/src/wireshark/epan/dissectors/packet-sysdig-event.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* EDIT WITH CARE. |
2 | | * Many sections of this file were automatically generated. |
3 | | */ |
4 | | |
5 | | /* packet-sysdig-event.c |
6 | | * Routines for Sysdig event dissection |
7 | | * http://www.sysdig.org/ |
8 | | * Copyright 2015, Gerald Combs <gerald@wireshark.org> |
9 | | * |
10 | | * Wireshark - Network traffic analyzer |
11 | | * By Gerald Combs <gerald@wireshark.org> |
12 | | * Copyright 1998 Gerald Combs |
13 | | * |
14 | | * SPDX-License-Identifier: GPL-2.0-or-later |
15 | | */ |
16 | | |
17 | | /* |
18 | | * Sysdig is a tool that captures and analyzes system state. |
19 | | * This dissects pcapng Sysdig Event Blocks (0x00000204), which contains |
20 | | * a system call entry or exit along with its associated parameters. |
21 | | */ |
22 | | |
23 | | /* |
24 | | * To do: |
25 | | * - Event with flags (0x00000208). |
26 | | * - Enter/exit delay. |
27 | | * - Most of this could be automatically generated from the Sysdig sources. |
28 | | * - Alternatively we could modify Sysdig to dump its internal tables and |
29 | | * generate a dissector from that output. |
30 | | * - Generate the column info table. |
31 | | * - Pull metainformation (processes, users, etc) into hash tables. |
32 | | */ |
33 | | |
34 | | #include <config.h> |
35 | | |
36 | | #include <epan/exceptions.h> |
37 | | #include <epan/packet.h> |
38 | | #include <epan/strutil.h> |
39 | | |
40 | | #include <packet-sysdig-event.h> |
41 | | |
42 | | #include <wiretap/wtap.h> |
43 | | #include <wiretap/pcapng_module.h> |
44 | | /* #include <epan/expert.h> */ |
45 | | /* #include <epan/prefs.h> */ |
46 | | |
47 | 0 | #define SYSDIG_PARAM_SIZE 2 |
48 | 0 | #define SYSDIG_PARAM_SIZE_V2 2 |
49 | 0 | #define SYSDIG_PARAM_SIZE_V2_LARGE 4 |
50 | | |
51 | | /* Prototypes */ |
52 | | void proto_reg_handoff_sysdig_event(void); |
53 | | void proto_register_sysdig_event(void); |
54 | | |
55 | | static dissector_handle_t sysdig_event_handle; |
56 | | |
57 | | /* Initialize the protocol and registered fields */ |
58 | | static int proto_sysdig_event; |
59 | | /* Add byte order? */ |
60 | | static int hf_se_cpu_id; |
61 | | static int hf_se_thread_id; |
62 | | static int hf_se_event_length; |
63 | | static int hf_se_nparams; |
64 | | static int hf_se_event_type; |
65 | | static int hf_se_event_name; |
66 | | |
67 | | static int hf_se_param_lens; |
68 | | static int hf_se_param_len; |
69 | | |
70 | | /* Name+type */ |
71 | | /* Header fields. Automatically generated by tools/generate-sysdig-event.py */ |
72 | | static int hf_param_ID_uint16; |
73 | | static int hf_param_action_uint32; |
74 | | static int hf_param_addr_bytes; |
75 | | static int hf_param_addr_uint64; |
76 | | static int hf_param_arg2_int_int64; |
77 | | static int hf_param_arg2_str_string; |
78 | | static int hf_param_arg_uint64; |
79 | | static int hf_param_args_string; |
80 | | static int hf_param_argument_uint64; |
81 | | static int hf_param_aux_int32; |
82 | | static int hf_param_backlog_int32; |
83 | | static int hf_param_cap_effective_uint64; |
84 | | static int hf_param_cap_inheritable_uint64; |
85 | | static int hf_param_cap_permitted_uint64; |
86 | | static int hf_param_cgroups_bytes; |
87 | | static int hf_param_clockid_uint8; |
88 | | static int hf_param_cmd_bytes; |
89 | | static int hf_param_cmd_int16; |
90 | | static int hf_param_cmd_int64; |
91 | | static int hf_param_comm_string; |
92 | | static int hf_param_container_id_string; |
93 | | static int hf_param_core_uint8; |
94 | | static int hf_param_cpu_sys_uint64; |
95 | | static int hf_param_cpu_uint32; |
96 | | static int hf_param_cpu_usr_uint64; |
97 | | static int hf_param_cq_entries_uint32; |
98 | | static int hf_param_cur_int64; |
99 | | static int hf_param_cwd_string; |
100 | | static int hf_param_data_bytes; |
101 | | static int hf_param_desc_string; |
102 | | static int hf_param_description_string; |
103 | | static int hf_param_dev_string; |
104 | | static int hf_param_dev_uint32; |
105 | | static int hf_param_dir_string; |
106 | | static int hf_param_dirfd_int64; |
107 | | static int hf_param_domain_bytes; |
108 | | static int hf_param_dpid_int64; |
109 | | static int hf_param_dqb_bhardlimit_uint64; |
110 | | static int hf_param_dqb_bsoftlimit_uint64; |
111 | | static int hf_param_dqb_btime_bytes; |
112 | | static int hf_param_dqb_curspace_uint64; |
113 | | static int hf_param_dqb_ihardlimit_uint64; |
114 | | static int hf_param_dqb_isoftlimit_uint64; |
115 | | static int hf_param_dqb_itime_bytes; |
116 | | static int hf_param_dqi_bgrace_bytes; |
117 | | static int hf_param_dqi_flags_int8; |
118 | | static int hf_param_dqi_igrace_bytes; |
119 | | static int hf_param_egid_int32; |
120 | | static int hf_param_entries_uint32; |
121 | | static int hf_param_env_string; |
122 | | static int hf_param_error_int32; |
123 | | static int hf_param_euid_int32; |
124 | | static int hf_param_event_data_bytes; |
125 | | static int hf_param_event_data_uint64; |
126 | | static int hf_param_event_type_uint32; |
127 | | static int hf_param_exe_ino_ctime_bytes; |
128 | | static int hf_param_exe_ino_mtime_bytes; |
129 | | static int hf_param_exe_ino_uint64; |
130 | | static int hf_param_exe_string; |
131 | | static int hf_param_fd1_int64; |
132 | | static int hf_param_fd2_int64; |
133 | | static int hf_param_fd_in_int64; |
134 | | static int hf_param_fd_int64; |
135 | | static int hf_param_fd_out_int64; |
136 | | static int hf_param_fdin_int64; |
137 | | static int hf_param_fdlimit_int64; |
138 | | static int hf_param_fdlimit_uint64; |
139 | | static int hf_param_fdout_int64; |
140 | | static int hf_param_fds_bytes; |
141 | | static int hf_param_features_int32; |
142 | | static int hf_param_filename_string; |
143 | | static int hf_param_flags_int16; |
144 | | static int hf_param_flags_int32; |
145 | | static int hf_param_flags_uint32; |
146 | | static int hf_param_flags_uint64; |
147 | | static int hf_param_flags_uint8; |
148 | | static int hf_param_gid_int32; |
149 | | static int hf_param_gid_uint32; |
150 | | static int hf_param_home_string; |
151 | | static int hf_param_how_bytes; |
152 | | static int hf_param_id_int64; |
153 | | static int hf_param_id_string; |
154 | | static int hf_param_id_uint32; |
155 | | static int hf_param_image_string; |
156 | | static int hf_param_img_bytes; |
157 | | static int hf_param_in_fd_int64; |
158 | | static int hf_param_initval_uint64; |
159 | | static int hf_param_ino_uint64; |
160 | | static int hf_param_interval_bytes; |
161 | | static int hf_param_ip_uint64; |
162 | | static int hf_param_json_string; |
163 | | static int hf_param_key_int32; |
164 | | static int hf_param_key_string; |
165 | | static int hf_param_len_uint64; |
166 | | static int hf_param_length_uint64; |
167 | | static int hf_param_level_bytes; |
168 | | static int hf_param_linkdirfd_int64; |
169 | | static int hf_param_linkpath_string; |
170 | | static int hf_param_loginuid_int32; |
171 | | static int hf_param_mask_uint32; |
172 | | static int hf_param_max_int64; |
173 | | static int hf_param_maxevents_int64; |
174 | | static int hf_param_min_complete_uint32; |
175 | | static int hf_param_mode_int32; |
176 | | static int hf_param_mode_uint32; |
177 | | static int hf_param_mountfd_int64; |
178 | | static int hf_param_msgcontrol_bytes; |
179 | | static int hf_param_name_string; |
180 | | static int hf_param_nativeID_uint16; |
181 | | static int hf_param_newcur_int64; |
182 | | static int hf_param_newdir_int64; |
183 | | static int hf_param_newdirfd_int64; |
184 | | static int hf_param_newfd_int64; |
185 | | static int hf_param_newmax_int64; |
186 | | static int hf_param_newpath_string; |
187 | | static int hf_param_next_int64; |
188 | | static int hf_param_nr_args_uint32; |
189 | | static int hf_param_nsems_int32; |
190 | | static int hf_param_nsops_uint32; |
191 | | static int hf_param_nstype_int32; |
192 | | static int hf_param_offin_uint64; |
193 | | static int hf_param_offout_uint64; |
194 | | static int hf_param_offset_uint64; |
195 | | static int hf_param_oldcur_int64; |
196 | | static int hf_param_olddir_int64; |
197 | | static int hf_param_olddirfd_int64; |
198 | | static int hf_param_oldfd_int64; |
199 | | static int hf_param_oldmax_int64; |
200 | | static int hf_param_oldpath_string; |
201 | | static int hf_param_op_bytes; |
202 | | static int hf_param_op_uint64; |
203 | | static int hf_param_opcode_bytes; |
204 | | static int hf_param_operation_int32; |
205 | | static int hf_param_option_bytes; |
206 | | static int hf_param_optlen_uint32; |
207 | | static int hf_param_optname_bytes; |
208 | | static int hf_param_out_fd_int64; |
209 | | static int hf_param_path_string; |
210 | | static int hf_param_pathname_string; |
211 | | static int hf_param_peer_uint64; |
212 | | static int hf_param_pgft_maj_uint64; |
213 | | static int hf_param_pgft_min_uint64; |
214 | | static int hf_param_pgid_int64; |
215 | | static int hf_param_pgoffset_uint64; |
216 | | static int hf_param_pid_fd_int64; |
217 | | static int hf_param_pid_int64; |
218 | | static int hf_param_pidns_init_start_ts_uint64; |
219 | | static int hf_param_plugin_id_uint32; |
220 | | static int hf_param_pos_uint64; |
221 | | static int hf_param_prot_int32; |
222 | | static int hf_param_proto_uint32; |
223 | | static int hf_param_ptid_int64; |
224 | | static int hf_param_queuelen_uint32; |
225 | | static int hf_param_queuemax_uint32; |
226 | | static int hf_param_queuepct_uint8; |
227 | | static int hf_param_quota_fmt_int8; |
228 | | static int hf_param_quota_fmt_out_int8; |
229 | | static int hf_param_quotafilepath_string; |
230 | | static int hf_param_ratio_uint32; |
231 | | static int hf_param_reaper_tid_int64; |
232 | | static int hf_param_request_bytes; |
233 | | static int hf_param_request_uint64; |
234 | | static int hf_param_res_int64; |
235 | | static int hf_param_res_or_fd_bytes; |
236 | | static int hf_param_res_uint64; |
237 | | static int hf_param_resolve_int32; |
238 | | static int hf_param_resource_bytes; |
239 | | static int hf_param_ret_int64; |
240 | | static int hf_param_rgid_int32; |
241 | | static int hf_param_ruid_int32; |
242 | | static int hf_param_scope_string; |
243 | | static int hf_param_sem_flg_0_int16; |
244 | | static int hf_param_sem_flg_1_int16; |
245 | | static int hf_param_sem_num_0_uint16; |
246 | | static int hf_param_sem_num_1_uint16; |
247 | | static int hf_param_sem_op_0_int16; |
248 | | static int hf_param_sem_op_1_int16; |
249 | | static int hf_param_semflg_int32; |
250 | | static int hf_param_semid_int32; |
251 | | static int hf_param_semnum_int32; |
252 | | static int hf_param_sgid_int32; |
253 | | static int hf_param_shell_string; |
254 | | static int hf_param_sig_bytes; |
255 | | static int hf_param_sigmask_bytes; |
256 | | static int hf_param_size_int32; |
257 | | static int hf_param_size_uint32; |
258 | | static int hf_param_size_uint64; |
259 | | static int hf_param_source_string; |
260 | | static int hf_param_source_uint64; |
261 | | static int hf_param_special_string; |
262 | | static int hf_param_spid_int64; |
263 | | static int hf_param_sq_entries_uint32; |
264 | | static int hf_param_sq_thread_cpu_uint32; |
265 | | static int hf_param_sq_thread_idle_uint32; |
266 | | static int hf_param_status_int64; |
267 | | static int hf_param_suid_int32; |
268 | | static int hf_param_tags_bytes; |
269 | | static int hf_param_target_fd_int64; |
270 | | static int hf_param_target_string; |
271 | | static int hf_param_tid_int64; |
272 | | static int hf_param_timeout_bytes; |
273 | | static int hf_param_timeout_int64; |
274 | | static int hf_param_to_submit_uint32; |
275 | | static int hf_param_trusted_exepath_string; |
276 | | static int hf_param_tty_int32; |
277 | | static int hf_param_tty_uint32; |
278 | | static int hf_param_tuple_bytes; |
279 | | static int hf_param_type_int8; |
280 | | static int hf_param_type_string; |
281 | | static int hf_param_type_uint32; |
282 | | static int hf_param_uargs_string; |
283 | | static int hf_param_uid_int32; |
284 | | static int hf_param_uid_uint32; |
285 | | static int hf_param_val_bytes; |
286 | | static int hf_param_val_int32; |
287 | | static int hf_param_val_uint64; |
288 | | static int hf_param_value_bytebuf_bytes; |
289 | | static int hf_param_value_charbuf_string; |
290 | | static int hf_param_vm_rss_uint32; |
291 | | static int hf_param_vm_size_uint32; |
292 | | static int hf_param_vm_swap_uint32; |
293 | | static int hf_param_vpid_int64; |
294 | | static int hf_param_vtid_int64; |
295 | | static int hf_param_whence_bytes; |
296 | | |
297 | | /* Initialize the subtree pointers */ |
298 | | static int ett_sysdig_event; |
299 | | static int ett_sysdig_parm_lens; |
300 | | static int ett_sysdig_syscall; |
301 | | |
302 | | /* Initialize the pointer to the child plugin dissector */ |
303 | | static dissector_handle_t sinsp_dissector_handle; |
304 | | static dissector_handle_t elf_dissector_handle; |
305 | | |
306 | 0 | #define SYSDIG_EVENT_MIN_LENGTH 8 /* XXX Fix */ |
307 | | |
308 | | |
309 | | /* Event names. Automatically generated by tools/generate-sysdig-event.py */ |
310 | | #define EVT_STR_NA "NA" |
311 | | #define EVT_STR_ACCEPT "accept" |
312 | | #define EVT_STR_ACCEPT4 "accept4" |
313 | | #define EVT_STR_ACCESS "access" |
314 | | #define EVT_STR_ASYNCEVENT "asyncevent" |
315 | | #define EVT_STR_BIND "bind" |
316 | | #define EVT_STR_BPF "bpf" |
317 | | #define EVT_STR_BRK "brk" |
318 | | #define EVT_STR_CAPSET "capset" |
319 | | #define EVT_STR_CHDIR "chdir" |
320 | | #define EVT_STR_CHMOD "chmod" |
321 | | #define EVT_STR_CHOWN "chown" |
322 | | #define EVT_STR_CHROOT "chroot" |
323 | | #define EVT_STR_CLONE "clone" |
324 | | #define EVT_STR_CLONE3 "clone3" |
325 | | #define EVT_STR_CLOSE "close" |
326 | | #define EVT_STR_CONNECT "connect" |
327 | | #define EVT_STR_CONTAINER "container" |
328 | | #define EVT_STR_COPY_FILE_RANGE "copy_file_range" |
329 | | #define EVT_STR_CPU_HOTPLUG "cpu_hotplug" |
330 | | #define EVT_STR_CREAT "creat" |
331 | | #define EVT_STR_DELETE_MODULE "delete_module" |
332 | | #define EVT_STR_DROP "drop" |
333 | | #define EVT_STR_DUP "dup" |
334 | | #define EVT_STR_DUP2 "dup2" |
335 | | #define EVT_STR_DUP3 "dup3" |
336 | | #define EVT_STR_EPOLL_CREATE "epoll_create" |
337 | | #define EVT_STR_EPOLL_CREATE1 "epoll_create1" |
338 | | #define EVT_STR_EPOLL_WAIT "epoll_wait" |
339 | | #define EVT_STR_EVENTFD "eventfd" |
340 | | #define EVT_STR_EVENTFD2 "eventfd2" |
341 | | #define EVT_STR_EXECVE "execve" |
342 | | #define EVT_STR_EXECVEAT "execveat" |
343 | | #define EVT_STR_FCHDIR "fchdir" |
344 | | #define EVT_STR_FCHMOD "fchmod" |
345 | | #define EVT_STR_FCHMODAT "fchmodat" |
346 | | #define EVT_STR_FCHOWN "fchown" |
347 | | #define EVT_STR_FCHOWNAT "fchownat" |
348 | | #define EVT_STR_FCNTL "fcntl" |
349 | | #define EVT_STR_FINIT_MODULE "finit_module" |
350 | | #define EVT_STR_FLOCK "flock" |
351 | | #define EVT_STR_FORK "fork" |
352 | | #define EVT_STR_FSCONFIG "fsconfig" |
353 | | #define EVT_STR_FSTAT "fstat" |
354 | | #define EVT_STR_FSTAT64 "fstat64" |
355 | | #define EVT_STR_FUTEX "futex" |
356 | | #define EVT_STR_GETCWD "getcwd" |
357 | | #define EVT_STR_GETDENTS "getdents" |
358 | | #define EVT_STR_GETDENTS64 "getdents64" |
359 | | #define EVT_STR_GETEGID "getegid" |
360 | | #define EVT_STR_GETEUID "geteuid" |
361 | | #define EVT_STR_GETGID "getgid" |
362 | | #define EVT_STR_GETPEERNAME "getpeername" |
363 | | #define EVT_STR_GETRESGID "getresgid" |
364 | | #define EVT_STR_GETRESUID "getresuid" |
365 | | #define EVT_STR_GETRLIMIT "getrlimit" |
366 | | #define EVT_STR_GETSOCKNAME "getsockname" |
367 | | #define EVT_STR_GETSOCKOPT "getsockopt" |
368 | | #define EVT_STR_GETUID "getuid" |
369 | | #define EVT_STR_GROUPADDED "groupadded" |
370 | | #define EVT_STR_GROUPDELETED "groupdeleted" |
371 | | #define EVT_STR_INFRA "infra" |
372 | | #define EVT_STR_INIT_MODULE "init_module" |
373 | | #define EVT_STR_INOTIFY_INIT "inotify_init" |
374 | | #define EVT_STR_INOTIFY_INIT1 "inotify_init1" |
375 | | #define EVT_STR_IO_URING_ENTER "io_uring_enter" |
376 | | #define EVT_STR_IO_URING_REGISTER "io_uring_register" |
377 | | #define EVT_STR_IO_URING_SETUP "io_uring_setup" |
378 | | #define EVT_STR_IOCTL "ioctl" |
379 | | #define EVT_STR_K8S "k8s" |
380 | | #define EVT_STR_KILL "kill" |
381 | | #define EVT_STR_LCHOWN "lchown" |
382 | | #define EVT_STR_LINK "link" |
383 | | #define EVT_STR_LINKAT "linkat" |
384 | | #define EVT_STR_LISTEN "listen" |
385 | | #define EVT_STR_LLSEEK "llseek" |
386 | | #define EVT_STR_LSEEK "lseek" |
387 | | #define EVT_STR_LSTAT "lstat" |
388 | | #define EVT_STR_LSTAT64 "lstat64" |
389 | | #define EVT_STR_MEMFD_CREATE "memfd_create" |
390 | | #define EVT_STR_MESOS "mesos" |
391 | | #define EVT_STR_MKDIR "mkdir" |
392 | | #define EVT_STR_MKDIRAT "mkdirat" |
393 | | #define EVT_STR_MKNOD "mknod" |
394 | | #define EVT_STR_MKNODAT "mknodat" |
395 | | #define EVT_STR_MLOCK "mlock" |
396 | | #define EVT_STR_MLOCK2 "mlock2" |
397 | | #define EVT_STR_MLOCKALL "mlockall" |
398 | | #define EVT_STR_MMAP "mmap" |
399 | | #define EVT_STR_MMAP2 "mmap2" |
400 | | #define EVT_STR_MOUNT "mount" |
401 | | #define EVT_STR_MPROTECT "mprotect" |
402 | | #define EVT_STR_MUNLOCK "munlock" |
403 | | #define EVT_STR_MUNLOCKALL "munlockall" |
404 | | #define EVT_STR_MUNMAP "munmap" |
405 | | #define EVT_STR_NANOSLEEP "nanosleep" |
406 | | #define EVT_STR_NEWFSTATAT "newfstatat" |
407 | | #define EVT_STR_NOTIFICATION "notification" |
408 | | #define EVT_STR_OPEN "open" |
409 | | #define EVT_STR_OPEN_BY_HANDLE_AT "open_by_handle_at" |
410 | | #define EVT_STR_OPENAT "openat" |
411 | | #define EVT_STR_OPENAT2 "openat2" |
412 | | #define EVT_STR_PAGE_FAULT "page_fault" |
413 | | #define EVT_STR_PIDFD_GETFD "pidfd_getfd" |
414 | | #define EVT_STR_PIDFD_OPEN "pidfd_open" |
415 | | #define EVT_STR_PIPE "pipe" |
416 | | #define EVT_STR_PIPE2 "pipe2" |
417 | | #define EVT_STR_PLUGINEVENT "pluginevent" |
418 | | #define EVT_STR_POLL "poll" |
419 | | #define EVT_STR_PPOLL "ppoll" |
420 | | #define EVT_STR_PRCTL "prctl" |
421 | | #define EVT_STR_PREAD "pread" |
422 | | #define EVT_STR_PREADV "preadv" |
423 | | #define EVT_STR_PRLIMIT "prlimit" |
424 | | #define EVT_STR_PROCESS_VM_READV "process_vm_readv" |
425 | | #define EVT_STR_PROCESS_VM_WRITEV "process_vm_writev" |
426 | | #define EVT_STR_PROCEXIT "procexit" |
427 | | #define EVT_STR_PROCINFO "procinfo" |
428 | | #define EVT_STR_PTRACE "ptrace" |
429 | | #define EVT_STR_PWRITE "pwrite" |
430 | | #define EVT_STR_PWRITEV "pwritev" |
431 | | #define EVT_STR_QUOTACTL "quotactl" |
432 | | #define EVT_STR_READ "read" |
433 | | #define EVT_STR_READV "readv" |
434 | | #define EVT_STR_RECV "recv" |
435 | | #define EVT_STR_RECVFROM "recvfrom" |
436 | | #define EVT_STR_RECVMMSG "recvmmsg" |
437 | | #define EVT_STR_RECVMSG "recvmsg" |
438 | | #define EVT_STR_RENAME "rename" |
439 | | #define EVT_STR_RENAMEAT "renameat" |
440 | | #define EVT_STR_RENAMEAT2 "renameat2" |
441 | | #define EVT_STR_RMDIR "rmdir" |
442 | | #define EVT_STR_SCAPEVENT "scapevent" |
443 | | #define EVT_STR_SECCOMP "seccomp" |
444 | | #define EVT_STR_SELECT "select" |
445 | | #define EVT_STR_SEMCTL "semctl" |
446 | | #define EVT_STR_SEMGET "semget" |
447 | | #define EVT_STR_SEMOP "semop" |
448 | | #define EVT_STR_SEND "send" |
449 | | #define EVT_STR_SENDFILE "sendfile" |
450 | | #define EVT_STR_SENDMMSG "sendmmsg" |
451 | | #define EVT_STR_SENDMSG "sendmsg" |
452 | | #define EVT_STR_SENDTO "sendto" |
453 | | #define EVT_STR_SETGID "setgid" |
454 | | #define EVT_STR_SETNS "setns" |
455 | | #define EVT_STR_SETPGID "setpgid" |
456 | | #define EVT_STR_SETREGID "setregid" |
457 | | #define EVT_STR_SETRESGID "setresgid" |
458 | | #define EVT_STR_SETRESUID "setresuid" |
459 | | #define EVT_STR_SETREUID "setreuid" |
460 | | #define EVT_STR_SETRLIMIT "setrlimit" |
461 | | #define EVT_STR_SETSID "setsid" |
462 | | #define EVT_STR_SETSOCKOPT "setsockopt" |
463 | | #define EVT_STR_SETUID "setuid" |
464 | | #define EVT_STR_SHUTDOWN "shutdown" |
465 | | #define EVT_STR_SIGNALDELIVER "signaldeliver" |
466 | | #define EVT_STR_SIGNALFD "signalfd" |
467 | | #define EVT_STR_SIGNALFD4 "signalfd4" |
468 | | #define EVT_STR_SOCKET "socket" |
469 | | #define EVT_STR_SOCKETPAIR "socketpair" |
470 | | #define EVT_STR_SPLICE "splice" |
471 | | #define EVT_STR_STAT "stat" |
472 | | #define EVT_STR_STAT64 "stat64" |
473 | | #define EVT_STR_SWITCH "switch" |
474 | | #define EVT_STR_SYMLINK "symlink" |
475 | | #define EVT_STR_SYMLINKAT "symlinkat" |
476 | | #define EVT_STR_SYSCALL "syscall" |
477 | | #define EVT_STR_TGKILL "tgkill" |
478 | | #define EVT_STR_TIMERFD_CREATE "timerfd_create" |
479 | | #define EVT_STR_TKILL "tkill" |
480 | | #define EVT_STR_TRACER "tracer" |
481 | | #define EVT_STR_UMOUNT "umount" |
482 | | #define EVT_STR_UMOUNT2 "umount2" |
483 | | #define EVT_STR_UNLINK "unlink" |
484 | | #define EVT_STR_UNLINKAT "unlinkat" |
485 | | #define EVT_STR_UNSHARE "unshare" |
486 | | #define EVT_STR_USERADDED "useradded" |
487 | | #define EVT_STR_USERDELETED "userdeleted" |
488 | | #define EVT_STR_USERFAULTFD "userfaultfd" |
489 | | #define EVT_STR_VFORK "vfork" |
490 | | #define EVT_STR_WRITE "write" |
491 | | #define EVT_STR_WRITEV "writev" |
492 | | |
493 | | /* EVT_... = PPME_... */ |
494 | | /* Event definitions. Automatically generated by tools/generate-sysdig-event.py */ |
495 | | #define EVT_GENERIC_E 0 |
496 | | #define EVT_GENERIC_X 1 |
497 | | #define EVT_SYSCALL_OPEN_E 2 |
498 | | #define EVT_SYSCALL_OPEN_X 3 |
499 | | #define EVT_SYSCALL_CLOSE_E 4 |
500 | | #define EVT_SYSCALL_CLOSE_X 5 |
501 | | #define EVT_SYSCALL_READ_E 6 |
502 | | #define EVT_SYSCALL_READ_X 7 |
503 | | #define EVT_SYSCALL_WRITE_E 8 |
504 | | #define EVT_SYSCALL_WRITE_X 9 |
505 | | #define EVT_SYSCALL_BRK_1_E 10 |
506 | | #define EVT_SYSCALL_BRK_1_X 11 |
507 | | #define EVT_SYSCALL_EXECVE_8_E 12 |
508 | | #define EVT_SYSCALL_EXECVE_8_X 13 |
509 | | #define EVT_SYSCALL_CLONE_11_E 14 |
510 | | #define EVT_SYSCALL_CLONE_11_X 15 |
511 | | #define EVT_PROCEXIT_E 16 |
512 | | #define EVT_PROCEXIT_X 17 |
513 | | #define EVT_SOCKET_SOCKET_E 18 |
514 | | #define EVT_SOCKET_SOCKET_X 19 |
515 | | #define EVT_SOCKET_BIND_E 20 |
516 | | #define EVT_SOCKET_BIND_X 21 |
517 | | #define EVT_SOCKET_CONNECT_E 22 |
518 | | #define EVT_SOCKET_CONNECT_X 23 |
519 | | #define EVT_SOCKET_LISTEN_E 24 |
520 | | #define EVT_SOCKET_LISTEN_X 25 |
521 | | #define EVT_SOCKET_ACCEPT_E 26 |
522 | | #define EVT_SOCKET_ACCEPT_X 27 |
523 | | #define EVT_SOCKET_SEND_E 28 |
524 | | #define EVT_SOCKET_SEND_X 29 |
525 | | #define EVT_SOCKET_SENDTO_E 30 |
526 | | #define EVT_SOCKET_SENDTO_X 31 |
527 | | #define EVT_SOCKET_RECV_E 32 |
528 | | #define EVT_SOCKET_RECV_X 33 |
529 | | #define EVT_SOCKET_RECVFROM_E 34 |
530 | | #define EVT_SOCKET_RECVFROM_X 35 |
531 | | #define EVT_SOCKET_SHUTDOWN_E 36 |
532 | | #define EVT_SOCKET_SHUTDOWN_X 37 |
533 | | #define EVT_SOCKET_GETSOCKNAME_E 38 |
534 | | #define EVT_SOCKET_GETSOCKNAME_X 39 |
535 | | #define EVT_SOCKET_GETPEERNAME_E 40 |
536 | | #define EVT_SOCKET_GETPEERNAME_X 41 |
537 | | #define EVT_SOCKET_SOCKETPAIR_E 42 |
538 | | #define EVT_SOCKET_SOCKETPAIR_X 43 |
539 | | #define EVT_SOCKET_SETSOCKOPT_E 44 |
540 | | #define EVT_SOCKET_SETSOCKOPT_X 45 |
541 | | #define EVT_SOCKET_GETSOCKOPT_E 46 |
542 | | #define EVT_SOCKET_GETSOCKOPT_X 47 |
543 | | #define EVT_SOCKET_SENDMSG_E 48 |
544 | | #define EVT_SOCKET_SENDMSG_X 49 |
545 | | #define EVT_SOCKET_SENDMMSG_E 50 |
546 | | #define EVT_SOCKET_SENDMMSG_X 51 |
547 | | #define EVT_SOCKET_RECVMSG_E 52 |
548 | | #define EVT_SOCKET_RECVMSG_X 53 |
549 | | #define EVT_SOCKET_RECVMMSG_E 54 |
550 | | #define EVT_SOCKET_RECVMMSG_X 55 |
551 | | #define EVT_SOCKET_ACCEPT4_E 56 |
552 | | #define EVT_SOCKET_ACCEPT4_X 57 |
553 | | #define EVT_SYSCALL_CREAT_E 58 |
554 | | #define EVT_SYSCALL_CREAT_X 59 |
555 | | #define EVT_SYSCALL_PIPE_E 60 |
556 | | #define EVT_SYSCALL_PIPE_X 61 |
557 | | #define EVT_SYSCALL_EVENTFD_E 62 |
558 | | #define EVT_SYSCALL_EVENTFD_X 63 |
559 | | #define EVT_SYSCALL_FUTEX_E 64 |
560 | | #define EVT_SYSCALL_FUTEX_X 65 |
561 | | #define EVT_SYSCALL_STAT_E 66 |
562 | | #define EVT_SYSCALL_STAT_X 67 |
563 | | #define EVT_SYSCALL_LSTAT_E 68 |
564 | | #define EVT_SYSCALL_LSTAT_X 69 |
565 | | #define EVT_SYSCALL_FSTAT_E 70 |
566 | | #define EVT_SYSCALL_FSTAT_X 71 |
567 | | #define EVT_SYSCALL_STAT64_E 72 |
568 | | #define EVT_SYSCALL_STAT64_X 73 |
569 | | #define EVT_SYSCALL_LSTAT64_E 74 |
570 | | #define EVT_SYSCALL_LSTAT64_X 75 |
571 | | #define EVT_SYSCALL_FSTAT64_E 76 |
572 | | #define EVT_SYSCALL_FSTAT64_X 77 |
573 | | #define EVT_SYSCALL_EPOLLWAIT_E 78 |
574 | | #define EVT_SYSCALL_EPOLLWAIT_X 79 |
575 | | #define EVT_SYSCALL_POLL_E 80 |
576 | | #define EVT_SYSCALL_POLL_X 81 |
577 | | #define EVT_SYSCALL_SELECT_E 82 |
578 | | #define EVT_SYSCALL_SELECT_X 83 |
579 | | #define EVT_SYSCALL_NEWSELECT_E 84 |
580 | | #define EVT_SYSCALL_NEWSELECT_X 85 |
581 | | #define EVT_SYSCALL_LSEEK_E 86 |
582 | | #define EVT_SYSCALL_LSEEK_X 87 |
583 | | #define EVT_SYSCALL_LLSEEK_E 88 |
584 | | #define EVT_SYSCALL_LLSEEK_X 89 |
585 | | #define EVT_SYSCALL_IOCTL_2_E 90 |
586 | | #define EVT_SYSCALL_IOCTL_2_X 91 |
587 | | #define EVT_SYSCALL_GETCWD_E 92 |
588 | | #define EVT_SYSCALL_GETCWD_X 93 |
589 | | #define EVT_SYSCALL_CHDIR_E 94 |
590 | | #define EVT_SYSCALL_CHDIR_X 95 |
591 | | #define EVT_SYSCALL_FCHDIR_E 96 |
592 | | #define EVT_SYSCALL_FCHDIR_X 97 |
593 | | #define EVT_SYSCALL_MKDIR_E 98 |
594 | | #define EVT_SYSCALL_MKDIR_X 99 |
595 | | #define EVT_SYSCALL_RMDIR_E 100 |
596 | | #define EVT_SYSCALL_RMDIR_X 101 |
597 | | #define EVT_SYSCALL_OPENAT_E 102 |
598 | | #define EVT_SYSCALL_OPENAT_X 103 |
599 | | #define EVT_SYSCALL_LINK_E 104 |
600 | | #define EVT_SYSCALL_LINK_X 105 |
601 | | #define EVT_SYSCALL_LINKAT_E 106 |
602 | | #define EVT_SYSCALL_LINKAT_X 107 |
603 | | #define EVT_SYSCALL_UNLINK_E 108 |
604 | | #define EVT_SYSCALL_UNLINK_X 109 |
605 | | #define EVT_SYSCALL_UNLINKAT_E 110 |
606 | | #define EVT_SYSCALL_UNLINKAT_X 111 |
607 | | #define EVT_SYSCALL_PREAD_E 112 |
608 | | #define EVT_SYSCALL_PREAD_X 113 |
609 | | #define EVT_SYSCALL_PWRITE_E 114 |
610 | | #define EVT_SYSCALL_PWRITE_X 115 |
611 | | #define EVT_SYSCALL_READV_E 116 |
612 | | #define EVT_SYSCALL_READV_X 117 |
613 | | #define EVT_SYSCALL_WRITEV_E 118 |
614 | | #define EVT_SYSCALL_WRITEV_X 119 |
615 | | #define EVT_SYSCALL_PREADV_E 120 |
616 | | #define EVT_SYSCALL_PREADV_X 121 |
617 | | #define EVT_SYSCALL_PWRITEV_E 122 |
618 | | #define EVT_SYSCALL_PWRITEV_X 123 |
619 | | #define EVT_SYSCALL_DUP_E 124 |
620 | | #define EVT_SYSCALL_DUP_X 125 |
621 | | #define EVT_SYSCALL_SIGNALFD_E 126 |
622 | | #define EVT_SYSCALL_SIGNALFD_X 127 |
623 | | #define EVT_SYSCALL_KILL_E 128 |
624 | | #define EVT_SYSCALL_KILL_X 129 |
625 | | #define EVT_SYSCALL_TKILL_E 130 |
626 | | #define EVT_SYSCALL_TKILL_X 131 |
627 | | #define EVT_SYSCALL_TGKILL_E 132 |
628 | | #define EVT_SYSCALL_TGKILL_X 133 |
629 | | #define EVT_SYSCALL_NANOSLEEP_E 134 |
630 | | #define EVT_SYSCALL_NANOSLEEP_X 135 |
631 | | #define EVT_SYSCALL_TIMERFD_CREATE_E 136 |
632 | | #define EVT_SYSCALL_TIMERFD_CREATE_X 137 |
633 | | #define EVT_SYSCALL_INOTIFY_INIT_E 138 |
634 | | #define EVT_SYSCALL_INOTIFY_INIT_X 139 |
635 | | #define EVT_SYSCALL_GETRLIMIT_E 140 |
636 | | #define EVT_SYSCALL_GETRLIMIT_X 141 |
637 | | #define EVT_SYSCALL_SETRLIMIT_E 142 |
638 | | #define EVT_SYSCALL_SETRLIMIT_X 143 |
639 | | #define EVT_SYSCALL_PRLIMIT_E 144 |
640 | | #define EVT_SYSCALL_PRLIMIT_X 145 |
641 | | #define EVT_SCHEDSWITCH_1_E 146 |
642 | | #define EVT_SCHEDSWITCH_1_X 147 |
643 | | #define EVT_DROP_E 148 |
644 | | #define EVT_DROP_X 149 |
645 | | #define EVT_SYSCALL_FCNTL_E 150 |
646 | | #define EVT_SYSCALL_FCNTL_X 151 |
647 | | #define EVT_SCHEDSWITCH_6_E 152 |
648 | | #define EVT_SCHEDSWITCH_6_X 153 |
649 | | #define EVT_SYSCALL_EXECVE_13_E 154 |
650 | | #define EVT_SYSCALL_EXECVE_13_X 155 |
651 | | #define EVT_SYSCALL_CLONE_16_E 156 |
652 | | #define EVT_SYSCALL_CLONE_16_X 157 |
653 | | #define EVT_SYSCALL_BRK_4_E 158 |
654 | | #define EVT_SYSCALL_BRK_4_X 159 |
655 | | #define EVT_SYSCALL_MMAP_E 160 |
656 | | #define EVT_SYSCALL_MMAP_X 161 |
657 | | #define EVT_SYSCALL_MMAP2_E 162 |
658 | | #define EVT_SYSCALL_MMAP2_X 163 |
659 | | #define EVT_SYSCALL_MUNMAP_E 164 |
660 | | #define EVT_SYSCALL_MUNMAP_X 165 |
661 | | #define EVT_SYSCALL_SPLICE_E 166 |
662 | | #define EVT_SYSCALL_SPLICE_X 167 |
663 | | #define EVT_SYSCALL_PTRACE_E 168 |
664 | | #define EVT_SYSCALL_PTRACE_X 169 |
665 | | #define EVT_SYSCALL_IOCTL_3_E 170 |
666 | | #define EVT_SYSCALL_IOCTL_3_X 171 |
667 | | #define EVT_SYSCALL_EXECVE_14_E 172 |
668 | | #define EVT_SYSCALL_EXECVE_14_X 173 |
669 | | #define EVT_SYSCALL_RENAME_E 174 |
670 | | #define EVT_SYSCALL_RENAME_X 175 |
671 | | #define EVT_SYSCALL_RENAMEAT_E 176 |
672 | | #define EVT_SYSCALL_RENAMEAT_X 177 |
673 | | #define EVT_SYSCALL_SYMLINK_E 178 |
674 | | #define EVT_SYSCALL_SYMLINK_X 179 |
675 | | #define EVT_SYSCALL_SYMLINKAT_E 180 |
676 | | #define EVT_SYSCALL_SYMLINKAT_X 181 |
677 | | #define EVT_SYSCALL_FORK_E 182 |
678 | | #define EVT_SYSCALL_FORK_X 183 |
679 | | #define EVT_SYSCALL_VFORK_E 184 |
680 | | #define EVT_SYSCALL_VFORK_X 185 |
681 | | #define EVT_PROCEXIT_1_E 186 |
682 | | #define EVT_PROCEXIT_1_X 187 |
683 | | #define EVT_SYSCALL_SENDFILE_E 188 |
684 | | #define EVT_SYSCALL_SENDFILE_X 189 |
685 | | #define EVT_SYSCALL_QUOTACTL_E 190 |
686 | | #define EVT_SYSCALL_QUOTACTL_X 191 |
687 | | #define EVT_SYSCALL_SETRESUID_E 192 |
688 | | #define EVT_SYSCALL_SETRESUID_X 193 |
689 | | #define EVT_SYSCALL_SETRESGID_E 194 |
690 | | #define EVT_SYSCALL_SETRESGID_X 195 |
691 | | #define EVT_SCAPEVENT_E 196 |
692 | | #define EVT_SCAPEVENT_X 197 |
693 | | #define EVT_SYSCALL_SETUID_E 198 |
694 | | #define EVT_SYSCALL_SETUID_X 199 |
695 | | #define EVT_SYSCALL_SETGID_E 200 |
696 | | #define EVT_SYSCALL_SETGID_X 201 |
697 | | #define EVT_SYSCALL_GETUID_E 202 |
698 | | #define EVT_SYSCALL_GETUID_X 203 |
699 | | #define EVT_SYSCALL_GETEUID_E 204 |
700 | | #define EVT_SYSCALL_GETEUID_X 205 |
701 | | #define EVT_SYSCALL_GETGID_E 206 |
702 | | #define EVT_SYSCALL_GETGID_X 207 |
703 | | #define EVT_SYSCALL_GETEGID_E 208 |
704 | | #define EVT_SYSCALL_GETEGID_X 209 |
705 | | #define EVT_SYSCALL_GETRESUID_E 210 |
706 | | #define EVT_SYSCALL_GETRESUID_X 211 |
707 | | #define EVT_SYSCALL_GETRESGID_E 212 |
708 | | #define EVT_SYSCALL_GETRESGID_X 213 |
709 | | #define EVT_SYSCALL_EXECVE_15_E 214 |
710 | | #define EVT_SYSCALL_EXECVE_15_X 215 |
711 | | #define EVT_SYSCALL_CLONE_17_E 216 |
712 | | #define EVT_SYSCALL_CLONE_17_X 217 |
713 | | #define EVT_SYSCALL_FORK_17_E 218 |
714 | | #define EVT_SYSCALL_FORK_17_X 219 |
715 | | #define EVT_SYSCALL_VFORK_17_E 220 |
716 | | #define EVT_SYSCALL_VFORK_17_X 221 |
717 | | #define EVT_SYSCALL_CLONE_20_E 222 |
718 | | #define EVT_SYSCALL_CLONE_20_X 223 |
719 | | #define EVT_SYSCALL_FORK_20_E 224 |
720 | | #define EVT_SYSCALL_FORK_20_X 225 |
721 | | #define EVT_SYSCALL_VFORK_20_E 226 |
722 | | #define EVT_SYSCALL_VFORK_20_X 227 |
723 | | #define EVT_CONTAINER_E 228 |
724 | | #define EVT_CONTAINER_X 229 |
725 | | #define EVT_SYSCALL_EXECVE_16_E 230 |
726 | | #define EVT_SYSCALL_EXECVE_16_X 231 |
727 | | #define EVT_SIGNALDELIVER_E 232 |
728 | | #define EVT_SIGNALDELIVER_X 233 |
729 | | #define EVT_PROCINFO_E 234 |
730 | | #define EVT_PROCINFO_X 235 |
731 | | #define EVT_SYSCALL_GETDENTS_E 236 |
732 | | #define EVT_SYSCALL_GETDENTS_X 237 |
733 | | #define EVT_SYSCALL_GETDENTS64_E 238 |
734 | | #define EVT_SYSCALL_GETDENTS64_X 239 |
735 | | #define EVT_SYSCALL_SETNS_E 240 |
736 | | #define EVT_SYSCALL_SETNS_X 241 |
737 | | #define EVT_SYSCALL_FLOCK_E 242 |
738 | | #define EVT_SYSCALL_FLOCK_X 243 |
739 | | #define EVT_CPU_HOTPLUG_E 244 |
740 | | #define EVT_CPU_HOTPLUG_X 245 |
741 | | #define EVT_SOCKET_ACCEPT_5_E 246 |
742 | | #define EVT_SOCKET_ACCEPT_5_X 247 |
743 | | #define EVT_SOCKET_ACCEPT4_5_E 248 |
744 | | #define EVT_SOCKET_ACCEPT4_5_X 249 |
745 | | #define EVT_SYSCALL_SEMOP_E 250 |
746 | | #define EVT_SYSCALL_SEMOP_X 251 |
747 | | #define EVT_SYSCALL_SEMCTL_E 252 |
748 | | #define EVT_SYSCALL_SEMCTL_X 253 |
749 | | #define EVT_SYSCALL_PPOLL_E 254 |
750 | | #define EVT_SYSCALL_PPOLL_X 255 |
751 | | #define EVT_SYSCALL_MOUNT_E 256 |
752 | | #define EVT_SYSCALL_MOUNT_X 257 |
753 | | #define EVT_SYSCALL_UMOUNT_E 258 |
754 | | #define EVT_SYSCALL_UMOUNT_X 259 |
755 | | #define EVT_K8S_E 260 |
756 | | #define EVT_K8S_X 261 |
757 | | #define EVT_SYSCALL_SEMGET_E 262 |
758 | | #define EVT_SYSCALL_SEMGET_X 263 |
759 | | #define EVT_SYSCALL_ACCESS_E 264 |
760 | | #define EVT_SYSCALL_ACCESS_X 265 |
761 | | #define EVT_SYSCALL_CHROOT_E 266 |
762 | | #define EVT_SYSCALL_CHROOT_X 267 |
763 | | #define EVT_TRACER_E 268 |
764 | | #define EVT_TRACER_X 269 |
765 | | #define EVT_MESOS_E 270 |
766 | | #define EVT_MESOS_X 271 |
767 | | #define EVT_CONTAINER_JSON_E 272 |
768 | | #define EVT_CONTAINER_JSON_X 273 |
769 | | #define EVT_SYSCALL_SETSID_E 274 |
770 | | #define EVT_SYSCALL_SETSID_X 275 |
771 | | #define EVT_SYSCALL_MKDIR_2_E 276 |
772 | | #define EVT_SYSCALL_MKDIR_2_X 277 |
773 | | #define EVT_SYSCALL_RMDIR_2_E 278 |
774 | | #define EVT_SYSCALL_RMDIR_2_X 279 |
775 | | #define EVT_NOTIFICATION_E 280 |
776 | | #define EVT_NOTIFICATION_X 281 |
777 | | #define EVT_SYSCALL_EXECVE_17_E 282 |
778 | | #define EVT_SYSCALL_EXECVE_17_X 283 |
779 | | #define EVT_SYSCALL_UNSHARE_E 284 |
780 | | #define EVT_SYSCALL_UNSHARE_X 285 |
781 | | #define EVT_INFRASTRUCTURE_EVENT_E 286 |
782 | | #define EVT_INFRASTRUCTURE_EVENT_X 287 |
783 | | #define EVT_SYSCALL_EXECVE_18_E 288 |
784 | | #define EVT_SYSCALL_EXECVE_18_X 289 |
785 | | #define EVT_PAGE_FAULT_E 290 |
786 | | #define EVT_PAGE_FAULT_X 291 |
787 | | #define EVT_SYSCALL_EXECVE_19_E 292 |
788 | | #define EVT_SYSCALL_EXECVE_19_X 293 |
789 | | #define EVT_SYSCALL_SETPGID_E 294 |
790 | | #define EVT_SYSCALL_SETPGID_X 295 |
791 | | #define EVT_SYSCALL_BPF_E 296 |
792 | | #define EVT_SYSCALL_BPF_X 297 |
793 | | #define EVT_SYSCALL_SECCOMP_E 298 |
794 | | #define EVT_SYSCALL_SECCOMP_X 299 |
795 | | #define EVT_SYSCALL_UNLINK_2_E 300 |
796 | | #define EVT_SYSCALL_UNLINK_2_X 301 |
797 | | #define EVT_SYSCALL_UNLINKAT_2_E 302 |
798 | | #define EVT_SYSCALL_UNLINKAT_2_X 303 |
799 | | #define EVT_SYSCALL_MKDIRAT_E 304 |
800 | | #define EVT_SYSCALL_MKDIRAT_X 305 |
801 | | #define EVT_SYSCALL_OPENAT_2_E 306 |
802 | | #define EVT_SYSCALL_OPENAT_2_X 307 |
803 | | #define EVT_SYSCALL_LINK_2_E 308 |
804 | | #define EVT_SYSCALL_LINK_2_X 309 |
805 | | #define EVT_SYSCALL_LINKAT_2_E 310 |
806 | | #define EVT_SYSCALL_LINKAT_2_X 311 |
807 | | #define EVT_SYSCALL_FCHMODAT_E 312 |
808 | | #define EVT_SYSCALL_FCHMODAT_X 313 |
809 | | #define EVT_SYSCALL_CHMOD_E 314 |
810 | | #define EVT_SYSCALL_CHMOD_X 315 |
811 | | #define EVT_SYSCALL_FCHMOD_E 316 |
812 | | #define EVT_SYSCALL_FCHMOD_X 317 |
813 | | #define EVT_SYSCALL_RENAMEAT2_E 318 |
814 | | #define EVT_SYSCALL_RENAMEAT2_X 319 |
815 | | #define EVT_SYSCALL_USERFAULTFD_E 320 |
816 | | #define EVT_SYSCALL_USERFAULTFD_X 321 |
817 | 0 | #define EVT_PLUGINEVENT_E 322 |
818 | | #define EVT_PLUGINEVENT_X 323 |
819 | | #define EVT_CONTAINER_JSON_2_E 324 |
820 | | #define EVT_CONTAINER_JSON_2_X 325 |
821 | | #define EVT_SYSCALL_OPENAT2_E 326 |
822 | | #define EVT_SYSCALL_OPENAT2_X 327 |
823 | | #define EVT_SYSCALL_MPROTECT_E 328 |
824 | | #define EVT_SYSCALL_MPROTECT_X 329 |
825 | | #define EVT_SYSCALL_EXECVEAT_E 330 |
826 | | #define EVT_SYSCALL_EXECVEAT_X 331 |
827 | | #define EVT_SYSCALL_COPY_FILE_RANGE_E 332 |
828 | | #define EVT_SYSCALL_COPY_FILE_RANGE_X 333 |
829 | | #define EVT_SYSCALL_CLONE3_E 334 |
830 | | #define EVT_SYSCALL_CLONE3_X 335 |
831 | | #define EVT_SYSCALL_OPEN_BY_HANDLE_AT_E 336 |
832 | | #define EVT_SYSCALL_OPEN_BY_HANDLE_AT_X 337 |
833 | | #define EVT_SYSCALL_IO_URING_SETUP_E 338 |
834 | | #define EVT_SYSCALL_IO_URING_SETUP_X 339 |
835 | | #define EVT_SYSCALL_IO_URING_ENTER_E 340 |
836 | | #define EVT_SYSCALL_IO_URING_ENTER_X 341 |
837 | | #define EVT_SYSCALL_IO_URING_REGISTER_E 342 |
838 | | #define EVT_SYSCALL_IO_URING_REGISTER_X 343 |
839 | | #define EVT_SYSCALL_MLOCK_E 344 |
840 | | #define EVT_SYSCALL_MLOCK_X 345 |
841 | | #define EVT_SYSCALL_MUNLOCK_E 346 |
842 | | #define EVT_SYSCALL_MUNLOCK_X 347 |
843 | | #define EVT_SYSCALL_MLOCKALL_E 348 |
844 | | #define EVT_SYSCALL_MLOCKALL_X 349 |
845 | | #define EVT_SYSCALL_MUNLOCKALL_E 350 |
846 | | #define EVT_SYSCALL_MUNLOCKALL_X 351 |
847 | | #define EVT_SYSCALL_CAPSET_E 352 |
848 | | #define EVT_SYSCALL_CAPSET_X 353 |
849 | | #define EVT_USER_ADDED_E 354 |
850 | | #define EVT_USER_ADDED_X 355 |
851 | | #define EVT_USER_DELETED_E 356 |
852 | | #define EVT_USER_DELETED_X 357 |
853 | | #define EVT_GROUP_ADDED_E 358 |
854 | | #define EVT_GROUP_ADDED_X 359 |
855 | | #define EVT_GROUP_DELETED_E 360 |
856 | | #define EVT_GROUP_DELETED_X 361 |
857 | | #define EVT_SYSCALL_DUP2_E 362 |
858 | | #define EVT_SYSCALL_DUP2_X 363 |
859 | | #define EVT_SYSCALL_DUP3_E 364 |
860 | | #define EVT_SYSCALL_DUP3_X 365 |
861 | | #define EVT_SYSCALL_DUP_1_E 366 |
862 | | #define EVT_SYSCALL_DUP_1_X 367 |
863 | | #define EVT_SYSCALL_BPF_2_E 368 |
864 | | #define EVT_SYSCALL_BPF_2_X 369 |
865 | | #define EVT_SYSCALL_MLOCK2_E 370 |
866 | | #define EVT_SYSCALL_MLOCK2_X 371 |
867 | | #define EVT_SYSCALL_FSCONFIG_E 372 |
868 | | #define EVT_SYSCALL_FSCONFIG_X 373 |
869 | | #define EVT_SYSCALL_EPOLL_CREATE_E 374 |
870 | | #define EVT_SYSCALL_EPOLL_CREATE_X 375 |
871 | | #define EVT_SYSCALL_EPOLL_CREATE1_E 376 |
872 | | #define EVT_SYSCALL_EPOLL_CREATE1_X 377 |
873 | | #define EVT_SYSCALL_CHOWN_E 378 |
874 | | #define EVT_SYSCALL_CHOWN_X 379 |
875 | | #define EVT_SYSCALL_LCHOWN_E 380 |
876 | | #define EVT_SYSCALL_LCHOWN_X 381 |
877 | | #define EVT_SYSCALL_FCHOWN_E 382 |
878 | | #define EVT_SYSCALL_FCHOWN_X 383 |
879 | | #define EVT_SYSCALL_FCHOWNAT_E 384 |
880 | | #define EVT_SYSCALL_FCHOWNAT_X 385 |
881 | | #define EVT_SYSCALL_UMOUNT_1_E 386 |
882 | | #define EVT_SYSCALL_UMOUNT_1_X 387 |
883 | | #define EVT_SOCKET_ACCEPT4_6_E 388 |
884 | | #define EVT_SOCKET_ACCEPT4_6_X 389 |
885 | | #define EVT_SYSCALL_UMOUNT2_E 390 |
886 | | #define EVT_SYSCALL_UMOUNT2_X 391 |
887 | | #define EVT_SYSCALL_PIPE2_E 392 |
888 | | #define EVT_SYSCALL_PIPE2_X 393 |
889 | | #define EVT_SYSCALL_INOTIFY_INIT1_E 394 |
890 | | #define EVT_SYSCALL_INOTIFY_INIT1_X 395 |
891 | | #define EVT_SYSCALL_EVENTFD2_E 396 |
892 | | #define EVT_SYSCALL_EVENTFD2_X 397 |
893 | | #define EVT_SYSCALL_SIGNALFD4_E 398 |
894 | | #define EVT_SYSCALL_SIGNALFD4_X 399 |
895 | | #define EVT_SYSCALL_PRCTL_E 400 |
896 | | #define EVT_SYSCALL_PRCTL_X 401 |
897 | | #define EVT_ASYNCEVENT_E 402 |
898 | | #define EVT_ASYNCEVENT_X 403 |
899 | | #define EVT_SYSCALL_MEMFD_CREATE_E 404 |
900 | | #define EVT_SYSCALL_MEMFD_CREATE_X 405 |
901 | | #define EVT_SYSCALL_PIDFD_GETFD_E 406 |
902 | | #define EVT_SYSCALL_PIDFD_GETFD_X 407 |
903 | | #define EVT_SYSCALL_PIDFD_OPEN_E 408 |
904 | | #define EVT_SYSCALL_PIDFD_OPEN_X 409 |
905 | | #define EVT_SYSCALL_INIT_MODULE_E 410 |
906 | | #define EVT_SYSCALL_INIT_MODULE_X 411 |
907 | | #define EVT_SYSCALL_FINIT_MODULE_E 412 |
908 | | #define EVT_SYSCALL_FINIT_MODULE_X 413 |
909 | | #define EVT_SYSCALL_MKNOD_E 414 |
910 | | #define EVT_SYSCALL_MKNOD_X 415 |
911 | | #define EVT_SYSCALL_MKNODAT_E 416 |
912 | | #define EVT_SYSCALL_MKNODAT_X 417 |
913 | | #define EVT_SYSCALL_NEWFSTATAT_E 418 |
914 | | #define EVT_SYSCALL_NEWFSTATAT_X 419 |
915 | | #define EVT_SYSCALL_PROCESS_VM_READV_E 420 |
916 | | #define EVT_SYSCALL_PROCESS_VM_READV_X 421 |
917 | | #define EVT_SYSCALL_PROCESS_VM_WRITEV_E 422 |
918 | | #define EVT_SYSCALL_PROCESS_VM_WRITEV_X 423 |
919 | | #define EVT_SYSCALL_DELETE_MODULE_E 424 |
920 | | #define EVT_SYSCALL_DELETE_MODULE_X 425 |
921 | | #define EVT_SYSCALL_SETREUID_E 426 |
922 | | #define EVT_SYSCALL_SETREUID_X 427 |
923 | | #define EVT_SYSCALL_SETREGID_E 428 |
924 | | #define EVT_SYSCALL_SETREGID_X 429 |
925 | | |
926 | | static const value_string event_type_vals[] = { |
927 | | /* Value strings. Automatically generated by tools/generate-sysdig-event.py */ |
928 | | { EVT_GENERIC_E, EVT_STR_SYSCALL }, |
929 | | { EVT_GENERIC_X, EVT_STR_SYSCALL }, |
930 | | { EVT_SYSCALL_OPEN_E, EVT_STR_OPEN }, |
931 | | { EVT_SYSCALL_OPEN_X, EVT_STR_OPEN }, |
932 | | { EVT_SYSCALL_CLOSE_E, EVT_STR_CLOSE }, |
933 | | { EVT_SYSCALL_CLOSE_X, EVT_STR_CLOSE }, |
934 | | { EVT_SYSCALL_READ_E, EVT_STR_READ }, |
935 | | { EVT_SYSCALL_READ_X, EVT_STR_READ }, |
936 | | { EVT_SYSCALL_WRITE_E, EVT_STR_WRITE }, |
937 | | { EVT_SYSCALL_WRITE_X, EVT_STR_WRITE }, |
938 | | { EVT_SYSCALL_BRK_1_E, EVT_STR_BRK }, |
939 | | { EVT_SYSCALL_BRK_1_X, EVT_STR_BRK }, |
940 | | { EVT_SYSCALL_EXECVE_8_E, EVT_STR_EXECVE }, |
941 | | { EVT_SYSCALL_EXECVE_8_X, EVT_STR_EXECVE }, |
942 | | { EVT_SYSCALL_CLONE_11_E, EVT_STR_CLONE }, |
943 | | { EVT_SYSCALL_CLONE_11_X, EVT_STR_CLONE }, |
944 | | { EVT_PROCEXIT_E, EVT_STR_PROCEXIT }, |
945 | | { EVT_PROCEXIT_X, EVT_STR_NA }, |
946 | | { EVT_SOCKET_SOCKET_E, EVT_STR_SOCKET }, |
947 | | { EVT_SOCKET_SOCKET_X, EVT_STR_SOCKET }, |
948 | | { EVT_SOCKET_BIND_E, EVT_STR_BIND }, |
949 | | { EVT_SOCKET_BIND_X, EVT_STR_BIND }, |
950 | | { EVT_SOCKET_CONNECT_E, EVT_STR_CONNECT }, |
951 | | { EVT_SOCKET_CONNECT_X, EVT_STR_CONNECT }, |
952 | | { EVT_SOCKET_LISTEN_E, EVT_STR_LISTEN }, |
953 | | { EVT_SOCKET_LISTEN_X, EVT_STR_LISTEN }, |
954 | | { EVT_SOCKET_ACCEPT_E, EVT_STR_ACCEPT }, |
955 | | { EVT_SOCKET_ACCEPT_X, EVT_STR_ACCEPT }, |
956 | | { EVT_SOCKET_SEND_E, EVT_STR_SEND }, |
957 | | { EVT_SOCKET_SEND_X, EVT_STR_SEND }, |
958 | | { EVT_SOCKET_SENDTO_E, EVT_STR_SENDTO }, |
959 | | { EVT_SOCKET_SENDTO_X, EVT_STR_SENDTO }, |
960 | | { EVT_SOCKET_RECV_E, EVT_STR_RECV }, |
961 | | { EVT_SOCKET_RECV_X, EVT_STR_RECV }, |
962 | | { EVT_SOCKET_RECVFROM_E, EVT_STR_RECVFROM }, |
963 | | { EVT_SOCKET_RECVFROM_X, EVT_STR_RECVFROM }, |
964 | | { EVT_SOCKET_SHUTDOWN_E, EVT_STR_SHUTDOWN }, |
965 | | { EVT_SOCKET_SHUTDOWN_X, EVT_STR_SHUTDOWN }, |
966 | | { EVT_SOCKET_GETSOCKNAME_E, EVT_STR_GETSOCKNAME }, |
967 | | { EVT_SOCKET_GETSOCKNAME_X, EVT_STR_GETSOCKNAME }, |
968 | | { EVT_SOCKET_GETPEERNAME_E, EVT_STR_GETPEERNAME }, |
969 | | { EVT_SOCKET_GETPEERNAME_X, EVT_STR_GETPEERNAME }, |
970 | | { EVT_SOCKET_SOCKETPAIR_E, EVT_STR_SOCKETPAIR }, |
971 | | { EVT_SOCKET_SOCKETPAIR_X, EVT_STR_SOCKETPAIR }, |
972 | | { EVT_SOCKET_SETSOCKOPT_E, EVT_STR_SETSOCKOPT }, |
973 | | { EVT_SOCKET_SETSOCKOPT_X, EVT_STR_SETSOCKOPT }, |
974 | | { EVT_SOCKET_GETSOCKOPT_E, EVT_STR_GETSOCKOPT }, |
975 | | { EVT_SOCKET_GETSOCKOPT_X, EVT_STR_GETSOCKOPT }, |
976 | | { EVT_SOCKET_SENDMSG_E, EVT_STR_SENDMSG }, |
977 | | { EVT_SOCKET_SENDMSG_X, EVT_STR_SENDMSG }, |
978 | | { EVT_SOCKET_SENDMMSG_E, EVT_STR_SENDMMSG }, |
979 | | { EVT_SOCKET_SENDMMSG_X, EVT_STR_SENDMMSG }, |
980 | | { EVT_SOCKET_RECVMSG_E, EVT_STR_RECVMSG }, |
981 | | { EVT_SOCKET_RECVMSG_X, EVT_STR_RECVMSG }, |
982 | | { EVT_SOCKET_RECVMMSG_E, EVT_STR_RECVMMSG }, |
983 | | { EVT_SOCKET_RECVMMSG_X, EVT_STR_RECVMMSG }, |
984 | | { EVT_SOCKET_ACCEPT4_E, EVT_STR_ACCEPT }, |
985 | | { EVT_SOCKET_ACCEPT4_X, EVT_STR_ACCEPT }, |
986 | | { EVT_SYSCALL_CREAT_E, EVT_STR_CREAT }, |
987 | | { EVT_SYSCALL_CREAT_X, EVT_STR_CREAT }, |
988 | | { EVT_SYSCALL_PIPE_E, EVT_STR_PIPE }, |
989 | | { EVT_SYSCALL_PIPE_X, EVT_STR_PIPE }, |
990 | | { EVT_SYSCALL_EVENTFD_E, EVT_STR_EVENTFD }, |
991 | | { EVT_SYSCALL_EVENTFD_X, EVT_STR_EVENTFD }, |
992 | | { EVT_SYSCALL_FUTEX_E, EVT_STR_FUTEX }, |
993 | | { EVT_SYSCALL_FUTEX_X, EVT_STR_FUTEX }, |
994 | | { EVT_SYSCALL_STAT_E, EVT_STR_STAT }, |
995 | | { EVT_SYSCALL_STAT_X, EVT_STR_STAT }, |
996 | | { EVT_SYSCALL_LSTAT_E, EVT_STR_LSTAT }, |
997 | | { EVT_SYSCALL_LSTAT_X, EVT_STR_LSTAT }, |
998 | | { EVT_SYSCALL_FSTAT_E, EVT_STR_FSTAT }, |
999 | | { EVT_SYSCALL_FSTAT_X, EVT_STR_FSTAT }, |
1000 | | { EVT_SYSCALL_STAT64_E, EVT_STR_STAT64 }, |
1001 | | { EVT_SYSCALL_STAT64_X, EVT_STR_STAT64 }, |
1002 | | { EVT_SYSCALL_LSTAT64_E, EVT_STR_LSTAT64 }, |
1003 | | { EVT_SYSCALL_LSTAT64_X, EVT_STR_LSTAT64 }, |
1004 | | { EVT_SYSCALL_FSTAT64_E, EVT_STR_FSTAT64 }, |
1005 | | { EVT_SYSCALL_FSTAT64_X, EVT_STR_FSTAT64 }, |
1006 | | { EVT_SYSCALL_EPOLLWAIT_E, EVT_STR_EPOLL_WAIT }, |
1007 | | { EVT_SYSCALL_EPOLLWAIT_X, EVT_STR_EPOLL_WAIT }, |
1008 | | { EVT_SYSCALL_POLL_E, EVT_STR_POLL }, |
1009 | | { EVT_SYSCALL_POLL_X, EVT_STR_POLL }, |
1010 | | { EVT_SYSCALL_SELECT_E, EVT_STR_SELECT }, |
1011 | | { EVT_SYSCALL_SELECT_X, EVT_STR_SELECT }, |
1012 | | { EVT_SYSCALL_NEWSELECT_E, EVT_STR_SELECT }, |
1013 | | { EVT_SYSCALL_NEWSELECT_X, EVT_STR_SELECT }, |
1014 | | { EVT_SYSCALL_LSEEK_E, EVT_STR_LSEEK }, |
1015 | | { EVT_SYSCALL_LSEEK_X, EVT_STR_LSEEK }, |
1016 | | { EVT_SYSCALL_LLSEEK_E, EVT_STR_LLSEEK }, |
1017 | | { EVT_SYSCALL_LLSEEK_X, EVT_STR_LLSEEK }, |
1018 | | { EVT_SYSCALL_IOCTL_2_E, EVT_STR_IOCTL }, |
1019 | | { EVT_SYSCALL_IOCTL_2_X, EVT_STR_IOCTL }, |
1020 | | { EVT_SYSCALL_GETCWD_E, EVT_STR_GETCWD }, |
1021 | | { EVT_SYSCALL_GETCWD_X, EVT_STR_GETCWD }, |
1022 | | { EVT_SYSCALL_CHDIR_E, EVT_STR_CHDIR }, |
1023 | | { EVT_SYSCALL_CHDIR_X, EVT_STR_CHDIR }, |
1024 | | { EVT_SYSCALL_FCHDIR_E, EVT_STR_FCHDIR }, |
1025 | | { EVT_SYSCALL_FCHDIR_X, EVT_STR_FCHDIR }, |
1026 | | { EVT_SYSCALL_MKDIR_E, EVT_STR_MKDIR }, |
1027 | | { EVT_SYSCALL_MKDIR_X, EVT_STR_MKDIR }, |
1028 | | { EVT_SYSCALL_RMDIR_E, EVT_STR_RMDIR }, |
1029 | | { EVT_SYSCALL_RMDIR_X, EVT_STR_RMDIR }, |
1030 | | { EVT_SYSCALL_OPENAT_E, EVT_STR_OPENAT }, |
1031 | | { EVT_SYSCALL_OPENAT_X, EVT_STR_OPENAT }, |
1032 | | { EVT_SYSCALL_LINK_E, EVT_STR_LINK }, |
1033 | | { EVT_SYSCALL_LINK_X, EVT_STR_LINK }, |
1034 | | { EVT_SYSCALL_LINKAT_E, EVT_STR_LINKAT }, |
1035 | | { EVT_SYSCALL_LINKAT_X, EVT_STR_LINKAT }, |
1036 | | { EVT_SYSCALL_UNLINK_E, EVT_STR_UNLINK }, |
1037 | | { EVT_SYSCALL_UNLINK_X, EVT_STR_UNLINK }, |
1038 | | { EVT_SYSCALL_UNLINKAT_E, EVT_STR_UNLINKAT }, |
1039 | | { EVT_SYSCALL_UNLINKAT_X, EVT_STR_UNLINKAT }, |
1040 | | { EVT_SYSCALL_PREAD_E, EVT_STR_PREAD }, |
1041 | | { EVT_SYSCALL_PREAD_X, EVT_STR_PREAD }, |
1042 | | { EVT_SYSCALL_PWRITE_E, EVT_STR_PWRITE }, |
1043 | | { EVT_SYSCALL_PWRITE_X, EVT_STR_PWRITE }, |
1044 | | { EVT_SYSCALL_READV_E, EVT_STR_READV }, |
1045 | | { EVT_SYSCALL_READV_X, EVT_STR_READV }, |
1046 | | { EVT_SYSCALL_WRITEV_E, EVT_STR_WRITEV }, |
1047 | | { EVT_SYSCALL_WRITEV_X, EVT_STR_WRITEV }, |
1048 | | { EVT_SYSCALL_PREADV_E, EVT_STR_PREADV }, |
1049 | | { EVT_SYSCALL_PREADV_X, EVT_STR_PREADV }, |
1050 | | { EVT_SYSCALL_PWRITEV_E, EVT_STR_PWRITEV }, |
1051 | | { EVT_SYSCALL_PWRITEV_X, EVT_STR_PWRITEV }, |
1052 | | { EVT_SYSCALL_DUP_E, EVT_STR_DUP }, |
1053 | | { EVT_SYSCALL_DUP_X, EVT_STR_DUP }, |
1054 | | { EVT_SYSCALL_SIGNALFD_E, EVT_STR_SIGNALFD }, |
1055 | | { EVT_SYSCALL_SIGNALFD_X, EVT_STR_SIGNALFD }, |
1056 | | { EVT_SYSCALL_KILL_E, EVT_STR_KILL }, |
1057 | | { EVT_SYSCALL_KILL_X, EVT_STR_KILL }, |
1058 | | { EVT_SYSCALL_TKILL_E, EVT_STR_TKILL }, |
1059 | | { EVT_SYSCALL_TKILL_X, EVT_STR_TKILL }, |
1060 | | { EVT_SYSCALL_TGKILL_E, EVT_STR_TGKILL }, |
1061 | | { EVT_SYSCALL_TGKILL_X, EVT_STR_TGKILL }, |
1062 | | { EVT_SYSCALL_NANOSLEEP_E, EVT_STR_NANOSLEEP }, |
1063 | | { EVT_SYSCALL_NANOSLEEP_X, EVT_STR_NANOSLEEP }, |
1064 | | { EVT_SYSCALL_TIMERFD_CREATE_E, EVT_STR_TIMERFD_CREATE }, |
1065 | | { EVT_SYSCALL_TIMERFD_CREATE_X, EVT_STR_TIMERFD_CREATE }, |
1066 | | { EVT_SYSCALL_INOTIFY_INIT_E, EVT_STR_INOTIFY_INIT }, |
1067 | | { EVT_SYSCALL_INOTIFY_INIT_X, EVT_STR_INOTIFY_INIT }, |
1068 | | { EVT_SYSCALL_GETRLIMIT_E, EVT_STR_GETRLIMIT }, |
1069 | | { EVT_SYSCALL_GETRLIMIT_X, EVT_STR_GETRLIMIT }, |
1070 | | { EVT_SYSCALL_SETRLIMIT_E, EVT_STR_SETRLIMIT }, |
1071 | | { EVT_SYSCALL_SETRLIMIT_X, EVT_STR_SETRLIMIT }, |
1072 | | { EVT_SYSCALL_PRLIMIT_E, EVT_STR_PRLIMIT }, |
1073 | | { EVT_SYSCALL_PRLIMIT_X, EVT_STR_PRLIMIT }, |
1074 | | { EVT_SCHEDSWITCH_1_E, EVT_STR_SWITCH }, |
1075 | | { EVT_SCHEDSWITCH_1_X, EVT_STR_NA }, |
1076 | | { EVT_DROP_E, EVT_STR_DROP }, |
1077 | | { EVT_DROP_X, EVT_STR_DROP }, |
1078 | | { EVT_SYSCALL_FCNTL_E, EVT_STR_FCNTL }, |
1079 | | { EVT_SYSCALL_FCNTL_X, EVT_STR_FCNTL }, |
1080 | | { EVT_SCHEDSWITCH_6_E, EVT_STR_SWITCH }, |
1081 | | { EVT_SCHEDSWITCH_6_X, EVT_STR_NA }, |
1082 | | { EVT_SYSCALL_EXECVE_13_E, EVT_STR_EXECVE }, |
1083 | | { EVT_SYSCALL_EXECVE_13_X, EVT_STR_EXECVE }, |
1084 | | { EVT_SYSCALL_CLONE_16_E, EVT_STR_CLONE }, |
1085 | | { EVT_SYSCALL_CLONE_16_X, EVT_STR_CLONE }, |
1086 | | { EVT_SYSCALL_BRK_4_E, EVT_STR_BRK }, |
1087 | | { EVT_SYSCALL_BRK_4_X, EVT_STR_BRK }, |
1088 | | { EVT_SYSCALL_MMAP_E, EVT_STR_MMAP }, |
1089 | | { EVT_SYSCALL_MMAP_X, EVT_STR_MMAP }, |
1090 | | { EVT_SYSCALL_MMAP2_E, EVT_STR_MMAP2 }, |
1091 | | { EVT_SYSCALL_MMAP2_X, EVT_STR_MMAP2 }, |
1092 | | { EVT_SYSCALL_MUNMAP_E, EVT_STR_MUNMAP }, |
1093 | | { EVT_SYSCALL_MUNMAP_X, EVT_STR_MUNMAP }, |
1094 | | { EVT_SYSCALL_SPLICE_E, EVT_STR_SPLICE }, |
1095 | | { EVT_SYSCALL_SPLICE_X, EVT_STR_SPLICE }, |
1096 | | { EVT_SYSCALL_PTRACE_E, EVT_STR_PTRACE }, |
1097 | | { EVT_SYSCALL_PTRACE_X, EVT_STR_PTRACE }, |
1098 | | { EVT_SYSCALL_IOCTL_3_E, EVT_STR_IOCTL }, |
1099 | | { EVT_SYSCALL_IOCTL_3_X, EVT_STR_IOCTL }, |
1100 | | { EVT_SYSCALL_EXECVE_14_E, EVT_STR_EXECVE }, |
1101 | | { EVT_SYSCALL_EXECVE_14_X, EVT_STR_EXECVE }, |
1102 | | { EVT_SYSCALL_RENAME_E, EVT_STR_RENAME }, |
1103 | | { EVT_SYSCALL_RENAME_X, EVT_STR_RENAME }, |
1104 | | { EVT_SYSCALL_RENAMEAT_E, EVT_STR_RENAMEAT }, |
1105 | | { EVT_SYSCALL_RENAMEAT_X, EVT_STR_RENAMEAT }, |
1106 | | { EVT_SYSCALL_SYMLINK_E, EVT_STR_SYMLINK }, |
1107 | | { EVT_SYSCALL_SYMLINK_X, EVT_STR_SYMLINK }, |
1108 | | { EVT_SYSCALL_SYMLINKAT_E, EVT_STR_SYMLINKAT }, |
1109 | | { EVT_SYSCALL_SYMLINKAT_X, EVT_STR_SYMLINKAT }, |
1110 | | { EVT_SYSCALL_FORK_E, EVT_STR_FORK }, |
1111 | | { EVT_SYSCALL_FORK_X, EVT_STR_FORK }, |
1112 | | { EVT_SYSCALL_VFORK_E, EVT_STR_VFORK }, |
1113 | | { EVT_SYSCALL_VFORK_X, EVT_STR_VFORK }, |
1114 | | { EVT_PROCEXIT_1_E, EVT_STR_PROCEXIT }, |
1115 | | { EVT_PROCEXIT_1_X, EVT_STR_NA }, |
1116 | | { EVT_SYSCALL_SENDFILE_E, EVT_STR_SENDFILE }, |
1117 | | { EVT_SYSCALL_SENDFILE_X, EVT_STR_SENDFILE }, |
1118 | | { EVT_SYSCALL_QUOTACTL_E, EVT_STR_QUOTACTL }, |
1119 | | { EVT_SYSCALL_QUOTACTL_X, EVT_STR_QUOTACTL }, |
1120 | | { EVT_SYSCALL_SETRESUID_E, EVT_STR_SETRESUID }, |
1121 | | { EVT_SYSCALL_SETRESUID_X, EVT_STR_SETRESUID }, |
1122 | | { EVT_SYSCALL_SETRESGID_E, EVT_STR_SETRESGID }, |
1123 | | { EVT_SYSCALL_SETRESGID_X, EVT_STR_SETRESGID }, |
1124 | | { EVT_SCAPEVENT_E, EVT_STR_SCAPEVENT }, |
1125 | | { EVT_SCAPEVENT_X, EVT_STR_SCAPEVENT }, |
1126 | | { EVT_SYSCALL_SETUID_E, EVT_STR_SETUID }, |
1127 | | { EVT_SYSCALL_SETUID_X, EVT_STR_SETUID }, |
1128 | | { EVT_SYSCALL_SETGID_E, EVT_STR_SETGID }, |
1129 | | { EVT_SYSCALL_SETGID_X, EVT_STR_SETGID }, |
1130 | | { EVT_SYSCALL_GETUID_E, EVT_STR_GETUID }, |
1131 | | { EVT_SYSCALL_GETUID_X, EVT_STR_GETUID }, |
1132 | | { EVT_SYSCALL_GETEUID_E, EVT_STR_GETEUID }, |
1133 | | { EVT_SYSCALL_GETEUID_X, EVT_STR_GETEUID }, |
1134 | | { EVT_SYSCALL_GETGID_E, EVT_STR_GETGID }, |
1135 | | { EVT_SYSCALL_GETGID_X, EVT_STR_GETGID }, |
1136 | | { EVT_SYSCALL_GETEGID_E, EVT_STR_GETEGID }, |
1137 | | { EVT_SYSCALL_GETEGID_X, EVT_STR_GETEGID }, |
1138 | | { EVT_SYSCALL_GETRESUID_E, EVT_STR_GETRESUID }, |
1139 | | { EVT_SYSCALL_GETRESUID_X, EVT_STR_GETRESUID }, |
1140 | | { EVT_SYSCALL_GETRESGID_E, EVT_STR_GETRESGID }, |
1141 | | { EVT_SYSCALL_GETRESGID_X, EVT_STR_GETRESGID }, |
1142 | | { EVT_SYSCALL_EXECVE_15_E, EVT_STR_EXECVE }, |
1143 | | { EVT_SYSCALL_EXECVE_15_X, EVT_STR_EXECVE }, |
1144 | | { EVT_SYSCALL_CLONE_17_E, EVT_STR_CLONE }, |
1145 | | { EVT_SYSCALL_CLONE_17_X, EVT_STR_CLONE }, |
1146 | | { EVT_SYSCALL_FORK_17_E, EVT_STR_FORK }, |
1147 | | { EVT_SYSCALL_FORK_17_X, EVT_STR_FORK }, |
1148 | | { EVT_SYSCALL_VFORK_17_E, EVT_STR_VFORK }, |
1149 | | { EVT_SYSCALL_VFORK_17_X, EVT_STR_VFORK }, |
1150 | | { EVT_SYSCALL_CLONE_20_E, EVT_STR_CLONE }, |
1151 | | { EVT_SYSCALL_CLONE_20_X, EVT_STR_CLONE }, |
1152 | | { EVT_SYSCALL_FORK_20_E, EVT_STR_FORK }, |
1153 | | { EVT_SYSCALL_FORK_20_X, EVT_STR_FORK }, |
1154 | | { EVT_SYSCALL_VFORK_20_E, EVT_STR_VFORK }, |
1155 | | { EVT_SYSCALL_VFORK_20_X, EVT_STR_VFORK }, |
1156 | | { EVT_CONTAINER_E, EVT_STR_CONTAINER }, |
1157 | | { EVT_CONTAINER_X, EVT_STR_NA }, |
1158 | | { EVT_SYSCALL_EXECVE_16_E, EVT_STR_EXECVE }, |
1159 | | { EVT_SYSCALL_EXECVE_16_X, EVT_STR_EXECVE }, |
1160 | | { EVT_SIGNALDELIVER_E, EVT_STR_SIGNALDELIVER }, |
1161 | | { EVT_SIGNALDELIVER_X, EVT_STR_NA }, |
1162 | | { EVT_PROCINFO_E, EVT_STR_PROCINFO }, |
1163 | | { EVT_PROCINFO_X, EVT_STR_NA }, |
1164 | | { EVT_SYSCALL_GETDENTS_E, EVT_STR_GETDENTS }, |
1165 | | { EVT_SYSCALL_GETDENTS_X, EVT_STR_GETDENTS }, |
1166 | | { EVT_SYSCALL_GETDENTS64_E, EVT_STR_GETDENTS64 }, |
1167 | | { EVT_SYSCALL_GETDENTS64_X, EVT_STR_GETDENTS64 }, |
1168 | | { EVT_SYSCALL_SETNS_E, EVT_STR_SETNS }, |
1169 | | { EVT_SYSCALL_SETNS_X, EVT_STR_SETNS }, |
1170 | | { EVT_SYSCALL_FLOCK_E, EVT_STR_FLOCK }, |
1171 | | { EVT_SYSCALL_FLOCK_X, EVT_STR_FLOCK }, |
1172 | | { EVT_CPU_HOTPLUG_E, EVT_STR_CPU_HOTPLUG }, |
1173 | | { EVT_CPU_HOTPLUG_X, EVT_STR_NA }, |
1174 | | { EVT_SOCKET_ACCEPT_5_E, EVT_STR_ACCEPT }, |
1175 | | { EVT_SOCKET_ACCEPT_5_X, EVT_STR_ACCEPT }, |
1176 | | { EVT_SOCKET_ACCEPT4_5_E, EVT_STR_ACCEPT }, |
1177 | | { EVT_SOCKET_ACCEPT4_5_X, EVT_STR_ACCEPT }, |
1178 | | { EVT_SYSCALL_SEMOP_E, EVT_STR_SEMOP }, |
1179 | | { EVT_SYSCALL_SEMOP_X, EVT_STR_SEMOP }, |
1180 | | { EVT_SYSCALL_SEMCTL_E, EVT_STR_SEMCTL }, |
1181 | | { EVT_SYSCALL_SEMCTL_X, EVT_STR_SEMCTL }, |
1182 | | { EVT_SYSCALL_PPOLL_E, EVT_STR_PPOLL }, |
1183 | | { EVT_SYSCALL_PPOLL_X, EVT_STR_PPOLL }, |
1184 | | { EVT_SYSCALL_MOUNT_E, EVT_STR_MOUNT }, |
1185 | | { EVT_SYSCALL_MOUNT_X, EVT_STR_MOUNT }, |
1186 | | { EVT_SYSCALL_UMOUNT_E, EVT_STR_UMOUNT }, |
1187 | | { EVT_SYSCALL_UMOUNT_X, EVT_STR_UMOUNT }, |
1188 | | { EVT_K8S_E, EVT_STR_K8S }, |
1189 | | { EVT_K8S_X, EVT_STR_NA }, |
1190 | | { EVT_SYSCALL_SEMGET_E, EVT_STR_SEMGET }, |
1191 | | { EVT_SYSCALL_SEMGET_X, EVT_STR_SEMGET }, |
1192 | | { EVT_SYSCALL_ACCESS_E, EVT_STR_ACCESS }, |
1193 | | { EVT_SYSCALL_ACCESS_X, EVT_STR_ACCESS }, |
1194 | | { EVT_SYSCALL_CHROOT_E, EVT_STR_CHROOT }, |
1195 | | { EVT_SYSCALL_CHROOT_X, EVT_STR_CHROOT }, |
1196 | | { EVT_TRACER_E, EVT_STR_TRACER }, |
1197 | | { EVT_TRACER_X, EVT_STR_TRACER }, |
1198 | | { EVT_MESOS_E, EVT_STR_MESOS }, |
1199 | | { EVT_MESOS_X, EVT_STR_NA }, |
1200 | | { EVT_CONTAINER_JSON_E, EVT_STR_CONTAINER }, |
1201 | | { EVT_CONTAINER_JSON_X, EVT_STR_NA }, |
1202 | | { EVT_SYSCALL_SETSID_E, EVT_STR_SETSID }, |
1203 | | { EVT_SYSCALL_SETSID_X, EVT_STR_SETSID }, |
1204 | | { EVT_SYSCALL_MKDIR_2_E, EVT_STR_MKDIR }, |
1205 | | { EVT_SYSCALL_MKDIR_2_X, EVT_STR_MKDIR }, |
1206 | | { EVT_SYSCALL_RMDIR_2_E, EVT_STR_RMDIR }, |
1207 | | { EVT_SYSCALL_RMDIR_2_X, EVT_STR_RMDIR }, |
1208 | | { EVT_NOTIFICATION_E, EVT_STR_NOTIFICATION }, |
1209 | | { EVT_NOTIFICATION_X, EVT_STR_NA }, |
1210 | | { EVT_SYSCALL_EXECVE_17_E, EVT_STR_EXECVE }, |
1211 | | { EVT_SYSCALL_EXECVE_17_X, EVT_STR_EXECVE }, |
1212 | | { EVT_SYSCALL_UNSHARE_E, EVT_STR_UNSHARE }, |
1213 | | { EVT_SYSCALL_UNSHARE_X, EVT_STR_UNSHARE }, |
1214 | | { EVT_INFRASTRUCTURE_EVENT_E, EVT_STR_INFRA }, |
1215 | | { EVT_INFRASTRUCTURE_EVENT_X, EVT_STR_NA }, |
1216 | | { EVT_SYSCALL_EXECVE_18_E, EVT_STR_EXECVE }, |
1217 | | { EVT_SYSCALL_EXECVE_18_X, EVT_STR_EXECVE }, |
1218 | | { EVT_PAGE_FAULT_E, EVT_STR_PAGE_FAULT }, |
1219 | | { EVT_PAGE_FAULT_X, EVT_STR_NA }, |
1220 | | { EVT_SYSCALL_EXECVE_19_E, EVT_STR_EXECVE }, |
1221 | | { EVT_SYSCALL_EXECVE_19_X, EVT_STR_EXECVE }, |
1222 | | { EVT_SYSCALL_SETPGID_E, EVT_STR_SETPGID }, |
1223 | | { EVT_SYSCALL_SETPGID_X, EVT_STR_SETPGID }, |
1224 | | { EVT_SYSCALL_BPF_E, EVT_STR_BPF }, |
1225 | | { EVT_SYSCALL_BPF_X, EVT_STR_BPF }, |
1226 | | { EVT_SYSCALL_SECCOMP_E, EVT_STR_SECCOMP }, |
1227 | | { EVT_SYSCALL_SECCOMP_X, EVT_STR_SECCOMP }, |
1228 | | { EVT_SYSCALL_UNLINK_2_E, EVT_STR_UNLINK }, |
1229 | | { EVT_SYSCALL_UNLINK_2_X, EVT_STR_UNLINK }, |
1230 | | { EVT_SYSCALL_UNLINKAT_2_E, EVT_STR_UNLINKAT }, |
1231 | | { EVT_SYSCALL_UNLINKAT_2_X, EVT_STR_UNLINKAT }, |
1232 | | { EVT_SYSCALL_MKDIRAT_E, EVT_STR_MKDIRAT }, |
1233 | | { EVT_SYSCALL_MKDIRAT_X, EVT_STR_MKDIRAT }, |
1234 | | { EVT_SYSCALL_OPENAT_2_E, EVT_STR_OPENAT }, |
1235 | | { EVT_SYSCALL_OPENAT_2_X, EVT_STR_OPENAT }, |
1236 | | { EVT_SYSCALL_LINK_2_E, EVT_STR_LINK }, |
1237 | | { EVT_SYSCALL_LINK_2_X, EVT_STR_LINK }, |
1238 | | { EVT_SYSCALL_LINKAT_2_E, EVT_STR_LINKAT }, |
1239 | | { EVT_SYSCALL_LINKAT_2_X, EVT_STR_LINKAT }, |
1240 | | { EVT_SYSCALL_FCHMODAT_E, EVT_STR_FCHMODAT }, |
1241 | | { EVT_SYSCALL_FCHMODAT_X, EVT_STR_FCHMODAT }, |
1242 | | { EVT_SYSCALL_CHMOD_E, EVT_STR_CHMOD }, |
1243 | | { EVT_SYSCALL_CHMOD_X, EVT_STR_CHMOD }, |
1244 | | { EVT_SYSCALL_FCHMOD_E, EVT_STR_FCHMOD }, |
1245 | | { EVT_SYSCALL_FCHMOD_X, EVT_STR_FCHMOD }, |
1246 | | { EVT_SYSCALL_RENAMEAT2_E, EVT_STR_RENAMEAT2 }, |
1247 | | { EVT_SYSCALL_RENAMEAT2_X, EVT_STR_RENAMEAT2 }, |
1248 | | { EVT_SYSCALL_USERFAULTFD_E, EVT_STR_USERFAULTFD }, |
1249 | | { EVT_SYSCALL_USERFAULTFD_X, EVT_STR_USERFAULTFD }, |
1250 | | { EVT_PLUGINEVENT_E, EVT_STR_PLUGINEVENT }, |
1251 | | { EVT_PLUGINEVENT_X, EVT_STR_NA }, |
1252 | | { EVT_CONTAINER_JSON_2_E, EVT_STR_CONTAINER }, |
1253 | | { EVT_CONTAINER_JSON_2_X, EVT_STR_NA }, |
1254 | | { EVT_SYSCALL_OPENAT2_E, EVT_STR_OPENAT2 }, |
1255 | | { EVT_SYSCALL_OPENAT2_X, EVT_STR_OPENAT2 }, |
1256 | | { EVT_SYSCALL_MPROTECT_E, EVT_STR_MPROTECT }, |
1257 | | { EVT_SYSCALL_MPROTECT_X, EVT_STR_MPROTECT }, |
1258 | | { EVT_SYSCALL_EXECVEAT_E, EVT_STR_EXECVEAT }, |
1259 | | { EVT_SYSCALL_EXECVEAT_X, EVT_STR_EXECVEAT }, |
1260 | | { EVT_SYSCALL_COPY_FILE_RANGE_E, EVT_STR_COPY_FILE_RANGE }, |
1261 | | { EVT_SYSCALL_COPY_FILE_RANGE_X, EVT_STR_COPY_FILE_RANGE }, |
1262 | | { EVT_SYSCALL_CLONE3_E, EVT_STR_CLONE3 }, |
1263 | | { EVT_SYSCALL_CLONE3_X, EVT_STR_CLONE3 }, |
1264 | | { EVT_SYSCALL_OPEN_BY_HANDLE_AT_E, EVT_STR_OPEN_BY_HANDLE_AT }, |
1265 | | { EVT_SYSCALL_OPEN_BY_HANDLE_AT_X, EVT_STR_OPEN_BY_HANDLE_AT }, |
1266 | | { EVT_SYSCALL_IO_URING_SETUP_E, EVT_STR_IO_URING_SETUP }, |
1267 | | { EVT_SYSCALL_IO_URING_SETUP_X, EVT_STR_IO_URING_SETUP }, |
1268 | | { EVT_SYSCALL_IO_URING_ENTER_E, EVT_STR_IO_URING_ENTER }, |
1269 | | { EVT_SYSCALL_IO_URING_ENTER_X, EVT_STR_IO_URING_ENTER }, |
1270 | | { EVT_SYSCALL_IO_URING_REGISTER_E, EVT_STR_IO_URING_REGISTER }, |
1271 | | { EVT_SYSCALL_IO_URING_REGISTER_X, EVT_STR_IO_URING_REGISTER }, |
1272 | | { EVT_SYSCALL_MLOCK_E, EVT_STR_MLOCK }, |
1273 | | { EVT_SYSCALL_MLOCK_X, EVT_STR_MLOCK }, |
1274 | | { EVT_SYSCALL_MUNLOCK_E, EVT_STR_MUNLOCK }, |
1275 | | { EVT_SYSCALL_MUNLOCK_X, EVT_STR_MUNLOCK }, |
1276 | | { EVT_SYSCALL_MLOCKALL_E, EVT_STR_MLOCKALL }, |
1277 | | { EVT_SYSCALL_MLOCKALL_X, EVT_STR_MLOCKALL }, |
1278 | | { EVT_SYSCALL_MUNLOCKALL_E, EVT_STR_MUNLOCKALL }, |
1279 | | { EVT_SYSCALL_MUNLOCKALL_X, EVT_STR_MUNLOCKALL }, |
1280 | | { EVT_SYSCALL_CAPSET_E, EVT_STR_CAPSET }, |
1281 | | { EVT_SYSCALL_CAPSET_X, EVT_STR_CAPSET }, |
1282 | | { EVT_USER_ADDED_E, EVT_STR_USERADDED }, |
1283 | | { EVT_USER_ADDED_X, EVT_STR_NA }, |
1284 | | { EVT_USER_DELETED_E, EVT_STR_USERDELETED }, |
1285 | | { EVT_USER_DELETED_X, EVT_STR_NA }, |
1286 | | { EVT_GROUP_ADDED_E, EVT_STR_GROUPADDED }, |
1287 | | { EVT_GROUP_ADDED_X, EVT_STR_NA }, |
1288 | | { EVT_GROUP_DELETED_E, EVT_STR_GROUPDELETED }, |
1289 | | { EVT_GROUP_DELETED_X, EVT_STR_NA }, |
1290 | | { EVT_SYSCALL_DUP2_E, EVT_STR_DUP2 }, |
1291 | | { EVT_SYSCALL_DUP2_X, EVT_STR_DUP2 }, |
1292 | | { EVT_SYSCALL_DUP3_E, EVT_STR_DUP3 }, |
1293 | | { EVT_SYSCALL_DUP3_X, EVT_STR_DUP3 }, |
1294 | | { EVT_SYSCALL_DUP_1_E, EVT_STR_DUP }, |
1295 | | { EVT_SYSCALL_DUP_1_X, EVT_STR_DUP }, |
1296 | | { EVT_SYSCALL_BPF_2_E, EVT_STR_BPF }, |
1297 | | { EVT_SYSCALL_BPF_2_X, EVT_STR_BPF }, |
1298 | | { EVT_SYSCALL_MLOCK2_E, EVT_STR_MLOCK2 }, |
1299 | | { EVT_SYSCALL_MLOCK2_X, EVT_STR_MLOCK2 }, |
1300 | | { EVT_SYSCALL_FSCONFIG_E, EVT_STR_FSCONFIG }, |
1301 | | { EVT_SYSCALL_FSCONFIG_X, EVT_STR_FSCONFIG }, |
1302 | | { EVT_SYSCALL_EPOLL_CREATE_E, EVT_STR_EPOLL_CREATE }, |
1303 | | { EVT_SYSCALL_EPOLL_CREATE_X, EVT_STR_EPOLL_CREATE }, |
1304 | | { EVT_SYSCALL_EPOLL_CREATE1_E, EVT_STR_EPOLL_CREATE1 }, |
1305 | | { EVT_SYSCALL_EPOLL_CREATE1_X, EVT_STR_EPOLL_CREATE1 }, |
1306 | | { EVT_SYSCALL_CHOWN_E, EVT_STR_CHOWN }, |
1307 | | { EVT_SYSCALL_CHOWN_X, EVT_STR_CHOWN }, |
1308 | | { EVT_SYSCALL_LCHOWN_E, EVT_STR_LCHOWN }, |
1309 | | { EVT_SYSCALL_LCHOWN_X, EVT_STR_LCHOWN }, |
1310 | | { EVT_SYSCALL_FCHOWN_E, EVT_STR_FCHOWN }, |
1311 | | { EVT_SYSCALL_FCHOWN_X, EVT_STR_FCHOWN }, |
1312 | | { EVT_SYSCALL_FCHOWNAT_E, EVT_STR_FCHOWNAT }, |
1313 | | { EVT_SYSCALL_FCHOWNAT_X, EVT_STR_FCHOWNAT }, |
1314 | | { EVT_SYSCALL_UMOUNT_1_E, EVT_STR_UMOUNT }, |
1315 | | { EVT_SYSCALL_UMOUNT_1_X, EVT_STR_UMOUNT }, |
1316 | | { EVT_SOCKET_ACCEPT4_6_E, EVT_STR_ACCEPT4 }, |
1317 | | { EVT_SOCKET_ACCEPT4_6_X, EVT_STR_ACCEPT4 }, |
1318 | | { EVT_SYSCALL_UMOUNT2_E, EVT_STR_UMOUNT2 }, |
1319 | | { EVT_SYSCALL_UMOUNT2_X, EVT_STR_UMOUNT2 }, |
1320 | | { EVT_SYSCALL_PIPE2_E, EVT_STR_PIPE2 }, |
1321 | | { EVT_SYSCALL_PIPE2_X, EVT_STR_PIPE2 }, |
1322 | | { EVT_SYSCALL_INOTIFY_INIT1_E, EVT_STR_INOTIFY_INIT1 }, |
1323 | | { EVT_SYSCALL_INOTIFY_INIT1_X, EVT_STR_INOTIFY_INIT1 }, |
1324 | | { EVT_SYSCALL_EVENTFD2_E, EVT_STR_EVENTFD2 }, |
1325 | | { EVT_SYSCALL_EVENTFD2_X, EVT_STR_EVENTFD2 }, |
1326 | | { EVT_SYSCALL_SIGNALFD4_E, EVT_STR_SIGNALFD4 }, |
1327 | | { EVT_SYSCALL_SIGNALFD4_X, EVT_STR_SIGNALFD4 }, |
1328 | | { EVT_SYSCALL_PRCTL_E, EVT_STR_PRCTL }, |
1329 | | { EVT_SYSCALL_PRCTL_X, EVT_STR_PRCTL }, |
1330 | | { EVT_ASYNCEVENT_E, EVT_STR_ASYNCEVENT }, |
1331 | | { EVT_ASYNCEVENT_X, EVT_STR_NA }, |
1332 | | { EVT_SYSCALL_MEMFD_CREATE_E, EVT_STR_MEMFD_CREATE }, |
1333 | | { EVT_SYSCALL_MEMFD_CREATE_X, EVT_STR_MEMFD_CREATE }, |
1334 | | { EVT_SYSCALL_PIDFD_GETFD_E, EVT_STR_PIDFD_GETFD }, |
1335 | | { EVT_SYSCALL_PIDFD_GETFD_X, EVT_STR_PIDFD_GETFD }, |
1336 | | { EVT_SYSCALL_PIDFD_OPEN_E, EVT_STR_PIDFD_OPEN }, |
1337 | | { EVT_SYSCALL_PIDFD_OPEN_X, EVT_STR_PIDFD_OPEN }, |
1338 | | { EVT_SYSCALL_INIT_MODULE_E, EVT_STR_INIT_MODULE }, |
1339 | | { EVT_SYSCALL_INIT_MODULE_X, EVT_STR_INIT_MODULE }, |
1340 | | { EVT_SYSCALL_FINIT_MODULE_E, EVT_STR_FINIT_MODULE }, |
1341 | | { EVT_SYSCALL_FINIT_MODULE_X, EVT_STR_FINIT_MODULE }, |
1342 | | { EVT_SYSCALL_MKNOD_E, EVT_STR_MKNOD }, |
1343 | | { EVT_SYSCALL_MKNOD_X, EVT_STR_MKNOD }, |
1344 | | { EVT_SYSCALL_MKNODAT_E, EVT_STR_MKNODAT }, |
1345 | | { EVT_SYSCALL_MKNODAT_X, EVT_STR_MKNODAT }, |
1346 | | { EVT_SYSCALL_NEWFSTATAT_E, EVT_STR_NEWFSTATAT }, |
1347 | | { EVT_SYSCALL_NEWFSTATAT_X, EVT_STR_NEWFSTATAT }, |
1348 | | { EVT_SYSCALL_PROCESS_VM_READV_E, EVT_STR_PROCESS_VM_READV }, |
1349 | | { EVT_SYSCALL_PROCESS_VM_READV_X, EVT_STR_PROCESS_VM_READV }, |
1350 | | { EVT_SYSCALL_PROCESS_VM_WRITEV_E, EVT_STR_PROCESS_VM_WRITEV }, |
1351 | | { EVT_SYSCALL_PROCESS_VM_WRITEV_X, EVT_STR_PROCESS_VM_WRITEV }, |
1352 | | { EVT_SYSCALL_DELETE_MODULE_E, EVT_STR_DELETE_MODULE }, |
1353 | | { EVT_SYSCALL_DELETE_MODULE_X, EVT_STR_DELETE_MODULE }, |
1354 | | { EVT_SYSCALL_SETREUID_E, EVT_STR_SETREUID }, |
1355 | | { EVT_SYSCALL_SETREUID_X, EVT_STR_SETREUID }, |
1356 | | { EVT_SYSCALL_SETREGID_E, EVT_STR_SETREGID }, |
1357 | | { EVT_SYSCALL_SETREGID_X, EVT_STR_SETREGID }, |
1358 | | |
1359 | | {0, NULL } |
1360 | | }; |
1361 | | |
1362 | | /* |
1363 | | * "Interesting" parameters, which are appended to COL_INFO. |
1364 | | * Manually generated for now. |
1365 | | */ |
1366 | | struct _event_col_info_param { |
1367 | | const int param_num; |
1368 | | const char *param_name; |
1369 | | enum ftenum param_ftype; |
1370 | | }; |
1371 | | |
1372 | | static const struct _event_col_info_param open_x_params[] = { |
1373 | | { 0, "fd", FT_UINT64 }, |
1374 | | { 1, "name", FT_STRING }, |
1375 | | { 0, NULL, FT_NONE } |
1376 | | }; |
1377 | | |
1378 | | static const struct _event_col_info_param close_e_params[] = { |
1379 | | { 0, "fd", FT_UINT64 }, |
1380 | | { 0, NULL, FT_NONE } |
1381 | | }; |
1382 | | |
1383 | | static const struct _event_col_info_param read_e_params[] = { |
1384 | | { 0, "fd", FT_UINT64 }, |
1385 | | { 0, NULL, FT_NONE } |
1386 | | }; |
1387 | | |
1388 | | static const struct _event_col_info_param write_e_params[] = { |
1389 | | { 0, "fd", FT_UINT64 }, |
1390 | | { 0, NULL, FT_NONE } |
1391 | | }; |
1392 | | |
1393 | | static const struct _event_col_info_param execve_15_x_params[] = { |
1394 | | { 1, "exe", FT_STRING }, |
1395 | | { 2, "args", FT_STRING }, |
1396 | | { 0, NULL, FT_NONE } |
1397 | | }; |
1398 | | |
1399 | | struct _event_col_info { |
1400 | | const unsigned event_type; |
1401 | | const int num_len_fields; |
1402 | | const struct _event_col_info_param *params; |
1403 | | }; |
1404 | | |
1405 | | /* Info column parameters */ |
1406 | | static const struct _event_col_info event_col_info[] = { |
1407 | | { EVT_SYSCALL_OPEN_X, 4, open_x_params }, |
1408 | | { EVT_SYSCALL_CLOSE_E, 1, close_e_params }, |
1409 | | { EVT_SYSCALL_READ_E, 2, read_e_params }, |
1410 | | { EVT_SYSCALL_WRITE_E, 2, write_e_params }, |
1411 | | { EVT_SYSCALL_EXECVE_15_X, 15, execve_15_x_params }, |
1412 | | { 0, 0, NULL } |
1413 | | }; |
1414 | | |
1415 | | struct _event_tree_info { |
1416 | | const unsigned event_type; |
1417 | | /* int num_params; */ |
1418 | | int * const *hf_indexes; |
1419 | | }; |
1420 | | |
1421 | | static int * const no_indexes[] = { NULL }; |
1422 | | |
1423 | | /* Parameter indexes. Automatically generated by tools/generate-sysdig-event.py */ |
1424 | | static int * const generic_e_indexes[] = { &hf_param_ID_uint16, &hf_param_nativeID_uint16, NULL }; |
1425 | | static int * const generic_x_indexes[] = { &hf_param_ID_uint16, NULL }; |
1426 | | static int * const syscall_open_e_indexes[] = { &hf_param_name_string, &hf_param_flags_int32, &hf_param_mode_uint32, NULL }; |
1427 | | static int * const syscall_open_x_indexes[] = { &hf_param_fd_int64, &hf_param_name_string, &hf_param_flags_int32, &hf_param_mode_uint32, &hf_param_dev_uint32, &hf_param_ino_uint64, NULL }; |
1428 | | static int * const syscall_close_e_indexes[] = { &hf_param_fd_int64, NULL }; |
1429 | | static int * const syscall_close_x_indexes[] = { &hf_param_res_int64, NULL }; |
1430 | | static int * const syscall_read_e_indexes[] = { &hf_param_fd_int64, &hf_param_size_uint32, NULL }; |
1431 | | static int * const syscall_read_x_indexes[] = { &hf_param_res_int64, &hf_param_data_bytes, NULL }; |
1432 | | #define syscall_write_e_indexes syscall_read_e_indexes |
1433 | | #define syscall_write_x_indexes syscall_read_x_indexes |
1434 | | static int * const syscall_brk_1_e_indexes[] = { &hf_param_size_uint32, NULL }; |
1435 | | static int * const syscall_brk_1_x_indexes[] = { &hf_param_res_uint64, NULL }; |
1436 | | #define syscall_execve_8_e_indexes no_indexes |
1437 | | static int * const syscall_execve_8_x_indexes[] = { &hf_param_res_int64, &hf_param_exe_string, &hf_param_args_string, &hf_param_tid_int64, &hf_param_pid_int64, &hf_param_ptid_int64, &hf_param_cwd_string, &hf_param_fdlimit_uint64, NULL }; |
1438 | | #define syscall_clone_11_e_indexes no_indexes |
1439 | | static int * const syscall_clone_11_x_indexes[] = { &hf_param_res_int64, &hf_param_exe_string, &hf_param_args_string, &hf_param_tid_int64, &hf_param_pid_int64, &hf_param_ptid_int64, &hf_param_cwd_string, &hf_param_fdlimit_int64, &hf_param_flags_int32, &hf_param_uid_uint32, &hf_param_gid_uint32, NULL }; |
1440 | | #define procexit_e_indexes no_indexes |
1441 | | #define procexit_x_indexes no_indexes |
1442 | | static int * const socket_socket_e_indexes[] = { &hf_param_domain_bytes, &hf_param_type_uint32, &hf_param_proto_uint32, NULL }; |
1443 | | #define socket_socket_x_indexes syscall_close_e_indexes |
1444 | | #define socket_bind_e_indexes syscall_close_e_indexes |
1445 | | static int * const socket_bind_x_indexes[] = { &hf_param_res_int64, &hf_param_addr_bytes, NULL }; |
1446 | | static int * const socket_connect_e_indexes[] = { &hf_param_fd_int64, &hf_param_addr_bytes, NULL }; |
1447 | | static int * const socket_connect_x_indexes[] = { &hf_param_res_int64, &hf_param_tuple_bytes, &hf_param_fd_int64, NULL }; |
1448 | | static int * const socket_listen_e_indexes[] = { &hf_param_fd_int64, &hf_param_backlog_int32, NULL }; |
1449 | | #define socket_listen_x_indexes syscall_close_x_indexes |
1450 | | #define socket_accept_e_indexes no_indexes |
1451 | | static int * const socket_accept_x_indexes[] = { &hf_param_fd_int64, &hf_param_tuple_bytes, &hf_param_queuepct_uint8, NULL }; |
1452 | | #define socket_send_e_indexes syscall_read_e_indexes |
1453 | | #define socket_send_x_indexes syscall_read_x_indexes |
1454 | | static int * const socket_sendto_e_indexes[] = { &hf_param_fd_int64, &hf_param_size_uint32, &hf_param_tuple_bytes, NULL }; |
1455 | | #define socket_sendto_x_indexes syscall_read_x_indexes |
1456 | | #define socket_recv_e_indexes syscall_read_e_indexes |
1457 | | #define socket_recv_x_indexes syscall_read_x_indexes |
1458 | | #define socket_recvfrom_e_indexes syscall_read_e_indexes |
1459 | | static int * const socket_recvfrom_x_indexes[] = { &hf_param_res_int64, &hf_param_data_bytes, &hf_param_tuple_bytes, NULL }; |
1460 | | static int * const socket_shutdown_e_indexes[] = { &hf_param_fd_int64, &hf_param_how_bytes, NULL }; |
1461 | | #define socket_shutdown_x_indexes syscall_close_x_indexes |
1462 | | #define socket_getsockname_e_indexes no_indexes |
1463 | | #define socket_getsockname_x_indexes no_indexes |
1464 | | #define socket_getpeername_e_indexes no_indexes |
1465 | | #define socket_getpeername_x_indexes no_indexes |
1466 | | #define socket_socketpair_e_indexes socket_socket_e_indexes |
1467 | | static int * const socket_socketpair_x_indexes[] = { &hf_param_res_int64, &hf_param_fd1_int64, &hf_param_fd2_int64, &hf_param_source_uint64, &hf_param_peer_uint64, NULL }; |
1468 | | #define socket_setsockopt_e_indexes no_indexes |
1469 | | static int * const socket_setsockopt_x_indexes[] = { &hf_param_res_int64, &hf_param_fd_int64, &hf_param_level_bytes, &hf_param_optname_bytes, &hf_param_val_bytes, &hf_param_optlen_uint32, NULL }; |
1470 | | #define socket_getsockopt_e_indexes no_indexes |
1471 | | #define socket_getsockopt_x_indexes socket_setsockopt_x_indexes |
1472 | | #define socket_sendmsg_e_indexes socket_sendto_e_indexes |
1473 | | #define socket_sendmsg_x_indexes syscall_read_x_indexes |
1474 | | #define socket_sendmmsg_e_indexes no_indexes |
1475 | | #define socket_sendmmsg_x_indexes no_indexes |
1476 | | #define socket_recvmsg_e_indexes syscall_close_e_indexes |
1477 | | static int * const socket_recvmsg_x_indexes[] = { &hf_param_res_int64, &hf_param_size_uint32, &hf_param_data_bytes, &hf_param_tuple_bytes, &hf_param_msgcontrol_bytes, NULL }; |
1478 | | #define socket_recvmmsg_e_indexes no_indexes |
1479 | | #define socket_recvmmsg_x_indexes no_indexes |
1480 | | static int * const socket_accept4_e_indexes[] = { &hf_param_flags_uint32, NULL }; |
1481 | | #define socket_accept4_x_indexes socket_accept_x_indexes |
1482 | | static int * const syscall_creat_e_indexes[] = { &hf_param_name_string, &hf_param_mode_uint32, NULL }; |
1483 | | static int * const syscall_creat_x_indexes[] = { &hf_param_fd_int64, &hf_param_name_string, &hf_param_mode_uint32, &hf_param_dev_uint32, &hf_param_ino_uint64, NULL }; |
1484 | | #define syscall_pipe_e_indexes no_indexes |
1485 | | static int * const syscall_pipe_x_indexes[] = { &hf_param_res_int64, &hf_param_fd1_int64, &hf_param_fd2_int64, &hf_param_ino_uint64, NULL }; |
1486 | | static int * const syscall_eventfd_e_indexes[] = { &hf_param_initval_uint64, &hf_param_flags_uint32, NULL }; |
1487 | | #define syscall_eventfd_x_indexes syscall_close_x_indexes |
1488 | | static int * const syscall_futex_e_indexes[] = { &hf_param_addr_uint64, &hf_param_op_bytes, &hf_param_val_uint64, NULL }; |
1489 | | #define syscall_futex_x_indexes syscall_close_x_indexes |
1490 | | #define syscall_stat_e_indexes no_indexes |
1491 | | static int * const syscall_stat_x_indexes[] = { &hf_param_res_int64, &hf_param_path_string, NULL }; |
1492 | | #define syscall_lstat_e_indexes no_indexes |
1493 | | #define syscall_lstat_x_indexes syscall_stat_x_indexes |
1494 | | #define syscall_fstat_e_indexes syscall_close_e_indexes |
1495 | | #define syscall_fstat_x_indexes syscall_close_x_indexes |
1496 | | #define syscall_stat64_e_indexes no_indexes |
1497 | | #define syscall_stat64_x_indexes syscall_stat_x_indexes |
1498 | | #define syscall_lstat64_e_indexes no_indexes |
1499 | | #define syscall_lstat64_x_indexes syscall_stat_x_indexes |
1500 | | #define syscall_fstat64_e_indexes syscall_close_e_indexes |
1501 | | #define syscall_fstat64_x_indexes syscall_close_x_indexes |
1502 | | static int * const syscall_epollwait_e_indexes[] = { &hf_param_maxevents_int64, NULL }; |
1503 | | #define syscall_epollwait_x_indexes syscall_close_x_indexes |
1504 | | static int * const syscall_poll_e_indexes[] = { &hf_param_fds_bytes, &hf_param_timeout_int64, NULL }; |
1505 | | static int * const syscall_poll_x_indexes[] = { &hf_param_res_int64, &hf_param_fds_bytes, NULL }; |
1506 | | #define syscall_select_e_indexes no_indexes |
1507 | | #define syscall_select_x_indexes syscall_close_x_indexes |
1508 | | #define syscall_newselect_e_indexes no_indexes |
1509 | | #define syscall_newselect_x_indexes syscall_close_x_indexes |
1510 | | static int * const syscall_lseek_e_indexes[] = { &hf_param_fd_int64, &hf_param_offset_uint64, &hf_param_whence_bytes, NULL }; |
1511 | | #define syscall_lseek_x_indexes syscall_close_x_indexes |
1512 | | #define syscall_llseek_e_indexes syscall_lseek_e_indexes |
1513 | | #define syscall_llseek_x_indexes syscall_close_x_indexes |
1514 | | static int * const syscall_ioctl_2_e_indexes[] = { &hf_param_fd_int64, &hf_param_request_uint64, NULL }; |
1515 | | #define syscall_ioctl_2_x_indexes syscall_close_x_indexes |
1516 | | #define syscall_getcwd_e_indexes no_indexes |
1517 | | #define syscall_getcwd_x_indexes syscall_stat_x_indexes |
1518 | | #define syscall_chdir_e_indexes no_indexes |
1519 | | #define syscall_chdir_x_indexes syscall_stat_x_indexes |
1520 | | #define syscall_fchdir_e_indexes syscall_close_e_indexes |
1521 | | #define syscall_fchdir_x_indexes syscall_close_x_indexes |
1522 | | static int * const syscall_mkdir_e_indexes[] = { &hf_param_path_string, &hf_param_mode_uint32, NULL }; |
1523 | | #define syscall_mkdir_x_indexes syscall_close_x_indexes |
1524 | | static int * const syscall_rmdir_e_indexes[] = { &hf_param_path_string, NULL }; |
1525 | | #define syscall_rmdir_x_indexes syscall_close_x_indexes |
1526 | | static int * const syscall_openat_e_indexes[] = { &hf_param_dirfd_int64, &hf_param_name_string, &hf_param_flags_int32, &hf_param_mode_uint32, NULL }; |
1527 | | #define syscall_openat_x_indexes syscall_close_e_indexes |
1528 | | static int * const syscall_link_e_indexes[] = { &hf_param_oldpath_string, &hf_param_newpath_string, NULL }; |
1529 | | #define syscall_link_x_indexes syscall_close_x_indexes |
1530 | | static int * const syscall_linkat_e_indexes[] = { &hf_param_olddir_int64, &hf_param_oldpath_string, &hf_param_newdir_int64, &hf_param_newpath_string, NULL }; |
1531 | | #define syscall_linkat_x_indexes syscall_close_x_indexes |
1532 | | #define syscall_unlink_e_indexes syscall_rmdir_e_indexes |
1533 | | #define syscall_unlink_x_indexes syscall_close_x_indexes |
1534 | | static int * const syscall_unlinkat_e_indexes[] = { &hf_param_dirfd_int64, &hf_param_name_string, NULL }; |
1535 | | #define syscall_unlinkat_x_indexes syscall_close_x_indexes |
1536 | | static int * const syscall_pread_e_indexes[] = { &hf_param_fd_int64, &hf_param_size_uint32, &hf_param_pos_uint64, NULL }; |
1537 | | #define syscall_pread_x_indexes syscall_read_x_indexes |
1538 | | #define syscall_pwrite_e_indexes syscall_pread_e_indexes |
1539 | | #define syscall_pwrite_x_indexes syscall_read_x_indexes |
1540 | | #define syscall_readv_e_indexes syscall_close_e_indexes |
1541 | | static int * const syscall_readv_x_indexes[] = { &hf_param_res_int64, &hf_param_size_uint32, &hf_param_data_bytes, NULL }; |
1542 | | #define syscall_writev_e_indexes syscall_read_e_indexes |
1543 | | #define syscall_writev_x_indexes syscall_read_x_indexes |
1544 | | static int * const syscall_preadv_e_indexes[] = { &hf_param_fd_int64, &hf_param_pos_uint64, NULL }; |
1545 | | #define syscall_preadv_x_indexes syscall_readv_x_indexes |
1546 | | #define syscall_pwritev_e_indexes syscall_pread_e_indexes |
1547 | | #define syscall_pwritev_x_indexes syscall_read_x_indexes |
1548 | | #define syscall_dup_e_indexes syscall_close_e_indexes |
1549 | | #define syscall_dup_x_indexes syscall_close_x_indexes |
1550 | | static int * const syscall_signalfd_e_indexes[] = { &hf_param_fd_int64, &hf_param_mask_uint32, &hf_param_flags_uint8, NULL }; |
1551 | | #define syscall_signalfd_x_indexes syscall_close_x_indexes |
1552 | | static int * const syscall_kill_e_indexes[] = { &hf_param_pid_int64, &hf_param_sig_bytes, NULL }; |
1553 | | #define syscall_kill_x_indexes syscall_close_x_indexes |
1554 | | static int * const syscall_tkill_e_indexes[] = { &hf_param_tid_int64, &hf_param_sig_bytes, NULL }; |
1555 | | #define syscall_tkill_x_indexes syscall_close_x_indexes |
1556 | | static int * const syscall_tgkill_e_indexes[] = { &hf_param_pid_int64, &hf_param_tid_int64, &hf_param_sig_bytes, NULL }; |
1557 | | #define syscall_tgkill_x_indexes syscall_close_x_indexes |
1558 | | static int * const syscall_nanosleep_e_indexes[] = { &hf_param_interval_bytes, NULL }; |
1559 | | #define syscall_nanosleep_x_indexes syscall_close_x_indexes |
1560 | | static int * const syscall_timerfd_create_e_indexes[] = { &hf_param_clockid_uint8, &hf_param_flags_uint8, NULL }; |
1561 | | #define syscall_timerfd_create_x_indexes syscall_close_x_indexes |
1562 | | static int * const syscall_inotify_init_e_indexes[] = { &hf_param_flags_uint8, NULL }; |
1563 | | #define syscall_inotify_init_x_indexes syscall_close_x_indexes |
1564 | | static int * const syscall_getrlimit_e_indexes[] = { &hf_param_resource_bytes, NULL }; |
1565 | | static int * const syscall_getrlimit_x_indexes[] = { &hf_param_res_int64, &hf_param_cur_int64, &hf_param_max_int64, NULL }; |
1566 | | #define syscall_setrlimit_e_indexes syscall_getrlimit_e_indexes |
1567 | | static int * const syscall_setrlimit_x_indexes[] = { &hf_param_res_int64, &hf_param_cur_int64, &hf_param_max_int64, &hf_param_resource_bytes, NULL }; |
1568 | | static int * const syscall_prlimit_e_indexes[] = { &hf_param_pid_int64, &hf_param_resource_bytes, NULL }; |
1569 | | static int * const syscall_prlimit_x_indexes[] = { &hf_param_res_int64, &hf_param_newcur_int64, &hf_param_newmax_int64, &hf_param_oldcur_int64, &hf_param_oldmax_int64, &hf_param_pid_int64, &hf_param_resource_bytes, NULL }; |
1570 | | static int * const schedswitch_1_e_indexes[] = { &hf_param_next_int64, NULL }; |
1571 | | #define schedswitch_1_x_indexes no_indexes |
1572 | | static int * const drop_e_indexes[] = { &hf_param_ratio_uint32, NULL }; |
1573 | | #define drop_x_indexes drop_e_indexes |
1574 | | static int * const syscall_fcntl_e_indexes[] = { &hf_param_fd_int64, &hf_param_cmd_bytes, NULL }; |
1575 | | static int * const syscall_fcntl_x_indexes[] = { &hf_param_res_int64, &hf_param_fd_int64, &hf_param_cmd_bytes, NULL }; |
1576 | | static int * const schedswitch_6_e_indexes[] = { &hf_param_next_int64, &hf_param_pgft_maj_uint64, &hf_param_pgft_min_uint64, &hf_param_vm_size_uint32, &hf_param_vm_rss_uint32, &hf_param_vm_swap_uint32, NULL }; |
1577 | | #define schedswitch_6_x_indexes no_indexes |
1578 | | #define syscall_execve_13_e_indexes no_indexes |
1579 | | static int * const syscall_execve_13_x_indexes[] = { &hf_param_res_int64, &hf_param_exe_string, &hf_param_args_string, &hf_param_tid_int64, &hf_param_pid_int64, &hf_param_ptid_int64, &hf_param_cwd_string, &hf_param_fdlimit_uint64, &hf_param_pgft_maj_uint64, &hf_param_pgft_min_uint64, &hf_param_vm_size_uint32, &hf_param_vm_rss_uint32, &hf_param_vm_swap_uint32, NULL }; |
1580 | | #define syscall_clone_16_e_indexes no_indexes |
1581 | | static int * const syscall_clone_16_x_indexes[] = { &hf_param_res_int64, &hf_param_exe_string, &hf_param_args_string, &hf_param_tid_int64, &hf_param_pid_int64, &hf_param_ptid_int64, &hf_param_cwd_string, &hf_param_fdlimit_int64, &hf_param_pgft_maj_uint64, &hf_param_pgft_min_uint64, &hf_param_vm_size_uint32, &hf_param_vm_rss_uint32, &hf_param_vm_swap_uint32, &hf_param_flags_int32, &hf_param_uid_uint32, &hf_param_gid_uint32, NULL }; |
1582 | | static int * const syscall_brk_4_e_indexes[] = { &hf_param_addr_uint64, NULL }; |
1583 | | static int * const syscall_brk_4_x_indexes[] = { &hf_param_res_uint64, &hf_param_vm_size_uint32, &hf_param_vm_rss_uint32, &hf_param_vm_swap_uint32, NULL }; |
1584 | | static int * const syscall_mmap_e_indexes[] = { &hf_param_addr_uint64, &hf_param_length_uint64, &hf_param_prot_int32, &hf_param_flags_int32, &hf_param_fd_int64, &hf_param_offset_uint64, NULL }; |
1585 | | static int * const syscall_mmap_x_indexes[] = { &hf_param_res_int64, &hf_param_vm_size_uint32, &hf_param_vm_rss_uint32, &hf_param_vm_swap_uint32, NULL }; |
1586 | | static int * const syscall_mmap2_e_indexes[] = { &hf_param_addr_uint64, &hf_param_length_uint64, &hf_param_prot_int32, &hf_param_flags_int32, &hf_param_fd_int64, &hf_param_pgoffset_uint64, NULL }; |
1587 | | #define syscall_mmap2_x_indexes syscall_mmap_x_indexes |
1588 | | static int * const syscall_munmap_e_indexes[] = { &hf_param_addr_uint64, &hf_param_length_uint64, NULL }; |
1589 | | #define syscall_munmap_x_indexes syscall_mmap_x_indexes |
1590 | | static int * const syscall_splice_e_indexes[] = { &hf_param_fd_in_int64, &hf_param_fd_out_int64, &hf_param_size_uint64, &hf_param_flags_int32, NULL }; |
1591 | | #define syscall_splice_x_indexes syscall_close_x_indexes |
1592 | | static int * const syscall_ptrace_e_indexes[] = { &hf_param_request_bytes, &hf_param_pid_int64, NULL }; |
1593 | | static int * const syscall_ptrace_x_indexes[] = { &hf_param_res_int64, &hf_param_addr_bytes, &hf_param_data_bytes, NULL }; |
1594 | | static int * const syscall_ioctl_3_e_indexes[] = { &hf_param_fd_int64, &hf_param_request_uint64, &hf_param_argument_uint64, NULL }; |
1595 | | #define syscall_ioctl_3_x_indexes syscall_close_x_indexes |
1596 | | #define syscall_execve_14_e_indexes no_indexes |
1597 | | static int * const syscall_execve_14_x_indexes[] = { &hf_param_res_int64, &hf_param_exe_string, &hf_param_args_string, &hf_param_tid_int64, &hf_param_pid_int64, &hf_param_ptid_int64, &hf_param_cwd_string, &hf_param_fdlimit_uint64, &hf_param_pgft_maj_uint64, &hf_param_pgft_min_uint64, &hf_param_vm_size_uint32, &hf_param_vm_rss_uint32, &hf_param_vm_swap_uint32, &hf_param_env_string, NULL }; |
1598 | | #define syscall_rename_e_indexes no_indexes |
1599 | | static int * const syscall_rename_x_indexes[] = { &hf_param_res_int64, &hf_param_oldpath_string, &hf_param_newpath_string, NULL }; |
1600 | | #define syscall_renameat_e_indexes no_indexes |
1601 | | static int * const syscall_renameat_x_indexes[] = { &hf_param_res_int64, &hf_param_olddirfd_int64, &hf_param_oldpath_string, &hf_param_newdirfd_int64, &hf_param_newpath_string, NULL }; |
1602 | | #define syscall_symlink_e_indexes no_indexes |
1603 | | static int * const syscall_symlink_x_indexes[] = { &hf_param_res_int64, &hf_param_target_string, &hf_param_linkpath_string, NULL }; |
1604 | | #define syscall_symlinkat_e_indexes no_indexes |
1605 | | static int * const syscall_symlinkat_x_indexes[] = { &hf_param_res_int64, &hf_param_target_string, &hf_param_linkdirfd_int64, &hf_param_linkpath_string, NULL }; |
1606 | | #define syscall_fork_e_indexes no_indexes |
1607 | | #define syscall_fork_x_indexes syscall_clone_16_x_indexes |
1608 | | #define syscall_vfork_e_indexes no_indexes |
1609 | | #define syscall_vfork_x_indexes syscall_clone_16_x_indexes |
1610 | | static int * const procexit_1_e_indexes[] = { &hf_param_status_int64, &hf_param_ret_int64, &hf_param_sig_bytes, &hf_param_core_uint8, &hf_param_reaper_tid_int64, NULL }; |
1611 | | #define procexit_1_x_indexes no_indexes |
1612 | | static int * const syscall_sendfile_e_indexes[] = { &hf_param_out_fd_int64, &hf_param_in_fd_int64, &hf_param_offset_uint64, &hf_param_size_uint64, NULL }; |
1613 | | static int * const syscall_sendfile_x_indexes[] = { &hf_param_res_int64, &hf_param_offset_uint64, NULL }; |
1614 | | static int * const syscall_quotactl_e_indexes[] = { &hf_param_cmd_int16, &hf_param_type_int8, &hf_param_id_uint32, &hf_param_quota_fmt_int8, NULL }; |
1615 | | static int * const syscall_quotactl_x_indexes[] = { &hf_param_res_int64, &hf_param_special_string, &hf_param_quotafilepath_string, &hf_param_dqb_bhardlimit_uint64, &hf_param_dqb_bsoftlimit_uint64, &hf_param_dqb_curspace_uint64, &hf_param_dqb_ihardlimit_uint64, &hf_param_dqb_isoftlimit_uint64, &hf_param_dqb_btime_bytes, &hf_param_dqb_itime_bytes, &hf_param_dqi_bgrace_bytes, &hf_param_dqi_igrace_bytes, &hf_param_dqi_flags_int8, &hf_param_quota_fmt_out_int8, NULL }; |
1616 | | static int * const syscall_setresuid_e_indexes[] = { &hf_param_ruid_int32, &hf_param_euid_int32, &hf_param_suid_int32, NULL }; |
1617 | | #define syscall_setresuid_x_indexes syscall_close_x_indexes |
1618 | | static int * const syscall_setresgid_e_indexes[] = { &hf_param_rgid_int32, &hf_param_egid_int32, &hf_param_sgid_int32, NULL }; |
1619 | | #define syscall_setresgid_x_indexes syscall_close_x_indexes |
1620 | | static int * const scapevent_e_indexes[] = { &hf_param_event_type_uint32, &hf_param_event_data_uint64, NULL }; |
1621 | | #define scapevent_x_indexes no_indexes |
1622 | | static int * const syscall_setuid_e_indexes[] = { &hf_param_uid_int32, NULL }; |
1623 | | #define syscall_setuid_x_indexes syscall_close_x_indexes |
1624 | | static int * const syscall_setgid_e_indexes[] = { &hf_param_gid_int32, NULL }; |
1625 | | #define syscall_setgid_x_indexes syscall_close_x_indexes |
1626 | | #define syscall_getuid_e_indexes no_indexes |
1627 | | #define syscall_getuid_x_indexes syscall_setuid_e_indexes |
1628 | | #define syscall_geteuid_e_indexes no_indexes |
1629 | | static int * const syscall_geteuid_x_indexes[] = { &hf_param_euid_int32, NULL }; |
1630 | | #define syscall_getgid_e_indexes no_indexes |
1631 | | #define syscall_getgid_x_indexes syscall_setgid_e_indexes |
1632 | | #define syscall_getegid_e_indexes no_indexes |
1633 | | static int * const syscall_getegid_x_indexes[] = { &hf_param_egid_int32, NULL }; |
1634 | | #define syscall_getresuid_e_indexes no_indexes |
1635 | | static int * const syscall_getresuid_x_indexes[] = { &hf_param_res_int64, &hf_param_ruid_int32, &hf_param_euid_int32, &hf_param_suid_int32, NULL }; |
1636 | | #define syscall_getresgid_e_indexes no_indexes |
1637 | | static int * const syscall_getresgid_x_indexes[] = { &hf_param_res_int64, &hf_param_rgid_int32, &hf_param_egid_int32, &hf_param_sgid_int32, NULL }; |
1638 | | #define syscall_execve_15_e_indexes no_indexes |
1639 | | static int * const syscall_execve_15_x_indexes[] = { &hf_param_res_int64, &hf_param_exe_string, &hf_param_args_string, &hf_param_tid_int64, &hf_param_pid_int64, &hf_param_ptid_int64, &hf_param_cwd_string, &hf_param_fdlimit_uint64, &hf_param_pgft_maj_uint64, &hf_param_pgft_min_uint64, &hf_param_vm_size_uint32, &hf_param_vm_rss_uint32, &hf_param_vm_swap_uint32, &hf_param_comm_string, &hf_param_env_string, NULL }; |
1640 | | #define syscall_clone_17_e_indexes no_indexes |
1641 | | static int * const syscall_clone_17_x_indexes[] = { &hf_param_res_int64, &hf_param_exe_string, &hf_param_args_string, &hf_param_tid_int64, &hf_param_pid_int64, &hf_param_ptid_int64, &hf_param_cwd_string, &hf_param_fdlimit_int64, &hf_param_pgft_maj_uint64, &hf_param_pgft_min_uint64, &hf_param_vm_size_uint32, &hf_param_vm_rss_uint32, &hf_param_vm_swap_uint32, &hf_param_comm_string, &hf_param_flags_int32, &hf_param_uid_uint32, &hf_param_gid_uint32, NULL }; |
1642 | | #define syscall_fork_17_e_indexes no_indexes |
1643 | | #define syscall_fork_17_x_indexes syscall_clone_17_x_indexes |
1644 | | #define syscall_vfork_17_e_indexes no_indexes |
1645 | | #define syscall_vfork_17_x_indexes syscall_clone_17_x_indexes |
1646 | | #define syscall_clone_20_e_indexes no_indexes |
1647 | | static int * const syscall_clone_20_x_indexes[] = { &hf_param_res_int64, &hf_param_exe_string, &hf_param_args_string, &hf_param_tid_int64, &hf_param_pid_int64, &hf_param_ptid_int64, &hf_param_cwd_string, &hf_param_fdlimit_int64, &hf_param_pgft_maj_uint64, &hf_param_pgft_min_uint64, &hf_param_vm_size_uint32, &hf_param_vm_rss_uint32, &hf_param_vm_swap_uint32, &hf_param_comm_string, &hf_param_cgroups_bytes, &hf_param_flags_int32, &hf_param_uid_uint32, &hf_param_gid_uint32, &hf_param_vtid_int64, &hf_param_vpid_int64, &hf_param_pidns_init_start_ts_uint64, NULL }; |
1648 | | #define syscall_fork_20_e_indexes no_indexes |
1649 | | #define syscall_fork_20_x_indexes syscall_clone_20_x_indexes |
1650 | | #define syscall_vfork_20_e_indexes no_indexes |
1651 | | #define syscall_vfork_20_x_indexes syscall_clone_20_x_indexes |
1652 | | static int * const container_e_indexes[] = { &hf_param_id_string, &hf_param_type_uint32, &hf_param_name_string, &hf_param_image_string, NULL }; |
1653 | | #define container_x_indexes no_indexes |
1654 | | #define syscall_execve_16_e_indexes no_indexes |
1655 | | static int * const syscall_execve_16_x_indexes[] = { &hf_param_res_int64, &hf_param_exe_string, &hf_param_args_string, &hf_param_tid_int64, &hf_param_pid_int64, &hf_param_ptid_int64, &hf_param_cwd_string, &hf_param_fdlimit_uint64, &hf_param_pgft_maj_uint64, &hf_param_pgft_min_uint64, &hf_param_vm_size_uint32, &hf_param_vm_rss_uint32, &hf_param_vm_swap_uint32, &hf_param_comm_string, &hf_param_cgroups_bytes, &hf_param_env_string, NULL }; |
1656 | | static int * const signaldeliver_e_indexes[] = { &hf_param_spid_int64, &hf_param_dpid_int64, &hf_param_sig_bytes, NULL }; |
1657 | | #define signaldeliver_x_indexes no_indexes |
1658 | | static int * const procinfo_e_indexes[] = { &hf_param_cpu_usr_uint64, &hf_param_cpu_sys_uint64, NULL }; |
1659 | | #define procinfo_x_indexes no_indexes |
1660 | | #define syscall_getdents_e_indexes syscall_close_e_indexes |
1661 | | #define syscall_getdents_x_indexes syscall_close_x_indexes |
1662 | | #define syscall_getdents64_e_indexes syscall_close_e_indexes |
1663 | | #define syscall_getdents64_x_indexes syscall_close_x_indexes |
1664 | | static int * const syscall_setns_e_indexes[] = { &hf_param_fd_int64, &hf_param_nstype_int32, NULL }; |
1665 | | #define syscall_setns_x_indexes syscall_close_x_indexes |
1666 | | static int * const syscall_flock_e_indexes[] = { &hf_param_fd_int64, &hf_param_operation_int32, NULL }; |
1667 | | #define syscall_flock_x_indexes syscall_close_x_indexes |
1668 | | static int * const cpu_hotplug_e_indexes[] = { &hf_param_cpu_uint32, &hf_param_action_uint32, NULL }; |
1669 | | #define cpu_hotplug_x_indexes no_indexes |
1670 | | #define socket_accept_5_e_indexes no_indexes |
1671 | | static int * const socket_accept_5_x_indexes[] = { &hf_param_fd_int64, &hf_param_tuple_bytes, &hf_param_queuepct_uint8, &hf_param_queuelen_uint32, &hf_param_queuemax_uint32, NULL }; |
1672 | | #define socket_accept4_5_e_indexes socket_accept4_e_indexes |
1673 | | #define socket_accept4_5_x_indexes socket_accept_5_x_indexes |
1674 | | static int * const syscall_semop_e_indexes[] = { &hf_param_semid_int32, NULL }; |
1675 | | static int * const syscall_semop_x_indexes[] = { &hf_param_res_int64, &hf_param_nsops_uint32, &hf_param_sem_num_0_uint16, &hf_param_sem_op_0_int16, &hf_param_sem_flg_0_int16, &hf_param_sem_num_1_uint16, &hf_param_sem_op_1_int16, &hf_param_sem_flg_1_int16, NULL }; |
1676 | | static int * const syscall_semctl_e_indexes[] = { &hf_param_semid_int32, &hf_param_semnum_int32, &hf_param_cmd_int16, &hf_param_val_int32, NULL }; |
1677 | | #define syscall_semctl_x_indexes syscall_close_x_indexes |
1678 | | static int * const syscall_ppoll_e_indexes[] = { &hf_param_fds_bytes, &hf_param_timeout_bytes, &hf_param_sigmask_bytes, NULL }; |
1679 | | #define syscall_ppoll_x_indexes syscall_poll_x_indexes |
1680 | | static int * const syscall_mount_e_indexes[] = { &hf_param_flags_int32, NULL }; |
1681 | | static int * const syscall_mount_x_indexes[] = { &hf_param_res_int64, &hf_param_dev_string, &hf_param_dir_string, &hf_param_type_string, NULL }; |
1682 | | #define syscall_umount_e_indexes syscall_mount_e_indexes |
1683 | | static int * const syscall_umount_x_indexes[] = { &hf_param_res_int64, &hf_param_name_string, NULL }; |
1684 | | static int * const k8s_e_indexes[] = { &hf_param_json_string, NULL }; |
1685 | | #define k8s_x_indexes no_indexes |
1686 | | static int * const syscall_semget_e_indexes[] = { &hf_param_key_int32, &hf_param_nsems_int32, &hf_param_semflg_int32, NULL }; |
1687 | | #define syscall_semget_x_indexes syscall_close_x_indexes |
1688 | | static int * const syscall_access_e_indexes[] = { &hf_param_mode_int32, NULL }; |
1689 | | #define syscall_access_x_indexes syscall_umount_x_indexes |
1690 | | #define syscall_chroot_e_indexes no_indexes |
1691 | | #define syscall_chroot_x_indexes syscall_stat_x_indexes |
1692 | | static int * const tracer_e_indexes[] = { &hf_param_id_int64, &hf_param_tags_bytes, &hf_param_args_string, NULL }; |
1693 | | #define tracer_x_indexes tracer_e_indexes |
1694 | | #define mesos_e_indexes k8s_e_indexes |
1695 | | #define mesos_x_indexes no_indexes |
1696 | | #define container_json_e_indexes k8s_e_indexes |
1697 | | #define container_json_x_indexes no_indexes |
1698 | | #define syscall_setsid_e_indexes no_indexes |
1699 | | #define syscall_setsid_x_indexes syscall_close_x_indexes |
1700 | | static int * const syscall_mkdir_2_e_indexes[] = { &hf_param_mode_uint32, NULL }; |
1701 | | #define syscall_mkdir_2_x_indexes syscall_stat_x_indexes |
1702 | | #define syscall_rmdir_2_e_indexes no_indexes |
1703 | | #define syscall_rmdir_2_x_indexes syscall_stat_x_indexes |
1704 | | static int * const notification_e_indexes[] = { &hf_param_id_string, &hf_param_desc_string, NULL }; |
1705 | | #define notification_x_indexes no_indexes |
1706 | | #define syscall_execve_17_e_indexes no_indexes |
1707 | | static int * const syscall_execve_17_x_indexes[] = { &hf_param_res_int64, &hf_param_exe_string, &hf_param_args_string, &hf_param_tid_int64, &hf_param_pid_int64, &hf_param_ptid_int64, &hf_param_cwd_string, &hf_param_fdlimit_uint64, &hf_param_pgft_maj_uint64, &hf_param_pgft_min_uint64, &hf_param_vm_size_uint32, &hf_param_vm_rss_uint32, &hf_param_vm_swap_uint32, &hf_param_comm_string, &hf_param_cgroups_bytes, &hf_param_env_string, &hf_param_tty_int32, NULL }; |
1708 | | #define syscall_unshare_e_indexes syscall_mount_e_indexes |
1709 | | #define syscall_unshare_x_indexes syscall_close_x_indexes |
1710 | | static int * const infrastructure_event_e_indexes[] = { &hf_param_source_string, &hf_param_name_string, &hf_param_description_string, &hf_param_scope_string, NULL }; |
1711 | | #define infrastructure_event_x_indexes no_indexes |
1712 | | static int * const syscall_execve_18_e_indexes[] = { &hf_param_filename_string, NULL }; |
1713 | | #define syscall_execve_18_x_indexes syscall_execve_17_x_indexes |
1714 | | static int * const page_fault_e_indexes[] = { &hf_param_addr_uint64, &hf_param_ip_uint64, &hf_param_error_int32, NULL }; |
1715 | | #define page_fault_x_indexes no_indexes |
1716 | | #define syscall_execve_19_e_indexes syscall_execve_18_e_indexes |
1717 | | static int * const syscall_execve_19_x_indexes[] = { &hf_param_res_int64, &hf_param_exe_string, &hf_param_args_string, &hf_param_tid_int64, &hf_param_pid_int64, &hf_param_ptid_int64, &hf_param_cwd_string, &hf_param_fdlimit_uint64, &hf_param_pgft_maj_uint64, &hf_param_pgft_min_uint64, &hf_param_vm_size_uint32, &hf_param_vm_rss_uint32, &hf_param_vm_swap_uint32, &hf_param_comm_string, &hf_param_cgroups_bytes, &hf_param_env_string, &hf_param_tty_uint32, &hf_param_pgid_int64, &hf_param_loginuid_int32, &hf_param_flags_int32, &hf_param_cap_inheritable_uint64, &hf_param_cap_permitted_uint64, &hf_param_cap_effective_uint64, &hf_param_exe_ino_uint64, &hf_param_exe_ino_ctime_bytes, &hf_param_exe_ino_mtime_bytes, &hf_param_uid_int32, &hf_param_trusted_exepath_string, NULL }; |
1718 | | static int * const syscall_setpgid_e_indexes[] = { &hf_param_pid_int64, &hf_param_pgid_int64, NULL }; |
1719 | | #define syscall_setpgid_x_indexes syscall_close_x_indexes |
1720 | | static int * const syscall_bpf_e_indexes[] = { &hf_param_cmd_int64, NULL }; |
1721 | | static int * const syscall_bpf_x_indexes[] = { &hf_param_res_or_fd_bytes, NULL }; |
1722 | | static int * const syscall_seccomp_e_indexes[] = { &hf_param_op_uint64, &hf_param_flags_uint64, NULL }; |
1723 | | #define syscall_seccomp_x_indexes syscall_close_x_indexes |
1724 | | #define syscall_unlink_2_e_indexes no_indexes |
1725 | | #define syscall_unlink_2_x_indexes syscall_stat_x_indexes |
1726 | | #define syscall_unlinkat_2_e_indexes no_indexes |
1727 | | static int * const syscall_unlinkat_2_x_indexes[] = { &hf_param_res_int64, &hf_param_dirfd_int64, &hf_param_name_string, &hf_param_flags_int32, NULL }; |
1728 | | #define syscall_mkdirat_e_indexes no_indexes |
1729 | | static int * const syscall_mkdirat_x_indexes[] = { &hf_param_res_int64, &hf_param_dirfd_int64, &hf_param_path_string, &hf_param_mode_uint32, NULL }; |
1730 | | #define syscall_openat_2_e_indexes syscall_openat_e_indexes |
1731 | | static int * const syscall_openat_2_x_indexes[] = { &hf_param_fd_int64, &hf_param_dirfd_int64, &hf_param_name_string, &hf_param_flags_int32, &hf_param_mode_uint32, &hf_param_dev_uint32, &hf_param_ino_uint64, NULL }; |
1732 | | #define syscall_link_2_e_indexes no_indexes |
1733 | | #define syscall_link_2_x_indexes syscall_rename_x_indexes |
1734 | | #define syscall_linkat_2_e_indexes no_indexes |
1735 | | static int * const syscall_linkat_2_x_indexes[] = { &hf_param_res_int64, &hf_param_olddir_int64, &hf_param_oldpath_string, &hf_param_newdir_int64, &hf_param_newpath_string, &hf_param_flags_int32, NULL }; |
1736 | | #define syscall_fchmodat_e_indexes no_indexes |
1737 | | static int * const syscall_fchmodat_x_indexes[] = { &hf_param_res_int64, &hf_param_dirfd_int64, &hf_param_filename_string, &hf_param_mode_int32, NULL }; |
1738 | | #define syscall_chmod_e_indexes no_indexes |
1739 | | static int * const syscall_chmod_x_indexes[] = { &hf_param_res_int64, &hf_param_filename_string, &hf_param_mode_int32, NULL }; |
1740 | | #define syscall_fchmod_e_indexes no_indexes |
1741 | | static int * const syscall_fchmod_x_indexes[] = { &hf_param_res_int64, &hf_param_fd_int64, &hf_param_mode_int32, NULL }; |
1742 | | #define syscall_renameat2_e_indexes no_indexes |
1743 | | static int * const syscall_renameat2_x_indexes[] = { &hf_param_res_int64, &hf_param_olddirfd_int64, &hf_param_oldpath_string, &hf_param_newdirfd_int64, &hf_param_newpath_string, &hf_param_flags_int32, NULL }; |
1744 | | #define syscall_userfaultfd_e_indexes no_indexes |
1745 | | static int * const syscall_userfaultfd_x_indexes[] = { &hf_param_res_int64, &hf_param_flags_int32, NULL }; |
1746 | | static int * const pluginevent_e_indexes[] = { &hf_param_plugin_id_uint32, &hf_param_event_data_bytes, NULL }; |
1747 | | #define pluginevent_x_indexes no_indexes |
1748 | | #define container_json_2_e_indexes k8s_e_indexes |
1749 | | #define container_json_2_x_indexes no_indexes |
1750 | | static int * const syscall_openat2_e_indexes[] = { &hf_param_dirfd_int64, &hf_param_name_string, &hf_param_flags_int32, &hf_param_mode_uint32, &hf_param_resolve_int32, NULL }; |
1751 | | static int * const syscall_openat2_x_indexes[] = { &hf_param_fd_int64, &hf_param_dirfd_int64, &hf_param_name_string, &hf_param_flags_int32, &hf_param_mode_uint32, &hf_param_resolve_int32, &hf_param_dev_uint32, &hf_param_ino_uint64, NULL }; |
1752 | | static int * const syscall_mprotect_e_indexes[] = { &hf_param_addr_uint64, &hf_param_length_uint64, &hf_param_prot_int32, NULL }; |
1753 | | #define syscall_mprotect_x_indexes syscall_close_x_indexes |
1754 | | static int * const syscall_execveat_e_indexes[] = { &hf_param_dirfd_int64, &hf_param_pathname_string, &hf_param_flags_int32, NULL }; |
1755 | | #define syscall_execveat_x_indexes syscall_execve_19_x_indexes |
1756 | | static int * const syscall_copy_file_range_e_indexes[] = { &hf_param_fdin_int64, &hf_param_offin_uint64, &hf_param_len_uint64, NULL }; |
1757 | | static int * const syscall_copy_file_range_x_indexes[] = { &hf_param_res_int64, &hf_param_fdout_int64, &hf_param_offout_uint64, NULL }; |
1758 | | #define syscall_clone3_e_indexes no_indexes |
1759 | | #define syscall_clone3_x_indexes syscall_clone_20_x_indexes |
1760 | | #define syscall_open_by_handle_at_e_indexes no_indexes |
1761 | | static int * const syscall_open_by_handle_at_x_indexes[] = { &hf_param_fd_int64, &hf_param_mountfd_int64, &hf_param_flags_int32, &hf_param_path_string, &hf_param_dev_uint32, &hf_param_ino_uint64, NULL }; |
1762 | | #define syscall_io_uring_setup_e_indexes no_indexes |
1763 | | static int * const syscall_io_uring_setup_x_indexes[] = { &hf_param_res_int64, &hf_param_entries_uint32, &hf_param_sq_entries_uint32, &hf_param_cq_entries_uint32, &hf_param_flags_int32, &hf_param_sq_thread_cpu_uint32, &hf_param_sq_thread_idle_uint32, &hf_param_features_int32, NULL }; |
1764 | | #define syscall_io_uring_enter_e_indexes no_indexes |
1765 | | static int * const syscall_io_uring_enter_x_indexes[] = { &hf_param_res_int64, &hf_param_fd_int64, &hf_param_to_submit_uint32, &hf_param_min_complete_uint32, &hf_param_flags_int32, &hf_param_sig_bytes, NULL }; |
1766 | | #define syscall_io_uring_register_e_indexes no_indexes |
1767 | | static int * const syscall_io_uring_register_x_indexes[] = { &hf_param_res_int64, &hf_param_fd_int64, &hf_param_opcode_bytes, &hf_param_arg_uint64, &hf_param_nr_args_uint32, NULL }; |
1768 | | #define syscall_mlock_e_indexes no_indexes |
1769 | | static int * const syscall_mlock_x_indexes[] = { &hf_param_res_int64, &hf_param_addr_uint64, &hf_param_len_uint64, NULL }; |
1770 | | #define syscall_munlock_e_indexes no_indexes |
1771 | | #define syscall_munlock_x_indexes syscall_mlock_x_indexes |
1772 | | #define syscall_mlockall_e_indexes no_indexes |
1773 | | #define syscall_mlockall_x_indexes syscall_userfaultfd_x_indexes |
1774 | | #define syscall_munlockall_e_indexes no_indexes |
1775 | | #define syscall_munlockall_x_indexes syscall_close_x_indexes |
1776 | | #define syscall_capset_e_indexes no_indexes |
1777 | | static int * const syscall_capset_x_indexes[] = { &hf_param_res_int64, &hf_param_cap_inheritable_uint64, &hf_param_cap_permitted_uint64, &hf_param_cap_effective_uint64, NULL }; |
1778 | | static int * const user_added_e_indexes[] = { &hf_param_uid_uint32, &hf_param_gid_uint32, &hf_param_name_string, &hf_param_home_string, &hf_param_shell_string, &hf_param_container_id_string, NULL }; |
1779 | | #define user_added_x_indexes no_indexes |
1780 | | #define user_deleted_e_indexes user_added_e_indexes |
1781 | | #define user_deleted_x_indexes no_indexes |
1782 | | static int * const group_added_e_indexes[] = { &hf_param_gid_uint32, &hf_param_name_string, &hf_param_container_id_string, NULL }; |
1783 | | #define group_added_x_indexes no_indexes |
1784 | | #define group_deleted_e_indexes group_added_e_indexes |
1785 | | #define group_deleted_x_indexes no_indexes |
1786 | | #define syscall_dup2_e_indexes syscall_close_e_indexes |
1787 | | static int * const syscall_dup2_x_indexes[] = { &hf_param_res_int64, &hf_param_oldfd_int64, &hf_param_newfd_int64, NULL }; |
1788 | | #define syscall_dup3_e_indexes syscall_close_e_indexes |
1789 | | static int * const syscall_dup3_x_indexes[] = { &hf_param_res_int64, &hf_param_oldfd_int64, &hf_param_newfd_int64, &hf_param_flags_int32, NULL }; |
1790 | | #define syscall_dup_1_e_indexes syscall_close_e_indexes |
1791 | | static int * const syscall_dup_1_x_indexes[] = { &hf_param_res_int64, &hf_param_oldfd_int64, NULL }; |
1792 | | #define syscall_bpf_2_e_indexes syscall_bpf_e_indexes |
1793 | | #define syscall_bpf_2_x_indexes syscall_fcntl_e_indexes |
1794 | | #define syscall_mlock2_e_indexes no_indexes |
1795 | | static int * const syscall_mlock2_x_indexes[] = { &hf_param_res_int64, &hf_param_addr_uint64, &hf_param_len_uint64, &hf_param_flags_int32, NULL }; |
1796 | | #define syscall_fsconfig_e_indexes no_indexes |
1797 | | static int * const syscall_fsconfig_x_indexes[] = { &hf_param_res_int64, &hf_param_fd_int64, &hf_param_cmd_bytes, &hf_param_key_string, &hf_param_value_bytebuf_bytes, &hf_param_value_charbuf_string, &hf_param_aux_int32, NULL }; |
1798 | | static int * const syscall_epoll_create_e_indexes[] = { &hf_param_size_int32, NULL }; |
1799 | | #define syscall_epoll_create_x_indexes syscall_close_x_indexes |
1800 | | #define syscall_epoll_create1_e_indexes syscall_mount_e_indexes |
1801 | | #define syscall_epoll_create1_x_indexes syscall_close_x_indexes |
1802 | | #define syscall_chown_e_indexes no_indexes |
1803 | | static int * const syscall_chown_x_indexes[] = { &hf_param_res_int64, &hf_param_path_string, &hf_param_uid_uint32, &hf_param_gid_uint32, NULL }; |
1804 | | #define syscall_lchown_e_indexes no_indexes |
1805 | | #define syscall_lchown_x_indexes syscall_chown_x_indexes |
1806 | | #define syscall_fchown_e_indexes no_indexes |
1807 | | static int * const syscall_fchown_x_indexes[] = { &hf_param_res_int64, &hf_param_fd_int64, &hf_param_uid_uint32, &hf_param_gid_uint32, NULL }; |
1808 | | #define syscall_fchownat_e_indexes no_indexes |
1809 | | static int * const syscall_fchownat_x_indexes[] = { &hf_param_res_int64, &hf_param_dirfd_int64, &hf_param_pathname_string, &hf_param_uid_uint32, &hf_param_gid_uint32, &hf_param_flags_int32, NULL }; |
1810 | | #define syscall_umount_1_e_indexes no_indexes |
1811 | | #define syscall_umount_1_x_indexes syscall_umount_x_indexes |
1812 | | #define socket_accept4_6_e_indexes socket_accept4_e_indexes |
1813 | | #define socket_accept4_6_x_indexes socket_accept_5_x_indexes |
1814 | | #define syscall_umount2_e_indexes syscall_mount_e_indexes |
1815 | | #define syscall_umount2_x_indexes syscall_umount_x_indexes |
1816 | | #define syscall_pipe2_e_indexes no_indexes |
1817 | | static int * const syscall_pipe2_x_indexes[] = { &hf_param_res_int64, &hf_param_fd1_int64, &hf_param_fd2_int64, &hf_param_ino_uint64, &hf_param_flags_int32, NULL }; |
1818 | | #define syscall_inotify_init1_e_indexes no_indexes |
1819 | | static int * const syscall_inotify_init1_x_indexes[] = { &hf_param_res_int64, &hf_param_flags_int16, NULL }; |
1820 | | static int * const syscall_eventfd2_e_indexes[] = { &hf_param_initval_uint64, NULL }; |
1821 | | #define syscall_eventfd2_x_indexes syscall_inotify_init1_x_indexes |
1822 | | static int * const syscall_signalfd4_e_indexes[] = { &hf_param_fd_int64, &hf_param_mask_uint32, NULL }; |
1823 | | #define syscall_signalfd4_x_indexes syscall_inotify_init1_x_indexes |
1824 | | #define syscall_prctl_e_indexes no_indexes |
1825 | | static int * const syscall_prctl_x_indexes[] = { &hf_param_res_int64, &hf_param_option_bytes, &hf_param_arg2_str_string, &hf_param_arg2_int_int64, NULL }; |
1826 | | static int * const asyncevent_e_indexes[] = { &hf_param_plugin_id_uint32, &hf_param_name_string, &hf_param_data_bytes, NULL }; |
1827 | | #define asyncevent_x_indexes no_indexes |
1828 | | #define syscall_memfd_create_e_indexes no_indexes |
1829 | | static int * const syscall_memfd_create_x_indexes[] = { &hf_param_fd_int64, &hf_param_name_string, &hf_param_flags_int32, NULL }; |
1830 | | #define syscall_pidfd_getfd_e_indexes no_indexes |
1831 | | static int * const syscall_pidfd_getfd_x_indexes[] = { &hf_param_fd_int64, &hf_param_pid_fd_int64, &hf_param_target_fd_int64, &hf_param_flags_uint32, NULL }; |
1832 | | #define syscall_pidfd_open_e_indexes no_indexes |
1833 | | static int * const syscall_pidfd_open_x_indexes[] = { &hf_param_fd_int64, &hf_param_pid_int64, &hf_param_flags_int32, NULL }; |
1834 | | #define syscall_init_module_e_indexes no_indexes |
1835 | | static int * const syscall_init_module_x_indexes[] = { &hf_param_res_int64, &hf_param_img_bytes, &hf_param_length_uint64, &hf_param_uargs_string, NULL }; |
1836 | | #define syscall_finit_module_e_indexes no_indexes |
1837 | | static int * const syscall_finit_module_x_indexes[] = { &hf_param_res_int64, &hf_param_fd_int64, &hf_param_uargs_string, &hf_param_flags_int32, NULL }; |
1838 | | #define syscall_mknod_e_indexes no_indexes |
1839 | | static int * const syscall_mknod_x_indexes[] = { &hf_param_res_int64, &hf_param_path_string, &hf_param_mode_int32, &hf_param_dev_uint32, NULL }; |
1840 | | #define syscall_mknodat_e_indexes no_indexes |
1841 | | static int * const syscall_mknodat_x_indexes[] = { &hf_param_res_int64, &hf_param_dirfd_int64, &hf_param_path_string, &hf_param_mode_int32, &hf_param_dev_uint32, NULL }; |
1842 | | #define syscall_newfstatat_e_indexes no_indexes |
1843 | | static int * const syscall_newfstatat_x_indexes[] = { &hf_param_res_int64, &hf_param_dirfd_int64, &hf_param_path_string, &hf_param_flags_int32, NULL }; |
1844 | | #define syscall_process_vm_readv_e_indexes no_indexes |
1845 | | static int * const syscall_process_vm_readv_x_indexes[] = { &hf_param_res_int64, &hf_param_pid_int64, &hf_param_data_bytes, NULL }; |
1846 | | #define syscall_process_vm_writev_e_indexes no_indexes |
1847 | | #define syscall_process_vm_writev_x_indexes syscall_process_vm_readv_x_indexes |
1848 | | #define syscall_delete_module_e_indexes no_indexes |
1849 | | static int * const syscall_delete_module_x_indexes[] = { &hf_param_res_int64, &hf_param_name_string, &hf_param_flags_int32, NULL }; |
1850 | | #define syscall_setreuid_e_indexes no_indexes |
1851 | | static int * const syscall_setreuid_x_indexes[] = { &hf_param_res_int64, &hf_param_ruid_int32, &hf_param_euid_int32, NULL }; |
1852 | | #define syscall_setregid_e_indexes no_indexes |
1853 | | static int * const syscall_setregid_x_indexes[] = { &hf_param_res_int64, &hf_param_rgid_int32, &hf_param_egid_int32, NULL }; |
1854 | | |
1855 | | static const struct _event_tree_info event_tree_info[] = { |
1856 | | /* Event tree. Automatically generated by tools/generate-sysdig-event.py */ |
1857 | | { EVT_GENERIC_E, generic_e_indexes }, |
1858 | | { EVT_GENERIC_X, generic_x_indexes }, |
1859 | | { EVT_SYSCALL_OPEN_E, syscall_open_e_indexes }, |
1860 | | { EVT_SYSCALL_OPEN_X, syscall_open_x_indexes }, |
1861 | | { EVT_SYSCALL_CLOSE_E, syscall_close_e_indexes }, |
1862 | | { EVT_SYSCALL_CLOSE_X, syscall_close_x_indexes }, |
1863 | | { EVT_SYSCALL_READ_E, syscall_read_e_indexes }, |
1864 | | { EVT_SYSCALL_READ_X, syscall_read_x_indexes }, |
1865 | | { EVT_SYSCALL_WRITE_E, syscall_write_e_indexes }, |
1866 | | { EVT_SYSCALL_WRITE_X, syscall_write_x_indexes }, |
1867 | | { EVT_SYSCALL_BRK_1_E, syscall_brk_1_e_indexes }, |
1868 | | { EVT_SYSCALL_BRK_1_X, syscall_brk_1_x_indexes }, |
1869 | | { EVT_SYSCALL_EXECVE_8_E, syscall_execve_8_e_indexes }, |
1870 | | { EVT_SYSCALL_EXECVE_8_X, syscall_execve_8_x_indexes }, |
1871 | | { EVT_SYSCALL_CLONE_11_E, syscall_clone_11_e_indexes }, |
1872 | | { EVT_SYSCALL_CLONE_11_X, syscall_clone_11_x_indexes }, |
1873 | | { EVT_PROCEXIT_E, procexit_e_indexes }, |
1874 | | { EVT_PROCEXIT_X, procexit_x_indexes }, |
1875 | | { EVT_SOCKET_SOCKET_E, socket_socket_e_indexes }, |
1876 | | { EVT_SOCKET_SOCKET_X, socket_socket_x_indexes }, |
1877 | | { EVT_SOCKET_BIND_E, socket_bind_e_indexes }, |
1878 | | { EVT_SOCKET_BIND_X, socket_bind_x_indexes }, |
1879 | | { EVT_SOCKET_CONNECT_E, socket_connect_e_indexes }, |
1880 | | { EVT_SOCKET_CONNECT_X, socket_connect_x_indexes }, |
1881 | | { EVT_SOCKET_LISTEN_E, socket_listen_e_indexes }, |
1882 | | { EVT_SOCKET_LISTEN_X, socket_listen_x_indexes }, |
1883 | | { EVT_SOCKET_ACCEPT_E, socket_accept_e_indexes }, |
1884 | | { EVT_SOCKET_ACCEPT_X, socket_accept_x_indexes }, |
1885 | | { EVT_SOCKET_SEND_E, socket_send_e_indexes }, |
1886 | | { EVT_SOCKET_SEND_X, socket_send_x_indexes }, |
1887 | | { EVT_SOCKET_SENDTO_E, socket_sendto_e_indexes }, |
1888 | | { EVT_SOCKET_SENDTO_X, socket_sendto_x_indexes }, |
1889 | | { EVT_SOCKET_RECV_E, socket_recv_e_indexes }, |
1890 | | { EVT_SOCKET_RECV_X, socket_recv_x_indexes }, |
1891 | | { EVT_SOCKET_RECVFROM_E, socket_recvfrom_e_indexes }, |
1892 | | { EVT_SOCKET_RECVFROM_X, socket_recvfrom_x_indexes }, |
1893 | | { EVT_SOCKET_SHUTDOWN_E, socket_shutdown_e_indexes }, |
1894 | | { EVT_SOCKET_SHUTDOWN_X, socket_shutdown_x_indexes }, |
1895 | | { EVT_SOCKET_GETSOCKNAME_E, socket_getsockname_e_indexes }, |
1896 | | { EVT_SOCKET_GETSOCKNAME_X, socket_getsockname_x_indexes }, |
1897 | | { EVT_SOCKET_GETPEERNAME_E, socket_getpeername_e_indexes }, |
1898 | | { EVT_SOCKET_GETPEERNAME_X, socket_getpeername_x_indexes }, |
1899 | | { EVT_SOCKET_SOCKETPAIR_E, socket_socketpair_e_indexes }, |
1900 | | { EVT_SOCKET_SOCKETPAIR_X, socket_socketpair_x_indexes }, |
1901 | | { EVT_SOCKET_SETSOCKOPT_E, socket_setsockopt_e_indexes }, |
1902 | | { EVT_SOCKET_SETSOCKOPT_X, socket_setsockopt_x_indexes }, |
1903 | | { EVT_SOCKET_GETSOCKOPT_E, socket_getsockopt_e_indexes }, |
1904 | | { EVT_SOCKET_GETSOCKOPT_X, socket_getsockopt_x_indexes }, |
1905 | | { EVT_SOCKET_SENDMSG_E, socket_sendmsg_e_indexes }, |
1906 | | { EVT_SOCKET_SENDMSG_X, socket_sendmsg_x_indexes }, |
1907 | | { EVT_SOCKET_SENDMMSG_E, socket_sendmmsg_e_indexes }, |
1908 | | { EVT_SOCKET_SENDMMSG_X, socket_sendmmsg_x_indexes }, |
1909 | | { EVT_SOCKET_RECVMSG_E, socket_recvmsg_e_indexes }, |
1910 | | { EVT_SOCKET_RECVMSG_X, socket_recvmsg_x_indexes }, |
1911 | | { EVT_SOCKET_RECVMMSG_E, socket_recvmmsg_e_indexes }, |
1912 | | { EVT_SOCKET_RECVMMSG_X, socket_recvmmsg_x_indexes }, |
1913 | | { EVT_SOCKET_ACCEPT4_E, socket_accept4_e_indexes }, |
1914 | | { EVT_SOCKET_ACCEPT4_X, socket_accept4_x_indexes }, |
1915 | | { EVT_SYSCALL_CREAT_E, syscall_creat_e_indexes }, |
1916 | | { EVT_SYSCALL_CREAT_X, syscall_creat_x_indexes }, |
1917 | | { EVT_SYSCALL_PIPE_E, syscall_pipe_e_indexes }, |
1918 | | { EVT_SYSCALL_PIPE_X, syscall_pipe_x_indexes }, |
1919 | | { EVT_SYSCALL_EVENTFD_E, syscall_eventfd_e_indexes }, |
1920 | | { EVT_SYSCALL_EVENTFD_X, syscall_eventfd_x_indexes }, |
1921 | | { EVT_SYSCALL_FUTEX_E, syscall_futex_e_indexes }, |
1922 | | { EVT_SYSCALL_FUTEX_X, syscall_futex_x_indexes }, |
1923 | | { EVT_SYSCALL_STAT_E, syscall_stat_e_indexes }, |
1924 | | { EVT_SYSCALL_STAT_X, syscall_stat_x_indexes }, |
1925 | | { EVT_SYSCALL_LSTAT_E, syscall_lstat_e_indexes }, |
1926 | | { EVT_SYSCALL_LSTAT_X, syscall_lstat_x_indexes }, |
1927 | | { EVT_SYSCALL_FSTAT_E, syscall_fstat_e_indexes }, |
1928 | | { EVT_SYSCALL_FSTAT_X, syscall_fstat_x_indexes }, |
1929 | | { EVT_SYSCALL_STAT64_E, syscall_stat64_e_indexes }, |
1930 | | { EVT_SYSCALL_STAT64_X, syscall_stat64_x_indexes }, |
1931 | | { EVT_SYSCALL_LSTAT64_E, syscall_lstat64_e_indexes }, |
1932 | | { EVT_SYSCALL_LSTAT64_X, syscall_lstat64_x_indexes }, |
1933 | | { EVT_SYSCALL_FSTAT64_E, syscall_fstat64_e_indexes }, |
1934 | | { EVT_SYSCALL_FSTAT64_X, syscall_fstat64_x_indexes }, |
1935 | | { EVT_SYSCALL_EPOLLWAIT_E, syscall_epollwait_e_indexes }, |
1936 | | { EVT_SYSCALL_EPOLLWAIT_X, syscall_epollwait_x_indexes }, |
1937 | | { EVT_SYSCALL_POLL_E, syscall_poll_e_indexes }, |
1938 | | { EVT_SYSCALL_POLL_X, syscall_poll_x_indexes }, |
1939 | | { EVT_SYSCALL_SELECT_E, syscall_select_e_indexes }, |
1940 | | { EVT_SYSCALL_SELECT_X, syscall_select_x_indexes }, |
1941 | | { EVT_SYSCALL_NEWSELECT_E, syscall_newselect_e_indexes }, |
1942 | | { EVT_SYSCALL_NEWSELECT_X, syscall_newselect_x_indexes }, |
1943 | | { EVT_SYSCALL_LSEEK_E, syscall_lseek_e_indexes }, |
1944 | | { EVT_SYSCALL_LSEEK_X, syscall_lseek_x_indexes }, |
1945 | | { EVT_SYSCALL_LLSEEK_E, syscall_llseek_e_indexes }, |
1946 | | { EVT_SYSCALL_LLSEEK_X, syscall_llseek_x_indexes }, |
1947 | | { EVT_SYSCALL_IOCTL_2_E, syscall_ioctl_2_e_indexes }, |
1948 | | { EVT_SYSCALL_IOCTL_2_X, syscall_ioctl_2_x_indexes }, |
1949 | | { EVT_SYSCALL_GETCWD_E, syscall_getcwd_e_indexes }, |
1950 | | { EVT_SYSCALL_GETCWD_X, syscall_getcwd_x_indexes }, |
1951 | | { EVT_SYSCALL_CHDIR_E, syscall_chdir_e_indexes }, |
1952 | | { EVT_SYSCALL_CHDIR_X, syscall_chdir_x_indexes }, |
1953 | | { EVT_SYSCALL_FCHDIR_E, syscall_fchdir_e_indexes }, |
1954 | | { EVT_SYSCALL_FCHDIR_X, syscall_fchdir_x_indexes }, |
1955 | | { EVT_SYSCALL_MKDIR_E, syscall_mkdir_e_indexes }, |
1956 | | { EVT_SYSCALL_MKDIR_X, syscall_mkdir_x_indexes }, |
1957 | | { EVT_SYSCALL_RMDIR_E, syscall_rmdir_e_indexes }, |
1958 | | { EVT_SYSCALL_RMDIR_X, syscall_rmdir_x_indexes }, |
1959 | | { EVT_SYSCALL_OPENAT_E, syscall_openat_e_indexes }, |
1960 | | { EVT_SYSCALL_OPENAT_X, syscall_openat_x_indexes }, |
1961 | | { EVT_SYSCALL_LINK_E, syscall_link_e_indexes }, |
1962 | | { EVT_SYSCALL_LINK_X, syscall_link_x_indexes }, |
1963 | | { EVT_SYSCALL_LINKAT_E, syscall_linkat_e_indexes }, |
1964 | | { EVT_SYSCALL_LINKAT_X, syscall_linkat_x_indexes }, |
1965 | | { EVT_SYSCALL_UNLINK_E, syscall_unlink_e_indexes }, |
1966 | | { EVT_SYSCALL_UNLINK_X, syscall_unlink_x_indexes }, |
1967 | | { EVT_SYSCALL_UNLINKAT_E, syscall_unlinkat_e_indexes }, |
1968 | | { EVT_SYSCALL_UNLINKAT_X, syscall_unlinkat_x_indexes }, |
1969 | | { EVT_SYSCALL_PREAD_E, syscall_pread_e_indexes }, |
1970 | | { EVT_SYSCALL_PREAD_X, syscall_pread_x_indexes }, |
1971 | | { EVT_SYSCALL_PWRITE_E, syscall_pwrite_e_indexes }, |
1972 | | { EVT_SYSCALL_PWRITE_X, syscall_pwrite_x_indexes }, |
1973 | | { EVT_SYSCALL_READV_E, syscall_readv_e_indexes }, |
1974 | | { EVT_SYSCALL_READV_X, syscall_readv_x_indexes }, |
1975 | | { EVT_SYSCALL_WRITEV_E, syscall_writev_e_indexes }, |
1976 | | { EVT_SYSCALL_WRITEV_X, syscall_writev_x_indexes }, |
1977 | | { EVT_SYSCALL_PREADV_E, syscall_preadv_e_indexes }, |
1978 | | { EVT_SYSCALL_PREADV_X, syscall_preadv_x_indexes }, |
1979 | | { EVT_SYSCALL_PWRITEV_E, syscall_pwritev_e_indexes }, |
1980 | | { EVT_SYSCALL_PWRITEV_X, syscall_pwritev_x_indexes }, |
1981 | | { EVT_SYSCALL_DUP_E, syscall_dup_e_indexes }, |
1982 | | { EVT_SYSCALL_DUP_X, syscall_dup_x_indexes }, |
1983 | | { EVT_SYSCALL_SIGNALFD_E, syscall_signalfd_e_indexes }, |
1984 | | { EVT_SYSCALL_SIGNALFD_X, syscall_signalfd_x_indexes }, |
1985 | | { EVT_SYSCALL_KILL_E, syscall_kill_e_indexes }, |
1986 | | { EVT_SYSCALL_KILL_X, syscall_kill_x_indexes }, |
1987 | | { EVT_SYSCALL_TKILL_E, syscall_tkill_e_indexes }, |
1988 | | { EVT_SYSCALL_TKILL_X, syscall_tkill_x_indexes }, |
1989 | | { EVT_SYSCALL_TGKILL_E, syscall_tgkill_e_indexes }, |
1990 | | { EVT_SYSCALL_TGKILL_X, syscall_tgkill_x_indexes }, |
1991 | | { EVT_SYSCALL_NANOSLEEP_E, syscall_nanosleep_e_indexes }, |
1992 | | { EVT_SYSCALL_NANOSLEEP_X, syscall_nanosleep_x_indexes }, |
1993 | | { EVT_SYSCALL_TIMERFD_CREATE_E, syscall_timerfd_create_e_indexes }, |
1994 | | { EVT_SYSCALL_TIMERFD_CREATE_X, syscall_timerfd_create_x_indexes }, |
1995 | | { EVT_SYSCALL_INOTIFY_INIT_E, syscall_inotify_init_e_indexes }, |
1996 | | { EVT_SYSCALL_INOTIFY_INIT_X, syscall_inotify_init_x_indexes }, |
1997 | | { EVT_SYSCALL_GETRLIMIT_E, syscall_getrlimit_e_indexes }, |
1998 | | { EVT_SYSCALL_GETRLIMIT_X, syscall_getrlimit_x_indexes }, |
1999 | | { EVT_SYSCALL_SETRLIMIT_E, syscall_setrlimit_e_indexes }, |
2000 | | { EVT_SYSCALL_SETRLIMIT_X, syscall_setrlimit_x_indexes }, |
2001 | | { EVT_SYSCALL_PRLIMIT_E, syscall_prlimit_e_indexes }, |
2002 | | { EVT_SYSCALL_PRLIMIT_X, syscall_prlimit_x_indexes }, |
2003 | | { EVT_SCHEDSWITCH_1_E, schedswitch_1_e_indexes }, |
2004 | | { EVT_SCHEDSWITCH_1_X, schedswitch_1_x_indexes }, |
2005 | | { EVT_DROP_E, drop_e_indexes }, |
2006 | | { EVT_DROP_X, drop_x_indexes }, |
2007 | | { EVT_SYSCALL_FCNTL_E, syscall_fcntl_e_indexes }, |
2008 | | { EVT_SYSCALL_FCNTL_X, syscall_fcntl_x_indexes }, |
2009 | | { EVT_SCHEDSWITCH_6_E, schedswitch_6_e_indexes }, |
2010 | | { EVT_SCHEDSWITCH_6_X, schedswitch_6_x_indexes }, |
2011 | | { EVT_SYSCALL_EXECVE_13_E, syscall_execve_13_e_indexes }, |
2012 | | { EVT_SYSCALL_EXECVE_13_X, syscall_execve_13_x_indexes }, |
2013 | | { EVT_SYSCALL_CLONE_16_E, syscall_clone_16_e_indexes }, |
2014 | | { EVT_SYSCALL_CLONE_16_X, syscall_clone_16_x_indexes }, |
2015 | | { EVT_SYSCALL_BRK_4_E, syscall_brk_4_e_indexes }, |
2016 | | { EVT_SYSCALL_BRK_4_X, syscall_brk_4_x_indexes }, |
2017 | | { EVT_SYSCALL_MMAP_E, syscall_mmap_e_indexes }, |
2018 | | { EVT_SYSCALL_MMAP_X, syscall_mmap_x_indexes }, |
2019 | | { EVT_SYSCALL_MMAP2_E, syscall_mmap2_e_indexes }, |
2020 | | { EVT_SYSCALL_MMAP2_X, syscall_mmap2_x_indexes }, |
2021 | | { EVT_SYSCALL_MUNMAP_E, syscall_munmap_e_indexes }, |
2022 | | { EVT_SYSCALL_MUNMAP_X, syscall_munmap_x_indexes }, |
2023 | | { EVT_SYSCALL_SPLICE_E, syscall_splice_e_indexes }, |
2024 | | { EVT_SYSCALL_SPLICE_X, syscall_splice_x_indexes }, |
2025 | | { EVT_SYSCALL_PTRACE_E, syscall_ptrace_e_indexes }, |
2026 | | { EVT_SYSCALL_PTRACE_X, syscall_ptrace_x_indexes }, |
2027 | | { EVT_SYSCALL_IOCTL_3_E, syscall_ioctl_3_e_indexes }, |
2028 | | { EVT_SYSCALL_IOCTL_3_X, syscall_ioctl_3_x_indexes }, |
2029 | | { EVT_SYSCALL_EXECVE_14_E, syscall_execve_14_e_indexes }, |
2030 | | { EVT_SYSCALL_EXECVE_14_X, syscall_execve_14_x_indexes }, |
2031 | | { EVT_SYSCALL_RENAME_E, syscall_rename_e_indexes }, |
2032 | | { EVT_SYSCALL_RENAME_X, syscall_rename_x_indexes }, |
2033 | | { EVT_SYSCALL_RENAMEAT_E, syscall_renameat_e_indexes }, |
2034 | | { EVT_SYSCALL_RENAMEAT_X, syscall_renameat_x_indexes }, |
2035 | | { EVT_SYSCALL_SYMLINK_E, syscall_symlink_e_indexes }, |
2036 | | { EVT_SYSCALL_SYMLINK_X, syscall_symlink_x_indexes }, |
2037 | | { EVT_SYSCALL_SYMLINKAT_E, syscall_symlinkat_e_indexes }, |
2038 | | { EVT_SYSCALL_SYMLINKAT_X, syscall_symlinkat_x_indexes }, |
2039 | | { EVT_SYSCALL_FORK_E, syscall_fork_e_indexes }, |
2040 | | { EVT_SYSCALL_FORK_X, syscall_fork_x_indexes }, |
2041 | | { EVT_SYSCALL_VFORK_E, syscall_vfork_e_indexes }, |
2042 | | { EVT_SYSCALL_VFORK_X, syscall_vfork_x_indexes }, |
2043 | | { EVT_PROCEXIT_1_E, procexit_1_e_indexes }, |
2044 | | { EVT_PROCEXIT_1_X, procexit_1_x_indexes }, |
2045 | | { EVT_SYSCALL_SENDFILE_E, syscall_sendfile_e_indexes }, |
2046 | | { EVT_SYSCALL_SENDFILE_X, syscall_sendfile_x_indexes }, |
2047 | | { EVT_SYSCALL_QUOTACTL_E, syscall_quotactl_e_indexes }, |
2048 | | { EVT_SYSCALL_QUOTACTL_X, syscall_quotactl_x_indexes }, |
2049 | | { EVT_SYSCALL_SETRESUID_E, syscall_setresuid_e_indexes }, |
2050 | | { EVT_SYSCALL_SETRESUID_X, syscall_setresuid_x_indexes }, |
2051 | | { EVT_SYSCALL_SETRESGID_E, syscall_setresgid_e_indexes }, |
2052 | | { EVT_SYSCALL_SETRESGID_X, syscall_setresgid_x_indexes }, |
2053 | | { EVT_SCAPEVENT_E, scapevent_e_indexes }, |
2054 | | { EVT_SCAPEVENT_X, scapevent_x_indexes }, |
2055 | | { EVT_SYSCALL_SETUID_E, syscall_setuid_e_indexes }, |
2056 | | { EVT_SYSCALL_SETUID_X, syscall_setuid_x_indexes }, |
2057 | | { EVT_SYSCALL_SETGID_E, syscall_setgid_e_indexes }, |
2058 | | { EVT_SYSCALL_SETGID_X, syscall_setgid_x_indexes }, |
2059 | | { EVT_SYSCALL_GETUID_E, syscall_getuid_e_indexes }, |
2060 | | { EVT_SYSCALL_GETUID_X, syscall_getuid_x_indexes }, |
2061 | | { EVT_SYSCALL_GETEUID_E, syscall_geteuid_e_indexes }, |
2062 | | { EVT_SYSCALL_GETEUID_X, syscall_geteuid_x_indexes }, |
2063 | | { EVT_SYSCALL_GETGID_E, syscall_getgid_e_indexes }, |
2064 | | { EVT_SYSCALL_GETGID_X, syscall_getgid_x_indexes }, |
2065 | | { EVT_SYSCALL_GETEGID_E, syscall_getegid_e_indexes }, |
2066 | | { EVT_SYSCALL_GETEGID_X, syscall_getegid_x_indexes }, |
2067 | | { EVT_SYSCALL_GETRESUID_E, syscall_getresuid_e_indexes }, |
2068 | | { EVT_SYSCALL_GETRESUID_X, syscall_getresuid_x_indexes }, |
2069 | | { EVT_SYSCALL_GETRESGID_E, syscall_getresgid_e_indexes }, |
2070 | | { EVT_SYSCALL_GETRESGID_X, syscall_getresgid_x_indexes }, |
2071 | | { EVT_SYSCALL_EXECVE_15_E, syscall_execve_15_e_indexes }, |
2072 | | { EVT_SYSCALL_EXECVE_15_X, syscall_execve_15_x_indexes }, |
2073 | | { EVT_SYSCALL_CLONE_17_E, syscall_clone_17_e_indexes }, |
2074 | | { EVT_SYSCALL_CLONE_17_X, syscall_clone_17_x_indexes }, |
2075 | | { EVT_SYSCALL_FORK_17_E, syscall_fork_17_e_indexes }, |
2076 | | { EVT_SYSCALL_FORK_17_X, syscall_fork_17_x_indexes }, |
2077 | | { EVT_SYSCALL_VFORK_17_E, syscall_vfork_17_e_indexes }, |
2078 | | { EVT_SYSCALL_VFORK_17_X, syscall_vfork_17_x_indexes }, |
2079 | | { EVT_SYSCALL_CLONE_20_E, syscall_clone_20_e_indexes }, |
2080 | | { EVT_SYSCALL_CLONE_20_X, syscall_clone_20_x_indexes }, |
2081 | | { EVT_SYSCALL_FORK_20_E, syscall_fork_20_e_indexes }, |
2082 | | { EVT_SYSCALL_FORK_20_X, syscall_fork_20_x_indexes }, |
2083 | | { EVT_SYSCALL_VFORK_20_E, syscall_vfork_20_e_indexes }, |
2084 | | { EVT_SYSCALL_VFORK_20_X, syscall_vfork_20_x_indexes }, |
2085 | | { EVT_CONTAINER_E, container_e_indexes }, |
2086 | | { EVT_CONTAINER_X, container_x_indexes }, |
2087 | | { EVT_SYSCALL_EXECVE_16_E, syscall_execve_16_e_indexes }, |
2088 | | { EVT_SYSCALL_EXECVE_16_X, syscall_execve_16_x_indexes }, |
2089 | | { EVT_SIGNALDELIVER_E, signaldeliver_e_indexes }, |
2090 | | { EVT_SIGNALDELIVER_X, signaldeliver_x_indexes }, |
2091 | | { EVT_PROCINFO_E, procinfo_e_indexes }, |
2092 | | { EVT_PROCINFO_X, procinfo_x_indexes }, |
2093 | | { EVT_SYSCALL_GETDENTS_E, syscall_getdents_e_indexes }, |
2094 | | { EVT_SYSCALL_GETDENTS_X, syscall_getdents_x_indexes }, |
2095 | | { EVT_SYSCALL_GETDENTS64_E, syscall_getdents64_e_indexes }, |
2096 | | { EVT_SYSCALL_GETDENTS64_X, syscall_getdents64_x_indexes }, |
2097 | | { EVT_SYSCALL_SETNS_E, syscall_setns_e_indexes }, |
2098 | | { EVT_SYSCALL_SETNS_X, syscall_setns_x_indexes }, |
2099 | | { EVT_SYSCALL_FLOCK_E, syscall_flock_e_indexes }, |
2100 | | { EVT_SYSCALL_FLOCK_X, syscall_flock_x_indexes }, |
2101 | | { EVT_CPU_HOTPLUG_E, cpu_hotplug_e_indexes }, |
2102 | | { EVT_CPU_HOTPLUG_X, cpu_hotplug_x_indexes }, |
2103 | | { EVT_SOCKET_ACCEPT_5_E, socket_accept_5_e_indexes }, |
2104 | | { EVT_SOCKET_ACCEPT_5_X, socket_accept_5_x_indexes }, |
2105 | | { EVT_SOCKET_ACCEPT4_5_E, socket_accept4_5_e_indexes }, |
2106 | | { EVT_SOCKET_ACCEPT4_5_X, socket_accept4_5_x_indexes }, |
2107 | | { EVT_SYSCALL_SEMOP_E, syscall_semop_e_indexes }, |
2108 | | { EVT_SYSCALL_SEMOP_X, syscall_semop_x_indexes }, |
2109 | | { EVT_SYSCALL_SEMCTL_E, syscall_semctl_e_indexes }, |
2110 | | { EVT_SYSCALL_SEMCTL_X, syscall_semctl_x_indexes }, |
2111 | | { EVT_SYSCALL_PPOLL_E, syscall_ppoll_e_indexes }, |
2112 | | { EVT_SYSCALL_PPOLL_X, syscall_ppoll_x_indexes }, |
2113 | | { EVT_SYSCALL_MOUNT_E, syscall_mount_e_indexes }, |
2114 | | { EVT_SYSCALL_MOUNT_X, syscall_mount_x_indexes }, |
2115 | | { EVT_SYSCALL_UMOUNT_E, syscall_umount_e_indexes }, |
2116 | | { EVT_SYSCALL_UMOUNT_X, syscall_umount_x_indexes }, |
2117 | | { EVT_K8S_E, k8s_e_indexes }, |
2118 | | { EVT_K8S_X, k8s_x_indexes }, |
2119 | | { EVT_SYSCALL_SEMGET_E, syscall_semget_e_indexes }, |
2120 | | { EVT_SYSCALL_SEMGET_X, syscall_semget_x_indexes }, |
2121 | | { EVT_SYSCALL_ACCESS_E, syscall_access_e_indexes }, |
2122 | | { EVT_SYSCALL_ACCESS_X, syscall_access_x_indexes }, |
2123 | | { EVT_SYSCALL_CHROOT_E, syscall_chroot_e_indexes }, |
2124 | | { EVT_SYSCALL_CHROOT_X, syscall_chroot_x_indexes }, |
2125 | | { EVT_TRACER_E, tracer_e_indexes }, |
2126 | | { EVT_TRACER_X, tracer_x_indexes }, |
2127 | | { EVT_MESOS_E, mesos_e_indexes }, |
2128 | | { EVT_MESOS_X, mesos_x_indexes }, |
2129 | | { EVT_CONTAINER_JSON_E, container_json_e_indexes }, |
2130 | | { EVT_CONTAINER_JSON_X, container_json_x_indexes }, |
2131 | | { EVT_SYSCALL_SETSID_E, syscall_setsid_e_indexes }, |
2132 | | { EVT_SYSCALL_SETSID_X, syscall_setsid_x_indexes }, |
2133 | | { EVT_SYSCALL_MKDIR_2_E, syscall_mkdir_2_e_indexes }, |
2134 | | { EVT_SYSCALL_MKDIR_2_X, syscall_mkdir_2_x_indexes }, |
2135 | | { EVT_SYSCALL_RMDIR_2_E, syscall_rmdir_2_e_indexes }, |
2136 | | { EVT_SYSCALL_RMDIR_2_X, syscall_rmdir_2_x_indexes }, |
2137 | | { EVT_NOTIFICATION_E, notification_e_indexes }, |
2138 | | { EVT_NOTIFICATION_X, notification_x_indexes }, |
2139 | | { EVT_SYSCALL_EXECVE_17_E, syscall_execve_17_e_indexes }, |
2140 | | { EVT_SYSCALL_EXECVE_17_X, syscall_execve_17_x_indexes }, |
2141 | | { EVT_SYSCALL_UNSHARE_E, syscall_unshare_e_indexes }, |
2142 | | { EVT_SYSCALL_UNSHARE_X, syscall_unshare_x_indexes }, |
2143 | | { EVT_INFRASTRUCTURE_EVENT_E, infrastructure_event_e_indexes }, |
2144 | | { EVT_INFRASTRUCTURE_EVENT_X, infrastructure_event_x_indexes }, |
2145 | | { EVT_SYSCALL_EXECVE_18_E, syscall_execve_18_e_indexes }, |
2146 | | { EVT_SYSCALL_EXECVE_18_X, syscall_execve_18_x_indexes }, |
2147 | | { EVT_PAGE_FAULT_E, page_fault_e_indexes }, |
2148 | | { EVT_PAGE_FAULT_X, page_fault_x_indexes }, |
2149 | | { EVT_SYSCALL_EXECVE_19_E, syscall_execve_19_e_indexes }, |
2150 | | { EVT_SYSCALL_EXECVE_19_X, syscall_execve_19_x_indexes }, |
2151 | | { EVT_SYSCALL_SETPGID_E, syscall_setpgid_e_indexes }, |
2152 | | { EVT_SYSCALL_SETPGID_X, syscall_setpgid_x_indexes }, |
2153 | | { EVT_SYSCALL_BPF_E, syscall_bpf_e_indexes }, |
2154 | | { EVT_SYSCALL_BPF_X, syscall_bpf_x_indexes }, |
2155 | | { EVT_SYSCALL_SECCOMP_E, syscall_seccomp_e_indexes }, |
2156 | | { EVT_SYSCALL_SECCOMP_X, syscall_seccomp_x_indexes }, |
2157 | | { EVT_SYSCALL_UNLINK_2_E, syscall_unlink_2_e_indexes }, |
2158 | | { EVT_SYSCALL_UNLINK_2_X, syscall_unlink_2_x_indexes }, |
2159 | | { EVT_SYSCALL_UNLINKAT_2_E, syscall_unlinkat_2_e_indexes }, |
2160 | | { EVT_SYSCALL_UNLINKAT_2_X, syscall_unlinkat_2_x_indexes }, |
2161 | | { EVT_SYSCALL_MKDIRAT_E, syscall_mkdirat_e_indexes }, |
2162 | | { EVT_SYSCALL_MKDIRAT_X, syscall_mkdirat_x_indexes }, |
2163 | | { EVT_SYSCALL_OPENAT_2_E, syscall_openat_2_e_indexes }, |
2164 | | { EVT_SYSCALL_OPENAT_2_X, syscall_openat_2_x_indexes }, |
2165 | | { EVT_SYSCALL_LINK_2_E, syscall_link_2_e_indexes }, |
2166 | | { EVT_SYSCALL_LINK_2_X, syscall_link_2_x_indexes }, |
2167 | | { EVT_SYSCALL_LINKAT_2_E, syscall_linkat_2_e_indexes }, |
2168 | | { EVT_SYSCALL_LINKAT_2_X, syscall_linkat_2_x_indexes }, |
2169 | | { EVT_SYSCALL_FCHMODAT_E, syscall_fchmodat_e_indexes }, |
2170 | | { EVT_SYSCALL_FCHMODAT_X, syscall_fchmodat_x_indexes }, |
2171 | | { EVT_SYSCALL_CHMOD_E, syscall_chmod_e_indexes }, |
2172 | | { EVT_SYSCALL_CHMOD_X, syscall_chmod_x_indexes }, |
2173 | | { EVT_SYSCALL_FCHMOD_E, syscall_fchmod_e_indexes }, |
2174 | | { EVT_SYSCALL_FCHMOD_X, syscall_fchmod_x_indexes }, |
2175 | | { EVT_SYSCALL_RENAMEAT2_E, syscall_renameat2_e_indexes }, |
2176 | | { EVT_SYSCALL_RENAMEAT2_X, syscall_renameat2_x_indexes }, |
2177 | | { EVT_SYSCALL_USERFAULTFD_E, syscall_userfaultfd_e_indexes }, |
2178 | | { EVT_SYSCALL_USERFAULTFD_X, syscall_userfaultfd_x_indexes }, |
2179 | | { EVT_PLUGINEVENT_E, pluginevent_e_indexes }, |
2180 | | { EVT_PLUGINEVENT_X, pluginevent_x_indexes }, |
2181 | | { EVT_CONTAINER_JSON_2_E, container_json_2_e_indexes }, |
2182 | | { EVT_CONTAINER_JSON_2_X, container_json_2_x_indexes }, |
2183 | | { EVT_SYSCALL_OPENAT2_E, syscall_openat2_e_indexes }, |
2184 | | { EVT_SYSCALL_OPENAT2_X, syscall_openat2_x_indexes }, |
2185 | | { EVT_SYSCALL_MPROTECT_E, syscall_mprotect_e_indexes }, |
2186 | | { EVT_SYSCALL_MPROTECT_X, syscall_mprotect_x_indexes }, |
2187 | | { EVT_SYSCALL_EXECVEAT_E, syscall_execveat_e_indexes }, |
2188 | | { EVT_SYSCALL_EXECVEAT_X, syscall_execveat_x_indexes }, |
2189 | | { EVT_SYSCALL_COPY_FILE_RANGE_E, syscall_copy_file_range_e_indexes }, |
2190 | | { EVT_SYSCALL_COPY_FILE_RANGE_X, syscall_copy_file_range_x_indexes }, |
2191 | | { EVT_SYSCALL_CLONE3_E, syscall_clone3_e_indexes }, |
2192 | | { EVT_SYSCALL_CLONE3_X, syscall_clone3_x_indexes }, |
2193 | | { EVT_SYSCALL_OPEN_BY_HANDLE_AT_E, syscall_open_by_handle_at_e_indexes }, |
2194 | | { EVT_SYSCALL_OPEN_BY_HANDLE_AT_X, syscall_open_by_handle_at_x_indexes }, |
2195 | | { EVT_SYSCALL_IO_URING_SETUP_E, syscall_io_uring_setup_e_indexes }, |
2196 | | { EVT_SYSCALL_IO_URING_SETUP_X, syscall_io_uring_setup_x_indexes }, |
2197 | | { EVT_SYSCALL_IO_URING_ENTER_E, syscall_io_uring_enter_e_indexes }, |
2198 | | { EVT_SYSCALL_IO_URING_ENTER_X, syscall_io_uring_enter_x_indexes }, |
2199 | | { EVT_SYSCALL_IO_URING_REGISTER_E, syscall_io_uring_register_e_indexes }, |
2200 | | { EVT_SYSCALL_IO_URING_REGISTER_X, syscall_io_uring_register_x_indexes }, |
2201 | | { EVT_SYSCALL_MLOCK_E, syscall_mlock_e_indexes }, |
2202 | | { EVT_SYSCALL_MLOCK_X, syscall_mlock_x_indexes }, |
2203 | | { EVT_SYSCALL_MUNLOCK_E, syscall_munlock_e_indexes }, |
2204 | | { EVT_SYSCALL_MUNLOCK_X, syscall_munlock_x_indexes }, |
2205 | | { EVT_SYSCALL_MLOCKALL_E, syscall_mlockall_e_indexes }, |
2206 | | { EVT_SYSCALL_MLOCKALL_X, syscall_mlockall_x_indexes }, |
2207 | | { EVT_SYSCALL_MUNLOCKALL_E, syscall_munlockall_e_indexes }, |
2208 | | { EVT_SYSCALL_MUNLOCKALL_X, syscall_munlockall_x_indexes }, |
2209 | | { EVT_SYSCALL_CAPSET_E, syscall_capset_e_indexes }, |
2210 | | { EVT_SYSCALL_CAPSET_X, syscall_capset_x_indexes }, |
2211 | | { EVT_USER_ADDED_E, user_added_e_indexes }, |
2212 | | { EVT_USER_ADDED_X, user_added_x_indexes }, |
2213 | | { EVT_USER_DELETED_E, user_deleted_e_indexes }, |
2214 | | { EVT_USER_DELETED_X, user_deleted_x_indexes }, |
2215 | | { EVT_GROUP_ADDED_E, group_added_e_indexes }, |
2216 | | { EVT_GROUP_ADDED_X, group_added_x_indexes }, |
2217 | | { EVT_GROUP_DELETED_E, group_deleted_e_indexes }, |
2218 | | { EVT_GROUP_DELETED_X, group_deleted_x_indexes }, |
2219 | | { EVT_SYSCALL_DUP2_E, syscall_dup2_e_indexes }, |
2220 | | { EVT_SYSCALL_DUP2_X, syscall_dup2_x_indexes }, |
2221 | | { EVT_SYSCALL_DUP3_E, syscall_dup3_e_indexes }, |
2222 | | { EVT_SYSCALL_DUP3_X, syscall_dup3_x_indexes }, |
2223 | | { EVT_SYSCALL_DUP_1_E, syscall_dup_1_e_indexes }, |
2224 | | { EVT_SYSCALL_DUP_1_X, syscall_dup_1_x_indexes }, |
2225 | | { EVT_SYSCALL_BPF_2_E, syscall_bpf_2_e_indexes }, |
2226 | | { EVT_SYSCALL_BPF_2_X, syscall_bpf_2_x_indexes }, |
2227 | | { EVT_SYSCALL_MLOCK2_E, syscall_mlock2_e_indexes }, |
2228 | | { EVT_SYSCALL_MLOCK2_X, syscall_mlock2_x_indexes }, |
2229 | | { EVT_SYSCALL_FSCONFIG_E, syscall_fsconfig_e_indexes }, |
2230 | | { EVT_SYSCALL_FSCONFIG_X, syscall_fsconfig_x_indexes }, |
2231 | | { EVT_SYSCALL_EPOLL_CREATE_E, syscall_epoll_create_e_indexes }, |
2232 | | { EVT_SYSCALL_EPOLL_CREATE_X, syscall_epoll_create_x_indexes }, |
2233 | | { EVT_SYSCALL_EPOLL_CREATE1_E, syscall_epoll_create1_e_indexes }, |
2234 | | { EVT_SYSCALL_EPOLL_CREATE1_X, syscall_epoll_create1_x_indexes }, |
2235 | | { EVT_SYSCALL_CHOWN_E, syscall_chown_e_indexes }, |
2236 | | { EVT_SYSCALL_CHOWN_X, syscall_chown_x_indexes }, |
2237 | | { EVT_SYSCALL_LCHOWN_E, syscall_lchown_e_indexes }, |
2238 | | { EVT_SYSCALL_LCHOWN_X, syscall_lchown_x_indexes }, |
2239 | | { EVT_SYSCALL_FCHOWN_E, syscall_fchown_e_indexes }, |
2240 | | { EVT_SYSCALL_FCHOWN_X, syscall_fchown_x_indexes }, |
2241 | | { EVT_SYSCALL_FCHOWNAT_E, syscall_fchownat_e_indexes }, |
2242 | | { EVT_SYSCALL_FCHOWNAT_X, syscall_fchownat_x_indexes }, |
2243 | | { EVT_SYSCALL_UMOUNT_1_E, syscall_umount_1_e_indexes }, |
2244 | | { EVT_SYSCALL_UMOUNT_1_X, syscall_umount_1_x_indexes }, |
2245 | | { EVT_SOCKET_ACCEPT4_6_E, socket_accept4_6_e_indexes }, |
2246 | | { EVT_SOCKET_ACCEPT4_6_X, socket_accept4_6_x_indexes }, |
2247 | | { EVT_SYSCALL_UMOUNT2_E, syscall_umount2_e_indexes }, |
2248 | | { EVT_SYSCALL_UMOUNT2_X, syscall_umount2_x_indexes }, |
2249 | | { EVT_SYSCALL_PIPE2_E, syscall_pipe2_e_indexes }, |
2250 | | { EVT_SYSCALL_PIPE2_X, syscall_pipe2_x_indexes }, |
2251 | | { EVT_SYSCALL_INOTIFY_INIT1_E, syscall_inotify_init1_e_indexes }, |
2252 | | { EVT_SYSCALL_INOTIFY_INIT1_X, syscall_inotify_init1_x_indexes }, |
2253 | | { EVT_SYSCALL_EVENTFD2_E, syscall_eventfd2_e_indexes }, |
2254 | | { EVT_SYSCALL_EVENTFD2_X, syscall_eventfd2_x_indexes }, |
2255 | | { EVT_SYSCALL_SIGNALFD4_E, syscall_signalfd4_e_indexes }, |
2256 | | { EVT_SYSCALL_SIGNALFD4_X, syscall_signalfd4_x_indexes }, |
2257 | | { EVT_SYSCALL_PRCTL_E, syscall_prctl_e_indexes }, |
2258 | | { EVT_SYSCALL_PRCTL_X, syscall_prctl_x_indexes }, |
2259 | | { EVT_ASYNCEVENT_E, asyncevent_e_indexes }, |
2260 | | { EVT_ASYNCEVENT_X, asyncevent_x_indexes }, |
2261 | | { EVT_SYSCALL_MEMFD_CREATE_E, syscall_memfd_create_e_indexes }, |
2262 | | { EVT_SYSCALL_MEMFD_CREATE_X, syscall_memfd_create_x_indexes }, |
2263 | | { EVT_SYSCALL_PIDFD_GETFD_E, syscall_pidfd_getfd_e_indexes }, |
2264 | | { EVT_SYSCALL_PIDFD_GETFD_X, syscall_pidfd_getfd_x_indexes }, |
2265 | | { EVT_SYSCALL_PIDFD_OPEN_E, syscall_pidfd_open_e_indexes }, |
2266 | | { EVT_SYSCALL_PIDFD_OPEN_X, syscall_pidfd_open_x_indexes }, |
2267 | | { EVT_SYSCALL_INIT_MODULE_E, syscall_init_module_e_indexes }, |
2268 | | { EVT_SYSCALL_INIT_MODULE_X, syscall_init_module_x_indexes }, |
2269 | | { EVT_SYSCALL_FINIT_MODULE_E, syscall_finit_module_e_indexes }, |
2270 | | { EVT_SYSCALL_FINIT_MODULE_X, syscall_finit_module_x_indexes }, |
2271 | | { EVT_SYSCALL_MKNOD_E, syscall_mknod_e_indexes }, |
2272 | | { EVT_SYSCALL_MKNOD_X, syscall_mknod_x_indexes }, |
2273 | | { EVT_SYSCALL_MKNODAT_E, syscall_mknodat_e_indexes }, |
2274 | | { EVT_SYSCALL_MKNODAT_X, syscall_mknodat_x_indexes }, |
2275 | | { EVT_SYSCALL_NEWFSTATAT_E, syscall_newfstatat_e_indexes }, |
2276 | | { EVT_SYSCALL_NEWFSTATAT_X, syscall_newfstatat_x_indexes }, |
2277 | | { EVT_SYSCALL_PROCESS_VM_READV_E, syscall_process_vm_readv_e_indexes }, |
2278 | | { EVT_SYSCALL_PROCESS_VM_READV_X, syscall_process_vm_readv_x_indexes }, |
2279 | | { EVT_SYSCALL_PROCESS_VM_WRITEV_E, syscall_process_vm_writev_e_indexes }, |
2280 | | { EVT_SYSCALL_PROCESS_VM_WRITEV_X, syscall_process_vm_writev_x_indexes }, |
2281 | | { EVT_SYSCALL_DELETE_MODULE_E, syscall_delete_module_e_indexes }, |
2282 | | { EVT_SYSCALL_DELETE_MODULE_X, syscall_delete_module_x_indexes }, |
2283 | | { EVT_SYSCALL_SETREUID_E, syscall_setreuid_e_indexes }, |
2284 | | { EVT_SYSCALL_SETREUID_X, syscall_setreuid_x_indexes }, |
2285 | | { EVT_SYSCALL_SETREGID_E, syscall_setregid_e_indexes }, |
2286 | | { EVT_SYSCALL_SETREGID_X, syscall_setregid_x_indexes }, |
2287 | | |
2288 | | { 0, NULL } |
2289 | | }; |
2290 | | |
2291 | | /* |
2292 | | * Value strings. |
2293 | | * If the X_Y_vals has a matching hf_param_X_Y it will be added as a |
2294 | | * VALS field conversion below. |
2295 | | */ |
2296 | | |
2297 | | static const value_string ID_uint16_vals[] = { |
2298 | | /* Syscall codes. Automatically generated by tools/generate-sysdig-event.py */ |
2299 | | { 0, "unknown" }, // PPM_SC_UNKNOWN |
2300 | | { 1, "restart_syscall" }, // PPM_SC_RESTART_SYSCALL |
2301 | | { 2, "exit" }, // PPM_SC_EXIT |
2302 | | { 3, "read" }, // PPM_SC_READ |
2303 | | { 4, "write" }, // PPM_SC_WRITE |
2304 | | { 5, "open" }, // PPM_SC_OPEN |
2305 | | { 6, "close" }, // PPM_SC_CLOSE |
2306 | | { 7, "creat" }, // PPM_SC_CREAT |
2307 | | { 8, "link" }, // PPM_SC_LINK |
2308 | | { 9, "unlink" }, // PPM_SC_UNLINK |
2309 | | { 10, "chdir" }, // PPM_SC_CHDIR |
2310 | | { 11, "time" }, // PPM_SC_TIME |
2311 | | { 12, "mknod" }, // PPM_SC_MKNOD |
2312 | | { 13, "chmod" }, // PPM_SC_CHMOD |
2313 | | { 14, "stat" }, // PPM_SC_STAT |
2314 | | { 15, "lseek" }, // PPM_SC_LSEEK |
2315 | | { 16, "getpid" }, // PPM_SC_GETPID |
2316 | | { 17, "mount" }, // PPM_SC_MOUNT |
2317 | | { 18, "ptrace" }, // PPM_SC_PTRACE |
2318 | | { 19, "alarm" }, // PPM_SC_ALARM |
2319 | | { 20, "fstat" }, // PPM_SC_FSTAT |
2320 | | { 21, "pause" }, // PPM_SC_PAUSE |
2321 | | { 22, "utime" }, // PPM_SC_UTIME |
2322 | | { 23, "access" }, // PPM_SC_ACCESS |
2323 | | { 24, "sync" }, // PPM_SC_SYNC |
2324 | | { 25, "kill" }, // PPM_SC_KILL |
2325 | | { 26, "rename" }, // PPM_SC_RENAME |
2326 | | { 27, "mkdir" }, // PPM_SC_MKDIR |
2327 | | { 28, "rmdir" }, // PPM_SC_RMDIR |
2328 | | { 29, "dup" }, // PPM_SC_DUP |
2329 | | { 30, "pipe" }, // PPM_SC_PIPE |
2330 | | { 31, "times" }, // PPM_SC_TIMES |
2331 | | { 32, "brk" }, // PPM_SC_BRK |
2332 | | { 33, "acct" }, // PPM_SC_ACCT |
2333 | | { 34, "ioctl" }, // PPM_SC_IOCTL |
2334 | | { 35, "fcntl" }, // PPM_SC_FCNTL |
2335 | | { 36, "setpgid" }, // PPM_SC_SETPGID |
2336 | | { 37, "umask" }, // PPM_SC_UMASK |
2337 | | { 38, "chroot" }, // PPM_SC_CHROOT |
2338 | | { 39, "ustat" }, // PPM_SC_USTAT |
2339 | | { 40, "dup2" }, // PPM_SC_DUP2 |
2340 | | { 41, "getppid" }, // PPM_SC_GETPPID |
2341 | | { 42, "getpgrp" }, // PPM_SC_GETPGRP |
2342 | | { 43, "setsid" }, // PPM_SC_SETSID |
2343 | | { 44, "sethostname" }, // PPM_SC_SETHOSTNAME |
2344 | | { 45, "setrlimit" }, // PPM_SC_SETRLIMIT |
2345 | | { 46, "getrusage" }, // PPM_SC_GETRUSAGE |
2346 | | { 47, "gettimeofday" }, // PPM_SC_GETTIMEOFDAY |
2347 | | { 48, "settimeofday" }, // PPM_SC_SETTIMEOFDAY |
2348 | | { 49, "symlink" }, // PPM_SC_SYMLINK |
2349 | | { 50, "lstat" }, // PPM_SC_LSTAT |
2350 | | { 51, "readlink" }, // PPM_SC_READLINK |
2351 | | { 52, "uselib" }, // PPM_SC_USELIB |
2352 | | { 53, "swapon" }, // PPM_SC_SWAPON |
2353 | | { 54, "reboot" }, // PPM_SC_REBOOT |
2354 | | { 55, "mmap" }, // PPM_SC_MMAP |
2355 | | { 56, "munmap" }, // PPM_SC_MUNMAP |
2356 | | { 57, "truncate" }, // PPM_SC_TRUNCATE |
2357 | | { 58, "ftruncate" }, // PPM_SC_FTRUNCATE |
2358 | | { 59, "fchmod" }, // PPM_SC_FCHMOD |
2359 | | { 60, "getpriority" }, // PPM_SC_GETPRIORITY |
2360 | | { 61, "setpriority" }, // PPM_SC_SETPRIORITY |
2361 | | { 62, "statfs" }, // PPM_SC_STATFS |
2362 | | { 63, "fstatfs" }, // PPM_SC_FSTATFS |
2363 | | { 64, "syslog" }, // PPM_SC_SYSLOG |
2364 | | { 65, "setitimer" }, // PPM_SC_SETITIMER |
2365 | | { 66, "getitimer" }, // PPM_SC_GETITIMER |
2366 | | { 67, "uname" }, // PPM_SC_UNAME |
2367 | | { 68, "vhangup" }, // PPM_SC_VHANGUP |
2368 | | { 69, "wait4" }, // PPM_SC_WAIT4 |
2369 | | { 70, "swapoff" }, // PPM_SC_SWAPOFF |
2370 | | { 71, "sysinfo" }, // PPM_SC_SYSINFO |
2371 | | { 72, "fsync" }, // PPM_SC_FSYNC |
2372 | | { 73, "setdomainname" }, // PPM_SC_SETDOMAINNAME |
2373 | | { 74, "adjtimex" }, // PPM_SC_ADJTIMEX |
2374 | | { 75, "mprotect" }, // PPM_SC_MPROTECT |
2375 | | { 76, "init_module" }, // PPM_SC_INIT_MODULE |
2376 | | { 77, "delete_module" }, // PPM_SC_DELETE_MODULE |
2377 | | { 78, "quotactl" }, // PPM_SC_QUOTACTL |
2378 | | { 79, "getpgid" }, // PPM_SC_GETPGID |
2379 | | { 80, "fchdir" }, // PPM_SC_FCHDIR |
2380 | | { 81, "sysfs" }, // PPM_SC_SYSFS |
2381 | | { 82, "personality" }, // PPM_SC_PERSONALITY |
2382 | | { 83, "getdents" }, // PPM_SC_GETDENTS |
2383 | | { 84, "select" }, // PPM_SC_SELECT |
2384 | | { 85, "flock" }, // PPM_SC_FLOCK |
2385 | | { 86, "msync" }, // PPM_SC_MSYNC |
2386 | | { 87, "readv" }, // PPM_SC_READV |
2387 | | { 88, "writev" }, // PPM_SC_WRITEV |
2388 | | { 89, "getsid" }, // PPM_SC_GETSID |
2389 | | { 90, "fdatasync" }, // PPM_SC_FDATASYNC |
2390 | | { 91, "mlock" }, // PPM_SC_MLOCK |
2391 | | { 92, "munlock" }, // PPM_SC_MUNLOCK |
2392 | | { 93, "mlockall" }, // PPM_SC_MLOCKALL |
2393 | | { 94, "munlockall" }, // PPM_SC_MUNLOCKALL |
2394 | | { 95, "sched_setparam" }, // PPM_SC_SCHED_SETPARAM |
2395 | | { 96, "sched_getparam" }, // PPM_SC_SCHED_GETPARAM |
2396 | | { 97, "sched_setscheduler" }, // PPM_SC_SCHED_SETSCHEDULER |
2397 | | { 98, "sched_getscheduler" }, // PPM_SC_SCHED_GETSCHEDULER |
2398 | | { 99, "sched_yield" }, // PPM_SC_SCHED_YIELD |
2399 | | { 100, "sched_get_priority_max" }, // PPM_SC_SCHED_GET_PRIORITY_MAX |
2400 | | { 101, "sched_get_priority_min" }, // PPM_SC_SCHED_GET_PRIORITY_MIN |
2401 | | { 102, "sched_rr_get_interval" }, // PPM_SC_SCHED_RR_GET_INTERVAL |
2402 | | { 103, "nanosleep" }, // PPM_SC_NANOSLEEP |
2403 | | { 104, "mremap" }, // PPM_SC_MREMAP |
2404 | | { 105, "poll" }, // PPM_SC_POLL |
2405 | | { 106, "prctl" }, // PPM_SC_PRCTL |
2406 | | { 107, "rt_sigaction" }, // PPM_SC_RT_SIGACTION |
2407 | | { 108, "rt_sigprocmask" }, // PPM_SC_RT_SIGPROCMASK |
2408 | | { 109, "rt_sigpending" }, // PPM_SC_RT_SIGPENDING |
2409 | | { 110, "rt_sigtimedwait" }, // PPM_SC_RT_SIGTIMEDWAIT |
2410 | | { 111, "rt_sigqueueinfo" }, // PPM_SC_RT_SIGQUEUEINFO |
2411 | | { 112, "rt_sigsuspend" }, // PPM_SC_RT_SIGSUSPEND |
2412 | | { 113, "getcwd" }, // PPM_SC_GETCWD |
2413 | | { 114, "capget" }, // PPM_SC_CAPGET |
2414 | | { 115, "capset" }, // PPM_SC_CAPSET |
2415 | | { 116, "sendfile" }, // PPM_SC_SENDFILE |
2416 | | { 117, "getrlimit" }, // PPM_SC_GETRLIMIT |
2417 | | { 118, "lchown" }, // PPM_SC_LCHOWN |
2418 | | { 119, "getuid" }, // PPM_SC_GETUID |
2419 | | { 120, "getgid" }, // PPM_SC_GETGID |
2420 | | { 121, "geteuid" }, // PPM_SC_GETEUID |
2421 | | { 122, "getegid" }, // PPM_SC_GETEGID |
2422 | | { 123, "setreuid" }, // PPM_SC_SETREUID |
2423 | | { 124, "setregid" }, // PPM_SC_SETREGID |
2424 | | { 125, "getgroups" }, // PPM_SC_GETGROUPS |
2425 | | { 126, "setgroups" }, // PPM_SC_SETGROUPS |
2426 | | { 127, "fchown" }, // PPM_SC_FCHOWN |
2427 | | { 128, "setresuid" }, // PPM_SC_SETRESUID |
2428 | | { 129, "getresuid" }, // PPM_SC_GETRESUID |
2429 | | { 130, "setresgid" }, // PPM_SC_SETRESGID |
2430 | | { 131, "getresgid" }, // PPM_SC_GETRESGID |
2431 | | { 132, "chown" }, // PPM_SC_CHOWN |
2432 | | { 133, "setuid" }, // PPM_SC_SETUID |
2433 | | { 134, "setgid" }, // PPM_SC_SETGID |
2434 | | { 135, "setfsuid" }, // PPM_SC_SETFSUID |
2435 | | { 136, "setfsgid" }, // PPM_SC_SETFSGID |
2436 | | { 137, "pivot_root" }, // PPM_SC_PIVOT_ROOT |
2437 | | { 138, "mincore" }, // PPM_SC_MINCORE |
2438 | | { 139, "madvise" }, // PPM_SC_MADVISE |
2439 | | { 140, "gettid" }, // PPM_SC_GETTID |
2440 | | { 141, "setxattr" }, // PPM_SC_SETXATTR |
2441 | | { 142, "lsetxattr" }, // PPM_SC_LSETXATTR |
2442 | | { 143, "fsetxattr" }, // PPM_SC_FSETXATTR |
2443 | | { 144, "getxattr" }, // PPM_SC_GETXATTR |
2444 | | { 145, "lgetxattr" }, // PPM_SC_LGETXATTR |
2445 | | { 146, "fgetxattr" }, // PPM_SC_FGETXATTR |
2446 | | { 147, "listxattr" }, // PPM_SC_LISTXATTR |
2447 | | { 148, "llistxattr" }, // PPM_SC_LLISTXATTR |
2448 | | { 149, "flistxattr" }, // PPM_SC_FLISTXATTR |
2449 | | { 150, "removexattr" }, // PPM_SC_REMOVEXATTR |
2450 | | { 151, "lremovexattr" }, // PPM_SC_LREMOVEXATTR |
2451 | | { 152, "fremovexattr" }, // PPM_SC_FREMOVEXATTR |
2452 | | { 153, "tkill" }, // PPM_SC_TKILL |
2453 | | { 154, "futex" }, // PPM_SC_FUTEX |
2454 | | { 155, "sched_setaffinity" }, // PPM_SC_SCHED_SETAFFINITY |
2455 | | { 156, "sched_getaffinity" }, // PPM_SC_SCHED_GETAFFINITY |
2456 | | { 157, "set_thread_area" }, // PPM_SC_SET_THREAD_AREA |
2457 | | { 158, "get_thread_area" }, // PPM_SC_GET_THREAD_AREA |
2458 | | { 159, "io_setup" }, // PPM_SC_IO_SETUP |
2459 | | { 160, "io_destroy" }, // PPM_SC_IO_DESTROY |
2460 | | { 161, "io_getevents" }, // PPM_SC_IO_GETEVENTS |
2461 | | { 162, "io_submit" }, // PPM_SC_IO_SUBMIT |
2462 | | { 163, "io_cancel" }, // PPM_SC_IO_CANCEL |
2463 | | { 164, "exit_group" }, // PPM_SC_EXIT_GROUP |
2464 | | { 165, "epoll_create" }, // PPM_SC_EPOLL_CREATE |
2465 | | { 166, "epoll_ctl" }, // PPM_SC_EPOLL_CTL |
2466 | | { 167, "epoll_wait" }, // PPM_SC_EPOLL_WAIT |
2467 | | { 168, "remap_file_pages" }, // PPM_SC_REMAP_FILE_PAGES |
2468 | | { 169, "set_tid_address" }, // PPM_SC_SET_TID_ADDRESS |
2469 | | { 170, "timer_create" }, // PPM_SC_TIMER_CREATE |
2470 | | { 171, "timer_settime" }, // PPM_SC_TIMER_SETTIME |
2471 | | { 172, "timer_gettime" }, // PPM_SC_TIMER_GETTIME |
2472 | | { 173, "timer_getoverrun" }, // PPM_SC_TIMER_GETOVERRUN |
2473 | | { 174, "timer_delete" }, // PPM_SC_TIMER_DELETE |
2474 | | { 175, "clock_settime" }, // PPM_SC_CLOCK_SETTIME |
2475 | | { 176, "clock_gettime" }, // PPM_SC_CLOCK_GETTIME |
2476 | | { 177, "clock_getres" }, // PPM_SC_CLOCK_GETRES |
2477 | | { 178, "clock_nanosleep" }, // PPM_SC_CLOCK_NANOSLEEP |
2478 | | { 179, "tgkill" }, // PPM_SC_TGKILL |
2479 | | { 180, "utimes" }, // PPM_SC_UTIMES |
2480 | | { 181, "mq_open" }, // PPM_SC_MQ_OPEN |
2481 | | { 182, "mq_unlink" }, // PPM_SC_MQ_UNLINK |
2482 | | { 183, "mq_timedsend" }, // PPM_SC_MQ_TIMEDSEND |
2483 | | { 184, "mq_timedreceive" }, // PPM_SC_MQ_TIMEDRECEIVE |
2484 | | { 185, "mq_notify" }, // PPM_SC_MQ_NOTIFY |
2485 | | { 186, "mq_getsetattr" }, // PPM_SC_MQ_GETSETATTR |
2486 | | { 187, "kexec_load" }, // PPM_SC_KEXEC_LOAD |
2487 | | { 188, "waitid" }, // PPM_SC_WAITID |
2488 | | { 189, "add_key" }, // PPM_SC_ADD_KEY |
2489 | | { 190, "request_key" }, // PPM_SC_REQUEST_KEY |
2490 | | { 191, "keyctl" }, // PPM_SC_KEYCTL |
2491 | | { 192, "ioprio_set" }, // PPM_SC_IOPRIO_SET |
2492 | | { 193, "ioprio_get" }, // PPM_SC_IOPRIO_GET |
2493 | | { 194, "inotify_init" }, // PPM_SC_INOTIFY_INIT |
2494 | | { 195, "inotify_add_watch" }, // PPM_SC_INOTIFY_ADD_WATCH |
2495 | | { 196, "inotify_rm_watch" }, // PPM_SC_INOTIFY_RM_WATCH |
2496 | | { 197, "openat" }, // PPM_SC_OPENAT |
2497 | | { 198, "mkdirat" }, // PPM_SC_MKDIRAT |
2498 | | { 199, "mknodat" }, // PPM_SC_MKNODAT |
2499 | | { 200, "fchownat" }, // PPM_SC_FCHOWNAT |
2500 | | { 201, "futimesat" }, // PPM_SC_FUTIMESAT |
2501 | | { 202, "unlinkat" }, // PPM_SC_UNLINKAT |
2502 | | { 203, "renameat" }, // PPM_SC_RENAMEAT |
2503 | | { 204, "linkat" }, // PPM_SC_LINKAT |
2504 | | { 205, "symlinkat" }, // PPM_SC_SYMLINKAT |
2505 | | { 206, "readlinkat" }, // PPM_SC_READLINKAT |
2506 | | { 207, "fchmodat" }, // PPM_SC_FCHMODAT |
2507 | | { 208, "faccessat" }, // PPM_SC_FACCESSAT |
2508 | | { 209, "pselect6" }, // PPM_SC_PSELECT6 |
2509 | | { 210, "ppoll" }, // PPM_SC_PPOLL |
2510 | | { 211, "unshare" }, // PPM_SC_UNSHARE |
2511 | | { 212, "set_robust_list" }, // PPM_SC_SET_ROBUST_LIST |
2512 | | { 213, "get_robust_list" }, // PPM_SC_GET_ROBUST_LIST |
2513 | | { 214, "splice" }, // PPM_SC_SPLICE |
2514 | | { 215, "tee" }, // PPM_SC_TEE |
2515 | | { 216, "vmsplice" }, // PPM_SC_VMSPLICE |
2516 | | { 217, "getcpu" }, // PPM_SC_GETCPU |
2517 | | { 218, "epoll_pwait" }, // PPM_SC_EPOLL_PWAIT |
2518 | | { 219, "utimensat" }, // PPM_SC_UTIMENSAT |
2519 | | { 220, "signalfd" }, // PPM_SC_SIGNALFD |
2520 | | { 221, "timerfd_create" }, // PPM_SC_TIMERFD_CREATE |
2521 | | { 222, "eventfd" }, // PPM_SC_EVENTFD |
2522 | | { 223, "timerfd_settime" }, // PPM_SC_TIMERFD_SETTIME |
2523 | | { 224, "timerfd_gettime" }, // PPM_SC_TIMERFD_GETTIME |
2524 | | { 225, "signalfd4" }, // PPM_SC_SIGNALFD4 |
2525 | | { 226, "eventfd2" }, // PPM_SC_EVENTFD2 |
2526 | | { 227, "epoll_create1" }, // PPM_SC_EPOLL_CREATE1 |
2527 | | { 228, "dup3" }, // PPM_SC_DUP3 |
2528 | | { 229, "pipe2" }, // PPM_SC_PIPE2 |
2529 | | { 230, "inotify_init1" }, // PPM_SC_INOTIFY_INIT1 |
2530 | | { 231, "preadv" }, // PPM_SC_PREADV |
2531 | | { 232, "pwritev" }, // PPM_SC_PWRITEV |
2532 | | { 233, "rt_tgsigqueueinfo" }, // PPM_SC_RT_TGSIGQUEUEINFO |
2533 | | { 234, "perf_event_open" }, // PPM_SC_PERF_EVENT_OPEN |
2534 | | { 235, "fanotify_init" }, // PPM_SC_FANOTIFY_INIT |
2535 | | { 236, "prlimit64" }, // PPM_SC_PRLIMIT64 |
2536 | | { 237, "clock_adjtime" }, // PPM_SC_CLOCK_ADJTIME |
2537 | | { 238, "syncfs" }, // PPM_SC_SYNCFS |
2538 | | { 239, "setns" }, // PPM_SC_SETNS |
2539 | | { 240, "getdents64" }, // PPM_SC_GETDENTS64 |
2540 | | { 241, "socket" }, // PPM_SC_SOCKET |
2541 | | { 242, "bind" }, // PPM_SC_BIND |
2542 | | { 243, "connect" }, // PPM_SC_CONNECT |
2543 | | { 244, "listen" }, // PPM_SC_LISTEN |
2544 | | { 245, "accept" }, // PPM_SC_ACCEPT |
2545 | | { 246, "getsockname" }, // PPM_SC_GETSOCKNAME |
2546 | | { 247, "getpeername" }, // PPM_SC_GETPEERNAME |
2547 | | { 248, "socketpair" }, // PPM_SC_SOCKETPAIR |
2548 | | { 249, "sendto" }, // PPM_SC_SENDTO |
2549 | | { 250, "recvfrom" }, // PPM_SC_RECVFROM |
2550 | | { 251, "shutdown" }, // PPM_SC_SHUTDOWN |
2551 | | { 252, "setsockopt" }, // PPM_SC_SETSOCKOPT |
2552 | | { 253, "getsockopt" }, // PPM_SC_GETSOCKOPT |
2553 | | { 254, "sendmsg" }, // PPM_SC_SENDMSG |
2554 | | { 255, "sendmmsg" }, // PPM_SC_SENDMMSG |
2555 | | { 256, "recvmsg" }, // PPM_SC_RECVMSG |
2556 | | { 257, "recvmmsg" }, // PPM_SC_RECVMMSG |
2557 | | { 258, "accept4" }, // PPM_SC_ACCEPT4 |
2558 | | { 259, "semop" }, // PPM_SC_SEMOP |
2559 | | { 260, "semget" }, // PPM_SC_SEMGET |
2560 | | { 261, "semctl" }, // PPM_SC_SEMCTL |
2561 | | { 262, "msgsnd" }, // PPM_SC_MSGSND |
2562 | | { 263, "msgrcv" }, // PPM_SC_MSGRCV |
2563 | | { 264, "msgget" }, // PPM_SC_MSGGET |
2564 | | { 265, "msgctl" }, // PPM_SC_MSGCTL |
2565 | | { 266, "shmdt" }, // PPM_SC_SHMDT |
2566 | | { 267, "shmget" }, // PPM_SC_SHMGET |
2567 | | { 268, "shmctl" }, // PPM_SC_SHMCTL |
2568 | | { 269, "statfs64" }, // PPM_SC_STATFS64 |
2569 | | { 270, "fstatfs64" }, // PPM_SC_FSTATFS64 |
2570 | | { 271, "fstatat64" }, // PPM_SC_FSTATAT64 |
2571 | | { 272, "sendfile64" }, // PPM_SC_SENDFILE64 |
2572 | | { 273, "ugetrlimit" }, // PPM_SC_UGETRLIMIT |
2573 | | { 274, "bdflush" }, // PPM_SC_BDFLUSH |
2574 | | { 275, "sigprocmask" }, // PPM_SC_SIGPROCMASK |
2575 | | { 276, "ipc" }, // PPM_SC_IPC |
2576 | | { 277, "socketcall" }, // PPM_SC_SOCKETCALL |
2577 | | { 278, "stat64" }, // PPM_SC_STAT64 |
2578 | | { 279, "lstat64" }, // PPM_SC_LSTAT64 |
2579 | | { 280, "fstat64" }, // PPM_SC_FSTAT64 |
2580 | | { 281, "fcntl64" }, // PPM_SC_FCNTL64 |
2581 | | { 282, "mmap2" }, // PPM_SC_MMAP2 |
2582 | | { 283, "_newselect" }, // PPM_SC__NEWSELECT |
2583 | | { 284, "sgetmask" }, // PPM_SC_SGETMASK |
2584 | | { 285, "ssetmask" }, // PPM_SC_SSETMASK |
2585 | | { 286, "sigpending" }, // PPM_SC_SIGPENDING |
2586 | | { 287, "olduname" }, // PPM_SC_OLDUNAME |
2587 | | { 288, "umount" }, // PPM_SC_UMOUNT |
2588 | | { 289, "signal" }, // PPM_SC_SIGNAL |
2589 | | { 290, "nice" }, // PPM_SC_NICE |
2590 | | { 291, "stime" }, // PPM_SC_STIME |
2591 | | { 292, "_llseek" }, // PPM_SC__LLSEEK |
2592 | | { 293, "waitpid" }, // PPM_SC_WAITPID |
2593 | | { 294, "pread64" }, // PPM_SC_PREAD64 |
2594 | | { 295, "pwrite64" }, // PPM_SC_PWRITE64 |
2595 | | { 296, "arch_prctl" }, // PPM_SC_ARCH_PRCTL |
2596 | | { 297, "shmat" }, // PPM_SC_SHMAT |
2597 | | { 298, "rt_sigreturn" }, // PPM_SC_RT_SIGRETURN |
2598 | | { 299, "fallocate" }, // PPM_SC_FALLOCATE |
2599 | | { 300, "newfstatat" }, // PPM_SC_NEWFSTATAT |
2600 | | { 301, "process_vm_readv" }, // PPM_SC_PROCESS_VM_READV |
2601 | | { 302, "process_vm_writev" }, // PPM_SC_PROCESS_VM_WRITEV |
2602 | | { 303, "fork" }, // PPM_SC_FORK |
2603 | | { 304, "vfork" }, // PPM_SC_VFORK |
2604 | | { 305, "setuid32" }, // PPM_SC_SETUID32 |
2605 | | { 306, "getuid32" }, // PPM_SC_GETUID32 |
2606 | | { 307, "setgid32" }, // PPM_SC_SETGID32 |
2607 | | { 308, "geteuid32" }, // PPM_SC_GETEUID32 |
2608 | | { 309, "getgid32" }, // PPM_SC_GETGID32 |
2609 | | { 310, "setresuid32" }, // PPM_SC_SETRESUID32 |
2610 | | { 311, "setresgid32" }, // PPM_SC_SETRESGID32 |
2611 | | { 312, "getresuid32" }, // PPM_SC_GETRESUID32 |
2612 | | { 313, "getresgid32" }, // PPM_SC_GETRESGID32 |
2613 | | { 314, "finit_module" }, // PPM_SC_FINIT_MODULE |
2614 | | { 315, "bpf" }, // PPM_SC_BPF |
2615 | | { 316, "seccomp" }, // PPM_SC_SECCOMP |
2616 | | { 317, "sigaltstack" }, // PPM_SC_SIGALTSTACK |
2617 | | { 318, "getrandom" }, // PPM_SC_GETRANDOM |
2618 | | { 319, "fadvise64" }, // PPM_SC_FADVISE64 |
2619 | | { 320, "renameat2" }, // PPM_SC_RENAMEAT2 |
2620 | | { 321, "userfaultfd" }, // PPM_SC_USERFAULTFD |
2621 | | { 322, "openat2" }, // PPM_SC_OPENAT2 |
2622 | | { 323, "umount2" }, // PPM_SC_UMOUNT2 |
2623 | | { 324, "execve" }, // PPM_SC_EXECVE |
2624 | | { 325, "execveat" }, // PPM_SC_EXECVEAT |
2625 | | { 326, "copy_file_range" }, // PPM_SC_COPY_FILE_RANGE |
2626 | | { 327, "clone" }, // PPM_SC_CLONE |
2627 | | { 328, "clone3" }, // PPM_SC_CLONE3 |
2628 | | { 329, "open_by_handle_at" }, // PPM_SC_OPEN_BY_HANDLE_AT |
2629 | | { 330, "io_uring_setup" }, // PPM_SC_IO_URING_SETUP |
2630 | | { 331, "io_uring_enter" }, // PPM_SC_IO_URING_ENTER |
2631 | | { 332, "io_uring_register" }, // PPM_SC_IO_URING_REGISTER |
2632 | | { 333, "mlock2" }, // PPM_SC_MLOCK2 |
2633 | | { 334, "getegid32" }, // PPM_SC_GETEGID32 |
2634 | | { 335, "fsconfig" }, // PPM_SC_FSCONFIG |
2635 | | { 336, "fspick" }, // PPM_SC_FSPICK |
2636 | | { 337, "fsmount" }, // PPM_SC_FSMOUNT |
2637 | | { 338, "fsopen" }, // PPM_SC_FSOPEN |
2638 | | { 339, "open_tree" }, // PPM_SC_OPEN_TREE |
2639 | | { 340, "move_mount" }, // PPM_SC_MOVE_MOUNT |
2640 | | { 341, "mount_setattr" }, // PPM_SC_MOUNT_SETATTR |
2641 | | { 342, "memfd_create" }, // PPM_SC_MEMFD_CREATE |
2642 | | { 343, "memfd_secret" }, // PPM_SC_MEMFD_SECRET |
2643 | | { 344, "ioperm" }, // PPM_SC_IOPERM |
2644 | | { 345, "kexec_file_load" }, // PPM_SC_KEXEC_FILE_LOAD |
2645 | | { 346, "pidfd_getfd" }, // PPM_SC_PIDFD_GETFD |
2646 | | { 347, "pidfd_open" }, // PPM_SC_PIDFD_OPEN |
2647 | | { 348, "pidfd_send_signal" }, // PPM_SC_PIDFD_SEND_SIGNAL |
2648 | | { 349, "pkey_alloc" }, // PPM_SC_PKEY_ALLOC |
2649 | | { 350, "pkey_mprotect" }, // PPM_SC_PKEY_MPROTECT |
2650 | | { 351, "pkey_free" }, // PPM_SC_PKEY_FREE |
2651 | | { 352, "landlock_create_ruleset" }, // PPM_SC_LANDLOCK_CREATE_RULESET |
2652 | | { 353, "quotactl_fd" }, // PPM_SC_QUOTACTL_FD |
2653 | | { 354, "landlock_restrict_self" }, // PPM_SC_LANDLOCK_RESTRICT_SELF |
2654 | | { 355, "landlock_add_rule" }, // PPM_SC_LANDLOCK_ADD_RULE |
2655 | | { 356, "epoll_pwait2" }, // PPM_SC_EPOLL_PWAIT2 |
2656 | | { 357, "migrate_pages" }, // PPM_SC_MIGRATE_PAGES |
2657 | | { 358, "move_pages" }, // PPM_SC_MOVE_PAGES |
2658 | | { 359, "preadv2" }, // PPM_SC_PREADV2 |
2659 | | { 360, "pwritev2" }, // PPM_SC_PWRITEV2 |
2660 | | { 361, "kcmp" }, // PPM_SC_KCMP |
2661 | | { 362, "sched_setattr" }, // PPM_SC_SCHED_SETATTR |
2662 | | { 363, "mbind" }, // PPM_SC_MBIND |
2663 | | { 364, "epoll_ctl_old" }, // PPM_SC_EPOLL_CTL_OLD |
2664 | | { 365, "lookup_dcookie" }, // PPM_SC_LOOKUP_DCOOKIE |
2665 | | { 366, "modify_ldt" }, // PPM_SC_MODIFY_LDT |
2666 | | { 367, "statx" }, // PPM_SC_STATX |
2667 | | { 368, "set_mempolicy" }, // PPM_SC_SET_MEMPOLICY |
2668 | | { 369, "io_pgetevents" }, // PPM_SC_IO_PGETEVENTS |
2669 | | { 370, "set_mempolicy_home_node" }, // PPM_SC_SET_MEMPOLICY_HOME_NODE |
2670 | | { 371, "semtimedop" }, // PPM_SC_SEMTIMEDOP |
2671 | | { 372, "get_kernel_syms" }, // PPM_SC_GET_KERNEL_SYMS |
2672 | | { 373, "readahead" }, // PPM_SC_READAHEAD |
2673 | | { 374, "futex_waitv" }, // PPM_SC_FUTEX_WAITV |
2674 | | { 375, "getpmsg" }, // PPM_SC_GETPMSG |
2675 | | { 376, "name_to_handle_at" }, // PPM_SC_NAME_TO_HANDLE_AT |
2676 | | { 377, "process_mrelease" }, // PPM_SC_PROCESS_MRELEASE |
2677 | | { 378, "nfsservctl" }, // PPM_SC_NFSSERVCTL |
2678 | | { 379, "epoll_wait_old" }, // PPM_SC_EPOLL_WAIT_OLD |
2679 | | { 380, "rseq" }, // PPM_SC_RSEQ |
2680 | | { 381, "create_module" }, // PPM_SC_CREATE_MODULE |
2681 | | { 383, "sched_getattr" }, // PPM_SC_SCHED_GETATTR |
2682 | | { 384, "faccessat2" }, // PPM_SC_FACCESSAT2 |
2683 | | { 385, "_sysctl" }, // PPM_SC__SYSCTL |
2684 | | { 386, "query_module" }, // PPM_SC_QUERY_MODULE |
2685 | | { 387, "get_mempolicy" }, // PPM_SC_GET_MEMPOLICY |
2686 | | { 388, "sync_file_range" }, // PPM_SC_SYNC_FILE_RANGE |
2687 | | { 389, "process_madvise" }, // PPM_SC_PROCESS_MADVISE |
2688 | | { 390, "membarrier" }, // PPM_SC_MEMBARRIER |
2689 | | { 391, "iopl" }, // PPM_SC_IOPL |
2690 | | { 392, "close_range" }, // PPM_SC_CLOSE_RANGE |
2691 | | { 393, "fanotify_mark" }, // PPM_SC_FANOTIFY_MARK |
2692 | | { 394, "recv" }, // PPM_SC_RECV |
2693 | | { 395, "send" }, // PPM_SC_SEND |
2694 | | { 396, "sched_process_exit" }, // PPM_SC_SCHED_PROCESS_EXIT |
2695 | | { 397, "sched_switch" }, // PPM_SC_SCHED_SWITCH |
2696 | | { 398, "page_fault_user" }, // PPM_SC_PAGE_FAULT_USER |
2697 | | { 399, "page_fault_kernel" }, // PPM_SC_PAGE_FAULT_KERNEL |
2698 | | { 400, "signal_deliver" }, // PPM_SC_SIGNAL_DELIVER |
2699 | | { 401, "timerfd" }, // PPM_SC_TIMERFD |
2700 | | { 402, "s390_pci_mmio_read" }, // PPM_SC_S390_PCI_MMIO_READ |
2701 | | { 403, "sigaction" }, // PPM_SC_SIGACTION |
2702 | | { 404, "s390_pci_mmio_write" }, // PPM_SC_S390_PCI_MMIO_WRITE |
2703 | | { 405, "readdir" }, // PPM_SC_READDIR |
2704 | | { 406, "s390_sthyi" }, // PPM_SC_S390_STHYI |
2705 | | { 407, "sigsuspend" }, // PPM_SC_SIGSUSPEND |
2706 | | { 408, "idle" }, // PPM_SC_IDLE |
2707 | | { 409, "s390_runtime_instr" }, // PPM_SC_S390_RUNTIME_INSTR |
2708 | | { 410, "sigreturn" }, // PPM_SC_SIGRETURN |
2709 | | { 411, "s390_guarded_storage" }, // PPM_SC_S390_GUARDED_STORAGE |
2710 | | { 412, "cachestat" }, // PPM_SC_CACHESTAT |
2711 | | { 413, "fchmodat2" }, // PPM_SC_FCHMODAT2 |
2712 | | { 414, "map_shadow_stack" }, // PPM_SC_MAP_SHADOW_STACK |
2713 | | { 415, "riscv_flush_icache" }, // PPM_SC_RISCV_FLUSH_ICACHE |
2714 | | { 416, "riscv_hwprobe" }, // PPM_SC_RISCV_HWPROBE |
2715 | | { 417, "futex_wake" }, // PPM_SC_FUTEX_WAKE |
2716 | | { 418, "futex_requeue" }, // PPM_SC_FUTEX_REQUEUE |
2717 | | { 419, "futex_wait" }, // PPM_SC_FUTEX_WAIT |
2718 | | { 420, "oldstat" }, // PPM_SC_OLDSTAT |
2719 | | { 421, "switch_endian" }, // PPM_SC_SWITCH_ENDIAN |
2720 | | { 422, "multiplexer" }, // PPM_SC_MULTIPLEXER |
2721 | | { 423, "oldlstat" }, // PPM_SC_OLDLSTAT |
2722 | | { 424, "spu_create" }, // PPM_SC_SPU_CREATE |
2723 | | { 425, "sync_file_range2" }, // PPM_SC_SYNC_FILE_RANGE2 |
2724 | | { 426, "oldfstat" }, // PPM_SC_OLDFSTAT |
2725 | | { 427, "spu_run" }, // PPM_SC_SPU_RUN |
2726 | | { 428, "swapcontext" }, // PPM_SC_SWAPCONTEXT |
2727 | | { 429, "pciconfig_write" }, // PPM_SC_PCICONFIG_WRITE |
2728 | | { 430, "rtas" }, // PPM_SC_RTAS |
2729 | | { 431, "pciconfig_read" }, // PPM_SC_PCICONFIG_READ |
2730 | | { 432, "sys_debug_setcontext" }, // PPM_SC_SYS_DEBUG_SETCONTEXT |
2731 | | { 433, "vm86" }, // PPM_SC_VM86 |
2732 | | { 434, "oldolduname" }, // PPM_SC_OLDOLDUNAME |
2733 | | { 435, "subpage_prot" }, // PPM_SC_SUBPAGE_PROT |
2734 | | { 436, "pciconfig_iobase" }, // PPM_SC_PCICONFIG_IOBASE |
2735 | | { 437, "listmount" }, // PPM_SC_LISTMOUNT |
2736 | | { 438, "statmount" }, // PPM_SC_STATMOUNT |
2737 | | { 439, "lsm_get_self_attr" }, // PPM_SC_LSM_GET_SELF_ATTR |
2738 | | { 440, "lsm_set_self_attr" }, // PPM_SC_LSM_SET_SELF_ATTR |
2739 | | { 441, "lsm_list_modules" }, // PPM_SC_LSM_LIST_MODULES |
2740 | | { 442, "mseal" }, // PPM_SC_MSEAL |
2741 | | |
2742 | | { 0, NULL } |
2743 | | }; |
2744 | | |
2745 | | /* |
2746 | | static const value_string param_category_vals[] = { |
2747 | | { 1, "Other"}, |
2748 | | { 2, "File"}, |
2749 | | { 3, "Network operation"}, |
2750 | | { 4, "IPC operation"}, |
2751 | | { 5, "Memory operation"}, |
2752 | | { 6, "Process operation"}, |
2753 | | { 7, "Plain sleep"}, |
2754 | | { 8, "System operation"}, |
2755 | | { 9, "Signal operation"}, |
2756 | | { 10, "User operation"}, |
2757 | | { 11, "Time"}, |
2758 | | { 12, "User-level processing"}, |
2759 | | { 32, "I/O read"}, |
2760 | | { 33, "I/O write"}, |
2761 | | { 34, "I/O other"}, |
2762 | | { 64, "General wait"}, |
2763 | | {128, "Scheduler event"}, |
2764 | | {256, "Internal event"}, |
2765 | | {0, NULL} |
2766 | | }; |
2767 | | */ |
2768 | | |
2769 | | /* |
2770 | | static const value_string param_flag_vals[] = { |
2771 | | { 0, "None"}, |
2772 | | {1 << 0, "Creates FD"}, |
2773 | | {1 << 1, "Destroys FD"}, |
2774 | | {1 << 2, "Uses FD"}, |
2775 | | {1 << 3, "Reads from FD"}, |
2776 | | {1 << 4, "Writes to FD"}, |
2777 | | {1 << 5, "Modifies state"}, |
2778 | | {1 << 6, "Unused"}, |
2779 | | {1 << 7, "Waits"}, |
2780 | | {1 << 8, "Skip parse reset"}, |
2781 | | {1 << 9, "Old version"}, |
2782 | | {0, NULL} |
2783 | | }; |
2784 | | */ |
2785 | | |
2786 | | /* |
2787 | | static const value_string param_subcategory_vals[] = { |
2788 | | { 0, "Unknown"}, |
2789 | | { 1, "None"}, |
2790 | | { 2, "Other"}, |
2791 | | { 3, "File"}, |
2792 | | { 4, "Net"}, |
2793 | | { 5, "IPC"}, |
2794 | | {0, NULL} |
2795 | | }; |
2796 | | */ |
2797 | | |
2798 | 0 | static inline const char *format_param_str(wmem_allocator_t *scope, tvbuff_t *tvb, int offset, int len) { |
2799 | 0 | char *param_str; |
2800 | |
|
2801 | 0 | param_str = tvb_get_string_enc(scope, tvb, offset, len, ENC_UTF_8|ENC_NA); |
2802 | |
|
2803 | 0 | if (len < 2) { |
2804 | 0 | return param_str; |
2805 | 0 | } |
2806 | 0 | return format_text_chr(scope, param_str, len - 1, ' '); /* Leave terminating NULLs alone. */ |
2807 | 0 | } |
2808 | | |
2809 | | /* Code to actually dissect the packets */ |
2810 | | |
2811 | | static int |
2812 | | dissect_header_lens_v1(tvbuff_t *tvb, proto_tree *tree, unsigned encoding, int * const *hf_indexes) |
2813 | 0 | { |
2814 | 0 | int param_count; |
2815 | 0 | proto_item *ti; |
2816 | 0 | proto_tree *len_tree; |
2817 | |
|
2818 | 0 | for (param_count = 0; hf_indexes[param_count]; param_count++); |
2819 | |
|
2820 | 0 | ti = proto_tree_add_item(tree, hf_se_param_lens, tvb, 0, param_count * SYSDIG_PARAM_SIZE, ENC_NA); |
2821 | 0 | len_tree = proto_item_add_subtree(ti, ett_sysdig_parm_lens); |
2822 | |
|
2823 | 0 | for (param_count = 0; hf_indexes[param_count]; param_count++) { |
2824 | 0 | proto_tree_add_item(len_tree, hf_se_param_len, tvb, param_count * SYSDIG_PARAM_SIZE, SYSDIG_PARAM_SIZE, encoding); |
2825 | 0 | } |
2826 | |
|
2827 | 0 | proto_item_set_len(ti, param_count * SYSDIG_PARAM_SIZE); |
2828 | 0 | return param_count * SYSDIG_PARAM_SIZE; |
2829 | 0 | } |
2830 | | |
2831 | | static int |
2832 | | dissect_header_lens_v2(tvbuff_t *tvb, wtap_syscall_header* syscall_header, proto_tree *tree, unsigned encoding) |
2833 | 0 | { |
2834 | 0 | uint32_t param_count; |
2835 | 0 | proto_item *ti; |
2836 | 0 | proto_tree *len_tree; |
2837 | |
|
2838 | 0 | ti = proto_tree_add_item(tree, hf_se_param_lens, tvb, 0, syscall_header->nparams * SYSDIG_PARAM_SIZE_V2, ENC_NA); |
2839 | 0 | len_tree = proto_item_add_subtree(ti, ett_sysdig_parm_lens); |
2840 | |
|
2841 | 0 | for (param_count = 0; param_count < syscall_header->nparams; param_count++) { |
2842 | 0 | proto_tree_add_item(len_tree, hf_se_param_len, tvb, param_count * SYSDIG_PARAM_SIZE_V2, SYSDIG_PARAM_SIZE_V2, encoding); |
2843 | 0 | } |
2844 | |
|
2845 | 0 | proto_item_set_len(ti, syscall_header->nparams * SYSDIG_PARAM_SIZE_V2); |
2846 | 0 | return syscall_header->nparams * SYSDIG_PARAM_SIZE_V2; |
2847 | 0 | } |
2848 | | |
2849 | | static int |
2850 | | dissect_header_lens_v2_large(tvbuff_t *tvb, wtap_syscall_header* syscall_header, proto_tree *tree, unsigned encoding) |
2851 | 0 | { |
2852 | 0 | uint32_t param_count; |
2853 | 0 | proto_item *ti; |
2854 | 0 | proto_tree *len_tree; |
2855 | |
|
2856 | 0 | ti = proto_tree_add_item(tree, hf_se_param_lens, tvb, 0, syscall_header->nparams * SYSDIG_PARAM_SIZE_V2_LARGE, ENC_NA); |
2857 | 0 | len_tree = proto_item_add_subtree(ti, ett_sysdig_parm_lens); |
2858 | |
|
2859 | 0 | for (param_count = 0; param_count < syscall_header->nparams; param_count++) { |
2860 | 0 | proto_tree_add_item(len_tree, hf_se_param_len, tvb, param_count * SYSDIG_PARAM_SIZE_V2_LARGE, SYSDIG_PARAM_SIZE_V2_LARGE, encoding); |
2861 | 0 | } |
2862 | |
|
2863 | 0 | proto_item_set_len(ti, syscall_header->nparams * SYSDIG_PARAM_SIZE_V2_LARGE); |
2864 | 0 | return syscall_header->nparams * SYSDIG_PARAM_SIZE_V2_LARGE; |
2865 | 0 | } |
2866 | | |
2867 | | /* Dissect events */ |
2868 | | |
2869 | | static int |
2870 | | dissect_event_params(tvbuff_t *tvb, packet_info *pinfo, const char **event_name, wtap_syscall_header* syscall_header, proto_tree *tree, unsigned encoding, int * const *hf_indexes, sysdig_event_param_data *event_param_data) |
2871 | 0 | { |
2872 | 0 | int len_offset = 0; |
2873 | 0 | int param_offset; |
2874 | 0 | int len_size; |
2875 | 0 | uint32_t cur_param; |
2876 | |
|
2877 | 0 | switch (syscall_header->record_type) { |
2878 | 0 | case BLOCK_TYPE_SYSDIG_EVENT_V2_LARGE: |
2879 | 0 | param_offset = dissect_header_lens_v2_large(tvb, syscall_header, tree, encoding); |
2880 | 0 | len_size = SYSDIG_PARAM_SIZE_V2_LARGE; |
2881 | 0 | break; |
2882 | 0 | case BLOCK_TYPE_SYSDIG_EVENT_V2: |
2883 | 0 | param_offset = dissect_header_lens_v2(tvb, syscall_header, tree, encoding); |
2884 | 0 | len_size = SYSDIG_PARAM_SIZE_V2; |
2885 | 0 | break; |
2886 | 0 | default: |
2887 | 0 | param_offset = dissect_header_lens_v1(tvb, tree, encoding, hf_indexes); |
2888 | 0 | len_size = SYSDIG_PARAM_SIZE; |
2889 | 0 | break; |
2890 | 0 | } |
2891 | | |
2892 | 0 | for (cur_param = 0; cur_param < syscall_header->nparams; cur_param++) { |
2893 | 0 | if (!hf_indexes[cur_param]) { |
2894 | | // This happens when new params are added to existent events in sysdig, |
2895 | | // if the event is already mapped in wireshark with a lower number of params. |
2896 | | // hf_indexes array size would be < than event being dissected, leading to SIGSEGV. |
2897 | 0 | break; |
2898 | 0 | } |
2899 | | |
2900 | 0 | uint32_t param_len; |
2901 | 0 | if (syscall_header->record_type == BLOCK_TYPE_SYSDIG_EVENT_V2_LARGE) { |
2902 | 0 | param_len = tvb_get_uint32(tvb, len_offset, encoding); |
2903 | 0 | } else { |
2904 | 0 | param_len = tvb_get_uint16(tvb, len_offset, encoding); |
2905 | 0 | } |
2906 | 0 | const int hf_index = *hf_indexes[cur_param]; |
2907 | 0 | if (proto_registrar_get_ftype(hf_index) == FT_STRING) { |
2908 | 0 | proto_tree_add_string(tree, hf_index, tvb, param_offset, param_len, |
2909 | 0 | format_param_str(pinfo->pool, tvb, param_offset, param_len)); |
2910 | 0 | } else { |
2911 | 0 | proto_tree_add_item(tree, hf_index, tvb, param_offset, param_len, encoding); |
2912 | 0 | if (hf_index == hf_param_data_bytes) { |
2913 | 0 | event_param_data->data_bytes_offset = param_offset; |
2914 | 0 | event_param_data->data_bytes_length = param_len; |
2915 | 0 | } |
2916 | 0 | } |
2917 | |
|
2918 | 0 | if (hf_index == hf_param_ID_uint16) { |
2919 | 0 | uint16_t id = tvb_get_uint16(tvb, param_offset, encoding); |
2920 | 0 | *event_name = val_to_str(id, ID_uint16_vals, "Unknown ID %u"); |
2921 | 0 | col_add_str(pinfo->cinfo, COL_INFO, *event_name); |
2922 | 0 | } |
2923 | 0 | param_offset += param_len; |
2924 | 0 | len_offset += len_size; |
2925 | 0 | } |
2926 | 0 | return param_offset; |
2927 | 0 | } |
2928 | | |
2929 | | static int |
2930 | | dissect_sysdig_event(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, |
2931 | | void *data _U_) |
2932 | 0 | { |
2933 | 0 | proto_item *ti; |
2934 | 0 | proto_tree *se_tree, *syscall_tree; |
2935 | 0 | unsigned event_type = pinfo->rec->rec_header.syscall_header.event_type; |
2936 | 0 | unsigned encoding = pinfo->rec->rec_header.syscall_header.byte_order == G_BIG_ENDIAN ? ENC_BIG_ENDIAN : ENC_LITTLE_ENDIAN; |
2937 | 0 | const struct _event_col_info *cur_col_info; |
2938 | 0 | const struct _event_tree_info *cur_tree_info; |
2939 | | |
2940 | | /*** HEURISTICS ***/ |
2941 | | |
2942 | | /* Check that the packet is long enough for it to belong to us. */ |
2943 | 0 | if (tvb_reported_length(tvb) < SYSDIG_EVENT_MIN_LENGTH) |
2944 | 0 | return 0; |
2945 | | |
2946 | | /*** COLUMN DATA ***/ |
2947 | | |
2948 | | /* |
2949 | | * If this is a plugin event, handle it appropriately and return |
2950 | | */ |
2951 | 0 | if (event_type == EVT_PLUGINEVENT_E && sinsp_dissector_handle) { |
2952 | 0 | return call_dissector(sinsp_dissector_handle, tvb, pinfo, tree); |
2953 | 0 | } |
2954 | | |
2955 | 0 | const char *event_name = val_to_str(event_type, event_type_vals, "Unknown syscall %u"); |
2956 | 0 | sysdig_event_param_data event_param_data = {0}; |
2957 | | |
2958 | | /* |
2959 | | * Sysdig uses the term "event" internally. So far every event has been |
2960 | | * a syscall. |
2961 | | */ |
2962 | 0 | col_clear(pinfo->cinfo, COL_INFO); |
2963 | 0 | col_set_str(pinfo->cinfo, COL_PROTOCOL, "Sysdig Event"); |
2964 | 0 | col_add_str(pinfo->cinfo, COL_INFO, event_name); |
2965 | | |
2966 | | /* |
2967 | | * XXX We can ditch this in favor of a simple index when event_col_info |
2968 | | * is contiguous and in the correct order. |
2969 | | */ |
2970 | 0 | for (cur_col_info = event_col_info; cur_col_info->params; cur_col_info++) { |
2971 | 0 | if (cur_col_info->event_type == event_type) { |
2972 | 0 | const struct _event_col_info_param *cur_param = cur_col_info->params; |
2973 | 0 | int param_offset = cur_col_info->num_len_fields * 2; |
2974 | | |
2975 | | /* Find the data offset */ |
2976 | 0 | int cur_len_field; |
2977 | 0 | for (cur_len_field = 0; |
2978 | 0 | cur_len_field < cur_col_info->num_len_fields && cur_param->param_name; |
2979 | 0 | cur_len_field++) { |
2980 | 0 | unsigned param_len = tvb_get_uint16(tvb, cur_len_field * 2, encoding); |
2981 | 0 | if (cur_param->param_num == cur_len_field) { |
2982 | 0 | col_append_fstr(pinfo->cinfo, COL_INFO, ", %s=", cur_param->param_name); |
2983 | 0 | switch (cur_param->param_ftype) { |
2984 | 0 | case FT_STRING: |
2985 | 0 | col_append_str(pinfo->cinfo, COL_INFO, format_param_str(pinfo->pool, tvb, param_offset, param_len)); |
2986 | 0 | break; |
2987 | 0 | case FT_UINT64: |
2988 | 0 | col_append_fstr(pinfo->cinfo, COL_INFO, "%" PRIu64, tvb_get_uint64(tvb, param_offset, encoding)); |
2989 | 0 | default: |
2990 | 0 | break; |
2991 | 0 | } |
2992 | 0 | cur_param++; |
2993 | 0 | } |
2994 | 0 | param_offset += param_len; |
2995 | 0 | } |
2996 | 0 | } |
2997 | 0 | } |
2998 | | |
2999 | | /*** PROTOCOL TREE ***/ |
3000 | | |
3001 | | /* create display subtree for the protocol */ |
3002 | 0 | ti = proto_tree_add_item(tree, proto_sysdig_event, tvb, 0, -1, ENC_NA); |
3003 | |
|
3004 | 0 | se_tree = proto_item_add_subtree(ti, ett_sysdig_event); |
3005 | |
|
3006 | 0 | proto_tree_add_uint(se_tree, hf_se_cpu_id, tvb, 0, 0, pinfo->rec->rec_header.syscall_header.cpu_id); |
3007 | 0 | proto_tree_add_uint64(se_tree, hf_se_thread_id, tvb, 0, 0, pinfo->rec->rec_header.syscall_header.thread_id); |
3008 | 0 | proto_tree_add_uint(se_tree, hf_se_event_length, tvb, 0, 0, pinfo->rec->rec_header.syscall_header.event_len); |
3009 | 0 | if (pinfo->rec->rec_header.syscall_header.nparams != 0) { |
3010 | 0 | proto_tree_add_uint(se_tree, hf_se_nparams, tvb, 0, 0, pinfo->rec->rec_header.syscall_header.nparams); |
3011 | 0 | } |
3012 | 0 | ti = proto_tree_add_uint(se_tree, hf_se_event_type, tvb, 0, 0, event_type); |
3013 | |
|
3014 | 0 | syscall_tree = proto_item_add_subtree(ti, ett_sysdig_syscall); |
3015 | |
|
3016 | 0 | if (pinfo->rec->rec_header.syscall_header.nparams > 0) { |
3017 | 0 | for (cur_tree_info = event_tree_info; cur_tree_info->hf_indexes; cur_tree_info++) { |
3018 | 0 | if (cur_tree_info->event_type == event_type) { |
3019 | 0 | dissect_event_params(tvb, pinfo, &event_name, &pinfo->rec->rec_header.syscall_header, syscall_tree, encoding, cur_tree_info->hf_indexes, &event_param_data); |
3020 | 0 | break; |
3021 | 0 | } |
3022 | 0 | } |
3023 | 0 | } |
3024 | |
|
3025 | 0 | proto_tree_add_string(se_tree, hf_se_event_name, tvb, 0, 0, event_name); |
3026 | |
|
3027 | 0 | if (!sinsp_dissector_handle) { |
3028 | 0 | return tvb_reported_length(tvb); |
3029 | 0 | } |
3030 | | |
3031 | 0 | int ret = call_dissector_with_data(sinsp_dissector_handle, tvb, pinfo, tree, &event_param_data); |
3032 | |
|
3033 | 0 | if (event_param_data.data_bytes_offset > 0 && event_param_data.data_bytes_length > 0) { |
3034 | 0 | #define ELF_MAGIC 0x7f454c46 // 7f 'E' 'L' 'F' |
3035 | 0 | if (tvb_get_uint32(tvb, event_param_data.data_bytes_offset, ENC_BIG_ENDIAN) == ELF_MAGIC && elf_dissector_handle) { |
3036 | 0 | tvbuff_t *elf_tvb = tvb_new_subset_length(tvb, event_param_data.data_bytes_offset, event_param_data.data_bytes_length); |
3037 | 0 | TRY { |
3038 | 0 | call_dissector(elf_dissector_handle, elf_tvb, pinfo, tree); |
3039 | 0 | } CATCH_NONFATAL_ERRORS { |
3040 | | // Partial dissection is OK. |
3041 | 0 | } ENDTRY; |
3042 | 0 | } |
3043 | 0 | } |
3044 | |
|
3045 | 0 | return ret; |
3046 | 0 | } |
3047 | | |
3048 | | /* Register the protocol with Wireshark. |
3049 | | * |
3050 | | * This format is required because a script is used to build the C function that |
3051 | | * calls all the protocol registration. |
3052 | | */ |
3053 | | void |
3054 | | proto_register_sysdig_event(void) |
3055 | 14 | { |
3056 | | /* XXX Match up with Sysdig's names. */ |
3057 | 14 | static hf_register_info hf[] = { |
3058 | 14 | { &hf_se_cpu_id, |
3059 | 14 | { "CPU ID", "sysdig.cpu_id", |
3060 | 14 | FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL } |
3061 | 14 | }, |
3062 | 14 | { &hf_se_thread_id, |
3063 | 14 | { "Thread ID", "sysdig.thread_id", |
3064 | 14 | FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } |
3065 | 14 | }, |
3066 | 14 | { &hf_se_event_length, |
3067 | 14 | { "Event length", "sysdig.event_len", |
3068 | 14 | FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } |
3069 | 14 | }, |
3070 | 14 | { &hf_se_nparams, |
3071 | 14 | { "Number of parameters", "sysdig.nparams", |
3072 | 14 | FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } |
3073 | 14 | }, |
3074 | 14 | { &hf_se_event_type, |
3075 | 14 | { "Event type", "sysdig.event_type", |
3076 | 14 | FT_UINT16, BASE_DEC, VALS(event_type_vals), 0, NULL, HFILL } |
3077 | 14 | }, |
3078 | 14 | { &hf_se_event_name, |
3079 | 14 | { "Event name", "sysdig.event_name", |
3080 | 14 | FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } |
3081 | 14 | }, |
3082 | 14 | { &hf_se_param_lens, |
3083 | 14 | { "Parameter lengths", "sysdig.param.lens", |
3084 | 14 | FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } |
3085 | 14 | }, |
3086 | 14 | { &hf_se_param_len, |
3087 | 14 | { "Parameter length", "sysdig.param.len", |
3088 | 14 | FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } |
3089 | 14 | }, |
3090 | | |
3091 | | /* Header field registration. Automatically generated by tools/generate-sysdig-event.py */ |
3092 | 14 | { &hf_param_ID_uint16, { "ID", "sysdig.param.syscall.ID", FT_UINT16, BASE_DEC, VALS(ID_uint16_vals), 0, NULL, HFILL } }, |
3093 | 14 | { &hf_param_action_uint32, { "action", "sysdig.param.cpu_hotplug.action", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3094 | 14 | { &hf_param_addr_bytes, { "addr", "sysdig.param.ptrace.addr", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3095 | 14 | { &hf_param_addr_uint64, { "addr", "sysdig.param.mlock2.addr", FT_UINT64, BASE_HEX, NULL, 0, NULL, HFILL } }, |
3096 | 14 | { &hf_param_arg2_int_int64, { "arg2_int", "sysdig.param.prctl.arg2_int", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3097 | 14 | { &hf_param_arg2_str_string, { "arg2_str", "sysdig.param.prctl.arg2_str", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3098 | 14 | { &hf_param_arg_uint64, { "arg", "sysdig.param.io_uring_register.arg", FT_UINT64, BASE_HEX, NULL, 0, NULL, HFILL } }, |
3099 | 14 | { &hf_param_args_string, { "args", "sysdig.param.clone3.args", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3100 | 14 | { &hf_param_argument_uint64, { "I/O control: argument", "sysdig.param.ioctl.argument", FT_UINT64, BASE_HEX, NULL, 0, NULL, HFILL } }, |
3101 | 14 | { &hf_param_aux_int32, { "aux", "sysdig.param.fsconfig.aux", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3102 | 14 | { &hf_param_backlog_int32, { "backlog", "sysdig.param.listen.backlog", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3103 | 14 | { &hf_param_cap_effective_uint64, { "cap_effective", "sysdig.param.capset.cap_effective", FT_UINT64, BASE_HEX, NULL, 0, NULL, HFILL } }, |
3104 | 14 | { &hf_param_cap_inheritable_uint64, { "cap_inheritable", "sysdig.param.capset.cap_inheritable", FT_UINT64, BASE_HEX, NULL, 0, NULL, HFILL } }, |
3105 | 14 | { &hf_param_cap_permitted_uint64, { "cap_permitted", "sysdig.param.capset.cap_permitted", FT_UINT64, BASE_HEX, NULL, 0, NULL, HFILL } }, |
3106 | 14 | { &hf_param_cgroups_bytes, { "cgroups", "sysdig.param.clone3.cgroups", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3107 | 14 | { &hf_param_clockid_uint8, { "clockid", "sysdig.param.timerfd_create.clockid", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3108 | 14 | { &hf_param_cmd_bytes, { "cmd", "sysdig.param.fsconfig.cmd", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3109 | 14 | { &hf_param_cmd_int16, { "cmd", "sysdig.param.semctl.cmd", FT_INT16, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3110 | 14 | { &hf_param_cmd_int64, { "cmd", "sysdig.param.bpf.cmd", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3111 | 14 | { &hf_param_comm_string, { "comm", "sysdig.param.clone3.comm", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3112 | 14 | { &hf_param_container_id_string, { "container_id", "sysdig.param.groupdeleted.container_id", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3113 | 14 | { &hf_param_core_uint8, { "core", "sysdig.param.procexit.core", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3114 | 14 | { &hf_param_cpu_sys_uint64, { "cpu_sys", "sysdig.param.procinfo.cpu_sys", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3115 | 14 | { &hf_param_cpu_uint32, { "cpu", "sysdig.param.cpu_hotplug.cpu", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3116 | 14 | { &hf_param_cpu_usr_uint64, { "cpu_usr", "sysdig.param.procinfo.cpu_usr", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3117 | 14 | { &hf_param_cq_entries_uint32, { "cq_entries", "sysdig.param.io_uring_setup.cq_entries", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3118 | 14 | { &hf_param_cur_int64, { "cur", "sysdig.param.setrlimit.cur", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3119 | 14 | { &hf_param_cwd_string, { "cwd", "sysdig.param.clone3.cwd", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3120 | 14 | { &hf_param_data_bytes, { "data", "sysdig.param.process_vm_writev.data", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3121 | 14 | { &hf_param_desc_string, { "desc", "sysdig.param.notification.desc", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3122 | 14 | { &hf_param_description_string, { "description", "sysdig.param.infra.description", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3123 | 14 | { &hf_param_dev_string, { "dev", "sysdig.param.mount.dev", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3124 | 14 | { &hf_param_dev_uint32, { "dev", "sysdig.param.mknodat.dev", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3125 | 14 | { &hf_param_dir_string, { "dir", "sysdig.param.mount.dir", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3126 | 14 | { &hf_param_dirfd_int64, { "dirfd", "sysdig.param.newfstatat.dirfd", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3127 | 14 | { &hf_param_domain_bytes, { "domain", "sysdig.param.socketpair.domain", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3128 | 14 | { &hf_param_dpid_int64, { "dpid", "sysdig.param.signaldeliver.dpid", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3129 | 14 | { &hf_param_dqb_bhardlimit_uint64, { "dqb_bhardlimit", "sysdig.param.quotactl.dqb_bhardlimit", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3130 | 14 | { &hf_param_dqb_bsoftlimit_uint64, { "dqb_bsoftlimit", "sysdig.param.quotactl.dqb_bsoftlimit", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3131 | 14 | { &hf_param_dqb_btime_bytes, { "dqb_btime", "sysdig.param.quotactl.dqb_btime", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3132 | 14 | { &hf_param_dqb_curspace_uint64, { "dqb_curspace", "sysdig.param.quotactl.dqb_curspace", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3133 | 14 | { &hf_param_dqb_ihardlimit_uint64, { "dqb_ihardlimit", "sysdig.param.quotactl.dqb_ihardlimit", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3134 | 14 | { &hf_param_dqb_isoftlimit_uint64, { "dqb_isoftlimit", "sysdig.param.quotactl.dqb_isoftlimit", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3135 | 14 | { &hf_param_dqb_itime_bytes, { "dqb_itime", "sysdig.param.quotactl.dqb_itime", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3136 | 14 | { &hf_param_dqi_bgrace_bytes, { "dqi_bgrace", "sysdig.param.quotactl.dqi_bgrace", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3137 | 14 | { &hf_param_dqi_flags_int8, { "dqi_flags", "sysdig.param.quotactl.dqi_flags", FT_INT8, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3138 | 14 | { &hf_param_dqi_igrace_bytes, { "dqi_igrace", "sysdig.param.quotactl.dqi_igrace", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3139 | 14 | { &hf_param_egid_int32, { "egid", "sysdig.param.setregid.egid", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3140 | 14 | { &hf_param_entries_uint32, { "entries", "sysdig.param.io_uring_setup.entries", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3141 | 14 | { &hf_param_env_string, { "env", "sysdig.param.execveat.env", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3142 | 14 | { &hf_param_error_int32, { "error", "sysdig.param.page_fault.error", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3143 | 14 | { &hf_param_euid_int32, { "euid", "sysdig.param.setreuid.euid", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3144 | 14 | { &hf_param_event_data_bytes, { "event_data", "sysdig.param.pluginevent.event_data", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3145 | 14 | { &hf_param_event_data_uint64, { "event_data", "sysdig.param.scapevent.event_data", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3146 | 14 | { &hf_param_event_type_uint32, { "event_type", "sysdig.param.scapevent.event_type", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3147 | 14 | { &hf_param_exe_ino_ctime_bytes, { "exe_ino_ctime", "sysdig.param.execveat.exe_ino_ctime", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3148 | 14 | { &hf_param_exe_ino_mtime_bytes, { "exe_ino_mtime", "sysdig.param.execveat.exe_ino_mtime", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3149 | 14 | { &hf_param_exe_ino_uint64, { "exe_ino", "sysdig.param.execveat.exe_ino", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3150 | 14 | { &hf_param_exe_string, { "exe", "sysdig.param.clone3.exe", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3151 | 14 | { &hf_param_fd1_int64, { "fd1", "sysdig.param.pipe2.fd1", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3152 | 14 | { &hf_param_fd2_int64, { "fd2", "sysdig.param.pipe2.fd2", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3153 | 14 | { &hf_param_fd_in_int64, { "fd_in", "sysdig.param.splice.fd_in", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3154 | 14 | { &hf_param_fd_int64, { "fd", "sysdig.param.finit_module.fd", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3155 | 14 | { &hf_param_fd_out_int64, { "fd_out", "sysdig.param.splice.fd_out", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3156 | 14 | { &hf_param_fdin_int64, { "fdin", "sysdig.param.copy_file_range.fdin", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3157 | 14 | { &hf_param_fdlimit_int64, { "fdlimit", "sysdig.param.clone3.fdlimit", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3158 | 14 | { &hf_param_fdlimit_uint64, { "fdlimit", "sysdig.param.execveat.fdlimit", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3159 | 14 | { &hf_param_fdout_int64, { "fdout", "sysdig.param.copy_file_range.fdout", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3160 | 14 | { &hf_param_fds_bytes, { "fds", "sysdig.param.ppoll.fds", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3161 | 14 | { &hf_param_features_int32, { "features", "sysdig.param.io_uring_setup.features", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3162 | 14 | { &hf_param_filename_string, { "filename", "sysdig.param.chmod.filename", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3163 | 14 | { &hf_param_flags_int16, { "flags", "sysdig.param.signalfd4.flags", FT_INT16, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3164 | 14 | { &hf_param_flags_int32, { "flags", "sysdig.param.delete_module.flags", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3165 | 14 | { &hf_param_flags_uint32, { "flags", "sysdig.param.pidfd_getfd.flags", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL } }, |
3166 | 14 | { &hf_param_flags_uint64, { "flags", "sysdig.param.seccomp.flags", FT_UINT64, BASE_HEX, NULL, 0, NULL, HFILL } }, |
3167 | 14 | { &hf_param_flags_uint8, { "flags", "sysdig.param.inotify_init.flags", FT_UINT8, BASE_HEX, NULL, 0, NULL, HFILL } }, |
3168 | 14 | { &hf_param_gid_int32, { "gid", "sysdig.param.getgid.gid", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3169 | 14 | { &hf_param_gid_uint32, { "gid", "sysdig.param.fchownat.gid", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3170 | 14 | { &hf_param_home_string, { "home", "sysdig.param.userdeleted.home", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3171 | 14 | { &hf_param_how_bytes, { "how", "sysdig.param.shutdown.how", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3172 | 14 | { &hf_param_id_int64, { "id", "sysdig.param.tracer.id", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3173 | 14 | { &hf_param_id_string, { "id", "sysdig.param.notification.id", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3174 | 14 | { &hf_param_id_uint32, { "id", "sysdig.param.quotactl.id", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3175 | 14 | { &hf_param_image_string, { "image", "sysdig.param.container.image", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3176 | 14 | { &hf_param_img_bytes, { "img", "sysdig.param.init_module.img", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3177 | 14 | { &hf_param_in_fd_int64, { "in_fd", "sysdig.param.sendfile.in_fd", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3178 | 14 | { &hf_param_initval_uint64, { "initval", "sysdig.param.eventfd2.initval", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3179 | 14 | { &hf_param_ino_uint64, { "ino", "sysdig.param.pipe2.ino", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3180 | 14 | { &hf_param_interval_bytes, { "interval", "sysdig.param.nanosleep.interval", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3181 | 14 | { &hf_param_ip_uint64, { "ip", "sysdig.param.page_fault.ip", FT_UINT64, BASE_HEX, NULL, 0, NULL, HFILL } }, |
3182 | 14 | { &hf_param_json_string, { "json", "sysdig.param.container.json", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3183 | 14 | { &hf_param_key_int32, { "key", "sysdig.param.semget.key", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3184 | 14 | { &hf_param_key_string, { "key", "sysdig.param.fsconfig.key", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3185 | 14 | { &hf_param_len_uint64, { "len", "sysdig.param.mlock2.len", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3186 | 14 | { &hf_param_length_uint64, { "length", "sysdig.param.init_module.length", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3187 | 14 | { &hf_param_level_bytes, { "level", "sysdig.param.getsockopt.level", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3188 | 14 | { &hf_param_linkdirfd_int64, { "linkdirfd", "sysdig.param.symlinkat.linkdirfd", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3189 | 14 | { &hf_param_linkpath_string, { "linkpath", "sysdig.param.symlinkat.linkpath", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3190 | 14 | { &hf_param_loginuid_int32, { "loginuid", "sysdig.param.execveat.loginuid", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3191 | 14 | { &hf_param_mask_uint32, { "mask", "sysdig.param.signalfd4.mask", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL } }, |
3192 | 14 | { &hf_param_max_int64, { "max", "sysdig.param.setrlimit.max", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3193 | 14 | { &hf_param_maxevents_int64, { "maxevents", "sysdig.param.epoll_wait.maxevents", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3194 | 14 | { &hf_param_min_complete_uint32, { "min_complete", "sysdig.param.io_uring_enter.min_complete", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3195 | 14 | { &hf_param_mode_int32, { "mode", "sysdig.param.mknodat.mode", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3196 | 14 | { &hf_param_mode_uint32, { "mode", "sysdig.param.openat2.mode", FT_UINT32, BASE_OCT, NULL, 0, NULL, HFILL } }, |
3197 | 14 | { &hf_param_mountfd_int64, { "mountfd", "sysdig.param.open_by_handle_at.mountfd", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3198 | 14 | { &hf_param_msgcontrol_bytes, { "msgcontrol", "sysdig.param.recvmsg.msgcontrol", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3199 | 14 | { &hf_param_name_string, { "name", "sysdig.param.delete_module.name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3200 | 14 | { &hf_param_nativeID_uint16, { "nativeID", "sysdig.param.syscall.nativeID", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3201 | 14 | { &hf_param_newcur_int64, { "newcur", "sysdig.param.prlimit.newcur", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3202 | 14 | { &hf_param_newdir_int64, { "newdir", "sysdig.param.linkat.newdir", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3203 | 14 | { &hf_param_newdirfd_int64, { "newdirfd", "sysdig.param.renameat2.newdirfd", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3204 | 14 | { &hf_param_newfd_int64, { "newfd", "sysdig.param.dup3.newfd", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3205 | 14 | { &hf_param_newmax_int64, { "newmax", "sysdig.param.prlimit.newmax", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3206 | 14 | { &hf_param_newpath_string, { "newpath", "sysdig.param.renameat2.newpath", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3207 | 14 | { &hf_param_next_int64, { "next", "sysdig.param.switch.next", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3208 | 14 | { &hf_param_nr_args_uint32, { "nr_args", "sysdig.param.io_uring_register.nr_args", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3209 | 14 | { &hf_param_nsems_int32, { "nsems", "sysdig.param.semget.nsems", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3210 | 14 | { &hf_param_nsops_uint32, { "nsops", "sysdig.param.semop.nsops", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3211 | 14 | { &hf_param_nstype_int32, { "nstype", "sysdig.param.setns.nstype", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3212 | 14 | { &hf_param_offin_uint64, { "offin", "sysdig.param.copy_file_range.offin", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3213 | 14 | { &hf_param_offout_uint64, { "offout", "sysdig.param.copy_file_range.offout", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3214 | 14 | { &hf_param_offset_uint64, { "offset", "sysdig.param.sendfile.offset", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3215 | 14 | { &hf_param_oldcur_int64, { "oldcur", "sysdig.param.prlimit.oldcur", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3216 | 14 | { &hf_param_olddir_int64, { "olddir", "sysdig.param.linkat.olddir", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3217 | 14 | { &hf_param_olddirfd_int64, { "olddirfd", "sysdig.param.renameat2.olddirfd", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3218 | 14 | { &hf_param_oldfd_int64, { "oldfd", "sysdig.param.dup.oldfd", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3219 | 14 | { &hf_param_oldmax_int64, { "oldmax", "sysdig.param.prlimit.oldmax", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3220 | 14 | { &hf_param_oldpath_string, { "oldpath", "sysdig.param.renameat2.oldpath", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3221 | 14 | { &hf_param_op_bytes, { "op", "sysdig.param.futex.op", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3222 | 14 | { &hf_param_op_uint64, { "op", "sysdig.param.seccomp.op", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3223 | 14 | { &hf_param_opcode_bytes, { "opcode", "sysdig.param.io_uring_register.opcode", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3224 | 14 | { &hf_param_operation_int32, { "operation", "sysdig.param.flock.operation", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3225 | 14 | { &hf_param_option_bytes, { "option", "sysdig.param.prctl.option", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3226 | 14 | { &hf_param_optlen_uint32, { "optlen", "sysdig.param.getsockopt.optlen", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3227 | 14 | { &hf_param_optname_bytes, { "optname", "sysdig.param.getsockopt.optname", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3228 | 14 | { &hf_param_out_fd_int64, { "out_fd", "sysdig.param.sendfile.out_fd", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3229 | 14 | { &hf_param_path_string, { "path", "sysdig.param.newfstatat.path", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3230 | 14 | { &hf_param_pathname_string, { "pathname", "sysdig.param.fchownat.pathname", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3231 | 14 | { &hf_param_peer_uint64, { "peer", "sysdig.param.socketpair.peer", FT_UINT64, BASE_HEX, NULL, 0, NULL, HFILL } }, |
3232 | 14 | { &hf_param_pgft_maj_uint64, { "pgft_maj", "sysdig.param.clone3.pgft_maj", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3233 | 14 | { &hf_param_pgft_min_uint64, { "pgft_min", "sysdig.param.clone3.pgft_min", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3234 | 14 | { &hf_param_pgid_int64, { "pgid", "sysdig.param.execveat.pgid", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3235 | 14 | { &hf_param_pgoffset_uint64, { "pgoffset", "sysdig.param.mmap2.pgoffset", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3236 | 14 | { &hf_param_pid_fd_int64, { "pid_fd", "sysdig.param.pidfd_getfd.pid_fd", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3237 | 14 | { &hf_param_pid_int64, { "pid", "sysdig.param.process_vm_writev.pid", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3238 | 14 | { &hf_param_pidns_init_start_ts_uint64, { "pidns_init_start_ts", "sysdig.param.clone3.pidns_init_start_ts", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3239 | 14 | { &hf_param_plugin_id_uint32, { "plugin_id", "sysdig.param.asyncevent.plugin_id", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3240 | 14 | { &hf_param_pos_uint64, { "pos", "sysdig.param.pwritev.pos", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3241 | 14 | { &hf_param_prot_int32, { "prot", "sysdig.param.mprotect.prot", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3242 | 14 | { &hf_param_proto_uint32, { "proto", "sysdig.param.socketpair.proto", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3243 | 14 | { &hf_param_ptid_int64, { "ptid", "sysdig.param.clone3.ptid", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3244 | 14 | { &hf_param_queuelen_uint32, { "queuelen", "sysdig.param.accept4.queuelen", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3245 | 14 | { &hf_param_queuemax_uint32, { "queuemax", "sysdig.param.accept4.queuemax", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3246 | 14 | { &hf_param_queuepct_uint8, { "queuepct", "sysdig.param.accept4.queuepct", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3247 | 14 | { &hf_param_quota_fmt_int8, { "quota_fmt", "sysdig.param.quotactl.quota_fmt", FT_INT8, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3248 | 14 | { &hf_param_quota_fmt_out_int8, { "quota_fmt_out", "sysdig.param.quotactl.quota_fmt_out", FT_INT8, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3249 | 14 | { &hf_param_quotafilepath_string, { "quotafilepath", "sysdig.param.quotactl.quotafilepath", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3250 | 14 | { &hf_param_ratio_uint32, { "ratio", "sysdig.param.drop.ratio", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3251 | 14 | { &hf_param_reaper_tid_int64, { "reaper_tid", "sysdig.param.procexit.reaper_tid", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3252 | 14 | { &hf_param_request_bytes, { "request", "sysdig.param.ptrace.request", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3253 | 14 | { &hf_param_request_uint64, { "I/O control: request", "sysdig.param.ioctl.request", FT_UINT64, BASE_HEX, NULL, 0, NULL, HFILL } }, |
3254 | 14 | { &hf_param_res_int64, { "res", "sysdig.param.setregid.res", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3255 | 14 | { &hf_param_res_or_fd_bytes, { "res_or_fd", "sysdig.param.bpf.res_or_fd", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3256 | 14 | { &hf_param_res_uint64, { "res", "sysdig.param.brk.res", FT_UINT64, BASE_HEX, NULL, 0, NULL, HFILL } }, |
3257 | 14 | { &hf_param_resolve_int32, { "resolve", "sysdig.param.openat2.resolve", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3258 | 14 | { &hf_param_resource_bytes, { "resource", "sysdig.param.prlimit.resource", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3259 | 14 | { &hf_param_ret_int64, { "ret", "sysdig.param.procexit.ret", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3260 | 14 | { &hf_param_rgid_int32, { "rgid", "sysdig.param.setregid.rgid", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3261 | 14 | { &hf_param_ruid_int32, { "ruid", "sysdig.param.setreuid.ruid", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3262 | 14 | { &hf_param_scope_string, { "scope", "sysdig.param.infra.scope", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3263 | 14 | { &hf_param_sem_flg_0_int16, { "sem_flg_0", "sysdig.param.semop.sem_flg_0", FT_INT16, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3264 | 14 | { &hf_param_sem_flg_1_int16, { "sem_flg_1", "sysdig.param.semop.sem_flg_1", FT_INT16, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3265 | 14 | { &hf_param_sem_num_0_uint16, { "sem_num_0", "sysdig.param.semop.sem_num_0", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3266 | 14 | { &hf_param_sem_num_1_uint16, { "sem_num_1", "sysdig.param.semop.sem_num_1", FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3267 | 14 | { &hf_param_sem_op_0_int16, { "sem_op_0", "sysdig.param.semop.sem_op_0", FT_INT16, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3268 | 14 | { &hf_param_sem_op_1_int16, { "sem_op_1", "sysdig.param.semop.sem_op_1", FT_INT16, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3269 | 14 | { &hf_param_semflg_int32, { "semflg", "sysdig.param.semget.semflg", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3270 | 14 | { &hf_param_semid_int32, { "semid", "sysdig.param.semctl.semid", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3271 | 14 | { &hf_param_semnum_int32, { "semnum", "sysdig.param.semctl.semnum", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3272 | 14 | { &hf_param_sgid_int32, { "sgid", "sysdig.param.getresgid.sgid", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3273 | 14 | { &hf_param_shell_string, { "shell", "sysdig.param.userdeleted.shell", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3274 | 14 | { &hf_param_sig_bytes, { "sig", "sysdig.param.io_uring_enter.sig", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3275 | 14 | { &hf_param_sigmask_bytes, { "sigmask", "sysdig.param.ppoll.sigmask", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3276 | 14 | { &hf_param_size_int32, { "size", "sysdig.param.epoll_create.size", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3277 | 14 | { &hf_param_size_uint32, { "size", "sysdig.param.pwritev.size", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3278 | 14 | { &hf_param_size_uint64, { "size", "sysdig.param.sendfile.size", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3279 | 14 | { &hf_param_source_string, { "source", "sysdig.param.infra.source", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3280 | 14 | { &hf_param_source_uint64, { "source", "sysdig.param.socketpair.source", FT_UINT64, BASE_HEX, NULL, 0, NULL, HFILL } }, |
3281 | 14 | { &hf_param_special_string, { "special", "sysdig.param.quotactl.special", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3282 | 14 | { &hf_param_spid_int64, { "spid", "sysdig.param.signaldeliver.spid", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3283 | 14 | { &hf_param_sq_entries_uint32, { "sq_entries", "sysdig.param.io_uring_setup.sq_entries", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3284 | 14 | { &hf_param_sq_thread_cpu_uint32, { "sq_thread_cpu", "sysdig.param.io_uring_setup.sq_thread_cpu", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3285 | 14 | { &hf_param_sq_thread_idle_uint32, { "sq_thread_idle", "sysdig.param.io_uring_setup.sq_thread_idle", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3286 | 14 | { &hf_param_status_int64, { "status", "sysdig.param.procexit.status", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3287 | 14 | { &hf_param_suid_int32, { "suid", "sysdig.param.getresuid.suid", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3288 | 14 | { &hf_param_tags_bytes, { "tags", "sysdig.param.tracer.tags", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3289 | 14 | { &hf_param_target_fd_int64, { "target_fd", "sysdig.param.pidfd_getfd.target_fd", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3290 | 14 | { &hf_param_target_string, { "target", "sysdig.param.symlinkat.target", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3291 | 14 | { &hf_param_tid_int64, { "tid", "sysdig.param.clone3.tid", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3292 | 14 | { &hf_param_timeout_bytes, { "timeout", "sysdig.param.ppoll.timeout", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3293 | 14 | { &hf_param_timeout_int64, { "timeout", "sysdig.param.poll.timeout", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3294 | 14 | { &hf_param_to_submit_uint32, { "to_submit", "sysdig.param.io_uring_enter.to_submit", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3295 | 14 | { &hf_param_trusted_exepath_string, { "trusted_exepath", "sysdig.param.execveat.trusted_exepath", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3296 | 14 | { &hf_param_tty_int32, { "tty", "sysdig.param.execve.tty", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3297 | 14 | { &hf_param_tty_uint32, { "tty", "sysdig.param.execveat.tty", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3298 | 14 | { &hf_param_tuple_bytes, { "tuple", "sysdig.param.accept4.tuple", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3299 | 14 | { &hf_param_type_int8, { "type", "sysdig.param.quotactl.type", FT_INT8, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3300 | 14 | { &hf_param_type_string, { "type", "sysdig.param.mount.type", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3301 | 14 | { &hf_param_type_uint32, { "type", "sysdig.param.container.type", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3302 | 14 | { &hf_param_uargs_string, { "uargs", "sysdig.param.finit_module.uargs", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3303 | 14 | { &hf_param_uid_int32, { "uid", "sysdig.param.execveat.uid", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3304 | 14 | { &hf_param_uid_uint32, { "uid", "sysdig.param.fchownat.uid", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3305 | 14 | { &hf_param_val_bytes, { "val", "sysdig.param.getsockopt.val", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3306 | 14 | { &hf_param_val_int32, { "val", "sysdig.param.semctl.val", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3307 | 14 | { &hf_param_val_uint64, { "val", "sysdig.param.futex.val", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3308 | 14 | { &hf_param_value_bytebuf_bytes, { "value_bytebuf", "sysdig.param.fsconfig.value_bytebuf", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3309 | 14 | { &hf_param_value_charbuf_string, { "value_charbuf", "sysdig.param.fsconfig.value_charbuf", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3310 | 14 | { &hf_param_vm_rss_uint32, { "vm_rss", "sysdig.param.clone3.vm_rss", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3311 | 14 | { &hf_param_vm_size_uint32, { "vm_size", "sysdig.param.clone3.vm_size", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3312 | 14 | { &hf_param_vm_swap_uint32, { "vm_swap", "sysdig.param.clone3.vm_swap", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3313 | 14 | { &hf_param_vpid_int64, { "vpid", "sysdig.param.clone3.vpid", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3314 | 14 | { &hf_param_vtid_int64, { "vtid", "sysdig.param.clone3.vtid", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, |
3315 | 14 | { &hf_param_whence_bytes, { "whence", "sysdig.param.llseek.whence", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, |
3316 | 14 | }; |
3317 | | |
3318 | | /* Setup protocol subtree array */ |
3319 | 14 | static int *ett[] = { |
3320 | 14 | &ett_sysdig_event, |
3321 | 14 | &ett_sysdig_parm_lens, |
3322 | 14 | &ett_sysdig_syscall |
3323 | 14 | }; |
3324 | | |
3325 | | /* Register the protocol name and description */ |
3326 | 14 | proto_sysdig_event = proto_register_protocol("Sysdig Event", "Sysdig Event", "sysdig"); |
3327 | | |
3328 | | /* Required function calls to register the header fields and subtrees */ |
3329 | 14 | proto_register_field_array(proto_sysdig_event, hf, array_length(hf)); |
3330 | 14 | proto_register_subtree_array(ett, array_length(ett)); |
3331 | | |
3332 | 14 | sysdig_event_handle = register_dissector("sysdig", dissect_sysdig_event, proto_sysdig_event); |
3333 | 14 | } |
3334 | | |
3335 | | void |
3336 | | proto_reg_handoff_sysdig_event(void) |
3337 | 14 | { |
3338 | 14 | dissector_add_uint("pcapng.block_type", BLOCK_TYPE_SYSDIG_EVENT, sysdig_event_handle); |
3339 | 14 | dissector_add_uint("pcapng.block_type", BLOCK_TYPE_SYSDIG_EVENT_V2, sysdig_event_handle); |
3340 | 14 | dissector_add_uint("pcapng.block_type", BLOCK_TYPE_SYSDIG_EVENT_V2_LARGE, sysdig_event_handle); |
3341 | | |
3342 | 14 | sinsp_dissector_handle = find_dissector("falcobridge"); |
3343 | 14 | elf_dissector_handle = find_dissector("elf"); |
3344 | 14 | } |
3345 | | |
3346 | | /* |
3347 | | * Editor modelines - https://www.wireshark.org/tools/modelines.html |
3348 | | * |
3349 | | * Local variables: |
3350 | | * c-basic-offset: 4 |
3351 | | * tab-width: 8 |
3352 | | * indent-tabs-mode: nil |
3353 | | * End: |
3354 | | * |
3355 | | * vi: set shiftwidth=4 tabstop=8 expandtab: |
3356 | | * :indentSize=4:tabSize=8:noTabs=true: |
3357 | | */ |