From dc02279dc50ce67aae56ddc6f447a63af4839f7d Mon Sep 17 00:00:00 2001 From: Tom Weisshuhn Date: Mon, 25 Nov 2024 20:19:21 +0100 Subject: [PATCH] created Map for pids to track Signed-off-by: Tom Weisshuhn --- rust/backend/ebpf/src/sys_sendmsg.rs | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/rust/backend/ebpf/src/sys_sendmsg.rs b/rust/backend/ebpf/src/sys_sendmsg.rs index fca9bf31..5ec6f90e 100644 --- a/rust/backend/ebpf/src/sys_sendmsg.rs +++ b/rust/backend/ebpf/src/sys_sendmsg.rs @@ -3,11 +3,14 @@ // SPDX-License-Identifier: MIT use aya_ebpf::{macros::{tracepoint, map}, maps::{HashMap, RingBuf}, programs::{TracePointContext}, EbpfContext, helpers::gen::bpf_ktime_get_ns}; +use aya_log_ebpf::error; use backend_common::{generate_id, SysSendmsgCall}; #[map(name = "SYS_SENDMSG_MAP")] pub static SYS_SENDMSG_MAP: RingBuf = RingBuf::with_byte_size(1024, 0); +#[map(name = "PIDS_TO_TRACK")] +static PIDS_TO_TRACK: HashMap = HashMap::with_max_entries(1024, 0); #[map] static SYS_SENDMSG_TIMESTAMPS: HashMap = HashMap::with_max_entries(1024, 0); @@ -20,7 +23,13 @@ struct SysSendmsgIntern { #[tracepoint] pub fn sys_enter_sendmsg(ctx: TracePointContext) -> u32 { - let id = generate_id(ctx.pid(), ctx.tgid()); + let pid = ctx.pid(); + + if unsafe { PIDS_TO_TRACK.get(&pid).is_none() } { + return 1; + } + + let id = generate_id(pid, ctx.tgid()); let begin_time_stamp; let fd: i32; @@ -57,7 +66,10 @@ pub fn sys_exit_sendmsg(ctx: TracePointContext) -> u32 { let mut entry = match SYS_SENDMSG_MAP.reserve::(0) { Some(entry) => entry, - None => return 1, + None => { + error!(&ctx, "could not reserve space in SYS_SENDMSG_MAP"); + return 1; + } }; entry.write(result_data);