maps.bpf.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

//+build ignore

struct open_event {
    int fd;
    int op_id;
    u32 tid;
    long enter_time;
    long exit_time;
    char filename[256];
    char comm[16];
};

struct {
    __uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
    __uint(key_size, sizeof(u32));
    __uint(value_size, sizeof(u32));
} open_event_map SEC(".maps");

// Map to temporarily store the filename from sys_enter_openat
struct {
    __uint(type, BPF_MAP_TYPE_HASH);
    __uint(key_size, sizeof(u32));
    __uint(value_size, sizeof(struct open_event));
    __uint(max_entries, 128); // Adjust size as needed
} open_event_temp_map SEC(".maps");

struct fd_event {
    int fd;
    int op_id;
    u32 tid;
    long enter_time;
    long exit_time;
};

struct {
    __uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
    __uint(key_size, sizeof(u32));
    __uint(value_size, sizeof(u32));
} fd_event_map SEC(".maps");