2022-01-04 20:09:59 -05:00
|
|
|
#ifndef __SCHED_H
|
|
|
|
|
#define __SCHED_H
|
2021-12-29 14:44:09 -05:00
|
|
|
|
2022-01-06 13:31:52 -05:00
|
|
|
#/*include <stdio.h>
|
2021-12-29 14:44:09 -05:00
|
|
|
#include <linux/types.h>
|
|
|
|
|
#include <unistd.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
|
2022-01-06 13:31:52 -05:00
|
|
|
#include <linux/bpf.h>*/
|
|
|
|
|
#include "newnewvmlinux.h"
|
|
|
|
|
|
2021-12-29 14:44:09 -05:00
|
|
|
#include <bpf/bpf_helpers.h>
|
|
|
|
|
#include <bpf/bpf_tracing.h>
|
|
|
|
|
#include <bpf/bpf_core_read.h>
|
|
|
|
|
|
2021-12-30 12:48:45 -05:00
|
|
|
#include "../../../common/constants.h"
|
|
|
|
|
#include "../../../common/map_defs.h"
|
|
|
|
|
#include "../data/ring_buffer.h"
|
2021-12-29 14:44:09 -05:00
|
|
|
|
|
|
|
|
//BPF map
|
|
|
|
|
/*struct {
|
|
|
|
|
__uint(type, BPF_MAP_TYPE_HASH);
|
|
|
|
|
__uint(max_entries, 8192);
|
|
|
|
|
__type(key, pid_t);
|
|
|
|
|
__type(value, char[5]);
|
|
|
|
|
} exec_start SEC(".maps");*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief A kthread is started in the kernel (a new program)
|
|
|
|
|
* @ref https://elixir.bootlin.com/linux/latest/source/include/trace/events/sched.h#L397
|
|
|
|
|
*/
|
|
|
|
|
SEC("tp/sched/sched_process_exec")
|
2021-12-30 21:09:26 -05:00
|
|
|
int handle_sched_process_exec(struct trace_event_raw_sched_process_exec *ctx){
|
2021-12-30 12:48:45 -05:00
|
|
|
pid_t pid = bpf_get_current_pid_tgid() >> 32;
|
2021-12-30 21:09:26 -05:00
|
|
|
char message[] = "PROCESS ACTIVATED";
|
2021-12-29 14:44:09 -05:00
|
|
|
|
2021-12-30 12:48:45 -05:00
|
|
|
//Just deactivated for now, but working
|
2022-01-04 20:09:59 -05:00
|
|
|
/*if(ring_buffer_send(&rb_comm, pid, INFO, 0, message, sizeof(message))<0){
|
2021-12-30 12:48:45 -05:00
|
|
|
bpf_printk("ERROR printing in RB_COMM at fs module");
|
2022-01-04 20:09:59 -05:00
|
|
|
}*/
|
2021-12-29 14:44:09 -05:00
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
|
