From 04fa01992ad88ea8e9cd05e7cbb9f81087b23aff Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Fri, 16 Feb 2024 01:56:13 +0200
Subject: move some files to internal types

---
 internal/types/maps.bpf.h  | 13 +++++++++++++
 internal/types/types.bpf.h | 37 +++++++++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+)
 create mode 100644 internal/types/maps.bpf.h
 create mode 100644 internal/types/types.bpf.h

(limited to 'internal')

diff --git a/internal/types/maps.bpf.h b/internal/types/maps.bpf.h
new file mode 100644
index 0000000..dc55993
--- /dev/null
+++ b/internal/types/maps.bpf.h
@@ -0,0 +1,13 @@
+//+build ignore
+
+struct {
+    __uint(type, BPF_MAP_TYPE_RINGBUF);
+    __uint(max_entries, 1 << 24);
+} event_map SEC(".maps");
+
+struct {
+   __uint(type, BPF_MAP_TYPE_HASH);
+   __type(key, u32);
+   __type(value, struct flags);
+   __uint(max_entries, 1 << 24);
+} flags_map SEC(".maps");
diff --git a/internal/types/types.bpf.h b/internal/types/types.bpf.h
new file mode 100644
index 0000000..57feaaa
--- /dev/null
+++ b/internal/types/types.bpf.h
@@ -0,0 +1,37 @@
+//+build ignore
+
+// These types mirror the Go types from internal/types/types.go
+//
+#define MAX_FILENAME_LENGTH 256
+#define MAX_PROGNAME_LENGTH 16
+
+#define OPENAT_ENTER_OP_ID 1
+#define OPENAT_EXIT_OP_ID 2
+#define CLOSE_ENTER_OP_ID 3
+#define CLOSE_EXIT_OP_ID 4
+
+struct null_event {
+    __u32 op_id;
+    __u32 tid;
+    __u64 time;
+};
+
+struct fd_event {
+    __u32 op_id;
+    __u32 tid;
+    __u64 time;
+    __s32 fd;
+};
+
+struct openat_enter_event {
+    __u32 op_id; 
+    __u32 tid;
+    __u64 time;
+    char filename[MAX_FILENAME_LENGTH];
+    char comm[MAX_PROGNAME_LENGTH];
+};
+
+struct flags {
+   __u32 uid_filter;
+};
+
-- 
cgit v1.2.3