varun-r-mallya/python-bpf
1
0
Fork 0
mirror of https://github.com/varun-r-mallya/Python-BPF.git synced 2025-12-31 21:06:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Move relevant vmlinux files to ex7.bpf.c

Browse Source
This commit is contained in:
Pragyansh Chaturvedi
2025-09-25 00:10:39 +05:30
parent d0be8893eb
commit 9e87ee52f2
1 changed files with 31 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
examples/c-form/ex7.bpf.c
View File

@ -1,8 +1,22 @@
// SPDX-License-Identifier: GPL-2.0 // SPDX-License-Identifier: GPL-2.0
#include <linux/bpf.h> #include <linux/bpf.h>
#include <bpf/bpf_helpers.h> #include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h> #include <bpf/bpf_tracing.h>
struct trace_entry {
short unsigned int type;
unsigned char flags;
unsigned char preempt_count;
int pid;
};
struct trace_event_raw_sys_enter {
struct trace_entry ent;
long int id;
long unsigned int args[6];
char __data[0];
};
struct event { struct event {
__u32 pid; __u32 pid;
@ -17,8 +31,7 @@ struct {
} events SEC(".maps"); } events SEC(".maps");
SEC("tp/syscalls/sys_enter_setuid") SEC("tp/syscalls/sys_enter_setuid")
int handle_setuid_entry(struct trace_event_raw_sys_enter *ctx) int handle_setuid_entry(struct trace_event_raw_sys_enter *ctx) {
{
struct event data = {}; struct event data = {};
// Extract UID from the syscall arguments // Extract UID from the syscall arguments