diff options
| author | Baitinq <manuelpalenzuelamerino@gmail.com> | 2024-04-22 23:47:38 +0200 |
|---|---|---|
| committer | Baitinq <manuelpalenzuelamerino@gmail.com> | 2024-04-22 23:47:38 +0200 |
| commit | ca0bcdcc28d110e21d9a225387ef47a467057730 (patch) | |
| tree | 670c582ff4d0ba7808b778f8d6d8e746817aaa04 /fs-tracer-ebpf | |
| parent | fix undefined fn (diff) | |
| download | fs-tracer-ca0bcdcc28d110e21d9a225387ef47a467057730.tar.gz fs-tracer-ca0bcdcc28d110e21d9a225387ef47a467057730.tar.bz2 fs-tracer-ca0bcdcc28d110e21d9a225387ef47a467057730.zip | |
TODO
Diffstat (limited to 'fs-tracer-ebpf')
| -rw-r--r-- | fs-tracer-ebpf/src/syscalls/open.rs | 62 |
1 files changed, 34 insertions, 28 deletions
diff --git a/fs-tracer-ebpf/src/syscalls/open.rs b/fs-tracer-ebpf/src/syscalls/open.rs index 58ff464..8f48672 100644 --- a/fs-tracer-ebpf/src/syscalls/open.rs +++ b/fs-tracer-ebpf/src/syscalls/open.rs @@ -66,7 +66,14 @@ unsafe fn handle_sys_open_enter(ctx: TracePointContext) -> Result<c_long, c_long ) }; - info!(&ctx, "filename: {} dfd: {}", filename, args.dfd); + info!( + &ctx, + "filename: {} dfd: {}, flags: {}, pid: {}", + filename, + args.dfd, + args.flags, + ctx.pid() + ); if filename.len() < 3 { return Ok(0); @@ -74,37 +81,36 @@ unsafe fn handle_sys_open_enter(ctx: TracePointContext) -> Result<c_long, c_long //let kbuf = get_buf(&PATH_BUF)?; //info!(&ctx, "count: {}", kbuf.buf.len()); - let (s, s1) = filename.split_at(0); //tODO this doesnt work - if s == "/" { - info!(&ctx, "SHIITT AINT RELATIVE BOIIIIIIIIIIIIIIIIIIIIIIII"); - return Ok(0); - } else { - info!(&ctx, "relative call! {} {}", s, s1); - } - + // let (s, s1) = filename.split_at(0); //tODO this doesnt work + // if s == "/" { + // // info!(&ctx, "SHIITT AINT RELATIVE BOIIIIIIIIIIIIIIIIIIIIIIII"); + // return Ok(0); + // } else { + // // info!(&ctx, "relative call! {} {}", s, s1); + // } //TODO // if filename.get(0).unwrap_unchecked() == '/' { // return Ok(0); //} - - let mut task = bpf_get_current_task_btf() as *mut task_struct; - let pwd = get_task_pwd(&ctx, task)?; - - info!(&ctx, "PWD: {}", pwd); - - // let tgid: u32 = ctx.tgid(); - // let _ = SYSCALL_ENTERS.insert( - // &tgid, - // &SyscallInfo::Open(OpenSyscallBPF { - // pid: ctx.pid(), - // dfd: args.dfd, - // filename: buf.buf, - // mode: args.mode, - // flags: args.flags, - // ret: -9999, - // }), - // 0, - // ); + // let mut task = bpf_get_current_task_btf() as *mut task_struct; + // let pwd = get_task_pwd(&ctx, task)?; + // + // info!(&ctx, "PWD: {}", pwd); + let mut anotherbuf = [0u8; 96]; + let _ = bpf_probe_read_kernel_str_bytes(buf.buf.as_ptr(), &mut anotherbuf); + let tgid: u32 = ctx.tgid(); + let _ = SYSCALL_ENTERS.insert( + &tgid, + &SyscallInfo::Open(OpenSyscallBPF { + pid: ctx.pid(), + dfd: args.dfd, + filename: anotherbuf, + mode: args.mode, + flags: args.flags, + ret: -9999, + }), + 0, + ); Ok(0) } |