mirror of
https://github.com/eunomia-bpf/bpf-developer-tutorial.git
synced 2026-02-08 21:03:37 +08:00
40 lines
1011 B
C
40 lines
1011 B
C
// SPDX-License-Identifier: GPL-2.0
|
|
// Copyright (c) 2019 Facebook
|
|
// Copyright (c) 2020 Netflix
|
|
#include <vmlinux.h>
|
|
#include <bpf/bpf_helpers.h>
|
|
#include "opensnoop.h"
|
|
|
|
|
|
/// Process ID to trace
|
|
const volatile int pid_target = 0;
|
|
|
|
SEC("tracepoint/syscalls/sys_enter_open")
|
|
int tracepoint__syscalls__sys_enter_open(struct trace_event_raw_sys_enter* ctx)
|
|
{
|
|
u64 id = bpf_get_current_pid_tgid();
|
|
u32 pid = id;
|
|
|
|
if (pid_target && pid_target != pid)
|
|
return false;
|
|
// Use bpf_printk to print the process information
|
|
bpf_printk("Process ID: %d enter sys open\n", pid);
|
|
return 0;
|
|
}
|
|
|
|
SEC("tracepoint/syscalls/sys_enter_openat")
|
|
int tracepoint__syscalls__sys_enter_openat(struct trace_event_raw_sys_enter* ctx)
|
|
{
|
|
u64 id = bpf_get_current_pid_tgid();
|
|
u32 pid = id;
|
|
|
|
if (pid_target && pid_target != pid)
|
|
return false;
|
|
// Use bpf_printk to print the process information
|
|
bpf_printk("Process ID: %d enter sys openat\n", pid);
|
|
return 0;
|
|
}
|
|
|
|
/// Trace open family syscalls.
|
|
char LICENSE[] SEC("license") = "GPL";
|