summaryrefslogtreecommitdiff
path: root/internal/c
diff options
context:
space:
mode:
Diffstat (limited to 'internal/c')
-rw-r--r--internal/c/Makefile8
-rw-r--r--internal/c/generate_tracepoints_c.raku353
-rw-r--r--internal/c/generated_tracepoints.c709
-rw-r--r--internal/c/generated_tracepoints_result.txt8
4 files changed, 389 insertions, 689 deletions
diff --git a/internal/c/Makefile b/internal/c/Makefile
index d676368..03c1f9f 100644
--- a/internal/c/Makefile
+++ b/internal/c/Makefile
@@ -27,18 +27,18 @@ generate: generate_tracepoints
generate_tracepoints:
sudo sh -c 'sudo find /sys/kernel/tracing/events/syscalls -maxdepth 2 -mindepth 2 -name format' \
| sort -t_ -k3 | sudo xargs cat \
- | raku generate_tracepoints_c.raku > ./generated_tracepoints.c
+ | go run ../../cmd/generate tracepoints-c > ./generated_tracepoints.c
grep '^/// ' ./generated_tracepoints.c | sort | sed 's|/// ||' > ./generated_tracepoints_result.txt.new
diff -u ./generated_tracepoints_result.txt ./generated_tracepoints_result.txt.new
cp ./generated_tracepoints_result.txt.new ./generated_tracepoints_result.txt
# TODO: Document what to do, when a syscall is missing. E.g. we also need to add the new syscall maybe
-# to the classifier in generate_tracepoints_c.raku!
+# to the classifier in cmd/generate and internal/generate!
.PHONY: generate_tracepoints_force
generate_tracepoints_force:
sudo sh -c 'sudo find /sys/kernel/tracing/events/syscalls -maxdepth 2 -mindepth 2 -name format' \
| sort -t_ -k3 | sudo xargs cat \
- | raku generate_tracepoints_c.raku > ./generated_tracepoints.c
+ | go run ../../cmd/generate tracepoints-c > ./generated_tracepoints.c
grep '^/// ' ./generated_tracepoints.c | sort | sed 's|/// ||' > ./generated_tracepoints_result.txt.new
sh -c 'diff -u ./generated_tracepoints_result.txt ./generated_tracepoints_result.txt.new; exit 0'
cp ./generated_tracepoints_result.txt.new ./generated_tracepoints_result.txt
@@ -47,4 +47,4 @@ generate_tracepoints_force:
generate_tracepoints_stdout:
sudo sh -c 'sudo find /sys/kernel/tracing/events/syscalls -maxdepth 2 -mindepth 2 -name format' \
| sort -t_ -k3 | sudo xargs cat \
- | raku generate_tracepoints_c.raku
+ | go run ../../cmd/generate tracepoints-c
diff --git a/internal/c/generate_tracepoints_c.raku b/internal/c/generate_tracepoints_c.raku
deleted file mode 100644
index c1ba954..0000000
--- a/internal/c/generate_tracepoints_c.raku
+++ /dev/null
@@ -1,353 +0,0 @@
-#!/usr/bin/env raku
-
-use v6.d;
-
-# TODO: Also add sys_enter_open_by_handler_at
-# TOOD: creat is an open_event?
-
-# Grammar to parse /sys/kernel/tracing/events/syscalls/sys_{enter,exit}_*/format'
-grammar SysTraceFormat {
- rule TOP { <whole-format-section>* }
- rule whole-format-section { <name> <id> <format> <print-fmt> }
- rule name { 'name:' <identifier> }
- rule id { 'ID:' <number> }
- rule format { 'format:' <field>* }
-
- rule field { 'field:' <field-elements> }
- rule field-elements { <field-declaration> <field-offset> <field-size> <field-signed> }
- rule field-declaration { <field-type>+ <identifier> ';' }
-
- token field-type { <-[ \t]> }
- token field-offset { 'offset:' <number> ';' }
- token field-size { 'size:' <number> ';' }
- token field-signed { 'signed:' <cbool> ';' }
-
- token identifier { <[a..zA..Z0..9_]>+ }
- token number { \d+ }
- token cbool { '0' | '1' }
- token print-fmt { 'print fmt' <-[\n]>+ "\n" }
-}
-
-class Field {
- has Str $.type is rw;
- has Str $.name is rw;
- has Int $.offset is rw;
- has Int $.size is rw;
- has Bool $.signed is rw;
-}
-
-role TracepointTemplate {
- method template(%vals --> Str) {
- my Bool \is-enter = %vals<name>.split('_')[1] eq 'enter';
- my Str \ctx-struct = is-enter ?? 'trace_event_raw_sys_enter' !! 'trace_event_raw_sys_exit';
- my Str \event-struct-comment = %vals<event-struct-comment> // %vals<event-struct>;
- my Str @parts;
-
- @parts.push: qq:to/BPF_C_CODE/;
- /// {%vals<name>.lc} is a struct {event-struct-comment}
- SEC("tracepoint/syscalls/{%vals<name>}")
- int handle_{%vals<name>.lc}(struct {ctx-struct} *ctx) \{
- __u32 pid, tid;
- if (filter(&pid, &tid))
- return 0;
-
- struct {%vals<event-struct>} *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct {%vals<event-struct>}), 0);
- if (!ev)
- return 0;
-
- ev->event_type = {(is-enter ?? 'ENTER_' !! 'EXIT_') ~ %vals<event-struct>.uc};
- ev->trace_id = {%vals<name>.uc};
- ev->pid = pid;
- ev->tid = tid;
- ev->time = bpf_ktime_get_boot_ns();
- BPF_C_CODE
-
- @parts.push: %vals<extra> if %vals<extra>:exists;
-
- @parts.push: qq:to/BPF_C_CODE/;
-
- bpf_ringbuf_submit(ev, 0);
- return 0;
- \}
- BPF_C_CODE
-
- [~] @parts;
- }
-}
-
-class FdTracepoint does TracepointTemplate {
- method generate-bpf-c-tracepoint(%vals --> Str) {
- my Str $extra = qq:to/BPF_C_CODE/;
- ev->fd = (__s32)ctx->args[0];
- BPF_C_CODE
- self.template: %vals.append( ( event-struct => 'fd_event', :$extra ).hash );
- }
-}
-
-class Dup3Tracepoint does TracepointTemplate {
- method generate-bpf-c-tracepoint(%vals --> Str) {
- my Str $extra = qq:to/BPF_C_CODE/;
- ev->fd = (__s32)ctx->args[0];
- ev->flags = (__s32)ctx->args[2];
- BPF_C_CODE
- self.template: %vals.append( ( event-struct => 'dup3_event', :$extra ).hash );
- }
-}
-
-class OpenByHandleAtTracepoint does TracepointTemplate {
- method generate-bpf-c-tracepoint(%vals --> Str) {
- my Str $extra = qq:to/BPF_C_CODE/;
- ev->flags = (__s32)ctx->args[2];
- BPF_C_CODE
- self.template: %vals.append( ( event-struct => 'open_by_handle_at_event', :$extra ).hash );
- }
-}
-
-class NameTracepoint does TracepointTemplate {
- method generate-bpf-c-tracepoint(%vals --> Str) {
- my Int \oldname-field-number = %vals<format>.field-number('oldname');
- my Int \newname-field-number = %vals<format>.field-number('newname');
- my Str $extra = qq:to/BPF_C_CODE/;
- __builtin_memset(\&(ev->oldname), 0, sizeof(ev->oldname) + sizeof(ev->newname));
- bpf_probe_read_user_str(ev->oldname, sizeof(ev->oldname), (void*)ctx->args[{oldname-field-number}]);
- bpf_probe_read_user_str(ev->newname, sizeof(ev->newname), (void*)ctx->args[{newname-field-number}]);
- BPF_C_CODE
- self.template: %vals.append( ( event-struct => 'name_event', :$extra ).hash );
- }
-}
-
-class OpenTracepoint does TracepointTemplate {
- method generate-bpf-c-tracepoint(%vals --> Str) {
- my Int \filename-field-number = %vals<format>.field-number('filename');
- my Int \flags-field-number = %vals<format>.field-number('flags');
- my Str $extra = qq:to/BPF_C_CODE/;
- __builtin_memset(\&(ev->filename), 0, sizeof(ev->filename) + sizeof(ev->comm));
- bpf_probe_read_user_str(ev->filename, sizeof(ev->filename), (void *)ctx->args[{filename-field-number}]);
- bpf_get_current_comm(\&ev->comm, sizeof(ev->comm));
- ev->flags = {flags-field-number > -1 ?? ('ctx->args[' ~ flags-field-number ~ '];') !! '-1; // Probably OK'}
- BPF_C_CODE
- self.template: %vals.append( ( event-struct => 'open_event', :$extra ).hash );
- }
-}
-
-class PathnameTracepoint does TracepointTemplate {
- has Str $.field-name is required;
- submethod new (Str $field-name) { self.bless: :$field-name }
-
- method generate-bpf-c-tracepoint(%vals --> Str) {
- my Int \field-number = %vals<format>.field-number($.field-name);
- my Str $extra = qq:to/BPF_C_CODE/;
- __builtin_memset(\&(ev->pathname), 0, sizeof(ev->pathname));
- bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[{field-number}]);
- BPF_C_CODE
- self.template: %vals.append( ( event-struct => 'path_event', :$extra ).hash );
- }
-}
-
-role TracepointClassification {
- method classify-tracepoint(Str \name --> Str) { self.classify: name.subst(/^sys_exit_/, '', :i).lc }
-
- # TODO: Use patterh matching, e.g. pread.*, evwrite.*..
- multi method classify('fgetxattr' --> Str) { 'READ_CLASSIFIED' }
- multi method classify('flistxattr' --> Str) { 'READ_CLASSIFIED' }
- multi method classify('getdents' --> Str) { 'READ_CLASSIFIED' }
- multi method classify('getdents64' --> Str) { 'READ_CLASSIFIED' }
- multi method classify('getxattr' --> Str) { 'READ_CLASSIFIED' }
- multi method classify('lgetxattr' --> Str) { 'READ_CLASSIFIED' }
- multi method classify('listxattr' --> Str) { 'READ_CLASSIFIED' }
- multi method classify('llistxattr' --> Str) { 'READ_CLASSIFIED' }
- multi method classify('pread64' --> Str) { 'READ_CLASSIFIED' }
- multi method classify('preadv' --> Str) { 'READ_CLASSIFIED' }
- multi method classify('preadv2' --> Str) { 'READ_CLASSIFIED' }
- multi method classify('process_vm_readv' --> Str) { 'READ_CLASSIFIED' }
- multi method classify('read' --> Str) { 'READ_CLASSIFIED' }
- multi method classify('readlink' --> Str) { 'READ_CLASSIFIED' }
- multi method classify('readlinkat' --> Str) { 'READ_CLASSIFIED' }
- multi method classify('readv' --> Str) { 'READ_CLASSIFIED' }
- multi method classify('recvmmsg' --> Str) { 'READ_CLASSIFIED' }
- multi method classify('recvmsg' --> Str) { 'READ_CLASSIFIED' }
- multi method classify('recvfrom' --> Str) { 'READ_CLASSIFIED' }
- multi method classify('syslog' --> Str) { 'READ_CLASSIFIED' }
-
- multi method classify('copy_file_range' --> Str) { 'TRANSFER_CLASSIFIED' }
- multi method classify('sendfile64' --> Str) { 'TRANSFER_CLASSIFIED' }
- multi method classify('splice' --> Str) { 'TRANSFER_CLASSIFIED' }
- multi method classify('tee' --> Str) { 'TRANSFER_CLASSIFIED' }
- multi method classify('vmsplice' --> Str) { 'TRANSFER_CLASSIFIED' }
-
- multi method classify('process_vm_writev' --> Str) { 'WRITE_CLASSIFIED' }
- multi method classify('pwrite64' --> Str) { 'WRITE_CLASSIFIED' }
- multi method classify('pwritev' --> Str) { 'WRITE_CLASSIFIED' }
- multi method classify('pwritev2' --> Str) { 'WRITE_CLASSIFIED' }
- multi method classify('sendmmsg' --> Str) { 'WRITE_CLASSIFIED' }
- multi method classify('sendmsg' --> Str) { 'WRITE_CLASSIFIED' }
- multi method classify('sendto' --> Str) { 'WRITE_CLASSIFIED' }
- multi method classify('write' --> Str) { 'WRITE_CLASSIFIED' }
- multi method classify('writev' --> Str) { 'WRITE_CLASSIFIED' }
-
- multi method classify($ --> Str) { 'UNCLASSIFIED' }
-}
-
-class RetTracepoint does TracepointTemplate does TracepointClassification {
- method generate-bpf-c-tracepoint(%vals --> Str) {
- my $classification = self.classify-tracepoint(%vals<name>);
- my Str $extra = qq:to/BPF_C_CODE/;
- ev->ret = ctx->ret;
- ev->ret_type = {$classification};
- BPF_C_CODE
- self.template: %vals.append( ( event-struct => "ret_event", event-struct-comment => "ret_event ($classification)", :$extra ).hash );
- }
-}
-
-class NullTracepoint does TracepointTemplate {
- method generate-bpf-c-tracepoint(%vals --> Str) {
- self.template: %vals.append( ( event-struct => 'null_event' ).hash );
- }
-}
-
-class FcntlTracepoint does TracepointTemplate {
- method generate-bpf-c-tracepoint(%vals --> Str) {
- my Int \fd-field-number = %vals<format>.field-number('fd');
- my Int \cmd-field-number = %vals<format>.field-number('cmd');
- my Int \arg-field-number = %vals<format>.field-number('arg');
- my Str $extra = qq:to/BPF_C_CODE/;
- ev->fd = {'ctx->args[' ~ fd-field-number ~ ']'};
- ev->cmd = {'ctx->args[' ~ cmd-field-number ~ ']'};
- ev->arg = {'ctx->args[' ~ arg-field-number ~ ']'};
- BPF_C_CODE
- self.template: %vals.append( ( event-struct => 'fcntl_event', :$extra ).hash );
- }
-}
-
-class Format {
- has Field @!internal-fields; # Fields not accessible from raw tracepoints.
- has Field @!external-fields; # Fields accessible from raw tracepoints.
- has Bool $!is-external = False; # Track internal/external field sections.
- has Str $.name is rw;
- has Int $.id is rw;
- has $.format-impl;
-
- method push(Field \field) {
- $!is-external = True if field.name eq '__syscall_nr';
-
- if $!is-external {
- push @!external-fields: field;
- } else {
- push @!internal-fields: field;
- return;
- }
-
- self.set-format-impl($.name, field.type, field.name) unless $!format-impl;
- }
-
- # Tracepoints to ignore
- multi method set-format-impl(Str $s where /^sys_enter_mknod/, $, $) { }
- multi method set-format-impl(Str $s where /^sys_enter_execve/, $, $) { }
- multi method set-format-impl(Str $s where /^sys_enter_accept/, $, $) { }
- multi method set-format-impl(Str $s where /^sys_enter_listen/, $, $) { }
- multi method set-format-impl(Str $s where /^sys_enter_epoll/, $, $) { }
- multi method set-format-impl(Str $s where /^sys_enter_.*recv/, $, $) { }
- multi method set-format-impl(Str $s where /^sys_enter_.*send/, $, $) { }
- multi method set-format-impl(Str $s where /^sys_enter_.*sock/, $, $) { }
- multi method set-format-impl(Str $s where /^sys_enter_.*inotify/, $, $) { }
- multi method set-format-impl(Str $s where /^sys_enter_.*pidfd/, $, $) { }
- multi method set-format-impl('sys_enter_bind', $, $) { }
- multi method set-format-impl('sys_enter_setns', $, $) { }
- multi method set-format-impl('sys_enter_shutdown', $, $) { }
- multi method set-format-impl('sys_enter_connect', $, $) { }
- multi method set-format-impl('sys_enter_fanotify_init', $, $) { }
- multi method set-format-impl('sys_enter_getpeername', $, $) { }
- multi method set-format-impl('sys_enter_name_to_handle_at', $, $) { $!format-impl = PathnameTracepoint.new('pathname') }
- multi method set-format-impl('sys_enter_open_by_handle_at', $, $) { $!format-impl = OpenByHandleAtTracepoint.new }
-
-
- # Explicitly map some tracepoints
- multi method set-format-impl(Str $s where /^sys_enter.*open.*/, 'const char *', 'filename') { $!format-impl = OpenTracepoint.new }
- multi method set-format-impl('sys_enter_fcntl', $, $) { $!format-impl = FcntlTracepoint.new }
- multi method set-format-impl('sys_enter_dup', 'unsigned int', 'fildes') { $!format-impl = FdTracepoint.new }
- multi method set-format-impl('sys_enter_dup2', 'unsigned int', 'oldfd') { $!format-impl = FdTracepoint.new }
- multi method set-format-impl('sys_enter_dup3', 'unsigned int', 'oldfd') { $!format-impl = Dup3Tracepoint.new }
-
- # Tracepoint groups by arguments
- multi method set-format-impl($, Str $type where { $_ eq 'unsigned int' || $_ eq 'unsigned long' || $_ eq 'int' }, 'fd') {
- $!format-impl = FdTracepoint.new
- }
- multi method set-format-impl($, 'const char *', 'newname') { $!format-impl = NameTracepoint.new }
- multi method set-format-impl($, 'const char *', 'pathname') { $!format-impl = PathnameTracepoint.new('pathname') }
- multi method set-format-impl($, 'const char *', 'path') { $!format-impl = PathnameTracepoint.new('path') }
- multi method set-format-impl($, 'const char *', 'filename') { $!format-impl = PathnameTracepoint.new('filename') }
- multi method set-format-impl($, 'long', 'ret') { $!format-impl = RetTracepoint.new }
-
- # Async I/O, at least capture the count and the durations
- multi method set-format-impl('sys_enter_syslog', $, $) { $!format-impl = NullTracepoint.new }
- multi method set-format-impl('sys_enter_sync', $, $) { $!format-impl = NullTracepoint.new }
- multi method set-format-impl(Str $s where /^sys_enter_io_/, $, $) { $!format-impl = NullTracepoint.new }
-
- # All remaining tracepoints are ignored
- multi method set-format-impl($, $, $) { }
-
- method generate-c-constant returns Str { "#define {$!name.uc} {$!id}" }
- method generate-bpf-c-tracepoint returns Str { $!format-impl.generate-bpf-c-tracepoint: (format => self, :$!name).hash }
-
- method field-number(Str \field-name) { (@!external-fields.first(*.name eq field-name, :k) // 0) - 1 }
- method can-generate returns Bool { so $!format-impl.^can('generate-bpf-c-tracepoint') }
-
- method enter-reject returns Bool { $!format-impl !~~ any(
- FdTracepoint, NameTracepoint, OpenTracepoint, PathnameTracepoint, FcntlTracepoint, NullTracepoint, Dup3Tracepoint, OpenByHandleAtTracepoint
- ) }
-}
-
-class SysTraceFormatActions {
- has Hash %!formats;
- has Format $!current-format = Format.new;
- has Field $!current-field = Field.new;
-
- method TOP($/) { make %!formats }
-
- method whole-format-section($/) {
- my ($, \enter-exit, \what) = $!current-format.name.split('_', 3);
- %!formats{what}{enter-exit} = $!current-format;
- $!current-format = Format.new;
- }
-
- method name($/) { $!current-format.name = ~$/<identifier> }
- method id($/) { $!current-format.id = +$/<number> }
-
- method field-declaration($/) {
- $!current-field.name = ~$/<identifier>;
- $!current-field.type = $/<field-type>.join('').trim-trailing;
- $!current-format.push($!current-field);
- $!current-field = Field.new;
- }
-
- method field-offset($/) { $!current-field.offset = +$/<number> }
- method field-size($/) { $!current-field.size = +$/<number> }
- method field-signed($/) { $!current-field.signed = +$/<cbool> == 0 ?? False !! True }
-}
-
-say qq:to/BPF_C_CODE/;
-// Code generated - don't change manually!
-BPF_C_CODE
-
-my Format @formats = gather for
- SysTraceFormat.parse($*IN.slurp, actions => SysTraceFormatActions.new).made.values -> %syscall {
-
- if !all(%syscall.values.map(*.can-generate)) {
- say "/// Ignoring {%syscall.values.map(*.name).sort} as possibly not file I/O related";
- next;
- } elsif %syscall<enter>.enter-reject {
- say "/// Ignoring {%syscall.values.map(*.name).sort} as enter-rejected";
- next;
- }
-
- .take for %syscall.values;
-}
-
-@formats .= sort({ $^b.id cmp $^a.id });
-
-say qq:to/BPF_C_CODE/;
-
-{@formats.map(*.generate-c-constant).join("\n")}
-
-{@formats.map(*.generate-bpf-c-tracepoint).join("\n")}
-BPF_C_CODE
diff --git a/internal/c/generated_tracepoints.c b/internal/c/generated_tracepoints.c
index d636695..941e271 100644
--- a/internal/c/generated_tracepoints.c
+++ b/internal/c/generated_tracepoints.c
@@ -1,310 +1,314 @@
// Code generated - don't change manually!
+/// Ignoring sys_enter_accept4 sys_exit_accept4 as possibly not file I/O related
+/// Ignoring sys_enter_accept sys_exit_accept as possibly not file I/O related
+/// Ignoring sys_enter_acct sys_exit_acct as possibly not file I/O related
+/// Ignoring sys_enter_add_key sys_exit_add_key as possibly not file I/O related
+/// Ignoring sys_enter_adjtimex sys_exit_adjtimex as possibly not file I/O related
+/// Ignoring sys_enter_alarm sys_exit_alarm as possibly not file I/O related
+/// Ignoring sys_enter_arch_prctl sys_exit_arch_prctl as possibly not file I/O related
+/// Ignoring sys_enter_bind sys_exit_bind as possibly not file I/O related
+/// Ignoring sys_enter_bpf sys_exit_bpf as possibly not file I/O related
+/// Ignoring sys_enter_brk sys_exit_brk as possibly not file I/O related
+/// Ignoring sys_enter_capget sys_exit_capget as possibly not file I/O related
+/// Ignoring sys_enter_capset sys_exit_capset as possibly not file I/O related
+/// Ignoring sys_enter_clock_adjtime sys_exit_clock_adjtime as possibly not file I/O related
+/// Ignoring sys_enter_clock_getres sys_exit_clock_getres as possibly not file I/O related
+/// Ignoring sys_enter_clock_gettime sys_exit_clock_gettime as possibly not file I/O related
+/// Ignoring sys_enter_clock_nanosleep sys_exit_clock_nanosleep as possibly not file I/O related
+/// Ignoring sys_enter_clock_settime sys_exit_clock_settime as possibly not file I/O related
+/// Ignoring sys_enter_clone3 sys_exit_clone3 as possibly not file I/O related
+/// Ignoring sys_enter_clone sys_exit_clone as possibly not file I/O related
+/// Ignoring sys_enter_connect sys_exit_connect as possibly not file I/O related
+/// Ignoring sys_enter_copy_file_range sys_exit_copy_file_range as possibly not file I/O related
+/// Ignoring sys_enter_delete_module sys_exit_delete_module as possibly not file I/O related
+/// Ignoring sys_enter_epoll_create1 sys_exit_epoll_create1 as possibly not file I/O related
+/// Ignoring sys_enter_epoll_create sys_exit_epoll_create as possibly not file I/O related
/// Ignoring sys_enter_epoll_ctl sys_exit_epoll_ctl as possibly not file I/O related
-/// Ignoring sys_enter_setdomainname sys_exit_setdomainname as possibly not file I/O related
-/// Ignoring sys_enter_mlockall sys_exit_mlockall as possibly not file I/O related
-/// Ignoring sys_enter_getsockopt sys_exit_getsockopt as possibly not file I/O related
+/// Ignoring sys_enter_epoll_pwait2 sys_exit_epoll_pwait2 as possibly not file I/O related
+/// Ignoring sys_enter_epoll_pwait sys_exit_epoll_pwait as possibly not file I/O related
+/// Ignoring sys_enter_epoll_wait sys_exit_epoll_wait as possibly not file I/O related
+/// Ignoring sys_enter_eventfd2 sys_exit_eventfd2 as possibly not file I/O related
+/// Ignoring sys_enter_eventfd sys_exit_eventfd as possibly not file I/O related
+/// Ignoring sys_enter_execveat sys_exit_execveat as possibly not file I/O related
+/// Ignoring sys_enter_execve sys_exit_execve as possibly not file I/O related
+/// Ignoring sys_enter_exit sys_exit_exit as possibly not file I/O related
+/// Ignoring sys_enter_exit_group sys_exit_exit_group as possibly not file I/O related
+/// Ignoring sys_enter_fanotify_init sys_exit_fanotify_init as possibly not file I/O related
+/// Ignoring sys_enter_fork sys_exit_fork as possibly not file I/O related
+/// Ignoring sys_enter_fsmount sys_exit_fsmount as possibly not file I/O related
+/// Ignoring sys_enter_fsopen sys_exit_fsopen as possibly not file I/O related
+/// Ignoring sys_enter_futex sys_exit_futex as possibly not file I/O related
/// Ignoring sys_enter_futex_requeue sys_exit_futex_requeue as possibly not file I/O related
-/// Ignoring sys_enter_rt_sigtimedwait sys_exit_rt_sigtimedwait as possibly not file I/O related
-/// Ignoring sys_enter_sched_get_priority_min sys_exit_sched_get_priority_min as possibly not file I/O related
-/// Ignoring sys_enter_pkey_alloc sys_exit_pkey_alloc as possibly not file I/O related
-/// Ignoring sys_enter_shmat sys_exit_shmat as possibly not file I/O related
-/// Ignoring sys_enter_recvmsg sys_exit_recvmsg as possibly not file I/O related
-/// Ignoring sys_enter_utime sys_exit_utime as possibly not file I/O related
-/// Ignoring sys_enter_msgget sys_exit_msgget as possibly not file I/O related
-/// Ignoring sys_enter_rseq sys_exit_rseq as possibly not file I/O related
-/// Ignoring sys_enter_personality sys_exit_personality as possibly not file I/O related
+/// Ignoring sys_enter_futex_wait sys_exit_futex_wait as possibly not file I/O related
+/// Ignoring sys_enter_futex_waitv sys_exit_futex_waitv as possibly not file I/O related
+/// Ignoring sys_enter_futex_wake sys_exit_futex_wake as possibly not file I/O related
+/// Ignoring sys_enter_getcpu sys_exit_getcpu as possibly not file I/O related
+/// Ignoring sys_enter_getcwd sys_exit_getcwd as possibly not file I/O related
+/// Ignoring sys_enter_getegid sys_exit_getegid as possibly not file I/O related
+/// Ignoring sys_enter_geteuid sys_exit_geteuid as possibly not file I/O related
+/// Ignoring sys_enter_getgid sys_exit_getgid as possibly not file I/O related
+/// Ignoring sys_enter_getgroups sys_exit_getgroups as possibly not file I/O related
/// Ignoring sys_enter_getitimer sys_exit_getitimer as possibly not file I/O related
-/// Ignoring sys_enter_pkey_free sys_exit_pkey_free as possibly not file I/O related
-/// Ignoring sys_enter_sendfile64 sys_exit_sendfile64 as possibly not file I/O related
-/// Ignoring sys_enter_migrate_pages sys_exit_migrate_pages as possibly not file I/O related
-/// Ignoring sys_enter_gettimeofday sys_exit_gettimeofday as possibly not file I/O related
-/// Ignoring sys_enter_kcmp sys_exit_kcmp as possibly not file I/O related
-/// Ignoring sys_enter_process_vm_readv sys_exit_process_vm_readv as possibly not file I/O related
-/// Ignoring sys_enter_utimes sys_exit_utimes as possibly not file I/O related
-/// Ignoring sys_enter_set_mempolicy sys_exit_set_mempolicy as possibly not file I/O related
+/// Ignoring sys_enter_get_mempolicy sys_exit_get_mempolicy as possibly not file I/O related
+/// Ignoring sys_enter_getpeername sys_exit_getpeername as possibly not file I/O related
+/// Ignoring sys_enter_getpgid sys_exit_getpgid as possibly not file I/O related
+/// Ignoring sys_enter_getpgrp sys_exit_getpgrp as possibly not file I/O related
+/// Ignoring sys_enter_getpid sys_exit_getpid as possibly not file I/O related
+/// Ignoring sys_enter_getppid sys_exit_getppid as possibly not file I/O related
+/// Ignoring sys_enter_getpriority sys_exit_getpriority as possibly not file I/O related
+/// Ignoring sys_enter_getrandom sys_exit_getrandom as possibly not file I/O related
/// Ignoring sys_enter_getresgid sys_exit_getresgid as possibly not file I/O related
-/// Ignoring sys_enter_tgkill sys_exit_tgkill as possibly not file I/O related
-/// Ignoring sys_enter_select sys_exit_select as possibly not file I/O related
-/// Ignoring sys_enter_kexec_file_load sys_exit_kexec_file_load as possibly not file I/O related
-/// Ignoring sys_enter_shmctl sys_exit_shmctl as possibly not file I/O related
-/// Ignoring sys_enter_iopl sys_exit_iopl as possibly not file I/O related
+/// Ignoring sys_enter_getresuid sys_exit_getresuid as possibly not file I/O related
/// Ignoring sys_enter_getrlimit sys_exit_getrlimit as possibly not file I/O related
-/// Ignoring sys_enter_exit sys_exit_exit as possibly not file I/O related
-/// Ignoring sys_enter_prlimit64 sys_exit_prlimit64 as possibly not file I/O related
-/// Ignoring sys_enter_inotify_init1 sys_exit_inotify_init1 as possibly not file I/O related
-/// Ignoring sys_enter_acct sys_exit_acct as possibly not file I/O related
-/// Ignoring sys_enter_pivot_root sys_exit_pivot_root as possibly not file I/O related
-/// Ignoring sys_enter_timer_getoverrun sys_exit_timer_getoverrun as possibly not file I/O related
/// Ignoring sys_enter_get_robust_list sys_exit_get_robust_list as possibly not file I/O related
-/// Ignoring sys_enter_sched_setparam sys_exit_sched_setparam as possibly not file I/O related
+/// Ignoring sys_enter_getrusage sys_exit_getrusage as possibly not file I/O related
+/// Ignoring sys_enter_getsid sys_exit_getsid as possibly not file I/O related
+/// Ignoring sys_enter_getsockname sys_exit_getsockname as possibly not file I/O related
+/// Ignoring sys_enter_getsockopt sys_exit_getsockopt as possibly not file I/O related
+/// Ignoring sys_enter_gettid sys_exit_gettid as possibly not file I/O related
+/// Ignoring sys_enter_gettimeofday sys_exit_gettimeofday as possibly not file I/O related
+/// Ignoring sys_enter_getuid sys_exit_getuid as possibly not file I/O related
+/// Ignoring sys_enter_init_module sys_exit_init_module as possibly not file I/O related
+/// Ignoring sys_enter_inotify_add_watch sys_exit_inotify_add_watch as possibly not file I/O related
+/// Ignoring sys_enter_inotify_init1 sys_exit_inotify_init1 as possibly not file I/O related
+/// Ignoring sys_enter_inotify_init sys_exit_inotify_init as possibly not file I/O related
+/// Ignoring sys_enter_inotify_rm_watch sys_exit_inotify_rm_watch as possibly not file I/O related
+/// Ignoring sys_enter_ioperm sys_exit_ioperm as possibly not file I/O related
+/// Ignoring sys_enter_iopl sys_exit_iopl as possibly not file I/O related
/// Ignoring sys_enter_ioprio_get sys_exit_ioprio_get as possibly not file I/O related
-/// Ignoring sys_enter_rt_sigqueueinfo sys_exit_rt_sigqueueinfo as possibly not file I/O related
+/// Ignoring sys_enter_ioprio_set sys_exit_ioprio_set as possibly not file I/O related
+/// Ignoring sys_enter_kcmp sys_exit_kcmp as possibly not file I/O related
+/// Ignoring sys_enter_kexec_file_load sys_exit_kexec_file_load as possibly not file I/O related
+/// Ignoring sys_enter_kexec_load sys_exit_kexec_load as possibly not file I/O related
+/// Ignoring sys_enter_keyctl sys_exit_keyctl as possibly not file I/O related
+/// Ignoring sys_enter_kill sys_exit_kill as possibly not file I/O related
+/// Ignoring sys_enter_landlock_add_rule sys_exit_landlock_add_rule as possibly not file I/O related
+/// Ignoring sys_enter_landlock_create_ruleset sys_exit_landlock_create_ruleset as possibly not file I/O related
+/// Ignoring sys_enter_landlock_restrict_self sys_exit_landlock_restrict_self as possibly not file I/O related
+/// Ignoring sys_enter_listen sys_exit_listen as possibly not file I/O related
+/// Ignoring sys_enter_listmount sys_exit_listmount as possibly not file I/O related
+/// Ignoring sys_enter_lsm_get_self_attr sys_exit_lsm_get_self_attr as possibly not file I/O related
+/// Ignoring sys_enter_lsm_list_modules sys_exit_lsm_list_modules as possibly not file I/O related
/// Ignoring sys_enter_lsm_set_self_attr sys_exit_lsm_set_self_attr as possibly not file I/O related
+/// Ignoring sys_enter_madvise sys_exit_madvise as possibly not file I/O related
+/// Ignoring sys_enter_map_shadow_stack sys_exit_map_shadow_stack as possibly not file I/O related
+/// Ignoring sys_enter_mbind sys_exit_mbind as possibly not file I/O related
+/// Ignoring sys_enter_membarrier sys_exit_membarrier as possibly not file I/O related
+/// Ignoring sys_enter_memfd_create sys_exit_memfd_create as possibly not file I/O related
+/// Ignoring sys_enter_memfd_secret sys_exit_memfd_secret as possibly not file I/O related
+/// Ignoring sys_enter_migrate_pages sys_exit_migrate_pages as possibly not file I/O related
+/// Ignoring sys_enter_mincore sys_exit_mincore as possibly not file I/O related
+/// Ignoring sys_enter_mknodat sys_exit_mknodat as possibly not file I/O related
+/// Ignoring sys_enter_mknod sys_exit_mknod as possibly not file I/O related
+/// Ignoring sys_enter_mlock2 sys_exit_mlock2 as possibly not file I/O related
+/// Ignoring sys_enter_mlockall sys_exit_mlockall as possibly not file I/O related
+/// Ignoring sys_enter_mlock sys_exit_mlock as possibly not file I/O related
/// Ignoring sys_enter_modify_ldt sys_exit_modify_ldt as possibly not file I/O related
-/// Ignoring sys_enter_rt_sigpending sys_exit_rt_sigpending as possibly not file I/O related
-/// Ignoring sys_enter_arch_prctl sys_exit_arch_prctl as possibly not file I/O related
-/// Ignoring sys_enter_add_key sys_exit_add_key as possibly not file I/O related
/// Ignoring sys_enter_mount sys_exit_mount as possibly not file I/O related
-/// Ignoring sys_enter_signalfd sys_exit_signalfd as possibly not file I/O related
-/// Ignoring sys_enter_exit_group sys_exit_exit_group as possibly not file I/O related
-/// Ignoring sys_enter_futex_waitv sys_exit_futex_waitv as possibly not file I/O related
-/// Ignoring sys_enter_mknod sys_exit_mknod as possibly not file I/O related
-/// Ignoring sys_enter_process_mrelease sys_exit_process_mrelease as possibly not file I/O related
-/// Ignoring sys_enter_landlock_create_ruleset sys_exit_landlock_create_ruleset as possibly not file I/O related
-/// Ignoring sys_enter_copy_file_range sys_exit_copy_file_range as possibly not file I/O related
-/// Ignoring sys_enter_munlock sys_exit_munlock as possibly not file I/O related
-/// Ignoring sys_enter_rt_sigaction sys_exit_rt_sigaction as possibly not file I/O related
+/// Ignoring sys_enter_move_mount sys_exit_move_mount as possibly not file I/O related
/// Ignoring sys_enter_move_pages sys_exit_move_pages as possibly not file I/O related
-/// Ignoring sys_enter_clock_settime sys_exit_clock_settime as possibly not file I/O related
-/// Ignoring sys_enter_sched_rr_get_interval sys_exit_sched_rr_get_interval as possibly not file I/O related
-/// Ignoring sys_enter_reboot sys_exit_reboot as possibly not file I/O related
-/// Ignoring sys_enter_getppid sys_exit_getppid as possibly not file I/O related
-/// Ignoring sys_enter_sched_yield sys_exit_sched_yield as possibly not file I/O related
-/// Ignoring sys_enter_getpeername sys_exit_getpeername as possibly not file I/O related
-/// Ignoring sys_enter_execve sys_exit_execve as possibly not file I/O related
-/// Ignoring sys_enter_pidfd_getfd sys_exit_pidfd_getfd as possibly not file I/O related
-/// Ignoring sys_enter_mlock sys_exit_mlock as possibly not file I/O related
-/// Ignoring sys_enter_timer_gettime sys_exit_timer_gettime as possibly not file I/O related
-/// Ignoring sys_enter_pause sys_exit_pause as possibly not file I/O related
-/// Ignoring sys_enter_poll sys_exit_poll as possibly not file I/O related
-/// Ignoring sys_enter_semget sys_exit_semget as possibly not file I/O related
+/// Ignoring sys_enter_mprotect sys_exit_mprotect as possibly not file I/O related
+/// Ignoring sys_enter_mq_getsetattr sys_exit_mq_getsetattr as possibly not file I/O related
+/// Ignoring sys_enter_mq_notify sys_exit_mq_notify as possibly not file I/O related
+/// Ignoring sys_enter_mq_open sys_exit_mq_open as possibly not file I/O related
+/// Ignoring sys_enter_mq_timedreceive sys_exit_mq_timedreceive as possibly not file I/O related
+/// Ignoring sys_enter_mq_timedsend sys_exit_mq_timedsend as possibly not file I/O related
/// Ignoring sys_enter_mq_unlink sys_exit_mq_unlink as possibly not file I/O related
-/// Ignoring sys_enter_futex_wait sys_exit_futex_wait as possibly not file I/O related
+/// Ignoring sys_enter_mremap sys_exit_mremap as possibly not file I/O related
+/// Ignoring sys_enter_mseal sys_exit_mseal as possibly not file I/O related
/// Ignoring sys_enter_msgctl sys_exit_msgctl as possibly not file I/O related
-/// Ignoring sys_enter_set_tid_address sys_exit_set_tid_address as possibly not file I/O related
-/// Ignoring sys_enter_sched_setattr sys_exit_sched_setattr as possibly not file I/O related
-/// Ignoring sys_enter_setreuid sys_exit_setreuid as possibly not file I/O related
-/// Ignoring sys_enter_setitimer sys_exit_setitimer as possibly not file I/O related
+/// Ignoring sys_enter_msgget sys_exit_msgget as possibly not file I/O related
+/// Ignoring sys_enter_msgrcv sys_exit_msgrcv as possibly not file I/O related
+/// Ignoring sys_enter_msgsnd sys_exit_msgsnd as possibly not file I/O related
+/// Ignoring sys_enter_msync sys_exit_msync as possibly not file I/O related
+/// Ignoring sys_enter_munlockall sys_exit_munlockall as possibly not file I/O related
+/// Ignoring sys_enter_munlock sys_exit_munlock as possibly not file I/O related
+/// Ignoring sys_enter_munmap sys_exit_munmap as possibly not file I/O related
+/// Ignoring sys_enter_name_to_handle_at sys_exit_name_to_handle_at as possibly not file I/O related
+/// Ignoring sys_enter_nanosleep sys_exit_nanosleep as possibly not file I/O related
+/// Ignoring sys_enter_newuname sys_exit_newuname as possibly not file I/O related
+/// Ignoring sys_enter_pause sys_exit_pause as possibly not file I/O related
+/// Ignoring sys_enter_perf_event_open sys_exit_perf_event_open as possibly not file I/O related
+/// Ignoring sys_enter_personality sys_exit_personality as possibly not file I/O related
+/// Ignoring sys_enter_pidfd_getfd sys_exit_pidfd_getfd as possibly not file I/O related
+/// Ignoring sys_enter_pidfd_open sys_exit_pidfd_open as possibly not file I/O related
+/// Ignoring sys_enter_pidfd_send_signal sys_exit_pidfd_send_signal as possibly not file I/O related
+/// Ignoring sys_enter_pipe2 sys_exit_pipe2 as possibly not file I/O related
+/// Ignoring sys_enter_pipe sys_exit_pipe as possibly not file I/O related
+/// Ignoring sys_enter_pivot_root sys_exit_pivot_root as possibly not file I/O related
+/// Ignoring sys_enter_pkey_alloc sys_exit_pkey_alloc as possibly not file I/O related
+/// Ignoring sys_enter_pkey_free sys_exit_pkey_free as possibly not file I/O related
+/// Ignoring sys_enter_pkey_mprotect sys_exit_pkey_mprotect as possibly not file I/O related
+/// Ignoring sys_enter_poll sys_exit_poll as possibly not file I/O related
+/// Ignoring sys_enter_ppoll sys_exit_ppoll as possibly not file I/O related
+/// Ignoring sys_enter_prctl sys_exit_prctl as possibly not file I/O related
+/// Ignoring sys_enter_prlimit64 sys_exit_prlimit64 as possibly not file I/O related
+/// Ignoring sys_enter_process_madvise sys_exit_process_madvise as possibly not file I/O related
+/// Ignoring sys_enter_process_mrelease sys_exit_process_mrelease as possibly not file I/O related
+/// Ignoring sys_enter_process_vm_readv sys_exit_process_vm_readv as possibly not file I/O related
/// Ignoring sys_enter_process_vm_writev sys_exit_process_vm_writev as possibly not file I/O related
+/// Ignoring sys_enter_pselect6 sys_exit_pselect6 as possibly not file I/O related
+/// Ignoring sys_enter_ptrace sys_exit_ptrace as possibly not file I/O related
+/// Ignoring sys_enter_quotactl sys_exit_quotactl as possibly not file I/O related
+/// Ignoring sys_enter_reboot sys_exit_reboot as possibly not file I/O related
+/// Ignoring sys_enter_recvfrom sys_exit_recvfrom as possibly not file I/O related
+/// Ignoring sys_enter_recvmmsg sys_exit_recvmmsg as possibly not file I/O related
+/// Ignoring sys_enter_recvmsg sys_exit_recvmsg as possibly not file I/O related
+/// Ignoring sys_enter_remap_file_pages sys_exit_remap_file_pages as possibly not file I/O related
+/// Ignoring sys_enter_request_key sys_exit_request_key as possibly not file I/O related
+/// Ignoring sys_enter_restart_syscall sys_exit_restart_syscall as possibly not file I/O related
+/// Ignoring sys_enter_rseq sys_exit_rseq as possibly not file I/O related
+/// Ignoring sys_enter_rt_sigaction sys_exit_rt_sigaction as possibly not file I/O related
+/// Ignoring sys_enter_rt_sigpending sys_exit_rt_sigpending as possibly not file I/O related
+/// Ignoring sys_enter_rt_sigprocmask sys_exit_rt_sigprocmask as possibly not file I/O related
+/// Ignoring sys_enter_rt_sigqueueinfo sys_exit_rt_sigqueueinfo as possibly not file I/O related
+/// Ignoring sys_enter_rt_sigreturn sys_exit_rt_sigreturn as possibly not file I/O related
+/// Ignoring sys_enter_rt_sigsuspend sys_exit_rt_sigsuspend as possibly not file I/O related
+/// Ignoring sys_enter_rt_sigtimedwait sys_exit_rt_sigtimedwait as possibly not file I/O related
/// Ignoring sys_enter_rt_tgsigqueueinfo sys_exit_rt_tgsigqueueinfo as possibly not file I/O related
/// Ignoring sys_enter_sched_getaffinity sys_exit_sched_getaffinity as possibly not file I/O related
-/// Ignoring sys_enter_umount sys_exit_umount as possibly not file I/O related
-/// Ignoring sys_enter_mremap sys_exit_mremap as possibly not file I/O related
-/// Ignoring sys_enter_futex sys_exit_futex as possibly not file I/O related
-/// Ignoring sys_enter_setsid sys_exit_setsid as possibly not file I/O related
-/// Ignoring sys_enter_memfd_secret sys_exit_memfd_secret as possibly not file I/O related
-/// Ignoring sys_enter_ppoll sys_exit_ppoll as possibly not file I/O related
-/// Ignoring sys_enter_get_mempolicy sys_exit_get_mempolicy as possibly not file I/O related
-/// Ignoring sys_enter_memfd_create sys_exit_memfd_create as possibly not file I/O related
-/// Ignoring sys_enter_splice sys_exit_splice as possibly not file I/O related
-/// Ignoring sys_enter_execveat sys_exit_execveat as possibly not file I/O related
-/// Ignoring sys_enter_accept sys_exit_accept as possibly not file I/O related
-/// Ignoring sys_enter_inotify_rm_watch sys_exit_inotify_rm_watch as possibly not file I/O related
-/// Ignoring sys_enter_ioperm sys_exit_ioperm as possibly not file I/O related
-/// Ignoring sys_enter_landlock_restrict_self sys_exit_landlock_restrict_self as possibly not file I/O related
-/// Ignoring sys_enter_getuid sys_exit_getuid as possibly not file I/O related
-/// Ignoring sys_enter_bpf sys_exit_bpf as possibly not file I/O related
-/// Ignoring sys_enter_ustat sys_exit_ustat as possibly not file I/O related
-/// Ignoring sys_enter_newuname sys_exit_newuname as possibly not file I/O related
-/// Ignoring sys_enter_mq_notify sys_exit_mq_notify as possibly not file I/O related
+/// Ignoring sys_enter_sched_getattr sys_exit_sched_getattr as possibly not file I/O related
/// Ignoring sys_enter_sched_getparam sys_exit_sched_getparam as possibly not file I/O related
-/// Ignoring sys_enter_mprotect sys_exit_mprotect as possibly not file I/O related
-/// Ignoring sys_enter_setgid sys_exit_setgid as possibly not file I/O related
+/// Ignoring sys_enter_sched_get_priority_max sys_exit_sched_get_priority_max as possibly not file I/O related
+/// Ignoring sys_enter_sched_get_priority_min sys_exit_sched_get_priority_min as possibly not file I/O related
+/// Ignoring sys_enter_sched_getscheduler sys_exit_sched_getscheduler as possibly not file I/O related
+/// Ignoring sys_enter_sched_rr_get_interval sys_exit_sched_rr_get_interval as possibly not file I/O related
+/// Ignoring sys_enter_sched_setaffinity sys_exit_sched_setaffinity as possibly not file I/O related
+/// Ignoring sys_enter_sched_setattr sys_exit_sched_setattr as possibly not file I/O related
+/// Ignoring sys_enter_sched_setparam sys_exit_sched_setparam as possibly not file I/O related
+/// Ignoring sys_enter_sched_setscheduler sys_exit_sched_setscheduler as possibly not file I/O related
+/// Ignoring sys_enter_sched_yield sys_exit_sched_yield as possibly not file I/O related
/// Ignoring sys_enter_seccomp sys_exit_seccomp as possibly not file I/O related
-/// Ignoring sys_enter_setgroups sys_exit_setgroups as possibly not file I/O related
-/// Ignoring sys_enter_shutdown sys_exit_shutdown as possibly not file I/O related
-/// Ignoring sys_enter_swapoff sys_exit_swapoff as possibly not file I/O related
-/// Ignoring sys_enter_msgrcv sys_exit_msgrcv as possibly not file I/O related
-/// Ignoring sys_enter_userfaultfd sys_exit_userfaultfd as possibly not file I/O related
-/// Ignoring sys_enter_capset sys_exit_capset as possibly not file I/O related
-/// Ignoring sys_enter_sendto sys_exit_sendto as possibly not file I/O related
-/// Ignoring sys_enter_sigaltstack sys_exit_sigaltstack as possibly not file I/O related
-/// Ignoring sys_enter_umask sys_exit_umask as possibly not file I/O related
+/// Ignoring sys_enter_select sys_exit_select as possibly not file I/O related
+/// Ignoring sys_enter_semctl sys_exit_semctl as possibly not file I/O related
+/// Ignoring sys_enter_semget sys_exit_semget as possibly not file I/O related
+/// Ignoring sys_enter_semop sys_exit_semop as possibly not file I/O related
/// Ignoring sys_enter_semtimedop sys_exit_semtimedop as possibly not file I/O related
-/// Ignoring sys_enter_brk sys_exit_brk as possibly not file I/O related
-/// Ignoring sys_enter_uretprobe sys_exit_uretprobe as possibly not file I/O related
-/// Ignoring sys_enter_getrusage sys_exit_getrusage as possibly not file I/O related
-/// Ignoring sys_enter_timer_settime sys_exit_timer_settime as possibly not file I/O related
-/// Ignoring sys_enter_setpriority sys_exit_setpriority as possibly not file I/O related
-/// Ignoring sys_enter_timerfd_create sys_exit_timerfd_create as possibly not file I/O related
-/// Ignoring sys_enter_init_module sys_exit_init_module as possibly not file I/O related
+/// Ignoring sys_enter_sendfile64 sys_exit_sendfile64 as possibly not file I/O related
+/// Ignoring sys_enter_sendmmsg sys_exit_sendmmsg as possibly not file I/O related
+/// Ignoring sys_enter_sendmsg sys_exit_sendmsg as possibly not file I/O related
+/// Ignoring sys_enter_sendto sys_exit_sendto as possibly not file I/O related
+/// Ignoring sys_enter_setdomainname sys_exit_setdomainname as possibly not file I/O related
+/// Ignoring sys_enter_setfsgid sys_exit_setfsgid as possibly not file I/O related
+/// Ignoring sys_enter_setfsuid sys_exit_setfsuid as possibly not file I/O related
+/// Ignoring sys_enter_setgid sys_exit_setgid as possibly not file I/O related
+/// Ignoring sys_enter_setgroups sys_exit_setgroups as possibly not file I/O related
+/// Ignoring sys_enter_sethostname sys_exit_sethostname as possibly not file I/O related
+/// Ignoring sys_enter_setitimer sys_exit_setitimer as possibly not file I/O related
+/// Ignoring sys_enter_set_mempolicy sys_exit_set_mempolicy as possibly not file I/O related
+/// Ignoring sys_enter_set_mempolicy_home_node sys_exit_set_mempolicy_home_node as possibly not file I/O related
+/// Ignoring sys_enter_setns sys_exit_setns as possibly not file I/O related
/// Ignoring sys_enter_setpgid sys_exit_setpgid as possibly not file I/O related
-/// Ignoring sys_enter_request_key sys_exit_request_key as possibly not file I/O related
+/// Ignoring sys_enter_setpriority sys_exit_setpriority as possibly not file I/O related
+/// Ignoring sys_enter_setregid sys_exit_setregid as possibly not file I/O related
+/// Ignoring sys_enter_setresgid sys_exit_setresgid as possibly not file I/O related
/// Ignoring sys_enter_setresuid sys_exit_setresuid as possibly not file I/O related
-/// Ignoring sys_enter_pselect6 sys_exit_pselect6 as possibly not file I/O related
-/// Ignoring sys_enter_setns sys_exit_setns as possibly not file I/O related
-/// Ignoring sys_enter_timerfd_gettime sys_exit_timerfd_gettime as possibly not file I/O related
-/// Ignoring sys_enter_clock_adjtime sys_exit_clock_adjtime as possibly not file I/O related
-/// Ignoring sys_enter_connect sys_exit_connect as possibly not file I/O related
-/// Ignoring sys_enter_getsockname sys_exit_getsockname as possibly not file I/O related
-/// Ignoring sys_enter_getpid sys_exit_getpid as possibly not file I/O related
-/// Ignoring sys_enter_ioprio_set sys_exit_ioprio_set as possibly not file I/O related
-/// Ignoring sys_enter_getcwd sys_exit_getcwd as possibly not file I/O related
-/// Ignoring sys_enter_sched_getscheduler sys_exit_sched_getscheduler as possibly not file I/O related
+/// Ignoring sys_enter_setreuid sys_exit_setreuid as possibly not file I/O related
+/// Ignoring sys_enter_setrlimit sys_exit_setrlimit as possibly not file I/O related
+/// Ignoring sys_enter_set_robust_list sys_exit_set_robust_list as possibly not file I/O related
+/// Ignoring sys_enter_setsid sys_exit_setsid as possibly not file I/O related
+/// Ignoring sys_enter_setsockopt sys_exit_setsockopt as possibly not file I/O related
+/// Ignoring sys_enter_set_tid_address sys_exit_set_tid_address as possibly not file I/O related
/// Ignoring sys_enter_settimeofday sys_exit_settimeofday as possibly not file I/O related
-/// Ignoring sys_enter_sendmsg sys_exit_sendmsg as possibly not file I/O related
-/// Ignoring sys_enter_delete_module sys_exit_delete_module as possibly not file I/O related
-/// Ignoring sys_enter_getgid sys_exit_getgid as possibly not file I/O related
-/// Ignoring sys_enter_lsm_get_self_attr sys_exit_lsm_get_self_attr as possibly not file I/O related
-/// Ignoring sys_enter_epoll_create1 sys_exit_epoll_create1 as possibly not file I/O related
-/// Ignoring sys_enter_inotify_add_watch sys_exit_inotify_add_watch as possibly not file I/O related
/// Ignoring sys_enter_setuid sys_exit_setuid as possibly not file I/O related
-/// Ignoring sys_enter_socket sys_exit_socket as possibly not file I/O related
-/// Ignoring sys_enter_getpgid sys_exit_getpgid as possibly not file I/O related
-/// Ignoring sys_enter_signalfd4 sys_exit_signalfd4 as possibly not file I/O related
-/// Ignoring sys_enter_bind sys_exit_bind as possibly not file I/O related
-/// Ignoring sys_enter_lsm_list_modules sys_exit_lsm_list_modules as possibly not file I/O related
-/// Ignoring sys_enter_getcpu sys_exit_getcpu as possibly not file I/O related
-/// Ignoring sys_enter_sched_setscheduler sys_exit_sched_setscheduler as possibly not file I/O related
-/// Ignoring sys_enter_timer_delete sys_exit_timer_delete as possibly not file I/O related
-/// Ignoring sys_enter_adjtimex sys_exit_adjtimex as possibly not file I/O related
+/// Ignoring sys_enter_shmat sys_exit_shmat as possibly not file I/O related
+/// Ignoring sys_enter_shmctl sys_exit_shmctl as possibly not file I/O related
/// Ignoring sys_enter_shmdt sys_exit_shmdt as possibly not file I/O related
-/// Ignoring sys_enter_kill sys_exit_kill as possibly not file I/O related
-/// Ignoring sys_enter_listen sys_exit_listen as possibly not file I/O related
-/// Ignoring sys_enter_fsmount sys_exit_fsmount as possibly not file I/O related
-/// Ignoring sys_enter_waitid sys_exit_waitid as possibly not file I/O related
-/// Ignoring sys_enter_geteuid sys_exit_geteuid as possibly not file I/O related
-/// Ignoring sys_enter_accept4 sys_exit_accept4 as possibly not file I/O related
-/// Ignoring sys_enter_eventfd sys_exit_eventfd as possibly not file I/O related
-/// Ignoring sys_enter_tkill sys_exit_tkill as possibly not file I/O related
-/// Ignoring sys_enter_perf_event_open sys_exit_perf_event_open as possibly not file I/O related
-/// Ignoring sys_enter_msync sys_exit_msync as possibly not file I/O related
-/// Ignoring sys_enter_fsopen sys_exit_fsopen as possibly not file I/O related
-/// Ignoring sys_enter_mbind sys_exit_mbind as possibly not file I/O related
-/// Ignoring sys_enter_remap_file_pages sys_exit_remap_file_pages as possibly not file I/O related
-/// Ignoring sys_enter_nanosleep sys_exit_nanosleep as possibly not file I/O related
-/// Ignoring sys_enter_kexec_load sys_exit_kexec_load as possibly not file I/O related
-/// Ignoring sys_enter_mincore sys_exit_mincore as possibly not file I/O related
-/// Ignoring sys_enter_epoll_pwait sys_exit_epoll_pwait as possibly not file I/O related
-/// Ignoring sys_enter_mlock2 sys_exit_mlock2 as possibly not file I/O related
-/// Ignoring sys_enter_prctl sys_exit_prctl as possibly not file I/O related
-/// Ignoring sys_enter_msgsnd sys_exit_msgsnd as possibly not file I/O related
-/// Ignoring sys_enter_gettid sys_exit_gettid as possibly not file I/O related
-/// Ignoring sys_enter_listmount sys_exit_listmount as possibly not file I/O related
-/// Ignoring sys_enter_sysfs sys_exit_sysfs as possibly not file I/O related
-/// Ignoring sys_enter_vfork sys_exit_vfork as possibly not file I/O related
-/// Ignoring sys_enter_sysinfo sys_exit_sysinfo as possibly not file I/O related
-/// Ignoring sys_enter_rt_sigreturn sys_exit_rt_sigreturn as possibly not file I/O related
-/// Ignoring sys_enter_fork sys_exit_fork as possibly not file I/O related
-/// Ignoring sys_enter_rt_sigprocmask sys_exit_rt_sigprocmask as possibly not file I/O related
-/// Ignoring sys_enter_epoll_wait sys_exit_epoll_wait as possibly not file I/O related
-/// Ignoring sys_enter_capget sys_exit_capget as possibly not file I/O related
-/// Ignoring sys_enter_unshare sys_exit_unshare as possibly not file I/O related
-/// Ignoring sys_enter_ptrace sys_exit_ptrace as possibly not file I/O related
-/// Ignoring sys_enter_statmount sys_exit_statmount as possibly not file I/O related
-/// Ignoring sys_enter_mknodat sys_exit_mknodat as possibly not file I/O related
-/// Ignoring sys_enter_epoll_create sys_exit_epoll_create as possibly not file I/O related
-/// Ignoring sys_enter_eventfd2 sys_exit_eventfd2 as possibly not file I/O related
-/// Ignoring sys_enter_clock_getres sys_exit_clock_getres as possibly not file I/O related
-/// Ignoring sys_enter_wait4 sys_exit_wait4 as possibly not file I/O related
-/// Ignoring sys_enter_sched_get_priority_max sys_exit_sched_get_priority_max as possibly not file I/O related
-/// Ignoring sys_enter_clock_gettime sys_exit_clock_gettime as possibly not file I/O related
-/// Ignoring sys_enter_clone3 sys_exit_clone3 as possibly not file I/O related
-/// Ignoring sys_enter_keyctl sys_exit_keyctl as possibly not file I/O related
-/// Ignoring sys_enter_clock_nanosleep sys_exit_clock_nanosleep as possibly not file I/O related
-/// Ignoring sys_enter_mq_getsetattr sys_exit_mq_getsetattr as possibly not file I/O related
-/// Ignoring sys_enter_madvise sys_exit_madvise as possibly not file I/O related
-/// Ignoring sys_enter_sethostname sys_exit_sethostname as possibly not file I/O related
-/// Ignoring sys_enter_mq_open sys_exit_mq_open as possibly not file I/O related
-/// Ignoring sys_enter_pidfd_open sys_exit_pidfd_open as possibly not file I/O related
-/// Ignoring sys_enter_inotify_init sys_exit_inotify_init as possibly not file I/O related
-/// Ignoring sys_enter_fanotify_init sys_exit_fanotify_init as possibly not file I/O related
-/// Ignoring sys_enter_getgroups sys_exit_getgroups as possibly not file I/O related
-/// Ignoring sys_enter_getsid sys_exit_getsid as possibly not file I/O related
-/// Ignoring sys_enter_timer_create sys_exit_timer_create as possibly not file I/O related
/// Ignoring sys_enter_shmget sys_exit_shmget as possibly not file I/O related
-/// Ignoring sys_enter_recvmmsg sys_exit_recvmmsg as possibly not file I/O related
-/// Ignoring sys_enter_mseal sys_exit_mseal as possibly not file I/O related
-/// Ignoring sys_enter_times sys_exit_times as possibly not file I/O related
-/// Ignoring sys_enter_restart_syscall sys_exit_restart_syscall as possibly not file I/O related
-/// Ignoring sys_enter_setregid sys_exit_setregid as possibly not file I/O related
-/// Ignoring sys_enter_pkey_mprotect sys_exit_pkey_mprotect as possibly not file I/O related
-/// Ignoring sys_enter_futex_wake sys_exit_futex_wake as possibly not file I/O related
-/// Ignoring sys_enter_rt_sigsuspend sys_exit_rt_sigsuspend as possibly not file I/O related
-/// Ignoring sys_enter_getpriority sys_exit_getpriority as possibly not file I/O related
-/// Ignoring sys_enter_getresuid sys_exit_getresuid as possibly not file I/O related
-/// Ignoring sys_enter_sched_getattr sys_exit_sched_getattr as possibly not file I/O related
-/// Ignoring sys_enter_setsockopt sys_exit_setsockopt as possibly not file I/O related
-/// Ignoring sys_enter_membarrier sys_exit_membarrier as possibly not file I/O related
-/// Ignoring sys_enter_mq_timedreceive sys_exit_mq_timedreceive as possibly not file I/O related
-/// Ignoring sys_enter_set_robust_list sys_exit_set_robust_list as possibly not file I/O related
-/// Ignoring sys_enter_setfsgid sys_exit_setfsgid as possibly not file I/O related
-/// Ignoring sys_enter_getpgrp sys_exit_getpgrp as possibly not file I/O related
-/// Ignoring sys_enter_recvfrom sys_exit_recvfrom as possibly not file I/O related
-/// Ignoring sys_enter_landlock_add_rule sys_exit_landlock_add_rule as possibly not file I/O related
-/// Ignoring sys_enter_mq_timedsend sys_exit_mq_timedsend as possibly not file I/O related
-/// Ignoring sys_enter_getegid sys_exit_getegid as possibly not file I/O related
-/// Ignoring sys_enter_alarm sys_exit_alarm as possibly not file I/O related
-/// Ignoring sys_enter_pidfd_send_signal sys_exit_pidfd_send_signal as possibly not file I/O related
-/// Ignoring sys_enter_quotactl sys_exit_quotactl as possibly not file I/O related
-/// Ignoring sys_enter_setfsuid sys_exit_setfsuid as possibly not file I/O related
-/// Ignoring sys_enter_munmap sys_exit_munmap as possibly not file I/O related
-/// Ignoring sys_enter_sched_setaffinity sys_exit_sched_setaffinity as possibly not file I/O related
-/// Ignoring sys_enter_clone sys_exit_clone as possibly not file I/O related
-/// Ignoring sys_enter_timerfd_settime sys_exit_timerfd_settime as possibly not file I/O related
+/// Ignoring sys_enter_shutdown sys_exit_shutdown as possibly not file I/O related
+/// Ignoring sys_enter_sigaltstack sys_exit_sigaltstack as possibly not file I/O related
+/// Ignoring sys_enter_signalfd4 sys_exit_signalfd4 as possibly not file I/O related
+/// Ignoring sys_enter_signalfd sys_exit_signalfd as possibly not file I/O related
+/// Ignoring sys_enter_socket sys_exit_socket as possibly not file I/O related
/// Ignoring sys_enter_socketpair sys_exit_socketpair as possibly not file I/O related
+/// Ignoring sys_enter_splice sys_exit_splice as possibly not file I/O related
+/// Ignoring sys_enter_statmount sys_exit_statmount as possibly not file I/O related
+/// Ignoring sys_enter_swapoff sys_exit_swapoff as possibly not file I/O related
+/// Ignoring sys_enter_swapon sys_exit_swapon as possibly not file I/O related
+/// Ignoring sys_enter_sysfs sys_exit_sysfs as possibly not file I/O related
+/// Ignoring sys_enter_sysinfo sys_exit_sysinfo as possibly not file I/O related
/// Ignoring sys_enter_tee sys_exit_tee as possibly not file I/O related
-/// Ignoring sys_enter_pipe2 sys_exit_pipe2 as possibly not file I/O related
-/// Ignoring sys_enter_semctl sys_exit_semctl as possibly not file I/O related
-/// Ignoring sys_enter_set_mempolicy_home_node sys_exit_set_mempolicy_home_node as possibly not file I/O related
+/// Ignoring sys_enter_tgkill sys_exit_tgkill as possibly not file I/O related
/// Ignoring sys_enter_time sys_exit_time as possibly not file I/O related
-/// Ignoring sys_enter_move_mount sys_exit_move_mount as possibly not file I/O related
-/// Ignoring sys_enter_semop sys_exit_semop as possibly not file I/O related
-/// Ignoring sys_enter_setrlimit sys_exit_setrlimit as possibly not file I/O related
+/// Ignoring sys_enter_timer_create sys_exit_timer_create as possibly not file I/O related
+/// Ignoring sys_enter_timer_delete sys_exit_timer_delete as possibly not file I/O related
+/// Ignoring sys_enter_timerfd_create sys_exit_timerfd_create as possibly not file I/O related
+/// Ignoring sys_enter_timerfd_gettime sys_exit_timerfd_gettime as possibly not file I/O related
+/// Ignoring sys_enter_timerfd_settime sys_exit_timerfd_settime as possibly not file I/O related
+/// Ignoring sys_enter_timer_getoverrun sys_exit_timer_getoverrun as possibly not file I/O related
+/// Ignoring sys_enter_timer_gettime sys_exit_timer_gettime as possibly not file I/O related
+/// Ignoring sys_enter_timer_settime sys_exit_timer_settime as possibly not file I/O related
+/// Ignoring sys_enter_times sys_exit_times as possibly not file I/O related
+/// Ignoring sys_enter_tkill sys_exit_tkill as possibly not file I/O related
+/// Ignoring sys_enter_umask sys_exit_umask as possibly not file I/O related
+/// Ignoring sys_enter_umount sys_exit_umount as possibly not file I/O related
+/// Ignoring sys_enter_unshare sys_exit_unshare as possibly not file I/O related
+/// Ignoring sys_enter_uprobe sys_exit_uprobe as possibly not file I/O related
+/// Ignoring sys_enter_uretprobe sys_exit_uretprobe as possibly not file I/O related
+/// Ignoring sys_enter_userfaultfd sys_exit_userfaultfd as possibly not file I/O related
+/// Ignoring sys_enter_ustat sys_exit_ustat as possibly not file I/O related
+/// Ignoring sys_enter_utime sys_exit_utime as possibly not file I/O related
+/// Ignoring sys_enter_utimes sys_exit_utimes as possibly not file I/O related
+/// Ignoring sys_enter_vfork sys_exit_vfork as possibly not file I/O related
/// Ignoring sys_enter_vhangup sys_exit_vhangup as possibly not file I/O related
-/// Ignoring sys_enter_sendmmsg sys_exit_sendmmsg as possibly not file I/O related
-/// Ignoring sys_enter_pipe sys_exit_pipe as possibly not file I/O related
-/// Ignoring sys_enter_process_madvise sys_exit_process_madvise as possibly not file I/O related
-/// Ignoring sys_enter_map_shadow_stack sys_exit_map_shadow_stack as possibly not file I/O related
-/// Ignoring sys_enter_setresgid sys_exit_setresgid as possibly not file I/O related
-/// Ignoring sys_enter_getrandom sys_exit_getrandom as possibly not file I/O related
-/// Ignoring sys_enter_munlockall sys_exit_munlockall as possibly not file I/O related
-/// Ignoring sys_enter_epoll_pwait2 sys_exit_epoll_pwait2 as possibly not file I/O related
-/// Ignoring sys_enter_swapon sys_exit_swapon as possibly not file I/O related
+/// Ignoring sys_enter_wait4 sys_exit_wait4 as possibly not file I/O related
+/// Ignoring sys_enter_waitid sys_exit_waitid as possibly not file I/O related
-#define SYS_ENTER_IO_URING_REGISTER 1505
-#define SYS_EXIT_IO_URING_REGISTER 1504
-#define SYS_ENTER_IO_URING_ENTER 1486
-#define SYS_EXIT_IO_URING_ENTER 1485
-#define SYS_ENTER_IO_URING_SETUP 1484
-#define SYS_EXIT_IO_URING_SETUP 1483
-#define SYS_ENTER_QUOTACTL_FD 1145
-#define SYS_EXIT_QUOTACTL_FD 1144
-#define SYS_ENTER_NAME_TO_HANDLE_AT 1130
-#define SYS_EXIT_NAME_TO_HANDLE_AT 1129
-#define SYS_ENTER_OPEN_BY_HANDLE_AT 1128
-#define SYS_EXIT_OPEN_BY_HANDLE_AT 1127
-#define SYS_ENTER_FLOCK 1114
-#define SYS_EXIT_FLOCK 1113
-#define SYS_ENTER_IO_SETUP 1100
-#define SYS_EXIT_IO_SETUP 1099
-#define SYS_ENTER_IO_DESTROY 1098
-#define SYS_EXIT_IO_DESTROY 1097
-#define SYS_ENTER_IO_SUBMIT 1096
-#define SYS_EXIT_IO_SUBMIT 1095
-#define SYS_ENTER_IO_CANCEL 1094
-#define SYS_EXIT_IO_CANCEL 1093
-#define SYS_ENTER_IO_GETEVENTS 1092
-#define SYS_EXIT_IO_GETEVENTS 1091
-#define SYS_ENTER_IO_PGETEVENTS 1090
-#define SYS_EXIT_IO_PGETEVENTS 1089
-#define SYS_ENTER_FANOTIFY_MARK 1058
-#define SYS_EXIT_FANOTIFY_MARK 1057
-#define SYS_ENTER_FSPICK 1046
-#define SYS_EXIT_FSPICK 1045
-#define SYS_ENTER_FSCONFIG 1044
-#define SYS_EXIT_FSCONFIG 1043
-#define SYS_ENTER_STATFS 1042
-#define SYS_EXIT_STATFS 1041
-#define SYS_ENTER_FSTATFS 1040
-#define SYS_EXIT_FSTATFS 1039
-#define SYS_ENTER_UTIMENSAT 1034
-#define SYS_EXIT_UTIMENSAT 1033
-#define SYS_ENTER_FUTIMESAT 1032
-#define SYS_EXIT_FUTIMESAT 1031
-#define SYS_ENTER_SYNC 1026
-#define SYS_EXIT_SYNC 1025
-#define SYS_ENTER_SYNCFS 1024
-#define SYS_EXIT_SYNCFS 1023
-#define SYS_ENTER_FSYNC 1022
-#define SYS_EXIT_FSYNC 1021
-#define SYS_ENTER_FDATASYNC 1020
-#define SYS_EXIT_FDATASYNC 1019
-#define SYS_ENTER_SYNC_FILE_RANGE 1018
-#define SYS_EXIT_SYNC_FILE_RANGE 1017
-#define SYS_ENTER_VMSPLICE 1016
-#define SYS_EXIT_VMSPLICE 1015
+#define SYS_ENTER_IO_URING_REGISTER 1515
+#define SYS_EXIT_IO_URING_REGISTER 1514
+#define SYS_ENTER_IO_URING_ENTER 1496
+#define SYS_EXIT_IO_URING_ENTER 1495
+#define SYS_ENTER_IO_URING_SETUP 1494
+#define SYS_EXIT_IO_URING_SETUP 1493
+#define SYS_ENTER_QUOTACTL_FD 1151
+#define SYS_EXIT_QUOTACTL_FD 1150
+#define SYS_ENTER_OPEN_BY_HANDLE_AT 1133
+#define SYS_EXIT_OPEN_BY_HANDLE_AT 1132
+#define SYS_ENTER_FLOCK 1119
+#define SYS_EXIT_FLOCK 1118
+#define SYS_ENTER_IO_SETUP 1105
+#define SYS_EXIT_IO_SETUP 1104
+#define SYS_ENTER_IO_DESTROY 1103
+#define SYS_EXIT_IO_DESTROY 1102
+#define SYS_ENTER_IO_SUBMIT 1101
+#define SYS_EXIT_IO_SUBMIT 1100
+#define SYS_ENTER_IO_CANCEL 1099
+#define SYS_EXIT_IO_CANCEL 1098
+#define SYS_ENTER_IO_GETEVENTS 1097
+#define SYS_EXIT_IO_GETEVENTS 1096
+#define SYS_ENTER_IO_PGETEVENTS 1095
+#define SYS_EXIT_IO_PGETEVENTS 1094
+#define SYS_ENTER_FANOTIFY_MARK 1063
+#define SYS_EXIT_FANOTIFY_MARK 1062
+#define SYS_ENTER_FILE_GETATTR 1053
+#define SYS_EXIT_FILE_GETATTR 1052
+#define SYS_ENTER_FILE_SETATTR 1051
+#define SYS_EXIT_FILE_SETATTR 1050
+#define SYS_ENTER_FSPICK 1047
+#define SYS_EXIT_FSPICK 1046
+#define SYS_ENTER_FSCONFIG 1045
+#define SYS_EXIT_FSCONFIG 1044
+#define SYS_ENTER_STATFS 1043
+#define SYS_EXIT_STATFS 1042
+#define SYS_ENTER_FSTATFS 1041
+#define SYS_EXIT_FSTATFS 1040
+#define SYS_ENTER_UTIMENSAT 1035
+#define SYS_EXIT_UTIMENSAT 1034
+#define SYS_ENTER_FUTIMESAT 1033
+#define SYS_EXIT_FUTIMESAT 1032
+#define SYS_ENTER_SYNC 1027
+#define SYS_EXIT_SYNC 1026
+#define SYS_ENTER_SYNCFS 1025
+#define SYS_EXIT_SYNCFS 1024
+#define SYS_ENTER_FSYNC 1023
+#define SYS_EXIT_FSYNC 1022
+#define SYS_ENTER_FDATASYNC 1021
+#define SYS_EXIT_FDATASYNC 1020
+#define SYS_ENTER_SYNC_FILE_RANGE 1019
+#define SYS_EXIT_SYNC_FILE_RANGE 1018
+#define SYS_ENTER_VMSPLICE 1017
+#define SYS_EXIT_VMSPLICE 1016
#define SYS_ENTER_SETXATTRAT 978
#define SYS_EXIT_SETXATTRAT 977
#define SYS_ENTER_SETXATTR 976
@@ -463,14 +467,14 @@
#define SYS_EXIT_CREAT 779
#define SYS_ENTER_CLOSE 778
#define SYS_EXIT_CLOSE 777
-#define SYS_ENTER_READAHEAD 615
-#define SYS_EXIT_READAHEAD 614
-#define SYS_ENTER_FADVISE64 613
-#define SYS_EXIT_FADVISE64 612
-#define SYS_ENTER_CACHESTAT 594
-#define SYS_EXIT_CACHESTAT 593
-#define SYS_ENTER_FINIT_MODULE 405
-#define SYS_EXIT_FINIT_MODULE 404
+#define SYS_ENTER_READAHEAD 613
+#define SYS_EXIT_READAHEAD 612
+#define SYS_ENTER_FADVISE64 611
+#define SYS_EXIT_FADVISE64 610
+#define SYS_ENTER_CACHESTAT 592
+#define SYS_EXIT_CACHESTAT 591
+#define SYS_ENTER_FINIT_MODULE 403
+#define SYS_EXIT_FINIT_MODULE 402
#define SYS_ENTER_SYSLOG 347
#define SYS_EXIT_SYSLOG 346
#define SYS_ENTER_MMAP 100
@@ -653,52 +657,6 @@ int handle_sys_exit_quotactl_fd(struct trace_event_raw_sys_exit *ctx) {
return 0;
}
-/// sys_enter_name_to_handle_at is a struct path_event
-SEC("tracepoint/syscalls/sys_enter_name_to_handle_at")
-int handle_sys_enter_name_to_handle_at(struct trace_event_raw_sys_enter *ctx) {
- __u32 pid, tid;
- if (filter(&pid, &tid))
- return 0;
-
- struct path_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct path_event), 0);
- if (!ev)
- return 0;
-
- ev->event_type = ENTER_PATH_EVENT;
- ev->trace_id = SYS_ENTER_NAME_TO_HANDLE_AT;
- ev->pid = pid;
- ev->tid = tid;
- ev->time = bpf_ktime_get_boot_ns();
- __builtin_memset(&(ev->pathname), 0, sizeof(ev->pathname));
- bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[-1]);
-
- bpf_ringbuf_submit(ev, 0);
- return 0;
-}
-
-/// sys_exit_name_to_handle_at is a struct ret_event (UNCLASSIFIED)
-SEC("tracepoint/syscalls/sys_exit_name_to_handle_at")
-int handle_sys_exit_name_to_handle_at(struct trace_event_raw_sys_exit *ctx) {
- __u32 pid, tid;
- if (filter(&pid, &tid))
- return 0;
-
- struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
- if (!ev)
- return 0;
-
- ev->event_type = EXIT_RET_EVENT;
- ev->trace_id = SYS_EXIT_NAME_TO_HANDLE_AT;
- ev->pid = pid;
- ev->tid = tid;
- ev->time = bpf_ktime_get_boot_ns();
- ev->ret = ctx->ret;
- ev->ret_type = UNCLASSIFIED;
-
- bpf_ringbuf_submit(ev, 0);
- return 0;
-}
-
/// sys_enter_open_by_handle_at is a struct open_by_handle_at_event
SEC("tracepoint/syscalls/sys_enter_open_by_handle_at")
int handle_sys_enter_open_by_handle_at(struct trace_event_raw_sys_enter *ctx) {
@@ -1099,6 +1057,98 @@ int handle_sys_exit_fanotify_mark(struct trace_event_raw_sys_exit *ctx) {
return 0;
}
+/// sys_enter_file_getattr is a struct path_event
+SEC("tracepoint/syscalls/sys_enter_file_getattr")
+int handle_sys_enter_file_getattr(struct trace_event_raw_sys_enter *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct path_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct path_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = ENTER_PATH_EVENT;
+ ev->trace_id = SYS_ENTER_FILE_GETATTR;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_boot_ns();
+ __builtin_memset(&(ev->pathname), 0, sizeof(ev->pathname));
+ bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[1]);
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+/// sys_exit_file_getattr is a struct ret_event (UNCLASSIFIED)
+SEC("tracepoint/syscalls/sys_exit_file_getattr")
+int handle_sys_exit_file_getattr(struct trace_event_raw_sys_exit *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = EXIT_RET_EVENT;
+ ev->trace_id = SYS_EXIT_FILE_GETATTR;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_boot_ns();
+ ev->ret = ctx->ret;
+ ev->ret_type = UNCLASSIFIED;
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+/// sys_enter_file_setattr is a struct path_event
+SEC("tracepoint/syscalls/sys_enter_file_setattr")
+int handle_sys_enter_file_setattr(struct trace_event_raw_sys_enter *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct path_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct path_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = ENTER_PATH_EVENT;
+ ev->trace_id = SYS_ENTER_FILE_SETATTR;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_boot_ns();
+ __builtin_memset(&(ev->pathname), 0, sizeof(ev->pathname));
+ bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[1]);
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
+/// sys_exit_file_setattr is a struct ret_event (UNCLASSIFIED)
+SEC("tracepoint/syscalls/sys_exit_file_setattr")
+int handle_sys_exit_file_setattr(struct trace_event_raw_sys_exit *ctx) {
+ __u32 pid, tid;
+ if (filter(&pid, &tid))
+ return 0;
+
+ struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+ if (!ev)
+ return 0;
+
+ ev->event_type = EXIT_RET_EVENT;
+ ev->trace_id = SYS_EXIT_FILE_SETATTR;
+ ev->pid = pid;
+ ev->tid = tid;
+ ev->time = bpf_ktime_get_boot_ns();
+ ev->ret = ctx->ret;
+ ev->ret_type = UNCLASSIFIED;
+
+ bpf_ringbuf_submit(ev, 0);
+ return 0;
+}
+
/// sys_enter_fspick is a struct path_event
SEC("tracepoint/syscalls/sys_enter_fspick")
int handle_sys_enter_fspick(struct trace_event_raw_sys_enter *ctx) {
@@ -5535,4 +5585,3 @@ int handle_sys_exit_mmap(struct trace_event_raw_sys_exit *ctx) {
return 0;
}
-
diff --git a/internal/c/generated_tracepoints_result.txt b/internal/c/generated_tracepoints_result.txt
index dc01a96..2176d6b 100644
--- a/internal/c/generated_tracepoints_result.txt
+++ b/internal/c/generated_tracepoints_result.txt
@@ -123,6 +123,7 @@ Ignoring sys_enter_msync sys_exit_msync as possibly not file I/O related
Ignoring sys_enter_munlockall sys_exit_munlockall as possibly not file I/O related
Ignoring sys_enter_munlock sys_exit_munlock as possibly not file I/O related
Ignoring sys_enter_munmap sys_exit_munmap as possibly not file I/O related
+Ignoring sys_enter_name_to_handle_at sys_exit_name_to_handle_at as possibly not file I/O related
Ignoring sys_enter_nanosleep sys_exit_nanosleep as possibly not file I/O related
Ignoring sys_enter_newuname sys_exit_newuname as possibly not file I/O related
Ignoring sys_enter_pause sys_exit_pause as possibly not file I/O related
@@ -241,6 +242,7 @@ Ignoring sys_enter_tkill sys_exit_tkill as possibly not file I/O related
Ignoring sys_enter_umask sys_exit_umask as possibly not file I/O related
Ignoring sys_enter_umount sys_exit_umount as possibly not file I/O related
Ignoring sys_enter_unshare sys_exit_unshare as possibly not file I/O related
+Ignoring sys_enter_uprobe sys_exit_uprobe as possibly not file I/O related
Ignoring sys_enter_uretprobe sys_exit_uretprobe as possibly not file I/O related
Ignoring sys_enter_userfaultfd sys_exit_userfaultfd as possibly not file I/O related
Ignoring sys_enter_ustat sys_exit_ustat as possibly not file I/O related
@@ -276,6 +278,8 @@ sys_enter_fchown is a struct fd_event
sys_enter_fcntl is a struct fcntl_event
sys_enter_fdatasync is a struct fd_event
sys_enter_fgetxattr is a struct fd_event
+sys_enter_file_getattr is a struct path_event
+sys_enter_file_setattr is a struct path_event
sys_enter_finit_module is a struct fd_event
sys_enter_flistxattr is a struct fd_event
sys_enter_flock is a struct fd_event
@@ -315,7 +319,6 @@ sys_enter_mkdirat is a struct path_event
sys_enter_mkdir is a struct path_event
sys_enter_mmap is a struct fd_event
sys_enter_mount_setattr is a struct path_event
-sys_enter_name_to_handle_at is a struct path_event
sys_enter_newfstatat is a struct path_event
sys_enter_newfstat is a struct fd_event
sys_enter_newlstat is a struct path_event
@@ -387,6 +390,8 @@ sys_exit_fchown is a struct ret_event (UNCLASSIFIED)
sys_exit_fcntl is a struct ret_event (UNCLASSIFIED)
sys_exit_fdatasync is a struct ret_event (UNCLASSIFIED)
sys_exit_fgetxattr is a struct ret_event (READ_CLASSIFIED)
+sys_exit_file_getattr is a struct ret_event (UNCLASSIFIED)
+sys_exit_file_setattr is a struct ret_event (UNCLASSIFIED)
sys_exit_finit_module is a struct ret_event (UNCLASSIFIED)
sys_exit_flistxattr is a struct ret_event (READ_CLASSIFIED)
sys_exit_flock is a struct ret_event (UNCLASSIFIED)
@@ -426,7 +431,6 @@ sys_exit_mkdirat is a struct ret_event (UNCLASSIFIED)
sys_exit_mkdir is a struct ret_event (UNCLASSIFIED)
sys_exit_mmap is a struct ret_event (UNCLASSIFIED)
sys_exit_mount_setattr is a struct ret_event (UNCLASSIFIED)
-sys_exit_name_to_handle_at is a struct ret_event (UNCLASSIFIED)
sys_exit_newfstatat is a struct ret_event (UNCLASSIFIED)
sys_exit_newfstat is a struct ret_event (UNCLASSIFIED)
sys_exit_newlstat is a struct ret_event (UNCLASSIFIED)
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-16 15:24:28 +0000