diff options
| author | Paul Buetow <paul@buetow.org> | 2024-02-11 00:02:38 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2024-02-11 00:02:38 +0200 |
| commit | 0f3e937fff5e8e7407f262694e8e2558bcfec703 (patch) | |
| tree | 748dba5cfa7af41bf839b7aaf3d68eeb92d39b87 /main.bpf.c | |
| parent | edeaf73dc11cb563c16d43b4b2e26ebc2f5f71bc (diff) | |
refactor
Diffstat (limited to 'main.bpf.c')
| -rw-r--r-- | main.bpf.c | 40 |
1 files changed, 1 insertions, 39 deletions
@@ -2,8 +2,8 @@ #include "vmlinux.h" #include "opids.h" - #include <bpf/bpf_helpers.h> +#include "maps.bpf.h" // TODO: Split out this file into several *.bpf.c programs. @@ -11,30 +11,6 @@ // For now, this is set to my own user for development purposes. #define UID_FILTER 1001 -// Helper structs for opening file(s) - -struct open_event { - int fd; - int op_id; - u32 tid; - char filename[256]; - char comm[16]; -}; - -struct { - __uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY); - __uint(key_size, sizeof(u32)); - __uint(value_size, sizeof(u32)); -} open_event_map SEC(".maps"); - -// Map to temporarily store the filename from sys_enter_openat -struct { - __uint(type, BPF_MAP_TYPE_HASH); - __uint(key_size, sizeof(u32)); - __uint(value_size, sizeof(struct open_event)); - __uint(max_entries, 128); // Adjust size as needed -} open_event_temp_map SEC(".maps"); - SEC("tracepoint/syscalls/sys_enter_open") int handle_enter_open(struct trace_event_raw_sys_enter *ctx) { if ((bpf_get_current_uid_gid() & 0xFFFFFFFF) != UID_FILTER) @@ -92,20 +68,6 @@ int handle_exit_openat(struct trace_event_raw_sys_exit *ctx) { return handle_exit_open(ctx); } -// Helper structs for other syscalls on FDs - -struct fd_event { - int fd; - int op_id; - u32 tid; -}; - -struct { - __uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY); - __uint(key_size, sizeof(u32)); - __uint(value_size, sizeof(u32)); -} fd_event_map SEC(".maps"); - SEC("tracepoint/syscalls/sys_enter_close") int handle_enter_close(struct trace_event_raw_sys_enter *ctx) { if ((bpf_get_current_uid_gid() & 0xFFFFFFFF) != UID_FILTER) |