| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
| |
Signed-off-by: Alice Frosi <afrosi@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The build binary creates the bpf filter based on the syscalls defined in
struct bpf_call. E.g:
./build test.bpf
First, a table with the filtered syscalls is built in ascending order of
syscall number and including the amount of syscalls of that type.
After, the BPF filter with a binary search tree is constructed with:
1. the nodes for the tree search
2. the leaves with all the syscall numbers
3. every syscall arguments if present
Then, the BPF instructions are written in the input file.
Signed-off-by: Alice Frosi <afrosi@redhat.com>
|
|
|
|
|
|
| |
The flags aren't necessary anymore as the filter is built at runtime.
Signed-off-by: Alice Frosi <afrosi@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Refactor filter.sh script by:
* renaming the filter.sh to nr_syscalls.sh
* removing the BPF filter generation
* simplifying the syscall number and header generation
Signed-off-by: Alice Frosi <afrosi@redhat.com>
|
|
|
|
| |
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
|
|
|
|
|
|
|
| |
...the PROC_EVENT_EXEC we're looking for might be hiding there. Also,
avoid a possible endless loop on NLMSG_NOOP.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
|
|
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
|