Deploying to gh-pages from @ eunomia-bpf/bpf-developer-tutorial@52ae3ae26d 🚀

5-uprobe-bashreadline/.gitignore

@@ -0,0 +1,7 @@
+.vscode
+package.json
+ecli
+*.o
+*.skel.json
+*.skel.yaml
+package.yaml

5-uprobe-bashreadline/bashreadline.bpf.c

@@ -0,0 +1,38 @@
+#include <vmlinux.h>
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+
+#define TASK_COMM_LEN 16
+#define MAX_LINE_SIZE 80
+
+/* Format of u[ret]probe section definition supporting auto-attach:
+ * u[ret]probe/binary:function[+offset]
+ *
+ * binary can be an absolute/relative path or a filename; the latter is resolved to a
+ * full binary path via bpf_program__attach_uprobe_opts.
+ *
+ * Specifying uprobe+ ensures we carry out strict matching; either "uprobe" must be
+ * specified (and auto-attach is not possible) or the above format is specified for
+ * auto-attach.
+ */
+SEC("uretprobe//bin/bash:readline")
+int BPF_KRETPROBE(printret, const void *ret)
+{
+	char str[MAX_LINE_SIZE];
+	char comm[TASK_COMM_LEN];
+	u32 pid;
+
+	if (!ret)
+		return 0;
+
+	bpf_get_current_comm(&comm, sizeof(comm));
+
+	pid = bpf_get_current_pid_tgid() >> 32;
+	bpf_probe_read_user_str(str, sizeof(str), ret);
+
+	bpf_printk("PID %d (%s) read: %s ", pid, comm, str);
+
+	return 0;
+};
+
+char LICENSE[] SEC("license") = "GPL";