2 files changed, 50 insertions, 0 deletions

diff --git a/internal/types/maps.bpf.h b/internal/types/maps.bpf.h
new file mode 100644
index 0000000..dc55993
--- /dev/null
+++ b/internal/types/maps.bpf.h
@@ -0,0 +1,13 @@
+//+build ignore
+
+struct {
+    __uint(type, BPF_MAP_TYPE_RINGBUF);
+    __uint(max_entries, 1 << 24);
+} event_map SEC(".maps");
+
+struct {
+   __uint(type, BPF_MAP_TYPE_HASH);
+   __type(key, u32);
+   __type(value, struct flags);
+   __uint(max_entries, 1 << 24);
+} flags_map SEC(".maps");
diff --git a/internal/types/types.bpf.h b/internal/types/types.bpf.h
new file mode 100644
index 0000000..57feaaa
--- /dev/null
+++ b/internal/types/types.bpf.h
@@ -0,0 +1,37 @@
+//+build ignore
+
+// These types mirror the Go types from internal/types/types.go
+//
+#define MAX_FILENAME_LENGTH 256
+#define MAX_PROGNAME_LENGTH 16
+
+#define OPENAT_ENTER_OP_ID 1
+#define OPENAT_EXIT_OP_ID 2
+#define CLOSE_ENTER_OP_ID 3
+#define CLOSE_EXIT_OP_ID 4
+
+struct null_event {
+    __u32 op_id;
+    __u32 tid;
+    __u64 time;
+};
+
+struct fd_event {
+    __u32 op_id;
+    __u32 tid;
+    __u64 time;
+    __s32 fd;
+};
+
+struct openat_enter_event {
+    __u32 op_id; 
+    __u32 tid;
+    __u64 time;
+    char filename[MAX_FILENAME_LENGTH];
+    char comm[MAX_PROGNAME_LENGTH];
+};
+
+struct flags {
+   __u32 uid_filter;
+};
+