diff options
| -rw-r--r-- | internal/c/generated/tracepoints.c | 208 | ||||
| -rw-r--r-- | internal/c/generated/tracepoints.raku | 6 | ||||
| -rw-r--r-- | internal/c/ioriotng.bpf.c | 5 | ||||
| -rw-r--r-- | internal/c/tracepoints/close.c | 15 | ||||
| -rw-r--r-- | internal/c/tracepoints/open.c | 21 | ||||
| -rw-r--r-- | internal/c/tracepoints/write.c | 4 | ||||
| -rw-r--r-- | internal/c/types.h | 21 | ||||
| -rw-r--r-- | internal/eventloop.go | 22 | ||||
| -rw-r--r-- | internal/generated/Makefile | 4 | ||||
| -rw-r--r-- | internal/generated/nqc.raku | 16 | ||||
| -rw-r--r-- | internal/generated/tracepoints.raku | 2 | ||||
| -rw-r--r-- | internal/generated/tracepoints/tracepoints.go | 54 | ||||
| -rw-r--r-- | internal/generated/types/types.go | 257 |
13 files changed, 408 insertions, 227 deletions
diff --git a/internal/c/generated/tracepoints.c b/internal/c/generated/tracepoints.c index da49afe..168518d 100644 --- a/internal/c/generated/tracepoints.c +++ b/internal/c/generated/tracepoints.c @@ -54,7 +54,7 @@ #define SYS_ENTER_IO_URING_ENTER 1371 SEC("tracepoint/syscalls/sys_exit_cachestat") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_cachestat(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -63,7 +63,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_CACHESTAT; + ev->syscall_id = SYS_EXIT_CACHESTAT; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -74,7 +74,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_cachestat") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_cachestat(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -83,7 +83,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_CACHESTAT; + ev->syscall_id = SYS_ENTER_CACHESTAT; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -94,7 +94,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { } SEC("tracepoint/syscalls/sys_exit_close_range") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_close_range(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -103,7 +103,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_CLOSE_RANGE; + ev->syscall_id = SYS_EXIT_CLOSE_RANGE; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -114,7 +114,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_close_range") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_close_range(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -123,7 +123,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_CLOSE_RANGE; + ev->syscall_id = SYS_ENTER_CLOSE_RANGE; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -134,7 +134,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { } SEC("tracepoint/syscalls/sys_exit_close") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_close(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -143,7 +143,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_CLOSE; + ev->syscall_id = SYS_EXIT_CLOSE; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -154,7 +154,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_close") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_close(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -163,7 +163,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_CLOSE; + ev->syscall_id = SYS_ENTER_CLOSE; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -174,7 +174,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { } SEC("tracepoint/syscalls/sys_exit_fchown") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_fchown(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -183,7 +183,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_FCHOWN; + ev->syscall_id = SYS_EXIT_FCHOWN; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -194,7 +194,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_fchown") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_fchown(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -203,7 +203,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_FCHOWN; + ev->syscall_id = SYS_ENTER_FCHOWN; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -214,7 +214,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { } SEC("tracepoint/syscalls/sys_exit_fchmod") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_fchmod(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -223,7 +223,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_FCHMOD; + ev->syscall_id = SYS_EXIT_FCHMOD; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -234,7 +234,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_fchmod") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_fchmod(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -243,7 +243,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_FCHMOD; + ev->syscall_id = SYS_ENTER_FCHMOD; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -254,7 +254,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { } SEC("tracepoint/syscalls/sys_exit_fchdir") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_fchdir(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -263,7 +263,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_FCHDIR; + ev->syscall_id = SYS_EXIT_FCHDIR; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -274,7 +274,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_fchdir") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_fchdir(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -283,7 +283,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_FCHDIR; + ev->syscall_id = SYS_ENTER_FCHDIR; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -294,7 +294,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { } SEC("tracepoint/syscalls/sys_exit_ftruncate") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_ftruncate(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -303,7 +303,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_FTRUNCATE; + ev->syscall_id = SYS_EXIT_FTRUNCATE; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -314,7 +314,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_ftruncate") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_ftruncate(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -323,7 +323,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_FTRUNCATE; + ev->syscall_id = SYS_ENTER_FTRUNCATE; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -334,7 +334,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { } SEC("tracepoint/syscalls/sys_exit_copy_file_range") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_copy_file_range(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -343,7 +343,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_COPY_FILE_RANGE; + ev->syscall_id = SYS_EXIT_COPY_FILE_RANGE; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -354,7 +354,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_copy_file_range") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_copy_file_range(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -363,7 +363,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_COPY_FILE_RANGE; + ev->syscall_id = SYS_ENTER_COPY_FILE_RANGE; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -374,7 +374,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { } SEC("tracepoint/syscalls/sys_exit_pwrite64") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_pwrite64(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -383,7 +383,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_PWRITE64; + ev->syscall_id = SYS_EXIT_PWRITE64; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -394,7 +394,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_pwrite64") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_pwrite64(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -403,7 +403,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_PWRITE64; + ev->syscall_id = SYS_ENTER_PWRITE64; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -414,7 +414,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { } SEC("tracepoint/syscalls/sys_exit_pread64") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_pread64(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -423,7 +423,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_PREAD64; + ev->syscall_id = SYS_EXIT_PREAD64; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -434,7 +434,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_pread64") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_pread64(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -443,7 +443,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_PREAD64; + ev->syscall_id = SYS_ENTER_PREAD64; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -454,7 +454,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { } SEC("tracepoint/syscalls/sys_exit_write") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_write(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -463,7 +463,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_WRITE; + ev->syscall_id = SYS_EXIT_WRITE; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -474,7 +474,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_write") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_write(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -483,7 +483,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_WRITE; + ev->syscall_id = SYS_ENTER_WRITE; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -494,7 +494,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { } SEC("tracepoint/syscalls/sys_exit_read") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_read(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -503,7 +503,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_READ; + ev->syscall_id = SYS_EXIT_READ; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -514,7 +514,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_read") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_read(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -523,7 +523,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_READ; + ev->syscall_id = SYS_ENTER_READ; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -534,7 +534,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { } SEC("tracepoint/syscalls/sys_exit_lseek") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_lseek(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -543,7 +543,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_LSEEK; + ev->syscall_id = SYS_EXIT_LSEEK; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -554,7 +554,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_lseek") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_lseek(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -563,7 +563,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_LSEEK; + ev->syscall_id = SYS_ENTER_LSEEK; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -574,7 +574,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { } SEC("tracepoint/syscalls/sys_exit_newfstat") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_newfstat(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -583,7 +583,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_NEWFSTAT; + ev->syscall_id = SYS_EXIT_NEWFSTAT; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -594,7 +594,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_newfstat") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_newfstat(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -603,7 +603,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_NEWFSTAT; + ev->syscall_id = SYS_ENTER_NEWFSTAT; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -614,7 +614,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { } SEC("tracepoint/syscalls/sys_exit_fcntl") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_fcntl(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -623,7 +623,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_FCNTL; + ev->syscall_id = SYS_EXIT_FCNTL; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -634,7 +634,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_fcntl") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_fcntl(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -643,7 +643,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_FCNTL; + ev->syscall_id = SYS_ENTER_FCNTL; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -654,7 +654,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { } SEC("tracepoint/syscalls/sys_exit_ioctl") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_ioctl(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -663,7 +663,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_IOCTL; + ev->syscall_id = SYS_EXIT_IOCTL; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -674,7 +674,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_ioctl") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_ioctl(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -683,7 +683,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_IOCTL; + ev->syscall_id = SYS_ENTER_IOCTL; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -694,7 +694,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { } SEC("tracepoint/syscalls/sys_exit_getdents64") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_getdents64(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -703,7 +703,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_GETDENTS64; + ev->syscall_id = SYS_EXIT_GETDENTS64; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -714,7 +714,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_getdents64") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_getdents64(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -723,7 +723,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_GETDENTS64; + ev->syscall_id = SYS_ENTER_GETDENTS64; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -734,7 +734,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { } SEC("tracepoint/syscalls/sys_exit_getdents") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_getdents(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -743,7 +743,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_GETDENTS; + ev->syscall_id = SYS_EXIT_GETDENTS; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -754,7 +754,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_getdents") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_getdents(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -763,7 +763,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_GETDENTS; + ev->syscall_id = SYS_ENTER_GETDENTS; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -774,7 +774,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { } SEC("tracepoint/syscalls/sys_exit_sync_file_range") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_sync_file_range(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -783,7 +783,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_SYNC_FILE_RANGE; + ev->syscall_id = SYS_EXIT_SYNC_FILE_RANGE; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -794,7 +794,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_sync_file_range") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_sync_file_range(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -803,7 +803,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_SYNC_FILE_RANGE; + ev->syscall_id = SYS_ENTER_SYNC_FILE_RANGE; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -814,7 +814,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { } SEC("tracepoint/syscalls/sys_exit_fdatasync") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_fdatasync(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -823,7 +823,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_FDATASYNC; + ev->syscall_id = SYS_EXIT_FDATASYNC; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -834,7 +834,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_fdatasync") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_fdatasync(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -843,7 +843,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_FDATASYNC; + ev->syscall_id = SYS_ENTER_FDATASYNC; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -854,7 +854,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { } SEC("tracepoint/syscalls/sys_exit_fsync") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_fsync(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -863,7 +863,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_FSYNC; + ev->syscall_id = SYS_EXIT_FSYNC; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -874,7 +874,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_fsync") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_fsync(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -883,7 +883,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_FSYNC; + ev->syscall_id = SYS_ENTER_FSYNC; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -894,7 +894,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { } SEC("tracepoint/syscalls/sys_exit_fstatfs") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_fstatfs(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -903,7 +903,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_FSTATFS; + ev->syscall_id = SYS_EXIT_FSTATFS; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -914,7 +914,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_fstatfs") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_fstatfs(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -923,7 +923,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_FSTATFS; + ev->syscall_id = SYS_ENTER_FSTATFS; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -934,7 +934,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { } SEC("tracepoint/syscalls/sys_exit_flock") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_flock(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -943,7 +943,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_FLOCK; + ev->syscall_id = SYS_EXIT_FLOCK; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -954,7 +954,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_flock") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_flock(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -963,7 +963,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_FLOCK; + ev->syscall_id = SYS_ENTER_FLOCK; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -974,7 +974,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { } SEC("tracepoint/syscalls/sys_exit_quotactl_fd") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_quotactl_fd(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -983,7 +983,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_QUOTACTL_FD; + ev->syscall_id = SYS_EXIT_QUOTACTL_FD; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -994,7 +994,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_quotactl_fd") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_quotactl_fd(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -1003,7 +1003,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_QUOTACTL_FD; + ev->syscall_id = SYS_ENTER_QUOTACTL_FD; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -1014,7 +1014,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { } SEC("tracepoint/syscalls/sys_exit_io_uring_register") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_io_uring_register(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -1023,7 +1023,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_IO_URING_REGISTER; + ev->syscall_id = SYS_EXIT_IO_URING_REGISTER; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -1034,7 +1034,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_io_uring_register") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_io_uring_register(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -1043,7 +1043,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_IO_URING_REGISTER; + ev->syscall_id = SYS_ENTER_IO_URING_REGISTER; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -1054,7 +1054,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { } SEC("tracepoint/syscalls/sys_exit_io_uring_enter") -int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { +int handle_sys_exit_io_uring_enter(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -1063,7 +1063,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = SYS_EXIT_IO_URING_ENTER; + ev->syscall_id = SYS_EXIT_IO_URING_ENTER; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -1074,7 +1074,7 @@ int handle_enter_write(struct trace_event_raw_sys_exit *ctx) { } SEC("tracepoint/syscalls/sys_enter_io_uring_enter") -int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { +int handle_sys_enter_io_uring_enter(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -1083,7 +1083,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = SYS_ENTER_IO_URING_ENTER; + ev->syscall_id = SYS_ENTER_IO_URING_ENTER; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; diff --git a/internal/c/generated/tracepoints.raku b/internal/c/generated/tracepoints.raku index 18060ac..1164acf 100644 --- a/internal/c/generated/tracepoints.raku +++ b/internal/c/generated/tracepoints.raku @@ -3,6 +3,8 @@ use v6.d; #use Grammar::Debugger; +my Str @excluded = <SYS_ENTER_WRITE SYS_EXIT_WRITE>; + grammar SysTraceFormat { rule TOP { <wholeformatsection>* } rule wholeformatsection { <name> <id> <format> <print-fmt> } @@ -54,7 +56,7 @@ class Format { qq:to/END/; SEC("tracepoint/syscalls/{$!name}") - int handle_enter_write(struct {ctx-struct} *ctx) \{ + int handle_{$!name.lc}(struct {ctx-struct} *ctx) \{ __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -63,7 +65,7 @@ class Format { if (!ev) return 0; - ev->op_id = {$!name.uc}; + ev->syscall_id = {$!name.uc}; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; diff --git a/internal/c/ioriotng.bpf.c b/internal/c/ioriotng.bpf.c index e1ef51d..902bfad 100644 --- a/internal/c/ioriotng.bpf.c +++ b/internal/c/ioriotng.bpf.c @@ -14,12 +14,13 @@ */ #include "filter.c" +// Auto-generated tracepoints. +#include "generated/tracepoints.c" + // Tracepoints with custom handling. #include "tracepoints/open.c" #include "tracepoints/close.c" #include "tracepoints/write.c" -// More tracepoints, but auto-generated. May lack per-syscall special case handling. -// #include "generated/tracepoints.c" char LICENSE[] SEC("license") = "Dual BSD/GPL"; diff --git a/internal/c/tracepoints/close.c b/internal/c/tracepoints/close.c index 9d0b866..f099554 100644 --- a/internal/c/tracepoints/close.c +++ b/internal/c/tracepoints/close.c @@ -1,6 +1,7 @@ //+build ignore -SEC("tracepoint/syscalls/sys_enter_close") +// SEC("tracepoint/syscalls/sys_enter_close") +/* int handle_enter_close(struct trace_event_raw_sys_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) @@ -10,7 +11,7 @@ int handle_enter_close(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = CLOSE_ENTER_OP_ID; + ev->syscall_id = SYS_ENTER_CLOSE; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -19,8 +20,10 @@ int handle_enter_close(struct trace_event_raw_sys_enter *ctx) { bpf_ringbuf_submit(ev, 0); return 0; } +*/ -SEC("tracepoint/syscalls/sys_exit_close") +// SEC("tracepoint/syscalls/sys_exit_close") +/* int handle_exit_close(struct trace_event_raw_sys_exit *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) @@ -30,13 +33,13 @@ int handle_exit_close(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = CLOSE_EXIT_OP_ID; + ev->syscall_id = SYS_EXIT_CLOSE; ev->pid = pid; ev->tid = tid; - ev->time = bpf_ktime_get_ns() / 1000; + ev->time = bpf_ktime_get_ns() / 1000000; bpf_ringbuf_submit(ev, 0); return 0; } - +*/ diff --git a/internal/c/tracepoints/open.c b/internal/c/tracepoints/open.c index fa0fbf3..0b5d825 100644 --- a/internal/c/tracepoints/open.c +++ b/internal/c/tracepoints/open.c @@ -1,6 +1,11 @@ //+build ignore -static __always_inline int _handle_enter_open(struct trace_event_raw_sys_enter *ctx, __u32 op_id) { +#define SYS_ENTER_OPEN 1 +#define SYS_EXIT_OPEN 2 +#define SYS_ENTER_OPENAT 3 +#define SYS_EXIT_OPENAT 4 + +static __always_inline int _handle_enter_open(struct trace_event_raw_sys_enter *ctx, __u32 syscall_id) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -9,7 +14,7 @@ static __always_inline int _handle_enter_open(struct trace_event_raw_sys_enter * if (!ev) return 0; - ev->op_id = op_id; + ev->syscall_id = syscall_id; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -23,7 +28,7 @@ static __always_inline int _handle_enter_open(struct trace_event_raw_sys_enter * return 0; } -static __always_inline int _handle_exit_open(struct trace_event_raw_sys_exit *ctx, __u32 op_id) { +static __always_inline int _handle_exit_open(struct trace_event_raw_sys_exit *ctx, __u32 syscall_id) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; @@ -32,7 +37,7 @@ static __always_inline int _handle_exit_open(struct trace_event_raw_sys_exit *ct if (!ev) return 0; - ev->op_id = op_id; + ev->syscall_id = syscall_id; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -45,20 +50,20 @@ static __always_inline int _handle_exit_open(struct trace_event_raw_sys_exit *ct SEC("tracepoint/syscalls/sys_enter_openat") int handle_enter_openat(struct trace_event_raw_sys_enter *ctx) { - return _handle_enter_open(ctx, OPENAT_ENTER_OP_ID); + return _handle_enter_open(ctx, SYS_ENTER_OPENAT); } SEC("tracepoint/syscalls/sys_exit_openat") int handle_exit_openat(struct trace_event_raw_sys_exit *ctx) { - return _handle_exit_open(ctx, OPENAT_EXIT_OP_ID); + return _handle_exit_open(ctx, SYS_EXIT_OPENAT); } SEC("tracepoint/syscalls/sys_enter_open") int handle_enter_open(struct trace_event_raw_sys_enter *ctx) { - return _handle_enter_open(ctx, OPEN_ENTER_OP_ID); + return _handle_enter_open(ctx, SYS_ENTER_OPEN); } SEC("tracepoint/syscalls/sys_exit_open") int handle_exit_open(struct trace_event_raw_sys_exit *ctx) { - return _handle_exit_open(ctx, OPEN_EXIT_OP_ID); + return _handle_exit_open(ctx, SYS_EXIT_OPEN); } diff --git a/internal/c/tracepoints/write.c b/internal/c/tracepoints/write.c index 9771193..9d737f7 100644 --- a/internal/c/tracepoints/write.c +++ b/internal/c/tracepoints/write.c @@ -10,7 +10,7 @@ int handle_enter_write(struct trace_event_raw_sys_enter *ctx) { if (!ev) return 0; - ev->op_id = WRITE_ENTER_OP_ID; + ev->syscall_id = SYS_ENTER_WRITE; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; @@ -30,7 +30,7 @@ int handle_exit_write(struct trace_event_raw_sys_exit *ctx) { if (!ev) return 0; - ev->op_id = WRITE_EXIT_OP_ID; + ev->syscall_id = SYS_EXIT_WRITE; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_ns() / 1000; diff --git a/internal/c/types.h b/internal/c/types.h index abec562..35ddbd7 100644 --- a/internal/c/types.h +++ b/internal/c/types.h @@ -3,28 +3,15 @@ #define MAX_FILENAME_LENGTH 256 #define MAX_PROGNAME_LENGTH 16 -#define OPENAT_ENTER_OP_ID 1 -#define OPENAT_EXIT_OP_ID 2 -#define OPEN_ENTER_OP_ID 3 -#define OPEN_EXIT_OP_ID 4 - -#define CLOSE_ENTER_OP_ID 5 -#define CLOSE_EXIT_OP_ID 6 - -#define WRITE_ENTER_OP_ID 7 -#define WRITE_EXIT_OP_ID 8 -#define WRITEV_ENTER_OP_ID 9 -#define WRITEV_EXIT_OP_ID 10 - struct null_event { - __u32 op_id; + __u32 syscall_id; __u32 pid; __u32 tid; __u32 time; }; struct fd_event { - __u32 op_id; + __u32 syscall_id; __u32 pid; __u32 tid; __u32 time; @@ -32,7 +19,7 @@ struct fd_event { }; struct rw_event { - __u32 op_id; + __u32 syscall_id; __u32 pid; __u32 tid; __u32 time; @@ -40,7 +27,7 @@ struct rw_event { }; struct open_enter_event { - __u32 op_id; + __u32 syscall_id; __u32 pid; __u32 tid; __u32 time; diff --git a/internal/eventloop.go b/internal/eventloop.go index 7dbdffb..afb0abf 100644 --- a/internal/eventloop.go +++ b/internal/eventloop.go @@ -38,16 +38,16 @@ func eventLoop(bpfModule *bpf.Module, ch <-chan []byte) { openFdMap := make(map[int32]openFile) for raw := range ch { - switch OpId(raw[0]) { - case OPENAT_ENTER_OP_ID: + switch SyscallId(raw[0]) { + case SYS_ENTER_OPENAT: fallthrough - case OPEN_ENTER_OP_ID: + case SYS_ENTER_OPEN: ev := NewOpenEnterEvent(raw) enterOpen[ev.Tid] = ev - case OPENAT_EXIT_OP_ID: + case SYS_EXIT_OPENAT: fallthrough - case OPEN_EXIT_OP_ID: + case SYS_EXIT_OPEN: ev := NewFdEvent(raw) enterEv, ok := enterOpen[ev.Tid] if !ok { @@ -66,11 +66,9 @@ func eventLoop(bpfModule *bpf.Module, ch <-chan []byte) { ev.Recycle() enterEv.Recycle() - case CLOSE_ENTER_OP_ID: + case SYS_ENTER_CLOSE: fallthrough - case WRITE_ENTER_OP_ID: - fallthrough - case WRITEV_ENTER_OP_ID: + case SYS_ENTER_WRITE: ev := NewFdEvent(raw) if _, ok := openFdMap[ev.Fd]; !ok { // File open not traced (todo: read from procfs?) @@ -79,7 +77,7 @@ func eventLoop(bpfModule *bpf.Module, ch <-chan []byte) { } enterFd[ev.Tid] = ev - case CLOSE_EXIT_OP_ID: + case SYS_EXIT_CLOSE: ev := NewNullEvent(raw) enterEv, ok := enterFd[ev.Tid] if !ok { @@ -95,9 +93,7 @@ func eventLoop(bpfModule *bpf.Module, ch <-chan []byte) { ev.Recycle() enterEv.Recycle() - case WRITE_EXIT_OP_ID: - fallthrough - case WRITEV_EXIT_OP_ID: + case SYS_EXIT_WRITE: ev := NewRwEvent(raw) enterEv, ok := enterFd[ev.Tid] if !ok { diff --git a/internal/generated/Makefile b/internal/generated/Makefile index 32911d2..b132bb3 100644 --- a/internal/generated/Makefile +++ b/internal/generated/Makefile @@ -4,14 +4,14 @@ generate: tracepoints types .PHONY: tracepoints tracepoints: - cat ../c/tracepoints/*.c \ + cat ../c/*/*.c \ | raku tracepoints.raku \ | goimports | gofmt \ | tee tracepoints/tracepoints.go .PHONY: types types: - cat ../c/types.h \ + ( cat ../c/types.h; grep -h '^#define' ../c/*/*.c ) \ | raku nqc.raku \ | goimports | gofmt \ | tee types/types.go diff --git a/internal/generated/nqc.raku b/internal/generated/nqc.raku index e5ea4e1..e237b3f 100644 --- a/internal/generated/nqc.raku +++ b/internal/generated/nqc.raku @@ -44,7 +44,7 @@ class NQCToGoActions { method constant($/) { push @!const-names: ~$<identifier>; - my $const-type = $<identifier>.ends-with('_OP_ID') ?? ' OpId' !! ''; + my $const-type = $<identifier>.starts-with('SYS_') ?? ' SyscallId ' !! ''; make qq:to/END/; const {$<identifier>}$const-type = {$<number>} @@ -53,14 +53,14 @@ class NQCToGoActions { method !constant-go-string-method returns Str { qq:to/END/; - type OpId uint32 + type SyscallId uint32 - func (o OpId) String() string \{ - switch (o) \{ - {@!const-names.grep(/_OP_ID$/).map({ - "case $_: return \"{$_.subst('_OP_ID', '').lc}\"" + func (s SyscallId) String() string \{ + switch (s) \{ + {@!const-names.grep(/^SYS_/).map({ + "case $_: return \"{$_.subst('SYS_', '').lc}\"" }).join('; ')} - default: panic(fmt.Sprintf("Unknown OpId: %d", o)) + default: panic(fmt.Sprintf("Unknown SyscallId: %d", s)) \} \} END @@ -120,7 +120,7 @@ class NQCToGoActions { } method member($/) { - my Str $type = $<identifier>.made eq 'OpId' ?? 'OpId' !! $<type>.made; + my Str $type = $<identifier>.made eq 'SyscallId' ?? 'SyscallId' !! $<type>.made; make $<identifier>.made ~ ' ' ~ ($<arraysize> // '') ~ $type; } diff --git a/internal/generated/tracepoints.raku b/internal/generated/tracepoints.raku index e5cb29a..0afdd7f 100644 --- a/internal/generated/tracepoints.raku +++ b/internal/generated/tracepoints.raku @@ -11,6 +11,6 @@ say qq:to/END/; package tracepoints var List = []string\{ - t{@tracepoints.map({ "\"$_\"," }).join("\n\t") } + {@tracepoints.map({ "\"$_\"," }).join("\n\t") } \} END diff --git a/internal/generated/tracepoints/tracepoints.go b/internal/generated/tracepoints/tracepoints.go index cfd1fd3..b0ce16d 100644 --- a/internal/generated/tracepoints/tracepoints.go +++ b/internal/generated/tracepoints/tracepoints.go @@ -2,14 +2,62 @@ package tracepoints var List = []string{ - "enter_close", + "exit_cachestat", + "enter_cachestat", + "exit_close_range", + "enter_close_range", "exit_close", + "enter_close", + "exit_fchown", + "enter_fchown", + "exit_fchmod", + "enter_fchmod", + "exit_fchdir", + "enter_fchdir", + "exit_ftruncate", + "enter_ftruncate", + "exit_copy_file_range", + "enter_copy_file_range", + "exit_pwrite", + "enter_pwrite", + "exit_pread", + "enter_pread", + "exit_write", + "enter_write", + "exit_read", + "enter_read", + "exit_lseek", + "enter_lseek", + "exit_newfstat", + "enter_newfstat", + "exit_fcntl", + "enter_fcntl", + "exit_ioctl", + "enter_ioctl", + "exit_getdents", + "enter_getdents", + "exit_getdents", + "enter_getdents", + "exit_sync_file_range", + "enter_sync_file_range", + "exit_fdatasync", + "enter_fdatasync", + "exit_fsync", + "enter_fsync", + "exit_fstatfs", + "enter_fstatfs", + "exit_flock", + "enter_flock", + "exit_quotactl_fd", + "enter_quotactl_fd", + "exit_io_uring_register", + "enter_io_uring_register", + "exit_io_uring_enter", + "enter_io_uring_enter", "enter_openat", "exit_openat", "enter_open", "exit_open", "enter_write", "exit_write", - "enter_write", - "exit_write", } diff --git a/internal/generated/types/types.go b/internal/generated/types/types.go index 6fed235..c87d276 100644 --- a/internal/generated/types/types.go +++ b/internal/generated/types/types.go @@ -8,57 +8,139 @@ import ( "sync" ) -type OpId uint32 - -func (o OpId) String() string { - switch o { - case OPENAT_ENTER_OP_ID: - return "openat_enter" - case OPENAT_EXIT_OP_ID: - return "openat_exit" - case OPEN_ENTER_OP_ID: - return "open_enter" - case OPEN_EXIT_OP_ID: - return "open_exit" - case CLOSE_ENTER_OP_ID: - return "close_enter" - case CLOSE_EXIT_OP_ID: - return "close_exit" - case WRITE_ENTER_OP_ID: - return "write_enter" - case WRITE_EXIT_OP_ID: - return "write_exit" - case WRITEV_ENTER_OP_ID: - return "writev_enter" - case WRITEV_EXIT_OP_ID: - return "writev_exit" +type SyscallId uint32 + +func (s SyscallId) String() string { + switch s { + case SYS_EXIT_CACHESTAT: + return "exit_cachestat" + case SYS_ENTER_CACHESTAT: + return "enter_cachestat" + case SYS_EXIT_CLOSE_RANGE: + return "exit_close_range" + case SYS_ENTER_CLOSE_RANGE: + return "enter_close_range" + case SYS_EXIT_CLOSE: + return "exit_close" + case SYS_ENTER_CLOSE: + return "enter_close" + case SYS_EXIT_FCHOWN: + return "exit_fchown" + case SYS_ENTER_FCHOWN: + return "enter_fchown" + case SYS_EXIT_FCHMOD: + return "exit_fchmod" + case SYS_ENTER_FCHMOD: + return "enter_fchmod" + case SYS_EXIT_FCHDIR: + return "exit_fchdir" + case SYS_ENTER_FCHDIR: + return "enter_fchdir" + case SYS_EXIT_FTRUNCATE: + return "exit_ftruncate" + case SYS_ENTER_FTRUNCATE: + return "enter_ftruncate" + case SYS_EXIT_COPY_FILE_RANGE: + return "exit_copy_file_range" + case SYS_ENTER_COPY_FILE_RANGE: + return "enter_copy_file_range" + case SYS_EXIT_PWRITE64: + return "exit_pwrite64" + case SYS_ENTER_PWRITE64: + return "enter_pwrite64" + case SYS_EXIT_PREAD64: + return "exit_pread64" + case SYS_ENTER_PREAD64: + return "enter_pread64" + case SYS_EXIT_WRITE: + return "exit_write" + case SYS_ENTER_WRITE: + return "enter_write" + case SYS_EXIT_READ: + return "exit_read" + case SYS_ENTER_READ: + return "enter_read" + case SYS_EXIT_LSEEK: + return "exit_lseek" + case SYS_ENTER_LSEEK: + return "enter_lseek" + case SYS_EXIT_NEWFSTAT: + return "exit_newfstat" + case SYS_ENTER_NEWFSTAT: + return "enter_newfstat" + case SYS_EXIT_FCNTL: + return "exit_fcntl" + case SYS_ENTER_FCNTL: + return "enter_fcntl" + case SYS_EXIT_IOCTL: + return "exit_ioctl" + case SYS_ENTER_IOCTL: + return "enter_ioctl" + case SYS_EXIT_GETDENTS64: + return "exit_getdents64" + case SYS_ENTER_GETDENTS64: + return "enter_getdents64" + case SYS_EXIT_GETDENTS: + return "exit_getdents" + case SYS_ENTER_GETDENTS: + return "enter_getdents" + case SYS_EXIT_SYNC_FILE_RANGE: + return "exit_sync_file_range" + case SYS_ENTER_SYNC_FILE_RANGE: + return "enter_sync_file_range" + case SYS_EXIT_FDATASYNC: + return "exit_fdatasync" + case SYS_ENTER_FDATASYNC: + return "enter_fdatasync" + case SYS_EXIT_FSYNC: + return "exit_fsync" + case SYS_ENTER_FSYNC: + return "enter_fsync" + case SYS_EXIT_FSTATFS: + return "exit_fstatfs" + case SYS_ENTER_FSTATFS: + return "enter_fstatfs" + case SYS_EXIT_FLOCK: + return "exit_flock" + case SYS_ENTER_FLOCK: + return "enter_flock" + case SYS_EXIT_QUOTACTL_FD: + return "exit_quotactl_fd" + case SYS_ENTER_QUOTACTL_FD: + return "enter_quotactl_fd" + case SYS_EXIT_IO_URING_REGISTER: + return "exit_io_uring_register" + case SYS_ENTER_IO_URING_REGISTER: + return "enter_io_uring_register" + case SYS_EXIT_IO_URING_ENTER: + return "exit_io_uring_enter" + case SYS_ENTER_IO_URING_ENTER: + return "enter_io_uring_enter" + case SYS_ENTER_OPEN: + return "enter_open" + case SYS_EXIT_OPEN: + return "exit_open" + case SYS_ENTER_OPENAT: + return "enter_openat" + case SYS_EXIT_OPENAT: + return "exit_openat" default: - panic(fmt.Sprintf("Unknown OpId: %d", o)) + panic(fmt.Sprintf("Unknown SyscallId: %d", s)) } } const MAX_FILENAME_LENGTH = 256 const MAX_PROGNAME_LENGTH = 16 -const OPENAT_ENTER_OP_ID OpId = 1 -const OPENAT_EXIT_OP_ID OpId = 2 -const OPEN_ENTER_OP_ID OpId = 3 -const OPEN_EXIT_OP_ID OpId = 4 -const CLOSE_ENTER_OP_ID OpId = 5 -const CLOSE_EXIT_OP_ID OpId = 6 -const WRITE_ENTER_OP_ID OpId = 7 -const WRITE_EXIT_OP_ID OpId = 8 -const WRITEV_ENTER_OP_ID OpId = 9 -const WRITEV_EXIT_OP_ID OpId = 10 type NullEvent struct { - OpId OpId - Pid uint32 - Tid uint32 - Time uint32 + SyscallId SyscallId + Pid uint32 + Tid uint32 + Time uint32 } func (n NullEvent) String() string { - return fmt.Sprintf("OpId:%v Pid:%v Tid:%v Time:%v", n.OpId, n.Pid, n.Tid, n.Time) + return fmt.Sprintf("SyscallId:%v Pid:%v Tid:%v Time:%v", n.SyscallId, n.Pid, n.Tid, n.Time) } var poolOfNullEvents = sync.Pool{ @@ -79,15 +161,15 @@ func (n *NullEvent) Recycle() { } type FdEvent struct { - OpId OpId - Pid uint32 - Tid uint32 - Time uint32 - Fd int32 + SyscallId SyscallId + Pid uint32 + Tid uint32 + Time uint32 + Fd int32 } func (f FdEvent) String() string { - return fmt.Sprintf("OpId:%v Pid:%v Tid:%v Time:%v Fd:%v", f.OpId, f.Pid, f.Tid, f.Time, f.Fd) + return fmt.Sprintf("SyscallId:%v Pid:%v Tid:%v Time:%v Fd:%v", f.SyscallId, f.Pid, f.Tid, f.Time, f.Fd) } var poolOfFdEvents = sync.Pool{ @@ -108,15 +190,15 @@ func (f *FdEvent) Recycle() { } type RwEvent struct { - OpId OpId - Pid uint32 - Tid uint32 - Time uint32 - Size uint64 + SyscallId SyscallId + Pid uint32 + Tid uint32 + Time uint32 + Size uint64 } func (r RwEvent) String() string { - return fmt.Sprintf("OpId:%v Pid:%v Tid:%v Time:%v Size:%v", r.OpId, r.Pid, r.Tid, r.Time, r.Size) + return fmt.Sprintf("SyscallId:%v Pid:%v Tid:%v Time:%v Size:%v", r.SyscallId, r.Pid, r.Tid, r.Time, r.Size) } var poolOfRwEvents = sync.Pool{ @@ -137,16 +219,16 @@ func (r *RwEvent) Recycle() { } type OpenEnterEvent struct { - OpId OpId - Pid uint32 - Tid uint32 - Time uint32 - Filename [MAX_FILENAME_LENGTH]byte - Comm [MAX_PROGNAME_LENGTH]byte + SyscallId SyscallId + Pid uint32 + Tid uint32 + Time uint32 + Filename [MAX_FILENAME_LENGTH]byte + Comm [MAX_PROGNAME_LENGTH]byte } func (o OpenEnterEvent) String() string { - return fmt.Sprintf("OpId:%v Pid:%v Tid:%v Time:%v Filename:%v Comm:%v", o.OpId, o.Pid, o.Tid, o.Time, string(o.Filename[:]), string(o.Comm[:])) + return fmt.Sprintf("SyscallId:%v Pid:%v Tid:%v Time:%v Filename:%v Comm:%v", o.SyscallId, o.Pid, o.Tid, o.Time, string(o.Filename[:]), string(o.Comm[:])) } var poolOfOpenEnterEvents = sync.Pool{ @@ -165,3 +247,60 @@ func NewOpenEnterEvent(raw []byte) *OpenEnterEvent { func (o *OpenEnterEvent) Recycle() { poolOfOpenEnterEvents.Put(o) } + +const SYS_EXIT_CACHESTAT SyscallId = 520 +const SYS_ENTER_CACHESTAT SyscallId = 521 +const SYS_EXIT_CLOSE_RANGE SyscallId = 692 +const SYS_ENTER_CLOSE_RANGE SyscallId = 693 +const SYS_EXIT_CLOSE SyscallId = 694 +const SYS_ENTER_CLOSE SyscallId = 695 +const SYS_EXIT_FCHOWN SyscallId = 704 +const SYS_ENTER_FCHOWN SyscallId = 705 +const SYS_EXIT_FCHMOD SyscallId = 718 +const SYS_ENTER_FCHMOD SyscallId = 719 +const SYS_EXIT_FCHDIR SyscallId = 722 +const SYS_ENTER_FCHDIR SyscallId = 723 +const SYS_EXIT_FTRUNCATE SyscallId = 734 +const SYS_ENTER_FTRUNCATE SyscallId = 735 +const SYS_EXIT_COPY_FILE_RANGE SyscallId = 738 +const SYS_ENTER_COPY_FILE_RANGE SyscallId = 739 +const SYS_EXIT_PWRITE64 SyscallId = 754 +const SYS_ENTER_PWRITE64 SyscallId = 755 +const SYS_EXIT_PREAD64 SyscallId = 756 +const SYS_ENTER_PREAD64 SyscallId = 757 +const SYS_EXIT_WRITE SyscallId = 758 +const SYS_ENTER_WRITE SyscallId = 759 +const SYS_EXIT_READ SyscallId = 760 +const SYS_ENTER_READ SyscallId = 761 +const SYS_EXIT_LSEEK SyscallId = 762 +const SYS_ENTER_LSEEK SyscallId = 763 +const SYS_EXIT_NEWFSTAT SyscallId = 770 +const SYS_ENTER_NEWFSTAT SyscallId = 771 +const SYS_EXIT_FCNTL SyscallId = 814 +const SYS_ENTER_FCNTL SyscallId = 815 +const SYS_EXIT_IOCTL SyscallId = 816 +const SYS_ENTER_IOCTL SyscallId = 817 +const SYS_EXIT_GETDENTS64 SyscallId = 818 +const SYS_ENTER_GETDENTS64 SyscallId = 819 +const SYS_EXIT_GETDENTS SyscallId = 820 +const SYS_ENTER_GETDENTS SyscallId = 821 +const SYS_EXIT_SYNC_FILE_RANGE SyscallId = 914 +const SYS_ENTER_SYNC_FILE_RANGE SyscallId = 915 +const SYS_EXIT_FDATASYNC SyscallId = 916 +const SYS_ENTER_FDATASYNC SyscallId = 917 +const SYS_EXIT_FSYNC SyscallId = 918 +const SYS_ENTER_FSYNC SyscallId = 919 +const SYS_EXIT_FSTATFS SyscallId = 936 +const SYS_ENTER_FSTATFS SyscallId = 937 +const SYS_EXIT_FLOCK SyscallId = 1012 +const SYS_ENTER_FLOCK SyscallId = 1013 +const SYS_EXIT_QUOTACTL_FD SyscallId = 1043 +const SYS_ENTER_QUOTACTL_FD SyscallId = 1044 +const SYS_EXIT_IO_URING_REGISTER SyscallId = 1366 +const SYS_ENTER_IO_URING_REGISTER SyscallId = 1367 +const SYS_EXIT_IO_URING_ENTER SyscallId = 1370 +const SYS_ENTER_IO_URING_ENTER SyscallId = 1371 +const SYS_ENTER_OPEN SyscallId = 1 +const SYS_EXIT_OPEN SyscallId = 2 +const SYS_ENTER_OPENAT SyscallId = 3 +const SYS_EXIT_OPENAT SyscallId = 4 |