From 0f3e937fff5e8e7407f262694e8e2558bcfec703 Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Sun, 11 Feb 2024 00:02:38 +0200
Subject: refactor

---
 maps.bpf.h | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 maps.bpf.h

(limited to 'maps.bpf.h')

diff --git a/maps.bpf.h b/maps.bpf.h
new file mode 100644
index 0000000..afa1064
--- /dev/null
+++ b/maps.bpf.h
@@ -0,0 +1,36 @@
+//+build ignore
+
+struct open_event {
+    int fd;
+    int op_id;
+    u32 tid;
+    char filename[256];
+    char comm[16];
+};
+
+struct {
+    __uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
+    __uint(key_size, sizeof(u32));
+    __uint(value_size, sizeof(u32));
+} open_event_map SEC(".maps");
+
+// Map to temporarily store the filename from sys_enter_openat
+struct {
+    __uint(type, BPF_MAP_TYPE_HASH);
+    __uint(key_size, sizeof(u32));
+    __uint(value_size, sizeof(struct open_event));
+    __uint(max_entries, 128); // Adjust size as needed
+} open_event_temp_map SEC(".maps");
+
+struct fd_event {
+    int fd;
+    int op_id;
+    u32 tid;
+};
+
+struct {
+    __uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
+    __uint(key_size, sizeof(u32));
+    __uint(value_size, sizeof(u32));
+} fd_event_map SEC(".maps");
+
-- 
cgit v1.2.3