diff options
author | Baitinq <manuelpalenzuelamerino@gmail.com> | 2024-06-09 23:23:52 +0200 |
---|---|---|
committer | Baitinq <manuelpalenzuelamerino@gmail.com> | 2024-06-09 23:54:34 +0200 |
commit | c776f2ea2e6387b26994601cebde8819ab237a3f (patch) | |
tree | 85368296518f547a3cad1dc00f0898d02faebfc2 /fs-tracer-ebpf | |
parent | fs-tracer: Cleanup (diff) | |
download | fs-tracer-c776f2ea2e6387b26994601cebde8819ab237a3f.tar.gz fs-tracer-c776f2ea2e6387b26994601cebde8819ab237a3f.tar.bz2 fs-tracer-c776f2ea2e6387b26994601cebde8819ab237a3f.zip |
fs-tracer: Handle open files state
Diffstat (limited to 'fs-tracer-ebpf')
-rw-r--r-- | fs-tracer-ebpf/src/syscalls/open.rs | 18 | ||||
-rw-r--r-- | fs-tracer-ebpf/src/syscalls/write.rs | 1 |
2 files changed, 10 insertions, 9 deletions
diff --git a/fs-tracer-ebpf/src/syscalls/open.rs b/fs-tracer-ebpf/src/syscalls/open.rs index 8f48672..9d5280d 100644 --- a/fs-tracer-ebpf/src/syscalls/open.rs +++ b/fs-tracer-ebpf/src/syscalls/open.rs @@ -66,14 +66,14 @@ unsafe fn handle_sys_open_enter(ctx: TracePointContext) -> Result<c_long, c_long ) }; - info!( - &ctx, - "filename: {} dfd: {}, flags: {}, pid: {}", - filename, - args.dfd, - args.flags, - ctx.pid() - ); + // info!( + // &ctx, + // "filename: {} dfd: {}, flags: {}, pid: {}", + // filename, + // args.dfd, + // args.flags, + // ctx.pid() + // ); if filename.len() < 3 { return Ok(0); @@ -116,7 +116,7 @@ unsafe fn handle_sys_open_enter(ctx: TracePointContext) -> Result<c_long, c_long unsafe fn handle_sys_open_exit(ctx: TracePointContext) -> Result<c_long, c_long> { //info!(&ctx, "handle_sys_open_exit start"); - let ret = ctx.read_at::<c_long>(16)?; //TODO: We cant use unwrap, thats why we couldnt use the aya helper fns + let ret = ctx.read_at::<c_int>(16)?; //TODO: We cant use unwrap, thats why we couldnt use the aya helper fns let tgid = ctx.tgid(); if let Some(syscall) = SYSCALL_ENTERS.get(&tgid) diff --git a/fs-tracer-ebpf/src/syscalls/write.rs b/fs-tracer-ebpf/src/syscalls/write.rs index efad6f8..232dfba 100644 --- a/fs-tracer-ebpf/src/syscalls/write.rs +++ b/fs-tracer-ebpf/src/syscalls/write.rs @@ -39,6 +39,7 @@ unsafe fn handle_sys_write_enter(ctx: TracePointContext) -> Result<c_long, c_lon let mut anotherbuf = [0u8; 96]; let _ = bpf_probe_read_kernel_str_bytes(buf_ref.as_ptr(), &mut anotherbuf); + // info!(&ctx, "handle_sys_write fd: {} pid: {}", args.fd, ctx.pid()); let tgid: u32 = ctx.tgid(); let _ = SYSCALL_ENTERS.insert( |