[BUILD FAILING] Checkpoint for backup, added new hook for file system, tweaked makefile for real kernel header files inclusion, still not working. Commiting for periodic backup

src/ebpf/include/bpf/bpf_defs.h

@@ -1,9 +1,9 @@
 #ifndef __BPF_DEFS_H
 #define __BPF_DEFS_H
 
-#define PT_REGS_PARM1(x) ((x)->rdi)
+/*#define PT_REGS_PARM1(x) ((x)->rdi)
 #define PT_REGS_PARM2(x) ((x)->rsi)
 #define PT_REGS_PARM3(x) ((x)->rdx)
-#define PT_REGS_PARM4(x) ((x)->rcx)
+#define PT_REGS_PARM4(x) ((x)->rcx)*/
 
 #endif

src/ebpf/include/bpf/fs.h

@@ -1,13 +1,14 @@
 #ifndef __FS_H
 #define __FS_H
 
+//#include "vmlinux.h"
 #include <stdio.h>
 #include <linux/types.h>
 #include <unistd.h>
 #include <string.h>
 #include <linux/ptrace.h>
+#include <linux/stat.h>
 
-#include <linux/bpf.h>
 #include <bpf/bpf_helpers.h>
 #include <bpf/bpf_tracing.h>
 #include <bpf/bpf_core_read.h>
@@ -17,27 +18,14 @@
 #include "../data/ring_buffer.h"
 #include "bpf_defs.h"
 
-static __always_inline int kprobe__sys_read(struct pt_regs *ctx ,int fd ,char * buf){
-    bpf_printk("Read a file");
-    return 0;
-}
+#define FS_MAX_SEGMENT_LENGTH 32
 
-SEC("kprobe/compat_sys_read") 
-int __attribute__((always_inline)) kprobe__64_compat_sys_read(struct pt_regs *ctx) {
-    struct pt_regs *rctx = ctx; if (!rctx) return 0; 
-    int fd = (int) PT_REGS_PARM1(ctx); 
-    char * buf = (char *) PT_REGS_PARM2(ctx); 
-    return kprobe__sys_read(ctx ,fd ,buf); 
-}
 
-SEC("kprobe/sys_read") 
-int kprobe__64_sys_read(struct pt_regs *ctx) { 
-    struct pt_regs *rctx = ctx; 
-    if (!rctx) return 0; 
-    int fd = (int) PT_REGS_PARM1(ctx); 
-    char * buf = (char *) PT_REGS_PARM2(ctx); 
-    return kprobe__sys_read(ctx ,fd ,buf); 
-} 
+SEC("kprobe/vfs_open") 
+int kprobe__64_sys_read(struct pt_regs *ctx){
+    //struct path *path = (struct path *)PT_REGS_PARM1(ctx);
+    return 0;//fa_access_path(path);
+}
 
 
 #endif