From 8714956d6a45e65307e36afd57f86961bc7b142c Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Sun, 16 Mar 2025 10:29:21 +0200
Subject: initial tracepoint filter

---
 internal/flags/flags.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'internal/flags')

diff --git a/internal/flags/flags.go b/internal/flags/flags.go
index 4d375fc..3f07847 100644
--- a/internal/flags/flags.go
+++ b/internal/flags/flags.go
@@ -3,11 +3,11 @@ package flags
 import (
 	"flag"
 	"fmt"
+	"strings"
 
 	bpf "github.com/aquasecurity/libbpfgo"
 )
 
-// TODO: Filter by syscall (tracepoint names)
 type Flags struct {
 	PidFilter        int
 	TidFilter        int
@@ -17,6 +17,7 @@ type Flags struct {
 	PprofEnable      bool
 	FlamegraphEnable bool
 	Duration         int
+	TracepointNames  map[string]struct{}
 }
 
 func New() (flags Flags) {
@@ -24,12 +25,21 @@ func New() (flags Flags) {
 	flag.IntVar(&flags.TidFilter, "tid", -1, "Filter for thread ID")
 	flag.IntVar(&flags.EventMapSize, "mapSize", 4096*16, "BPF FD event ring buffer map size")
 	flag.IntVar(&flags.Duration, "duration", 60, "Probe duration in seconds")
+
 	flag.StringVar(&flags.CommFilter, "comm", "", "Command to filter for")
 	flag.StringVar(&flags.PathFilter, "path", "", "Path to filter for")
+
 	flag.BoolVar(&flags.PprofEnable, "pprof", false, "Enable profiling")
 	flag.BoolVar(&flags.FlamegraphEnable, "flamegraph", false, "Enable flamegraph builder")
+
+	tracepointNames := flag.String("tracepoints", "", "Comma separated list of tracepoints (empty: trace all)")
 	flag.Parse()
 
+	flags.TracepointNames = make(map[string]struct{}, len(*tracepointNames))
+	for _, name := range strings.Split(*tracepointNames, ",") {
+		flags.TracepointNames[name] = struct{}{}
+	}
+
 	return flags
 }
 
-- 
cgit v1.2.3