github.com/castai/kvisor@v1.7.1-0.20240516114728-b3572a2607b5/pkg/ebpftracer/events.go (about) 1 package ebpftracer 2 3 import ( 4 "github.com/castai/kvisor/pkg/ebpftracer/events" 5 "github.com/cilium/ebpf" 6 ) 7 8 type argMeta struct { 9 Name string `json:"name"` 10 Type string `json:"type"` 11 } 12 13 type definition struct { 14 ID events.ID 15 id32Bit events.ID 16 name string 17 docPath string // Relative to the 'doc/events' directory 18 internal bool 19 syscall bool 20 dependencies dependencies 21 sets []string 22 params []argMeta 23 } 24 25 type EventProbe struct { 26 handle handle 27 required bool // tracee fails if probe can't be attached 28 } 29 30 type dependencies struct { 31 ids []events.ID 32 kSymbols []KSymbol 33 probes []EventProbe 34 skipDefaultTailCalls bool 35 tailCalls []TailCall 36 //capabilities capabilities 37 } 38 39 //type capabilities struct { 40 // base []cap.Value // always effective 41 // ebpf []cap.Value // effective when using eBPF 42 //} 43 44 const ( 45 TailVfsWrite uint32 = iota // Index of a function to be used in a bpf tailcall. 46 TailVfsWritev // Matches defined values in ebpf code for prog_array map. 47 TailSendBin 48 TailSendBinTP 49 TailKernelWrite 50 TailSchedProcessExecEventSubmit 51 TailVfsRead 52 TailVfsReadv 53 TailExecBinprm1 54 TailExecBinprm2 55 TailHiddenKernelModuleProc 56 TailHiddenKernelModuleKset 57 TailHiddenKernelModuleModTree 58 TailHiddenKernelModuleNewModOnly 59 MaxTail 60 ) 61 62 type TailCall struct { 63 ebpfMap *ebpf.Map 64 ebpfProg *ebpf.Program 65 indexes []uint32 66 } 67 68 type KSymbol struct { 69 symbol string 70 required bool // tracee fails if symbol is not found 71 } 72 73 // This function is used to auto generate the event parser classes. DO NOT RENAME IT! 74 // Also, only use simple strings for defining the params, as the generator walks the AST to 75 // extract information. 76 func newEventsDefinitionSet(objs *tracerObjects) map[events.ID]definition { 77 return map[events.ID]definition{ 78 // 79 // Begin of Syscalls 80 // 81 events.Read: { 82 ID: events.Read, 83 id32Bit: events.Sys32read, 84 name: "read", 85 syscall: true, 86 sets: []string{"syscalls", "fs", "fs_read_write"}, 87 params: []argMeta{ 88 {Type: "int", Name: "fd"}, 89 {Type: "void*", Name: "buf"}, 90 {Type: "size_t", Name: "count"}, 91 }, 92 }, 93 events.Write: { 94 ID: events.Write, 95 id32Bit: events.Sys32write, 96 name: "write", 97 syscall: true, 98 sets: []string{"syscalls", "fs", "fs_read_write"}, 99 params: []argMeta{ 100 {Type: "int", Name: "fd"}, 101 {Type: "void*", Name: "buf"}, 102 {Type: "size_t", Name: "count"}, 103 }, 104 }, 105 events.Open: { 106 ID: events.Open, 107 id32Bit: events.Sys32open, 108 name: "open", 109 syscall: true, 110 sets: []string{"syscalls", "fs", "fs_file_ops"}, 111 params: []argMeta{ 112 {Type: "const char*", Name: "pathname"}, 113 {Type: "int", Name: "flags"}, 114 {Type: "mode_t", Name: "mode"}, 115 }, 116 }, 117 events.Close: { 118 ID: events.Close, 119 id32Bit: events.Sys32close, 120 name: "close", 121 syscall: true, 122 sets: []string{"syscalls", "fs", "fs_file_ops"}, 123 params: []argMeta{ 124 {Type: "int", Name: "fd"}, 125 }, 126 }, 127 events.Stat: { 128 ID: events.Stat, 129 id32Bit: events.Sys32stat, 130 name: "stat", 131 syscall: true, 132 sets: []string{"syscalls", "fs", "fs_file_attr"}, 133 params: []argMeta{ 134 {Type: "const char*", Name: "pathname"}, 135 {Type: "struct stat*", Name: "statbuf"}, 136 }, 137 }, 138 events.Fstat: { 139 ID: events.Fstat, 140 id32Bit: events.Sys32fstat, 141 name: "fstat", 142 syscall: true, 143 sets: []string{"syscalls", "fs", "fs_file_attr"}, 144 params: []argMeta{ 145 {Type: "int", Name: "fd"}, 146 {Type: "struct stat*", Name: "statbuf"}, 147 }, 148 }, 149 events.Lstat: { 150 ID: events.Lstat, 151 id32Bit: events.Sys32lstat, 152 name: "lstat", 153 syscall: true, 154 sets: []string{"syscalls", "fs", "fs_file_attr"}, 155 params: []argMeta{ 156 {Type: "const char*", Name: "pathname"}, 157 {Type: "struct stat*", Name: "statbuf"}, 158 }, 159 }, 160 events.Poll: { 161 ID: events.Poll, 162 id32Bit: events.Sys32poll, 163 name: "poll", 164 syscall: true, 165 sets: []string{"syscalls", "fs", "fs_mux_io"}, 166 params: []argMeta{ 167 {Type: "struct pollfd*", Name: "fds"}, 168 {Type: "unsigned int", Name: "nfds"}, 169 {Type: "int", Name: "timeout"}, 170 }, 171 }, 172 events.Lseek: { 173 ID: events.Lseek, 174 id32Bit: events.Sys32lseek, 175 name: "lseek", 176 syscall: true, 177 sets: []string{"syscalls", "fs", "fs_read_write"}, 178 params: []argMeta{ 179 {Type: "int", Name: "fd"}, 180 {Type: "off_t", Name: "offset"}, 181 {Type: "unsigned int", Name: "whence"}, 182 }, 183 }, 184 events.Mmap: { 185 ID: events.Mmap, 186 id32Bit: events.Sys32mmap, 187 name: "mmap", 188 syscall: true, 189 sets: []string{"syscalls", "proc", "proc_mem"}, 190 params: []argMeta{ 191 {Type: "void*", Name: "addr"}, 192 {Type: "size_t", Name: "length"}, 193 {Type: "int", Name: "prot"}, 194 {Type: "int", Name: "flags"}, 195 {Type: "int", Name: "fd"}, 196 {Type: "off_t", Name: "off"}, 197 }, 198 }, 199 events.Mprotect: { 200 ID: events.Mprotect, 201 id32Bit: events.Sys32mprotect, 202 name: "mprotect", 203 syscall: true, 204 sets: []string{"syscalls", "proc", "proc_mem"}, 205 params: []argMeta{ 206 {Type: "void*", Name: "addr"}, 207 {Type: "size_t", Name: "len"}, 208 {Type: "int", Name: "prot"}, 209 }, 210 }, 211 events.Munmap: { 212 ID: events.Munmap, 213 id32Bit: events.Sys32munmap, 214 name: "munmap", 215 syscall: true, 216 sets: []string{"syscalls", "proc", "proc_mem"}, 217 params: []argMeta{ 218 {Type: "void*", Name: "addr"}, 219 {Type: "size_t", Name: "length"}, 220 }, 221 }, 222 events.Brk: { 223 ID: events.Brk, 224 id32Bit: events.Sys32brk, 225 name: "brk", 226 syscall: true, 227 sets: []string{"syscalls", "proc", "proc_mem"}, 228 params: []argMeta{ 229 {Type: "void*", Name: "addr"}, 230 }, 231 }, 232 events.RtSigaction: { 233 ID: events.RtSigaction, 234 id32Bit: events.Sys32rt_sigaction, 235 name: "rt_sigaction", 236 syscall: true, 237 sets: []string{"syscalls", "signals"}, 238 params: []argMeta{ 239 {Type: "int", Name: "signum"}, 240 {Type: "const struct sigaction*", Name: "act"}, 241 {Type: "struct sigaction*", Name: "oldact"}, 242 {Type: "size_t", Name: "sigsetsize"}, 243 }, 244 }, 245 events.RtSigprocmask: { 246 ID: events.RtSigprocmask, 247 id32Bit: events.Sys32rt_sigprocmask, 248 name: "rt_sigprocmask", 249 syscall: true, 250 sets: []string{"syscalls", "signals"}, 251 params: []argMeta{ 252 {Type: "int", Name: "how"}, 253 {Type: "sigset_t*", Name: "set"}, 254 {Type: "sigset_t*", Name: "oldset"}, 255 {Type: "size_t", Name: "sigsetsize"}, 256 }, 257 }, 258 events.RtSigreturn: { 259 ID: events.RtSigreturn, 260 id32Bit: events.Sys32rt_sigreturn, 261 name: "rt_sigreturn", 262 syscall: true, 263 sets: []string{"syscalls", "signals"}, 264 params: []argMeta{}, 265 }, 266 events.Ioctl: { 267 ID: events.Ioctl, 268 id32Bit: events.Sys32ioctl, 269 name: "ioctl", 270 syscall: true, 271 sets: []string{"syscalls", "fs", "fs_fd_ops"}, 272 params: []argMeta{ 273 {Type: "int", Name: "fd"}, 274 {Type: "unsigned long", Name: "request"}, 275 {Type: "unsigned long", Name: "arg"}, 276 }, 277 }, 278 events.Pread64: { 279 ID: events.Pread64, 280 id32Bit: events.Sys32pread64, 281 name: "pread64", 282 syscall: true, 283 sets: []string{"syscalls", "fs", "fs_read_write"}, 284 params: []argMeta{ 285 {Type: "int", Name: "fd"}, 286 {Type: "void*", Name: "buf"}, 287 {Type: "size_t", Name: "count"}, 288 {Type: "off_t", Name: "offset"}, 289 }, 290 }, 291 events.Pwrite64: { 292 ID: events.Pwrite64, 293 id32Bit: events.Sys32pwrite64, 294 name: "pwrite64", 295 syscall: true, 296 sets: []string{"syscalls", "fs", "fs_read_write"}, 297 params: []argMeta{ 298 {Type: "int", Name: "fd"}, 299 {Type: "const void*", Name: "buf"}, 300 {Type: "size_t", Name: "count"}, 301 {Type: "off_t", Name: "offset"}, 302 }, 303 }, 304 events.Readv: { 305 ID: events.Readv, 306 id32Bit: events.Sys32readv, 307 name: "readv", 308 syscall: true, 309 sets: []string{"syscalls", "fs", "fs_read_write"}, 310 params: []argMeta{ 311 {Type: "int", Name: "fd"}, 312 {Type: "const struct iovec*", Name: "iov"}, 313 {Type: "int", Name: "iovcnt"}, 314 }, 315 }, 316 events.Writev: { 317 ID: events.Writev, 318 id32Bit: events.Sys32writev, 319 name: "writev", 320 syscall: true, 321 sets: []string{"syscalls", "fs", "fs_read_write"}, 322 params: []argMeta{ 323 {Type: "int", Name: "fd"}, 324 {Type: "const struct iovec*", Name: "iov"}, 325 {Type: "int", Name: "iovcnt"}, 326 }, 327 }, 328 events.Access: { 329 ID: events.Access, 330 id32Bit: events.Sys32access, 331 name: "access", 332 syscall: true, 333 sets: []string{"syscalls", "fs", "fs_file_attr"}, 334 params: []argMeta{ 335 {Type: "const char*", Name: "pathname"}, 336 {Type: "int", Name: "mode"}, 337 }, 338 }, 339 events.Pipe: { 340 ID: events.Pipe, 341 id32Bit: events.Sys32pipe, 342 name: "pipe", 343 syscall: true, 344 sets: []string{"syscalls", "ipc", "ipc_pipe"}, 345 params: []argMeta{ 346 {Type: "int[2]", Name: "pipefd"}, 347 }, 348 }, 349 events.Select: { 350 ID: events.Select, 351 id32Bit: events.Sys32_newselect, 352 name: "select", 353 syscall: true, 354 sets: []string{"syscalls", "fs", "fs_mux_io"}, 355 params: []argMeta{ 356 {Type: "int", Name: "nfds"}, 357 {Type: "fd_set*", Name: "readfds"}, 358 {Type: "fd_set*", Name: "writefds"}, 359 {Type: "fd_set*", Name: "exceptfds"}, 360 {Type: "struct timeval*", Name: "timeout"}, 361 }, 362 }, 363 events.SchedYield: { 364 ID: events.SchedYield, 365 id32Bit: events.Sys32sched_yield, 366 name: "sched_yield", 367 syscall: true, 368 sets: []string{"syscalls", "proc", "proc_sched"}, 369 params: []argMeta{}, 370 }, 371 events.Mremap: { 372 ID: events.Mremap, 373 id32Bit: events.Sys32mremap, 374 name: "mremap", 375 syscall: true, 376 sets: []string{"syscalls", "proc", "proc_mem"}, 377 params: []argMeta{ 378 {Type: "void*", Name: "old_address"}, 379 {Type: "size_t", Name: "old_size"}, 380 {Type: "size_t", Name: "new_size"}, 381 {Type: "int", Name: "flags"}, 382 {Type: "void*", Name: "new_address"}, 383 }, 384 }, 385 events.Msync: { 386 ID: events.Msync, 387 id32Bit: events.Sys32msync, 388 name: "msync", 389 syscall: true, 390 sets: []string{"syscalls", "fs", "fs_sync"}, 391 params: []argMeta{ 392 {Type: "void*", Name: "addr"}, 393 {Type: "size_t", Name: "length"}, 394 {Type: "int", Name: "flags"}, 395 }, 396 }, 397 events.Mincore: { 398 ID: events.Mincore, 399 id32Bit: events.Sys32mincore, 400 name: "mincore", 401 syscall: true, 402 sets: []string{"syscalls", "proc", "proc_mem"}, 403 params: []argMeta{ 404 {Type: "void*", Name: "addr"}, 405 {Type: "size_t", Name: "length"}, 406 {Type: "unsigned char*", Name: "vec"}, 407 }, 408 }, 409 events.Madvise: { 410 ID: events.Madvise, 411 id32Bit: events.Sys32madvise, 412 name: "madvise", 413 syscall: true, 414 sets: []string{"syscalls", "proc", "proc_mem"}, 415 params: []argMeta{ 416 {Type: "void*", Name: "addr"}, 417 {Type: "size_t", Name: "length"}, 418 {Type: "int", Name: "advice"}, 419 }, 420 }, 421 events.Shmget: { 422 ID: events.Shmget, 423 id32Bit: events.Sys32shmget, 424 name: "shmget", 425 syscall: true, 426 sets: []string{"syscalls", "ipc", "ipc_shm"}, 427 params: []argMeta{ 428 {Type: "key_t", Name: "key"}, 429 {Type: "size_t", Name: "size"}, 430 {Type: "int", Name: "shmflg"}, 431 }, 432 }, 433 events.Shmat: { 434 ID: events.Shmat, 435 id32Bit: events.Sys32shmat, 436 name: "shmat", 437 syscall: true, 438 sets: []string{"syscalls", "ipc", "ipc_shm"}, 439 params: []argMeta{ 440 {Type: "int", Name: "shmid"}, 441 {Type: "const void*", Name: "shmaddr"}, 442 {Type: "int", Name: "shmflg"}, 443 }, 444 }, 445 events.Shmctl: { 446 ID: events.Shmctl, 447 id32Bit: events.Sys32shmctl, 448 name: "shmctl", 449 syscall: true, 450 sets: []string{"syscalls", "ipc", "ipc_shm"}, 451 params: []argMeta{ 452 {Type: "int", Name: "shmid"}, 453 {Type: "int", Name: "cmd"}, 454 {Type: "struct shmid_ds*", Name: "buf"}, 455 }, 456 }, 457 events.Dup: { 458 ID: events.Dup, 459 id32Bit: events.Sys32dup, 460 name: "dup", 461 syscall: true, 462 sets: []string{"syscalls", "fs", "fs_fd_ops"}, 463 params: []argMeta{ 464 {Type: "int", Name: "oldfd"}, 465 }, 466 }, 467 events.Dup2: { 468 ID: events.Dup2, 469 id32Bit: events.Sys32dup2, 470 name: "dup2", 471 syscall: true, 472 sets: []string{"syscalls", "fs", "fs_fd_ops"}, 473 params: []argMeta{ 474 {Type: "int", Name: "oldfd"}, 475 {Type: "int", Name: "newfd"}, 476 }, 477 }, 478 events.Pause: { 479 ID: events.Pause, 480 id32Bit: events.Sys32pause, 481 name: "pause", 482 syscall: true, 483 sets: []string{"syscalls", "signals"}, 484 params: []argMeta{}, 485 }, 486 events.Nanosleep: { 487 ID: events.Nanosleep, 488 id32Bit: events.Sys32nanosleep, 489 name: "nanosleep", 490 syscall: true, 491 sets: []string{"syscalls", "time", "time_timer"}, 492 params: []argMeta{ 493 {Type: "const struct timespec*", Name: "req"}, 494 {Type: "struct timespec*", Name: "rem"}, 495 }, 496 }, 497 events.Getitimer: { 498 ID: events.Getitimer, 499 id32Bit: events.Sys32getitimer, 500 name: "getitimer", 501 syscall: true, 502 sets: []string{"syscalls", "time", "time_timer"}, 503 params: []argMeta{ 504 {Type: "int", Name: "which"}, 505 {Type: "struct itimerval*", Name: "curr_value"}, 506 }, 507 }, 508 events.Alarm: { 509 ID: events.Alarm, 510 id32Bit: events.Sys32alarm, 511 name: "alarm", 512 syscall: true, 513 sets: []string{"syscalls", "time", "time_timer"}, 514 params: []argMeta{ 515 {Type: "unsigned int", Name: "seconds"}, 516 }, 517 }, 518 events.Setitimer: { 519 ID: events.Setitimer, 520 id32Bit: events.Sys32setitimer, 521 name: "setitimer", 522 syscall: true, 523 sets: []string{"syscalls", "time", "time_timer"}, 524 params: []argMeta{ 525 {Type: "int", Name: "which"}, 526 {Type: "struct itimerval*", Name: "new_value"}, 527 {Type: "struct itimerval*", Name: "old_value"}, 528 }, 529 }, 530 events.Getpid: { 531 ID: events.Getpid, 532 id32Bit: events.Sys32getpid, 533 name: "getpid", 534 syscall: true, 535 sets: []string{"syscalls", "proc", "proc_ids"}, 536 params: []argMeta{}, 537 }, 538 events.Sendfile: { 539 ID: events.Sendfile, 540 id32Bit: events.Sys32sendfile64, 541 name: "sendfile", 542 syscall: true, 543 sets: []string{"syscalls", "fs", "fs_read_write"}, 544 params: []argMeta{ 545 {Type: "int", Name: "out_fd"}, 546 {Type: "int", Name: "in_fd"}, 547 {Type: "off_t*", Name: "offset"}, 548 {Type: "size_t", Name: "count"}, 549 }, 550 }, 551 events.Socket: { 552 ID: events.Socket, 553 id32Bit: events.Sys32socket, 554 name: "socket", 555 syscall: true, 556 sets: []string{"syscalls", "net", "net_sock"}, 557 params: []argMeta{ 558 {Type: "int", Name: "domain"}, 559 {Type: "int", Name: "type"}, 560 {Type: "int", Name: "protocol"}, 561 }, 562 }, 563 events.Connect: { 564 ID: events.Connect, 565 id32Bit: events.Sys32connect, 566 name: "connect", 567 syscall: true, 568 sets: []string{"syscalls", "net", "net_sock"}, 569 params: []argMeta{ 570 {Type: "int", Name: "sockfd"}, 571 {Type: "struct sockaddr*", Name: "addr"}, 572 {Type: "int", Name: "addrlen"}, 573 }, 574 }, 575 events.Accept: { 576 ID: events.Accept, 577 id32Bit: events.Sys32Undefined, 578 name: "accept", 579 syscall: true, 580 sets: []string{"syscalls", "net", "net_sock"}, 581 params: []argMeta{ 582 {Type: "int", Name: "sockfd"}, 583 {Type: "struct sockaddr*", Name: "addr"}, 584 {Type: "int*", Name: "addrlen"}, 585 }, 586 }, 587 events.Sendto: { 588 ID: events.Sendto, 589 id32Bit: events.Sys32sendto, 590 name: "sendto", 591 syscall: true, 592 sets: []string{"syscalls", "net", "net_snd_rcv"}, 593 params: []argMeta{ 594 {Type: "int", Name: "sockfd"}, 595 {Type: "void*", Name: "buf"}, 596 {Type: "size_t", Name: "len"}, 597 {Type: "int", Name: "flags"}, 598 {Type: "struct sockaddr*", Name: "dest_addr"}, 599 {Type: "int", Name: "addrlen"}, 600 }, 601 }, 602 events.Recvfrom: { 603 ID: events.Recvfrom, 604 id32Bit: events.Sys32recvfrom, 605 name: "recvfrom", 606 syscall: true, 607 sets: []string{"syscalls", "net", "net_snd_rcv"}, 608 params: []argMeta{ 609 {Type: "int", Name: "sockfd"}, 610 {Type: "void*", Name: "buf"}, 611 {Type: "size_t", Name: "len"}, 612 {Type: "int", Name: "flags"}, 613 {Type: "struct sockaddr*", Name: "src_addr"}, 614 {Type: "int*", Name: "addrlen"}, 615 }, 616 }, 617 events.Sendmsg: { 618 ID: events.Sendmsg, 619 id32Bit: events.Sys32sendmsg, 620 name: "sendmsg", 621 syscall: true, 622 sets: []string{"syscalls", "net", "net_snd_rcv"}, 623 params: []argMeta{ 624 {Type: "int", Name: "sockfd"}, 625 {Type: "struct msghdr*", Name: "msg"}, 626 {Type: "int", Name: "flags"}, 627 }, 628 }, 629 events.Recvmsg: { 630 ID: events.Recvmsg, 631 id32Bit: events.Sys32recvmsg, 632 name: "recvmsg", 633 syscall: true, 634 sets: []string{"syscalls", "net", "net_snd_rcv"}, 635 params: []argMeta{ 636 {Type: "int", Name: "sockfd"}, 637 {Type: "struct msghdr*", Name: "msg"}, 638 {Type: "int", Name: "flags"}, 639 }, 640 }, 641 events.Shutdown: { 642 ID: events.Shutdown, 643 id32Bit: events.Sys32shutdown, 644 name: "shutdown", 645 syscall: true, 646 sets: []string{"syscalls", "net", "net_sock"}, 647 params: []argMeta{ 648 {Type: "int", Name: "sockfd"}, 649 {Type: "int", Name: "how"}, 650 }, 651 }, 652 events.Bind: { 653 ID: events.Bind, 654 id32Bit: events.Sys32bind, 655 name: "bind", 656 syscall: true, 657 sets: []string{"syscalls", "net", "net_sock"}, 658 params: []argMeta{ 659 {Type: "int", Name: "sockfd"}, 660 {Type: "struct sockaddr*", Name: "addr"}, 661 {Type: "int", Name: "addrlen"}, 662 }, 663 }, 664 events.Listen: { 665 ID: events.Listen, 666 id32Bit: events.Sys32listen, 667 name: "listen", 668 syscall: true, 669 sets: []string{"syscalls", "net", "net_sock"}, 670 params: []argMeta{ 671 {Type: "int", Name: "sockfd"}, 672 {Type: "int", Name: "backlog"}, 673 }, 674 }, 675 events.Getsockname: { 676 ID: events.Getsockname, 677 id32Bit: events.Sys32getsockname, 678 name: "getsockname", 679 syscall: true, 680 sets: []string{"syscalls", "net", "net_sock"}, 681 params: []argMeta{ 682 {Type: "int", Name: "sockfd"}, 683 {Type: "struct sockaddr*", Name: "addr"}, 684 {Type: "int*", Name: "addrlen"}, 685 }, 686 }, 687 events.Getpeername: { 688 ID: events.Getpeername, 689 id32Bit: events.Sys32getpeername, 690 name: "getpeername", 691 syscall: true, 692 sets: []string{"syscalls", "net", "net_sock"}, 693 params: []argMeta{ 694 {Type: "int", Name: "sockfd"}, 695 {Type: "struct sockaddr*", Name: "addr"}, 696 {Type: "int*", Name: "addrlen"}, 697 }, 698 }, 699 events.Socketpair: { 700 ID: events.Socketpair, 701 id32Bit: events.Sys32socketpair, 702 name: "socketpair", 703 syscall: true, 704 sets: []string{"syscalls", "net", "net_sock"}, 705 params: []argMeta{ 706 {Type: "int", Name: "domain"}, 707 {Type: "int", Name: "type"}, 708 {Type: "int", Name: "protocol"}, 709 {Type: "int[2]", Name: "sv"}, 710 }, 711 }, 712 events.Setsockopt: { 713 ID: events.Setsockopt, 714 id32Bit: events.Sys32setsockopt, 715 name: "setsockopt", 716 syscall: true, 717 sets: []string{"syscalls", "net", "net_sock"}, 718 params: []argMeta{ 719 {Type: "int", Name: "sockfd"}, 720 {Type: "int", Name: "level"}, 721 {Type: "int", Name: "optname"}, 722 {Type: "const void*", Name: "optval"}, 723 {Type: "int", Name: "optlen"}, 724 }, 725 }, 726 events.Getsockopt: { 727 ID: events.Getsockopt, 728 id32Bit: events.Sys32getsockopt, 729 name: "getsockopt", 730 syscall: true, 731 sets: []string{"syscalls", "net", "net_sock"}, 732 params: []argMeta{ 733 {Type: "int", Name: "sockfd"}, 734 {Type: "int", Name: "level"}, 735 {Type: "int", Name: "optname"}, 736 {Type: "void*", Name: "optval"}, 737 {Type: "int*", Name: "optlen"}, 738 }, 739 }, 740 events.Clone: { 741 ID: events.Clone, 742 id32Bit: events.Sys32clone, 743 name: "clone", 744 syscall: true, 745 sets: []string{"syscalls", "proc", "proc_life"}, 746 params: []argMeta{ 747 {Type: "unsigned long", Name: "flags"}, 748 {Type: "void*", Name: "stack"}, 749 {Type: "int*", Name: "parent_tid"}, 750 {Type: "int*", Name: "child_tid"}, 751 {Type: "unsigned long", Name: "tls"}, 752 }, 753 }, 754 events.Fork: { 755 ID: events.Fork, 756 id32Bit: events.Sys32fork, 757 name: "fork", 758 syscall: true, 759 sets: []string{"syscalls", "proc", "proc_life"}, 760 params: []argMeta{}, 761 }, 762 events.Vfork: { 763 ID: events.Vfork, 764 id32Bit: events.Sys32vfork, 765 name: "vfork", 766 syscall: true, 767 sets: []string{"syscalls", "proc", "proc_life"}, 768 params: []argMeta{}, 769 }, 770 events.Execve: { 771 ID: events.Execve, 772 id32Bit: events.Sys32execve, 773 name: "execve", 774 syscall: true, 775 sets: []string{"syscalls", "proc", "proc_life"}, 776 params: []argMeta{ 777 {Type: "const char*", Name: "pathname"}, 778 {Type: "const char*const*", Name: "argv"}, 779 {Type: "const char*const*", Name: "envp"}, 780 }, 781 dependencies: dependencies{ 782 tailCalls: []TailCall{ 783 {objs.SysEnterInitTail, objs.SysEnterInit, []uint32{uint32(events.Execve)}}, 784 {objs.SysEnterSubmitTail, objs.SysEnterSubmit, []uint32{uint32(events.Execve)}}, 785 {objs.SysEnterTails, objs.SyscallExecve, []uint32{uint32(events.Execve)}}, 786 {objs.SysExitInitTail, objs.SysExitInit, []uint32{uint32(events.Execve)}}, 787 {objs.SysExitSubmitTail, objs.SysExitSubmit, []uint32{uint32(events.Execve)}}, 788 }, 789 }, 790 }, 791 events.Exit: { 792 ID: events.Exit, 793 id32Bit: events.Sys32exit, 794 name: "exit", 795 syscall: true, 796 sets: []string{"syscalls", "proc", "proc_life"}, 797 params: []argMeta{ 798 {Type: "int", Name: "status"}, 799 }, 800 }, 801 events.Wait4: { 802 ID: events.Wait4, 803 id32Bit: events.Sys32wait4, 804 name: "wait4", 805 syscall: true, 806 sets: []string{"syscalls", "proc", "proc_life"}, 807 params: []argMeta{ 808 {Type: "pid_t", Name: "pid"}, 809 {Type: "int*", Name: "wstatus"}, 810 {Type: "int", Name: "options"}, 811 {Type: "struct rusage*", Name: "rusage"}, 812 }, 813 }, 814 events.Kill: { 815 ID: events.Kill, 816 id32Bit: events.Sys32kill, 817 name: "kill", 818 syscall: true, 819 sets: []string{"syscalls", "signals"}, 820 params: []argMeta{ 821 {Type: "pid_t", Name: "pid"}, 822 {Type: "int", Name: "sig"}, 823 }, 824 }, 825 events.Uname: { 826 ID: events.Uname, 827 id32Bit: events.Sys32uname, 828 name: "uname", 829 syscall: true, 830 sets: []string{"syscalls", "system"}, 831 params: []argMeta{ 832 {Type: "struct utsname*", Name: "buf"}, 833 }, 834 }, 835 events.Semget: { 836 ID: events.Semget, 837 id32Bit: events.Sys32semget, 838 name: "semget", 839 syscall: true, 840 sets: []string{"syscalls", "ipc", "ipc_sem"}, 841 params: []argMeta{ 842 {Type: "key_t", Name: "key"}, 843 {Type: "int", Name: "nsems"}, 844 {Type: "int", Name: "semflg"}, 845 }, 846 }, 847 events.Semop: { 848 ID: events.Semop, 849 id32Bit: events.Sys32Undefined, 850 name: "semop", 851 syscall: true, 852 sets: []string{"syscalls", "ipc", "ipc_sem"}, 853 params: []argMeta{ 854 {Type: "int", Name: "semid"}, 855 {Type: "struct sembuf*", Name: "sops"}, 856 {Type: "size_t", Name: "nsops"}, 857 }, 858 }, 859 events.Semctl: { 860 ID: events.Semctl, 861 id32Bit: events.Sys32semctl, 862 name: "semctl", 863 syscall: true, 864 sets: []string{"syscalls", "ipc", "ipc_sem"}, 865 params: []argMeta{ 866 {Type: "int", Name: "semid"}, 867 {Type: "int", Name: "semnum"}, 868 {Type: "int", Name: "cmd"}, 869 {Type: "unsigned long", Name: "arg"}, 870 }, 871 }, 872 events.Shmdt: { 873 ID: events.Shmdt, 874 id32Bit: events.Sys32shmdt, 875 name: "shmdt", 876 syscall: true, 877 sets: []string{"syscalls", "ipc", "ipc_shm"}, 878 params: []argMeta{ 879 {Type: "const void*", Name: "shmaddr"}, 880 }, 881 }, 882 events.Msgget: { 883 ID: events.Msgget, 884 id32Bit: events.Sys32msgget, 885 name: "msgget", 886 syscall: true, 887 sets: []string{"syscalls", "ipc", "ipc_msgq"}, 888 params: []argMeta{ 889 {Type: "key_t", Name: "key"}, 890 {Type: "int", Name: "msgflg"}, 891 }, 892 }, 893 events.Msgsnd: { 894 ID: events.Msgsnd, 895 id32Bit: events.Sys32msgsnd, 896 name: "msgsnd", 897 syscall: true, 898 sets: []string{"syscalls", "ipc", "ipc_msgq"}, 899 params: []argMeta{ 900 {Type: "int", Name: "msqid"}, 901 {Type: "struct msgbuf*", Name: "msgp"}, 902 {Type: "size_t", Name: "msgsz"}, 903 {Type: "int", Name: "msgflg"}, 904 }, 905 }, 906 events.Msgrcv: { 907 ID: events.Msgrcv, 908 id32Bit: events.Sys32msgrcv, 909 name: "msgrcv", 910 syscall: true, 911 sets: []string{"syscalls", "ipc", "ipc_msgq"}, 912 params: []argMeta{ 913 {Type: "int", Name: "msqid"}, 914 {Type: "struct msgbuf*", Name: "msgp"}, 915 {Type: "size_t", Name: "msgsz"}, 916 {Type: "long", Name: "msgtyp"}, 917 {Type: "int", Name: "msgflg"}, 918 }, 919 }, 920 events.Msgctl: { 921 ID: events.Msgctl, 922 id32Bit: events.Sys32msgctl, 923 name: "msgctl", 924 syscall: true, 925 sets: []string{"syscalls", "ipc", "ipc_msgq"}, 926 params: []argMeta{ 927 {Type: "int", Name: "msqid"}, 928 {Type: "int", Name: "cmd"}, 929 {Type: "struct msqid_ds*", Name: "buf"}, 930 }, 931 }, 932 events.Fcntl: { 933 ID: events.Fcntl, 934 id32Bit: events.Sys32fcntl, 935 name: "fcntl", 936 syscall: true, 937 sets: []string{"syscalls", "fs", "fs_fd_ops"}, 938 params: []argMeta{ 939 {Type: "int", Name: "fd"}, 940 {Type: "int", Name: "cmd"}, 941 {Type: "unsigned long", Name: "arg"}, 942 }, 943 }, 944 events.Flock: { 945 ID: events.Flock, 946 id32Bit: events.Sys32flock, 947 name: "flock", 948 syscall: true, 949 sets: []string{"syscalls", "fs", "fs_fd_ops"}, 950 params: []argMeta{ 951 {Type: "int", Name: "fd"}, 952 {Type: "int", Name: "operation"}, 953 }, 954 }, 955 events.Fsync: { 956 ID: events.Fsync, 957 id32Bit: events.Sys32fsync, 958 name: "fsync", 959 syscall: true, 960 sets: []string{"syscalls", "fs", "fs_sync"}, 961 params: []argMeta{ 962 {Type: "int", Name: "fd"}, 963 }, 964 }, 965 events.Fdatasync: { 966 ID: events.Fdatasync, 967 id32Bit: events.Sys32fdatasync, 968 name: "fdatasync", 969 syscall: true, 970 sets: []string{"syscalls", "fs", "fs_sync"}, 971 params: []argMeta{ 972 {Type: "int", Name: "fd"}, 973 }, 974 }, 975 events.Truncate: { 976 ID: events.Truncate, 977 id32Bit: events.Sys32truncate, 978 name: "truncate", 979 syscall: true, 980 sets: []string{"syscalls", "fs", "fs_file_ops"}, 981 params: []argMeta{ 982 {Type: "const char*", Name: "path"}, 983 {Type: "off_t", Name: "length"}, 984 }, 985 }, 986 events.Ftruncate: { 987 ID: events.Ftruncate, 988 id32Bit: events.Sys32ftruncate, 989 name: "ftruncate", 990 syscall: true, 991 sets: []string{"syscalls", "fs", "fs_file_ops"}, 992 params: []argMeta{ 993 {Type: "int", Name: "fd"}, 994 {Type: "off_t", Name: "length"}, 995 }, 996 }, 997 events.Getdents: { 998 ID: events.Getdents, 999 id32Bit: events.Sys32getdents, 1000 name: "getdents", 1001 syscall: true, 1002 sets: []string{"syscalls", "fs", "fs_dir_ops"}, 1003 params: []argMeta{ 1004 {Type: "int", Name: "fd"}, 1005 {Type: "struct linux_dirent*", Name: "dirp"}, 1006 {Type: "unsigned int", Name: "count"}, 1007 }, 1008 }, 1009 events.Getcwd: { 1010 ID: events.Getcwd, 1011 id32Bit: events.Sys32getcwd, 1012 name: "getcwd", 1013 syscall: true, 1014 sets: []string{"syscalls", "fs", "fs_dir_ops"}, 1015 params: []argMeta{ 1016 {Type: "char*", Name: "buf"}, 1017 {Type: "size_t", Name: "size"}, 1018 }, 1019 }, 1020 events.Chdir: { 1021 ID: events.Chdir, 1022 id32Bit: events.Sys32chdir, 1023 name: "chdir", 1024 syscall: true, 1025 sets: []string{"syscalls", "fs", "fs_dir_ops"}, 1026 params: []argMeta{ 1027 {Type: "const char*", Name: "path"}, 1028 }, 1029 }, 1030 events.Fchdir: { 1031 ID: events.Fchdir, 1032 id32Bit: events.Sys32fchdir, 1033 name: "fchdir", 1034 syscall: true, 1035 sets: []string{"syscalls", "fs", "fs_dir_ops"}, 1036 params: []argMeta{ 1037 {Type: "int", Name: "fd"}, 1038 }, 1039 }, 1040 events.Rename: { 1041 ID: events.Rename, 1042 id32Bit: events.Sys32rename, 1043 name: "rename", 1044 syscall: true, 1045 sets: []string{"syscalls", "fs", "fs_file_ops"}, 1046 params: []argMeta{ 1047 {Type: "const char*", Name: "oldpath"}, 1048 {Type: "const char*", Name: "newpath"}, 1049 }, 1050 }, 1051 events.Mkdir: { 1052 ID: events.Mkdir, 1053 id32Bit: events.Sys32mkdir, 1054 name: "mkdir", 1055 syscall: true, 1056 sets: []string{"syscalls", "fs", "fs_dir_ops"}, 1057 params: []argMeta{ 1058 {Type: "const char*", Name: "pathname"}, 1059 {Type: "mode_t", Name: "mode"}, 1060 }, 1061 }, 1062 events.Rmdir: { 1063 ID: events.Rmdir, 1064 id32Bit: events.Sys32rmdir, 1065 name: "rmdir", 1066 syscall: true, 1067 sets: []string{"syscalls", "fs", "fs_dir_ops"}, 1068 params: []argMeta{ 1069 {Type: "const char*", Name: "pathname"}, 1070 }, 1071 }, 1072 events.Creat: { 1073 ID: events.Creat, 1074 id32Bit: events.Sys32creat, 1075 name: "creat", 1076 syscall: true, 1077 sets: []string{"default", "syscalls", "fs", "fs_file_ops"}, 1078 params: []argMeta{ 1079 {Type: "const char*", Name: "pathname"}, 1080 {Type: "mode_t", Name: "mode"}, 1081 }, 1082 }, 1083 events.Link: { 1084 ID: events.Link, 1085 id32Bit: events.Sys32link, 1086 name: "link", 1087 syscall: true, 1088 sets: []string{"syscalls", "fs", "fs_link_ops"}, 1089 params: []argMeta{ 1090 {Type: "const char*", Name: "oldpath"}, 1091 {Type: "const char*", Name: "newpath"}, 1092 }, 1093 }, 1094 events.Unlink: { 1095 ID: events.Unlink, 1096 id32Bit: events.Sys32unlink, 1097 name: "unlink", 1098 syscall: true, 1099 sets: []string{"syscalls", "fs", "fs_link_ops"}, 1100 params: []argMeta{ 1101 {Type: "const char*", Name: "pathname"}, 1102 }, 1103 }, 1104 events.Symlink: { 1105 ID: events.Symlink, 1106 id32Bit: events.Sys32symlink, 1107 name: "symlink", 1108 syscall: true, 1109 sets: []string{"syscalls", "fs", "fs_link_ops"}, 1110 params: []argMeta{ 1111 {Type: "const char*", Name: "target"}, 1112 {Type: "const char*", Name: "linkpath"}, 1113 }, 1114 }, 1115 events.Readlink: { 1116 ID: events.Readlink, 1117 id32Bit: events.Sys32readlink, 1118 name: "readlink", 1119 syscall: true, 1120 sets: []string{"syscalls", "fs", "fs_link_ops"}, 1121 params: []argMeta{ 1122 {Type: "const char*", Name: "pathname"}, 1123 {Type: "char*", Name: "buf"}, 1124 {Type: "size_t", Name: "bufsiz"}, 1125 }, 1126 }, 1127 events.Chmod: { 1128 ID: events.Chmod, 1129 id32Bit: events.Sys32chmod, 1130 name: "chmod", 1131 syscall: true, 1132 sets: []string{"default", "syscalls", "fs", "fs_file_attr"}, 1133 params: []argMeta{ 1134 {Type: "const char*", Name: "pathname"}, 1135 {Type: "mode_t", Name: "mode"}, 1136 }, 1137 }, 1138 events.Fchmod: { 1139 ID: events.Fchmod, 1140 id32Bit: events.Sys32fchmod, 1141 name: "fchmod", 1142 syscall: true, 1143 sets: []string{"default", "syscalls", "fs", "fs_file_attr"}, 1144 params: []argMeta{ 1145 {Type: "int", Name: "fd"}, 1146 {Type: "mode_t", Name: "mode"}, 1147 }, 1148 }, 1149 events.Chown: { 1150 ID: events.Chown, 1151 id32Bit: events.Sys32chown32, 1152 name: "chown", 1153 syscall: true, 1154 sets: []string{"default", "syscalls", "fs", "fs_file_attr"}, 1155 params: []argMeta{ 1156 {Type: "const char*", Name: "pathname"}, 1157 {Type: "uid_t", Name: "owner"}, 1158 {Type: "gid_t", Name: "group"}, 1159 }, 1160 }, 1161 events.Fchown: { 1162 ID: events.Fchown, 1163 id32Bit: events.Sys32fchown32, 1164 name: "fchown", 1165 syscall: true, 1166 sets: []string{"default", "syscalls", "fs", "fs_file_attr"}, 1167 params: []argMeta{ 1168 {Type: "int", Name: "fd"}, 1169 {Type: "uid_t", Name: "owner"}, 1170 {Type: "gid_t", Name: "group"}, 1171 }, 1172 }, 1173 events.Lchown: { 1174 ID: events.Lchown, 1175 id32Bit: events.Sys32lchown32, 1176 name: "lchown", 1177 syscall: true, 1178 sets: []string{"default", "syscalls", "fs", "fs_file_attr"}, 1179 params: []argMeta{ 1180 {Type: "const char*", Name: "pathname"}, 1181 {Type: "uid_t", Name: "owner"}, 1182 {Type: "gid_t", Name: "group"}, 1183 }, 1184 }, 1185 events.Umask: { 1186 ID: events.Umask, 1187 id32Bit: events.Sys32umask, 1188 name: "umask", 1189 syscall: true, 1190 sets: []string{"syscalls", "fs", "fs_file_attr"}, 1191 params: []argMeta{ 1192 {Type: "mode_t", Name: "mask"}, 1193 }, 1194 }, 1195 events.Gettimeofday: { 1196 ID: events.Gettimeofday, 1197 id32Bit: events.Sys32gettimeofday, 1198 name: "gettimeofday", 1199 syscall: true, 1200 sets: []string{"syscalls", "time", "time_tod"}, 1201 params: []argMeta{ 1202 {Type: "struct timeval*", Name: "tv"}, 1203 {Type: "struct timezone*", Name: "tz"}, 1204 }, 1205 }, 1206 events.Getrlimit: { 1207 ID: events.Getrlimit, 1208 id32Bit: events.Sys32ugetrlimit, 1209 name: "getrlimit", 1210 syscall: true, 1211 sets: []string{"syscalls", "proc"}, 1212 params: []argMeta{ 1213 {Type: "int", Name: "resource"}, 1214 {Type: "struct rlimit*", Name: "rlim"}, 1215 }, 1216 }, 1217 events.Getrusage: { 1218 ID: events.Getrusage, 1219 id32Bit: events.Sys32getrusage, 1220 name: "getrusage", 1221 syscall: true, 1222 sets: []string{"syscalls", "proc"}, 1223 params: []argMeta{ 1224 {Type: "int", Name: "who"}, 1225 {Type: "struct rusage*", Name: "usage"}, 1226 }, 1227 }, 1228 events.Sysinfo: { 1229 ID: events.Sysinfo, 1230 id32Bit: events.Sys32sysinfo, 1231 name: "sysinfo", 1232 syscall: true, 1233 sets: []string{"syscalls", "system"}, 1234 params: []argMeta{ 1235 {Type: "struct sysinfo*", Name: "info"}, 1236 }, 1237 }, 1238 events.Times: { 1239 ID: events.Times, 1240 id32Bit: events.Sys32times, 1241 name: "times", 1242 syscall: true, 1243 sets: []string{"syscalls", "proc"}, 1244 params: []argMeta{ 1245 {Type: "struct tms*", Name: "buf"}, 1246 }, 1247 }, 1248 events.Ptrace: { 1249 ID: events.Ptrace, 1250 id32Bit: events.Sys32ptrace, 1251 name: "ptrace", 1252 syscall: true, 1253 sets: []string{"default", "syscalls", "proc"}, 1254 params: []argMeta{ 1255 {Type: "long", Name: "request"}, 1256 {Type: "pid_t", Name: "pid"}, 1257 {Type: "void*", Name: "addr"}, 1258 {Type: "void*", Name: "data"}, 1259 }, 1260 }, 1261 events.Getuid: { 1262 ID: events.Getuid, 1263 id32Bit: events.Sys32getuid32, 1264 name: "getuid", 1265 syscall: true, 1266 sets: []string{"syscalls", "proc", "proc_ids"}, 1267 params: []argMeta{}, 1268 }, 1269 events.Syslog: { 1270 ID: events.Syslog, 1271 id32Bit: events.Sys32syslog, 1272 name: "syslog", 1273 syscall: true, 1274 sets: []string{"syscalls", "system"}, 1275 params: []argMeta{ 1276 {Type: "int", Name: "type"}, 1277 {Type: "char*", Name: "bufp"}, 1278 {Type: "int", Name: "len"}, 1279 }, 1280 }, 1281 events.Getgid: { 1282 ID: events.Getgid, 1283 id32Bit: events.Sys32getgid32, 1284 name: "getgid", 1285 syscall: true, 1286 sets: []string{"syscalls", "proc", "proc_ids"}, 1287 params: []argMeta{}, 1288 }, 1289 events.Setuid: { 1290 ID: events.Setuid, 1291 id32Bit: events.Sys32setuid32, 1292 name: "setuid", 1293 syscall: true, 1294 sets: []string{"default", "syscalls", "proc", "proc_ids"}, 1295 params: []argMeta{ 1296 {Type: "uid_t", Name: "uid"}, 1297 }, 1298 }, 1299 events.Setgid: { 1300 ID: events.Setgid, 1301 id32Bit: events.Sys32setgid32, 1302 name: "setgid", 1303 syscall: true, 1304 sets: []string{"default", "syscalls", "proc", "proc_ids"}, 1305 params: []argMeta{ 1306 {Type: "gid_t", Name: "gid"}, 1307 }, 1308 }, 1309 events.Geteuid: { 1310 ID: events.Geteuid, 1311 id32Bit: events.Sys32geteuid32, 1312 name: "geteuid", 1313 syscall: true, 1314 sets: []string{"syscalls", "proc", "proc_ids"}, 1315 params: []argMeta{}, 1316 }, 1317 events.Getegid: { 1318 ID: events.Getegid, 1319 id32Bit: events.Sys32getegid32, 1320 name: "getegid", 1321 syscall: true, 1322 sets: []string{"syscalls", "proc", "proc_ids"}, 1323 params: []argMeta{}, 1324 }, 1325 events.Setpgid: { 1326 ID: events.Setpgid, 1327 id32Bit: events.Sys32setpgid, 1328 name: "setpgid", 1329 syscall: true, 1330 sets: []string{"default", "syscalls", "proc", "proc_ids"}, 1331 params: []argMeta{ 1332 {Type: "pid_t", Name: "pid"}, 1333 {Type: "pid_t", Name: "pgid"}, 1334 }, 1335 }, 1336 events.Getppid: { 1337 ID: events.Getppid, 1338 id32Bit: events.Sys32getppid, 1339 name: "getppid", 1340 syscall: true, 1341 sets: []string{"syscalls", "proc", "proc_ids"}, 1342 params: []argMeta{}, 1343 }, 1344 events.Getpgrp: { 1345 ID: events.Getpgrp, 1346 id32Bit: events.Sys32getpgrp, 1347 name: "getpgrp", 1348 syscall: true, 1349 sets: []string{"syscalls", "proc", "proc_ids"}, 1350 params: []argMeta{}, 1351 }, 1352 events.Setsid: { 1353 ID: events.Setsid, 1354 id32Bit: events.Sys32setsid, 1355 name: "setsid", 1356 syscall: true, 1357 sets: []string{"default", "syscalls", "proc", "proc_ids"}, 1358 params: []argMeta{}, 1359 }, 1360 events.Setreuid: { 1361 ID: events.Setreuid, 1362 id32Bit: events.Sys32setreuid32, 1363 name: "setreuid", 1364 syscall: true, 1365 sets: []string{"default", "syscalls", "proc", "proc_ids"}, 1366 params: []argMeta{ 1367 {Type: "uid_t", Name: "ruid"}, 1368 {Type: "uid_t", Name: "euid"}, 1369 }, 1370 }, 1371 events.Setregid: { 1372 ID: events.Setregid, 1373 id32Bit: events.Sys32setregid32, 1374 name: "setregid", 1375 syscall: true, 1376 sets: []string{"default", "syscalls", "proc", "proc_ids"}, 1377 params: []argMeta{ 1378 {Type: "gid_t", Name: "rgid"}, 1379 {Type: "gid_t", Name: "egid"}, 1380 }, 1381 }, 1382 events.Getgroups: { 1383 ID: events.Getgroups, 1384 id32Bit: events.Sys32getgroups32, 1385 name: "getgroups", 1386 syscall: true, 1387 sets: []string{"syscalls", "proc", "proc_ids"}, 1388 params: []argMeta{ 1389 {Type: "int", Name: "size"}, 1390 {Type: "gid_t*", Name: "list"}, 1391 }, 1392 }, 1393 events.Setgroups: { 1394 ID: events.Setgroups, 1395 id32Bit: events.Sys32setgroups32, 1396 name: "setgroups", 1397 syscall: true, 1398 sets: []string{"syscalls", "proc", "proc_ids"}, 1399 params: []argMeta{ 1400 {Type: "int", Name: "size"}, 1401 {Type: "gid_t*", Name: "list"}, 1402 }, 1403 }, 1404 events.Setresuid: { 1405 ID: events.Setresuid, 1406 id32Bit: events.Sys32setresuid32, 1407 name: "setresuid", 1408 syscall: true, 1409 sets: []string{"default", "syscalls", "proc", "proc_ids"}, 1410 params: []argMeta{ 1411 {Type: "uid_t", Name: "ruid"}, 1412 {Type: "uid_t", Name: "euid"}, 1413 {Type: "uid_t", Name: "suid"}, 1414 }, 1415 }, 1416 events.Getresuid: { 1417 ID: events.Getresuid, 1418 id32Bit: events.Sys32getresuid32, 1419 name: "getresuid", 1420 syscall: true, 1421 sets: []string{"syscalls", "proc", "proc_ids"}, 1422 params: []argMeta{ 1423 {Type: "uid_t*", Name: "ruid"}, 1424 {Type: "uid_t*", Name: "euid"}, 1425 {Type: "uid_t*", Name: "suid"}, 1426 }, 1427 }, 1428 events.Setresgid: { 1429 ID: events.Setresgid, 1430 id32Bit: events.Sys32setresgid32, 1431 name: "setresgid", 1432 syscall: true, 1433 sets: []string{"default", "syscalls", "proc", "proc_ids"}, 1434 params: []argMeta{ 1435 {Type: "gid_t", Name: "rgid"}, 1436 {Type: "gid_t", Name: "egid"}, 1437 {Type: "gid_t", Name: "sgid"}, 1438 }, 1439 }, 1440 events.Getresgid: { 1441 ID: events.Getresgid, 1442 id32Bit: events.Sys32getresgid32, 1443 name: "getresgid", 1444 syscall: true, 1445 sets: []string{"syscalls", "proc", "proc_ids"}, 1446 params: []argMeta{ 1447 {Type: "gid_t*", Name: "rgid"}, 1448 {Type: "gid_t*", Name: "egid"}, 1449 {Type: "gid_t*", Name: "sgid"}, 1450 }, 1451 }, 1452 events.Getpgid: { 1453 ID: events.Getpgid, 1454 id32Bit: events.Sys32getpgid, 1455 name: "getpgid", 1456 syscall: true, 1457 sets: []string{"syscalls", "proc", "proc_ids"}, 1458 params: []argMeta{ 1459 {Type: "pid_t", Name: "pid"}, 1460 }, 1461 }, 1462 events.Setfsuid: { 1463 ID: events.Setfsuid, 1464 id32Bit: events.Sys32setfsuid32, 1465 name: "setfsuid", 1466 syscall: true, 1467 sets: []string{"default", "syscalls", "proc", "proc_ids"}, 1468 params: []argMeta{ 1469 {Type: "uid_t", Name: "fsuid"}, 1470 }, 1471 }, 1472 events.Setfsgid: { 1473 ID: events.Setfsgid, 1474 id32Bit: events.Sys32setfsgid32, 1475 name: "setfsgid", 1476 syscall: true, 1477 sets: []string{"default", "syscalls", "proc", "proc_ids"}, 1478 params: []argMeta{ 1479 {Type: "gid_t", Name: "fsgid"}, 1480 }, 1481 }, 1482 events.Getsid: { 1483 ID: events.Getsid, 1484 id32Bit: events.Sys32getsid, 1485 name: "getsid", 1486 syscall: true, 1487 sets: []string{"syscalls", "proc", "proc_ids"}, 1488 params: []argMeta{ 1489 {Type: "pid_t", Name: "pid"}, 1490 }, 1491 }, 1492 events.Capget: { 1493 ID: events.Capget, 1494 id32Bit: events.Sys32capget, 1495 name: "capget", 1496 syscall: true, 1497 sets: []string{"syscalls", "proc"}, 1498 params: []argMeta{ 1499 {Type: "cap_user_header_t", Name: "hdrp"}, 1500 {Type: "cap_user_data_t", Name: "datap"}, 1501 }, 1502 }, 1503 events.Capset: { 1504 ID: events.Capset, 1505 id32Bit: events.Sys32capset, 1506 name: "capset", 1507 syscall: true, 1508 sets: []string{"syscalls", "proc"}, 1509 params: []argMeta{ 1510 {Type: "cap_user_header_t", Name: "hdrp"}, 1511 {Type: "const cap_user_data_t", Name: "datap"}, 1512 }, 1513 }, 1514 events.RtSigpending: { 1515 ID: events.RtSigpending, 1516 id32Bit: events.Sys32rt_sigpending, 1517 name: "rt_sigpending", 1518 syscall: true, 1519 sets: []string{"syscalls", "signals"}, 1520 params: []argMeta{ 1521 {Type: "sigset_t*", Name: "set"}, 1522 {Type: "size_t", Name: "sigsetsize"}, 1523 }, 1524 }, 1525 events.RtSigtimedwait: { 1526 ID: events.RtSigtimedwait, 1527 id32Bit: events.Sys32rt_sigtimedwait_time64, 1528 name: "rt_sigtimedwait", 1529 syscall: true, 1530 sets: []string{"syscalls", "signals"}, 1531 params: []argMeta{ 1532 {Type: "const sigset_t*", Name: "set"}, 1533 {Type: "siginfo_t*", Name: "info"}, 1534 {Type: "const struct timespec*", Name: "timeout"}, 1535 {Type: "size_t", Name: "sigsetsize"}, 1536 }, 1537 }, 1538 events.RtSigqueueinfo: { 1539 ID: events.RtSigqueueinfo, 1540 id32Bit: events.Sys32rt_sigqueueinfo, 1541 name: "rt_sigqueueinfo", 1542 syscall: true, 1543 sets: []string{"syscalls", "signals"}, 1544 params: []argMeta{ 1545 {Type: "pid_t", Name: "tgid"}, 1546 {Type: "int", Name: "sig"}, 1547 {Type: "siginfo_t*", Name: "info"}, 1548 }, 1549 }, 1550 events.RtSigsuspend: { 1551 ID: events.RtSigsuspend, 1552 id32Bit: events.Sys32rt_sigsuspend, 1553 name: "rt_sigsuspend", 1554 syscall: true, 1555 sets: []string{"syscalls", "signals"}, 1556 params: []argMeta{ 1557 {Type: "sigset_t*", Name: "mask"}, 1558 {Type: "size_t", Name: "sigsetsize"}, 1559 }, 1560 }, 1561 events.Sigaltstack: { 1562 ID: events.Sigaltstack, 1563 id32Bit: events.Sys32sigaltstack, 1564 name: "sigaltstack", 1565 syscall: true, 1566 sets: []string{"syscalls", "signals"}, 1567 params: []argMeta{ 1568 {Type: "const stack_t*", Name: "ss"}, 1569 {Type: "stack_t*", Name: "old_ss"}, 1570 }, 1571 }, 1572 events.Utime: { 1573 ID: events.Utime, 1574 id32Bit: events.Sys32utime, 1575 name: "utime", 1576 syscall: true, 1577 sets: []string{"syscalls", "fs", "fs_file_attr"}, 1578 params: []argMeta{ 1579 {Type: "const char*", Name: "filename"}, 1580 {Type: "const struct utimbuf*", Name: "times"}, 1581 }, 1582 }, 1583 events.Mknod: { 1584 ID: events.Mknod, 1585 id32Bit: events.Sys32mknod, 1586 name: "mknod", 1587 syscall: true, 1588 sets: []string{"syscalls", "fs", "fs_file_ops"}, 1589 params: []argMeta{ 1590 {Type: "const char*", Name: "pathname"}, 1591 {Type: "mode_t", Name: "mode"}, 1592 {Type: "dev_t", Name: "dev"}, 1593 }, 1594 }, 1595 events.Uselib: { 1596 ID: events.Uselib, 1597 id32Bit: events.Sys32uselib, 1598 name: "uselib", 1599 syscall: true, 1600 sets: []string{"syscalls", "proc"}, 1601 params: []argMeta{ 1602 {Type: "const char*", Name: "library"}, 1603 }, 1604 }, 1605 events.Personality: { 1606 ID: events.Personality, 1607 id32Bit: events.Sys32personality, 1608 name: "personality", 1609 syscall: true, 1610 sets: []string{"syscalls", "system"}, 1611 params: []argMeta{ 1612 {Type: "unsigned long", Name: "persona"}, 1613 }, 1614 }, 1615 events.Ustat: { 1616 ID: events.Ustat, 1617 id32Bit: events.Sys32ustat, 1618 name: "ustat", 1619 syscall: true, 1620 sets: []string{"syscalls", "fs", "fs_info"}, 1621 params: []argMeta{ 1622 {Type: "dev_t", Name: "dev"}, 1623 {Type: "struct ustat*", Name: "ubuf"}, 1624 }, 1625 }, 1626 events.Statfs: { 1627 ID: events.Statfs, 1628 id32Bit: events.Sys32statfs, 1629 name: "statfs", 1630 syscall: true, 1631 sets: []string{"syscalls", "fs", "fs_info"}, 1632 params: []argMeta{ 1633 {Type: "const char*", Name: "path"}, 1634 {Type: "struct statfs*", Name: "buf"}, 1635 }, 1636 }, 1637 events.Fstatfs: { 1638 ID: events.Fstatfs, 1639 id32Bit: events.Sys32fstatfs, 1640 name: "fstatfs", 1641 syscall: true, 1642 sets: []string{"syscalls", "fs", "fs_info"}, 1643 params: []argMeta{ 1644 {Type: "int", Name: "fd"}, 1645 {Type: "struct statfs*", Name: "buf"}, 1646 }, 1647 }, 1648 events.Sysfs: { 1649 ID: events.Sysfs, 1650 id32Bit: events.Sys32sysfs, 1651 name: "sysfs", 1652 syscall: true, 1653 sets: []string{"syscalls", "fs", "fs_info"}, 1654 params: []argMeta{ 1655 {Type: "int", Name: "option"}, 1656 }, 1657 }, 1658 events.Getpriority: { 1659 ID: events.Getpriority, 1660 id32Bit: events.Sys32getpriority, 1661 name: "getpriority", 1662 syscall: true, 1663 sets: []string{"syscalls", "proc", "proc_sched"}, 1664 params: []argMeta{ 1665 {Type: "int", Name: "which"}, 1666 {Type: "int", Name: "who"}, 1667 }, 1668 }, 1669 events.Setpriority: { 1670 ID: events.Setpriority, 1671 id32Bit: events.Sys32setpriority, 1672 name: "setpriority", 1673 syscall: true, 1674 sets: []string{"syscalls", "proc", "proc_sched"}, 1675 params: []argMeta{ 1676 {Type: "int", Name: "which"}, 1677 {Type: "int", Name: "who"}, 1678 {Type: "int", Name: "prio"}, 1679 }, 1680 }, 1681 events.SchedSetparam: { 1682 ID: events.SchedSetparam, 1683 id32Bit: events.Sys32sched_setparam, 1684 name: "sched_setparam", 1685 syscall: true, 1686 sets: []string{"syscalls", "proc", "proc_sched"}, 1687 params: []argMeta{ 1688 {Type: "pid_t", Name: "pid"}, 1689 {Type: "struct sched_param*", Name: "param"}, 1690 }, 1691 }, 1692 events.SchedGetparam: { 1693 ID: events.SchedGetparam, 1694 id32Bit: events.Sys32sched_getparam, 1695 name: "sched_getparam", 1696 syscall: true, 1697 sets: []string{"syscalls", "proc", "proc_sched"}, 1698 params: []argMeta{ 1699 {Type: "pid_t", Name: "pid"}, 1700 {Type: "struct sched_param*", Name: "param"}, 1701 }, 1702 }, 1703 events.SchedSetscheduler: { 1704 ID: events.SchedSetscheduler, 1705 id32Bit: events.Sys32sched_setscheduler, 1706 name: "sched_setscheduler", 1707 syscall: true, 1708 sets: []string{"syscalls", "proc", "proc_sched"}, 1709 params: []argMeta{ 1710 {Type: "pid_t", Name: "pid"}, 1711 {Type: "int", Name: "policy"}, 1712 {Type: "struct sched_param*", Name: "param"}, 1713 }, 1714 }, 1715 events.SchedGetscheduler: { 1716 ID: events.SchedGetscheduler, 1717 id32Bit: events.Sys32sched_getscheduler, 1718 name: "sched_getscheduler", 1719 syscall: true, 1720 sets: []string{"syscalls", "proc", "proc_sched"}, 1721 params: []argMeta{ 1722 {Type: "pid_t", Name: "pid"}, 1723 }, 1724 }, 1725 events.SchedGetPriorityMax: { 1726 ID: events.SchedGetPriorityMax, 1727 id32Bit: events.Sys32sched_get_priority_max, 1728 name: "sched_get_priority_max", 1729 syscall: true, 1730 sets: []string{"syscalls", "proc", "proc_sched"}, 1731 params: []argMeta{ 1732 {Type: "int", Name: "policy"}, 1733 }, 1734 }, 1735 events.SchedGetPriorityMin: { 1736 ID: events.SchedGetPriorityMin, 1737 id32Bit: events.Sys32sched_get_priority_min, 1738 name: "sched_get_priority_min", 1739 syscall: true, 1740 sets: []string{"syscalls", "proc", "proc_sched"}, 1741 params: []argMeta{ 1742 {Type: "int", Name: "policy"}, 1743 }, 1744 }, 1745 events.SchedRrGetInterval: { 1746 ID: events.SchedRrGetInterval, 1747 id32Bit: events.Sys32sched_rr_get_interval_time64, 1748 name: "sched_rr_get_interval", 1749 syscall: true, 1750 sets: []string{"syscalls", "proc", "proc_sched"}, 1751 params: []argMeta{ 1752 {Type: "pid_t", Name: "pid"}, 1753 {Type: "struct timespec*", Name: "tp"}, 1754 }, 1755 }, 1756 events.Mlock: { 1757 ID: events.Mlock, 1758 id32Bit: events.Sys32mlock, 1759 name: "mlock", 1760 syscall: true, 1761 sets: []string{"syscalls", "proc", "proc_mem"}, 1762 params: []argMeta{ 1763 {Type: "const void*", Name: "addr"}, 1764 {Type: "size_t", Name: "len"}, 1765 }, 1766 }, 1767 events.Munlock: { 1768 ID: events.Munlock, 1769 id32Bit: events.Sys32munlock, 1770 name: "munlock", 1771 syscall: true, 1772 sets: []string{"syscalls", "proc", "proc_mem"}, 1773 params: []argMeta{ 1774 {Type: "const void*", Name: "addr"}, 1775 {Type: "size_t", Name: "len"}, 1776 }, 1777 }, 1778 events.Mlockall: { 1779 ID: events.Mlockall, 1780 id32Bit: events.Sys32mlockall, 1781 name: "mlockall", 1782 syscall: true, 1783 sets: []string{"syscalls", "proc", "proc_mem"}, 1784 params: []argMeta{ 1785 {Type: "int", Name: "flags"}, 1786 }, 1787 }, 1788 events.Munlockall: { 1789 ID: events.Munlockall, 1790 id32Bit: events.Sys32munlockall, 1791 name: "munlockall", 1792 syscall: true, 1793 sets: []string{"syscalls", "proc", "proc_mem"}, 1794 params: []argMeta{}, 1795 }, 1796 events.Vhangup: { 1797 ID: events.Vhangup, 1798 id32Bit: events.Sys32vhangup, 1799 name: "vhangup", 1800 syscall: true, 1801 sets: []string{"syscalls", "system"}, 1802 params: []argMeta{}, 1803 }, 1804 events.ModifyLdt: { 1805 ID: events.ModifyLdt, 1806 id32Bit: events.Sys32modify_ldt, 1807 name: "modify_ldt", 1808 syscall: true, 1809 sets: []string{"syscalls", "proc", "proc_mem"}, 1810 params: []argMeta{ 1811 {Type: "int", Name: "func"}, 1812 {Type: "void*", Name: "ptr"}, 1813 {Type: "unsigned long", Name: "bytecount"}, 1814 }, 1815 }, 1816 events.PivotRoot: { 1817 ID: events.PivotRoot, 1818 id32Bit: events.Sys32pivot_root, 1819 name: "pivot_root", 1820 syscall: true, 1821 sets: []string{"syscalls", "fs"}, 1822 params: []argMeta{ 1823 {Type: "const char*", Name: "new_root"}, 1824 {Type: "const char*", Name: "put_old"}, 1825 }, 1826 }, 1827 events.Sysctl: { 1828 ID: events.Sysctl, 1829 id32Bit: events.Sys32_sysctl, 1830 name: "sysctl", 1831 syscall: true, 1832 sets: []string{"syscalls", "system"}, 1833 params: []argMeta{ 1834 {Type: "struct __sysctl_args*", Name: "args"}, 1835 }, 1836 }, 1837 events.Prctl: { 1838 ID: events.Prctl, 1839 id32Bit: events.Sys32prctl, 1840 name: "prctl", 1841 syscall: true, 1842 sets: []string{"syscalls", "proc"}, 1843 params: []argMeta{ 1844 {Type: "int", Name: "option"}, 1845 {Type: "unsigned long", Name: "arg2"}, 1846 {Type: "unsigned long", Name: "arg3"}, 1847 {Type: "unsigned long", Name: "arg4"}, 1848 {Type: "unsigned long", Name: "arg5"}, 1849 }, 1850 }, 1851 events.ArchPrctl: { 1852 ID: events.ArchPrctl, 1853 id32Bit: events.Sys32arch_prctl, 1854 name: "arch_prctl", 1855 syscall: true, 1856 sets: []string{"syscalls", "proc"}, 1857 params: []argMeta{ 1858 {Type: "int", Name: "option"}, 1859 {Type: "unsigned long", Name: "addr"}, 1860 }, 1861 }, 1862 events.Adjtimex: { 1863 ID: events.Adjtimex, 1864 id32Bit: events.Sys32adjtimex, 1865 name: "adjtimex", 1866 syscall: true, 1867 sets: []string{"syscalls", "time", "time_clock"}, 1868 params: []argMeta{ 1869 {Type: "struct timex*", Name: "buf"}, 1870 }, 1871 }, 1872 events.Setrlimit: { 1873 ID: events.Setrlimit, 1874 id32Bit: events.Sys32setrlimit, 1875 name: "setrlimit", 1876 syscall: true, 1877 sets: []string{"syscalls", "proc"}, 1878 params: []argMeta{ 1879 {Type: "int", Name: "resource"}, 1880 {Type: "const struct rlimit*", Name: "rlim"}, 1881 }, 1882 }, 1883 events.Chroot: { 1884 ID: events.Chroot, 1885 id32Bit: events.Sys32chroot, 1886 name: "chroot", 1887 syscall: true, 1888 sets: []string{"syscalls", "fs", "fs_dir_ops"}, 1889 params: []argMeta{ 1890 {Type: "const char*", Name: "path"}, 1891 }, 1892 }, 1893 events.Sync: { 1894 ID: events.Sync, 1895 id32Bit: events.Sys32sync, 1896 name: "sync", 1897 syscall: true, 1898 sets: []string{"syscalls", "fs", "fs_sync"}, 1899 params: []argMeta{}, 1900 }, 1901 events.Acct: { 1902 ID: events.Acct, 1903 id32Bit: events.Sys32acct, 1904 name: "acct", 1905 syscall: true, 1906 sets: []string{"syscalls", "system"}, 1907 params: []argMeta{ 1908 {Type: "const char*", Name: "filename"}, 1909 }, 1910 }, 1911 events.Settimeofday: { 1912 ID: events.Settimeofday, 1913 id32Bit: events.Sys32settimeofday, 1914 name: "settimeofday", 1915 syscall: true, 1916 sets: []string{"syscalls", "time", "time_tod"}, 1917 params: []argMeta{ 1918 {Type: "const struct timeval*", Name: "tv"}, 1919 {Type: "const struct timezone*", Name: "tz"}, 1920 }, 1921 }, 1922 events.Mount: { 1923 ID: events.Mount, 1924 id32Bit: events.Sys32mount, 1925 name: "mount", 1926 syscall: true, 1927 sets: []string{"syscalls", "fs"}, 1928 params: []argMeta{ 1929 {Type: "const char*", Name: "source"}, 1930 {Type: "const char*", Name: "target"}, 1931 {Type: "const char*", Name: "filesystemtype"}, 1932 {Type: "unsigned long", Name: "mountflags"}, 1933 {Type: "const void*", Name: "data"}, 1934 }, 1935 }, 1936 events.Umount2: { 1937 ID: events.Umount2, 1938 id32Bit: events.Sys32umount2, 1939 name: "umount2", 1940 syscall: true, 1941 sets: []string{"syscalls", "fs"}, 1942 params: []argMeta{ 1943 {Type: "const char*", Name: "target"}, 1944 {Type: "int", Name: "flags"}, 1945 }, 1946 }, 1947 events.Swapon: { 1948 ID: events.Swapon, 1949 id32Bit: events.Sys32swapon, 1950 name: "swapon", 1951 syscall: true, 1952 sets: []string{"syscalls", "fs"}, 1953 params: []argMeta{ 1954 {Type: "const char*", Name: "path"}, 1955 {Type: "int", Name: "swapflags"}, 1956 }, 1957 }, 1958 events.Swapoff: { 1959 ID: events.Swapoff, 1960 id32Bit: events.Sys32swapoff, 1961 name: "swapoff", 1962 syscall: true, 1963 sets: []string{"syscalls", "fs"}, 1964 params: []argMeta{ 1965 {Type: "const char*", Name: "path"}, 1966 }, 1967 }, 1968 events.Reboot: { 1969 ID: events.Reboot, 1970 id32Bit: events.Sys32reboot, 1971 name: "reboot", 1972 syscall: true, 1973 sets: []string{"syscalls", "system"}, 1974 params: []argMeta{ 1975 {Type: "int", Name: "magic"}, 1976 {Type: "int", Name: "magic2"}, 1977 {Type: "int", Name: "cmd"}, 1978 {Type: "void*", Name: "arg"}, 1979 }, 1980 }, 1981 events.Sethostname: { 1982 ID: events.Sethostname, 1983 id32Bit: events.Sys32sethostname, 1984 name: "sethostname", 1985 syscall: true, 1986 sets: []string{"syscalls", "net"}, 1987 params: []argMeta{ 1988 {Type: "const char*", Name: "name"}, 1989 {Type: "size_t", Name: "len"}, 1990 }, 1991 }, 1992 events.Setdomainname: { 1993 ID: events.Setdomainname, 1994 id32Bit: events.Sys32setdomainname, 1995 name: "setdomainname", 1996 syscall: true, 1997 sets: []string{"syscalls", "net"}, 1998 params: []argMeta{ 1999 {Type: "const char*", Name: "name"}, 2000 {Type: "size_t", Name: "len"}, 2001 }, 2002 }, 2003 events.Iopl: { 2004 ID: events.Iopl, 2005 id32Bit: events.Sys32iopl, 2006 name: "iopl", 2007 syscall: true, 2008 sets: []string{"syscalls", "system"}, 2009 params: []argMeta{ 2010 {Type: "int", Name: "level"}, 2011 }, 2012 }, 2013 events.Ioperm: { 2014 ID: events.Ioperm, 2015 id32Bit: events.Sys32ioperm, 2016 name: "ioperm", 2017 syscall: true, 2018 sets: []string{"syscalls", "system"}, 2019 params: []argMeta{ 2020 {Type: "unsigned long", Name: "from"}, 2021 {Type: "unsigned long", Name: "num"}, 2022 {Type: "int", Name: "turn_on"}, 2023 }, 2024 }, 2025 events.CreateModule: { 2026 ID: events.CreateModule, 2027 id32Bit: events.Sys32create_module, 2028 name: "create_module", 2029 syscall: true, 2030 sets: []string{"syscalls", "system", "system_module"}, 2031 params: []argMeta{}, 2032 }, 2033 events.InitModule: { 2034 ID: events.InitModule, 2035 id32Bit: events.Sys32init_module, 2036 name: "init_module", 2037 syscall: true, 2038 sets: []string{"default", "syscalls", "system", "system_module"}, 2039 params: []argMeta{ 2040 {Type: "void*", Name: "module_image"}, 2041 {Type: "unsigned long", Name: "len"}, 2042 {Type: "const char*", Name: "param_values"}, 2043 }, 2044 }, 2045 events.DeleteModule: { 2046 ID: events.DeleteModule, 2047 id32Bit: events.Sys32delete_module, 2048 name: "delete_module", 2049 syscall: true, 2050 sets: []string{"syscalls", "system", "system_module"}, 2051 params: []argMeta{ 2052 {Type: "const char*", Name: "name"}, 2053 {Type: "int", Name: "flags"}, 2054 }, 2055 }, 2056 events.GetKernelSyms: { 2057 ID: events.GetKernelSyms, 2058 id32Bit: events.Sys32get_kernel_syms, 2059 name: "get_kernel_syms", 2060 syscall: true, 2061 sets: []string{"syscalls", "system", "system_module"}, 2062 params: []argMeta{}, 2063 }, 2064 events.QueryModule: { 2065 ID: events.QueryModule, 2066 id32Bit: events.Sys32query_module, 2067 name: "query_module", 2068 syscall: true, 2069 sets: []string{"syscalls", "system", "system_module"}, 2070 params: []argMeta{}, 2071 }, 2072 events.Quotactl: { 2073 ID: events.Quotactl, 2074 id32Bit: events.Sys32quotactl, 2075 name: "quotactl", 2076 syscall: true, 2077 sets: []string{"syscalls", "system"}, 2078 params: []argMeta{ 2079 {Type: "int", Name: "cmd"}, 2080 {Type: "const char*", Name: "special"}, 2081 {Type: "int", Name: "id"}, 2082 {Type: "void*", Name: "addr"}, 2083 }, 2084 }, 2085 events.Nfsservctl: { 2086 ID: events.Nfsservctl, 2087 id32Bit: events.Sys32nfsservctl, 2088 name: "nfsservctl", 2089 syscall: true, 2090 sets: []string{"syscalls", "fs"}, 2091 params: []argMeta{}, 2092 }, 2093 events.Getpmsg: { 2094 ID: events.Getpmsg, 2095 id32Bit: events.Sys32getpmsg, 2096 name: "getpmsg", 2097 syscall: true, 2098 sets: []string{"syscalls"}, 2099 params: []argMeta{}, 2100 }, 2101 events.Putpmsg: { 2102 ID: events.Putpmsg, 2103 id32Bit: events.Sys32putpmsg, 2104 name: "putpmsg", 2105 syscall: true, 2106 sets: []string{"syscalls"}, 2107 params: []argMeta{}, 2108 }, 2109 events.Afs: { 2110 ID: events.Afs, 2111 id32Bit: events.Sys32Undefined, 2112 name: "afs", 2113 syscall: true, 2114 sets: []string{"syscalls"}, 2115 params: []argMeta{}, 2116 }, 2117 events.Tuxcall: { 2118 ID: events.Tuxcall, 2119 id32Bit: events.Sys32Undefined, 2120 name: "tuxcall", 2121 syscall: true, 2122 sets: []string{"syscalls"}, 2123 params: []argMeta{}, 2124 }, 2125 events.Security: { 2126 ID: events.Security, 2127 id32Bit: events.Sys32Undefined, 2128 name: "security", 2129 syscall: true, 2130 sets: []string{"syscalls"}, 2131 params: []argMeta{}, 2132 }, 2133 events.Gettid: { 2134 ID: events.Gettid, 2135 id32Bit: events.Sys32gettid, 2136 name: "gettid", 2137 syscall: true, 2138 sets: []string{"syscalls", "proc", "proc_ids"}, 2139 params: []argMeta{}, 2140 }, 2141 events.Readahead: { 2142 ID: events.Readahead, 2143 id32Bit: events.Sys32readahead, 2144 name: "readahead", 2145 syscall: true, 2146 sets: []string{"syscalls", "fs"}, 2147 params: []argMeta{ 2148 {Type: "int", Name: "fd"}, 2149 {Type: "off_t", Name: "offset"}, 2150 {Type: "size_t", Name: "count"}, 2151 }, 2152 }, 2153 events.Setxattr: { 2154 ID: events.Setxattr, 2155 id32Bit: events.Sys32setxattr, 2156 name: "setxattr", 2157 syscall: true, 2158 sets: []string{"syscalls", "fs", "fs_file_attr"}, 2159 params: []argMeta{ 2160 {Type: "const char*", Name: "path"}, 2161 {Type: "const char*", Name: "name"}, 2162 {Type: "const void*", Name: "value"}, 2163 {Type: "size_t", Name: "size"}, 2164 {Type: "int", Name: "flags"}, 2165 }, 2166 }, 2167 events.Lsetxattr: { 2168 ID: events.Lsetxattr, 2169 id32Bit: events.Sys32lsetxattr, 2170 name: "lsetxattr", 2171 syscall: true, 2172 sets: []string{"syscalls", "fs", "fs_file_attr"}, 2173 params: []argMeta{ 2174 {Type: "const char*", Name: "path"}, 2175 {Type: "const char*", Name: "name"}, 2176 {Type: "const void*", Name: "value"}, 2177 {Type: "size_t", Name: "size"}, 2178 {Type: "int", Name: "flags"}, 2179 }, 2180 }, 2181 events.Fsetxattr: { 2182 ID: events.Fsetxattr, 2183 id32Bit: events.Sys32fsetxattr, 2184 name: "fsetxattr", 2185 syscall: true, 2186 sets: []string{"syscalls", "fs", "fs_file_attr"}, 2187 params: []argMeta{ 2188 {Type: "int", Name: "fd"}, 2189 {Type: "const char*", Name: "name"}, 2190 {Type: "const void*", Name: "value"}, 2191 {Type: "size_t", Name: "size"}, 2192 {Type: "int", Name: "flags"}, 2193 }, 2194 }, 2195 events.Getxattr: { 2196 ID: events.Getxattr, 2197 id32Bit: events.Sys32getxattr, 2198 name: "getxattr", 2199 syscall: true, 2200 sets: []string{"syscalls", "fs", "fs_file_attr"}, 2201 params: []argMeta{ 2202 {Type: "const char*", Name: "path"}, 2203 {Type: "const char*", Name: "name"}, 2204 {Type: "void*", Name: "value"}, 2205 {Type: "size_t", Name: "size"}, 2206 }, 2207 }, 2208 events.Lgetxattr: { 2209 ID: events.Lgetxattr, 2210 id32Bit: events.Sys32lgetxattr, 2211 name: "lgetxattr", 2212 syscall: true, 2213 sets: []string{"syscalls", "fs", "fs_file_attr"}, 2214 params: []argMeta{ 2215 {Type: "const char*", Name: "path"}, 2216 {Type: "const char*", Name: "name"}, 2217 {Type: "void*", Name: "value"}, 2218 {Type: "size_t", Name: "size"}, 2219 }, 2220 }, 2221 events.Fgetxattr: { 2222 ID: events.Fgetxattr, 2223 id32Bit: events.Sys32fgetxattr, 2224 name: "fgetxattr", 2225 syscall: true, 2226 sets: []string{"syscalls", "fs", "fs_file_attr"}, 2227 params: []argMeta{ 2228 {Type: "int", Name: "fd"}, 2229 {Type: "const char*", Name: "name"}, 2230 {Type: "void*", Name: "value"}, 2231 {Type: "size_t", Name: "size"}, 2232 }, 2233 }, 2234 events.Listxattr: { 2235 ID: events.Listxattr, 2236 id32Bit: events.Sys32listxattr, 2237 name: "listxattr", 2238 syscall: true, 2239 sets: []string{"syscalls", "fs", "fs_file_attr"}, 2240 params: []argMeta{ 2241 {Type: "const char*", Name: "path"}, 2242 {Type: "char*", Name: "list"}, 2243 {Type: "size_t", Name: "size"}, 2244 }, 2245 }, 2246 events.Llistxattr: { 2247 ID: events.Llistxattr, 2248 id32Bit: events.Sys32llistxattr, 2249 name: "llistxattr", 2250 syscall: true, 2251 sets: []string{"syscalls", "fs", "fs_file_attr"}, 2252 params: []argMeta{ 2253 {Type: "const char*", Name: "path"}, 2254 {Type: "char*", Name: "list"}, 2255 {Type: "size_t", Name: "size"}, 2256 }, 2257 }, 2258 events.Flistxattr: { 2259 ID: events.Flistxattr, 2260 id32Bit: events.Sys32flistxattr, 2261 name: "flistxattr", 2262 syscall: true, 2263 sets: []string{"syscalls", "fs", "fs_file_attr"}, 2264 params: []argMeta{ 2265 {Type: "int", Name: "fd"}, 2266 {Type: "char*", Name: "list"}, 2267 {Type: "size_t", Name: "size"}, 2268 }, 2269 }, 2270 events.Removexattr: { 2271 ID: events.Removexattr, 2272 id32Bit: events.Sys32removexattr, 2273 name: "removexattr", 2274 syscall: true, 2275 sets: []string{"syscalls", "fs", "fs_file_attr"}, 2276 params: []argMeta{ 2277 {Type: "const char*", Name: "path"}, 2278 {Type: "const char*", Name: "name"}, 2279 }, 2280 }, 2281 events.Lremovexattr: { 2282 ID: events.Lremovexattr, 2283 id32Bit: events.Sys32lremovexattr, 2284 name: "lremovexattr", 2285 syscall: true, 2286 sets: []string{"syscalls", "fs", "fs_file_attr"}, 2287 params: []argMeta{ 2288 {Type: "const char*", Name: "path"}, 2289 {Type: "const char*", Name: "name"}, 2290 }, 2291 }, 2292 events.Fremovexattr: { 2293 ID: events.Fremovexattr, 2294 id32Bit: events.Sys32fremovexattr, 2295 name: "fremovexattr", 2296 syscall: true, 2297 sets: []string{"syscalls", "fs", "fs_file_attr"}, 2298 params: []argMeta{ 2299 {Type: "int", Name: "fd"}, 2300 {Type: "const char*", Name: "name"}, 2301 }, 2302 }, 2303 events.Tkill: { 2304 ID: events.Tkill, 2305 id32Bit: events.Sys32tkill, 2306 name: "tkill", 2307 syscall: true, 2308 sets: []string{"syscalls", "signals"}, 2309 params: []argMeta{ 2310 {Type: "int", Name: "tid"}, 2311 {Type: "int", Name: "sig"}, 2312 }, 2313 }, 2314 events.Time: { 2315 ID: events.Time, 2316 id32Bit: events.Sys32time, 2317 name: "time", 2318 syscall: true, 2319 sets: []string{"syscalls", "time", "time_tod"}, 2320 params: []argMeta{ 2321 {Type: "time_t*", Name: "tloc"}, 2322 }, 2323 }, 2324 events.Futex: { 2325 ID: events.Futex, 2326 id32Bit: events.Sys32futex_time64, 2327 name: "futex", 2328 syscall: true, 2329 sets: []string{"syscalls", "ipc", "ipc_futex"}, 2330 params: []argMeta{ 2331 {Type: "int*", Name: "uaddr"}, 2332 {Type: "int", Name: "futex_op"}, 2333 {Type: "int", Name: "val"}, 2334 {Type: "const struct timespec*", Name: "timeout"}, 2335 {Type: "int*", Name: "uaddr2"}, 2336 {Type: "int", Name: "val3"}, 2337 }, 2338 }, 2339 events.SchedSetaffinity: { 2340 ID: events.SchedSetaffinity, 2341 id32Bit: events.Sys32sched_setaffinity, 2342 name: "sched_setaffinity", 2343 syscall: true, 2344 sets: []string{"syscalls", "proc", "proc_sched"}, 2345 params: []argMeta{ 2346 {Type: "pid_t", Name: "pid"}, 2347 {Type: "size_t", Name: "cpusetsize"}, 2348 {Type: "unsigned long*", Name: "mask"}, 2349 }, 2350 }, 2351 events.SchedGetaffinity: { 2352 ID: events.SchedGetaffinity, 2353 id32Bit: events.Sys32sched_getaffinity, 2354 name: "sched_getaffinity", 2355 syscall: true, 2356 sets: []string{"syscalls", "proc", "proc_sched"}, 2357 params: []argMeta{ 2358 {Type: "pid_t", Name: "pid"}, 2359 {Type: "size_t", Name: "cpusetsize"}, 2360 {Type: "unsigned long*", Name: "mask"}, 2361 }, 2362 }, 2363 events.SetThreadArea: { 2364 ID: events.SetThreadArea, 2365 id32Bit: events.Sys32set_thread_area, 2366 name: "set_thread_area", 2367 syscall: true, 2368 sets: []string{"syscalls", "proc"}, 2369 params: []argMeta{ 2370 {Type: "struct user_desc*", Name: "u_info"}, 2371 }, 2372 }, 2373 events.IoSetup: { 2374 ID: events.IoSetup, 2375 id32Bit: events.Sys32io_setup, 2376 name: "io_setup", 2377 syscall: true, 2378 sets: []string{"syscalls", "fs", "fs_async_io"}, 2379 params: []argMeta{ 2380 {Type: "unsigned int", Name: "nr_events"}, 2381 {Type: "io_context_t*", Name: "ctx_idp"}, 2382 }, 2383 }, 2384 events.IoDestroy: { 2385 ID: events.IoDestroy, 2386 id32Bit: events.Sys32io_destroy, 2387 name: "io_destroy", 2388 syscall: true, 2389 sets: []string{"syscalls", "fs", "fs_async_io"}, 2390 params: []argMeta{ 2391 {Type: "io_context_t", Name: "ctx_id"}, 2392 }, 2393 }, 2394 events.IoGetevents: { 2395 ID: events.IoGetevents, 2396 id32Bit: events.Sys32io_getevents, 2397 name: "io_getevents", 2398 syscall: true, 2399 sets: []string{"syscalls", "fs", "fs_async_io"}, 2400 params: []argMeta{ 2401 {Type: "io_context_t", Name: "ctx_id"}, 2402 {Type: "long", Name: "min_nr"}, 2403 {Type: "long", Name: "nr"}, 2404 {Type: "struct io_event*", Name: "events"}, 2405 {Type: "struct timespec*", Name: "timeout"}, 2406 }, 2407 }, 2408 events.IoSubmit: { 2409 ID: events.IoSubmit, 2410 id32Bit: events.Sys32io_submit, 2411 name: "io_submit", 2412 syscall: true, 2413 sets: []string{"syscalls", "fs", "fs_async_io"}, 2414 params: []argMeta{ 2415 {Type: "io_context_t", Name: "ctx_id"}, 2416 {Type: "long", Name: "nr"}, 2417 {Type: "struct iocb**", Name: "iocbpp"}, 2418 }, 2419 }, 2420 events.IoCancel: { 2421 ID: events.IoCancel, 2422 id32Bit: events.Sys32io_cancel, 2423 name: "io_cancel", 2424 syscall: true, 2425 sets: []string{"syscalls", "fs", "fs_async_io"}, 2426 params: []argMeta{ 2427 {Type: "io_context_t", Name: "ctx_id"}, 2428 {Type: "struct iocb*", Name: "iocb"}, 2429 {Type: "struct io_event*", Name: "result"}, 2430 }, 2431 }, 2432 events.GetThreadArea: { 2433 ID: events.GetThreadArea, 2434 id32Bit: events.Sys32get_thread_area, 2435 name: "get_thread_area", 2436 syscall: true, 2437 sets: []string{"syscalls", "proc"}, 2438 params: []argMeta{ 2439 {Type: "struct user_desc*", Name: "u_info"}, 2440 }, 2441 }, 2442 events.LookupDcookie: { 2443 ID: events.LookupDcookie, 2444 id32Bit: events.Sys32lookup_dcookie, 2445 name: "lookup_dcookie", 2446 syscall: true, 2447 sets: []string{"syscalls", "fs", "fs_dir_ops"}, 2448 params: []argMeta{ 2449 {Type: "u64", Name: "cookie"}, 2450 {Type: "char*", Name: "buffer"}, 2451 {Type: "size_t", Name: "len"}, 2452 }, 2453 }, 2454 events.EpollCreate: { 2455 ID: events.EpollCreate, 2456 id32Bit: events.Sys32epoll_create, 2457 name: "epoll_create", 2458 syscall: true, 2459 sets: []string{"syscalls", "fs", "fs_mux_io"}, 2460 params: []argMeta{ 2461 {Type: "int", Name: "size"}, 2462 }, 2463 }, 2464 events.EpollCtlOld: { 2465 ID: events.EpollCtlOld, 2466 id32Bit: events.Sys32Undefined, 2467 name: "epoll_ctl_old", 2468 syscall: true, 2469 sets: []string{"syscalls", "fs", "fs_mux_io"}, 2470 params: []argMeta{}, 2471 }, 2472 events.EpollWaitOld: { 2473 ID: events.EpollWaitOld, 2474 id32Bit: events.Sys32Undefined, 2475 name: "epoll_wait_old", 2476 syscall: true, 2477 sets: []string{"syscalls", "fs", "fs_mux_io"}, 2478 params: []argMeta{}, 2479 }, 2480 events.RemapFilePages: { 2481 ID: events.RemapFilePages, 2482 id32Bit: events.Sys32remap_file_pages, 2483 name: "remap_file_pages", 2484 syscall: true, 2485 sets: []string{"syscalls"}, 2486 params: []argMeta{ 2487 {Type: "void*", Name: "addr"}, 2488 {Type: "size_t", Name: "size"}, 2489 {Type: "int", Name: "prot"}, 2490 {Type: "size_t", Name: "pgoff"}, 2491 {Type: "int", Name: "flags"}, 2492 }, 2493 }, 2494 events.Getdents64: { 2495 ID: events.Getdents64, 2496 id32Bit: events.Sys32getdents64, 2497 name: "getdents64", 2498 syscall: true, 2499 sets: []string{"syscalls", "fs", "fs_dir_ops"}, 2500 params: []argMeta{ 2501 {Type: "unsigned int", Name: "fd"}, 2502 {Type: "struct linux_dirent64*", Name: "dirp"}, 2503 {Type: "unsigned int", Name: "count"}, 2504 }, 2505 }, 2506 events.SetTidAddress: { 2507 ID: events.SetTidAddress, 2508 id32Bit: events.Sys32set_tid_address, 2509 name: "set_tid_address", 2510 syscall: true, 2511 sets: []string{"syscalls", "proc"}, 2512 params: []argMeta{ 2513 {Type: "int*", Name: "tidptr"}, 2514 }, 2515 }, 2516 events.RestartSyscall: { 2517 ID: events.RestartSyscall, 2518 id32Bit: events.Sys32restart_syscall, 2519 name: "restart_syscall", 2520 syscall: true, 2521 sets: []string{"syscalls", "signals"}, 2522 params: []argMeta{}, 2523 }, 2524 events.Semtimedop: { 2525 ID: events.Semtimedop, 2526 id32Bit: events.Sys32semtimedop_time64, 2527 name: "semtimedop", 2528 syscall: true, 2529 sets: []string{"syscalls", "ipc", "ipc_sem"}, 2530 params: []argMeta{ 2531 {Type: "int", Name: "semid"}, 2532 {Type: "struct sembuf*", Name: "sops"}, 2533 {Type: "size_t", Name: "nsops"}, 2534 {Type: "const struct timespec*", Name: "timeout"}, 2535 }, 2536 }, 2537 events.Fadvise64: { 2538 ID: events.Fadvise64, 2539 id32Bit: events.Sys32fadvise64, 2540 name: "fadvise64", 2541 syscall: true, 2542 sets: []string{"syscalls", "fs"}, 2543 params: []argMeta{ 2544 {Type: "int", Name: "fd"}, 2545 {Type: "off_t", Name: "offset"}, 2546 {Type: "size_t", Name: "len"}, 2547 {Type: "int", Name: "advice"}, 2548 }, 2549 }, 2550 events.TimerCreate: { 2551 ID: events.TimerCreate, 2552 id32Bit: events.Sys32timer_create, 2553 name: "timer_create", 2554 syscall: true, 2555 sets: []string{"syscalls", "time", "time_timer"}, 2556 params: []argMeta{ 2557 {Type: "const clockid_t", Name: "clockid"}, 2558 {Type: "struct sigevent*", Name: "sevp"}, 2559 {Type: "timer_t*", Name: "timer_id"}, 2560 }, 2561 }, 2562 events.TimerSettime: { 2563 ID: events.TimerSettime, 2564 id32Bit: events.Sys32timer_settime64, 2565 name: "timer_settime", 2566 syscall: true, 2567 sets: []string{"syscalls", "time", "time_timer"}, 2568 params: []argMeta{ 2569 {Type: "timer_t", Name: "timer_id"}, 2570 {Type: "int", Name: "flags"}, 2571 {Type: "const struct itimerspec*", Name: "new_value"}, 2572 {Type: "struct itimerspec*", Name: "old_value"}, 2573 }, 2574 }, 2575 events.TimerGettime: { 2576 ID: events.TimerGettime, 2577 id32Bit: events.Sys32timer_gettime64, 2578 name: "timer_gettime", 2579 syscall: true, 2580 sets: []string{"syscalls", "time", "time_timer"}, 2581 params: []argMeta{ 2582 {Type: "timer_t", Name: "timer_id"}, 2583 {Type: "struct itimerspec*", Name: "curr_value"}, 2584 }, 2585 }, 2586 events.TimerGetoverrun: { 2587 ID: events.TimerGetoverrun, 2588 id32Bit: events.Sys32timer_getoverrun, 2589 name: "timer_getoverrun", 2590 syscall: true, 2591 sets: []string{"syscalls", "time", "time_timer"}, 2592 params: []argMeta{ 2593 {Type: "timer_t", Name: "timer_id"}, 2594 }, 2595 }, 2596 events.TimerDelete: { 2597 ID: events.TimerDelete, 2598 id32Bit: events.Sys32timer_delete, 2599 name: "timer_delete", 2600 syscall: true, 2601 sets: []string{"syscalls", "time", "time_timer"}, 2602 params: []argMeta{ 2603 {Type: "timer_t", Name: "timer_id"}, 2604 }, 2605 }, 2606 events.ClockSettime: { 2607 ID: events.ClockSettime, 2608 id32Bit: events.Sys32clock_settime64, 2609 name: "clock_settime", 2610 syscall: true, 2611 sets: []string{"syscalls", "time", "time_clock"}, 2612 params: []argMeta{ 2613 {Type: "const clockid_t", Name: "clockid"}, 2614 {Type: "const struct timespec*", Name: "tp"}, 2615 }, 2616 }, 2617 events.ClockGettime: { 2618 ID: events.ClockGettime, 2619 id32Bit: events.Sys32clock_gettime64, 2620 name: "clock_gettime", 2621 syscall: true, 2622 sets: []string{"syscalls", "time", "time_clock"}, 2623 params: []argMeta{ 2624 {Type: "const clockid_t", Name: "clockid"}, 2625 {Type: "struct timespec*", Name: "tp"}, 2626 }, 2627 }, 2628 events.ClockGetres: { 2629 ID: events.ClockGetres, 2630 id32Bit: events.Sys32clock_getres_time64, 2631 name: "clock_getres", 2632 syscall: true, 2633 sets: []string{"syscalls", "time", "time_clock"}, 2634 params: []argMeta{ 2635 {Type: "const clockid_t", Name: "clockid"}, 2636 {Type: "struct timespec*", Name: "res"}, 2637 }, 2638 }, 2639 events.ClockNanosleep: { 2640 ID: events.ClockNanosleep, 2641 id32Bit: events.Sys32clock_nanosleep_time64, 2642 name: "clock_nanosleep", 2643 syscall: true, 2644 sets: []string{"syscalls", "time", "time_clock"}, 2645 params: []argMeta{ 2646 {Type: "const clockid_t", Name: "clockid"}, 2647 {Type: "int", Name: "flags"}, 2648 {Type: "const struct timespec*", Name: "request"}, 2649 {Type: "struct timespec*", Name: "remain"}, 2650 }, 2651 }, 2652 events.ExitGroup: { 2653 ID: events.ExitGroup, 2654 id32Bit: events.Sys32exit_group, 2655 name: "exit_group", 2656 syscall: true, 2657 sets: []string{"syscalls", "proc", "proc_life"}, 2658 params: []argMeta{ 2659 {Type: "int", Name: "status"}, 2660 }, 2661 }, 2662 events.EpollWait: { 2663 ID: events.EpollWait, 2664 id32Bit: events.Sys32epoll_wait, 2665 name: "epoll_wait", 2666 syscall: true, 2667 sets: []string{"syscalls", "fs", "fs_mux_io"}, 2668 params: []argMeta{ 2669 {Type: "int", Name: "epfd"}, 2670 {Type: "struct epoll_event*", Name: "events"}, 2671 {Type: "int", Name: "maxevents"}, 2672 {Type: "int", Name: "timeout"}, 2673 }, 2674 }, 2675 events.EpollCtl: { 2676 ID: events.EpollCtl, 2677 id32Bit: events.Sys32epoll_ctl, 2678 name: "epoll_ctl", 2679 syscall: true, 2680 sets: []string{"syscalls", "fs", "fs_mux_io"}, 2681 params: []argMeta{ 2682 {Type: "int", Name: "epfd"}, 2683 {Type: "int", Name: "op"}, 2684 {Type: "int", Name: "fd"}, 2685 {Type: "struct epoll_event*", Name: "event"}, 2686 }, 2687 }, 2688 events.Tgkill: { 2689 ID: events.Tgkill, 2690 id32Bit: events.Sys32tgkill, 2691 name: "tgkill", 2692 syscall: true, 2693 sets: []string{"syscalls", "signals"}, 2694 params: []argMeta{ 2695 {Type: "int", Name: "tgid"}, 2696 {Type: "int", Name: "tid"}, 2697 {Type: "int", Name: "sig"}, 2698 }, 2699 }, 2700 events.Utimes: { 2701 ID: events.Utimes, 2702 id32Bit: events.Sys32utimes, 2703 name: "utimes", 2704 syscall: true, 2705 sets: []string{"syscalls", "fs", "fs_file_attr"}, 2706 params: []argMeta{ 2707 {Type: "char*", Name: "filename"}, 2708 {Type: "struct timeval*", Name: "times"}, 2709 }, 2710 }, 2711 events.Vserver: { 2712 ID: events.Vserver, 2713 id32Bit: events.Sys32vserver, 2714 name: "vserver", 2715 syscall: true, 2716 sets: []string{"syscalls"}, 2717 params: []argMeta{}, 2718 }, 2719 events.Mbind: { 2720 ID: events.Mbind, 2721 id32Bit: events.Sys32mbind, 2722 name: "mbind", 2723 syscall: true, 2724 sets: []string{"syscalls", "system", "system_numa"}, 2725 params: []argMeta{ 2726 {Type: "void*", Name: "addr"}, 2727 {Type: "unsigned long", Name: "len"}, 2728 {Type: "int", Name: "mode"}, 2729 {Type: "const unsigned long*", Name: "nodemask"}, 2730 {Type: "unsigned long", Name: "maxnode"}, 2731 {Type: "unsigned int", Name: "flags"}, 2732 }, 2733 }, 2734 events.SetMempolicy: { 2735 ID: events.SetMempolicy, 2736 id32Bit: events.Sys32set_mempolicy, 2737 name: "set_mempolicy", 2738 syscall: true, 2739 sets: []string{"syscalls", "system", "system_numa"}, 2740 params: []argMeta{ 2741 {Type: "int", Name: "mode"}, 2742 {Type: "const unsigned long*", Name: "nodemask"}, 2743 {Type: "unsigned long", Name: "maxnode"}, 2744 }, 2745 }, 2746 events.GetMempolicy: { 2747 ID: events.GetMempolicy, 2748 id32Bit: events.Sys32get_mempolicy, 2749 name: "get_mempolicy", 2750 syscall: true, 2751 sets: []string{"syscalls", "system", "system_numa"}, 2752 params: []argMeta{ 2753 {Type: "int*", Name: "mode"}, 2754 {Type: "unsigned long*", Name: "nodemask"}, 2755 {Type: "unsigned long", Name: "maxnode"}, 2756 {Type: "void*", Name: "addr"}, 2757 {Type: "unsigned long", Name: "flags"}, 2758 }, 2759 }, 2760 events.MqOpen: { 2761 ID: events.MqOpen, 2762 id32Bit: events.Sys32mq_open, 2763 name: "mq_open", 2764 syscall: true, 2765 sets: []string{"syscalls", "ipc", "ipc_msgq"}, 2766 params: []argMeta{ 2767 {Type: "const char*", Name: "name"}, 2768 {Type: "int", Name: "oflag"}, 2769 {Type: "mode_t", Name: "mode"}, 2770 {Type: "struct mq_attr*", Name: "attr"}, 2771 }, 2772 }, 2773 events.MqUnlink: { 2774 ID: events.MqUnlink, 2775 id32Bit: events.Sys32mq_unlink, 2776 name: "mq_unlink", 2777 syscall: true, 2778 sets: []string{"syscalls", "ipc", "ipc_msgq"}, 2779 params: []argMeta{ 2780 {Type: "const char*", Name: "name"}, 2781 }, 2782 }, 2783 events.MqTimedsend: { 2784 ID: events.MqTimedsend, 2785 id32Bit: events.Sys32mq_timedsend_time64, 2786 name: "mq_timedsend", 2787 syscall: true, 2788 sets: []string{"syscalls", "ipc", "ipc_msgq"}, 2789 params: []argMeta{ 2790 {Type: "mqd_t", Name: "mqdes"}, 2791 {Type: "const char*", Name: "msg_ptr"}, 2792 {Type: "size_t", Name: "msg_len"}, 2793 {Type: "unsigned int", Name: "msg_prio"}, 2794 {Type: "const struct timespec*", Name: "abs_timeout"}, 2795 }, 2796 }, 2797 events.MqTimedreceive: { 2798 ID: events.MqTimedreceive, 2799 id32Bit: events.Sys32mq_timedreceive_time64, 2800 name: "mq_timedreceive", 2801 syscall: true, 2802 sets: []string{"syscalls", "ipc", "ipc_msgq"}, 2803 params: []argMeta{ 2804 {Type: "mqd_t", Name: "mqdes"}, 2805 {Type: "char*", Name: "msg_ptr"}, 2806 {Type: "size_t", Name: "msg_len"}, 2807 {Type: "unsigned int*", Name: "msg_prio"}, 2808 {Type: "const struct timespec*", Name: "abs_timeout"}, 2809 }, 2810 }, 2811 events.MqNotify: { 2812 ID: events.MqNotify, 2813 id32Bit: events.Sys32mq_notify, 2814 name: "mq_notify", 2815 syscall: true, 2816 sets: []string{"syscalls", "ipc", "ipc_msgq"}, 2817 params: []argMeta{ 2818 {Type: "mqd_t", Name: "mqdes"}, 2819 {Type: "const struct sigevent*", Name: "sevp"}, 2820 }, 2821 }, 2822 events.MqGetsetattr: { 2823 ID: events.MqGetsetattr, 2824 id32Bit: events.Sys32mq_getsetattr, 2825 name: "mq_getsetattr", 2826 syscall: true, 2827 sets: []string{"syscalls", "ipc", "ipc_msgq"}, 2828 params: []argMeta{ 2829 {Type: "mqd_t", Name: "mqdes"}, 2830 {Type: "const struct mq_attr*", Name: "newattr"}, 2831 {Type: "struct mq_attr*", Name: "oldattr"}, 2832 }, 2833 }, 2834 events.KexecLoad: { 2835 ID: events.KexecLoad, 2836 id32Bit: events.Sys32kexec_load, 2837 name: "kexec_load", 2838 syscall: true, 2839 sets: []string{"syscalls", "system"}, 2840 params: []argMeta{ 2841 {Type: "unsigned long", Name: "entry"}, 2842 {Type: "unsigned long", Name: "nr_segments"}, 2843 {Type: "struct kexec_segment*", Name: "segments"}, 2844 {Type: "unsigned long", Name: "flags"}, 2845 }, 2846 }, 2847 events.Waitid: { 2848 ID: events.Waitid, 2849 id32Bit: events.Sys32waitid, 2850 name: "waitid", 2851 syscall: true, 2852 sets: []string{"syscalls", "proc", "proc_life"}, 2853 params: []argMeta{ 2854 {Type: "int", Name: "idtype"}, 2855 {Type: "pid_t", Name: "id"}, 2856 {Type: "struct siginfo*", Name: "infop"}, 2857 {Type: "int", Name: "options"}, 2858 {Type: "struct rusage*", Name: "rusage"}, 2859 }, 2860 }, 2861 events.AddKey: { 2862 ID: events.AddKey, 2863 id32Bit: events.Sys32add_key, 2864 name: "add_key", 2865 syscall: true, 2866 sets: []string{"syscalls", "system", "system_keys"}, 2867 params: []argMeta{ 2868 {Type: "const char*", Name: "type"}, 2869 {Type: "const char*", Name: "description"}, 2870 {Type: "const void*", Name: "payload"}, 2871 {Type: "size_t", Name: "plen"}, 2872 {Type: "key_serial_t", Name: "keyring"}, 2873 }, 2874 }, 2875 events.RequestKey: { 2876 ID: events.RequestKey, 2877 id32Bit: events.Sys32request_key, 2878 name: "request_key", 2879 syscall: true, 2880 sets: []string{"syscalls", "system", "system_keys"}, 2881 params: []argMeta{ 2882 {Type: "const char*", Name: "type"}, 2883 {Type: "const char*", Name: "description"}, 2884 {Type: "const char*", Name: "callout_info"}, 2885 {Type: "key_serial_t", Name: "dest_keyring"}, 2886 }, 2887 }, 2888 events.Keyctl: { 2889 ID: events.Keyctl, 2890 id32Bit: events.Sys32keyctl, 2891 name: "keyctl", 2892 syscall: true, 2893 sets: []string{"syscalls", "system", "system_keys"}, 2894 params: []argMeta{ 2895 {Type: "int", Name: "operation"}, 2896 {Type: "unsigned long", Name: "arg2"}, 2897 {Type: "unsigned long", Name: "arg3"}, 2898 {Type: "unsigned long", Name: "arg4"}, 2899 {Type: "unsigned long", Name: "arg5"}, 2900 }, 2901 }, 2902 events.IoprioSet: { 2903 ID: events.IoprioSet, 2904 id32Bit: events.Sys32ioprio_set, 2905 name: "ioprio_set", 2906 syscall: true, 2907 sets: []string{"syscalls", "proc", "proc_sched"}, 2908 params: []argMeta{ 2909 {Type: "int", Name: "which"}, 2910 {Type: "int", Name: "who"}, 2911 {Type: "int", Name: "ioprio"}, 2912 }, 2913 }, 2914 events.IoprioGet: { 2915 ID: events.IoprioGet, 2916 id32Bit: events.Sys32ioprio_get, 2917 name: "ioprio_get", 2918 syscall: true, 2919 sets: []string{"syscalls", "proc", "proc_sched"}, 2920 params: []argMeta{ 2921 {Type: "int", Name: "which"}, 2922 {Type: "int", Name: "who"}, 2923 }, 2924 }, 2925 events.InotifyInit: { 2926 ID: events.InotifyInit, 2927 id32Bit: events.Sys32inotify_init, 2928 name: "inotify_init", 2929 syscall: true, 2930 sets: []string{"syscalls", "fs", "fs_monitor"}, 2931 params: []argMeta{}, 2932 }, 2933 events.InotifyAddWatch: { 2934 ID: events.InotifyAddWatch, 2935 id32Bit: events.Sys32inotify_add_watch, 2936 name: "inotify_add_watch", 2937 syscall: true, 2938 sets: []string{"syscalls", "fs", "fs_monitor"}, 2939 params: []argMeta{ 2940 {Type: "int", Name: "fd"}, 2941 {Type: "const char*", Name: "pathname"}, 2942 {Type: "u32", Name: "mask"}, 2943 }, 2944 }, 2945 events.InotifyRmWatch: { 2946 ID: events.InotifyRmWatch, 2947 id32Bit: events.Sys32inotify_rm_watch, 2948 name: "inotify_rm_watch", 2949 syscall: true, 2950 sets: []string{"syscalls", "fs", "fs_monitor"}, 2951 params: []argMeta{ 2952 {Type: "int", Name: "fd"}, 2953 {Type: "int", Name: "wd"}, 2954 }, 2955 }, 2956 events.MigratePages: { 2957 ID: events.MigratePages, 2958 id32Bit: events.Sys32migrate_pages, 2959 name: "migrate_pages", 2960 syscall: true, 2961 sets: []string{"syscalls", "system", "system_numa"}, 2962 params: []argMeta{ 2963 {Type: "int", Name: "pid"}, 2964 {Type: "unsigned long", Name: "maxnode"}, 2965 {Type: "const unsigned long*", Name: "old_nodes"}, 2966 {Type: "const unsigned long*", Name: "new_nodes"}, 2967 }, 2968 }, 2969 events.Openat: { 2970 ID: events.Openat, 2971 id32Bit: events.Sys32openat, 2972 name: "openat", 2973 syscall: true, 2974 sets: []string{"syscalls", "fs", "fs_file_ops"}, 2975 params: []argMeta{ 2976 {Type: "int", Name: "dirfd"}, 2977 {Type: "const char*", Name: "pathname"}, 2978 {Type: "int", Name: "flags"}, 2979 {Type: "mode_t", Name: "mode"}, 2980 }, 2981 }, 2982 events.Mkdirat: { 2983 ID: events.Mkdirat, 2984 id32Bit: events.Sys32mkdirat, 2985 name: "mkdirat", 2986 syscall: true, 2987 sets: []string{"syscalls", "fs", "fs_dir_ops"}, 2988 params: []argMeta{ 2989 {Type: "int", Name: "dirfd"}, 2990 {Type: "const char*", Name: "pathname"}, 2991 {Type: "mode_t", Name: "mode"}, 2992 }, 2993 }, 2994 events.Mknodat: { 2995 ID: events.Mknodat, 2996 id32Bit: events.Sys32mknodat, 2997 name: "mknodat", 2998 syscall: true, 2999 sets: []string{"syscalls", "fs", "fs_file_ops"}, 3000 params: []argMeta{ 3001 {Type: "int", Name: "dirfd"}, 3002 {Type: "const char*", Name: "pathname"}, 3003 {Type: "mode_t", Name: "mode"}, 3004 {Type: "dev_t", Name: "dev"}, 3005 }, 3006 }, 3007 events.Fchownat: { 3008 ID: events.Fchownat, 3009 id32Bit: events.Sys32fchownat, 3010 name: "fchownat", 3011 syscall: true, 3012 sets: []string{"default", "syscalls", "fs", "fs_file_attr"}, 3013 params: []argMeta{ 3014 {Type: "int", Name: "dirfd"}, 3015 {Type: "const char*", Name: "pathname"}, 3016 {Type: "uid_t", Name: "owner"}, 3017 {Type: "gid_t", Name: "group"}, 3018 {Type: "int", Name: "flags"}, 3019 }, 3020 }, 3021 events.Futimesat: { 3022 ID: events.Futimesat, 3023 id32Bit: events.Sys32futimesat, 3024 name: "futimesat", 3025 syscall: true, 3026 sets: []string{"syscalls", "fs", "fs_file_attr"}, 3027 params: []argMeta{ 3028 {Type: "int", Name: "dirfd"}, 3029 {Type: "const char*", Name: "pathname"}, 3030 {Type: "struct timeval*", Name: "times"}, 3031 }, 3032 }, 3033 events.Newfstatat: { 3034 ID: events.Newfstatat, 3035 id32Bit: events.Sys32fstatat64, 3036 name: "newfstatat", 3037 syscall: true, 3038 sets: []string{"syscalls", "fs", "fs_file_attr"}, 3039 params: []argMeta{ 3040 {Type: "int", Name: "dirfd"}, 3041 {Type: "const char*", Name: "pathname"}, 3042 {Type: "struct stat*", Name: "statbuf"}, 3043 {Type: "int", Name: "flags"}, 3044 }, 3045 }, 3046 events.Unlinkat: { 3047 ID: events.Unlinkat, 3048 id32Bit: events.Sys32unlinkat, 3049 name: "unlinkat", 3050 syscall: true, 3051 sets: []string{"syscalls", "fs", "fs_link_ops"}, 3052 params: []argMeta{ 3053 {Type: "int", Name: "dirfd"}, 3054 {Type: "const char*", Name: "pathname"}, 3055 {Type: "int", Name: "flags"}, 3056 }, 3057 }, 3058 events.Renameat: { 3059 ID: events.Renameat, 3060 id32Bit: events.Sys32renameat, 3061 name: "renameat", 3062 syscall: true, 3063 sets: []string{"syscalls", "fs", "fs_file_ops"}, 3064 params: []argMeta{ 3065 {Type: "int", Name: "olddirfd"}, 3066 {Type: "const char*", Name: "oldpath"}, 3067 {Type: "int", Name: "newdirfd"}, 3068 {Type: "const char*", Name: "newpath"}, 3069 }, 3070 }, 3071 events.Linkat: { 3072 ID: events.Linkat, 3073 id32Bit: events.Sys32linkat, 3074 name: "linkat", 3075 syscall: true, 3076 sets: []string{"syscalls", "fs", "fs_link_ops"}, 3077 params: []argMeta{ 3078 {Type: "int", Name: "olddirfd"}, 3079 {Type: "const char*", Name: "oldpath"}, 3080 {Type: "int", Name: "newdirfd"}, 3081 {Type: "const char*", Name: "newpath"}, 3082 {Type: "unsigned int", Name: "flags"}, 3083 }, 3084 }, 3085 events.Symlinkat: { 3086 ID: events.Symlinkat, 3087 id32Bit: events.Sys32symlinkat, 3088 name: "symlinkat", 3089 syscall: true, 3090 sets: []string{"syscalls", "fs", "fs_link_ops"}, 3091 params: []argMeta{ 3092 {Type: "const char*", Name: "target"}, 3093 {Type: "int", Name: "newdirfd"}, 3094 {Type: "const char*", Name: "linkpath"}, 3095 }, 3096 }, 3097 events.Readlinkat: { 3098 ID: events.Readlinkat, 3099 id32Bit: events.Sys32readlinkat, 3100 name: "readlinkat", 3101 syscall: true, 3102 sets: []string{"syscalls", "fs", "fs_link_ops"}, 3103 params: []argMeta{ 3104 {Type: "int", Name: "dirfd"}, 3105 {Type: "const char*", Name: "pathname"}, 3106 {Type: "char*", Name: "buf"}, 3107 {Type: "int", Name: "bufsiz"}, 3108 }, 3109 }, 3110 events.Fchmodat: { 3111 ID: events.Fchmodat, 3112 id32Bit: events.Sys32fchmodat, 3113 name: "fchmodat", 3114 syscall: true, 3115 sets: []string{"default", "syscalls", "fs", "fs_file_attr"}, 3116 params: []argMeta{ 3117 {Type: "int", Name: "dirfd"}, 3118 {Type: "const char*", Name: "pathname"}, 3119 {Type: "mode_t", Name: "mode"}, 3120 {Type: "int", Name: "flags"}, 3121 }, 3122 }, 3123 events.Faccessat: { 3124 ID: events.Faccessat, 3125 id32Bit: events.Sys32faccessat, 3126 name: "faccessat", 3127 syscall: true, 3128 sets: []string{"syscalls", "fs", "fs_file_attr"}, 3129 params: []argMeta{ 3130 {Type: "int", Name: "dirfd"}, 3131 {Type: "const char*", Name: "pathname"}, 3132 {Type: "int", Name: "mode"}, 3133 {Type: "int", Name: "flags"}, 3134 }, 3135 }, 3136 events.Pselect6: { 3137 ID: events.Pselect6, 3138 id32Bit: events.Sys32pselect6_time64, 3139 name: "pselect6", 3140 syscall: true, 3141 sets: []string{"syscalls", "fs", "fs_mux_io"}, 3142 params: []argMeta{ 3143 {Type: "int", Name: "nfds"}, 3144 {Type: "fd_set*", Name: "readfds"}, 3145 {Type: "fd_set*", Name: "writefds"}, 3146 {Type: "fd_set*", Name: "exceptfds"}, 3147 {Type: "struct timespec*", Name: "timeout"}, 3148 {Type: "void*", Name: "sigmask"}, 3149 }, 3150 }, 3151 events.Ppoll: { 3152 ID: events.Ppoll, 3153 id32Bit: events.Sys32ppoll_time64, 3154 name: "ppoll", 3155 syscall: true, 3156 sets: []string{"syscalls", "fs", "fs_mux_io"}, 3157 params: []argMeta{ 3158 {Type: "struct pollfd*", Name: "fds"}, 3159 {Type: "unsigned int", Name: "nfds"}, 3160 {Type: "struct timespec*", Name: "tmo_p"}, 3161 {Type: "const sigset_t*", Name: "sigmask"}, 3162 {Type: "size_t", Name: "sigsetsize"}, 3163 }, 3164 }, 3165 events.Unshare: { 3166 ID: events.Unshare, 3167 id32Bit: events.Sys32unshare, 3168 name: "unshare", 3169 syscall: true, 3170 sets: []string{"syscalls", "proc"}, 3171 params: []argMeta{ 3172 {Type: "int", Name: "flags"}, 3173 }, 3174 }, 3175 events.SetRobustList: { 3176 ID: events.SetRobustList, 3177 id32Bit: events.Sys32set_robust_list, 3178 name: "set_robust_list", 3179 syscall: true, 3180 sets: []string{"syscalls", "ipc", "ipc_futex"}, 3181 params: []argMeta{ 3182 {Type: "struct robust_list_head*", Name: "head"}, 3183 {Type: "size_t", Name: "len"}, 3184 }, 3185 }, 3186 events.GetRobustList: { 3187 ID: events.GetRobustList, 3188 id32Bit: events.Sys32get_robust_list, 3189 name: "get_robust_list", 3190 syscall: true, 3191 sets: []string{"syscalls", "ipc", "ipc_futex"}, 3192 params: []argMeta{ 3193 {Type: "int", Name: "pid"}, 3194 {Type: "struct robust_list_head**", Name: "head_ptr"}, 3195 {Type: "size_t*", Name: "len_ptr"}, 3196 }, 3197 }, 3198 events.Splice: { 3199 ID: events.Splice, 3200 id32Bit: events.Sys32splice, 3201 name: "splice", 3202 syscall: true, 3203 sets: []string{"syscalls", "ipc", "ipc_pipe"}, 3204 params: []argMeta{ 3205 {Type: "int", Name: "fd_in"}, 3206 {Type: "off_t*", Name: "off_in"}, 3207 {Type: "int", Name: "fd_out"}, 3208 {Type: "off_t*", Name: "off_out"}, 3209 {Type: "size_t", Name: "len"}, 3210 {Type: "unsigned int", Name: "flags"}, 3211 }, 3212 }, 3213 events.Tee: { 3214 ID: events.Tee, 3215 id32Bit: events.Sys32tee, 3216 name: "tee", 3217 syscall: true, 3218 sets: []string{"syscalls", "ipc", "ipc_pipe"}, 3219 params: []argMeta{ 3220 {Type: "int", Name: "fd_in"}, 3221 {Type: "int", Name: "fd_out"}, 3222 {Type: "size_t", Name: "len"}, 3223 {Type: "unsigned int", Name: "flags"}, 3224 }, 3225 }, 3226 events.SyncFileRange: { 3227 ID: events.SyncFileRange, 3228 id32Bit: events.Sys32sync_file_range, 3229 name: "sync_file_range", 3230 syscall: true, 3231 sets: []string{"syscalls", "fs", "fs_sync"}, 3232 params: []argMeta{ 3233 {Type: "int", Name: "fd"}, 3234 {Type: "off_t", Name: "offset"}, 3235 {Type: "off_t", Name: "nbytes"}, 3236 {Type: "unsigned int", Name: "flags"}, 3237 }, 3238 }, 3239 events.Vmsplice: { 3240 ID: events.Vmsplice, 3241 id32Bit: events.Sys32vmsplice, 3242 name: "vmsplice", 3243 syscall: true, 3244 sets: []string{"syscalls", "ipc", "ipc_pipe"}, 3245 params: []argMeta{ 3246 {Type: "int", Name: "fd"}, 3247 {Type: "const struct iovec*", Name: "iov"}, 3248 {Type: "unsigned long", Name: "nr_segs"}, 3249 {Type: "unsigned int", Name: "flags"}, 3250 }, 3251 }, 3252 events.MovePages: { 3253 ID: events.MovePages, 3254 id32Bit: events.Sys32move_pages, 3255 name: "move_pages", 3256 syscall: true, 3257 sets: []string{"syscalls", "system", "system_numa"}, 3258 params: []argMeta{ 3259 {Type: "int", Name: "pid"}, 3260 {Type: "unsigned long", Name: "count"}, 3261 {Type: "const void**", Name: "pages"}, 3262 {Type: "const int*", Name: "nodes"}, 3263 {Type: "int*", Name: "status"}, 3264 {Type: "int", Name: "flags"}, 3265 }, 3266 }, 3267 events.Utimensat: { 3268 ID: events.Utimensat, 3269 id32Bit: events.Sys32utimensat_time64, 3270 name: "utimensat", 3271 syscall: true, 3272 sets: []string{"syscalls", "fs", "fs_file_attr"}, 3273 params: []argMeta{ 3274 {Type: "int", Name: "dirfd"}, 3275 {Type: "const char*", Name: "pathname"}, 3276 {Type: "struct timespec*", Name: "times"}, 3277 {Type: "int", Name: "flags"}, 3278 }, 3279 }, 3280 events.EpollPwait: { 3281 ID: events.EpollPwait, 3282 id32Bit: events.Sys32epoll_pwait, 3283 name: "epoll_pwait", 3284 syscall: true, 3285 sets: []string{"syscalls", "fs", "fs_mux_io"}, 3286 params: []argMeta{ 3287 {Type: "int", Name: "epfd"}, 3288 {Type: "struct epoll_event*", Name: "events"}, 3289 {Type: "int", Name: "maxevents"}, 3290 {Type: "int", Name: "timeout"}, 3291 {Type: "const sigset_t*", Name: "sigmask"}, 3292 {Type: "size_t", Name: "sigsetsize"}, 3293 }, 3294 }, 3295 events.Signalfd: { 3296 ID: events.Signalfd, 3297 id32Bit: events.Sys32signalfd, 3298 name: "signalfd", 3299 syscall: true, 3300 sets: []string{"syscalls", "signals"}, 3301 params: []argMeta{ 3302 {Type: "int", Name: "fd"}, 3303 {Type: "sigset_t*", Name: "mask"}, 3304 {Type: "int", Name: "flags"}, 3305 }, 3306 }, 3307 events.TimerfdCreate: { 3308 ID: events.TimerfdCreate, 3309 id32Bit: events.Sys32timerfd_create, 3310 name: "timerfd_create", 3311 syscall: true, 3312 sets: []string{"syscalls", "time", "time_timer"}, 3313 params: []argMeta{ 3314 {Type: "int", Name: "clockid"}, 3315 {Type: "int", Name: "flags"}, 3316 }, 3317 }, 3318 events.Eventfd: { 3319 ID: events.Eventfd, 3320 id32Bit: events.Sys32eventfd, 3321 name: "eventfd", 3322 syscall: true, 3323 sets: []string{"syscalls", "signals"}, 3324 params: []argMeta{ 3325 {Type: "unsigned int", Name: "initval"}, 3326 {Type: "int", Name: "flags"}, 3327 }, 3328 }, 3329 events.Fallocate: { 3330 ID: events.Fallocate, 3331 id32Bit: events.Sys32fallocate, 3332 name: "fallocate", 3333 syscall: true, 3334 sets: []string{"syscalls", "fs", "fs_file_ops"}, 3335 params: []argMeta{ 3336 {Type: "int", Name: "fd"}, 3337 {Type: "int", Name: "mode"}, 3338 {Type: "off_t", Name: "offset"}, 3339 {Type: "off_t", Name: "len"}, 3340 }, 3341 }, 3342 events.TimerfdSettime: { 3343 ID: events.TimerfdSettime, 3344 id32Bit: events.Sys32timerfd_settime64, 3345 name: "timerfd_settime", 3346 syscall: true, 3347 sets: []string{"syscalls", "time", "time_timer"}, 3348 params: []argMeta{ 3349 {Type: "int", Name: "fd"}, 3350 {Type: "int", Name: "flags"}, 3351 {Type: "const struct itimerspec*", Name: "new_value"}, 3352 {Type: "struct itimerspec*", Name: "old_value"}, 3353 }, 3354 }, 3355 events.TimerfdGettime: { 3356 ID: events.TimerfdGettime, 3357 id32Bit: events.Sys32timerfd_gettime64, 3358 name: "timerfd_gettime", 3359 syscall: true, 3360 sets: []string{"syscalls", "time", "time_timer"}, 3361 params: []argMeta{ 3362 {Type: "int", Name: "fd"}, 3363 {Type: "struct itimerspec*", Name: "curr_value"}, 3364 }, 3365 }, 3366 events.Accept4: { 3367 ID: events.Accept4, 3368 id32Bit: events.Sys32accept4, 3369 name: "accept4", 3370 syscall: true, 3371 sets: []string{"syscalls", "net", "net_sock"}, 3372 params: []argMeta{ 3373 {Type: "int", Name: "sockfd"}, 3374 {Type: "struct sockaddr*", Name: "addr"}, 3375 {Type: "int*", Name: "addrlen"}, 3376 {Type: "int", Name: "flags"}, 3377 }, 3378 }, 3379 events.Signalfd4: { 3380 ID: events.Signalfd4, 3381 id32Bit: events.Sys32signalfd4, 3382 name: "signalfd4", 3383 syscall: true, 3384 sets: []string{"syscalls", "signals"}, 3385 params: []argMeta{ 3386 {Type: "int", Name: "fd"}, 3387 {Type: "const sigset_t*", Name: "mask"}, 3388 {Type: "size_t", Name: "sizemask"}, 3389 {Type: "int", Name: "flags"}, 3390 }, 3391 }, 3392 events.Eventfd2: { 3393 ID: events.Eventfd2, 3394 id32Bit: events.Sys32eventfd2, 3395 name: "eventfd2", 3396 syscall: true, 3397 sets: []string{"syscalls", "signals"}, 3398 params: []argMeta{ 3399 {Type: "unsigned int", Name: "initval"}, 3400 {Type: "int", Name: "flags"}, 3401 }, 3402 }, 3403 events.EpollCreate1: { 3404 ID: events.EpollCreate1, 3405 id32Bit: events.Sys32epoll_create1, 3406 name: "epoll_create1", 3407 syscall: true, 3408 sets: []string{"syscalls", "fs", "fs_mux_io"}, 3409 params: []argMeta{ 3410 {Type: "int", Name: "flags"}, 3411 }, 3412 }, 3413 events.Dup3: { 3414 ID: events.Dup3, 3415 id32Bit: events.Sys32dup3, 3416 name: "dup3", 3417 syscall: true, 3418 sets: []string{"syscalls", "fs", "fs_fd_ops"}, 3419 params: []argMeta{ 3420 {Type: "int", Name: "oldfd"}, 3421 {Type: "int", Name: "newfd"}, 3422 {Type: "int", Name: "flags"}, 3423 }, 3424 }, 3425 events.Pipe2: { 3426 ID: events.Pipe2, 3427 id32Bit: events.Sys32pipe2, 3428 name: "pipe2", 3429 syscall: true, 3430 sets: []string{"syscalls", "ipc", "ipc_pipe"}, 3431 params: []argMeta{ 3432 {Type: "int[2]", Name: "pipefd"}, 3433 {Type: "int", Name: "flags"}, 3434 }, 3435 }, 3436 events.InotifyInit1: { 3437 ID: events.InotifyInit1, 3438 id32Bit: events.Sys32inotify_init1, 3439 name: "inotify_init1", 3440 syscall: true, 3441 sets: []string{"syscalls", "fs", "fs_monitor"}, 3442 params: []argMeta{ 3443 {Type: "int", Name: "flags"}, 3444 }, 3445 }, 3446 events.Preadv: { 3447 ID: events.Preadv, 3448 id32Bit: events.Sys32preadv, 3449 name: "preadv", 3450 syscall: true, 3451 sets: []string{"syscalls", "fs", "fs_read_write"}, 3452 params: []argMeta{ 3453 {Type: "int", Name: "fd"}, 3454 {Type: "const struct iovec*", Name: "iov"}, 3455 {Type: "unsigned long", Name: "iovcnt"}, 3456 {Type: "unsigned long", Name: "pos_l"}, 3457 {Type: "unsigned long", Name: "pos_h"}, 3458 }, 3459 }, 3460 events.Pwritev: { 3461 ID: events.Pwritev, 3462 id32Bit: events.Sys32pwritev, 3463 name: "pwritev", 3464 syscall: true, 3465 sets: []string{"syscalls", "fs", "fs_read_write"}, 3466 params: []argMeta{ 3467 {Type: "int", Name: "fd"}, 3468 {Type: "const struct iovec*", Name: "iov"}, 3469 {Type: "unsigned long", Name: "iovcnt"}, 3470 {Type: "unsigned long", Name: "pos_l"}, 3471 {Type: "unsigned long", Name: "pos_h"}, 3472 }, 3473 }, 3474 events.RtTgsigqueueinfo: { 3475 ID: events.RtTgsigqueueinfo, 3476 id32Bit: events.Sys32rt_tgsigqueueinfo, 3477 name: "rt_tgsigqueueinfo", 3478 syscall: true, 3479 sets: []string{"syscalls", "signals"}, 3480 params: []argMeta{ 3481 {Type: "pid_t", Name: "tgid"}, 3482 {Type: "pid_t", Name: "tid"}, 3483 {Type: "int", Name: "sig"}, 3484 {Type: "siginfo_t*", Name: "info"}, 3485 }, 3486 }, 3487 events.PerfEventOpen: { 3488 ID: events.PerfEventOpen, 3489 id32Bit: events.Sys32perf_event_open, 3490 name: "perf_event_open", 3491 syscall: true, 3492 sets: []string{"syscalls", "system"}, 3493 params: []argMeta{ 3494 {Type: "struct perf_event_attr*", Name: "attr"}, 3495 {Type: "pid_t", Name: "pid"}, 3496 {Type: "int", Name: "cpu"}, 3497 {Type: "int", Name: "group_fd"}, 3498 {Type: "unsigned long", Name: "flags"}, 3499 }, 3500 }, 3501 events.Recvmmsg: { 3502 ID: events.Recvmmsg, 3503 id32Bit: events.Sys32recvmmsg_time64, 3504 name: "recvmmsg", 3505 syscall: true, 3506 sets: []string{"syscalls", "net", "net_snd_rcv"}, 3507 params: []argMeta{ 3508 {Type: "int", Name: "sockfd"}, 3509 {Type: "struct mmsghdr*", Name: "msgvec"}, 3510 {Type: "unsigned int", Name: "vlen"}, 3511 {Type: "int", Name: "flags"}, 3512 {Type: "struct timespec*", Name: "timeout"}, 3513 }, 3514 }, 3515 events.FanotifyInit: { 3516 ID: events.FanotifyInit, 3517 id32Bit: events.Sys32fanotify_init, 3518 name: "fanotify_init", 3519 syscall: true, 3520 sets: []string{"syscalls", "fs", "fs_monitor"}, 3521 params: []argMeta{ 3522 {Type: "unsigned int", Name: "flags"}, 3523 {Type: "unsigned int", Name: "event_f_flags"}, 3524 }, 3525 }, 3526 events.FanotifyMark: { 3527 ID: events.FanotifyMark, 3528 id32Bit: events.Sys32fanotify_mark, 3529 name: "fanotify_mark", 3530 syscall: true, 3531 sets: []string{"syscalls", "fs", "fs_monitor"}, 3532 params: []argMeta{ 3533 {Type: "int", Name: "fanotify_fd"}, 3534 {Type: "unsigned int", Name: "flags"}, 3535 {Type: "u64", Name: "mask"}, 3536 {Type: "int", Name: "dirfd"}, 3537 {Type: "const char*", Name: "pathname"}, 3538 }, 3539 }, 3540 events.Prlimit64: { 3541 ID: events.Prlimit64, 3542 id32Bit: events.Sys32prlimit64, 3543 name: "prlimit64", 3544 syscall: true, 3545 sets: []string{"syscalls", "proc"}, 3546 params: []argMeta{ 3547 {Type: "pid_t", Name: "pid"}, 3548 {Type: "int", Name: "resource"}, 3549 {Type: "const struct rlimit64*", Name: "new_limit"}, 3550 {Type: "struct rlimit64*", Name: "old_limit"}, 3551 }, 3552 }, 3553 events.NameToHandleAt: { 3554 ID: events.NameToHandleAt, 3555 id32Bit: events.Sys32name_to_handle_at, 3556 name: "name_to_handle_at", 3557 syscall: true, 3558 sets: []string{"syscalls", "fs", "fs_file_ops"}, 3559 params: []argMeta{ 3560 {Type: "int", Name: "dirfd"}, 3561 {Type: "const char*", Name: "pathname"}, 3562 {Type: "struct file_handle*", Name: "handle"}, 3563 {Type: "int*", Name: "mount_id"}, 3564 {Type: "int", Name: "flags"}, 3565 }, 3566 }, 3567 events.OpenByHandleAt: { 3568 ID: events.OpenByHandleAt, 3569 id32Bit: events.Sys32open_by_handle_at, 3570 name: "open_by_handle_at", 3571 syscall: true, 3572 sets: []string{"syscalls", "fs", "fs_file_ops"}, 3573 params: []argMeta{ 3574 {Type: "int", Name: "mount_fd"}, 3575 {Type: "struct file_handle*", Name: "handle"}, 3576 {Type: "int", Name: "flags"}, 3577 }, 3578 }, 3579 events.ClockAdjtime: { 3580 ID: events.ClockAdjtime, 3581 id32Bit: events.Sys32clock_adjtime, 3582 name: "clock_adjtime", 3583 syscall: true, 3584 sets: []string{"syscalls", "time", "time_clock"}, 3585 params: []argMeta{ 3586 {Type: "const clockid_t", Name: "clk_id"}, 3587 {Type: "struct timex*", Name: "buf"}, 3588 }, 3589 }, 3590 events.Syncfs: { 3591 ID: events.Syncfs, 3592 id32Bit: events.Sys32syncfs, 3593 name: "syncfs", 3594 syscall: true, 3595 sets: []string{"syscalls", "fs", "fs_sync"}, 3596 params: []argMeta{ 3597 {Type: "int", Name: "fd"}, 3598 }, 3599 }, 3600 events.Sendmmsg: { 3601 ID: events.Sendmmsg, 3602 id32Bit: events.Sys32sendmmsg, 3603 name: "sendmmsg", 3604 syscall: true, 3605 sets: []string{"syscalls", "net", "net_snd_rcv"}, 3606 params: []argMeta{ 3607 {Type: "int", Name: "sockfd"}, 3608 {Type: "struct mmsghdr*", Name: "msgvec"}, 3609 {Type: "unsigned int", Name: "vlen"}, 3610 {Type: "int", Name: "flags"}, 3611 }, 3612 }, 3613 events.Setns: { 3614 ID: events.Setns, 3615 id32Bit: events.Sys32setns, 3616 name: "setns", 3617 syscall: true, 3618 sets: []string{"default", "syscalls", "proc"}, 3619 params: []argMeta{ 3620 {Type: "int", Name: "fd"}, 3621 {Type: "int", Name: "nstype"}, 3622 }, 3623 }, 3624 events.Getcpu: { 3625 ID: events.Getcpu, 3626 id32Bit: events.Sys32getcpu, 3627 name: "getcpu", 3628 syscall: true, 3629 sets: []string{"syscalls", "system", "system_numa"}, 3630 params: []argMeta{ 3631 {Type: "unsigned int*", Name: "cpu"}, 3632 {Type: "unsigned int*", Name: "node"}, 3633 {Type: "struct getcpu_cache*", Name: "tcache"}, 3634 }, 3635 }, 3636 events.ProcessVmReadv: { 3637 ID: events.ProcessVmReadv, 3638 id32Bit: events.Sys32process_vm_readv, 3639 name: "process_vm_readv", 3640 syscall: true, 3641 sets: []string{"default", "syscalls", "proc"}, 3642 params: []argMeta{ 3643 {Type: "pid_t", Name: "pid"}, 3644 {Type: "const struct iovec*", Name: "local_iov"}, 3645 {Type: "unsigned long", Name: "liovcnt"}, 3646 {Type: "const struct iovec*", Name: "remote_iov"}, 3647 {Type: "unsigned long", Name: "riovcnt"}, 3648 {Type: "unsigned long", Name: "flags"}, 3649 }, 3650 }, 3651 events.ProcessVmWritev: { 3652 ID: events.ProcessVmWritev, 3653 id32Bit: events.Sys32process_vm_writev, 3654 name: "process_vm_writev", 3655 syscall: true, 3656 sets: []string{"default", "syscalls", "proc"}, 3657 params: []argMeta{ 3658 {Type: "pid_t", Name: "pid"}, 3659 {Type: "const struct iovec*", Name: "local_iov"}, 3660 {Type: "unsigned long", Name: "liovcnt"}, 3661 {Type: "const struct iovec*", Name: "remote_iov"}, 3662 {Type: "unsigned long", Name: "riovcnt"}, 3663 {Type: "unsigned long", Name: "flags"}, 3664 }, 3665 }, 3666 events.Kcmp: { 3667 ID: events.Kcmp, 3668 id32Bit: events.Sys32kcmp, 3669 name: "kcmp", 3670 syscall: true, 3671 sets: []string{"syscalls", "proc"}, 3672 params: []argMeta{ 3673 {Type: "pid_t", Name: "pid1"}, 3674 {Type: "pid_t", Name: "pid2"}, 3675 {Type: "int", Name: "type"}, 3676 {Type: "unsigned long", Name: "idx1"}, 3677 {Type: "unsigned long", Name: "idx2"}, 3678 }, 3679 }, 3680 events.FinitModule: { 3681 ID: events.FinitModule, 3682 id32Bit: events.Sys32finit_module, 3683 name: "finit_module", 3684 syscall: true, 3685 sets: []string{"default", "syscalls", "system", "system_module"}, 3686 params: []argMeta{ 3687 {Type: "int", Name: "fd"}, 3688 {Type: "const char*", Name: "param_values"}, 3689 {Type: "int", Name: "flags"}, 3690 }, 3691 }, 3692 events.SchedSetattr: { 3693 ID: events.SchedSetattr, 3694 id32Bit: events.Sys32sched_setattr, 3695 name: "sched_setattr", 3696 syscall: true, 3697 sets: []string{"syscalls", "proc", "proc_sched"}, 3698 params: []argMeta{ 3699 {Type: "pid_t", Name: "pid"}, 3700 {Type: "struct sched_attr*", Name: "attr"}, 3701 {Type: "unsigned int", Name: "flags"}, 3702 }, 3703 }, 3704 events.SchedGetattr: { 3705 ID: events.SchedGetattr, 3706 id32Bit: events.Sys32sched_getattr, 3707 name: "sched_getattr", 3708 syscall: true, 3709 sets: []string{"syscalls", "proc", "proc_sched"}, 3710 params: []argMeta{ 3711 {Type: "pid_t", Name: "pid"}, 3712 {Type: "struct sched_attr*", Name: "attr"}, 3713 {Type: "unsigned int", Name: "size"}, 3714 {Type: "unsigned int", Name: "flags"}, 3715 }, 3716 }, 3717 events.Renameat2: { 3718 ID: events.Renameat2, 3719 id32Bit: events.Sys32renameat2, 3720 name: "renameat2", 3721 syscall: true, 3722 sets: []string{"syscalls", "fs", "fs_file_ops"}, 3723 params: []argMeta{ 3724 {Type: "int", Name: "olddirfd"}, 3725 {Type: "const char*", Name: "oldpath"}, 3726 {Type: "int", Name: "newdirfd"}, 3727 {Type: "const char*", Name: "newpath"}, 3728 {Type: "unsigned int", Name: "flags"}, 3729 }, 3730 }, 3731 events.Seccomp: { 3732 ID: events.Seccomp, 3733 id32Bit: events.Sys32seccomp, 3734 name: "seccomp", 3735 syscall: true, 3736 sets: []string{"syscalls", "proc"}, 3737 params: []argMeta{ 3738 {Type: "unsigned int", Name: "operation"}, 3739 {Type: "unsigned int", Name: "flags"}, 3740 {Type: "const void*", Name: "args"}, 3741 }, 3742 }, 3743 events.Getrandom: { 3744 ID: events.Getrandom, 3745 id32Bit: events.Sys32getrandom, 3746 name: "getrandom", 3747 syscall: true, 3748 sets: []string{"syscalls", "fs"}, 3749 params: []argMeta{ 3750 {Type: "void*", Name: "buf"}, 3751 {Type: "size_t", Name: "buflen"}, 3752 {Type: "unsigned int", Name: "flags"}, 3753 }, 3754 }, 3755 events.MemfdCreate: { 3756 ID: events.MemfdCreate, 3757 id32Bit: events.Sys32memfd_create, 3758 name: "memfd_create", 3759 syscall: true, 3760 sets: []string{"default", "syscalls", "fs", "fs_file_ops"}, 3761 params: []argMeta{ 3762 {Type: "const char*", Name: "name"}, 3763 {Type: "unsigned int", Name: "flags"}, 3764 }, 3765 }, 3766 events.KexecFileLoad: { 3767 ID: events.KexecFileLoad, 3768 id32Bit: events.Sys32Undefined, 3769 name: "kexec_file_load", 3770 syscall: true, 3771 sets: []string{"syscalls", "system"}, 3772 params: []argMeta{ 3773 {Type: "int", Name: "kernel_fd"}, 3774 {Type: "int", Name: "initrd_fd"}, 3775 {Type: "unsigned long", Name: "cmdline_len"}, 3776 {Type: "const char*", Name: "cmdline"}, 3777 {Type: "unsigned long", Name: "flags"}, 3778 }, 3779 }, 3780 events.Bpf: { 3781 ID: events.Bpf, 3782 id32Bit: events.Sys32bpf, 3783 name: "bpf", 3784 syscall: true, 3785 sets: []string{"syscalls", "system"}, 3786 params: []argMeta{ 3787 {Type: "int", Name: "cmd"}, 3788 {Type: "union bpf_attr*", Name: "attr"}, 3789 {Type: "unsigned int", Name: "size"}, 3790 }, 3791 }, 3792 events.Execveat: { 3793 ID: events.Execveat, 3794 id32Bit: events.Sys32execveat, 3795 name: "execveat", 3796 syscall: true, 3797 sets: []string{"syscalls", "proc", "proc_life"}, 3798 params: []argMeta{ 3799 {Type: "int", Name: "dirfd"}, 3800 {Type: "const char*", Name: "pathname"}, 3801 {Type: "const char*const*", Name: "argv"}, 3802 {Type: "const char*const*", Name: "envp"}, 3803 {Type: "int", Name: "flags"}, 3804 }, 3805 dependencies: dependencies{ 3806 //tailCalls: []TailCall{ 3807 // {"sys_enter_init_tail", "sys_enter_init", []uint32{uint32(Execveat)}}, 3808 // {"sys_enter_submit_tail", "sys_enter_submit", []uint32{uint32(Execveat)}}, 3809 // {"sys_exit_init_tail", "sys_exit_init", []uint32{uint32(Execveat)}}, 3810 // {"sys_exit_submit_tail", "sys_exit_submit", []uint32{uint32(Execveat)}}, 3811 // {"sys_enter_tails", "syscall__execveat", []uint32{uint32(Execveat)}}, 3812 //}, 3813 tailCalls: []TailCall{ 3814 {objs.SysEnterInitTail, objs.SysEnterInit, []uint32{uint32(events.Execve)}}, 3815 {objs.SysEnterSubmitTail, objs.SysEnterSubmit, []uint32{uint32(events.Execve)}}, 3816 {objs.SysExitInitTail, objs.SysExitInit, []uint32{uint32(events.Execve)}}, 3817 {objs.SysExitSubmitTail, objs.SysExitSubmit, []uint32{uint32(events.Execve)}}, 3818 {objs.SysEnterTails, objs.SyscallExecveat, []uint32{uint32(events.Execveat)}}, 3819 }, 3820 }, 3821 }, 3822 events.Userfaultfd: { 3823 ID: events.Userfaultfd, 3824 id32Bit: events.Sys32userfaultfd, 3825 name: "userfaultfd", 3826 syscall: true, 3827 sets: []string{"syscalls", "system"}, 3828 params: []argMeta{ 3829 {Type: "int", Name: "flags"}, 3830 }, 3831 }, 3832 events.Membarrier: { 3833 ID: events.Membarrier, 3834 id32Bit: events.Sys32membarrier, 3835 name: "membarrier", 3836 syscall: true, 3837 sets: []string{"syscalls", "proc", "proc_mem"}, 3838 params: []argMeta{ 3839 {Type: "int", Name: "cmd"}, 3840 {Type: "int", Name: "flags"}, 3841 }, 3842 }, 3843 events.Mlock2: { 3844 ID: events.Mlock2, 3845 id32Bit: events.Sys32mlock2, 3846 name: "mlock2", 3847 syscall: true, 3848 sets: []string{"syscalls", "proc", "proc_mem"}, 3849 params: []argMeta{ 3850 {Type: "const void*", Name: "addr"}, 3851 {Type: "size_t", Name: "len"}, 3852 {Type: "int", Name: "flags"}, 3853 }, 3854 }, 3855 events.CopyFileRange: { 3856 ID: events.CopyFileRange, 3857 id32Bit: events.Sys32copy_file_range, 3858 name: "copy_file_range", 3859 syscall: true, 3860 sets: []string{"syscalls", "fs", "fs_read_write"}, 3861 params: []argMeta{ 3862 {Type: "int", Name: "fd_in"}, 3863 {Type: "off_t*", Name: "off_in"}, 3864 {Type: "int", Name: "fd_out"}, 3865 {Type: "off_t*", Name: "off_out"}, 3866 {Type: "size_t", Name: "len"}, 3867 {Type: "unsigned int", Name: "flags"}, 3868 }, 3869 }, 3870 events.Preadv2: { 3871 ID: events.Preadv2, 3872 id32Bit: events.Sys32preadv2, 3873 name: "preadv2", 3874 syscall: true, 3875 sets: []string{"syscalls", "fs", "fs_read_write"}, 3876 params: []argMeta{ 3877 {Type: "int", Name: "fd"}, 3878 {Type: "const struct iovec*", Name: "iov"}, 3879 {Type: "unsigned long", Name: "iovcnt"}, 3880 {Type: "unsigned long", Name: "pos_l"}, 3881 {Type: "unsigned long", Name: "pos_h"}, 3882 {Type: "int", Name: "flags"}, 3883 }, 3884 }, 3885 events.Pwritev2: { 3886 ID: events.Pwritev2, 3887 id32Bit: events.Sys32pwritev2, 3888 name: "pwritev2", 3889 syscall: true, 3890 sets: []string{"syscalls", "fs", "fs_read_write"}, 3891 params: []argMeta{ 3892 {Type: "int", Name: "fd"}, 3893 {Type: "const struct iovec*", Name: "iov"}, 3894 {Type: "unsigned long", Name: "iovcnt"}, 3895 {Type: "unsigned long", Name: "pos_l"}, 3896 {Type: "unsigned long", Name: "pos_h"}, 3897 {Type: "int", Name: "flags"}, 3898 }, 3899 }, 3900 events.PkeyMprotect: { 3901 ID: events.PkeyMprotect, 3902 id32Bit: events.Sys32pkey_mprotect, 3903 name: "pkey_mprotect", 3904 syscall: true, 3905 sets: []string{"syscalls", "proc", "proc_mem"}, 3906 params: []argMeta{ 3907 {Type: "void*", Name: "addr"}, 3908 {Type: "size_t", Name: "len"}, 3909 {Type: "int", Name: "prot"}, 3910 {Type: "int", Name: "pkey"}, 3911 }, 3912 }, 3913 events.PkeyAlloc: { 3914 ID: events.PkeyAlloc, 3915 id32Bit: events.Sys32pkey_alloc, 3916 name: "pkey_alloc", 3917 syscall: true, 3918 sets: []string{"syscalls", "proc", "proc_mem"}, 3919 params: []argMeta{ 3920 {Type: "unsigned int", Name: "flags"}, 3921 {Type: "unsigned long", Name: "access_rights"}, 3922 }, 3923 }, 3924 events.PkeyFree: { 3925 ID: events.PkeyFree, 3926 id32Bit: events.Sys32pkey_free, 3927 name: "pkey_free", 3928 syscall: true, 3929 sets: []string{"syscalls", "proc", "proc_mem"}, 3930 params: []argMeta{ 3931 {Type: "int", Name: "pkey"}, 3932 }, 3933 }, 3934 events.Statx: { 3935 ID: events.Statx, 3936 id32Bit: events.Sys32statx, 3937 name: "statx", 3938 syscall: true, 3939 sets: []string{"syscalls", "fs", "fs_file_attr"}, 3940 params: []argMeta{ 3941 {Type: "int", Name: "dirfd"}, 3942 {Type: "const char*", Name: "pathname"}, 3943 {Type: "int", Name: "flags"}, 3944 {Type: "unsigned int", Name: "mask"}, 3945 {Type: "struct statx*", Name: "statxbuf"}, 3946 }, 3947 }, 3948 events.IoPgetevents: { 3949 ID: events.IoPgetevents, 3950 id32Bit: events.Sys32io_pgetevents_time64, 3951 name: "io_pgetevents", 3952 syscall: true, 3953 sets: []string{"syscalls", "fs", "fs_async_io"}, 3954 params: []argMeta{ 3955 {Type: "aio_context_t", Name: "ctx_id"}, 3956 {Type: "long", Name: "min_nr"}, 3957 {Type: "long", Name: "nr"}, 3958 {Type: "struct io_event*", Name: "events"}, 3959 {Type: "struct timespec*", Name: "timeout"}, 3960 {Type: "const struct __aio_sigset*", Name: "usig"}, 3961 }, 3962 }, 3963 events.Rseq: { 3964 ID: events.Rseq, 3965 id32Bit: events.Sys32rseq, 3966 name: "rseq", 3967 syscall: true, 3968 sets: []string{"syscalls"}, 3969 params: []argMeta{ 3970 {Type: "struct rseq*", Name: "rseq"}, 3971 {Type: "u32", Name: "rseq_len"}, 3972 {Type: "int", Name: "flags"}, 3973 {Type: "u32", Name: "sig"}, 3974 }, 3975 }, 3976 events.PidfdSendSignal: { 3977 ID: events.PidfdSendSignal, 3978 id32Bit: events.Sys32pidfd_send_signal, 3979 name: "pidfd_send_signal", 3980 syscall: true, 3981 sets: []string{"syscalls", "signals"}, 3982 params: []argMeta{ 3983 {Type: "int", Name: "pidfd"}, 3984 {Type: "int", Name: "sig"}, 3985 {Type: "siginfo_t*", Name: "info"}, 3986 {Type: "unsigned int", Name: "flags"}, 3987 }, 3988 }, 3989 events.IoUringSetup: { 3990 ID: events.IoUringSetup, 3991 id32Bit: events.Sys32io_uring_setup, 3992 name: "io_uring_setup", 3993 syscall: true, 3994 sets: []string{"syscalls"}, 3995 params: []argMeta{ 3996 {Type: "unsigned int", Name: "entries"}, 3997 {Type: "struct io_uring_params*", Name: "p"}, 3998 }, 3999 }, 4000 events.IoUringEnter: { 4001 ID: events.IoUringEnter, 4002 id32Bit: events.Sys32io_uring_enter, 4003 name: "io_uring_enter", 4004 syscall: true, 4005 sets: []string{"syscalls"}, 4006 params: []argMeta{ 4007 {Type: "unsigned int", Name: "fd"}, 4008 {Type: "unsigned int", Name: "to_submit"}, 4009 {Type: "unsigned int", Name: "min_complete"}, 4010 {Type: "unsigned int", Name: "flags"}, 4011 {Type: "sigset_t*", Name: "sig"}, 4012 }, 4013 }, 4014 events.IoUringRegister: { 4015 ID: events.IoUringRegister, 4016 id32Bit: events.Sys32io_uring_register, 4017 name: "io_uring_register", 4018 syscall: true, 4019 sets: []string{"syscalls"}, 4020 params: []argMeta{ 4021 {Type: "unsigned int", Name: "fd"}, 4022 {Type: "unsigned int", Name: "opcode"}, 4023 {Type: "void*", Name: "arg"}, 4024 {Type: "unsigned int", Name: "nr_args"}, 4025 }, 4026 }, 4027 events.OpenTree: { 4028 ID: events.OpenTree, 4029 id32Bit: events.Sys32open_tree, 4030 name: "open_tree", 4031 syscall: true, 4032 sets: []string{"syscalls"}, 4033 params: []argMeta{ 4034 {Type: "int", Name: "dfd"}, 4035 {Type: "const char*", Name: "filename"}, 4036 {Type: "unsigned int", Name: "flags"}, 4037 }, 4038 }, 4039 events.MoveMount: { 4040 ID: events.MoveMount, 4041 id32Bit: events.Sys32move_mount, 4042 name: "move_mount", 4043 syscall: true, 4044 sets: []string{"default", "syscalls", "fs"}, 4045 params: []argMeta{ 4046 {Type: "int", Name: "from_dfd"}, 4047 {Type: "const char*", Name: "from_path"}, 4048 {Type: "int", Name: "to_dfd"}, 4049 {Type: "const char*", Name: "to_path"}, 4050 {Type: "unsigned int", Name: "flags"}, 4051 }, 4052 }, 4053 events.Fsopen: { 4054 ID: events.Fsopen, 4055 id32Bit: events.Sys32fsopen, 4056 name: "fsopen", 4057 syscall: true, 4058 sets: []string{"syscalls", "fs"}, 4059 params: []argMeta{ 4060 {Type: "const char*", Name: "fsname"}, 4061 {Type: "unsigned int", Name: "flags"}, 4062 }, 4063 }, 4064 events.Fsconfig: { 4065 ID: events.Fsconfig, 4066 id32Bit: events.Sys32fsconfig, 4067 name: "fsconfig", 4068 syscall: true, 4069 sets: []string{"syscalls", "fs"}, 4070 params: []argMeta{ 4071 {Type: "int*", Name: "fs_fd"}, 4072 {Type: "unsigned int", Name: "cmd"}, 4073 {Type: "const char*", Name: "key"}, 4074 {Type: "const void*", Name: "value"}, 4075 {Type: "int", Name: "aux"}, 4076 }, 4077 }, 4078 events.Fsmount: { 4079 ID: events.Fsmount, 4080 id32Bit: events.Sys32fsmount, 4081 name: "fsmount", 4082 syscall: true, 4083 sets: []string{"syscalls", "fs"}, 4084 params: []argMeta{ 4085 {Type: "int", Name: "fsfd"}, 4086 {Type: "unsigned int", Name: "flags"}, 4087 {Type: "unsigned int", Name: "ms_flags"}, 4088 }, 4089 }, 4090 events.Fspick: { 4091 ID: events.Fspick, 4092 id32Bit: events.Sys32fspick, 4093 name: "fspick", 4094 syscall: true, 4095 sets: []string{"syscalls", "fs"}, 4096 params: []argMeta{ 4097 {Type: "int", Name: "dirfd"}, 4098 {Type: "const char*", Name: "pathname"}, 4099 {Type: "unsigned int", Name: "flags"}, 4100 }, 4101 }, 4102 events.PidfdOpen: { 4103 ID: events.PidfdOpen, 4104 id32Bit: events.Sys32pidfd_open, 4105 name: "pidfd_open", 4106 syscall: true, 4107 sets: []string{"syscalls"}, 4108 params: []argMeta{ 4109 {Type: "pid_t", Name: "pid"}, 4110 {Type: "unsigned int", Name: "flags"}, 4111 }, 4112 }, 4113 events.Clone3: { 4114 ID: events.Clone3, 4115 id32Bit: events.Sys32clone3, 4116 name: "clone3", 4117 syscall: true, 4118 sets: []string{"syscalls", "proc", "proc_life"}, 4119 params: []argMeta{ 4120 {Type: "struct clone_args*", Name: "cl_args"}, 4121 {Type: "size_t", Name: "size"}, 4122 }, 4123 }, 4124 events.CloseRange: { 4125 ID: events.CloseRange, 4126 id32Bit: events.Sys32close_range, 4127 name: "close_range", 4128 syscall: true, 4129 sets: []string{"syscalls", "fs", "fs_file_ops"}, 4130 params: []argMeta{ 4131 {Type: "unsigned int", Name: "first"}, 4132 {Type: "unsigned int", Name: "last"}, 4133 }, 4134 }, 4135 events.Openat2: { 4136 ID: events.Openat2, 4137 id32Bit: events.Sys32openat2, 4138 name: "openat2", 4139 syscall: true, 4140 sets: []string{"syscalls", "fs", "fs_file_ops"}, 4141 params: []argMeta{ 4142 {Type: "int", Name: "dirfd"}, 4143 {Type: "const char*", Name: "pathname"}, 4144 {Type: "struct open_how*", Name: "how"}, 4145 {Type: "size_t", Name: "size"}, 4146 }, 4147 }, 4148 events.PidfdGetfd: { 4149 ID: events.PidfdGetfd, 4150 id32Bit: events.Sys32pidfd_getfd, 4151 name: "pidfd_getfd", 4152 syscall: true, 4153 sets: []string{"syscalls"}, 4154 params: []argMeta{ 4155 {Type: "int", Name: "pidfd"}, 4156 {Type: "int", Name: "targetfd"}, 4157 {Type: "unsigned int", Name: "flags"}, 4158 }, 4159 }, 4160 events.Faccessat2: { 4161 ID: events.Faccessat2, 4162 id32Bit: events.Sys32faccessat2, 4163 name: "faccessat2", 4164 syscall: true, 4165 sets: []string{"syscalls", "fs", "fs_file_attr"}, 4166 params: []argMeta{ 4167 {Type: "int", Name: "fd"}, 4168 {Type: "const char*", Name: "path"}, 4169 {Type: "int", Name: "mode"}, 4170 {Type: "int", Name: "flag"}, 4171 }, 4172 }, 4173 events.ProcessMadvise: { 4174 ID: events.ProcessMadvise, 4175 id32Bit: events.Sys32process_madvise, 4176 name: "process_madvise", 4177 syscall: true, 4178 sets: []string{"syscalls"}, 4179 params: []argMeta{ 4180 {Type: "int", Name: "pidfd"}, 4181 {Type: "void*", Name: "addr"}, 4182 {Type: "size_t", Name: "length"}, 4183 {Type: "int", Name: "advice"}, 4184 {Type: "unsigned long", Name: "flags"}, 4185 }, 4186 }, 4187 events.EpollPwait2: { 4188 ID: events.EpollPwait2, 4189 id32Bit: events.Sys32epoll_pwait2, 4190 name: "epoll_pwait2", 4191 syscall: true, 4192 sets: []string{"syscalls", "fs", "fs_mux_io"}, 4193 params: []argMeta{ 4194 {Type: "int", Name: "fd"}, 4195 {Type: "struct epoll_event*", Name: "events"}, 4196 {Type: "int", Name: "maxevents"}, 4197 {Type: "const struct timespec*", Name: "timeout"}, 4198 {Type: "const sigset_t*", Name: "sigset"}, 4199 }, 4200 }, 4201 events.MountSetatt: { 4202 ID: events.MountSetatt, 4203 id32Bit: events.Sys32mount_setattr, 4204 name: "mount_setattr", 4205 syscall: true, 4206 sets: []string{"syscalls", "fs"}, 4207 params: []argMeta{ 4208 {Type: "int", Name: "dfd"}, 4209 {Type: "char*", Name: "path"}, 4210 {Type: "unsigned int", Name: "flags"}, 4211 {Type: "struct mount_attr*", Name: "uattr"}, 4212 {Type: "size_t", Name: "usize"}, 4213 }, 4214 }, 4215 events.QuotactlFd: { 4216 ID: events.QuotactlFd, 4217 id32Bit: events.Sys32quotactl_fd, 4218 name: "quotactl_fd", 4219 syscall: true, 4220 sets: []string{"syscalls", "fs"}, 4221 params: []argMeta{ 4222 {Type: "unsigned int", Name: "fd"}, 4223 {Type: "unsigned int", Name: "cmd"}, 4224 {Type: "qid_t", Name: "id"}, 4225 {Type: "void *", Name: "addr"}, 4226 }, 4227 }, 4228 events.LandlockCreateRuleset: { 4229 ID: events.LandlockCreateRuleset, 4230 id32Bit: events.Sys32landlock_create_ruleset, 4231 name: "landlock_create_ruleset", 4232 syscall: true, 4233 sets: []string{"syscalls", "proc", "fs"}, 4234 params: []argMeta{ 4235 {Type: "struct landlock_ruleset_attr*", Name: "attr"}, 4236 {Type: "size_t", Name: "size"}, 4237 {Type: "u32", Name: "flags"}, 4238 }, 4239 }, 4240 events.LandlockAddRule: { 4241 ID: events.LandlockAddRule, 4242 id32Bit: events.Sys32landlock_add_rule, 4243 name: "landlock_add_rule", 4244 syscall: true, 4245 sets: []string{"syscalls", "proc", "fs"}, 4246 params: []argMeta{ 4247 {Type: "int", Name: "ruleset_fd"}, 4248 {Type: "landlock_rule_type", Name: "rule_type"}, 4249 {Type: "void*", Name: "rule_attr"}, 4250 {Type: "u32", Name: "flags"}, 4251 }, 4252 }, 4253 events.LandloclRestrictSet: { 4254 ID: events.LandloclRestrictSet, 4255 id32Bit: events.Sys32landlock_restrict_self, 4256 name: "landlock_restrict_self", 4257 syscall: true, 4258 sets: []string{"syscalls", "proc", "fs"}, 4259 params: []argMeta{ 4260 {Type: "int", Name: "ruleset_fd"}, 4261 {Type: "u32", Name: "flags"}, 4262 }, 4263 }, 4264 events.MemfdSecret: { 4265 ID: events.MemfdSecret, 4266 id32Bit: events.Sys32memfd_secret, 4267 name: "memfd_secret", 4268 syscall: true, 4269 sets: []string{"syscalls"}, 4270 params: []argMeta{ 4271 {Type: "unsigned int", Name: "flags"}, 4272 }, 4273 }, 4274 events.ProcessMrelease: { 4275 ID: events.ProcessMrelease, 4276 id32Bit: events.Sys32process_mrelease, 4277 name: "process_mrelease", 4278 syscall: true, 4279 sets: []string{"syscalls"}, 4280 params: []argMeta{ 4281 {Type: "int", Name: "pidfd"}, 4282 {Type: "unsigned int", Name: "flags"}, 4283 }, 4284 }, 4285 events.Waitpid: { 4286 ID: events.Waitpid, 4287 id32Bit: events.Sys32waitpid, 4288 name: "waitpid", 4289 syscall: true, 4290 sets: []string{"syscalls", "32bit_unique"}, 4291 params: []argMeta{ 4292 {Type: "pid_t", Name: "pid"}, 4293 {Type: "int*", Name: "status"}, 4294 {Type: "int", Name: "options"}, 4295 }, 4296 }, 4297 events.Oldfstat: { 4298 ID: events.Oldfstat, 4299 id32Bit: events.Sys32oldfstat, 4300 name: "oldfstat", 4301 syscall: true, 4302 sets: []string{"syscalls", "32bit_unique"}, 4303 params: []argMeta{}, 4304 }, 4305 events.Break: { 4306 ID: events.Break, 4307 id32Bit: events.Sys32break, 4308 name: "break", 4309 syscall: true, 4310 sets: []string{"syscalls", "32bit_unique"}, 4311 params: []argMeta{}, 4312 }, 4313 events.Oldstat: { 4314 ID: events.Oldstat, 4315 id32Bit: events.Sys32oldstat, 4316 name: "oldstat", 4317 syscall: true, 4318 sets: []string{"syscalls", "32bit_unique"}, 4319 params: []argMeta{ 4320 {Type: "char*", Name: "filename"}, 4321 {Type: "struct __old_kernel_stat*", Name: "statbuf"}, 4322 }, 4323 }, 4324 events.Umount: { 4325 ID: events.Umount, 4326 id32Bit: events.Sys32umount, 4327 name: "umount", 4328 syscall: true, 4329 sets: []string{"syscalls", "32bit_unique"}, 4330 params: []argMeta{ 4331 {Type: "const char*", Name: "target"}, 4332 }, 4333 }, 4334 events.Stime: { 4335 ID: events.Stime, 4336 id32Bit: events.Sys32stime, 4337 name: "stime", 4338 syscall: true, 4339 sets: []string{"syscalls", "32bit_unique"}, 4340 params: []argMeta{ 4341 {Type: "const time_t*", Name: "t"}, 4342 }, 4343 }, 4344 events.Stty: { 4345 ID: events.Stty, 4346 id32Bit: events.Sys32stty, 4347 name: "stty", 4348 syscall: true, 4349 sets: []string{"syscalls", "32bit_unique"}, 4350 params: []argMeta{}, 4351 }, 4352 events.Gtty: { 4353 ID: events.Gtty, 4354 id32Bit: events.Sys32gtty, 4355 name: "gtty", 4356 syscall: true, 4357 sets: []string{"syscalls", "32bit_unique"}, 4358 params: []argMeta{}, 4359 }, 4360 events.Nice: { 4361 ID: events.Nice, 4362 id32Bit: events.Sys32nice, 4363 name: "nice", 4364 syscall: true, 4365 sets: []string{"syscalls", "32bit_unique"}, 4366 params: []argMeta{ 4367 {Type: "int", Name: "inc"}, 4368 }, 4369 }, 4370 events.Ftime: { 4371 ID: events.Ftime, 4372 id32Bit: events.Sys32ftime, 4373 name: "ftime", 4374 syscall: true, 4375 sets: []string{"syscalls", "32bit_unique"}, 4376 params: []argMeta{}, 4377 }, 4378 events.Prof: { 4379 ID: events.Prof, 4380 id32Bit: events.Sys32prof, 4381 name: "prof", 4382 syscall: true, 4383 sets: []string{"syscalls", "32bit_unique"}, 4384 params: []argMeta{}, 4385 }, 4386 events.Signal: { 4387 ID: events.Signal, 4388 id32Bit: events.Sys32signal, 4389 name: "signal", 4390 syscall: true, 4391 sets: []string{"syscalls", "32bit_unique"}, 4392 params: []argMeta{ 4393 {Type: "int", Name: "signum"}, 4394 {Type: "sighandler_t", Name: "handler"}, 4395 }, 4396 }, 4397 events.Lock: { 4398 ID: events.Lock, 4399 id32Bit: events.Sys32lock, 4400 name: "lock", 4401 syscall: true, 4402 sets: []string{"syscalls", "32bit_unique"}, 4403 params: []argMeta{}, 4404 }, 4405 events.Mpx: { 4406 ID: events.Mpx, 4407 id32Bit: events.Sys32mpx, 4408 name: "mpx", 4409 syscall: true, 4410 sets: []string{"syscalls", "32bit_unique"}, 4411 params: []argMeta{}, 4412 }, 4413 events.Ulimit: { 4414 ID: events.Ulimit, 4415 id32Bit: events.Sys32ulimit, 4416 name: "ulimit", 4417 syscall: true, 4418 sets: []string{"syscalls", "32bit_unique"}, 4419 params: []argMeta{}, 4420 }, 4421 events.Oldolduname: { 4422 ID: events.Oldolduname, 4423 id32Bit: events.Sys32oldolduname, 4424 name: "oldolduname", 4425 syscall: true, 4426 sets: []string{"syscalls", "32bit_unique"}, 4427 params: []argMeta{ 4428 {Type: "struct oldold_utsname*", Name: "name"}, 4429 }, 4430 }, 4431 events.Sigaction: { 4432 ID: events.Sigaction, 4433 id32Bit: events.Sys32sigaction, 4434 name: "sigaction", 4435 syscall: true, 4436 sets: []string{"syscalls", "32bit_unique"}, 4437 params: []argMeta{ 4438 {Type: "int", Name: "sig"}, 4439 {Type: "const struct sigaction*", Name: "act"}, 4440 {Type: "struct sigaction*", Name: "oact"}, 4441 }, 4442 }, 4443 events.Sgetmask: { 4444 ID: events.Sgetmask, 4445 id32Bit: events.Sys32sgetmask, 4446 name: "sgetmask", 4447 syscall: true, 4448 sets: []string{"syscalls", "32bit_unique"}, 4449 params: []argMeta{}, 4450 }, 4451 events.Ssetmask: { 4452 ID: events.Ssetmask, 4453 id32Bit: events.Sys32ssetmask, 4454 name: "ssetmask", 4455 syscall: true, 4456 sets: []string{"syscalls", "32bit_unique"}, 4457 params: []argMeta{ 4458 {Type: "long", Name: "newmask"}, 4459 }, 4460 }, 4461 events.Sigsuspend: { 4462 ID: events.Sigsuspend, 4463 id32Bit: events.Sys32sigsuspend, 4464 name: "sigsuspend", 4465 syscall: true, 4466 sets: []string{"syscalls", "32bit_unique"}, 4467 params: []argMeta{ 4468 {Type: "const sigset_t*", Name: "mask"}, 4469 }, 4470 }, 4471 events.Sigpending: { 4472 ID: events.Sigpending, 4473 id32Bit: events.Sys32sigpending, 4474 name: "sigpending", 4475 syscall: true, 4476 sets: []string{"syscalls", "32bit_unique"}, 4477 params: []argMeta{ 4478 {Type: "sigset_t*", Name: "set"}, 4479 }, 4480 }, 4481 events.Oldlstat: { 4482 ID: events.Oldlstat, 4483 id32Bit: events.Sys32oldlstat, 4484 name: "oldlstat", 4485 syscall: true, 4486 sets: []string{"syscalls", "32bit_unique"}, 4487 params: []argMeta{ 4488 {Type: "const char*", Name: "pathname"}, 4489 {Type: "struct stat*", Name: "statbuf"}, 4490 }, 4491 }, 4492 events.Readdir: { 4493 ID: events.Readdir, 4494 id32Bit: events.Sys32readdir, 4495 name: "readdir", 4496 syscall: true, 4497 sets: []string{"syscalls", "32bit_unique"}, 4498 params: []argMeta{ 4499 {Type: "unsigned int", Name: "fd"}, 4500 {Type: "struct old_linux_dirent*", Name: "dirp"}, 4501 {Type: "unsigned int", Name: "count"}, 4502 }, 4503 }, 4504 events.Profil: { 4505 ID: events.Profil, 4506 id32Bit: events.Sys32profil, 4507 name: "profil", 4508 syscall: true, 4509 sets: []string{"syscalls", "32bit_unique"}, 4510 params: []argMeta{}, 4511 }, 4512 events.Socketcall: { 4513 ID: events.Socketcall, 4514 id32Bit: events.Sys32socketcall, 4515 name: "socketcall", 4516 syscall: true, 4517 sets: []string{"syscalls", "32bit_unique"}, 4518 params: []argMeta{ 4519 {Type: "int", Name: "call"}, 4520 {Type: "unsigned long*", Name: "args"}, 4521 }, 4522 }, 4523 events.Olduname: { 4524 ID: events.Olduname, 4525 id32Bit: events.Sys32olduname, 4526 name: "olduname", 4527 syscall: true, 4528 sets: []string{"syscalls", "32bit_unique"}, 4529 params: []argMeta{ 4530 {Type: "struct utsname*", Name: "buf"}, 4531 }, 4532 }, 4533 events.Idle: { 4534 ID: events.Idle, 4535 id32Bit: events.Sys32idle, 4536 name: "idle", 4537 syscall: true, 4538 sets: []string{"syscalls", "32bit_unique"}, 4539 params: []argMeta{}, 4540 }, 4541 events.Vm86old: { 4542 ID: events.Vm86old, 4543 id32Bit: events.Sys32vm86old, 4544 name: "vm86old", 4545 syscall: true, 4546 sets: []string{"syscalls", "32bit_unique"}, 4547 params: []argMeta{ 4548 {Type: "struct vm86_struct*", Name: "info"}, 4549 }, 4550 }, 4551 events.Ipc: { 4552 ID: events.Ipc, 4553 id32Bit: events.Sys32ipc, 4554 name: "ipc", 4555 syscall: true, 4556 sets: []string{"syscalls", "32bit_unique"}, 4557 params: []argMeta{ 4558 {Type: "unsigned int", Name: "call"}, 4559 {Type: "int", Name: "first"}, 4560 {Type: "unsigned long", Name: "second"}, 4561 {Type: "unsigned long", Name: "third"}, 4562 {Type: "void*", Name: "ptr"}, 4563 {Type: "long", Name: "fifth"}, 4564 }, 4565 }, 4566 events.Sigreturn: { 4567 ID: events.Sigreturn, 4568 id32Bit: events.Sys32sigreturn, 4569 name: "sigreturn", 4570 syscall: true, 4571 sets: []string{"syscalls", "32bit_unique"}, 4572 params: []argMeta{}, 4573 }, 4574 events.Sigprocmask: { 4575 ID: events.Sigprocmask, 4576 id32Bit: events.Sys32sigprocmask, 4577 name: "sigprocmask", 4578 syscall: true, 4579 sets: []string{"syscalls", "32bit_unique"}, 4580 params: []argMeta{ 4581 {Type: "int", Name: "how"}, 4582 {Type: "const sigset_t *restrict", Name: "set"}, 4583 {Type: "sigset_t *restrict", Name: "oldset"}, 4584 }, 4585 }, 4586 events.Bdflush: { 4587 ID: events.Bdflush, 4588 id32Bit: events.Sys32bdflush, 4589 name: "bdflush", 4590 syscall: true, 4591 sets: []string{"syscalls", "32bit_unique"}, 4592 params: []argMeta{}, 4593 }, 4594 events.Afs_syscall: { 4595 ID: events.Afs_syscall, 4596 id32Bit: events.Sys32afs_syscall, 4597 name: "afs_syscall", 4598 syscall: true, 4599 sets: []string{"syscalls", "32bit_unique"}, 4600 params: []argMeta{}, 4601 }, 4602 events.Llseek: { 4603 ID: events.Llseek, 4604 id32Bit: events.Sys32_llseek, 4605 name: "llseek", 4606 syscall: true, 4607 sets: []string{"syscalls", "32bit_unique"}, 4608 params: []argMeta{ 4609 {Type: "unsigned int", Name: "fd"}, 4610 {Type: "unsigned long", Name: "offset_high"}, 4611 {Type: "unsigned long", Name: "offset_low"}, 4612 {Type: "loff_t*", Name: "result"}, 4613 {Type: "unsigned int", Name: "whence"}, 4614 }, 4615 }, 4616 events.OldSelect: { 4617 ID: events.OldSelect, 4618 id32Bit: events.Sys32select, 4619 name: "old_select", 4620 syscall: true, 4621 sets: []string{"syscalls", "32bit_unique"}, 4622 params: []argMeta{ 4623 {Type: "int", Name: "nfds"}, 4624 {Type: "fd_set*", Name: "readfds"}, 4625 {Type: "fd_set*", Name: "writefds"}, 4626 {Type: "fd_set*", Name: "exceptfds"}, 4627 {Type: "struct timeval*", Name: "timeout"}, 4628 }, 4629 }, 4630 events.Vm86: { 4631 ID: events.Vm86, 4632 id32Bit: events.Sys32vm86, 4633 name: "vm86", 4634 syscall: true, 4635 sets: []string{"syscalls", "32bit_unique"}, 4636 params: []argMeta{ 4637 {Type: "unsigned long", Name: "fn"}, 4638 {Type: "struct vm86plus_struct*", Name: "v86"}, 4639 }, 4640 }, 4641 events.OldGetrlimit: { 4642 ID: events.OldGetrlimit, 4643 id32Bit: events.Sys32getrlimit, 4644 name: "old_getrlimit", 4645 syscall: true, 4646 sets: []string{"syscalls", "32bit_unique"}, 4647 params: []argMeta{ 4648 {Type: "int", Name: "resource"}, 4649 {Type: "struct rlimit*", Name: "rlim"}, 4650 }, 4651 }, 4652 events.Mmap2: { 4653 ID: events.Mmap2, 4654 id32Bit: events.Sys32mmap2, 4655 name: "mmap2", 4656 syscall: true, 4657 sets: []string{"syscalls", "32bit_unique"}, 4658 params: []argMeta{ 4659 {Type: "unsigned long", Name: "addr"}, 4660 {Type: "unsigned long", Name: "length"}, 4661 {Type: "unsigned long", Name: "prot"}, 4662 {Type: "unsigned long", Name: "flags"}, 4663 {Type: "unsigned long", Name: "fd"}, 4664 {Type: "unsigned long", Name: "pgoffset"}, 4665 }, 4666 }, 4667 events.Truncate64: { 4668 ID: events.Truncate64, 4669 id32Bit: events.Sys32truncate64, 4670 name: "truncate64", 4671 syscall: true, 4672 sets: []string{"syscalls", "32bit_unique"}, 4673 params: []argMeta{ 4674 {Type: "const char*", Name: "path"}, 4675 {Type: "off_t", Name: "length"}, 4676 }, 4677 }, 4678 events.Ftruncate64: { 4679 ID: events.Ftruncate64, 4680 id32Bit: events.Sys32ftruncate64, 4681 name: "ftruncate64", 4682 syscall: true, 4683 sets: []string{"syscalls", "32bit_unique"}, 4684 params: []argMeta{ 4685 {Type: "int", Name: "fd"}, 4686 {Type: "off_t", Name: "length"}, 4687 }, 4688 }, 4689 events.Stat64: { 4690 ID: events.Stat64, 4691 id32Bit: events.Sys32stat64, 4692 name: "stat64", 4693 syscall: true, 4694 sets: []string{"syscalls", "32bit_unique"}, 4695 params: []argMeta{ 4696 {Type: "const char*", Name: "pathname"}, 4697 {Type: "struct stat64*", Name: "statbuf"}, 4698 }, 4699 }, 4700 events.Lstat64: { 4701 ID: events.Lstat64, 4702 id32Bit: events.Sys32lstat64, 4703 name: "lstat64", 4704 syscall: true, 4705 sets: []string{"syscalls", "32bit_unique"}, 4706 params: []argMeta{ 4707 {Type: "const char*", Name: "pathname"}, 4708 {Type: "struct stat64*", Name: "statbuf"}, 4709 }, 4710 }, 4711 events.Fstat64: { 4712 ID: events.Fstat64, 4713 id32Bit: events.Sys32fstat64, 4714 name: "fstat64", 4715 syscall: true, 4716 sets: []string{"syscalls", "32bit_unique"}, 4717 params: []argMeta{ 4718 {Type: "int", Name: "fd"}, 4719 {Type: "struct stat64*", Name: "statbuf"}, 4720 }, 4721 }, 4722 events.Lchown16: { 4723 ID: events.Lchown16, 4724 id32Bit: events.Sys32lchown, 4725 name: "lchown16", 4726 syscall: true, 4727 sets: []string{"syscalls", "32bit_unique"}, 4728 params: []argMeta{ 4729 {Type: "const char*", Name: "pathname"}, 4730 {Type: "old_uid_t", Name: "owner"}, 4731 {Type: "old_gid_t", Name: "group"}, 4732 }, 4733 }, 4734 events.Getuid16: { 4735 ID: events.Getuid16, 4736 id32Bit: events.Sys32getuid, 4737 name: "getuid16", 4738 syscall: true, 4739 sets: []string{"syscalls", "32bit_unique"}, 4740 params: []argMeta{}, 4741 }, 4742 events.Getgid16: { 4743 ID: events.Getgid16, 4744 id32Bit: events.Sys32getgid, 4745 name: "getgid16", 4746 syscall: true, 4747 sets: []string{"syscalls", "32bit_unique"}, 4748 params: []argMeta{}, 4749 }, 4750 events.Geteuid16: { 4751 ID: events.Geteuid16, 4752 id32Bit: events.Sys32geteuid, 4753 name: "geteuid16", 4754 syscall: true, 4755 sets: []string{"syscalls", "32bit_unique"}, 4756 params: []argMeta{}, 4757 }, 4758 events.Getegid16: { 4759 ID: events.Getegid16, 4760 id32Bit: events.Sys32getegid, 4761 name: "getegid16", 4762 syscall: true, 4763 sets: []string{"syscalls", "32bit_unique"}, 4764 params: []argMeta{}, 4765 }, 4766 events.Setreuid16: { 4767 ID: events.Setreuid16, 4768 id32Bit: events.Sys32setreuid, 4769 name: "setreuid16", 4770 syscall: true, 4771 sets: []string{"syscalls", "32bit_unique"}, 4772 params: []argMeta{ 4773 {Type: "old_uid_t", Name: "ruid"}, 4774 {Type: "old_uid_t", Name: "euid"}, 4775 }, 4776 }, 4777 events.Setregid16: { 4778 ID: events.Setregid16, 4779 id32Bit: events.Sys32setregid, 4780 name: "setregid16", 4781 syscall: true, 4782 sets: []string{"syscalls", "32bit_unique"}, 4783 params: []argMeta{ 4784 {Type: "old_gid_t", Name: "rgid"}, 4785 {Type: "old_gid_t", Name: "egid"}, 4786 }, 4787 }, 4788 events.Getgroups16: { 4789 ID: events.Getgroups16, 4790 id32Bit: events.Sys32getgroups, 4791 name: "getgroups16", 4792 syscall: true, 4793 sets: []string{"syscalls", "32bit_unique"}, 4794 params: []argMeta{ 4795 {Type: "int", Name: "size"}, 4796 {Type: "old_gid_t*", Name: "list"}, 4797 }, 4798 }, 4799 events.Setgroups16: { 4800 ID: events.Setgroups16, 4801 id32Bit: events.Sys32setgroups, 4802 name: "setgroups16", 4803 syscall: true, 4804 sets: []string{"syscalls", "32bit_unique"}, 4805 params: []argMeta{ 4806 {Type: "size_t", Name: "size"}, 4807 {Type: "const gid_t*", Name: "list"}, 4808 }, 4809 }, 4810 events.Fchown16: { 4811 ID: events.Fchown16, 4812 id32Bit: events.Sys32fchown, 4813 name: "fchown16", 4814 syscall: true, 4815 sets: []string{"syscalls", "32bit_unique"}, 4816 params: []argMeta{ 4817 {Type: "unsigned int", Name: "fd"}, 4818 {Type: "old_uid_t", Name: "user"}, 4819 {Type: "old_gid_t", Name: "group"}, 4820 }, 4821 }, 4822 events.Setresuid16: { 4823 ID: events.Setresuid16, 4824 id32Bit: events.Sys32setresuid, 4825 name: "setresuid16", 4826 syscall: true, 4827 sets: []string{"syscalls", "32bit_unique"}, 4828 params: []argMeta{ 4829 {Type: "old_uid_t", Name: "ruid"}, 4830 {Type: "old_uid_t", Name: "euid"}, 4831 {Type: "old_uid_t", Name: "suid"}, 4832 }, 4833 }, 4834 events.Getresuid16: { 4835 ID: events.Getresuid16, 4836 id32Bit: events.Sys32getresuid, 4837 name: "getresuid16", 4838 syscall: true, 4839 sets: []string{"syscalls", "32bit_unique"}, 4840 params: []argMeta{ 4841 {Type: "old_uid_t*", Name: "ruid"}, 4842 {Type: "old_uid_t*", Name: "euid"}, 4843 {Type: "old_uid_t*", Name: "suid"}, 4844 }, 4845 }, 4846 events.Setresgid16: { 4847 ID: events.Setresgid16, 4848 id32Bit: events.Sys32setresgid, 4849 name: "setresgid16", 4850 syscall: true, 4851 sets: []string{"syscalls", "32bit_unique"}, 4852 params: []argMeta{ 4853 {Type: "old_uid_t", Name: "rgid"}, 4854 {Type: "old_uid_t", Name: "euid"}, 4855 {Type: "old_uid_t", Name: "suid"}, 4856 }, 4857 }, 4858 events.Getresgid16: { 4859 ID: events.Getresgid16, 4860 id32Bit: events.Sys32getresgid, 4861 name: "getresgid16", 4862 syscall: true, 4863 sets: []string{"syscalls", "32bit_unique"}, 4864 params: []argMeta{ 4865 {Type: "old_gid_t*", Name: "rgid"}, 4866 {Type: "old_gid_t*", Name: "egid"}, 4867 {Type: "old_gid_t*", Name: "sgid"}, 4868 }, 4869 }, 4870 events.Chown16: { 4871 ID: events.Chown16, 4872 id32Bit: events.Sys32chown, 4873 name: "chown16", 4874 syscall: true, 4875 sets: []string{"syscalls", "32bit_unique"}, 4876 params: []argMeta{ 4877 {Type: "const char*", Name: "pathname"}, 4878 {Type: "old_uid_t", Name: "owner"}, 4879 {Type: "old_gid_t", Name: "group"}, 4880 }, 4881 }, 4882 events.Setuid16: { 4883 ID: events.Setuid16, 4884 id32Bit: events.Sys32setuid, 4885 name: "setuid16", 4886 syscall: true, 4887 sets: []string{"syscalls", "32bit_unique"}, 4888 params: []argMeta{ 4889 {Type: "old_old_uid_t", Name: "uid"}, 4890 }, 4891 }, 4892 events.Setgid16: { 4893 ID: events.Setgid16, 4894 id32Bit: events.Sys32setgid, 4895 name: "setgid16", 4896 syscall: true, 4897 sets: []string{"syscalls", "32bit_unique"}, 4898 params: []argMeta{ 4899 {Type: "old_gid_t", Name: "gid"}, 4900 }, 4901 }, 4902 events.Setfsuid16: { 4903 ID: events.Setfsuid16, 4904 id32Bit: events.Sys32setfsuid, 4905 name: "setfsuid16", 4906 syscall: true, 4907 sets: []string{"syscalls", "32bit_unique"}, 4908 params: []argMeta{ 4909 {Type: "old_uid_t", Name: "fsuid"}, 4910 }, 4911 }, 4912 events.Setfsgid16: { 4913 ID: events.Setfsgid16, 4914 id32Bit: events.Sys32setfsgid, 4915 name: "setfsgid16", 4916 syscall: true, 4917 sets: []string{"syscalls", "32bit_unique"}, 4918 params: []argMeta{ 4919 {Type: "old_gid_t", Name: "fsgid"}, 4920 }, 4921 }, 4922 events.Fcntl64: { 4923 ID: events.Fcntl64, 4924 id32Bit: events.Sys32fcntl64, 4925 name: "fcntl64", 4926 syscall: true, 4927 sets: []string{"syscalls", "32bit_unique"}, 4928 params: []argMeta{ 4929 {Type: "int", Name: "fd"}, 4930 {Type: "int", Name: "cmd"}, 4931 {Type: "unsigned long", Name: "arg"}, 4932 }, 4933 }, 4934 events.Sendfile32: { 4935 ID: events.Sendfile32, 4936 id32Bit: events.Sys32sendfile, 4937 name: "sendfile32", 4938 syscall: true, 4939 sets: []string{"syscalls", "32bit_unique"}, 4940 params: []argMeta{ 4941 {Type: "int", Name: "out_fd"}, 4942 {Type: "int", Name: "in_fd"}, 4943 {Type: "off_t*", Name: "offset"}, 4944 {Type: "size_t", Name: "count"}, 4945 }, 4946 }, 4947 events.Statfs64: { 4948 ID: events.Statfs64, 4949 id32Bit: events.Sys32statfs64, 4950 name: "statfs64", 4951 syscall: true, 4952 sets: []string{"syscalls", "32bit_unique"}, 4953 params: []argMeta{ 4954 {Type: "const char*", Name: "path"}, 4955 {Type: "size_t", Name: "sz"}, 4956 {Type: "struct statfs64*", Name: "buf"}, 4957 }, 4958 }, 4959 events.Fstatfs64: { 4960 ID: events.Fstatfs64, 4961 id32Bit: events.Sys32fstatfs64, 4962 name: "fstatfs64", 4963 syscall: true, 4964 sets: []string{"syscalls", "32bit_unique"}, 4965 params: []argMeta{ 4966 {Type: "int", Name: "fd"}, 4967 {Type: "size_t", Name: "sz"}, 4968 {Type: "struct statfs64*", Name: "buf"}, 4969 }, 4970 }, 4971 events.Fadvise64_64: { 4972 ID: events.Fadvise64_64, 4973 id32Bit: events.Sys32fadvise64_64, 4974 name: "fadvise64_64", 4975 syscall: true, 4976 sets: []string{"syscalls", "32bit_unique"}, 4977 params: []argMeta{ 4978 {Type: "int", Name: "fd"}, 4979 {Type: "loff_t", Name: "offset"}, 4980 {Type: "loff_t", Name: "len"}, 4981 {Type: "int", Name: "advice"}, 4982 }, 4983 }, 4984 events.ClockGettime32: { 4985 ID: events.ClockGettime32, 4986 id32Bit: events.Sys32clock_gettime, 4987 name: "clock_gettime32", 4988 syscall: true, 4989 sets: []string{"syscalls", "32bit_unique"}, 4990 params: []argMeta{ 4991 {Type: "clockid_t", Name: "which_clock"}, 4992 {Type: "struct old_timespec32*", Name: "tp"}, 4993 }, 4994 }, 4995 events.ClockSettime32: { 4996 ID: events.ClockSettime32, 4997 id32Bit: events.Sys32clock_settime, 4998 name: "clock_settime32", 4999 syscall: true, 5000 sets: []string{"syscalls", "32bit_unique"}, 5001 params: []argMeta{ 5002 {Type: "clockid_t", Name: "which_clock"}, 5003 {Type: "struct old_timespec32*", Name: "tp"}, 5004 }, 5005 }, 5006 events.ClockAdjtime64: { 5007 ID: events.ClockAdjtime64, 5008 id32Bit: events.Sys32clock_adjtime64, 5009 name: "clock_adjtime64", 5010 syscall: true, 5011 sets: []string{"syscalls", "32bit_unique"}, 5012 params: []argMeta{}, 5013 }, 5014 events.ClockGetresTime32: { 5015 ID: events.ClockGetresTime32, 5016 id32Bit: events.Sys32clock_getres, 5017 name: "clock_getres_time32", 5018 syscall: true, 5019 sets: []string{"syscalls", "32bit_unique"}, 5020 params: []argMeta{ 5021 {Type: "clockid_t", Name: "which_clock"}, 5022 {Type: "struct old_timespec32*", Name: "tp"}, 5023 }, 5024 }, 5025 events.ClockNanosleepTime32: { 5026 ID: events.ClockNanosleepTime32, 5027 id32Bit: events.Sys32clock_nanosleep, 5028 name: "clock_nanosleep_time32", 5029 syscall: true, 5030 sets: []string{"syscalls", "32bit_unique"}, 5031 params: []argMeta{ 5032 {Type: "clockid_t", Name: "which_clock"}, 5033 {Type: "int", Name: "flags"}, 5034 {Type: "struct old_timespec32*", Name: "rqtp"}, 5035 {Type: "struct old_timespec32*", Name: "rmtp"}, 5036 }, 5037 }, 5038 events.TimerGettime32: { 5039 ID: events.TimerGettime32, 5040 id32Bit: events.Sys32timer_gettime, 5041 name: "timer_gettime32", 5042 syscall: true, 5043 sets: []string{"syscalls", "32bit_unique"}, 5044 params: []argMeta{ 5045 {Type: "timer_t", Name: "timer_id"}, 5046 {Type: "struct old_itimerspec32*", Name: "setting"}, 5047 }, 5048 }, 5049 events.TimerSettime32: { 5050 ID: events.TimerSettime32, 5051 id32Bit: events.Sys32timer_settime, 5052 name: "timer_settime32", 5053 syscall: true, 5054 sets: []string{"syscalls", "32bit_unique"}, 5055 params: []argMeta{ 5056 {Type: "timer_t", Name: "timer_id"}, 5057 {Type: "int", Name: "flags"}, 5058 {Type: "struct old_itimerspec32*", Name: "new"}, 5059 {Type: "struct old_itimerspec32*", Name: "old"}, 5060 }, 5061 }, 5062 events.TimerfdGettime32: { 5063 ID: events.TimerfdGettime32, 5064 id32Bit: events.Sys32timerfd_gettime, 5065 name: "timerfd_gettime32", 5066 syscall: true, 5067 sets: []string{"syscalls", "32bit_unique"}, 5068 params: []argMeta{ 5069 {Type: "int", Name: "ufd"}, 5070 {Type: "struct old_itimerspec32*", Name: "otmr"}, 5071 }, 5072 }, 5073 events.TimerfdSettime32: { 5074 ID: events.TimerfdSettime32, 5075 id32Bit: events.Sys32timerfd_settime, 5076 name: "timerfd_settime32", 5077 syscall: true, 5078 sets: []string{"syscalls", "32bit_unique"}, 5079 params: []argMeta{ 5080 {Type: "int", Name: "ufd"}, 5081 {Type: "int", Name: "flags"}, 5082 {Type: "struct old_itimerspec32*", Name: "utmr"}, 5083 {Type: "struct old_itimerspec32*", Name: "otmr"}, 5084 }, 5085 }, 5086 events.UtimensatTime32: { 5087 ID: events.UtimensatTime32, 5088 id32Bit: events.Sys32utimensat, 5089 name: "utimensat_time32", 5090 syscall: true, 5091 sets: []string{"syscalls", "32bit_unique"}, 5092 params: []argMeta{ 5093 {Type: "unsigned int", Name: "dfd"}, 5094 {Type: "char*", Name: "filename"}, 5095 {Type: "struct old_timespec32*", Name: "t"}, 5096 {Type: "int", Name: "flags"}, 5097 }, 5098 }, 5099 events.Pselect6Time32: { 5100 ID: events.Pselect6Time32, 5101 id32Bit: events.Sys32pselect6, 5102 name: "pselect6_time32", 5103 syscall: true, 5104 sets: []string{"syscalls", "32bit_unique"}, 5105 params: []argMeta{ 5106 {Type: "int", Name: "n"}, 5107 {Type: "fd_set*", Name: "inp"}, 5108 {Type: "fd_set*", Name: "outp"}, 5109 {Type: "fd_set*", Name: "exp"}, 5110 {Type: "struct old_timespec32*", Name: "tsp"}, 5111 {Type: "void*", Name: "sig"}, 5112 }, 5113 }, 5114 events.PpollTime32: { 5115 ID: events.PpollTime32, 5116 id32Bit: events.Sys32ppoll, 5117 name: "ppoll_time32", 5118 syscall: true, 5119 sets: []string{"syscalls", "32bit_unique"}, 5120 params: []argMeta{ 5121 {Type: "struct pollfd*", Name: "ufds"}, 5122 {Type: "unsigned int", Name: "nfds"}, 5123 {Type: "struct old_timespec32*", Name: "tsp"}, 5124 {Type: "sigset_t*", Name: "sigmask"}, 5125 {Type: "size_t", Name: "sigsetsize"}, 5126 }, 5127 }, 5128 events.IoPgeteventsTime32: { 5129 ID: events.IoPgeteventsTime32, 5130 id32Bit: events.Sys32io_pgetevents, 5131 name: "io_pgetevents_time32", 5132 syscall: true, 5133 sets: []string{"syscalls", "32bit_unique"}, 5134 params: []argMeta{}, 5135 }, 5136 events.RecvmmsgTime32: { 5137 ID: events.RecvmmsgTime32, 5138 id32Bit: events.Sys32recvmmsg, 5139 name: "recvmmsg_time32", 5140 syscall: true, 5141 sets: []string{"syscalls", "32bit_unique"}, 5142 params: []argMeta{ 5143 {Type: "int", Name: "fd"}, 5144 {Type: "struct mmsghdr*", Name: "mmsg"}, 5145 {Type: "unsigned int", Name: "vlen"}, 5146 {Type: "unsigned int", Name: "flags"}, 5147 {Type: "struct old_timespec32*", Name: "timeout"}, 5148 }, 5149 }, 5150 events.MqTimedsendTime32: { 5151 ID: events.MqTimedsendTime32, 5152 id32Bit: events.Sys32mq_timedsend, 5153 name: "mq_timedsend_time32", 5154 syscall: true, 5155 sets: []string{"syscalls", "32bit_unique"}, 5156 params: []argMeta{ 5157 {Type: "mqd_t", Name: "mqdes"}, 5158 {Type: "char*", Name: "u_msg_ptr"}, 5159 {Type: "unsigned int", Name: "msg_len"}, 5160 {Type: "unsigned int", Name: "msg_prio"}, 5161 {Type: "struct old_timespec32*", Name: "u_abs_timeout"}, 5162 }, 5163 }, 5164 events.MqTimedreceiveTime32: { 5165 ID: events.MqTimedreceiveTime32, 5166 id32Bit: events.Sys32mq_timedreceive, 5167 name: "mq_timedreceive_time32", 5168 syscall: true, 5169 sets: []string{"syscalls", "32bit_unique"}, 5170 params: []argMeta{ 5171 {Type: "mqd_t", Name: "mqdes"}, 5172 {Type: "char*", Name: "u_msg_ptr"}, 5173 {Type: "unsigned int", Name: "msg_len"}, 5174 {Type: "unsigned int*", Name: "u_msg_prio"}, 5175 {Type: "struct old_timespec32*", Name: "u_abs_timeout"}, 5176 }, 5177 }, 5178 events.RtSigtimedwaitTime32: { 5179 ID: events.RtSigtimedwaitTime32, 5180 id32Bit: events.Sys32rt_sigtimedwait, 5181 name: "rt_sigtimedwait_time32", 5182 syscall: true, 5183 sets: []string{"syscalls", "32bit_unique"}, 5184 params: []argMeta{ 5185 {Type: "sigset_t*", Name: "uthese"}, 5186 {Type: "siginfo_t*", Name: "uinfo"}, 5187 {Type: "struct old_timespec32*", Name: "uts"}, 5188 {Type: "size_t", Name: "sigsetsize"}, 5189 }, 5190 }, 5191 events.FutexTime32: { 5192 ID: events.FutexTime32, 5193 id32Bit: events.Sys32futex, 5194 name: "futex_time32", 5195 syscall: true, 5196 sets: []string{"syscalls", "32bit_unique"}, 5197 params: []argMeta{ 5198 {Type: "u32*", Name: "uaddr"}, 5199 {Type: "int", Name: "op"}, 5200 {Type: "u32", Name: "val"}, 5201 {Type: "struct old_timespec32*", Name: "utime"}, 5202 {Type: "u32*", Name: "uaddr2"}, 5203 {Type: "u32", Name: "val3"}, 5204 }, 5205 }, 5206 events.SchedRrGetInterval32: { 5207 ID: events.SchedRrGetInterval32, 5208 id32Bit: events.Sys32sched_rr_get_interval, 5209 name: "sched_rr_get_interval_time32", 5210 syscall: true, 5211 sets: []string{"syscalls", "32bit_unique"}, 5212 params: []argMeta{ 5213 {Type: "pid_t", Name: "pid"}, 5214 {Type: "struct old_timespec32*", Name: "interval"}, 5215 }, 5216 }, 5217 // 5218 // End of Syscalls 5219 // 5220 events.SysEnter: { 5221 ID: events.SysEnter, 5222 id32Bit: events.Sys32Undefined, 5223 name: "sys_enter", 5224 dependencies: dependencies{ 5225 probes: []EventProbe{ 5226 {handle: ProbeSysEnter, required: true}, 5227 }, 5228 }, 5229 sets: []string{}, 5230 params: []argMeta{ 5231 {Type: "int", Name: "syscall"}, 5232 }, 5233 }, 5234 events.SysExit: { 5235 ID: events.SysExit, 5236 id32Bit: events.Sys32Undefined, 5237 name: "sys_exit", 5238 dependencies: dependencies{ 5239 probes: []EventProbe{ 5240 {handle: ProbeSysExit, required: true}, 5241 }, 5242 }, 5243 sets: []string{}, 5244 params: []argMeta{ 5245 {Type: "int", Name: "syscall"}, 5246 }, 5247 }, 5248 events.SchedProcessFork: { 5249 ID: events.SchedProcessFork, 5250 id32Bit: events.Sys32Undefined, 5251 name: "sched_process_fork", 5252 dependencies: dependencies{ 5253 probes: []EventProbe{ 5254 {handle: ProbeSchedProcessFork, required: true}, 5255 }, 5256 }, 5257 sets: []string{}, 5258 params: []argMeta{ 5259 {Type: "int", Name: "parent_tid"}, 5260 {Type: "int", Name: "parent_ns_tid"}, 5261 {Type: "int", Name: "parent_pid"}, 5262 {Type: "int", Name: "parent_ns_pid"}, 5263 {Type: "int", Name: "child_tid"}, 5264 {Type: "int", Name: "child_ns_tid"}, 5265 {Type: "int", Name: "child_pid"}, 5266 {Type: "int", Name: "child_ns_pid"}, 5267 {Type: "unsigned long", Name: "start_time"}, 5268 }, 5269 }, 5270 events.SchedProcessExec: { 5271 ID: events.SchedProcessExec, 5272 id32Bit: events.Sys32Undefined, 5273 name: "sched_process_exec", 5274 dependencies: dependencies{ 5275 probes: []EventProbe{ 5276 {handle: ProbeSchedProcessExec, required: true}, 5277 {handle: ProbeLoadElfPhdrs, required: false}, 5278 }, 5279 tailCalls: []TailCall{ 5280 { 5281 objs.ProgArrayTp, 5282 objs.SchedProcessExecEventSubmitTail, 5283 []uint32{TailSchedProcessExecEventSubmit}, 5284 }, 5285 }, 5286 //capabilities: capabilities{ 5287 // base: []cap.Value{ 5288 // // 1. set by processSchedProcessFork IF ExecHash enabled 5289 // // 2. set by processSchedProcessExec by CaptureExec if needed 5290 // // cap.SYS_PTRACE, 5291 // }, 5292 //}, 5293 }, 5294 sets: []string{"default", "proc"}, 5295 params: []argMeta{ 5296 {Type: "const char*", Name: "cmdpath"}, 5297 {Type: "const char*", Name: "pathname"}, 5298 {Type: "dev_t", Name: "dev"}, 5299 {Type: "unsigned long", Name: "inode"}, 5300 {Type: "unsigned long", Name: "ctime"}, 5301 {Type: "umode_t", Name: "inode_mode"}, 5302 {Type: "const char*", Name: "interpreter_pathname"}, 5303 {Type: "dev_t", Name: "interpreter_dev"}, 5304 {Type: "unsigned long", Name: "interpreter_inode"}, 5305 {Type: "unsigned long", Name: "interpreter_ctime"}, 5306 {Type: "const char**", Name: "argv"}, 5307 {Type: "const char*", Name: "interp"}, 5308 {Type: "umode_t", Name: "stdin_type"}, 5309 {Type: "char*", Name: "stdin_path"}, 5310 {Type: "int", Name: "invoked_from_kernel"}, 5311 {Type: "const char**", Name: "env"}, 5312 }, 5313 }, 5314 events.SchedProcessExit: { 5315 ID: events.SchedProcessExit, 5316 id32Bit: events.Sys32Undefined, 5317 name: "sched_process_exit", 5318 dependencies: dependencies{ 5319 probes: []EventProbe{ 5320 {handle: ProbeSchedProcessExit, required: true}, 5321 {handle: ProbeSchedProcessFree, required: true}, 5322 }, 5323 }, 5324 sets: []string{"proc", "proc_life"}, 5325 params: []argMeta{ 5326 {Type: "long", Name: "exit_code"}, 5327 // The field value represents that all threads exited at the event time. 5328 // Multiple exits of threads of the same process group at the same time could result that all threads exit 5329 // events would have 'true' value in this field altogether. 5330 {Type: "bool", Name: "process_group_exit"}, 5331 }, 5332 }, 5333 events.SchedSwitch: { 5334 ID: events.SchedSwitch, 5335 id32Bit: events.Sys32Undefined, 5336 name: "sched_switch", 5337 dependencies: dependencies{ 5338 probes: []EventProbe{ 5339 {handle: ProbeSchedSwitch, required: true}, 5340 }, 5341 }, 5342 sets: []string{}, 5343 params: []argMeta{ 5344 {Type: "int", Name: "cpu"}, 5345 {Type: "int", Name: "prev_tid"}, 5346 {Type: "const char*", Name: "prev_comm"}, 5347 {Type: "int", Name: "next_tid"}, 5348 {Type: "const char*", Name: "next_comm"}, 5349 }, 5350 }, 5351 events.ProcessOomKilled: { 5352 ID: events.ProcessOomKilled, 5353 id32Bit: events.Sys32Undefined, 5354 name: "sched_process_exit", 5355 dependencies: dependencies{ 5356 probes: []EventProbe{ 5357 {handle: ProbeSchedProcessExit, required: true}, 5358 {handle: ProbeSchedProcessFree, required: true}, 5359 {handle: ProbeOomMarkVictim, required: true}, 5360 }, 5361 }, 5362 sets: []string{"proc", "proc_life"}, 5363 params: []argMeta{ 5364 {Type: "long", Name: "exit_code"}, 5365 // The field value represents that all threads exited at the event time. 5366 // Multiple exits of threads of the same process group at the same time could result that all threads exit 5367 // events would have 'true' value in this field altogether. 5368 {Type: "bool", Name: "process_group_exit"}, 5369 }, 5370 }, 5371 events.DoExit: { 5372 ID: events.DoExit, 5373 id32Bit: events.Sys32Undefined, 5374 name: "do_exit", 5375 dependencies: dependencies{ 5376 probes: []EventProbe{{handle: ProbeDoExit, required: true}}, 5377 }, 5378 sets: []string{"proc", "proc_life"}, 5379 params: []argMeta{}, 5380 }, 5381 events.CapCapable: { 5382 ID: events.CapCapable, 5383 id32Bit: events.Sys32Undefined, 5384 name: "cap_capable", 5385 dependencies: dependencies{ 5386 probes: []EventProbe{ 5387 {handle: ProbeCapCapable, required: true}, 5388 }, 5389 }, 5390 sets: []string{}, 5391 params: []argMeta{ 5392 {Type: "int", Name: "cap"}, 5393 }, 5394 }, 5395 events.VfsWrite: { 5396 ID: events.VfsWrite, 5397 id32Bit: events.Sys32Undefined, 5398 name: "vfs_write", 5399 dependencies: dependencies{ 5400 probes: []EventProbe{ 5401 {handle: ProbeVfsWrite, required: true}, 5402 {handle: ProbeVfsWriteRet, required: true}, 5403 }, 5404 }, 5405 sets: []string{}, 5406 params: []argMeta{ 5407 {Type: "const char*", Name: "pathname"}, 5408 {Type: "dev_t", Name: "dev"}, 5409 {Type: "unsigned long", Name: "inode"}, 5410 {Type: "size_t", Name: "count"}, 5411 {Type: "off_t", Name: "pos"}, 5412 }, 5413 }, 5414 events.VfsWritev: { 5415 ID: events.VfsWritev, 5416 id32Bit: events.Sys32Undefined, 5417 name: "vfs_writev", 5418 dependencies: dependencies{ 5419 probes: []EventProbe{ 5420 {handle: ProbeVfsWriteV, required: true}, 5421 {handle: ProbeVfsWriteVRet, required: true}, 5422 }, 5423 }, 5424 sets: []string{}, 5425 params: []argMeta{ 5426 {Type: "const char*", Name: "pathname"}, 5427 {Type: "dev_t", Name: "dev"}, 5428 {Type: "unsigned long", Name: "inode"}, 5429 {Type: "unsigned long", Name: "vlen"}, 5430 {Type: "off_t", Name: "pos"}, 5431 }, 5432 }, 5433 events.MemProtAlert: { 5434 ID: events.MemProtAlert, 5435 id32Bit: events.Sys32Undefined, 5436 name: "mem_prot_alert", 5437 dependencies: dependencies{ 5438 probes: []EventProbe{ 5439 {handle: ProbeSecurityMmapAddr, required: true}, 5440 {handle: ProbeSecurityFileMProtect, required: true}, 5441 {handle: ProbeSyscallEnter__Internal, required: true}, 5442 }, 5443 tailCalls: []TailCall{ 5444 { 5445 objs.SysEnterInitTail, 5446 objs.SysEnterInit, 5447 []uint32{uint32(events.Mmap), uint32(events.Mprotect), uint32(events.PkeyMprotect)}, 5448 }, 5449 }, 5450 }, 5451 sets: []string{}, 5452 params: []argMeta{ 5453 {Type: "u32", Name: "alert"}, 5454 {Type: "void*", Name: "addr"}, 5455 {Type: "size_t", Name: "len"}, 5456 {Type: "int", Name: "prot"}, 5457 {Type: "int", Name: "prev_prot"}, 5458 {Type: "const char*", Name: "pathname"}, 5459 {Type: "dev_t", Name: "dev"}, 5460 {Type: "unsigned long", Name: "inode"}, 5461 {Type: "u64", Name: "ctime"}, 5462 }, 5463 }, 5464 events.CommitCreds: { 5465 ID: events.CommitCreds, 5466 id32Bit: events.Sys32Undefined, 5467 name: "commit_creds", 5468 dependencies: dependencies{ 5469 probes: []EventProbe{ 5470 {handle: ProbeCommitCreds, required: true}, 5471 }, 5472 }, 5473 sets: []string{}, 5474 params: []argMeta{ 5475 {Type: "slim_cred_t", Name: "old_cred"}, 5476 {Type: "slim_cred_t", Name: "new_cred"}, 5477 }, 5478 }, 5479 events.SwitchTaskNS: { 5480 ID: events.SwitchTaskNS, 5481 id32Bit: events.Sys32Undefined, 5482 name: "switch_task_ns", 5483 dependencies: dependencies{ 5484 probes: []EventProbe{ 5485 {handle: ProbeSwitchTaskNS, required: true}, 5486 }, 5487 }, 5488 sets: []string{}, 5489 params: []argMeta{ 5490 {Type: "pid_t", Name: "pid"}, 5491 {Type: "u32", Name: "new_mnt"}, 5492 {Type: "u32", Name: "new_pid"}, 5493 {Type: "u32", Name: "new_uts"}, 5494 {Type: "u32", Name: "new_ipc"}, 5495 {Type: "u32", Name: "new_net"}, 5496 {Type: "u32", Name: "new_cgroup"}, 5497 }, 5498 }, 5499 events.MagicWrite: { 5500 ID: events.MagicWrite, 5501 id32Bit: events.Sys32Undefined, 5502 name: "magic_write", 5503 docPath: "security_alerts/magic_write.md", 5504 dependencies: dependencies{ 5505 probes: []EventProbe{ 5506 {handle: ProbeVfsWriteMagic, required: true}, 5507 {handle: ProbeVfsWriteMagicRet, required: true}, 5508 {handle: ProbeVfsWriteVMagic, required: false}, 5509 {handle: ProbeVfsWriteVMagicRet, required: false}, 5510 {handle: ProbeKernelWriteMagic, required: false}, 5511 {handle: ProbeKernelWriteMagicRet, required: false}, 5512 }, 5513 }, 5514 sets: []string{}, 5515 params: []argMeta{ 5516 {Type: "const char*", Name: "pathname"}, 5517 {Type: "bytes", Name: "bytes"}, 5518 {Type: "dev_t", Name: "dev"}, 5519 {Type: "unsigned long", Name: "inode"}, 5520 }, 5521 }, 5522 events.CgroupAttachTask: { 5523 ID: events.CgroupAttachTask, 5524 id32Bit: events.Sys32Undefined, 5525 name: "cgroup_attach_task", 5526 dependencies: dependencies{ 5527 probes: []EventProbe{ 5528 {handle: ProbeCgroupAttachTask, required: true}, 5529 }, 5530 }, 5531 sets: []string{}, 5532 params: []argMeta{ 5533 {Type: "const char*", Name: "cgroup_path"}, 5534 {Type: "const char*", Name: "comm"}, 5535 {Type: "pid_t", Name: "pid"}, 5536 }, 5537 }, 5538 events.CgroupMkdir: { 5539 ID: events.CgroupMkdir, 5540 id32Bit: events.Sys32Undefined, 5541 name: "cgroup_mkdir", 5542 dependencies: dependencies{ 5543 probes: []EventProbe{ 5544 {handle: ProbeCgroupMkdir, required: true}, 5545 }, 5546 }, 5547 sets: []string{}, 5548 params: []argMeta{ 5549 {Type: "u64", Name: "cgroup_id"}, 5550 {Type: "const char*", Name: "cgroup_path"}, 5551 {Type: "u32", Name: "hierarchy_id"}, 5552 }, 5553 }, 5554 events.CgroupRmdir: { 5555 ID: events.CgroupRmdir, 5556 id32Bit: events.Sys32Undefined, 5557 name: "security_bprm_check", 5558 dependencies: dependencies{ 5559 probes: []EventProbe{ 5560 {handle: ProbeSecurityBPRMCheck, required: true}, 5561 }, 5562 }, 5563 sets: []string{"lsm_hooks", "proc", "proc_life"}, 5564 params: []argMeta{ 5565 {Type: "u64", Name: "cgroup_id"}, 5566 {Type: "const char*", Name: "cgroup_path"}, 5567 {Type: "u32", Name: "hierarchy_id"}, 5568 }, 5569 }, 5570 events.SecurityFileOpen: { 5571 ID: events.SecurityFileOpen, 5572 id32Bit: events.Sys32Undefined, 5573 name: "security_file_open", 5574 dependencies: dependencies{ 5575 probes: []EventProbe{ 5576 {handle: ProbeSecurityFileOpen, required: true}, 5577 {handle: ProbeSyscallEnter__Internal, required: true}, 5578 }, 5579 tailCalls: []TailCall{ 5580 { 5581 objs.SysEnterInitTail, 5582 objs.SysEnterInit, 5583 []uint32{ 5584 uint32(events.Open), uint32(events.Openat), uint32(events.Openat2), 5585 uint32(events.OpenByHandleAt), uint32(events.Execve), 5586 uint32(events.Execveat), 5587 }, 5588 }, 5589 }, 5590 }, 5591 sets: []string{"lsm_hooks", "fs", "fs_file_ops"}, 5592 params: []argMeta{ 5593 {Type: "const char*", Name: "pathname"}, 5594 {Type: "int", Name: "flags"}, 5595 {Type: "dev_t", Name: "dev"}, 5596 {Type: "unsigned long", Name: "inode"}, 5597 {Type: "unsigned long", Name: "ctime"}, 5598 {Type: "const char*", Name: "syscall_pathname"}, 5599 }, 5600 }, 5601 events.SecurityInodeUnlink: { 5602 ID: events.SecurityInodeUnlink, 5603 id32Bit: events.Sys32Undefined, 5604 name: "security_inode_unlink", 5605 dependencies: dependencies{ 5606 probes: []EventProbe{ 5607 {handle: ProbeSecurityInodeUnlink, required: true}, 5608 }, 5609 }, 5610 sets: []string{"default", "lsm_hooks", "fs", "fs_file_ops"}, 5611 params: []argMeta{ 5612 {Type: "const char*", Name: "pathname"}, 5613 {Type: "unsigned long", Name: "inode"}, 5614 {Type: "dev_t", Name: "dev"}, 5615 {Type: "u64", Name: "ctime"}, 5616 }, 5617 }, 5618 events.SecuritySocketCreate: { 5619 ID: events.SecuritySocketCreate, 5620 id32Bit: events.Sys32Undefined, 5621 name: "security_socket_create", 5622 dependencies: dependencies{ 5623 probes: []EventProbe{ 5624 {handle: ProbeSecuritySocketCreate, required: true}, 5625 }, 5626 }, 5627 sets: []string{"lsm_hooks", "net", "net_sock"}, 5628 params: []argMeta{ 5629 {Type: "int", Name: "family"}, 5630 {Type: "int", Name: "type"}, 5631 {Type: "int", Name: "protocol"}, 5632 {Type: "int", Name: "kern"}, 5633 }, 5634 }, 5635 events.SecuritySocketListen: { 5636 ID: events.SecuritySocketListen, 5637 id32Bit: events.Sys32Undefined, 5638 name: "security_socket_listen", 5639 dependencies: dependencies{ 5640 probes: []EventProbe{ 5641 {handle: ProbeSecuritySocketListen, required: true}, 5642 {handle: ProbeSyscallEnter__Internal, required: true}, 5643 }, 5644 tailCalls: []TailCall{ 5645 {objs.SysEnterInitTail, objs.SysEnterInit, []uint32{uint32(events.Listen)}}, 5646 }, 5647 }, 5648 sets: []string{"lsm_hooks", "net", "net_sock"}, 5649 params: []argMeta{ 5650 {Type: "int", Name: "sockfd"}, 5651 {Type: "struct sockaddr*", Name: "local_addr"}, 5652 {Type: "int", Name: "backlog"}, 5653 }, 5654 }, 5655 events.SecuritySocketConnect: { 5656 ID: events.SecuritySocketConnect, 5657 id32Bit: events.Sys32Undefined, 5658 name: "security_socket_connect", 5659 dependencies: dependencies{ 5660 probes: []EventProbe{ 5661 {handle: ProbeSecuritySocketConnect, required: true}, 5662 {handle: ProbeSyscallEnter__Internal, required: true}, 5663 }, 5664 tailCalls: []TailCall{ 5665 { 5666 objs.SysEnterInitTail, 5667 objs.SysEnterInit, 5668 []uint32{uint32(events.Connect)}}, 5669 }, 5670 }, 5671 sets: []string{"default", "lsm_hooks", "net", "net_sock"}, 5672 params: []argMeta{ 5673 {Type: "int", Name: "sockfd"}, 5674 {Type: "int", Name: "type"}, 5675 {Type: "struct sockaddr*", Name: "remote_addr"}, 5676 }, 5677 }, 5678 events.SecuritySocketAccept: { 5679 ID: events.SecuritySocketAccept, 5680 id32Bit: events.Sys32Undefined, 5681 name: "security_socket_accept", 5682 dependencies: dependencies{ 5683 probes: []EventProbe{ 5684 {handle: ProbeSecuritySocketAccept, required: true}, 5685 {handle: ProbeSyscallEnter__Internal, required: true}, 5686 }, 5687 tailCalls: []TailCall{ 5688 {objs.SysEnterInitTail, objs.SysEnterInit, []uint32{uint32(events.Accept), uint32(events.Accept4)}}, 5689 }, 5690 }, 5691 sets: []string{"default", "lsm_hooks", "net", "net_sock"}, 5692 params: []argMeta{ 5693 {Type: "int", Name: "sockfd"}, 5694 {Type: "struct sockaddr*", Name: "local_addr"}, 5695 }, 5696 }, 5697 events.SecuritySocketBind: { 5698 ID: events.SecuritySocketBind, 5699 id32Bit: events.Sys32Undefined, 5700 name: "security_socket_bind", 5701 dependencies: dependencies{ 5702 probes: []EventProbe{ 5703 {handle: ProbeSecuritySocketBind, required: true}, 5704 {handle: ProbeSyscallEnter__Internal, required: true}, 5705 }, 5706 tailCalls: []TailCall{ 5707 { 5708 objs.SysEnterInitTail, 5709 objs.SysEnterInit, 5710 []uint32{uint32(events.Bind)}}, 5711 }, 5712 }, 5713 sets: []string{"default", "lsm_hooks", "net", "net_sock"}, 5714 params: []argMeta{ 5715 {Type: "int", Name: "sockfd"}, 5716 {Type: "struct sockaddr*", Name: "local_addr"}, 5717 }, 5718 }, 5719 events.SecuritySocketSetsockopt: { 5720 ID: events.SecuritySocketSetsockopt, 5721 id32Bit: events.Sys32Undefined, 5722 name: "security_socket_setsockopt", 5723 docPath: "lsm_hooks/security_socket_setsockopt.md", 5724 dependencies: dependencies{ 5725 probes: []EventProbe{ 5726 {handle: ProbeSecuritySocketSetsockopt, required: true}, 5727 {handle: ProbeSyscallEnter__Internal, required: true}, 5728 }, 5729 tailCalls: []TailCall{ 5730 {objs.SysEnterInitTail, objs.SysEnterInit, []uint32{uint32(events.Setsockopt)}}, 5731 }, 5732 }, 5733 sets: []string{"lsm_hooks", "net", "net_sock"}, 5734 params: []argMeta{ 5735 {Type: "int", Name: "sockfd"}, 5736 {Type: "int", Name: "level"}, 5737 {Type: "int", Name: "optname"}, 5738 {Type: "struct sockaddr*", Name: "local_addr"}, 5739 }, 5740 }, 5741 events.SecuritySbMount: { 5742 ID: events.SecuritySbMount, 5743 id32Bit: events.Sys32Undefined, 5744 name: "security_sb_mount", 5745 dependencies: dependencies{ 5746 probes: []EventProbe{ 5747 {handle: ProbeSecuritySbMount, required: true}, 5748 }, 5749 }, 5750 sets: []string{"default", "lsm_hooks", "fs"}, 5751 params: []argMeta{ 5752 {Type: "const char*", Name: "dev_name"}, 5753 {Type: "const char*", Name: "path"}, 5754 {Type: "const char*", Name: "type"}, 5755 {Type: "unsigned long", Name: "flags"}, 5756 }, 5757 }, 5758 events.SecurityBPF: { 5759 ID: events.SecurityBPF, 5760 id32Bit: events.Sys32Undefined, 5761 name: "security_bpf", 5762 dependencies: dependencies{ 5763 probes: []EventProbe{ 5764 {handle: ProbeSecurityBPF, required: true}, 5765 }, 5766 }, 5767 sets: []string{"lsm_hooks"}, 5768 params: []argMeta{ 5769 {Type: "int", Name: "cmd"}, 5770 }, 5771 }, 5772 events.SecurityBPFMap: { 5773 ID: events.SecurityBPFMap, 5774 id32Bit: events.Sys32Undefined, 5775 name: "security_bpf_map", 5776 dependencies: dependencies{ 5777 probes: []EventProbe{ 5778 {handle: ProbeSecurityBPFMap, required: true}, 5779 }, 5780 }, 5781 sets: []string{"lsm_hooks"}, 5782 params: []argMeta{ 5783 {Type: "unsigned int", Name: "map_id"}, 5784 {Type: "const char*", Name: "map_name"}, 5785 }, 5786 }, 5787 events.SecurityKernelReadFile: { 5788 ID: events.SecurityKernelReadFile, 5789 id32Bit: events.Sys32Undefined, 5790 name: "security_kernel_read_file", 5791 dependencies: dependencies{ 5792 probes: []EventProbe{ 5793 {handle: ProbeSecurityKernelReadFile, required: true}, 5794 }, 5795 }, 5796 sets: []string{"lsm_hooks"}, 5797 params: []argMeta{ 5798 {Type: "const char*", Name: "pathname"}, 5799 {Type: "dev_t", Name: "dev"}, 5800 {Type: "unsigned long", Name: "inode"}, 5801 {Type: "int", Name: "type"}, 5802 {Type: "unsigned long", Name: "ctime"}, 5803 }, 5804 }, 5805 events.SecurityPostReadFile: { 5806 ID: events.SecurityPostReadFile, 5807 id32Bit: events.Sys32Undefined, 5808 name: "security_kernel_post_read_file", 5809 dependencies: dependencies{ 5810 probes: []EventProbe{ 5811 {handle: ProbeSecurityKernelPostReadFile, required: true}, 5812 }, 5813 }, 5814 sets: []string{"lsm_hooks"}, 5815 params: []argMeta{ 5816 {Type: "const char*", Name: "pathname"}, 5817 {Type: "long", Name: "size"}, 5818 {Type: "int", Name: "type"}, 5819 }, 5820 }, 5821 events.SecurityInodeMknod: { 5822 ID: events.SecurityInodeMknod, 5823 id32Bit: events.Sys32Undefined, 5824 name: "security_inode_mknod", 5825 dependencies: dependencies{ 5826 probes: []EventProbe{ 5827 {handle: ProbeSecurityInodeMknod, required: true}, 5828 }, 5829 }, 5830 sets: []string{"lsm_hooks"}, 5831 params: []argMeta{ 5832 {Type: "const char*", Name: "file_name"}, 5833 {Type: "umode_t", Name: "mode"}, 5834 {Type: "dev_t", Name: "dev"}, 5835 }, 5836 }, 5837 events.SecurityInodeSymlinkEventId: { 5838 ID: events.SecurityInodeSymlinkEventId, 5839 id32Bit: events.Sys32Undefined, 5840 name: "security_inode_symlink", 5841 dependencies: dependencies{ 5842 probes: []EventProbe{ 5843 {handle: ProbeSecurityInodeSymlink, required: true}, 5844 }, 5845 }, 5846 sets: []string{"lsm_hooks", "fs", "fs_file_ops"}, 5847 params: []argMeta{ 5848 {Type: "const char*", Name: "linkpath"}, 5849 {Type: "const char*", Name: "target"}, 5850 }, 5851 }, 5852 events.SecurityMmapFile: { 5853 ID: events.SecurityMmapFile, 5854 id32Bit: events.Sys32Undefined, 5855 name: "security_mmap_file", 5856 dependencies: dependencies{ 5857 probes: []EventProbe{ 5858 {handle: ProbeSecurityMmapFile, required: true}, 5859 }, 5860 }, 5861 sets: []string{"lsm_hooks", "fs", "fs_file_ops", "proc", "proc_mem"}, 5862 params: []argMeta{ 5863 {Type: "const char*", Name: "pathname"}, 5864 {Type: "int", Name: "flags"}, 5865 {Type: "dev_t", Name: "dev"}, 5866 {Type: "unsigned long", Name: "inode"}, 5867 {Type: "unsigned long", Name: "ctime"}, 5868 {Type: "unsigned long", Name: "prot"}, 5869 {Type: "unsigned long", Name: "mmap_flags"}, 5870 }, 5871 }, 5872 events.DoMmap: { 5873 ID: events.DoMmap, 5874 id32Bit: events.Sys32Undefined, 5875 name: "do_mmap", 5876 dependencies: dependencies{ 5877 probes: []EventProbe{ 5878 {handle: ProbeDoMmap, required: true}, 5879 {handle: ProbeDoMmapRet, required: true}, 5880 }, 5881 }, 5882 sets: []string{"fs", "fs_file_ops", "proc", "proc_mem"}, 5883 params: []argMeta{ 5884 {Type: "void*", Name: "addr"}, 5885 {Type: "const char*", Name: "pathname"}, 5886 {Type: "unsigned int", Name: "flags"}, 5887 {Type: "dev_t", Name: "dev"}, 5888 {Type: "unsigned long", Name: "inode"}, 5889 {Type: "unsigned long", Name: "ctime"}, 5890 {Type: "unsigned long", Name: "pgoff"}, 5891 {Type: "unsigned long", Name: "len"}, 5892 {Type: "unsigned long", Name: "prot"}, 5893 {Type: "unsigned long", Name: "mmap_flags"}, 5894 }, 5895 }, 5896 events.SecurityFileMprotect: { 5897 ID: events.SecurityFileMprotect, 5898 id32Bit: events.Sys32Undefined, 5899 name: "security_file_mprotect", 5900 docPath: "lsm_hooks/security_file_mprotect.md", 5901 dependencies: dependencies{ 5902 probes: []EventProbe{ 5903 {handle: ProbeSecurityFileMProtect, required: true}, 5904 {handle: ProbeSyscallEnter__Internal, required: true}, 5905 }, 5906 tailCalls: []TailCall{ 5907 {objs.SysEnterInitTail, objs.SysEnterInit, []uint32{uint32(events.Mprotect), uint32(events.PkeyMprotect)}}, 5908 }, 5909 }, 5910 sets: []string{"lsm_hooks", "proc", "proc_mem", "fs", "fs_file_ops"}, 5911 params: []argMeta{ 5912 {Type: "const char*", Name: "pathname"}, 5913 {Type: "int", Name: "prot"}, 5914 {Type: "unsigned long", Name: "ctime"}, 5915 {Type: "int", Name: "prev_prot"}, 5916 {Type: "void*", Name: "addr"}, 5917 {Type: "size_t", Name: "len"}, 5918 {Type: "int", Name: "pkey"}, 5919 }, 5920 }, 5921 events.InitNamespaces: { 5922 ID: events.InitNamespaces, 5923 id32Bit: events.Sys32Undefined, 5924 name: "init_namespaces", 5925 sets: []string{}, 5926 dependencies: dependencies{ 5927 //capabilities: capabilities{ 5928 // base: []cap.Value{ 5929 // cap.SYS_PTRACE, 5930 // }, 5931 //}, 5932 }, 5933 params: []argMeta{ 5934 {Type: "u32", Name: "cgroup"}, 5935 {Type: "u32", Name: "ipc"}, 5936 {Type: "u32", Name: "mnt"}, 5937 {Type: "u32", Name: "net"}, 5938 {Type: "u32", Name: "pid"}, 5939 {Type: "u32", Name: "pid_for_children"}, 5940 {Type: "u32", Name: "time"}, 5941 {Type: "u32", Name: "time_for_children"}, 5942 {Type: "u32", Name: "user"}, 5943 {Type: "u32", Name: "uts"}, 5944 }, 5945 }, 5946 events.SocketDup: { 5947 ID: events.SocketDup, 5948 id32Bit: events.Sys32Undefined, 5949 name: "socket_dup", 5950 dependencies: dependencies{ 5951 probes: []EventProbe{ 5952 {handle: ProbeSyscallEnter__Internal, required: true}, 5953 {handle: ProbeSyscallExit__Internal, required: true}, 5954 }, 5955 tailCalls: []TailCall{ 5956 {objs.SysEnterInitTail, objs.SysEnterInit, []uint32{uint32(events.Dup), uint32(events.Dup2), uint32(events.Dup3)}}, 5957 {objs.SysExitInitTail, objs.SysExitInit, []uint32{uint32(events.Dup), uint32(events.Dup2), uint32(events.Dup3)}}, 5958 {objs.SysExitTails, objs.SysDupExitTail, []uint32{uint32(events.Dup), uint32(events.Dup2), uint32(events.Dup3)}}, 5959 }, 5960 }, 5961 sets: []string{}, 5962 params: []argMeta{ 5963 {Type: "int", Name: "oldfd"}, 5964 {Type: "int", Name: "newfd"}, 5965 {Type: "struct sockaddr*", Name: "remote_addr"}, 5966 }, 5967 }, 5968 events.HiddenInodes: { 5969 ID: events.HiddenInodes, 5970 id32Bit: events.Sys32Undefined, 5971 name: "hidden_inodes", 5972 dependencies: dependencies{ 5973 probes: []EventProbe{ 5974 {handle: ProbeFilldir64, required: true}, 5975 }, 5976 }, 5977 sets: []string{}, 5978 params: []argMeta{ 5979 {Type: "char*", Name: "hidden_process"}, 5980 }, 5981 }, 5982 events.KernelWrite: { 5983 ID: events.KernelWrite, 5984 id32Bit: events.Sys32Undefined, 5985 name: "__kernel_write", 5986 dependencies: dependencies{ 5987 probes: []EventProbe{ 5988 {handle: ProbeKernelWrite, required: true}, 5989 {handle: ProbeKernelWriteRet, required: true}, 5990 }, 5991 }, 5992 sets: []string{}, 5993 params: []argMeta{ 5994 {Type: "const char*", Name: "pathname"}, 5995 {Type: "dev_t", Name: "dev"}, 5996 {Type: "unsigned long", Name: "inode"}, 5997 {Type: "size_t", Name: "count"}, 5998 {Type: "off_t", Name: "pos"}, 5999 }, 6000 }, 6001 events.DirtyPipeSplice: { 6002 ID: events.DirtyPipeSplice, 6003 id32Bit: events.Sys32Undefined, 6004 name: "dirty_pipe_splice", 6005 sets: []string{}, 6006 dependencies: dependencies{ 6007 probes: []EventProbe{ 6008 {handle: ProbeDoSplice, required: true}, 6009 {handle: ProbeDoSpliceRet, required: true}, 6010 }, 6011 kSymbols: []KSymbol{ 6012 {symbol: "pipe_write", required: true}, 6013 }, 6014 }, 6015 params: []argMeta{ 6016 {Type: "unsigned long", Name: "inode_in"}, 6017 {Type: "umode_t", Name: "in_file_type"}, 6018 {Type: "const char*", Name: "in_file_path"}, 6019 {Type: "loff_t", Name: "exposed_data_start_offset"}, 6020 {Type: "size_t", Name: "exposed_data_len"}, 6021 {Type: "unsigned long", Name: "inode_out"}, 6022 {Type: "unsigned int", Name: "out_pipe_last_buffer_flags"}, 6023 }, 6024 }, 6025 events.ContainerCreate: { 6026 ID: events.ContainerCreate, 6027 id32Bit: events.Sys32Undefined, 6028 name: "container_create", 6029 dependencies: dependencies{ 6030 ids: []events.ID{events.CgroupMkdir}, 6031 }, 6032 sets: []string{"default", "containers"}, 6033 params: []argMeta{ 6034 {Type: "const char*", Name: "runtime"}, 6035 {Type: "const char*", Name: "container_id"}, 6036 {Type: "unsigned long", Name: "ctime"}, 6037 {Type: "const char*", Name: "container_image"}, 6038 {Type: "const char*", Name: "container_image_digest"}, 6039 {Type: "const char*", Name: "container_name"}, 6040 {Type: "const char*", Name: "pod_name"}, 6041 {Type: "const char*", Name: "pod_namespace"}, 6042 {Type: "const char*", Name: "pod_uid"}, 6043 {Type: "bool", Name: "pod_sandbox"}, 6044 }, 6045 }, 6046 events.ContainerRemove: { 6047 ID: events.ContainerRemove, 6048 id32Bit: events.Sys32Undefined, 6049 name: "container_remove", 6050 dependencies: dependencies{ 6051 ids: []events.ID{events.CgroupRmdir}, 6052 }, 6053 sets: []string{"default", "containers"}, 6054 params: []argMeta{ 6055 {Type: "const char*", Name: "runtime"}, 6056 {Type: "const char*", Name: "container_id"}, 6057 }, 6058 }, 6059 events.ExistingContainer: { 6060 ID: events.ExistingContainer, 6061 id32Bit: events.Sys32Undefined, 6062 name: "existing_container", 6063 sets: []string{"containers"}, 6064 params: []argMeta{ 6065 {Type: "const char*", Name: "runtime"}, 6066 {Type: "const char*", Name: "container_id"}, 6067 {Type: "unsigned long", Name: "ctime"}, 6068 {Type: "const char*", Name: "container_image"}, 6069 {Type: "const char*", Name: "container_image_digest"}, 6070 {Type: "const char*", Name: "container_name"}, 6071 {Type: "const char*", Name: "pod_name"}, 6072 {Type: "const char*", Name: "pod_namespace"}, 6073 {Type: "const char*", Name: "pod_uid"}, 6074 {Type: "bool", Name: "pod_sandbox"}, 6075 }, 6076 }, 6077 events.ProcCreate: { 6078 ID: events.ProcCreate, 6079 id32Bit: events.Sys32Undefined, 6080 name: "proc_create", 6081 dependencies: dependencies{ 6082 probes: []EventProbe{ 6083 {handle: ProbeProcCreate, required: true}, 6084 }, 6085 }, 6086 sets: []string{}, 6087 params: []argMeta{ 6088 {Type: "char*", Name: "name"}, 6089 {Type: "void*", Name: "proc_ops_addr"}, 6090 }, 6091 }, 6092 events.KprobeAttach: { 6093 ID: events.KprobeAttach, 6094 id32Bit: events.Sys32Undefined, 6095 name: "kprobe_attach", 6096 dependencies: dependencies{ 6097 probes: []EventProbe{ 6098 {handle: ProbeRegisterKprobe, required: true}, 6099 {handle: ProbeRegisterKprobeRet, required: true}, 6100 }, 6101 }, 6102 sets: []string{}, 6103 params: []argMeta{ 6104 {Type: "char*", Name: "symbol_name"}, 6105 {Type: "void*", Name: "pre_handler_addr"}, 6106 {Type: "void*", Name: "post_handler_addr"}, 6107 }, 6108 }, 6109 events.CallUsermodeHelper: { 6110 ID: events.CallUsermodeHelper, 6111 id32Bit: events.Sys32Undefined, 6112 name: "call_usermodehelper", 6113 dependencies: dependencies{ 6114 probes: []EventProbe{ 6115 {handle: ProbeCallUsermodeHelper, required: true}, 6116 }, 6117 }, 6118 sets: []string{}, 6119 params: []argMeta{ 6120 {Type: "const char*", Name: "pathname"}, 6121 {Type: "const char*const*", Name: "argv"}, 6122 {Type: "const char*const*", Name: "envp"}, 6123 {Type: "int", Name: "wait"}, 6124 }, 6125 }, 6126 events.DebugfsCreateFile: { 6127 ID: events.DebugfsCreateFile, 6128 id32Bit: events.Sys32Undefined, 6129 name: "debugfs_create_file", 6130 dependencies: dependencies{ 6131 probes: []EventProbe{ 6132 {handle: ProbeDebugfsCreateFile, required: true}, 6133 }, 6134 }, 6135 sets: []string{}, 6136 params: []argMeta{ 6137 {Type: "const char*", Name: "file_name"}, 6138 {Type: "const char*", Name: "path"}, 6139 {Type: "mode_t", Name: "mode"}, 6140 {Type: "void*", Name: "proc_ops_addr"}, 6141 }, 6142 }, 6143 events.PrintSyscallTable: { 6144 ID: events.PrintSyscallTable, 6145 id32Bit: events.Sys32Undefined, 6146 name: "print_syscall_table", 6147 internal: true, 6148 dependencies: dependencies{ 6149 probes: []EventProbe{ 6150 {handle: ProbePrintSyscallTable, required: true}, 6151 }, 6152 kSymbols: []KSymbol{ 6153 {symbol: "sys_call_table", required: true}, 6154 }, 6155 }, 6156 sets: []string{}, 6157 params: []argMeta{ 6158 {Type: "unsigned long[]", Name: "syscalls_addresses"}, 6159 {Type: "unsigned long", Name: "caller_context_id"}, 6160 }, 6161 }, 6162 events.HiddenKernelModule: { 6163 ID: events.HiddenKernelModule, 6164 id32Bit: events.Sys32Undefined, 6165 name: "hidden_kernel_module", 6166 dependencies: dependencies{ 6167 ids: []events.ID{ 6168 events.HiddenKernelModuleSeeker, 6169 }, 6170 }, 6171 sets: []string{}, 6172 params: []argMeta{ 6173 {Type: "const char*", Name: "address"}, 6174 {Type: "const char*", Name: "name"}, 6175 {Type: "const char*", Name: "srcversion"}, 6176 }, 6177 }, 6178 events.HiddenKernelModuleSeeker: { 6179 ID: events.HiddenKernelModuleSeeker, 6180 id32Bit: events.Sys32Undefined, 6181 name: "hidden_kernel_module_seeker", 6182 internal: true, 6183 dependencies: dependencies{ 6184 probes: []EventProbe{ 6185 {handle: ProbeHiddenKernelModuleSeeker, required: true}, 6186 {handle: ProbeHiddenKernelModuleVerifier, required: true}, 6187 {handle: ProbeModuleLoad, required: true}, 6188 {handle: ProbeModuleFree, required: true}, 6189 {handle: ProbeDoInitModule, required: true}, 6190 {handle: ProbeDoInitModuleRet, required: true}, 6191 {handle: ProbeLayoutAndAllocate, required: true}, 6192 }, 6193 kSymbols: []KSymbol{ 6194 {symbol: "modules", required: true}, 6195 {symbol: "module_kset", required: true}, 6196 {symbol: "mod_tree", required: true}, 6197 }, 6198 tailCalls: []TailCall{ 6199 // {objs.ProgArray, objs.LkmSeekerProcTail, []uint32{TailHiddenKernelModuleProc}}, 6200 // {objs.ProgArray, objs.LkmSeekerKsetTail, []uint32{TailHiddenKernelModuleKset}}, 6201 // {objs.ProgArray, objs.LkmSeekerModTreeTail, []uint32{TailHiddenKernelModuleModTree}}, 6202 // {objs.ProgArray, objs.LkmSeekerNewModOnlyTail, []uint32{TailHiddenKernelModuleNewModOnly}}, 6203 }, 6204 }, 6205 sets: []string{}, 6206 params: []argMeta{ 6207 {Type: "unsigned long", Name: "address"}, 6208 {Type: "bytes", Name: "name"}, 6209 {Type: "unsigned int", Name: "flags"}, 6210 {Type: "bytes", Name: "srcversion"}, 6211 }, 6212 }, 6213 events.HookedSyscalls: { 6214 ID: events.HookedSyscalls, 6215 id32Bit: events.Sys32Undefined, 6216 name: "hooked_syscalls", 6217 dependencies: dependencies{ 6218 kSymbols: []KSymbol{ 6219 {symbol: "_stext", required: true}, 6220 {symbol: "_etext", required: true}, 6221 }, 6222 ids: []events.ID{ 6223 events.DoInitModule, 6224 events.PrintSyscallTable, 6225 }, 6226 //capabilities: capabilities{ 6227 // base: []cap.Value{ 6228 // cap.SYSLOG, // read /proc/kallsyms 6229 // }, 6230 //}, 6231 }, 6232 sets: []string{}, 6233 params: []argMeta{ 6234 {Type: "[]char*", Name: "check_syscalls"}, 6235 {Type: "[]trace.HookedSymbolData", Name: "hooked_syscalls"}, 6236 }, 6237 }, 6238 events.DebugfsCreateDir: { 6239 ID: events.DebugfsCreateDir, 6240 id32Bit: events.Sys32Undefined, 6241 name: "debugfs_create_dir", 6242 dependencies: dependencies{ 6243 probes: []EventProbe{ 6244 {handle: ProbeDebugfsCreateDir, required: true}, 6245 }, 6246 }, 6247 sets: []string{}, 6248 params: []argMeta{ 6249 {Type: "const char*", Name: "name"}, 6250 {Type: "const char*", Name: "path"}, 6251 }, 6252 }, 6253 events.DeviceAdd: { 6254 ID: events.DeviceAdd, 6255 id32Bit: events.Sys32Undefined, 6256 name: "device_add", 6257 dependencies: dependencies{ 6258 probes: []EventProbe{ 6259 {handle: ProbeDeviceAdd, required: true}, 6260 }, 6261 }, 6262 sets: []string{}, 6263 params: []argMeta{ 6264 {Type: "const char*", Name: "name"}, 6265 {Type: "const char*", Name: "parent_name"}, 6266 }, 6267 }, 6268 events.RegisterChrdev: { 6269 ID: events.RegisterChrdev, 6270 id32Bit: events.Sys32Undefined, 6271 name: "register_chrdev", 6272 dependencies: dependencies{ 6273 probes: []EventProbe{ 6274 {handle: ProbeRegisterChrdev, required: true}, 6275 {handle: ProbeRegisterChrdevRet, required: true}, 6276 }, 6277 }, 6278 sets: []string{}, 6279 params: []argMeta{ 6280 {Type: "unsigned int", Name: "requested_major_number"}, 6281 {Type: "unsigned int", Name: "granted_major_number"}, 6282 {Type: "const char*", Name: "char_device_name"}, 6283 {Type: "struct file_operations *", Name: "char_device_fops"}, 6284 }, 6285 }, 6286 events.SharedObjectLoaded: { 6287 ID: events.SharedObjectLoaded, 6288 id32Bit: events.Sys32Undefined, 6289 name: "shared_object_loaded", 6290 dependencies: dependencies{ 6291 probes: []EventProbe{ 6292 {handle: ProbeSecurityMmapFile, required: true}, 6293 }, 6294 //capabilities: capabilities{ 6295 // base: []cap.Value{ 6296 // cap.SYS_PTRACE, // loadSharedObjectDynamicSymbols() 6297 // }, 6298 //}, 6299 }, 6300 sets: []string{"lsm_hooks", "fs", "fs_file_ops", "proc", "proc_mem"}, 6301 params: []argMeta{ 6302 {Type: "const char*", Name: "pathname"}, 6303 {Type: "int", Name: "flags"}, 6304 {Type: "dev_t", Name: "dev"}, 6305 {Type: "unsigned long", Name: "inode"}, 6306 {Type: "unsigned long", Name: "ctime"}, 6307 }, 6308 }, 6309 events.SymbolsLoaded: { 6310 ID: events.SymbolsLoaded, 6311 id32Bit: events.Sys32Undefined, 6312 name: "symbols_loaded", 6313 docPath: "security_alerts/symbols_load.md", 6314 dependencies: dependencies{ 6315 ids: []events.ID{ 6316 events.SharedObjectLoaded, 6317 events.SchedProcessExec, // Used to get mount namespace cache 6318 }, 6319 }, 6320 sets: []string{"derived", "fs", "security_alert"}, 6321 params: []argMeta{ 6322 {Type: "const char*", Name: "library_path"}, 6323 {Type: "const char*const*", Name: "symbols"}, 6324 }, 6325 }, 6326 events.SymbolsCollision: { 6327 ID: events.SymbolsCollision, 6328 id32Bit: events.Sys32Undefined, 6329 name: "symbols_collision", 6330 docPath: "security_alerts/symbols_collision.md", 6331 dependencies: dependencies{ 6332 ids: []events.ID{ 6333 events.SharedObjectLoaded, 6334 events.SchedProcessExec, // Used to get mount namespace cache 6335 }, 6336 }, 6337 sets: []string{"lsm_hooks", "fs", "fs_file_ops", "proc", "proc_mem"}, 6338 params: []argMeta{ 6339 {Type: "const char*", Name: "loaded_path"}, 6340 {Type: "const char*", Name: "collision_path"}, 6341 {Type: "const char*const*", Name: "symbols"}, 6342 }, 6343 }, 6344 events.CaptureFileWrite: { 6345 ID: events.CaptureFileWrite, 6346 id32Bit: events.Sys32Undefined, 6347 name: "capture_file_write", 6348 internal: true, 6349 dependencies: dependencies{ 6350 probes: []EventProbe{ 6351 {handle: ProbeVfsWrite, required: true}, 6352 {handle: ProbeVfsWriteRet, required: true}, 6353 {handle: ProbeVfsWriteV, required: false}, 6354 {handle: ProbeVfsWriteVRet, required: false}, 6355 {handle: ProbeKernelWrite, required: false}, 6356 {handle: ProbeKernelWriteRet, required: false}, 6357 }, 6358 tailCalls: []TailCall{ 6359 {objs.ProgArray, objs.TraceRetVfsWriteTail, []uint32{TailVfsWrite}}, 6360 {objs.ProgArray, objs.TraceRetVfsWritevTail, []uint32{TailVfsWritev}}, 6361 {objs.ProgArray, objs.TraceRetKernelWriteTail, []uint32{TailKernelWrite}}, 6362 {objs.ProgArray, objs.SendBin, []uint32{TailSendBin}}, 6363 }, 6364 kSymbols: []KSymbol{ 6365 {symbol: "pipe_write", required: true}, 6366 }, 6367 }, 6368 }, 6369 events.CaptureFileRead: { 6370 ID: events.CaptureFileRead, 6371 id32Bit: events.Sys32Undefined, 6372 name: "capture_file_read", 6373 internal: true, 6374 dependencies: dependencies{ 6375 probes: []EventProbe{ 6376 {handle: ProbeVfsRead, required: true}, 6377 {handle: ProbeVfsReadRet, required: true}, 6378 {handle: ProbeVfsReadV, required: false}, 6379 {handle: ProbeVfsReadVRet, required: false}, 6380 }, 6381 tailCalls: []TailCall{ 6382 {objs.ProgArray, objs.TraceRetVfsReadTail, []uint32{TailVfsRead}}, 6383 {objs.ProgArray, objs.TraceRetVfsReadvTail, []uint32{TailVfsReadv}}, 6384 {objs.ProgArray, objs.SendBin, []uint32{TailSendBin}}, 6385 }, 6386 kSymbols: []KSymbol{ 6387 {symbol: "pipe_write", required: true}, 6388 }, 6389 }, 6390 }, 6391 events.CaptureExec: { 6392 ID: events.CaptureExec, 6393 id32Bit: events.Sys32Undefined, 6394 name: "capture_exec", 6395 internal: true, 6396 dependencies: dependencies{ 6397 ids: []events.ID{ 6398 events.SchedProcessExec, 6399 }, 6400 //capabilities: capabilities{ 6401 // base: []cap.Value{ 6402 // cap.SYS_PTRACE, // processSchedProcessExec() performance 6403 // }, 6404 //}, 6405 }, 6406 }, 6407 events.CaptureModule: { 6408 ID: events.CaptureModule, 6409 id32Bit: events.Sys32Undefined, 6410 name: "capture_module", 6411 internal: true, 6412 dependencies: dependencies{ 6413 probes: []EventProbe{ 6414 {handle: ProbeSyscallEnter__Internal, required: true}, 6415 {handle: ProbeSyscallExit__Internal, required: true}, 6416 {handle: ProbeSecurityKernelPostReadFile, required: true}, 6417 }, 6418 ids: []events.ID{ 6419 events.SchedProcessExec, 6420 }, 6421 tailCalls: []TailCall{ 6422 {objs.SysEnterTails, objs.SyscallInitModule, []uint32{uint32(events.InitModule)}}, 6423 {objs.ProgArrayTp, objs.SendBinTp, []uint32{TailSendBinTP}}, 6424 {objs.ProgArray, objs.SendBin, []uint32{TailSendBin}}, 6425 }, 6426 }, 6427 }, 6428 events.CaptureMem: { 6429 ID: events.CaptureMem, 6430 id32Bit: events.Sys32Undefined, 6431 name: "capture_mem", 6432 internal: true, 6433 dependencies: dependencies{ 6434 tailCalls: []TailCall{ 6435 {objs.ProgArray, objs.SendBin, []uint32{TailSendBin}}, 6436 }, 6437 }, 6438 }, 6439 events.CaptureBpf: { 6440 ID: events.CaptureBpf, 6441 id32Bit: events.Sys32Undefined, 6442 name: "capture_bpf", 6443 internal: true, 6444 dependencies: dependencies{ 6445 probes: []EventProbe{ 6446 {handle: ProbeSecurityBPF, required: true}, 6447 }, 6448 tailCalls: []TailCall{ 6449 {objs.ProgArray, objs.SendBin, []uint32{TailSendBin}}, 6450 }, 6451 }, 6452 }, 6453 events.DoInitModule: { 6454 ID: events.DoInitModule, 6455 id32Bit: events.Sys32Undefined, 6456 name: "do_init_module", 6457 dependencies: dependencies{ 6458 probes: []EventProbe{ 6459 {handle: ProbeDoInitModule, required: true}, 6460 {handle: ProbeDoInitModuleRet, required: true}, 6461 }, 6462 }, 6463 sets: []string{}, 6464 params: []argMeta{ 6465 {Type: "const char*", Name: "name"}, 6466 {Type: "const char*", Name: "version"}, 6467 {Type: "const char*", Name: "src_version"}, 6468 }, 6469 }, 6470 events.ModuleLoad: { 6471 ID: events.ModuleLoad, 6472 id32Bit: events.Sys32Undefined, 6473 name: "module_load", 6474 dependencies: dependencies{ 6475 probes: []EventProbe{ 6476 {handle: ProbeModuleLoad, required: true}, 6477 }, 6478 }, 6479 sets: []string{}, 6480 params: []argMeta{ 6481 {Type: "const char*", Name: "name"}, 6482 {Type: "const char*", Name: "version"}, 6483 {Type: "const char*", Name: "src_version"}, 6484 }, 6485 }, 6486 events.ModuleFree: { 6487 ID: events.ModuleFree, 6488 id32Bit: events.Sys32Undefined, 6489 name: "module_free", 6490 dependencies: dependencies{ 6491 probes: []EventProbe{ 6492 {handle: ProbeModuleFree, required: true}, 6493 }, 6494 }, 6495 sets: []string{}, 6496 params: []argMeta{ 6497 {Type: "const char*", Name: "name"}, 6498 {Type: "const char*", Name: "version"}, 6499 {Type: "const char*", Name: "src_version"}, 6500 }, 6501 }, 6502 events.SocketAccept: { 6503 ID: events.SocketAccept, 6504 id32Bit: events.Sys32Undefined, 6505 name: "socket_accept", 6506 internal: false, 6507 dependencies: dependencies{ 6508 probes: []EventProbe{ 6509 {handle: ProbeSyscallEnter__Internal, required: true}, 6510 {handle: ProbeSyscallExit__Internal, required: true}, 6511 }, 6512 ids: []events.ID{ 6513 events.SecuritySocketAccept, 6514 }, 6515 tailCalls: []TailCall{ 6516 {objs.SysExitTails, objs.SyscallAccept4, []uint32{uint32(events.Accept), uint32(events.Accept4)}}, 6517 {objs.SysExitInitTail, objs.SysExitInit, []uint32{uint32(events.Accept), uint32(events.Accept4)}}, 6518 }, 6519 }, 6520 sets: []string{}, 6521 params: []argMeta{ 6522 {Type: "int", Name: "sockfd"}, 6523 {Type: "struct sockaddr*", Name: "local_addr"}, 6524 {Type: "struct sockaddr*", Name: "remote_addr"}}, 6525 }, 6526 events.LoadElfPhdrs: { 6527 ID: events.LoadElfPhdrs, 6528 id32Bit: events.Sys32Undefined, 6529 name: "load_elf_phdrs", 6530 dependencies: dependencies{ 6531 probes: []EventProbe{ 6532 {handle: ProbeLoadElfPhdrs, required: true}, 6533 }, 6534 }, 6535 sets: []string{"proc"}, 6536 params: []argMeta{ 6537 {Type: "const char*", Name: "pathname"}, 6538 {Type: "dev_t", Name: "dev"}, 6539 {Type: "unsigned long", Name: "inode"}, 6540 }, 6541 }, 6542 //events.HookedProcFops: { 6543 // ID: events.HookedProcFops, 6544 // id32Bit: events.Sys32Undefined, 6545 // name: "hooked_proc_fops", 6546 // dependencies: dependencies{ 6547 // probes: []EventProbe{ 6548 // {handle: ProbeSecurityFilePermission, required: true}, 6549 // }, 6550 // kSymbols: []KSymbol{ 6551 // {symbol: "_stext", required: true}, 6552 // {symbol: "_etext", required: true}, 6553 // }, 6554 // ids: []events.ID{ 6555 // events.DoInitModule, 6556 // }, 6557 // //capabilities: capabilities{ 6558 // // base: []cap.Value{ 6559 // // cap.SYSLOG, // read /proc/kallsyms 6560 // // }, 6561 // //}, 6562 // }, 6563 // sets: []string{}, 6564 // params: []argMeta{ 6565 // {Type: "[]trace.HookedSymbolData", Name: "hooked_fops_pointers"}, 6566 // }, 6567 //}, 6568 events.PrintNetSeqOps: { 6569 ID: events.PrintNetSeqOps, 6570 id32Bit: events.Sys32Undefined, 6571 name: "print_net_seq_ops", 6572 dependencies: dependencies{ 6573 probes: []EventProbe{ 6574 {handle: ProbePrintNetSeqOps, required: true}, 6575 }, 6576 kSymbols: []KSymbol{ 6577 {symbol: "tcp4_seq_ops", required: true}, 6578 {symbol: "tcp6_seq_ops", required: true}, 6579 {symbol: "udp_seq_ops", required: true}, 6580 {symbol: "udp6_seq_ops", required: true}, 6581 {symbol: "raw_seq_ops", required: true}, 6582 {symbol: "raw6_seq_ops", required: true}, 6583 }, 6584 }, 6585 internal: true, 6586 sets: []string{}, 6587 params: []argMeta{ 6588 {Type: "unsigned long[]", Name: "net_seq_ops"}, 6589 {Type: "unsigned long", Name: "caller_context_id"}, 6590 }, 6591 }, 6592 events.HookedSeqOps: { 6593 ID: events.HookedSeqOps, 6594 id32Bit: events.Sys32Undefined, 6595 name: "hooked_seq_ops", 6596 dependencies: dependencies{ 6597 kSymbols: []KSymbol{ 6598 {symbol: "_stext", required: true}, 6599 {symbol: "_etext", required: true}, 6600 }, 6601 ids: []events.ID{ 6602 events.PrintNetSeqOps, 6603 events.DoInitModule, 6604 }, 6605 //capabilities: capabilities{ 6606 // base: []cap.Value{ 6607 // cap.SYSLOG, // read /proc/kallsyms 6608 // }, 6609 //}, 6610 }, 6611 sets: []string{}, 6612 params: []argMeta{ 6613 {Type: "map[string]trace.HookedSymbolData", Name: "hooked_seq_ops"}, 6614 }, 6615 }, 6616 events.TaskRename: { 6617 ID: events.TaskRename, 6618 id32Bit: events.Sys32Undefined, 6619 name: "task_rename", 6620 dependencies: dependencies{ 6621 probes: []EventProbe{ 6622 {handle: ProbeTaskRename, required: true}, 6623 }, 6624 }, 6625 sets: []string{"proc"}, 6626 params: []argMeta{ 6627 {Type: "const char*", Name: "old_name"}, 6628 {Type: "const char*", Name: "new_name"}, 6629 }, 6630 }, 6631 events.SecurityInodeRename: { 6632 ID: events.SecurityInodeRename, 6633 id32Bit: events.Sys32Undefined, 6634 name: "security_inode_rename", 6635 dependencies: dependencies{ 6636 probes: []EventProbe{ 6637 {handle: ProbeSecurityInodeRename, required: true}, 6638 }, 6639 }, 6640 sets: []string{}, 6641 params: []argMeta{ 6642 {Type: "const char*", Name: "old_path"}, 6643 {Type: "const char*", Name: "new_path"}, 6644 }, 6645 }, 6646 events.DoSigaction: { 6647 ID: events.DoSigaction, 6648 id32Bit: events.Sys32Undefined, 6649 name: "do_sigaction", 6650 dependencies: dependencies{ 6651 probes: []EventProbe{ 6652 {handle: ProbeDoSigaction, required: true}, 6653 }, 6654 }, 6655 sets: []string{"proc"}, 6656 params: []argMeta{ 6657 {Type: "int", Name: "sig"}, 6658 {Type: "bool", Name: "is_sa_initialized"}, 6659 {Type: "unsigned long", Name: "sa_flags"}, 6660 {Type: "unsigned long", Name: "sa_mask"}, 6661 {Type: "u8", Name: "sa_handle_method"}, 6662 {Type: "void*", Name: "sa_handler"}, 6663 {Type: "bool", Name: "is_old_sa_initialized"}, 6664 {Type: "unsigned long", Name: "old_sa_flags"}, 6665 {Type: "unsigned long", Name: "old_sa_mask"}, 6666 {Type: "u8", Name: "old_sa_handle_method"}, 6667 {Type: "void*", Name: "old_sa_handler"}, 6668 }, 6669 }, 6670 events.BpfAttach: { 6671 ID: events.BpfAttach, 6672 id32Bit: events.Sys32Undefined, 6673 name: "bpf_attach", 6674 docPath: "docs/events/builtin/extra/bpf_attach.md", 6675 dependencies: dependencies{ 6676 probes: []EventProbe{ 6677 {handle: ProbeSecurityFileIoctl, required: true}, 6678 {handle: ProbeSecurityBpfProg, required: true}, 6679 {handle: ProbeSecurityBPF, required: true}, 6680 {handle: ProbeTpProbeRegPrioMayExist, required: true}, 6681 {handle: ProbeCheckHelperCall, required: false}, 6682 {handle: ProbeCheckMapFuncCompatibility, required: false}, 6683 }, 6684 }, 6685 sets: []string{}, 6686 params: []argMeta{ 6687 {Type: "int", Name: "prog_type"}, 6688 {Type: "const char*", Name: "prog_name"}, 6689 {Type: "u32", Name: "prog_id"}, 6690 {Type: "unsigned long[]", Name: "prog_helpers"}, 6691 {Type: "const char*", Name: "symbol_name"}, 6692 {Type: "u64", Name: "symbol_addr"}, 6693 {Type: "int", Name: "attach_type"}, 6694 }, 6695 }, 6696 events.KallsymsLookupName: { 6697 ID: events.KallsymsLookupName, 6698 id32Bit: events.Sys32Undefined, 6699 name: "kallsyms_lookup_name", 6700 docPath: "kprobes/kallsyms_lookup_name.md", 6701 dependencies: dependencies{ 6702 probes: []EventProbe{ 6703 {handle: ProbeKallsymsLookupName, required: true}, 6704 {handle: ProbeKallsymsLookupNameRet, required: true}, 6705 }, 6706 }, 6707 sets: []string{}, 6708 params: []argMeta{ 6709 {Type: "const char*", Name: "symbol_name"}, 6710 {Type: "void*", Name: "symbol_address"}, 6711 }, 6712 }, 6713 events.PrintMemDump: { 6714 ID: events.PrintMemDump, 6715 id32Bit: events.Sys32Undefined, 6716 name: "print_mem_dump", 6717 sets: []string{}, 6718 dependencies: dependencies{ 6719 probes: []EventProbe{ 6720 {handle: ProbePrintMemDump, required: true}, 6721 }, 6722 ids: []events.ID{ 6723 events.DoInitModule, 6724 }, 6725 kSymbols: []KSymbol{}, 6726 //capabilities: capabilities{ 6727 // base: []cap.Value{ 6728 // cap.SYSLOG, // read /proc/kallsyms 6729 // }, 6730 //}, 6731 }, 6732 params: []argMeta{ 6733 {Type: "bytes", Name: "bytes"}, 6734 {Type: "void*", Name: "address"}, 6735 {Type: "u64", Name: "length"}, 6736 {Type: "u64", Name: "caller_context_id"}, 6737 {Type: "char*", Name: "arch"}, 6738 {Type: "char*", Name: "symbol_name"}, 6739 {Type: "char*", Name: "symbol_owner"}, 6740 }, 6741 }, 6742 events.VfsRead: { 6743 ID: events.VfsRead, 6744 id32Bit: events.Sys32Undefined, 6745 name: "vfs_read", 6746 dependencies: dependencies{ 6747 probes: []EventProbe{ 6748 {handle: ProbeVfsRead, required: true}, 6749 {handle: ProbeVfsReadRet, required: true}, 6750 }, 6751 }, 6752 sets: []string{}, 6753 params: []argMeta{ 6754 {Type: "const char*", Name: "pathname"}, 6755 {Type: "dev_t", Name: "dev"}, 6756 {Type: "unsigned long", Name: "inode"}, 6757 {Type: "size_t", Name: "count"}, 6758 {Type: "off_t", Name: "pos"}, 6759 }, 6760 }, 6761 events.VfsReadv: { 6762 ID: events.VfsReadv, 6763 id32Bit: events.Sys32Undefined, 6764 name: "vfs_readv", 6765 dependencies: dependencies{ 6766 probes: []EventProbe{ 6767 {handle: ProbeVfsReadV, required: true}, 6768 {handle: ProbeVfsReadVRet, required: true}, 6769 }, 6770 }, 6771 sets: []string{}, 6772 params: []argMeta{ 6773 {Type: "const char*", Name: "pathname"}, 6774 {Type: "dev_t", Name: "dev"}, 6775 {Type: "unsigned long", Name: "inode"}, 6776 {Type: "unsigned long", Name: "vlen"}, 6777 {Type: "off_t", Name: "pos"}, 6778 }, 6779 }, 6780 events.VfsUtimes: { 6781 ID: events.VfsUtimes, 6782 id32Bit: events.Sys32Undefined, 6783 name: "vfs_utimes", 6784 dependencies: dependencies{ 6785 probes: []EventProbe{ 6786 {handle: ProbeVfsUtimes, required: false}, // this probe exits in kernels >= 5.9 6787 {handle: ProbeUtimesCommon, required: false}, // this probe exits in kernels < 5.9 6788 }, 6789 }, 6790 sets: []string{}, 6791 params: []argMeta{ 6792 {Type: "const char*", Name: "pathname"}, 6793 {Type: "dev_t", Name: "dev"}, 6794 {Type: "unsigned long", Name: "inode"}, 6795 {Type: "u64", Name: "atime"}, 6796 {Type: "u64", Name: "mtime"}, 6797 }, 6798 }, 6799 events.DoTruncate: { 6800 ID: events.DoTruncate, 6801 id32Bit: events.Sys32Undefined, 6802 name: "do_truncate", 6803 dependencies: dependencies{ 6804 probes: []EventProbe{ 6805 {handle: ProbeDoTruncate, required: true}, 6806 }, 6807 }, 6808 sets: []string{}, 6809 params: []argMeta{ 6810 {Type: "const char*", Name: "pathname"}, 6811 {Type: "unsigned long", Name: "inode"}, 6812 {Type: "dev_t", Name: "dev"}, 6813 {Type: "u64", Name: "length"}, 6814 }, 6815 }, 6816 events.FileModification: { 6817 ID: events.FileModification, 6818 id32Bit: events.Sys32Undefined, 6819 name: "file_modification", 6820 docPath: "kprobes/file_modification.md", 6821 sets: []string{}, 6822 params: []argMeta{ 6823 {Type: "const char*", Name: "file_path"}, 6824 {Type: "dev_t", Name: "dev"}, 6825 {Type: "unsigned long", Name: "inode"}, 6826 {Type: "unsigned long", Name: "old_ctime"}, 6827 {Type: "unsigned long", Name: "new_ctime"}, 6828 }, 6829 dependencies: dependencies{ 6830 probes: []EventProbe{ 6831 {handle: ProbeFdInstall, required: true}, 6832 {handle: ProbeFilpClose, required: true}, 6833 {handle: ProbeFileUpdateTime, required: true}, 6834 {handle: ProbeFileUpdateTimeRet, required: true}, 6835 {handle: ProbeFileModified, required: false}, // not required because doesn't ... 6836 {handle: ProbeFileModifiedRet, required: false}, // ... exist in kernels < 5.3 6837 }, 6838 }, 6839 }, 6840 events.InotifyWatch: { 6841 ID: events.InotifyWatch, 6842 id32Bit: events.Sys32Undefined, 6843 name: "inotify_watch", 6844 dependencies: dependencies{ 6845 probes: []EventProbe{ 6846 {handle: ProbeInotifyFindInode, required: true}, 6847 {handle: ProbeInotifyFindInodeRet, required: true}, 6848 }, 6849 }, 6850 sets: []string{}, 6851 params: []argMeta{ 6852 {Type: "const char*", Name: "pathname"}, 6853 {Type: "unsigned long", Name: "inode"}, 6854 {Type: "dev_t", Name: "dev"}, 6855 }, 6856 }, 6857 events.ProcessExecuteFailed: { 6858 ID: events.ProcessExecuteFailed, 6859 id32Bit: events.Sys32Undefined, 6860 name: "process_execute_failed", 6861 sets: []string{"proc"}, 6862 dependencies: dependencies{ 6863 probes: []EventProbe{ 6864 {handle: ProbeExecBinprm, required: true}, 6865 {handle: ProbeExecBinprmRet, required: true}, 6866 }, 6867 tailCalls: []TailCall{ 6868 {objs.SysEnterInitTail, objs.SysEnterInit, []uint32{uint32(events.Execve), uint32(events.Execveat)}}, 6869 {objs.ProgArray, objs.TraceRetExecBinprm1, []uint32{TailExecBinprm1}}, 6870 {objs.ProgArray, objs.TraceRetExecBinprm2, []uint32{TailExecBinprm2}}, 6871 }, 6872 }, 6873 params: []argMeta{ 6874 {Type: "const char*", Name: "path"}, 6875 {Type: "const char*", Name: "binary.path"}, 6876 {Type: "dev_t", Name: "binary.device_id"}, 6877 {Type: "unsigned long", Name: "binary.inode_number"}, 6878 {Type: "unsigned long", Name: "binary.ctime"}, 6879 {Type: "umode_t", Name: "binary.inode_mode"}, 6880 {Type: "const char*", Name: "interpreter_path"}, 6881 {Type: "umode_t", Name: "stdin_type"}, 6882 {Type: "char*", Name: "stdin_path"}, 6883 {Type: "int", Name: "kernel_invoked"}, 6884 {Type: "const char*const*", Name: "binary.arguments"}, 6885 {Type: "const char*const*", Name: "environment"}, 6886 }, 6887 }, 6888 events.TtyOpen: { 6889 ID: events.TtyOpen, 6890 id32Bit: events.Sys32Undefined, 6891 name: "tty_write", 6892 dependencies: dependencies{ 6893 probes: []EventProbe{ 6894 {handle: ProbeTtyOpen, required: true}, 6895 }, 6896 }, 6897 sets: []string{}, 6898 params: []argMeta{ 6899 {Type: "char*", Name: "path"}, 6900 {Type: "unsigned long", Name: "inode"}, 6901 {Type: "umode_t", Name: "inode_mode"}, 6902 {Type: "dev_t", Name: "dev"}, 6903 }, 6904 }, 6905 6906 // 6907 // Begin of Network Protocol Event Types 6908 // 6909 events.NetPacketBase: { 6910 ID: events.NetPacketBase, 6911 id32Bit: events.Sys32Undefined, 6912 name: "net_packet_base", 6913 internal: true, 6914 dependencies: dependencies{ 6915 //capabilities: capabilities{ 6916 // ebpf: []cap.Value{ 6917 // cap.NET_ADMIN, // needed for BPF_PROG_TYPE_CGROUP_SKB 6918 // }, 6919 //}, 6920 probes: []EventProbe{ 6921 {handle: ProbeCgroupSKBIngress, required: true}, 6922 {handle: ProbeCgroupSKBEgress, required: true}, 6923 {handle: ProbeSockAllocFile, required: true}, 6924 {handle: ProbeSockAllocFileRet, required: true}, 6925 {handle: ProbeCgroupBPFRunFilterSKB, required: true}, 6926 {handle: ProbeSecuritySocketRecvmsg, required: true}, 6927 {handle: ProbeSecuritySocketSendmsg, required: true}, 6928 {handle: ProbeSecuritySkClone, required: true}, 6929 }, 6930 }, 6931 sets: []string{"network_events"}, 6932 params: []argMeta{}, 6933 }, 6934 events.NetPacketIPBase: { 6935 ID: events.NetPacketIPBase, 6936 id32Bit: events.Sys32Undefined, 6937 name: "net_packet_ip_base", 6938 internal: true, 6939 dependencies: dependencies{ 6940 ids: []events.ID{ 6941 events.NetPacketBase, 6942 }, 6943 }, 6944 sets: []string{"network_events"}, 6945 params: []argMeta{ 6946 {Type: "bytes", Name: "payload"}, 6947 }, 6948 }, 6949 events.NetPacketIPv4: { 6950 ID: events.NetPacketIPv4, 6951 id32Bit: events.Sys32Undefined, 6952 name: "net_packet_ipv4", 6953 dependencies: dependencies{ 6954 ids: []events.ID{ 6955 events.NetPacketIPBase, 6956 }, 6957 }, 6958 sets: []string{"network_events"}, 6959 params: []argMeta{ 6960 {Type: "const char*", Name: "src"}, // TODO: remove after filter supports ProtoIPv4 6961 {Type: "const char*", Name: "dst"}, // TODO: remove after filter supports ProtoIPv4 6962 {Type: "trace.ProtoIPv4", Name: "proto_ipv4"}, 6963 }, 6964 }, 6965 events.NetPacketIPv6: { 6966 ID: events.NetPacketIPv6, 6967 id32Bit: events.Sys32Undefined, 6968 name: "net_packet_ipv6", 6969 dependencies: dependencies{ 6970 ids: []events.ID{ 6971 events.NetPacketIPBase, 6972 }, 6973 }, 6974 sets: []string{"network_events"}, 6975 params: []argMeta{ 6976 {Type: "const char*", Name: "src"}, // TODO: remove after filter supports ProtoIPv6 6977 {Type: "const char*", Name: "dst"}, // TODO: remove after filter supports ProtoIPv6 6978 {Type: "trace.ProtoIPv6", Name: "proto_ipv6"}, 6979 }, 6980 }, 6981 events.NetPacketTCPBase: { 6982 ID: events.NetPacketTCPBase, 6983 id32Bit: events.Sys32Undefined, 6984 name: "net_packet_tcp_base", 6985 internal: true, 6986 dependencies: dependencies{ 6987 ids: []events.ID{ 6988 events.NetPacketBase, 6989 }, 6990 }, 6991 sets: []string{"network_events"}, 6992 params: []argMeta{ 6993 {Type: "bytes", Name: "payload"}, 6994 }, 6995 }, 6996 events.NetPacketTCP: { 6997 ID: events.NetPacketTCP, 6998 id32Bit: events.Sys32Undefined, 6999 name: "net_packet_tcp", 7000 dependencies: dependencies{ 7001 ids: []events.ID{ 7002 events.NetPacketTCPBase, 7003 }, 7004 }, 7005 sets: []string{"network_events"}, 7006 params: []argMeta{ 7007 {Type: "const char*", Name: "src"}, 7008 {Type: "const char*", Name: "dst"}, 7009 {Type: "u16", Name: "src_port"}, // TODO: remove after filter supports ProtoTCP 7010 {Type: "u16", Name: "dst_port"}, // TODO: remove after filter supports ProtoTCP 7011 {Type: "trace.ProtoTCP", Name: "proto_tcp"}, 7012 }, 7013 }, 7014 events.NetPacketUDPBase: { 7015 ID: events.NetPacketUDPBase, 7016 id32Bit: events.Sys32Undefined, 7017 name: "net_packet_udp_base", 7018 internal: true, 7019 dependencies: dependencies{ 7020 ids: []events.ID{ 7021 events.NetPacketBase, 7022 }, 7023 }, 7024 sets: []string{"network_events"}, 7025 params: []argMeta{ 7026 {Type: "bytes", Name: "payload"}, 7027 }, 7028 }, 7029 events.NetPacketUDP: { 7030 ID: events.NetPacketUDP, 7031 id32Bit: events.Sys32Undefined, 7032 name: "net_packet_udp", 7033 dependencies: dependencies{ 7034 ids: []events.ID{ 7035 events.NetPacketUDPBase, 7036 }, 7037 }, 7038 sets: []string{"network_events"}, 7039 params: []argMeta{ 7040 {Type: "const char*", Name: "src"}, 7041 {Type: "const char*", Name: "dst"}, 7042 {Type: "u16", Name: "src_port"}, // TODO: remove after filter supports ProtoUDP 7043 {Type: "u16", Name: "dst_port"}, // TODO: remove after filter supports ProtoUDP 7044 {Type: "trace.ProtoUDP", Name: "proto_udp"}, 7045 }, 7046 }, 7047 events.NetPacketICMPBase: { 7048 ID: events.NetPacketICMPBase, 7049 id32Bit: events.Sys32Undefined, 7050 name: "net_packet_icmp_base", 7051 dependencies: dependencies{ 7052 ids: []events.ID{ 7053 events.NetPacketBase, 7054 }, 7055 }, 7056 internal: true, 7057 sets: []string{"network_events"}, 7058 params: []argMeta{ 7059 {Type: "bytes", Name: "payload"}, 7060 }, 7061 }, 7062 events.NetPacketICMP: { 7063 ID: events.NetPacketICMP, 7064 id32Bit: events.Sys32Undefined, 7065 name: "net_packet_icmp", 7066 dependencies: dependencies{ 7067 ids: []events.ID{ 7068 events.NetPacketICMPBase, 7069 }, 7070 }, 7071 sets: []string{"default", "network_events"}, 7072 params: []argMeta{ 7073 {Type: "const char*", Name: "src"}, 7074 {Type: "const char*", Name: "dst"}, 7075 {Type: "trace.ProtoICMP", Name: "proto_icmp"}, 7076 }, 7077 }, 7078 events.NetPacketICMPv6Base: { 7079 ID: events.NetPacketICMPv6Base, 7080 id32Bit: events.Sys32Undefined, 7081 name: "net_packet_icmpv6_base", 7082 internal: true, 7083 dependencies: dependencies{ 7084 ids: []events.ID{ 7085 events.NetPacketBase, 7086 }, 7087 }, 7088 sets: []string{"network_events"}, 7089 params: []argMeta{ 7090 {Type: "bytes", Name: "payload"}, 7091 }, 7092 }, 7093 events.NetPacketICMPv6: { 7094 ID: events.NetPacketICMPv6, 7095 id32Bit: events.Sys32Undefined, 7096 name: "net_packet_icmpv6", 7097 dependencies: dependencies{ 7098 ids: []events.ID{ 7099 events.NetPacketICMPv6Base, 7100 }, 7101 }, 7102 sets: []string{"default", "network_events"}, 7103 params: []argMeta{ 7104 {Type: "const char*", Name: "src"}, 7105 {Type: "const char*", Name: "dst"}, 7106 {Type: "trace.ProtoICMPv6", Name: "proto_icmpv6"}, 7107 }, 7108 }, 7109 events.NetPacketDNSBase: { 7110 ID: events.NetPacketDNSBase, 7111 id32Bit: events.Sys32Undefined, 7112 name: "net_packet_dns_base", 7113 internal: true, 7114 dependencies: dependencies{ 7115 ids: []events.ID{ 7116 events.NetPacketBase, 7117 }, 7118 }, 7119 sets: []string{"network_events"}, 7120 params: []argMeta{ 7121 {Type: "proto.DNS", Name: "payload"}, 7122 }, 7123 }, 7124 events.NetPacketDNS: { 7125 ID: events.NetPacketDNS, 7126 id32Bit: events.Sys32Undefined, 7127 name: "net_packet_dns", // preferred event to write signatures 7128 dependencies: dependencies{ 7129 ids: []events.ID{ 7130 events.NetPacketDNSBase, 7131 }, 7132 }, 7133 sets: []string{"network_events"}, 7134 params: []argMeta{ 7135 {Type: "const char*", Name: "src"}, 7136 {Type: "const char*", Name: "dst"}, 7137 {Type: "u16", Name: "src_port"}, 7138 {Type: "u16", Name: "dst_port"}, 7139 {Type: "trace.ProtoDNS", Name: "proto_dns"}, 7140 }, 7141 }, 7142 events.NetPacketDNSRequest: { 7143 ID: events.NetPacketDNSRequest, 7144 id32Bit: events.Sys32Undefined, 7145 name: "net_packet_dns_request", // simple dns event compatible dns_request (deprecated) 7146 dependencies: dependencies{ 7147 ids: []events.ID{ 7148 events.NetPacketDNSBase, 7149 }, 7150 }, 7151 sets: []string{"default", "network_events"}, 7152 params: []argMeta{ 7153 {Type: "trace.PktMeta", Name: "metadata"}, 7154 {Type: "[]trace.DnsQueryData", Name: "dns_questions"}, 7155 }, 7156 }, 7157 events.NetPacketDNSResponse: { 7158 ID: events.NetPacketDNSResponse, 7159 id32Bit: events.Sys32Undefined, 7160 name: "net_packet_dns_response", // simple dns event compatible dns_response (deprecated) 7161 dependencies: dependencies{ 7162 ids: []events.ID{ 7163 events.NetPacketDNSBase, 7164 }, 7165 }, 7166 sets: []string{"default", "network_events"}, 7167 params: []argMeta{ 7168 {Type: "trace.PktMeta", Name: "metadata"}, 7169 {Type: "[]trace.DnsResponseData", Name: "dns_response"}, 7170 }, 7171 }, 7172 events.NetPacketHTTPBase: { 7173 ID: events.NetPacketHTTPBase, 7174 id32Bit: events.Sys32Undefined, 7175 name: "net_packet_http_base", 7176 internal: true, 7177 dependencies: dependencies{ 7178 ids: []events.ID{ 7179 events.NetPacketBase, 7180 }, 7181 }, 7182 sets: []string{"network_events"}, 7183 params: []argMeta{ 7184 {Type: "bytes", Name: "payload"}, 7185 }, 7186 }, 7187 events.NetPacketHTTP: { 7188 ID: events.NetPacketHTTP, 7189 id32Bit: events.Sys32Undefined, 7190 name: "net_packet_http", // preferred event to write signatures 7191 dependencies: dependencies{ 7192 ids: []events.ID{ 7193 events.NetPacketHTTPBase, 7194 }, 7195 }, 7196 sets: []string{"network_events"}, 7197 params: []argMeta{ 7198 {Type: "const char*", Name: "src"}, 7199 {Type: "const char*", Name: "dst"}, 7200 {Type: "u16", Name: "src_port"}, 7201 {Type: "u16", Name: "dst_port"}, 7202 {Type: "trace.ProtoHTTP", Name: "proto_http"}, 7203 }, 7204 }, 7205 events.NetPacketHTTPRequest: { 7206 ID: events.NetPacketHTTPRequest, 7207 id32Bit: events.Sys32Undefined, 7208 name: "net_packet_http_request", 7209 dependencies: dependencies{ 7210 ids: []events.ID{ 7211 events.NetPacketHTTPBase, 7212 }, 7213 }, 7214 sets: []string{"default", "network_events"}, 7215 params: []argMeta{ 7216 {Type: "trace.PktMeta", Name: "metadata"}, 7217 {Type: "trace.ProtoHTTPRequest", Name: "http_request"}, 7218 }, 7219 }, 7220 events.NetPacketHTTPResponse: { 7221 ID: events.NetPacketHTTPResponse, 7222 id32Bit: events.Sys32Undefined, 7223 name: "net_packet_http_response", 7224 dependencies: dependencies{ 7225 ids: []events.ID{ 7226 events.NetPacketHTTPBase, 7227 }, 7228 }, 7229 sets: []string{"default", "network_events"}, 7230 params: []argMeta{ 7231 {Type: "trace.PktMeta", Name: "metadata"}, 7232 {Type: "trace.ProtoHTTPResponse", Name: "http_response"}, 7233 }, 7234 }, 7235 events.NetPacketSOCKS5Base: { 7236 ID: events.NetPacketSOCKS5Base, 7237 id32Bit: events.Sys32Undefined, 7238 name: "net_packet_socks5_base", 7239 internal: true, 7240 dependencies: dependencies{ 7241 ids: []events.ID{ 7242 events.NetPacketBase, 7243 }, 7244 }, 7245 sets: []string{"network_events"}, 7246 params: []argMeta{ 7247 {Type: "bytes", Name: "payload"}, 7248 }, 7249 }, 7250 events.NetPacketCapture: { 7251 ID: events.NetPacketCapture, // all packets have full payload (sent in a dedicated perfbuffer) 7252 id32Bit: events.Sys32Undefined, 7253 name: "net_packet_capture", 7254 internal: true, 7255 dependencies: dependencies{ 7256 ids: []events.ID{ 7257 events.NetPacketBase, 7258 }, 7259 }, 7260 params: []argMeta{ 7261 {Type: "bytes", Name: "payload"}, 7262 }, 7263 }, 7264 events.CaptureNetPacket: { 7265 ID: events.CaptureNetPacket, // network packet capture pseudo event 7266 id32Bit: events.Sys32Undefined, 7267 name: "capture_net_packet", 7268 internal: true, 7269 dependencies: dependencies{ 7270 ids: []events.ID{ 7271 events.NetPacketCapture, 7272 }, 7273 }, 7274 }, 7275 events.SockSetState: { 7276 ID: events.SockSetState, 7277 id32Bit: events.Sys32Undefined, 7278 name: "sock_set_state", 7279 dependencies: dependencies{ 7280 probes: []EventProbe{ 7281 {handle: ProbeSockAllocFile, required: true}, 7282 {handle: ProbeSockAllocFileRet, required: true}, 7283 {handle: ProbeSecuritySocketConnect, required: true}, 7284 {handle: ProbeSecuritySocketListen, required: true}, 7285 {handle: ProbeInetSockSetState, required: true}, 7286 }, 7287 }, 7288 params: []argMeta{ 7289 {Type: "u32", Name: "old_state"}, 7290 {Type: "u32", Name: "new_state"}, 7291 {Type: "tuple", Name: "tuple"}, 7292 }, 7293 }, 7294 events.TrackSyscallStats: { 7295 ID: events.TrackSyscallStats, 7296 id32Bit: events.Sys32Undefined, 7297 name: "track_syscall_stats", 7298 syscall: true, 7299 sets: []string{"syscalls"}, 7300 dependencies: dependencies{skipDefaultTailCalls: true}, 7301 params: []argMeta{}, 7302 }, 7303 // 7304 // End of Network Protocol Event Types (keep them at the end) 7305 // 7306 7307 // Event used for testing in unit tests 7308 events.TestEvent: { 7309 ID: events.TestEvent, 7310 id32Bit: events.Sys32Undefined, 7311 name: "test_event", 7312 internal: true, 7313 syscall: false, 7314 }, 7315 // 7316 // Begin of Signal Events (Control Plane) 7317 // 7318 events.SignalCgroupMkdir: { 7319 ID: events.SignalCgroupMkdir, 7320 id32Bit: events.Sys32Undefined, 7321 name: "signal_cgroup_mkdir", 7322 internal: true, 7323 dependencies: dependencies{ 7324 probes: []EventProbe{ 7325 {handle: SignalCgroupMkdir, required: true}, 7326 }, 7327 }, 7328 sets: []string{"signal"}, 7329 params: []argMeta{ 7330 {Type: "u64", Name: "cgroup_id"}, 7331 {Type: "const char*", Name: "cgroup_path"}, 7332 {Type: "u32", Name: "hierarchy_id"}, 7333 }, 7334 }, 7335 events.SignalCgroupRmdir: { 7336 ID: events.SignalCgroupRmdir, 7337 id32Bit: events.Sys32Undefined, 7338 name: "signal_cgroup_rmdir", 7339 internal: true, 7340 dependencies: dependencies{ 7341 probes: []EventProbe{ 7342 {handle: SignalCgroupRmdir, required: true}, 7343 }, 7344 }, 7345 sets: []string{"signal"}, 7346 params: []argMeta{ 7347 {Type: "u64", Name: "cgroup_id"}, 7348 {Type: "const char*", Name: "cgroup_path"}, 7349 {Type: "u32", Name: "hierarchy_id"}, 7350 }, 7351 }, 7352 events.NetFlowBase: { 7353 ID: events.NetFlowBase, 7354 id32Bit: events.Sys32Undefined, 7355 name: "net_packet_flow_base", 7356 internal: true, 7357 dependencies: dependencies{ 7358 ids: []events.ID{ 7359 events.NetPacketBase, 7360 }, 7361 }, 7362 sets: []string{"network_events"}, 7363 params: []argMeta{ 7364 {Type: "u8", Name: "proto"}, 7365 {Type: "u8", Name: "direction"}, 7366 {Type: "tuple", Name: "tuple"}, 7367 {Type: "u64", Name: "tx_bytes"}, 7368 {Type: "u64", Name: "rx_bytes"}, 7369 {Type: "u64", Name: "tx_packets"}, 7370 {Type: "u64", Name: "rx_packets"}, 7371 }, 7372 }, 7373 } 7374 }