summaryrefslogtreecommitdiff
path: root/internal/generate/bpfhandler.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/generate/bpfhandler.go')
-rw-r--r--internal/generate/bpfhandler.go8
1 files changed, 8 insertions, 0 deletions
diff --git a/internal/generate/bpfhandler.go b/internal/generate/bpfhandler.go
index 5489d88..9365c52 100644
--- a/internal/generate/bpfhandler.go
+++ b/internal/generate/bpfhandler.go
@@ -151,6 +151,12 @@ func generateExtraMqOpen(f *Format) string {
func generateExtraExec(f *Format) string {
filenameIdx := f.FieldNumber("filename")
dirfdIdx := f.FieldNumber("dfd")
+ if dirfdIdx < 0 {
+ dirfdIdx = f.FieldNumber("fd")
+ }
+ if dirfdIdx < 0 {
+ dirfdIdx = f.FieldNumber("dirfd")
+ }
flagsIdx := f.FieldNumber("flags")
if filenameIdx < 0 {
filenameIdx = 0
@@ -161,6 +167,8 @@ func generateExtraExec(f *Format) string {
b.WriteString(" bpf_get_current_comm(&ev->comm, sizeof(ev->comm));\n")
if dirfdIdx > -1 {
fmt.Fprintf(&b, " ev->dirfd = (__s32)ctx->args[%d];\n", dirfdIdx)
+ } else if f.Name == "sys_enter_execveat" {
+ b.WriteString(" ev->dirfd = (__s32)ctx->args[0];\n")
} else {
b.WriteString(" ev->dirfd = -1;\n")
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-16 14:27:15 +0000