summaryrefslogtreecommitdiff
path: root/internal/c/tracepoints/write.c
diff options
context:
space:
mode:
Diffstat (limited to 'internal/c/tracepoints/write.c')
-rw-r--r--internal/c/tracepoints/write.c37
1 files changed, 37 insertions, 0 deletions
diff --git a/internal/c/tracepoints/write.c b/internal/c/tracepoints/write.c
new file mode 100644
index 0000000..262cb48
--- /dev/null
+++ b/internal/c/tracepoints/write.c
@@ -0,0 +1,37 @@
+//+build ignore
+
+SEC("tracepoint/syscalls/sys_enter_write")
+int handle_enter_write(struct trace_event_raw_sys_enter *ctx) {
+ if (filter())
+ return 0;
+
+ struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->op_id = WRITE_ENTER_OP_ID;
+ ev->pid_tgid = bpf_get_current_pid_tgid();
+ ev->time = bpf_ktime_get_ns();
+ ev->fd = (int)ctx->args[0];
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+SEC("tracepoint/syscalls/sys_exit_write")
+int handle_exit_write(struct trace_event_raw_sys_enter *ctx) {
+ if (filter())
+ return 0;
+
+ struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->op_id = WRITE_EXIT_OP_ID;
+ ev->pid_tgid = bpf_get_current_pid_tgid();
+ ev->time = bpf_ktime_get_ns();
+
+ bpf_ringbuf_submit(ev, 0);
+
+ return 0;
+}
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-16 12:08:42 +0000