Eunomia
0.1.0
A lightweight eBPF-based CloudNative Monitor tool for Container Security and Observability
syscall_helpers.h
Go to the documentation of this file.
1
/* SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause)
2
*
3
* Copyright (c) 2020, Andrii Nakryiko
4
*
5
* modified from https://github.com/libbpf/libbpf-bootstrap/
6
* We use libbpf-bootstrap as a start template for our bpf program.
7
*/
8
#ifndef __SYSCALL_HELPERS_H
9
#define __SYSCALL_HELPERS_H
10
11
#include <stdlib.h>
12
13
/*
14
* Syscall table for Linux x86_64.
15
*
16
* Semi-automatically generated from strace/linux/x86_64/syscallent.h and
17
* linux/syscallent-common.h using the following commands:
18
*
19
* awk -F\" '/SEN/{printf("%d %s\n", substr($0,2,3), $(NF-1));}' syscallent.h
20
* awk '/SEN/ { printf("%d %s\n", $3, $9); }' syscallent-common.h
21
*
22
* (The idea is taken from src/python/bcc/syscall.py.)
23
*/
24
#ifdef __x86_64__
25
static
const
char
*syscall_names_x86_64[] = {
26
[0] =
"read"
,
27
[1] =
"write"
,
28
[2] =
"open"
,
29
[3] =
"close"
,
30
[4] =
"stat"
,
31
[5] =
"fstat"
,
32
[6] =
"lstat"
,
33
[7] =
"poll"
,
34
[8] =
"lseek"
,
35
[9] =
"mmap"
,
36
[10] =
"mprotect"
,
37
[11] =
"munmap"
,
38
[12] =
"brk"
,
39
[13] =
"rt_sigaction"
,
40
[14] =
"rt_sigprocmask"
,
41
[15] =
"rt_sigreturn"
,
42
[16] =
"ioctl"
,
43
[17] =
"pread64"
,
44
[18] =
"pwrite64"
,
45
[19] =
"readv"
,
46
[20] =
"writev"
,
47
[21] =
"access"
,
48
[22] =
"pipe"
,
49
[23] =
"select"
,
50
[24] =
"sched_yield"
,
51
[25] =
"mremap"
,
52
[26] =
"msync"
,
53
[27] =
"mincore"
,
54
[28] =
"madvise"
,
55
[29] =
"shmget"
,
56
[30] =
"shmat"
,
57
[31] =
"shmctl"
,
58
[32] =
"dup"
,
59
[33] =
"dup2"
,
60
[34] =
"pause"
,
61
[35] =
"nanosleep"
,
62
[36] =
"getitimer"
,
63
[37] =
"alarm"
,
64
[38] =
"setitimer"
,
65
[39] =
"getpid"
,
66
[40] =
"sendfile"
,
67
[41] =
"socket"
,
68
[42] =
"connect"
,
69
[43] =
"accept"
,
70
[44] =
"sendto"
,
71
[45] =
"recvfrom"
,
72
[46] =
"sendmsg"
,
73
[47] =
"recvmsg"
,
74
[48] =
"shutdown"
,
75
[49] =
"bind"
,
76
[50] =
"listen"
,
77
[51] =
"getsockname"
,
78
[52] =
"getpeername"
,
79
[53] =
"socketpair"
,
80
[54] =
"setsockopt"
,
81
[55] =
"getsockopt"
,
82
[56] =
"clone"
,
83
[57] =
"fork"
,
84
[58] =
"vfork"
,
85
[59] =
"execve"
,
86
[60] =
"exit"
,
87
[61] =
"wait4"
,
88
[62] =
"kill"
,
89
[63] =
"uname"
,
90
[64] =
"semget"
,
91
[65] =
"semop"
,
92
[66] =
"semctl"
,
93
[67] =
"shmdt"
,
94
[68] =
"msgget"
,
95
[69] =
"msgsnd"
,
96
[70] =
"msgrcv"
,
97
[71] =
"msgctl"
,
98
[72] =
"fcntl"
,
99
[73] =
"flock"
,
100
[74] =
"fsync"
,
101
[75] =
"fdatasync"
,
102
[76] =
"truncate"
,
103
[77] =
"ftruncate"
,
104
[78] =
"getdents"
,
105
[79] =
"getcwd"
,
106
[80] =
"chdir"
,
107
[81] =
"fchdir"
,
108
[82] =
"rename"
,
109
[83] =
"mkdir"
,
110
[84] =
"rmdir"
,
111
[85] =
"creat"
,
112
[86] =
"link"
,
113
[87] =
"unlink"
,
114
[88] =
"symlink"
,
115
[89] =
"readlink"
,
116
[90] =
"chmod"
,
117
[91] =
"fchmod"
,
118
[92] =
"chown"
,
119
[93] =
"fchown"
,
120
[94] =
"lchown"
,
121
[95] =
"umask"
,
122
[96] =
"gettimeofday"
,
123
[97] =
"getrlimit"
,
124
[98] =
"getrusage"
,
125
[99] =
"sysinfo"
,
126
[100] =
"times"
,
127
[101] =
"ptrace"
,
128
[102] =
"getuid"
,
129
[103] =
"syslog"
,
130
[104] =
"getgid"
,
131
[105] =
"setuid"
,
132
[106] =
"setgid"
,
133
[107] =
"geteuid"
,
134
[108] =
"getegid"
,
135
[109] =
"setpgid"
,
136
[110] =
"getppid"
,
137
[111] =
"getpgrp"
,
138
[112] =
"setsid"
,
139
[113] =
"setreuid"
,
140
[114] =
"setregid"
,
141
[115] =
"getgroups"
,
142
[116] =
"setgroups"
,
143
[117] =
"setresuid"
,
144
[118] =
"getresuid"
,
145
[119] =
"setresgid"
,
146
[120] =
"getresgid"
,
147
[121] =
"getpgid"
,
148
[122] =
"setfsuid"
,
149
[123] =
"setfsgid"
,
150
[124] =
"getsid"
,
151
[125] =
"capget"
,
152
[126] =
"capset"
,
153
[127] =
"rt_sigpending"
,
154
[128] =
"rt_sigtimedwait"
,
155
[129] =
"rt_sigqueueinfo"
,
156
[130] =
"rt_sigsuspend"
,
157
[131] =
"sigaltstack"
,
158
[132] =
"utime"
,
159
[133] =
"mknod"
,
160
[134] =
"uselib"
,
161
[135] =
"personality"
,
162
[136] =
"ustat"
,
163
[137] =
"statfs"
,
164
[138] =
"fstatfs"
,
165
[139] =
"sysfs"
,
166
[140] =
"getpriority"
,
167
[141] =
"setpriority"
,
168
[142] =
"sched_setparam"
,
169
[143] =
"sched_getparam"
,
170
[144] =
"sched_setscheduler"
,
171
[145] =
"sched_getscheduler"
,
172
[146] =
"sched_get_priority_max"
,
173
[147] =
"sched_get_priority_min"
,
174
[148] =
"sched_rr_get_interval"
,
175
[149] =
"mlock"
,
176
[150] =
"munlock"
,
177
[151] =
"mlockall"
,
178
[152] =
"munlockall"
,
179
[153] =
"vhangup"
,
180
[154] =
"modify_ldt"
,
181
[155] =
"pivot_root"
,
182
[156] =
"_sysctl"
,
183
[157] =
"prctl"
,
184
[158] =
"arch_prctl"
,
185
[159] =
"adjtimex"
,
186
[160] =
"setrlimit"
,
187
[161] =
"chroot"
,
188
[162] =
"sync"
,
189
[163] =
"acct"
,
190
[164] =
"settimeofday"
,
191
[165] =
"mount"
,
192
[166] =
"umount2"
,
193
[167] =
"swapon"
,
194
[168] =
"swapoff"
,
195
[169] =
"reboot"
,
196
[170] =
"sethostname"
,
197
[171] =
"setdomainname"
,
198
[172] =
"iopl"
,
199
[173] =
"ioperm"
,
200
[174] =
"create_module"
,
201
[175] =
"init_module"
,
202
[176] =
"delete_module"
,
203
[177] =
"get_kernel_syms"
,
204
[178] =
"query_module"
,
205
[179] =
"quotactl"
,
206
[180] =
"nfsservctl"
,
207
[181] =
"getpmsg"
,
208
[182] =
"putpmsg"
,
209
[183] =
"afs_syscall"
,
210
[184] =
"tuxcall"
,
211
[185] =
"security"
,
212
[186] =
"gettid"
,
213
[187] =
"readahead"
,
214
[188] =
"setxattr"
,
215
[189] =
"lsetxattr"
,
216
[190] =
"fsetxattr"
,
217
[191] =
"getxattr"
,
218
[192] =
"lgetxattr"
,
219
[193] =
"fgetxattr"
,
220
[194] =
"listxattr"
,
221
[195] =
"llistxattr"
,
222
[196] =
"flistxattr"
,
223
[197] =
"removexattr"
,
224
[198] =
"lremovexattr"
,
225
[199] =
"fremovexattr"
,
226
[200] =
"tkill"
,
227
[201] =
"time"
,
228
[202] =
"futex"
,
229
[203] =
"sched_setaffinity"
,
230
[204] =
"sched_getaffinity"
,
231
[205] =
"set_thread_area"
,
232
[206] =
"io_setup"
,
233
[207] =
"io_destroy"
,
234
[208] =
"io_getevents"
,
235
[209] =
"io_submit"
,
236
[210] =
"io_cancel"
,
237
[211] =
"get_thread_area"
,
238
[212] =
"lookup_dcookie"
,
239
[213] =
"epoll_create"
,
240
[214] =
"epoll_ctl_old"
,
241
[215] =
"epoll_wait_old"
,
242
[216] =
"remap_file_pages"
,
243
[217] =
"getdents64"
,
244
[218] =
"set_tid_address"
,
245
[219] =
"restart_syscall"
,
246
[220] =
"semtimedop"
,
247
[221] =
"fadvise64"
,
248
[222] =
"timer_create"
,
249
[223] =
"timer_settime"
,
250
[224] =
"timer_gettime"
,
251
[225] =
"timer_getoverrun"
,
252
[226] =
"timer_delete"
,
253
[227] =
"clock_settime"
,
254
[228] =
"clock_gettime"
,
255
[229] =
"clock_getres"
,
256
[230] =
"clock_nanosleep"
,
257
[231] =
"exit_group"
,
258
[232] =
"epoll_wait"
,
259
[233] =
"epoll_ctl"
,
260
[234] =
"tgkill"
,
261
[235] =
"utimes"
,
262
[236] =
"vserver"
,
263
[237] =
"mbind"
,
264
[238] =
"set_mempolicy"
,
265
[239] =
"get_mempolicy"
,
266
[240] =
"mq_open"
,
267
[241] =
"mq_unlink"
,
268
[242] =
"mq_timedsend"
,
269
[243] =
"mq_timedreceive"
,
270
[244] =
"mq_notify"
,
271
[245] =
"mq_getsetattr"
,
272
[246] =
"kexec_load"
,
273
[247] =
"waitid"
,
274
[248] =
"add_key"
,
275
[249] =
"request_key"
,
276
[250] =
"keyctl"
,
277
[251] =
"ioprio_set"
,
278
[252] =
"ioprio_get"
,
279
[253] =
"inotify_init"
,
280
[254] =
"inotify_add_watch"
,
281
[255] =
"inotify_rm_watch"
,
282
[256] =
"migrate_pages"
,
283
[257] =
"openat"
,
284
[258] =
"mkdirat"
,
285
[259] =
"mknodat"
,
286
[260] =
"fchownat"
,
287
[261] =
"futimesat"
,
288
[262] =
"newfstatat"
,
289
[263] =
"unlinkat"
,
290
[264] =
"renameat"
,
291
[265] =
"linkat"
,
292
[266] =
"symlinkat"
,
293
[267] =
"readlinkat"
,
294
[268] =
"fchmodat"
,
295
[269] =
"faccessat"
,
296
[270] =
"pselect6"
,
297
[271] =
"ppoll"
,
298
[272] =
"unshare"
,
299
[273] =
"set_robust_list"
,
300
[274] =
"get_robust_list"
,
301
[275] =
"splice"
,
302
[276] =
"tee"
,
303
[277] =
"sync_file_range"
,
304
[278] =
"vmsplice"
,
305
[279] =
"move_pages"
,
306
[280] =
"utimensat"
,
307
[281] =
"epoll_pwait"
,
308
[282] =
"signalfd"
,
309
[283] =
"timerfd_create"
,
310
[284] =
"eventfd"
,
311
[285] =
"fallocate"
,
312
[286] =
"timerfd_settime"
,
313
[287] =
"timerfd_gettime"
,
314
[288] =
"accept4"
,
315
[289] =
"signalfd4"
,
316
[290] =
"eventfd2"
,
317
[291] =
"epoll_create1"
,
318
[292] =
"dup3"
,
319
[293] =
"pipe2"
,
320
[294] =
"inotify_init1"
,
321
[295] =
"preadv"
,
322
[296] =
"pwritev"
,
323
[297] =
"rt_tgsigqueueinfo"
,
324
[298] =
"perf_event_open"
,
325
[299] =
"recvmmsg"
,
326
[300] =
"fanotify_init"
,
327
[301] =
"fanotify_mark"
,
328
[302] =
"prlimit64"
,
329
[303] =
"name_to_handle_at"
,
330
[304] =
"open_by_handle_at"
,
331
[305] =
"clock_adjtime"
,
332
[306] =
"syncfs"
,
333
[307] =
"sendmmsg"
,
334
[308] =
"setns"
,
335
[309] =
"getcpu"
,
336
[310] =
"process_vm_readv"
,
337
[311] =
"process_vm_writev"
,
338
[312] =
"kcmp"
,
339
[313] =
"finit_module"
,
340
[314] =
"sched_setattr"
,
341
[315] =
"sched_getattr"
,
342
[316] =
"renameat2"
,
343
[317] =
"seccomp"
,
344
[318] =
"getrandom"
,
345
[319] =
"memfd_create"
,
346
[320] =
"kexec_file_load"
,
347
[321] =
"bpf"
,
348
[322] =
"execveat"
,
349
[323] =
"userfaultfd"
,
350
[324] =
"membarrier"
,
351
[325] =
"mlock2"
,
352
[326] =
"copy_file_range"
,
353
[327] =
"preadv2"
,
354
[328] =
"pwritev2"
,
355
[329] =
"pkey_mprotect"
,
356
[330] =
"pkey_alloc"
,
357
[331] =
"pkey_free"
,
358
[332] =
"statx"
,
359
[333] =
"io_pgetevents"
,
360
[334] =
"rseq"
,
361
[424] =
"pidfd_send_signal"
,
362
[425] =
"io_uring_setup"
,
363
[426] =
"io_uring_enter"
,
364
[427] =
"io_uring_register"
,
365
[428] =
"open_tree"
,
366
[429] =
"move_mount"
,
367
[430] =
"fsopen"
,
368
[431] =
"fsconfig"
,
369
[432] =
"fsmount"
,
370
[433] =
"fspick"
,
371
[434] =
"pidfd_open"
,
372
[435] =
"clone3"
,
373
[437] =
"openat2"
,
374
[438] =
"pidfd_getfd"
,
375
};
376
static
const
size_t
syscall_names_x86_64_size =
sizeof
(syscall_names_x86_64)/
sizeof
(
char
*);
377
#endif
378
379
#endif
/* __SYSCALL_HELPERS_H */
include
helpers
syscall_helpers.h
Generated by
1.8.17
1.8.17 1.8.17