refactor

author: Paul Buetow <paul@buetow.org> 2024-02-11 00:02:38 +0200
committer: Paul Buetow <paul@buetow.org> 2024-02-11 00:02:38 +0200
commit: 0f3e937fff5e8e7407f262694e8e2558bcfec703 (patch)
tree: 748dba5cfa7af41bf839b7aaf3d68eeb92d39b87 /maps.bpf.h
parent: edeaf73dc11cb563c16d43b4b2e26ebc2f5f71bc (diff)
1 files changed, 36 insertions, 0 deletions
diff --git a/maps.bpf.h b/maps.bpf.h
new file mode 100644
index 0000000..afa1064
--- /dev/null
+++ b/maps.bpf.h
@@ -0,0 +1,36 @@
+//+build ignore
+
+struct open_event {
+    int fd;
+    int op_id;
+    u32 tid;
+    char filename[256];
+    char comm[16];
+};
+
+struct {
+    __uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
+    __uint(key_size, sizeof(u32));
+    __uint(value_size, sizeof(u32));
+} open_event_map SEC(".maps");
+
+// Map to temporarily store the filename from sys_enter_openat
+struct {
+    __uint(type, BPF_MAP_TYPE_HASH);
+    __uint(key_size, sizeof(u32));
+    __uint(value_size, sizeof(struct open_event));
+    __uint(max_entries, 128); // Adjust size as needed
+} open_event_temp_map SEC(".maps");
+
+struct fd_event {
+    int fd;
+    int op_id;
+    u32 tid;
+};
+
+struct {
+    __uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
+    __uint(key_size, sizeof(u32));
+    __uint(value_size, sizeof(u32));
+} fd_event_map SEC(".maps");
+
author	Paul Buetow <paul@buetow.org>	2024-02-11 00:02:38 +0200
committer	Paul Buetow <paul@buetow.org>	2024-02-11 00:02:38 +0200
commit	0f3e937fff5e8e7407f262694e8e2558bcfec703 (patch)
tree	748dba5cfa7af41bf839b7aaf3d68eeb92d39b87 /maps.bpf.h
parent	edeaf73dc11cb563c16d43b4b2e26ebc2f5f71bc (diff)