From f397900adc835d3ff91080398c65e50070dc3233 Mon Sep 17 00:00:00 2001
From: Fancy Zhang <springzfx@gmail.com>
Date: Fri, 10 Jul 2020 23:06:52 +0800
Subject: [PATCH] support aarch64

---
 .gitignore                                    |   2 +-
 CMakeLists.txt                                |   2 +-
 .../aarch64/execsnoop_kern_skel.h             | 216 ++++++++++++++++++
 execsnoop-kernel/arm_docker.md                |  40 ++++
 execsnoop-kernel/execsnoop                    | Bin 17616 -> 0 bytes
 execsnoop-kernel/execsnoop_kern.c             |   2 +-
 execsnoop-kernel/execsnoop_kern.o             | Bin 2320 -> 0 bytes
 execsnoop-kernel/execsnoop_share.cpp          |  12 +-
 execsnoop-kernel/execsnoop_user_1.c           |   9 +-
 execsnoop-kernel/readme.md                    |  89 +++++++-
 .../{ => x86_64}/execsnoop_kern_skel.h        |   6 +-
 pack/CMakeLists.txt                           |  12 +-
 12 files changed, 364 insertions(+), 26 deletions(-)
 create mode 100644 execsnoop-kernel/aarch64/execsnoop_kern_skel.h
 create mode 100644 execsnoop-kernel/arm_docker.md
 delete mode 100755 execsnoop-kernel/execsnoop
 delete mode 100644 execsnoop-kernel/execsnoop_kern.o
 rename execsnoop-kernel/{ => x86_64}/execsnoop_kern_skel.h (97%)

diff --git a/.gitignore b/.gitignore
index a5231de..542db4c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
-build
+build*
 .directory
 .clangd
 v2ray_config/proxy
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 58d68ba..02ad0d8 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -6,7 +6,7 @@ project(cgproxy VERSION 0.18)
 
 include(GNUInstallDirs)
 
-add_compile_options(-Wall -Wextra -Wpedantic -Wno-unused-result -Wno-unused-parameter)
+add_compile_options(-Wall -Wextra -Wpedantic -Wno-unused-result -Wno-unused-parameter -Wl,--no-undefined)
 
 # for clangd
 set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
diff --git a/execsnoop-kernel/aarch64/execsnoop_kern_skel.h b/execsnoop-kernel/aarch64/execsnoop_kern_skel.h
new file mode 100644
index 0000000..fc051e1
--- /dev/null
+++ b/execsnoop-kernel/aarch64/execsnoop_kern_skel.h
@@ -0,0 +1,216 @@
+/* SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause) */
+
+/* THIS FILE IS AUTOGENERATED! */
+#ifndef __EXECSNOOP_KERN_SKEL_H__
+#define __EXECSNOOP_KERN_SKEL_H__
+
+#include <stdlib.h>
+#include <bpf/libbpf.h>
+
+struct execsnoop_kern {
+	struct bpf_object_skeleton *skeleton;
+	struct bpf_object *obj;
+	struct {
+		struct bpf_map *perf_events;
+		struct bpf_map *records;
+	} maps;
+	struct {
+		struct bpf_program *syscall_enter_execve;
+		struct bpf_program *syscall_exit_execve;
+	} progs;
+	struct {
+		struct bpf_link *syscall_enter_execve;
+		struct bpf_link *syscall_exit_execve;
+	} links;
+};
+
+static void
+execsnoop_kern__destroy(struct execsnoop_kern *obj)
+{
+	if (!obj)
+		return;
+	if (obj->skeleton)
+		bpf_object__destroy_skeleton(obj->skeleton);
+	free(obj);
+}
+
+static inline int
+execsnoop_kern__create_skeleton(struct execsnoop_kern *obj);
+
+static inline struct execsnoop_kern *
+execsnoop_kern__open_opts(const struct bpf_object_open_opts *opts)
+{
+	struct execsnoop_kern *obj;
+
+	obj = (typeof(obj))calloc(1, sizeof(*obj));
+	if (!obj)
+		return NULL;
+	if (execsnoop_kern__create_skeleton(obj))
+		goto err;
+	if (bpf_object__open_skeleton(obj->skeleton, opts))
+		goto err;
+
+	return obj;
+err:
+	execsnoop_kern__destroy(obj);
+	return NULL;
+}
+
+static inline struct execsnoop_kern *
+execsnoop_kern__open(void)
+{
+	return execsnoop_kern__open_opts(NULL);
+}
+
+static inline int
+execsnoop_kern__load(struct execsnoop_kern *obj)
+{
+	return bpf_object__load_skeleton(obj->skeleton);
+}
+
+static inline struct execsnoop_kern *
+execsnoop_kern__open_and_load(void)
+{
+	struct execsnoop_kern *obj;
+
+	obj = execsnoop_kern__open();
+	if (!obj)
+		return NULL;
+	if (execsnoop_kern__load(obj)) {
+		execsnoop_kern__destroy(obj);
+		return NULL;
+	}
+	return obj;
+}
+
+static inline int
+execsnoop_kern__attach(struct execsnoop_kern *obj)
+{
+	return bpf_object__attach_skeleton(obj->skeleton);
+}
+
+static inline void
+execsnoop_kern__detach(struct execsnoop_kern *obj)
+{
+	return bpf_object__detach_skeleton(obj->skeleton);
+}
+
+static inline int
+execsnoop_kern__create_skeleton(struct execsnoop_kern *obj)
+{
+	struct bpf_object_skeleton *s;
+
+	s = (typeof(s))calloc(1, sizeof(*s));
+	if (!s)
+		return -1;
+	obj->skeleton = s;
+
+	s->sz = sizeof(*s);
+	s->name = "execsnoop_kern";
+	s->obj = &obj->obj;
+
+	/* maps */
+	s->map_cnt = 2;
+	s->map_skel_sz = sizeof(*s->maps);
+	s->maps = (typeof(s->maps))calloc(s->map_cnt, s->map_skel_sz);
+	if (!s->maps)
+		goto err;
+
+	s->maps[0].name = "perf_events";
+	s->maps[0].map = &obj->maps.perf_events;
+
+	s->maps[1].name = "records";
+	s->maps[1].map = &obj->maps.records;
+
+	/* programs */
+	s->prog_cnt = 2;
+	s->prog_skel_sz = sizeof(*s->progs);
+	s->progs = (typeof(s->progs))calloc(s->prog_cnt, s->prog_skel_sz);
+	if (!s->progs)
+		goto err;
+
+	s->progs[0].name = "syscall_enter_execve";
+	s->progs[0].prog = &obj->progs.syscall_enter_execve;
+	s->progs[0].link = &obj->links.syscall_enter_execve;
+
+	s->progs[1].name = "syscall_exit_execve";
+	s->progs[1].prog = &obj->progs.syscall_exit_execve;
+	s->progs[1].link = &obj->links.syscall_exit_execve;
+
+	s->data_sz = 2024;
+	s->data = (void *)"\
+\x7f\x45\x4c\x46\x02\x01\x01\0\0\0\0\0\0\0\0\0\x01\0\xf7\0\x01\0\0\0\0\0\0\0\0\
+\0\0\0\0\0\0\0\0\0\0\0\x28\x05\0\0\0\0\0\0\0\0\0\0\x40\0\0\0\0\0\x40\0\x0b\0\
+\x01\0\x85\0\0\0\x0e\0\0\0\xbf\x06\0\0\0\0\0\0\x63\x6a\xfc\xff\0\0\0\0\x85\0\0\
+\0\x0f\0\0\0\xbf\x07\0\0\0\0\0\0\xb7\x01\0\0\0\0\0\0\x7b\x1a\xe8\xff\0\0\0\0\
+\x7b\x1a\xe0\xff\0\0\0\0\x7b\x1a\xd8\xff\0\0\0\0\x7b\x1a\xd0\xff\0\0\0\0\xbf\
+\xa2\0\0\0\0\0\0\x07\x02\0\0\xfc\xff\xff\xff\xbf\xa3\0\0\0\0\0\0\x07\x03\0\0\
+\xd0\xff\xff\xff\x18\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xb7\x04\0\0\x01\0\0\0\x85\
+\0\0\0\x02\0\0\0\x67\0\0\0\x20\0\0\0\x77\0\0\0\x20\0\0\0\x55\0\x19\0\0\0\0\0\
+\xbf\xa2\0\0\0\0\0\0\x07\x02\0\0\xfc\xff\xff\xff\x18\x01\0\0\0\0\0\0\0\0\0\0\0\
+\0\0\0\x85\0\0\0\x01\0\0\0\xbf\x08\0\0\0\0\0\0\x15\x08\x12\0\0\0\0\0\x77\x06\0\
+\0\x20\0\0\0\x61\xa1\xfc\xff\0\0\0\0\x63\x78\x1c\0\0\0\0\0\x63\x68\x14\0\0\0\0\
+\0\x63\x18\x10\0\0\0\0\0\x85\0\0\0\x23\0\0\0\x07\0\0\0\x78\x04\0\0\xbf\xa1\0\0\
+\0\0\0\0\x07\x01\0\0\xf0\xff\xff\xff\xb7\x02\0\0\x08\0\0\0\xbf\x03\0\0\0\0\0\0\
+\x85\0\0\0\x04\0\0\0\x07\x08\0\0\x18\0\0\0\x79\xa3\xf0\xff\0\0\0\0\x07\x03\0\0\
+\x6c\x04\0\0\xbf\x81\0\0\0\0\0\0\xb7\x02\0\0\x04\0\0\0\x85\0\0\0\x04\0\0\0\xb7\
+\0\0\0\0\0\0\0\x95\0\0\0\0\0\0\0\xbf\x16\0\0\0\0\0\0\x85\0\0\0\x0e\0\0\0\x63\
+\x0a\xfc\xff\0\0\0\0\xbf\xa2\0\0\0\0\0\0\x07\x02\0\0\xfc\xff\xff\xff\x18\x01\0\
+\0\0\0\0\0\0\0\0\0\0\0\0\0\x85\0\0\0\x01\0\0\0\xbf\x07\0\0\0\0\0\0\x15\x07\x13\
+\0\0\0\0\0\x79\x61\x10\0\0\0\0\0\xb7\x02\0\0\0\0\0\0\x6d\x12\x0b\0\0\0\0\0\xbf\
+\x71\0\0\0\0\0\0\xb7\x02\0\0\x10\0\0\0\x85\0\0\0\x10\0\0\0\xbf\x61\0\0\0\0\0\0\
+\x18\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x18\x03\0\0\xff\xff\xff\xff\0\0\0\0\0\0\0\
+\0\xbf\x74\0\0\0\0\0\0\xb7\x05\0\0\x20\0\0\0\x85\0\0\0\x19\0\0\0\xbf\xa2\0\0\0\
+\0\0\0\x07\x02\0\0\xfc\xff\xff\xff\x18\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x85\0\0\
+\0\x03\0\0\0\xb7\0\0\0\0\0\0\0\x95\0\0\0\0\0\0\0\x01\0\0\0\x04\0\0\0\x20\0\0\0\
+\0\x28\0\0\0\0\0\0\x04\0\0\0\x04\0\0\0\x04\0\0\0\x80\0\0\0\0\0\0\0\x47\x50\x4c\
+\0\x06\x07\x05\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xac\0\0\0\x04\
+\0\xf1\xff\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xdb\0\0\0\0\0\x03\0\x70\x01\0\0\0\0\
+\0\0\0\0\0\0\0\0\0\0\xd4\0\0\0\0\0\x05\0\xc0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xcd\
+\0\0\0\0\0\x05\0\xe8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xa3\0\0\0\x11\0\x08\0\0\0\0\
+\0\0\0\0\0\x04\0\0\0\0\0\0\0\x20\0\0\0\x11\0\x09\0\0\0\0\0\0\0\0\0\x04\0\0\0\0\
+\0\0\0\x07\0\0\0\x11\0\x07\0\x14\0\0\0\0\0\0\0\x14\0\0\0\0\0\0\0\x18\0\0\0\x11\
+\0\x07\0\0\0\0\0\0\0\0\0\x14\0\0\0\0\0\0\0\x8e\0\0\0\x12\0\x03\0\0\0\0\0\0\0\0\
+\0\x80\x01\0\0\0\0\0\0\x51\0\0\0\x12\0\x05\0\0\0\0\0\0\0\0\0\xf8\0\0\0\0\0\0\0\
+\x70\0\0\0\0\0\0\0\x01\0\0\0\x08\0\0\0\xb8\0\0\0\0\0\0\0\x01\0\0\0\x08\0\0\0\
+\x28\0\0\0\0\0\0\0\x01\0\0\0\x08\0\0\0\x88\0\0\0\0\0\0\0\x01\0\0\0\x07\0\0\0\
+\xd0\0\0\0\0\0\0\0\x01\0\0\0\x08\0\0\0\0\x2e\x74\x65\x78\x74\0\x70\x65\x72\x66\
+\x5f\x65\x76\x65\x6e\x74\x73\0\x6d\x61\x70\x73\0\x72\x65\x63\x6f\x72\x64\x73\0\
+\x5f\x76\x65\x72\x73\x69\x6f\x6e\0\x2e\x72\x65\x6c\x74\x72\x61\x63\x65\x70\x6f\
+\x69\x6e\x74\x2f\x73\x79\x73\x63\x61\x6c\x6c\x73\x2f\x73\x79\x73\x5f\x65\x78\
+\x69\x74\x5f\x65\x78\x65\x63\x76\x65\0\x73\x79\x73\x63\x61\x6c\x6c\x5f\x65\x78\
+\x69\x74\x5f\x65\x78\x65\x63\x76\x65\0\x2e\x72\x65\x6c\x74\x72\x61\x63\x65\x70\
+\x6f\x69\x6e\x74\x2f\x73\x79\x73\x63\x61\x6c\x6c\x73\x2f\x73\x79\x73\x5f\x65\
+\x6e\x74\x65\x72\x5f\x65\x78\x65\x63\x76\x65\0\x73\x79\x73\x63\x61\x6c\x6c\x5f\
+\x65\x6e\x74\x65\x72\x5f\x65\x78\x65\x63\x76\x65\0\x5f\x6c\x69\x63\x65\x6e\x73\
+\x65\0\x65\x78\x65\x63\x73\x6e\x6f\x6f\x70\x5f\x6b\x65\x72\x6e\x2e\x63\0\x2e\
+\x73\x74\x72\x74\x61\x62\0\x2e\x73\x79\x6d\x74\x61\x62\0\x4c\x42\x42\x31\x5f\
+\x34\0\x4c\x42\x42\x31\x5f\x33\0\x4c\x42\x42\x30\x5f\x33\0\0\0\0\0\0\0\0\0\0\0\
+\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
+\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xbd\0\0\0\x03\0\0\0\0\0\0\0\0\0\0\0\
+\0\0\0\0\0\0\0\0\x40\x04\0\0\0\0\0\0\xe2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\
+\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\x01\0\0\0\x06\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
+\0\x40\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x04\0\0\0\0\0\0\0\0\0\0\0\
+\0\0\0\0\x69\0\0\0\x01\0\0\0\x06\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x40\0\0\0\0\0\0\
+\0\x80\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x08\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x65\0\
+\0\0\x09\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xf0\x03\0\0\0\0\0\0\x20\0\0\0\0\
+\0\0\0\x0a\0\0\0\x03\0\0\0\x08\0\0\0\0\0\0\0\x10\0\0\0\0\0\0\0\x2d\0\0\0\x01\0\
+\0\0\x06\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xc0\x01\0\0\0\0\0\0\xf8\0\0\0\0\0\0\0\0\
+\0\0\0\0\0\0\0\x08\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x29\0\0\0\x09\0\0\0\0\0\0\0\0\
+\0\0\0\0\0\0\0\0\0\0\0\x10\x04\0\0\0\0\0\0\x30\0\0\0\0\0\0\0\x0a\0\0\0\x05\0\0\
+\0\x08\0\0\0\0\0\0\0\x10\0\0\0\0\0\0\0\x13\0\0\0\x01\0\0\0\x03\0\0\0\0\0\0\0\0\
+\0\0\0\0\0\0\0\xb8\x02\0\0\0\0\0\0\x28\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x04\0\0\0\
+\0\0\0\0\0\0\0\0\0\0\0\0\xa4\0\0\0\x01\0\0\0\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
+\xe0\x02\0\0\0\0\0\0\x04\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\
+\0\0\0\0\0\x21\0\0\0\x01\0\0\0\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xe4\x02\0\0\0\
+\0\0\0\x04\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x04\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xc5\
+\0\0\0\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xe8\x02\0\0\0\0\0\0\x08\x01\0\
+\0\0\0\0\0\x01\0\0\0\x05\0\0\0\x08\0\0\0\0\0\0\0\x18\0\0\0\0\0\0\0";
+
+	return 0;
+err:
+	bpf_object__destroy_skeleton(s);
+	return -1;
+}
+
+#endif /* __EXECSNOOP_KERN_SKEL_H__ */
diff --git a/execsnoop-kernel/arm_docker.md b/execsnoop-kernel/arm_docker.md
new file mode 100644
index 0000000..ee79a04
--- /dev/null
+++ b/execsnoop-kernel/arm_docker.md
@@ -0,0 +1,40 @@
+## Arm64 docker
+
+https://www.stereolabs.com/docs/docker/building-arm-container-on-x86/
+
+https://wiki.debian.org/QemuUserEmulation
+
+- install
+
+```bash
+# install qemu with user emulation
+pacman -S qemu qemu-user-static
+# docker
+docker pull arm64v8/ubuntu
+docker pull multiarch/qemu-user-static
+# register
+docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
+```
+
+- test
+
+```bash
+docker run --rm -t arm64/ubuntu uname -m
+```
+
+- run
+
+```bash
+# start container background
+docker run -dit --name arm64 -v /home/fancy/workspace-xps:/data arm64v8/ubuntu
+
+# enter container
+docker exec -it arm64 bash
+# use another repository: https://mirrors.tuna.tsinghua.edu.cn/help/ubuntu/
+# install in container for kernel bpf build
+apt install install dialog apt-utils
+apt install build-essential gcc clang llvm
+apt install bison flex bc rsync libssl-dev binutils-dev libreadline-dev libelf 
+apt install make cmake nlohmann-json3-dev rpm
+```
+
diff --git a/execsnoop-kernel/execsnoop b/execsnoop-kernel/execsnoop
deleted file mode 100755
index 6dd8b56f7e7a8fa1cd660c53daba167854ad2305..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 17616
zcmeHPe{dYteSgwPmhg|0Z0w*KiWedn@xx~cj1dVAd$J_2GV%|MMAE5YIp3|Mv!%Ps
z-3lZpZJZi=IE0CtUu8U#jtMm5CbW~%Bv5EA5mU%eCSzL4IH73_gUu-rP-q}71+Jg(
zd+&R<yS}3|fApW~Y4*PF`}zKO?|t{}+uir}>5D!6y|pzpf>TI*N)UJaT!olgaB#iO
zfS96FEW+>aiwnd8@O2VXa#ImVRT`=F(?*SlK*{cimIvttT8}B$kSN(zOJ~ke5~iYA
z@nly|S<MIODJc|!Da%Xc8DxxP$lnq@vPkhvy>=9v6RVZ{gpME6<GS5vG-W$t$*!R7
z3fhk8990O3DaVsyLdTQZUyyc_5fW3<rL^^wo1lE_<&r&%_A6L0WxE?;NA>)uiNn54
zmsc$=ZMyzUb#uj<(d3SGYuAh>R*xoA;}feVI@hgUw>FYXN3N3XUXF@TpW3*2Q0)Ki
zia%R>>c#6X{6XX2{-kNs59*%z$-`7{sss5W9ZICn;V1er93+?RQUyyf;n%%2#a$8H
z*=ZR1%g%<y5@1FJ{4QXX^v|i{CsjrNhAR4lRq$0+@NHH6f2xZ9WzaWp1k=hY`iG!c
zsl9Jh!M|SxUtPuj&#UNPTSdPU`UZ|*>V^KrK@j|NI4afuQs^%gEn>!0MtnUA^w%Ak
zA?l#*!tNW`WG9@gGn~x1PIh3^hS7A&8Hnu|b%bpXkEK&~&W&YV+g7R-72(ZJ@7U?Y
zp%!!9SbW6J?Q%vPH=Pn**=RbJC`&R<cF5i_J~ZTHZ99`59rfv^GY*Qb<R#(c+-!Q%
zFC2?yY<nmnd`?r&9lEjhu;bcJHk-~85T~}UL;KLQ_%1s>vdbQdB}c`sBq|Y)jgF?{
zBIhD1S&?(x>}YZ<>58E{vPstwLz!$c<qp9(J`uBrlBw8eayP|_{OVYZ#gZv8lyw}@
z-`CZ(wbyQsv`0F;%(Y%-t=I^?4fa)$a_*|gHFVbKA`f8{sYj0fh!R?lk%00c%`X70
z0f$pA#}X6t#@pMQXv7!=NaM?ABwsHkH9sKvkl0T~NHy?L1m*E?c`}J1qE38O>yNKY
z;tp0TzNz*3e!=}}h6XyMlls2Ect+!gO(_<PGk@X+h11wZt>bjkgEue;TJYfd7AK{1
z9$Y^nNc@Zk*Hw}Dj427?sK!^t3DKf)DpNOAiVP1<<1?o=Q{_mX??HsLoAfIL;rbRX
z`A$<3iF@x;rU&O3k*4Lr^&<qqVyg#VC=vDZSr5M0gWu-CY3%1TVyYa~Gt3}p##9X9
z=t!kBVX7?Q+*b(MW74l`?^2bOzjv96A${*Sb<l&aP%87k^AVVjz<dPeBQPHU@gGeW
zzH9A$z0sPg|LGds2KUXlwZ-Gs-X|N6$><cXc^Po=l2`ECw8}(|_z{xLo-86=@-yP;
z7Cw7i^8ZYHE%7swe};IvmCt@p@;@S;ZsD_sCI1-lbnBiyDEWtpr(5>y9?5@)c)G34
zW+eYD;_22sdz<7B5l^@5*{zcQ3h{KSo;4+ZH}UicGutltKOvrO*|Ub^cN0&y>e*(=
zXNjj<^sJElPU4%0pZlO#j1CMny*V>@6Jlm0tf{(7+90v=-K{MhGfhkDTCJzMTjl+_
z@G#oEZ>DMAGl<Pm6I#<0q{1RNwetUnKsVj_?<BHHBJ$ste^QDbhsetJh@&kerf^!1
z(=V~s(}Ikw1NBAJvk!$gS_gU>DP#2Ix3{(xzAZg<x3)`P^loY$Sn?8-tpkJ2q|zz<
zT6q{Q`B&hog#1?UgDqCx!m-sT*xHRL-5Ao%paGNbz@+1y{`{*@Ba?Q}X3#d}@i3JH
z2S7Ttvo_S0;6B8sr5UG-YTH~`j}j<I&r*A){zw#_eP02OGw>RKX#Po3dR}2DsD1@v
zVdd*u3)|tq%D*fFoPWBoTCz`D`D2B*w5J(Z4Mmz(-3f|t(>b;BzbI^Azmu;YrNDL+
z3x@$&Q>b6Ux<Z}UrhVUp2v>vAoj>`9w?wxev!>SPR|}E<QOAsR;F@>PkD`B%xQN0{
zFn;X`grtxsH~BXUe+vAuOUZs}$slZwlAd*7{Yzz|d&%e?$ghF?u?rz*rB|R-NJBik
z6BW)s1-oAZ>X^~Reg8d(wm?+48@Y1(=z8w>RbT$OTM-p&?<;d#2l@}xpO&X?Nm`Qi
zop4)R@$wZy{N^D1-hU-ktNsv?>(00<Fcchx4CmZEr+Bhy)gDw!9Mcr~pOgC6>?Cs8
z2UdR0dg6^6tS8QdteU5+=RR<k!@<|JgT~^?p{7;cWqYdMp7onxE5@%LwDzvgLKCO*
zl)D6>4FfN(xD8MtjygV7-wL4SmSg4i9UCg=X*?o-v%}Ek`sH7k`t<UtZRjNH+ZJKI
zYijca-BZ1|I%mK1U&Z1<YhTe_IcVkIx2A5Oe0||(fN{ERnY{>^W4Nx{rfGBuUffpx
zwDojdD@rQTHQq>>!e5i^)PU?U%jHloUXR|=cC7H5cd1IMe$mhLA6UN&14Z=azWfW(
z!M^<4(Sd0Gy+P~1>g|AU>c8xL8iNaI7+FueA97c9yr|pLpMR@A|3-KI)o5|~FRZ=C
zYOL#iKK@G@pQ$@WZ;9R-wY@Q+c+kjARF3P=R3kaS`7|Ga`3THMU_Ju#5txs_d<5nr
z@c%vnv>rhzo*o<fgmFpkN+Xj@Ad|S#aECdUDPiLZS}15K$4MA&+DNA2Stpir47G$q
zws`w4%V~|th@}#1(piJnrVOmr7-}KQr>EAmq%@OF4`*XzIiDPhMB^F5v-G4&aweR3
zE|pGa>|IVarIx0g+ntn~6Imyo&L(mqH<_dLCL17D!N}ltrwmRcv1p|*#Nms9?;&c$
zZ++_%GFbRI?pbUwC1_%;w?^zk9<RA#S}!`pcfMC7G2t|cFikTVNRQCVAkybo7Nq?1
zD^F^ALet}tPJc`3HQ+SiMXxyhfaWo~a2$M#_M=ev#movpR34q#VH^gIJ2V{>zlR*^
z5%3%IL-yoHz6*h_XjH2Tcc5Jc_}KlbUGWLEEFK?Gt3L4-wOT>;AICw>ZK;Q!`;kFv
zfYUkD`w>)*UbCjr4oaj?lR^yuX^vy^fjQa!2FMqa{g(hDksax={v#3<;_I4D(_%dm
z$>}`A7pi)G<o4?Gv!X$*ZcWBid#GGWW6SVTi8TE=No0LUgUTa19aDIV)>j<bgm$3W
zvQ30dyGrs1+GZe2_H<@GN<ArL!FD68GA;(F%xFTfqGJyZN*lNKiv<n!r8T9R-P=Ut
z7Z%klhK%A)2d6#cR3|#iYncH(<H>(m_Av<S#IH;3X5Cqt35krS41!*kc)ggBwEXj;
z#tUVrlnY@^wo(fDRs@yC10YLFtD~h*$#bw&lvn;JW|XKqEXA+t-J(P(PK0w}`Mm&^
zdFsP4yiwvf**bCjGMc9_(4^&~0Upx>GO_$F4^Oo{?%~N^U5)D6rP4Y*aycYLTxY`d
z4U<^aFOQY>?M^nA#3u!jtTXCnV{s>w#!~zmJ%;8egW<9~W|jt55B8z96$fE2h(-Rm
zlgc@=3K3_-9>TrA5&nTb5*HDCq2R`LfKHAP?eFU9u-7VbHIa7vYTf$Zo%|C_EA_6E
zx`WIGTnD<dAf66=J1A+JrJO&*{f^NjG9PBo{fqT6eEO0DuH383qKq!c&=6h!)K0di
zv5XStB`cOcqZ`WoSSsU(?U}y}nM&m!)aAEpMJk{AE8BDVGzwEu!E^Aa9$(ua^QK_@
z9)z%x{Yh;f)Yr`_xxA=~{VP@MgZ{p!?X`NzZ$SfFONh#F`x$-+nM(1S(FGY=k>W?!
zKihNs{smaDY%=N80qxWcCPJeb+qaOCPBrI;K4~FOviD9Ei(dd;{A#f{2l~)#v6vwG
z%VP0C&}Ttu40|2)dC==$D;8Vf{2@^KMux{py6@CXG}oNJxS{c&#%b&_;SUQgn7D0_
zO=v}SEshD4+f0=VH}{5HKHaqFj>bLWhLxYZ{OZ<=fy(>YcFLgKRYZ}f4H+DZff=Bp
zH{86xcHpTn8bY#ra5O{KPqOZCdu`XkaAS0lXa{=)$MVy~;x{OGUE$_?YJ0*h`$N&N
zvA3=}Y=&O1Sr|6D!!6Npa~BzPL+#&ikUzTSsH`v7_Jv#S4fTYL19d&&wtMPP#{LCX
zxN~pA#;}<RcSghQ(QsQ=*yswkpbR*Y?Vxyd!Vg^!^JzW;ze@!8J2Cz)j4mBYLCOzi
zG=9h=uR0;WTP6O4{%A<OHGp5Q)XrC=G+wOKJb#x)*D@s<Gbp|NK`~9VQI9*^w?C^h
ze1B}$avIAh{iUw3dg?Aep9a5WD%~GUX;vEZ_Go(^cle3zJf$WkbOjkdtTSBi6IzeQ
zU>Y|lVc|!%2U)3#bw|m!YkNHEOP<GGyz?kt%l}jJrFu)R|Mx%qU3swNb-Ew)YI?J#
zLz>>M>3&VWq3O3Z{h_8$Y5Ibur!{>?(*^n?wvTCgsis_?!=}n@+_2#jMjO7|zRc*r
zXP)?|_J2<FrREVn0UmYwo|C_i_rQ3@2noI~`|-L`zxCtwg8Qo<Um&<&`|$=*%N@-l
z2%!sczwyAR%{hYmqaR;b>bHIzSBZ|RA73ntiue-I9*8&Dh4ALg*S+6QlMsd%QTY%G
z<^2O*X$WsfnajNh>n|&fBVK7poLl;?)sHV1mHKH&tPuQNt6v|J0HzmF`H(nI+*c7V
zf4}Xu3hB8LFGj;jrT1AH1S;V)PS#>HJ+22Jem1#M<8vA}z*C~<h)RC804G1C2PjfT
zx)BHA?L5Fq6wB8d=kZ^|VmC51c>4LVsSrIpiv1ElJN|zKoc#0sL|F;(cT)fC^H{C^
zG>+DwKRkE^dnnUN?L95U%g*W#zm<L}^at6Hv+HxN#Lw=Z^xb|9?f5Xu^`P8$F<#VS
zcT?~>x*qz==sfBh58uD~CGPh@+^xWkvth9k{*4O#aCa3yhk!Rj|A^^#)=T=eXJ4oH
zSMl=?Rq(B-kN10FF6C4e{kkgpG~Y$_3|?QCRMFp31y2AsxDp<k1HQEOJaO3cfXMD4
zoMu)Hh1Y5Emw{Jm*ZmS-B5u>?(b4*UQ$_!$TEAKA%XbCXyoI9~*U@oPJJ94pt<U@C
z)@b}!Rs1i;13;yEURwp<Tm>HkPW1`)lS!#x9_Quz4C?g9Rs4JfIK?^W=g)x~x-DMv
zDDaEDfX+W(#s3@RAN8Cul_Ec9iDWA2Vp69(%QK$CWPJx9xfjHiTU^H7%(&~(p(%eG
zJ8R@#6%o(6ITu@9U{l^~W4mK^oVMHKuze(vwueX4J7S}D!cAv$c5HltRz5P=MdKuB
zqfR9a+JBO?W7%wMl9mv%lh}2F2`M`<J~lQ96Ax!oD}1W9-McNismJcw+)cZC{0a$S
zcmKiW=%&66eu>-+1PG5ic8{e!Sl!!%y|I5wSG3>W(%XAe&wxD;?dtC#uX0;VJU1?@
zDmTTLCU1A4O)ej{0m-wXqIL+Gre{OVT46hhm>WYO{(U^<0@nJr6#2Fv`CMJg6;*qk
zX#Y;x3Dr_<3i4w(BPd;M`SFz#*a8(ONpBzu`tonJvJ<(qJ%Xhv+J@D)1%)J%DI5JR
zAvY-njY~nMlkBUDZyQyhCOgK*GWM7=hV4$fY`x0~o~S#QwoCa;I()8!`>=ef*Oqrq
z`77%?r`Vw7v%)F0cjR(9rfM6N+;-*nVcXcJ#{HHyuvOfZ=HH>^_dspbTgH49=+OJV
z{Mw~?-15Bc2+#0h2HMGHL?o4Voyc%%JhEdviLIc?godJBeXHHru#mEmSZ+i_5|b&+
z3oGhom83McO)fNJLx!pD7#ZkXX4DlCd6Ly+d4vW4$kOscD9uRQBMI1+=BK5Fy7q;%
z;5;11#*&z?9!|qAej>5}<qRi6L}>99BTI#0^nVS}^CoWHc!p7l-+!3$d$|@%UCtBz
zI1YM6VS9d0V%kbdp2YWChSnkDwdeOKrUol&8no{Q{tn)axqO~4V9Mq5^H=Hqq5W+J
zrMUvO=l3(FZCXI{4HPG~=lA-Xf#DWavgh|WraT`36`9C~H{A+`-u=0Je&1sn(aK!^
zlAgwQfzn(8<NRL8G^6#X{-ne8*RXuPr<k%mzdthN`3x?f?YaGT!j|m2v_qaBVY){*
znC$WNTq>XKY5j{-sD3i>d#9#6Z^U9M%bW6Gy!M8+V=Cu>Jq7{y;%fnWe!pe<7l8uV
zo?RXa*z<cZQ@nxsQox-!3@O#0<1Y*_lnnVRE?TH4|8o49KZ1<cp5LpP^7AL_2h0Cq
zz@Fc~neu!;+Xu^^fgp^7t^rCs-^cs)gZj)feHJ!&8ZX)NeBeo1NJ3&g#g%!+see-6
z;qv*tpZ_1i90do7`xo2sd3*^nQek_ZA2^{O#M{W&lh~f=X~?|x!qm#`ir%MLCTz#_
zO$fa9{62J_w&!{V?U{cY8S=&TpD~r>NELfSiA%rlB1h$G^%BnZ!FLVPrR1fhzN<v?
zcSbw>v7W!8>zG2y?dI#B=1IBk(op~0)u}SIfey>%vMx<WRkFYPdZiHx7z9}H-$<KC
ALI3~&

diff --git a/execsnoop-kernel/execsnoop_kern.c b/execsnoop-kernel/execsnoop_kern.c
index fce5e08..6dfafa3 100644
--- a/execsnoop-kernel/execsnoop_kern.c
+++ b/execsnoop-kernel/execsnoop_kern.c
@@ -34,7 +34,7 @@ struct bpf_map_def SEC("maps") records = {
     .type = BPF_MAP_TYPE_HASH,
     .key_size = sizeof(pid_t),
     .value_size = sizeof(struct event),
-    .max_entries = 1024,
+    .max_entries = 10240,
 };
 struct bpf_map_def SEC("maps") perf_events = {
     .type = BPF_MAP_TYPE_PERF_EVENT_ARRAY,
diff --git a/execsnoop-kernel/execsnoop_kern.o b/execsnoop-kernel/execsnoop_kern.o
deleted file mode 100644
index 09450b5b300d8e88ad878602ec37db51482c5a91..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2320
zcmbVNy-yTT5TEln4go(vF(<J&V}pe!1`0|-qBaz0V!c_{hn(J*yBj{lL@Z3KjE#Q)
zVrgM_#AfMjNNh}Oh_S#9D=kRQ`Mo!9cUccYoaEii{N8-;?B4U6v$sy<a%3q-zbVly
zO0-=_<Y_HV(<!!m$?|DFQLhHcd$iwy1pEx2s0fXyEkRdDclG`1=#KEO!nZY#-WmJi
z38MW@rxR_6p641^FJ+2r_mHj^`PhXX@+tFK5`K>^vcz>{;%4K(AEBc@SQCx(4Qsx{
zeU({q*G*sE@+FOX3+D|loz)!vSNNdaQi0>FYnX~0bdT$9b8!eAaUUSqbLmuMu*7_2
zV^8;A<oiMRzhICFez3FlZH*GW6&_tM0`Bn~yna*XvHO+hGg3UK1Fg8GALIqqhX*u|
zo@l1)fd%q`N3Ow3VsA9=iTmKTbx**e(A>1Sw=#?H$CEiuofuiRZyu|jOPRSAgke@V
zYkWYr=Vqz5SkSdX&po|Mea{ARgDhk2IF{BBR0vOb(kjgVq~xQ-Pkh-!zv8~F?N2S_
zsg=qB=)1-Xw556S^G)#G1d63R$r8ng5%R>t&CmwxLwfVf1!e;(^BJO(5H(pG>oCMy
zY_^+XjyVChWba=yFr2E#&hU=LlX~p@S`q+b=;yPU(Z@3StCWsvw^KU&&D&_+U1Xa|
z-Rn<MB~;5HwUj^as72KX1FE~NfPCdO{RaU#i^>nG%?4F`RSSLBQ>|vT5nc~g0?)10
z0tk*;u7>=hyhTNFaR58gw-GA;ALlga)T*9p1WK1sQ47wz@75I|U(jeaTh3$UH!2=g
zg3u4$`^;DB;IlI`H=IesCcws>3F-d-*=Kg`wp}~2AbXk6nRO=UIP!N8TTjQ*LBZ~w
zMXM|v<!|@P+Vki004dgztxm35lBg^Y-hcFI{qZdWUE|X&{}w<dyT?XL{H=bKg>L!Z
zNd9p#M1JgRHb1_?NR@pCoAP}f<GVCv=l7m3yZP^kf7V{wibGyL#Q(=3{@HjR#b3<h
zxVr+(#fTAX{}%qhLbv&CNushCVt#o4t-pPKUl_~ghRc);bV?cq!`ICEmte&77r?OD
A0ssI2

diff --git a/execsnoop-kernel/execsnoop_share.cpp b/execsnoop-kernel/execsnoop_share.cpp
index 6db8ed7..6ec15a9 100644
--- a/execsnoop-kernel/execsnoop_share.cpp
+++ b/execsnoop-kernel/execsnoop_share.cpp
@@ -1,9 +1,15 @@
+#include "execsnoop_share.h"
+
 #include <errno.h>
 #include <signal.h>
 #include <bpf/libbpf.h>
 #include <sys/resource.h>
-#include "execsnoop_kern_skel.h"
-#include "execsnoop_share.h"
+
+#if defined(__x86_64__)
+	#include "x86_64/execsnoop_kern_skel.h"
+#elif defined(__aarch64__)
+	#include "aarch64/execsnoop_kern_skel.h"
+#endif
 
 namespace CGPROXY::EXECSNOOP {
 
@@ -73,7 +79,7 @@ main_loop:
 
 	while ((err = perf_buffer__poll(pb, -1)) >= 0) {}
 	perf_buffer__free(pb);
-	/* handle Interrupted system call when sleep*/
+	/* handle Interrupted system call when sleep */
 	if (err == -EINTR) goto main_loop;
 
 	perror("perf_buffer__poll");
diff --git a/execsnoop-kernel/execsnoop_user_1.c b/execsnoop-kernel/execsnoop_user_1.c
index 0b9fd63..c9c0d43 100644
--- a/execsnoop-kernel/execsnoop_user_1.c
+++ b/execsnoop-kernel/execsnoop_user_1.c
@@ -1,9 +1,12 @@
-
 #include <signal.h>
 #include <bpf/libbpf.h>
 #include <sys/resource.h>
-#include "execsnoop_kern_skel.h"
-// #include "bpf_load.h"
+
+#if defined(__x86_64__)
+	#include "x86_64/execsnoop_kern_skel.h"
+#elif defined(__aarch64__)
+	#include "aarch64/execsnoop_kern_skel.h"
+#endif
 
 #define TASK_COMM_LEN 16
 struct event {
diff --git a/execsnoop-kernel/readme.md b/execsnoop-kernel/readme.md
index 4ab8002..2456ade 100644
--- a/execsnoop-kernel/readme.md
+++ b/execsnoop-kernel/readme.md
@@ -6,16 +6,20 @@
 
 ## Build in kernel tree
 
+- download kernel source code
 - ready and config kernel tree
 
 ```bash
 # kernel config
-gunzip -c /proc/config.gz > .config
-make oldconfig && make prepare
+#gunzip -c /proc/config.gz > .config
+#make oldconfig && make prepare
+make defconfig && make prepare
 # install headers to ./usr/include
 make headers_install -j8
-# build bpf
-make M=samples/bpf -j8
+# build samples/bpf
+make samples/bpf -j8
+# build bpftool
+make tools/bpf -j8
 ```
 
 - put or link `execsnoop_kern.c` and `execsnoop_user.c` to *samples/bpf/*
@@ -43,8 +47,6 @@ sudo bash -c "ulimit -l unlimited && ./execsnoop"
 
 ## With bpftool
 
-- move compiled `execsnoop_kern.o` to current `exexcnoop-kernel` directory
-
 - generate `execsnoop_kern_skel.h`
 
 ```
@@ -57,12 +59,6 @@ bpftool gen skeleton execsnoop_kern.o > execsnoop_kern_skel.h
 gcc -Wall -O2 execsnoop_user_1.c -o execsnoop -lbpf
 ```
 
-
-
-
-
-**Followings are just some notes. they are not really related.**
-
 ## Detail build command
 
 using `make V=1 M=samples/bpf | tee -a log.txt` to get and filter following command
@@ -125,6 +121,75 @@ clang -nostdinc \
 	  -lelf -lz
 ```
 
+## ARM64
+
+```bash
+# if cross compile
+export ARCH=arm64
+export CROSS_COMPILE=aarch64-linux-gnu-
+```
+
+The recommend way is to build in [ARM Docker Containers](https://www.stereolabs.com/docs/docker/building-arm-container-on-x86/). see `arm_docker.md`
+
+- make
+
+```bash
+# clean
+make mrproper
+make -C tools clean
+make -C samples/bpf clean
+# make
+make defconfig && make prepare
+make headers_install -j8
+# build samples/bpf
+make samples/bpf -j8
+# build bpftool
+make tools/bpf -j8
+```
+
+- detail build `execsnoop_kern.o`
+
+  note `-g` may not needed
+
+```bash
+clang  -nostdinc \
+	-isystem /usr/lib/gcc/aarch64-linux-gnu/9/include \
+	-I./arch/arm64/include -I./arch/arm64/include/generated  \
+	-I./include -I./arch/arm64/include/uapi \
+	-I./arch/arm64/include/generated/uapi \
+	-I./include/uapi \
+	-I./include/generated/uapi \
+	-include ./include/linux/kconfig.h \
+    -I./samples/bpf \
+    -I./tools/testing/selftests/bpf/ \
+    -I./tools/lib/ \
+    -include asm_goto_workaround.h \
+    -D__KERNEL__ -D__BPF_TRACING__ -Wno-unused-value -Wno-pointer-sign \
+    -D__TARGET_ARCH_arm64 -Wno-compare-distinct-pointer-types \
+    -Wno-gnu-variable-sized-type-not-at-end \
+    -Wno-address-of-packed-member -Wno-tautological-compare \
+    -Wno-unknown-warning-option  \
+    -fno-stack-protector \
+    -O2 -emit-llvm -c samples/bpf/execsnoop_kern.c \
+    -o -| llc -march=bpf  -filetype=obj -o samples/bpf/execsnoop_kern.o
+```
+
+- generate
+
+```
+bpftool gen skeleton execsnoop_kern.o > aarch64/execsnoop_kern_skel.h
+```
+
+
+
+http://www.redfelineninja.org.uk/daniel/2018/02/running-an-iso-installer-image-for-arm64-aarch64-using-qemu-and-kvm/
+
+```
+qemu-system-aarch64 -cpu cortex-a53 -M virt -m 2048 -nographic \
+-drive if=pflash,format=raw,file=QEMU_EFI.img \
+-drive if=virtio,format=raw,file=ubuntu-20.04-live-server-arm64.iso
+```
+
 
 
 ## Some resources
diff --git a/execsnoop-kernel/execsnoop_kern_skel.h b/execsnoop-kernel/x86_64/execsnoop_kern_skel.h
similarity index 97%
rename from execsnoop-kernel/execsnoop_kern_skel.h
rename to execsnoop-kernel/x86_64/execsnoop_kern_skel.h
index ecb38ed..f0ee3cd 100644
--- a/execsnoop-kernel/execsnoop_kern_skel.h
+++ b/execsnoop-kernel/x86_64/execsnoop_kern_skel.h
@@ -150,10 +150,10 @@ execsnoop_kern__create_skeleton(struct execsnoop_kern *obj)
 \xbf\xa2\0\0\0\0\0\0\x07\x02\0\0\xfc\xff\xff\xff\x18\x01\0\0\0\0\0\0\0\0\0\0\0\
 \0\0\0\x85\0\0\0\x01\0\0\0\xbf\x08\0\0\0\0\0\0\x15\x08\x12\0\0\0\0\0\x77\x06\0\
 \0\x20\0\0\0\x61\xa1\xfc\xff\0\0\0\0\x63\x78\x1c\0\0\0\0\0\x63\x68\x14\0\0\0\0\
-\0\x63\x18\x10\0\0\0\0\0\x85\0\0\0\x23\0\0\0\x07\0\0\0\x18\x05\0\0\xbf\xa1\0\0\
+\0\x63\x18\x10\0\0\0\0\0\x85\0\0\0\x23\0\0\0\x07\0\0\0\xa0\x04\0\0\xbf\xa1\0\0\
 \0\0\0\0\x07\x01\0\0\xf0\xff\xff\xff\xb7\x02\0\0\x08\0\0\0\xbf\x03\0\0\0\0\0\0\
 \x85\0\0\0\x04\0\0\0\x07\x08\0\0\x18\0\0\0\x79\xa3\xf0\xff\0\0\0\0\x07\x03\0\0\
-\x0c\x05\0\0\xbf\x81\0\0\0\0\0\0\xb7\x02\0\0\x04\0\0\0\x85\0\0\0\x04\0\0\0\xb7\
+\x94\x04\0\0\xbf\x81\0\0\0\0\0\0\xb7\x02\0\0\x04\0\0\0\x85\0\0\0\x04\0\0\0\xb7\
 \0\0\0\0\0\0\0\x95\0\0\0\0\0\0\0\xbf\x16\0\0\0\0\0\0\x85\0\0\0\x0e\0\0\0\x63\
 \x0a\xfc\xff\0\0\0\0\xbf\xa2\0\0\0\0\0\0\x07\x02\0\0\xfc\xff\xff\xff\x18\x01\0\
 \0\0\0\0\0\0\0\0\0\0\0\0\0\x85\0\0\0\x01\0\0\0\xbf\x07\0\0\0\0\0\0\x15\x07\x13\
@@ -163,7 +163,7 @@ execsnoop_kern__create_skeleton(struct execsnoop_kern *obj)
 \0\xbf\x74\0\0\0\0\0\0\xb7\x05\0\0\x20\0\0\0\x85\0\0\0\x19\0\0\0\xbf\xa2\0\0\0\
 \0\0\0\x07\x02\0\0\xfc\xff\xff\xff\x18\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x85\0\0\
 \0\x03\0\0\0\xb7\0\0\0\0\0\0\0\x95\0\0\0\0\0\0\0\x01\0\0\0\x04\0\0\0\x20\0\0\0\
-\0\x04\0\0\0\0\0\0\x04\0\0\0\x04\0\0\0\x04\0\0\0\x80\0\0\0\0\0\0\0\x47\x50\x4c\
+\0\x28\0\0\0\0\0\0\x04\0\0\0\x04\0\0\0\x04\0\0\0\x80\0\0\0\0\0\0\0\x47\x50\x4c\
 \0\x06\x07\x05\0\x10\0\0\0\0\0\0\0\x01\x7a\x52\0\x08\x7c\x0b\x01\x0c\0\0\0\x18\
 \0\0\0\x18\0\0\0\0\0\0\0\0\0\0\0\x80\x01\0\0\0\0\0\0\0\0\0\0\x1c\0\0\0\x34\0\0\
 \0\0\0\0\0\0\0\0\0\xf8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
diff --git a/pack/CMakeLists.txt b/pack/CMakeLists.txt
index b59297a..fd4a9fb 100644
--- a/pack/CMakeLists.txt
+++ b/pack/CMakeLists.txt
@@ -4,8 +4,12 @@ set(CPACK_PACKAGE_NAME "cgproxy")
 set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "cgproxy will transparent proxy anything running in specific cgroup.It aslo supports global transparent proxy and gateway proxy")
 
 ## deb pack
+execute_process(COMMAND dpkg --print-architecture 
+    OUTPUT_VARIABLE DEBIAN_ARCH 
+    OUTPUT_STRIP_TRAILING_WHITESPACE)
+set(CPACK_DEBIAN_FILE_NAME ${CPACK_PACKAGE_NAME}_${CMAKE_PROJECT_VERSION}_${DEBIAN_ARCH}.deb)
 set(CPACK_DEBIAN_PACKAGE_NAME "cgproxy")
-set(CPACK_DEBIAN_PACKAGE_ARCHITECTURE "amd64")
+# set(CPACK_DEBIAN_PACKAGE_ARCHITECTURE "amd64")
 set(CPACK_DEBIAN_PACKAGE_DEPENDS "systemd")
 set(CPACK_DEBIAN_PACKAGE_SECTION "network")
 set(CPACK_DEBIAN_PACKAGE_PRIORITY "Optional")
@@ -14,7 +18,11 @@ set(CPACK_DEBIAN_PACKAGE_MAINTAINER "springzfx@gmail.com")
 set(CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA "${CMAKE_CURRENT_SOURCE_DIR}/postinst;${CMAKE_CURRENT_SOURCE_DIR}/prerm")
 
 ## rpm pack
-set(CPACK_RPM_PACKAGE_ARCHITECTURE, "x86_64")
+execute_process(COMMAND uname -m 
+        OUTPUT_VARIABLE RPM_ARCH 
+        OUTPUT_STRIP_TRAILING_WHITESPACE)
+set(CPACK_RPM_FILE_NAME ${CPACK_PACKAGE_NAME}_${CMAKE_PROJECT_VERSION}_${RPM_ARCH}.rpm)
+# set(CPACK_RPM_PACKAGE_ARCHITECTURE, "x86_64")
 set(CPACK_RPM_PACKAGE_REQUIRES "systemd")
 set(CPACK_RPM_PACKAGE_GROUP "network")
 set(CPACK_RPM_PACKAGE_URL "https://github.com/springzfx/cgproxy")