summaryrefslogtreecommitdiff
path: root/internal/c
diff options
context:
space:
mode:
Diffstat (limited to 'internal/c')
-rw-r--r--internal/c/generated_tracepoints.c51
-rw-r--r--internal/c/generated_tracepoints_result.txt12
2 files changed, 39 insertions, 24 deletions
diff --git a/internal/c/generated_tracepoints.c b/internal/c/generated_tracepoints.c
index bbacb84..b2fff2e 100644
--- a/internal/c/generated_tracepoints.c
+++ b/internal/c/generated_tracepoints.c
@@ -1716,7 +1716,7 @@ int handle_sys_enter_getrandom(struct syscall_trace_enter *ctx) {
return 0;
}
-/// sys_exit_getrandom is a struct ret_event (UNCLASSIFIED) (kind=ret)
+/// sys_exit_getrandom is a struct ret_event (READ_CLASSIFIED) (kind=ret)
SEC("tracepoint/syscalls/sys_exit_getrandom")
int handle_sys_exit_getrandom(struct syscall_trace_exit *ctx) {
__u32 pid, tid;
@@ -1736,7 +1736,7 @@ int handle_sys_exit_getrandom(struct syscall_trace_exit *ctx) {
ev->tid = tid;
ev->time = bpf_ktime_get_boot_ns();
ev->ret = ctx->ret;
- ev->ret_type = UNCLASSIFIED;
+ ev->ret_type = READ_CLASSIFIED;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -13295,7 +13295,7 @@ int handle_sys_exit_seccomp(struct syscall_trace_exit *ctx) {
return 0;
}
-/// sys_enter_kexec_file_load is a struct null_event (kind=null)
+/// sys_enter_kexec_file_load is a struct fd_event (kind=fd)
SEC("tracepoint/syscalls/sys_enter_kexec_file_load")
int handle_sys_enter_kexec_file_load(struct syscall_trace_enter *ctx) {
__u32 pid, tid;
@@ -13305,15 +13305,16 @@ int handle_sys_enter_kexec_file_load(struct syscall_trace_enter *ctx) {
if (!ior_on_syscall_enter(tid, SYS_ENTER_KEXEC_FILE_LOAD))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0);
if (!ev)
return 0;
- ev->event_type = ENTER_NULL_EVENT;
+ ev->event_type = ENTER_FD_EVENT;
ev->trace_id = SYS_ENTER_KEXEC_FILE_LOAD;
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_boot_ns();
+ ev->fd = (__s32)ctx->args[0];
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -14715,7 +14716,7 @@ int handle_sys_exit_adjtimex(struct syscall_trace_exit *ctx) {
return 0;
}
-/// sys_enter_kcmp is a struct null_event (kind=null)
+/// sys_enter_kcmp is a struct two_fd_event (kind=two-fd)
SEC("tracepoint/syscalls/sys_enter_kcmp")
int handle_sys_enter_kcmp(struct syscall_trace_enter *ctx) {
__u32 pid, tid;
@@ -14725,15 +14726,18 @@ int handle_sys_enter_kcmp(struct syscall_trace_enter *ctx) {
if (!ior_on_syscall_enter(tid, SYS_ENTER_KCMP))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct two_fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct two_fd_event), 0);
if (!ev)
return 0;
- ev->event_type = ENTER_NULL_EVENT;
+ ev->event_type = ENTER_TWO_FD_EVENT;
ev->trace_id = SYS_ENTER_KCMP;
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_boot_ns();
+ ev->fd_a = (__s32)ctx->args[3];
+ ev->fd_b = (__s32)ctx->args[4];
+ ev->extra = (__u64)ctx->args[2];
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -15867,7 +15871,7 @@ int handle_sys_exit_setns(struct syscall_trace_exit *ctx) {
return 0;
}
-/// sys_enter_pidfd_open is a struct null_event (kind=null)
+/// sys_enter_pidfd_open is a struct eventfd_event (kind=pidfd)
SEC("tracepoint/syscalls/sys_enter_pidfd_open")
int handle_sys_enter_pidfd_open(struct syscall_trace_enter *ctx) {
__u32 pid, tid;
@@ -15877,21 +15881,25 @@ int handle_sys_enter_pidfd_open(struct syscall_trace_enter *ctx) {
if (!ior_on_syscall_enter(tid, SYS_ENTER_PIDFD_OPEN))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct eventfd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct eventfd_event), 0);
if (!ev)
return 0;
- ev->event_type = ENTER_NULL_EVENT;
+ ev->event_type = ENTER_EVENTFD_EVENT;
ev->trace_id = SYS_ENTER_PIDFD_OPEN;
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_boot_ns();
+ __s32 flags = (__s32)ctx->args[0];
+ bpf_map_update_elem(&eventfd_flags_map, &tid, &flags, BPF_ANY);
+ ev->flags = flags;
+ ev->ret = -1;
bpf_ringbuf_submit(ev, 0);
return 0;
}
-/// sys_exit_pidfd_open is a struct ret_event (UNCLASSIFIED) (kind=ret)
+/// sys_exit_pidfd_open is a struct eventfd_event (kind=pidfd)
SEC("tracepoint/syscalls/sys_exit_pidfd_open")
int handle_sys_exit_pidfd_open(struct syscall_trace_exit *ctx) {
__u32 pid, tid;
@@ -15901,17 +15909,23 @@ int handle_sys_exit_pidfd_open(struct syscall_trace_exit *ctx) {
if (!ior_on_syscall_exit(tid, SYS_EXIT_PIDFD_OPEN, ctx->ret))
return 0;
- struct ret_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct ret_event), 0);
+ struct eventfd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct eventfd_event), 0);
if (!ev)
return 0;
- ev->event_type = EXIT_RET_EVENT;
+ ev->event_type = EXIT_EVENTFD_EVENT;
ev->trace_id = SYS_EXIT_PIDFD_OPEN;
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_boot_ns();
+ __s32 flags = 0;
+ __s32 *pending = bpf_map_lookup_elem(&eventfd_flags_map, &tid);
+ if (pending) {
+ flags = *pending;
+ bpf_map_delete_elem(&eventfd_flags_map, &tid);
+ }
+ ev->flags = flags;
ev->ret = ctx->ret;
- ev->ret_type = UNCLASSIFIED;
bpf_ringbuf_submit(ev, 0);
return 0;
@@ -18018,7 +18032,7 @@ int handle_sys_exit_kill(struct syscall_trace_exit *ctx) {
return 0;
}
-/// sys_enter_pidfd_send_signal is a struct null_event (kind=null)
+/// sys_enter_pidfd_send_signal is a struct fd_event (kind=fd)
SEC("tracepoint/syscalls/sys_enter_pidfd_send_signal")
int handle_sys_enter_pidfd_send_signal(struct syscall_trace_enter *ctx) {
__u32 pid, tid;
@@ -18028,15 +18042,16 @@ int handle_sys_enter_pidfd_send_signal(struct syscall_trace_enter *ctx) {
if (!ior_on_syscall_enter(tid, SYS_ENTER_PIDFD_SEND_SIGNAL))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0);
if (!ev)
return 0;
- ev->event_type = ENTER_NULL_EVENT;
+ ev->event_type = ENTER_FD_EVENT;
ev->trace_id = SYS_ENTER_PIDFD_SEND_SIGNAL;
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_boot_ns();
+ ev->fd = (__s32)ctx->args[0];
bpf_ringbuf_submit(ev, 0);
return 0;
diff --git a/internal/c/generated_tracepoints_result.txt b/internal/c/generated_tracepoints_result.txt
index 79fbdf8..bca5fcf 100644
--- a/internal/c/generated_tracepoints_result.txt
+++ b/internal/c/generated_tracepoints_result.txt
@@ -129,8 +129,8 @@ sys_enter_ioperm is a struct null_event (kind=null)
sys_enter_iopl is a struct null_event (kind=null)
sys_enter_ioprio_get is a struct null_event (kind=null)
sys_enter_ioprio_set is a struct null_event (kind=null)
-sys_enter_kcmp is a struct null_event (kind=null)
-sys_enter_kexec_file_load is a struct null_event (kind=null)
+sys_enter_kcmp is a struct two_fd_event (kind=two-fd)
+sys_enter_kexec_file_load is a struct fd_event (kind=fd)
sys_enter_kexec_load is a struct null_event (kind=null)
sys_enter_keyctl is a struct keyctl_event (kind=keyctl)
sys_enter_kill is a struct null_event (kind=null)
@@ -208,8 +208,8 @@ sys_enter_pause is a struct null_event (kind=null)
sys_enter_perf_event_open is a struct perf_open_event (kind=perf-open)
sys_enter_personality is a struct null_event (kind=null)
sys_enter_pidfd_getfd is a struct fd_event (kind=fd)
-sys_enter_pidfd_open is a struct null_event (kind=null)
-sys_enter_pidfd_send_signal is a struct null_event (kind=null)
+sys_enter_pidfd_open is a struct eventfd_event (kind=pidfd)
+sys_enter_pidfd_send_signal is a struct fd_event (kind=fd)
sys_enter_pipe is a struct pipe_event (kind=pipe)
sys_enter_pipe2 is a struct pipe_event (kind=pipe)
sys_enter_pivot_root is a struct path_event (kind=pathname)
@@ -464,7 +464,7 @@ sys_exit_getpgrp is a struct ret_event (UNCLASSIFIED) (kind=ret)
sys_exit_getpid is a struct ret_event (UNCLASSIFIED) (kind=ret)
sys_exit_getppid is a struct ret_event (UNCLASSIFIED) (kind=ret)
sys_exit_getpriority is a struct ret_event (UNCLASSIFIED) (kind=ret)
-sys_exit_getrandom is a struct ret_event (UNCLASSIFIED) (kind=ret)
+sys_exit_getrandom is a struct ret_event (READ_CLASSIFIED) (kind=ret)
sys_exit_getresgid is a struct ret_event (UNCLASSIFIED) (kind=ret)
sys_exit_getresuid is a struct ret_event (UNCLASSIFIED) (kind=ret)
sys_exit_getrlimit is a struct ret_event (UNCLASSIFIED) (kind=ret)
@@ -575,7 +575,7 @@ sys_exit_pause is a struct ret_event (UNCLASSIFIED) (kind=ret)
sys_exit_perf_event_open is a struct ret_event (UNCLASSIFIED) (kind=ret)
sys_exit_personality is a struct ret_event (UNCLASSIFIED) (kind=ret)
sys_exit_pidfd_getfd is a struct ret_event (UNCLASSIFIED) (kind=ret)
-sys_exit_pidfd_open is a struct ret_event (UNCLASSIFIED) (kind=ret)
+sys_exit_pidfd_open is a struct eventfd_event (kind=pidfd)
sys_exit_pidfd_send_signal is a struct ret_event (UNCLASSIFIED) (kind=ret)
sys_exit_pipe is a struct pipe_event (kind=pipe)
sys_exit_pipe2 is a struct pipe_event (kind=pipe)
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-16 12:36:12 +0000