32 lines
652 B
C
32 lines
652 B
C
//go:build ignore
|
|
|
|
#include "common.h"
|
|
|
|
#include "bpf_tracing.h"
|
|
|
|
char __license[] SEC("license") = "Dual MIT/GPL";
|
|
|
|
struct event {
|
|
u32 pid;
|
|
u8 line[80];
|
|
};
|
|
|
|
struct {
|
|
__uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
|
|
} events SEC(".maps");
|
|
|
|
// Force emitting struct event into the ELF.
|
|
const struct event *unused __attribute__((unused));
|
|
|
|
SEC("uretprobe/bash_readline")
|
|
int uretprobe_bash_readline(struct pt_regs *ctx) {
|
|
struct event event;
|
|
|
|
event.pid = bpf_get_current_pid_tgid();
|
|
bpf_probe_read(&event.line, sizeof(event.line), (void *)PT_REGS_RC(ctx));
|
|
|
|
bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, &event, sizeof(event));
|
|
|
|
return 0;
|
|
}
|