blob: f3840759eab45109ed8e3d70c4f66ffad2b33dd0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
|
//+build ignore
#define MAX_FILENAME_LENGTH 256
#define MAX_PROGNAME_LENGTH 16
#define ENTER_OPEN_EVENT 1
#define EXIT_OPEN_EVENT 2
#define ENTER_NULL_EVENT 3
#define EXIT_NULL_EVENT 4
#define ENTER_FD_EVENT 5
#define EXIT_FD_EVENT 6
#define ENTER_RET_EVENT 7
#define EXIT_RET_EVENT 8
#define ENTER_NAME_EVENT 9
#define EXIT_NAME_EVENT 10
#define ENTER_PATH_EVENT 11
#define EXIT_PATH_EVENT 12
#define ENTER_FCNTL_EVENT 13
#define EXIT_FCNTL_EVENT 14
#define ENTER_DUP3_EVENT 15
#define EXIT_DUP3_EVENT 16
#define ENTER_OPEN_BY_HANDLE_AT_EVENT 17
#define EXIT_OPEN_BY_HANDLE_AT_EVENT 18
#define ENTER_SOCKET_EVENT 19
#define EXIT_SOCKET_EVENT 20
#define ENTER_SOCKETPAIR_EVENT 21
#define EXIT_SOCKETPAIR_EVENT 22
#define ENTER_ACCEPT_EVENT 23
#define EXIT_ACCEPT_EVENT 24
#define ENTER_PIPE_EVENT 25
#define EXIT_PIPE_EVENT 26
#define ENTER_EVENTFD_EVENT 27
#define EXIT_EVENTFD_EVENT 28
#define ENTER_EPOLL_CTL_EVENT 29
#define EXIT_EPOLL_CTL_EVENT 30
#define ENTER_POLL_EVENT 31
#define EXIT_POLL_EVENT 32
#define ENTER_MEM_EVENT 33
#define EXIT_MEM_EVENT 34
#define ENTER_SLEEP_EVENT 35
#define EXIT_SLEEP_EVENT 36
#define ENTER_TWO_FD_EVENT 37
#define EXIT_TWO_FD_EVENT 38
#define ENTER_KEYCTL_EVENT 39
#define EXIT_KEYCTL_EVENT 40
#define ENTER_PTRACE_EVENT 41
#define EXIT_PTRACE_EVENT 42
#define ENTER_PERF_OPEN_EVENT 43
#define EXIT_PERF_OPEN_EVENT 44
#define ENTER_EXEC_EVENT 45
#define EXIT_EXEC_EVENT 46
#define UNCLASSIFIED 0
#define READ_CLASSIFIED 1
#define WRITE_CLASSIFIED 2
#define TRANSFER_CLASSIFIED 3
struct open_event {
__u32 event_type;
__u32 trace_id;
__u64 time;
__u32 pid;
__u32 tid;
__s32 flags;
char filename[MAX_FILENAME_LENGTH];
char comm[MAX_PROGNAME_LENGTH];
};
struct exec_event {
__u32 event_type;
__u32 trace_id;
__u64 time;
__u32 pid;
__u32 tid;
__s32 dirfd;
__s32 flags;
char filename[MAX_FILENAME_LENGTH];
char comm[MAX_PROGNAME_LENGTH];
};
struct null_event {
__u32 event_type;
__u32 trace_id;
__u64 time;
__u32 pid;
__u32 tid;
};
struct fd_event {
__u32 event_type;
__u32 trace_id;
__u64 time;
__u32 pid;
__u32 tid;
__s32 fd;
};
struct ret_event {
__u32 event_type;
__u32 trace_id;
__u64 time;
__s64 ret;
__u32 pid;
__u32 tid;
__u32 ret_type;
};
struct name_event {
__u32 event_type;
__u32 trace_id;
__u64 time;
__u32 pid;
__u32 tid;
char oldname[MAX_FILENAME_LENGTH];
char newname[MAX_FILENAME_LENGTH];
};
struct path_event {
__u32 event_type;
__u32 trace_id;
__u64 time;
__u32 pid;
__u32 tid;
char pathname[MAX_FILENAME_LENGTH];
};
struct fcntl_event {
__u32 event_type;
__u32 trace_id;
__u64 time;
__u32 pid;
__u32 tid;
__u32 fd;
__u32 cmd;
__u64 arg;
};
// dup and dup2 are just fd_events, but dup3 also has the additional flags
struct dup3_event {
__u32 event_type;
__u32 trace_id;
__u64 time;
__u32 pid;
__u32 tid;
__s32 fd;
__s32 flags;
};
struct open_by_handle_at_event {
__u32 event_type;
__u32 trace_id;
__u64 time;
__u32 pid;
__u32 tid;
__s32 flags;
};
struct socket_event {
__u32 event_type;
__u32 trace_id;
__u64 time;
__u32 pid;
__u32 tid;
__s32 family;
__s32 type;
__s32 protocol;
};
struct socketpair_event {
__u32 event_type;
__u32 trace_id;
__u64 time;
__u32 pid;
__u32 tid;
__s32 family;
__s32 type;
__s32 protocol;
__s32 sv0;
__s32 sv1;
__s64 ret;
};
struct accept_event {
__u32 event_type;
__u32 trace_id;
__u64 time;
__u32 pid;
__u32 tid;
__s32 fd;
__s64 ret;
};
struct pipe_event {
__u32 event_type;
__u32 trace_id;
__u64 time;
__u32 pid;
__u32 tid;
__s32 flags;
__s32 fd0;
__s32 fd1;
__s64 ret;
};
struct eventfd_event {
__u32 event_type;
__u32 trace_id;
__u64 time;
__u32 pid;
__u32 tid;
__s32 flags;
__s64 ret;
};
struct epoll_ctl_event {
__u32 event_type;
__u32 trace_id;
__u64 time;
__u32 pid;
__u32 tid;
__s32 epfd;
__s32 op;
__s32 fd;
__u32 events;
};
struct poll_event {
__u32 event_type;
__u32 trace_id;
__u64 time;
__u32 pid;
__u32 tid;
__s32 nfds;
__s64 timeout_ns;
};
struct mem_event {
__u32 event_type;
__u32 trace_id;
__u64 time;
__u32 pid;
__u32 tid;
__u64 addr;
__u64 length;
__u64 length2;
__u64 flags;
};
struct sleep_event {
__u32 event_type;
__u32 trace_id;
__u64 time;
__u32 pid;
__u32 tid;
__s64 requested_ns;
};
struct two_fd_event {
__u32 event_type;
__u32 trace_id;
__u64 time;
__u32 pid;
__u32 tid;
__s32 fd_a;
__s32 fd_b;
__u64 extra;
};
struct keyctl_event {
__u32 event_type;
__u32 trace_id;
__u64 time;
__u32 pid;
__u32 tid;
__s32 option;
__s32 key_serial;
__u64 value;
};
struct ptrace_event {
__u32 event_type;
__u32 trace_id;
__u64 time;
__u32 pid;
__u32 tid;
__s64 request;
__s32 target_pid;
__s32 _pad;
__u64 data;
};
struct perf_open_event {
__u32 event_type;
__u32 trace_id;
__u64 time;
__u32 pid;
__u32 tid;
__u32 attr_type;
__u32 attr_size;
__u64 config;
__s32 target_pid;
__s32 cpu;
__s32 group_fd;
__u32 flags;
};
|
