github.com/inspektor-gadget/inspektor-gadget@v0.28.1/pkg/gadgets/traceloop/tracer/bpf/traceloop.h

github.com/inspektor-gadget/inspektor-gadget@v0.28.1/pkg/gadgets/traceloop/tracer/bpf/traceloop.h (about)

     1  // SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause)
     2  #ifndef TRACELOOP_H
     3  #define TRACELOOP_H
     4  
     5  #ifndef TASK_COMM_LEN
     6  #define TASK_COMM_LEN 16
     7  #endif
     8  
     9  #define PARAM_LEN 128
    10  
    11  /* The syscall can have max 6 arguments. */
    12  #define SYSCALL_ARGS 6
    13  
    14  /* 16 syscalls should be enough to filter out. */
    15  #define SYSCALL_FILTERS 16
    16  
    17  const __u64 PARAM_PROBE_AT_EXIT_MASK = 0xf000000000000000ULL;
    18  const __u64 USE_RET_AS_PARAM_LENGTH = 0x0ffffffffffffffeULL;
    19  
    20  /* Special values used to refer to dynamic length. */
    21  const __u64 USE_NULL_BYTE_LENGTH = 0x0fffffffffffffffULL;
    22  
    23  /*
    24   * INDEX(x) is not defined (Cgo cannot access macros),
    25   * use bit arithmetic with mask below to get value and use addition to generate.
    26   * The current maximum of parameters is 6, so that means only values until 5 may
    27   * be added to specify the index. The other theoretical limit is 13 since
    28   * 14 and 15 are reserved as written above 0xff (null-byte length) and
    29   * 0xfe (ret as param. length).
    30   */
    31  const __u64 USE_ARG_INDEX_AS_PARAM_LENGTH = 0x0ffffffffffffff0ULL;
    32  const __u64 USE_ARG_INDEX_AS_PARAM_LENGTH_MASK = 0xfULL;
    33  
    34  const __u8 SYSCALL_EVENT_TYPE_ENTER = 0;
    35  const __u8 SYSCALL_EVENT_TYPE_EXIT = 1;
    36  
    37  struct syscall_event_t {
    38  	/* __u64 ret stored in args[0] */
    39  	__u64 args[SYSCALL_ARGS];
    40  	__u64 monotonic_timestamp;
    41  	__u64 boot_timestamp;
    42  	__u32 pid;
    43  
    44  	__u16 cpu;
    45  	__u16 id;
    46  	__u8 comm[TASK_COMM_LEN];
    47  	/* how many syscall_event_cont_t messages to expect after */
    48  	__u8 cont_nr;
    49  	__u8 typ;
    50  };
    51  
    52  struct syscall_event_cont_t {
    53  	__u8 param[PARAM_LEN];
    54  	__u64 monotonic_timestamp;
    55  	__u64 length;
    56  	__u8 index;
    57  	__u8 failed;
    58  };
    59  
    60  _Static_assert(
    61  	sizeof(struct syscall_event_cont_t) != sizeof(struct syscall_event_t),
    62  	"syscall_event_t and syscall_event_cont_t must not have the same size as size is used to differentiate between them while reading from perf buffers");
    63  
    64  struct syscall_def_t {
    65  	__u64 args_len[SYSCALL_ARGS];
    66  };
    67  
    68  struct remembered_args {
    69  	__u64 monotonic_timestamp;
    70  	__u64 nr;
    71  	__u64 args[SYSCALL_ARGS];
    72  };
    73  
    74  #endif