 0; +// const volatile u32 UID_FILTER = -1; +const volatile u32 PID_FILTER = -1; diff --git a/internal/flags/flags.go b/internal/flags/flags.go index f139654..fbb0569 100644 --- a/internal/flags/flags.go +++ b/internal/flags/flags.go @@ -9,11 +9,13 @@ import ( type Flags struct { UidFilter int + PidFilter int EventMapSize int } func New() (flags Flags) { - flag.IntVar(&flags.UidFilter, "uid", 0, "Filter for processes with UID") + // flag.IntVar(&flags.UidFilter, "uid", 0, "Filter for user ID") + flag.IntVar(&flags.PidFilter, "pid", 0, "Filter for processes ID") flag.IntVar(&flags.EventMapSize, "mapSize", 4096*16, "BPF FD event ring buffer map size") flag.Parse() @@ -21,8 +23,13 @@ func New() (flags Flags) { } func (flags Flags) SetBPF(bpfModule *bpf.Module) error { - if err := bpfModule.InitGlobalVariable("UID_FILTER", uint32(flags.UidFilter)); err != nil { - return fmt.Errorf("unable to set up UID_FILTER global variable: %w", err) + /* + if err := bpfModule.InitGlobalVariable("UID_FILTER", uint32(flags.UidFilter)); err != nil { + return fmt.Errorf("unable to set up UID_FILTER global variable: %w", err) + } + */ + if err := bpfModule.InitGlobalVariable("PID_FILTER", uint32(flags.PidFilter)); err != nil { + return fmt.Errorf("unable to set up PID_FILTER global variable: %w", err) } return nil } diff --git a/internal/generated/Makefile b/internal/generated/Makefile index 7734ff5..1f5bf05 100644 --- a/internal/generated/Makefile +++ b/internal/generated/Makefile @@ -4,9 +4,9 @@ generate: tracepoints types .PHONY: tracepoints tracepoints: - cat ../c/tracepoints/*.c | raku tracepoints.raku | goimports | gofmt | tee tracepoints/tracepoints.go + cat ../c/tracepoints/*.c | raku tracepoints.raku | goimports | gofmt > tracepoints/tracepoints.go .PHONY: types types: - cat ../c/types.h | raku nqc.raku | goimports | gofmt | tee types/types.go + cat ../c/types.h | raku nqc.raku | goimports | gofmt > types/types.go |