this is my cpp demo code:
// SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
/* Copyright (c) 2021 Sartura */
#define BPF_NO_GLOBAL_DATA
#include "vmlinux.h"
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h>
#include <bpf/bpf_core_read.h>
char LICENSE[] SEC("license") = "Dual BSD/GPL";
SEC("kprobe/do_unlinkat")
int BPF_KPROBE(do_unlinkat, int dfd, struct filename *name)
{
pid_t pid;
const char *filename;
pid = bpf_get_current_pid_tgid() >> 32;
filename = BPF_CORE_READ(name, name);
bpf_printk("KPROBE ENTRY pid = %d, filename = %s\n", pid, filename);
return 0;
}
SEC("kretprobe/do_unlinkat")
int BPF_KRETPROBE(do_unlinkat_exit, long ret)
{
pid_t pid;
pid = bpf_get_current_pid_tgid() >> 32;
bpf_printk("KPROBE EXIT: pid = %d, ret = %ld\n", pid, ret);
return 0;
}
I can print filename in my cpp demo;
And This my rust code
#![no_std]
#![no_main]
use aya_ebpf::{
helpers::{bpf_probe_read, bpf_probe_read_buf},
macros::kprobe,
programs::ProbeContext,
};
use aya_log_ebpf::info;
#[kprobe(function = "do_unlinkat")]
pub fn kprobe_demo(ctx: ProbeContext) -> u32 {
match try_kprobe_demo(ctx) {
Ok(ret) => ret,
Err(ret) => ret,
}
}
fn try_kprobe_demo(ctx: ProbeContext) -> Result<u32, u32> {
info!(&ctx, "function kprobe called");
Ok(0)
}
#[panic_handler]
fn panic(_info: &core::panic::PanicInfo) -> ! {
unsafe { core::hint::unreachable_unchecked() }
}
The filename is in ctx: ProbeContext? How to parse it?