From 61f0da12457ffc27b42565e79ac8c2ec9db0e4e7 Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Thu, 21 May 2026 17:54:03 +0300
Subject: h7 classify additional memory syscalls

---
 internal/generate/bpfhandler.go | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'internal/generate/bpfhandler.go')

diff --git a/internal/generate/bpfhandler.go b/internal/generate/bpfhandler.go
index 7dba8d7..cd2321b 100644
--- a/internal/generate/bpfhandler.go
+++ b/internal/generate/bpfhandler.go
@@ -328,6 +328,14 @@ func generateExtraPoll(name string) string {
 
 func generateExtraMem(name string) string {
 	switch name {
+	case "sys_enter_mprotect":
+		return "    ev->addr = (__u64)ctx->args[0];\n    ev->length = (__u64)ctx->args[1];\n    ev->length2 = 0;\n    ev->flags = (__u64)ctx->args[2];\n"
+	case "sys_enter_madvise":
+		return "    ev->addr = (__u64)ctx->args[0];\n    ev->length = (__u64)ctx->args[1];\n    ev->length2 = 0;\n    ev->flags = (__u64)ctx->args[2];\n"
+	case "sys_enter_pkey_mprotect":
+		return "    ev->addr = (__u64)ctx->args[0];\n    ev->length = (__u64)ctx->args[1];\n    ev->length2 = (__u64)ctx->args[3];\n    ev->flags = (__u64)ctx->args[2];\n"
+	case "sys_enter_brk":
+		return "    ev->addr = (__u64)ctx->args[0];\n    ev->length = 0;\n    ev->length2 = 0;\n    ev->flags = 0;\n"
 	case "sys_enter_munmap":
 		return "    ev->addr = (__u64)ctx->args[0];\n    ev->length = (__u64)ctx->args[1];\n    ev->length2 = 0;\n    ev->flags = 0;\n"
 	case "sys_enter_mremap":
-- 
cgit v1.2.3