Commit | Line | Data |
---|---|---|
1da236b6 YS |
1 | /* Copyright (c) 2017 Facebook |
2 | * | |
3 | * This program is free software; you can redistribute it and/or | |
4 | * modify it under the terms of version 2 of the GNU General Public | |
5 | * License as published by the Free Software Foundation. | |
6 | */ | |
7 | #include <uapi/linux/bpf.h> | |
8 | #include "bpf_helpers.h" | |
9 | ||
10 | struct syscalls_enter_open_args { | |
11 | unsigned long long unused; | |
12 | long syscall_nr; | |
13 | long filename_ptr; | |
14 | long flags; | |
15 | long mode; | |
16 | }; | |
17 | ||
18 | struct syscalls_exit_open_args { | |
19 | unsigned long long unused; | |
20 | long syscall_nr; | |
21 | long ret; | |
22 | }; | |
23 | ||
24 | struct bpf_map_def SEC("maps") enter_open_map = { | |
25 | .type = BPF_MAP_TYPE_ARRAY, | |
26 | .key_size = sizeof(u32), | |
27 | .value_size = sizeof(u32), | |
28 | .max_entries = 1, | |
29 | }; | |
30 | ||
31 | struct bpf_map_def SEC("maps") exit_open_map = { | |
32 | .type = BPF_MAP_TYPE_ARRAY, | |
33 | .key_size = sizeof(u32), | |
34 | .value_size = sizeof(u32), | |
35 | .max_entries = 1, | |
36 | }; | |
37 | ||
38 | static __always_inline void count(void *map) | |
39 | { | |
40 | u32 key = 0; | |
41 | u32 *value, init_val = 1; | |
42 | ||
43 | value = bpf_map_lookup_elem(map, &key); | |
44 | if (value) | |
45 | *value += 1; | |
46 | else | |
47 | bpf_map_update_elem(map, &key, &init_val, BPF_NOEXIST); | |
48 | } | |
49 | ||
50 | SEC("tracepoint/syscalls/sys_enter_open") | |
51 | int trace_enter_open(struct syscalls_enter_open_args *ctx) | |
52 | { | |
53 | count((void *)&enter_open_map); | |
54 | return 0; | |
55 | } | |
56 | ||
57 | SEC("tracepoint/syscalls/sys_exit_open") | |
58 | int trace_enter_exit(struct syscalls_exit_open_args *ctx) | |
59 | { | |
60 | count((void *)&exit_open_map); | |
61 | return 0; | |
62 | } |