• Yonghong Song's avatar
    introduce new BPF APIs to get kernel syscall entry func name/prefix · 83b49ad6
    Yonghong Song authored
    As described in issue #1695, on 4.17 for syscalls on x86,
    both sys_<fnname> and SyS_<fnname> are gone, the replacements
    are __ia32_sys_sync and __x64_sys_sync.
    The commit in Linus tree:
    https://github.com/torvalds/linux/commit/d5a00528b58cdb2c71206e18bd021e34c4eab878
    
    This patch introduced two APIs for python BPF object.
    The API get_syscall_prefix() returns the prefix "sys_"/"__x64_sys_".
    The API get_syscall_fnname(name) returns kernel function name for the syscall,
    e.g., on x64, get_syscall_fnname("clone") will return "sys_clone" if kernel
    has it, otherwise, "__x64_sys_clone".
    get_syscall_prefix() is mostly useful for the regex func specifier of
    attach_kprobe().
    
    This patch only fixed the code using python API on examples and tests directory.
    
    TOTO: python on tools directory, C++ and lua
    Signed-off-by: default avatarYonghong Song <yhs@fb.com>
    83b49ad6
hello_fields.py 607 Bytes