summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Makefile2
-rw-r--r--internal/c/generated/tracepoints.c104
-rw-r--r--internal/c/generated/tracepoints.raku19
-rw-r--r--internal/c/types.h4
-rw-r--r--internal/eventloop.go4
-rw-r--r--internal/generated/types/types.go20
6 files changed, 82 insertions, 71 deletions
diff --git a/Makefile b/Makefile
index 0c2772e..ef953ac 100644
--- a/Makefile
+++ b/Makefile
@@ -17,7 +17,7 @@ generate: generated
.PHONY: generated
generated:
- #make -C ./internal/c/generated
+ make -C ./internal/c/generated
make -C ./internal/generated
.PHONY: gobuild
diff --git a/internal/c/generated/tracepoints.c b/internal/c/generated/tracepoints.c
index 168518d..eb0ccd2 100644
--- a/internal/c/generated/tracepoints.c
+++ b/internal/c/generated/tracepoints.c
@@ -59,7 +59,7 @@ int handle_sys_exit_cachestat(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -67,7 +67,7 @@ int handle_sys_exit_cachestat(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -99,7 +99,7 @@ int handle_sys_exit_close_range(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -107,7 +107,7 @@ int handle_sys_exit_close_range(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -139,7 +139,7 @@ int handle_sys_exit_close(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -147,7 +147,7 @@ int handle_sys_exit_close(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -179,7 +179,7 @@ int handle_sys_exit_fchown(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -187,7 +187,7 @@ int handle_sys_exit_fchown(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -219,7 +219,7 @@ int handle_sys_exit_fchmod(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -227,7 +227,7 @@ int handle_sys_exit_fchmod(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -259,7 +259,7 @@ int handle_sys_exit_fchdir(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -267,7 +267,7 @@ int handle_sys_exit_fchdir(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -299,7 +299,7 @@ int handle_sys_exit_ftruncate(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -307,7 +307,7 @@ int handle_sys_exit_ftruncate(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -339,7 +339,7 @@ int handle_sys_exit_copy_file_range(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -347,7 +347,7 @@ int handle_sys_exit_copy_file_range(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -379,7 +379,7 @@ int handle_sys_exit_pwrite64(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -387,7 +387,7 @@ int handle_sys_exit_pwrite64(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -419,7 +419,7 @@ int handle_sys_exit_pread64(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -427,7 +427,7 @@ int handle_sys_exit_pread64(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -459,7 +459,7 @@ int handle_sys_exit_write(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -467,7 +467,7 @@ int handle_sys_exit_write(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -499,7 +499,7 @@ int handle_sys_exit_read(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -507,7 +507,7 @@ int handle_sys_exit_read(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -539,7 +539,7 @@ int handle_sys_exit_lseek(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -547,7 +547,7 @@ int handle_sys_exit_lseek(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -579,7 +579,7 @@ int handle_sys_exit_newfstat(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -587,7 +587,7 @@ int handle_sys_exit_newfstat(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -619,7 +619,7 @@ int handle_sys_exit_fcntl(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -627,7 +627,7 @@ int handle_sys_exit_fcntl(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -659,7 +659,7 @@ int handle_sys_exit_ioctl(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -667,7 +667,7 @@ int handle_sys_exit_ioctl(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -699,7 +699,7 @@ int handle_sys_exit_getdents64(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -707,7 +707,7 @@ int handle_sys_exit_getdents64(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -739,7 +739,7 @@ int handle_sys_exit_getdents(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -747,7 +747,7 @@ int handle_sys_exit_getdents(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -779,7 +779,7 @@ int handle_sys_exit_sync_file_range(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -787,7 +787,7 @@ int handle_sys_exit_sync_file_range(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -819,7 +819,7 @@ int handle_sys_exit_fdatasync(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -827,7 +827,7 @@ int handle_sys_exit_fdatasync(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -859,7 +859,7 @@ int handle_sys_exit_fsync(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -867,7 +867,7 @@ int handle_sys_exit_fsync(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -899,7 +899,7 @@ int handle_sys_exit_fstatfs(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -907,7 +907,7 @@ int handle_sys_exit_fstatfs(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -939,7 +939,7 @@ int handle_sys_exit_flock(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -947,7 +947,7 @@ int handle_sys_exit_flock(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -979,7 +979,7 @@ int handle_sys_exit_quotactl_fd(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -987,7 +987,7 @@ int handle_sys_exit_quotactl_fd(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -1019,7 +1019,7 @@ int handle_sys_exit_io_uring_register(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -1027,7 +1027,7 @@ int handle_sys_exit_io_uring_register(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -1059,7 +1059,7 @@ int handle_sys_exit_io_uring_enter(struct trace_event_raw_sys_exit *ctx) {
if (filter(&pid, &tid))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
if (!ev)
return 0;
@@ -1067,7 +1067,7 @@ int handle_sys_exit_io_uring_enter(struct trace_event_raw_sys_exit *ctx) {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
-
+ ev->ret = ctx->ret;
bpf_ringbuf_submit(ev, 0);
return 0;
diff --git a/internal/c/generated/tracepoints.raku b/internal/c/generated/tracepoints.raku
index 563a028..1de8a0e 100644
--- a/internal/c/generated/tracepoints.raku
+++ b/internal/c/generated/tracepoints.raku
@@ -36,11 +36,18 @@ class Format {
has Str $.name is rw;
has Int $.id is rw;
has Field @.fields is rw;
+ # file descriptor passed to syscalls.
has Bool $.has-fd is rw = False;
+ # Syscall returns with a long value (e.g. bytes read/written)
+ has Bool $.has-long-ret is rw = False;
method push(Field $field) {
push @!fields: $field;
- $!has-fd = True if ($field.name eq 'fd' && $field.type eq 'unsigned int');
+ if ($field.name eq 'fd' && $field.type eq 'unsigned int') {
+ $!has-fd = True;
+ } elsif ($field.name eq 'ret' && $field.type eq 'long') {
+ $.has-long-ret = True;
+ }
}
method generate-constant returns Str {
@@ -49,8 +56,11 @@ class Format {
method generate-probe returns Str {
my \is-enter = $!name.split('_')[1] eq 'enter';
- my \ctx-struct = is-enter ?? 'trace_event_raw_sys_enter' !! 'trace_event_raw_sys_exit';
- my \event-struct = is-enter ?? 'fd_event' !! 'null_event';
+ my \is-exit = !is-enter;
+ my \ctx-struct = is-enter ?? 'trace_event_raw_sys_enter'
+ !! 'trace_event_raw_sys_exit';
+ my \event-struct = is-enter ?? 'fd_event'
+ !! ($!has-long-ret ?? 'ret_event' !! 'null_event');
qq:to/END/;
SEC("tracepoint/syscalls/{$!name}")
@@ -67,7 +77,8 @@ class Format {
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_ns() / 1000;
- {is-enter ?? 'ev->fd = (int)ctx->args[0];' !! ''}
+ {is-enter ?? 'ev->fd = (int)ctx->args[0];'
+ !! ($!has-long-ret ?? 'ev->ret = ctx->ret;' !! '') }
bpf_ringbuf_submit(ev, 0);
return 0;
diff --git a/internal/c/types.h b/internal/c/types.h
index 35ddbd7..db6f318 100644
--- a/internal/c/types.h
+++ b/internal/c/types.h
@@ -18,12 +18,12 @@ struct fd_event {
__s32 fd;
};
-struct rw_event {
+struct ret_event {
__u32 syscall_id;
__u32 pid;
__u32 tid;
__u32 time;
- __u64 size;
+ __u64 ret;
};
struct open_enter_event {
diff --git a/internal/eventloop.go b/internal/eventloop.go
index afb0abf..5fb8c5c 100644
--- a/internal/eventloop.go
+++ b/internal/eventloop.go
@@ -94,7 +94,7 @@ func eventLoop(bpfModule *bpf.Module, ch <-chan []byte) {
enterEv.Recycle()
case SYS_EXIT_WRITE:
- ev := NewRwEvent(raw)
+ ev := NewRetEvent(raw)
enterEv, ok := enterFd[ev.Tid]
if !ok {
ev.Recycle()
@@ -102,7 +102,7 @@ func eventLoop(bpfModule *bpf.Module, ch <-chan []byte) {
}
duration := ev.Time - enterEv.Time
if file, ok := openFdMap[enterEv.Fd]; ok {
- fmt.Println(duration, "μs", "wrote", ev.Size, "bytes", file)
+ fmt.Println(duration, "μs", "retval", ev.Ret, file)
}
delete(enterFd, ev.Tid)
diff --git a/internal/generated/types/types.go b/internal/generated/types/types.go
index c87d276..9483285 100644
--- a/internal/generated/types/types.go
+++ b/internal/generated/types/types.go
@@ -189,24 +189,24 @@ func (f *FdEvent) Recycle() {
poolOfFdEvents.Put(f)
}
-type RwEvent struct {
+type RetEvent struct {
SyscallId SyscallId
Pid uint32
Tid uint32
Time uint32
- Size uint64
+ Ret uint64
}
-func (r RwEvent) String() string {
- return fmt.Sprintf("SyscallId:%v Pid:%v Tid:%v Time:%v Size:%v", r.SyscallId, r.Pid, r.Tid, r.Time, r.Size)
+func (r RetEvent) String() string {
+ return fmt.Sprintf("SyscallId:%v Pid:%v Tid:%v Time:%v Ret:%v", r.SyscallId, r.Pid, r.Tid, r.Time, r.Ret)
}
-var poolOfRwEvents = sync.Pool{
- New: func() interface{} { return &RwEvent{} },
+var poolOfRetEvents = sync.Pool{
+ New: func() interface{} { return &RetEvent{} },
}
-func NewRwEvent(raw []byte) *RwEvent {
- r := poolOfRwEvents.Get().(*RwEvent)
+func NewRetEvent(raw []byte) *RetEvent {
+ r := poolOfRetEvents.Get().(*RetEvent)
if err := binary.Read(bytes.NewReader(raw), binary.LittleEndian, r); err != nil {
fmt.Println(r, raw, len(raw), err)
panic(raw)
@@ -214,8 +214,8 @@ func NewRwEvent(raw []byte) *RwEvent {
return r
}
-func (r *RwEvent) Recycle() {
- poolOfRwEvents.Put(r)
+func (r *RetEvent) Recycle() {
+ poolOfRetEvents.Put(r)
}
type OpenEnterEvent struct {
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-16 20:54:36 +0000