mirror of
https://github.com/varun-r-mallya/Python-BPF.git
synced 2025-12-31 21:06:25 +00:00
35 lines
656 B
Python
35 lines
656 B
Python
from pythonbpf import bpf, map, struct, section, bpfglobal, compile
|
|
from pythonbpf.helpers import ktime, pid
|
|
from pythonbpf.maps import PerfEventArray
|
|
|
|
from ctypes import c_void_p, c_int64, c_int32, c_uint64
|
|
|
|
|
|
@bpf
|
|
@struct
|
|
class data_t:
|
|
pid: c_uint64
|
|
ts: c_uint64
|
|
|
|
@bpf
|
|
@map
|
|
def events() -> PerfEventArray:
|
|
return PerfEventArray(key_size=c_int32, value_size=c_int32)
|
|
|
|
@bpf
|
|
@section("tracepoint/syscalls/sys_enter_clone")
|
|
def hello(ctx: c_void_p) -> c_int32:
|
|
ts = ktime()
|
|
process_id = pid()
|
|
print(f"clone called at {ts} by pid {process_id}")
|
|
return c_int32(0)
|
|
|
|
|
|
@bpf
|
|
@bpfglobal
|
|
def LICENSE() -> str:
|
|
return "GPL"
|
|
|
|
|
|
compile()
|