github.com/cilium/ebpf@v0.15.1-0.20240517100537-8079b37aa138/examples/ringbuffer/ringbuffer.c

github.com/cilium/ebpf@v0.15.1-0.20240517100537-8079b37aa138/examples/ringbuffer/ringbuffer.c (about)

     1  //go:build ignore
     2  
     3  #include "common.h"
     4  
     5  char __license[] SEC("license") = "Dual MIT/GPL";
     6  
     7  struct event {
     8  	u32 pid;
     9  	u8 comm[80];
    10  };
    11  
    12  struct {
    13  	__uint(type, BPF_MAP_TYPE_RINGBUF);
    14  	__uint(max_entries, 1 << 24);
    15  } events SEC(".maps");
    16  
    17  // Force emitting struct event into the ELF.
    18  const struct event *unused __attribute__((unused));
    19  
    20  SEC("kprobe/sys_execve")
    21  int kprobe_execve(struct pt_regs *ctx) {
    22  	u64 id   = bpf_get_current_pid_tgid();
    23  	u32 tgid = id >> 32;
    24  	struct event *task_info;
    25  
    26  	task_info = bpf_ringbuf_reserve(&events, sizeof(struct event), 0);
    27  	if (!task_info) {
    28  		return 0;
    29  	}
    30  
    31  	task_info->pid = tgid;
    32  	bpf_get_current_comm(&task_info->comm, 80);
    33  
    34  	bpf_ringbuf_submit(task_info, 0);
    35  
    36  	return 0;
    37  }