github.com/cilium/ebpf@v0.15.1-0.20240517100537-8079b37aa138/examples/kprobe/kprobe.c

github.com/cilium/ebpf@v0.15.1-0.20240517100537-8079b37aa138/examples/kprobe/kprobe.c (about)

     1  //go:build ignore
     2  
     3  #include "common.h"
     4  
     5  char __license[] SEC("license") = "Dual MIT/GPL";
     6  
     7  struct bpf_map_def SEC("maps") kprobe_map = {
     8  	.type        = BPF_MAP_TYPE_ARRAY,
     9  	.key_size    = sizeof(u32),
    10  	.value_size  = sizeof(u64),
    11  	.max_entries = 1,
    12  };
    13  
    14  SEC("kprobe/sys_execve")
    15  int kprobe_execve() {
    16  	u32 key     = 0;
    17  	u64 initval = 1, *valp;
    18  
    19  	valp = bpf_map_lookup_elem(&kprobe_map, &key);
    20  	if (!valp) {
    21  		bpf_map_update_elem(&kprobe_map, &key, &initval, BPF_ANY);
    22  		return 0;
    23  	}
    24  	__sync_fetch_and_add(valp, 1);
    25  
    26  	return 0;
    27  }