about summary refs log tree commit diff
path: root/fs-tracer-ebpf/src/main.rs
diff options
context:
space:
mode:
Diffstat (limited to 'fs-tracer-ebpf/src/main.rs')
-rw-r--r--fs-tracer-ebpf/src/main.rs38
1 files changed, 26 insertions, 12 deletions
diff --git a/fs-tracer-ebpf/src/main.rs b/fs-tracer-ebpf/src/main.rs
index 03ac2ba..36365d8 100644
--- a/fs-tracer-ebpf/src/main.rs
+++ b/fs-tracer-ebpf/src/main.rs
@@ -1,9 +1,12 @@
 #![no_std]
 #![no_main]
 
+use core::ffi::c_void;
+use core::str;
+
 use aya_bpf::{
     macros::tracepoint,
-    programs::TracePointContext, BpfContext, cty::{int32_t, uint32_t},
+    programs::TracePointContext, BpfContext, helpers::gen
 };
 use aya_log_ebpf::info;
 
@@ -23,17 +26,17 @@ fn ptr_at<T>(ctx: &TracePointContext, offset: usize) -> Option<*const T> {
 }
 
 fn try_fs_tracer(ctx: TracePointContext) -> Result<u32, u32> {
-    let syscall_nr = unsafe { * ptr_at::<int32_t>(&ctx, 8).unwrap() };
+    let syscall_nr = unsafe { * ptr_at::<i32>(&ctx, 8).unwrap() };
     
     return handle_syscall(ctx, syscall_nr);
 }
 
 fn handle_syscall(ctx: TracePointContext, syscall_nr: i32) -> Result<u32, u32> {
     match syscall_nr {
-        1 => { //i dont think the numbers are right
+        1 => {
             return handle_sys_write(ctx);
         },
-        3 => {
+        2 => {
             return Ok(0)
             //handle_sys_open(ctx);
         },
@@ -41,11 +44,12 @@ fn handle_syscall(ctx: TracePointContext, syscall_nr: i32) -> Result<u32, u32> {
             return Ok(0)
             //handle_sys_lseek(ctx);
         },
-        57 => {
+        3 => {
             return Ok(0)
             //handle_sys_close(ctx);
         },
         _ => {
+            info!(&ctx, "unhandled syscall: {}", syscall_nr);
             panic!("syscall: {}",syscall_nr);
         }
     }
@@ -53,21 +57,31 @@ fn handle_syscall(ctx: TracePointContext, syscall_nr: i32) -> Result<u32, u32> {
 
 #[derive(Clone, Copy)]
 struct WriteArgs {
-    fd: int32_t,
+    fd: u64,
     buf: *const u8,
-    count: uint32_t,
+    count: u64,
 }
 
 fn handle_sys_write(ctx: TracePointContext) -> Result<u32, u32> {
-    info!(&ctx, "handle_sys_write");
-    let args = unsafe { *ptr_at::<WriteArgs>(&ctx, 0).unwrap() };
-    
-    info!(&ctx, "fd: {}", args.fd);
+    info!(&ctx, "handle_sys_write start");
+    let args = unsafe { *ptr_at::<WriteArgs>(&ctx, 16).unwrap() };
 
+    info!(&ctx, "argfs fd: {}", args.fd);
+    let mut buf = [0u8; 256];
+    get_string_from_userspace(args.buf, &mut buf);
+    let buf_ref = &buf;
+    info!(&ctx, "buf: {}", unsafe { str::from_utf8_unchecked(buf_ref) });
+    info!(&ctx, "count: {}", args.count);
+
+    info!(&ctx, "handle_sys_write end");
     return Ok(0)
+} //TODO: Communicate with userspace (share a some data structure in memory?)
+
+fn get_string_from_userspace(ptr: *const u8, buf: &mut [u8]) {
+    unsafe { gen::bpf_probe_read_user_str( buf.as_mut_ptr() as *mut c_void, buf.len() as u32, ptr as *const c_void) };
 }
 
 #[panic_handler]
 fn panic(_info: &core::panic::PanicInfo) -> ! {
     unsafe { core::hint::unreachable_unchecked() }
-}
+}
\ No newline at end of file
generated by cgit-pink (baitinq) at 2025-01-23 04:13:09 +0000