introduce new BPF APIs to get kernel syscall entry func name/prefix
As described in issue #1695, on 4.17 for syscalls on x86, both sys_<fnname> and SyS_<fnname> are gone, the replacements are __ia32_sys_sync and __x64_sys_sync. The commit in Linus tree: https://github.com/torvalds/linux/commit/d5a00528b58cdb2c71206e18bd021e34c4eab878 This patch introduced two APIs for python BPF object. The API get_syscall_prefix() returns the prefix "sys_"/"__x64_sys_". The API get_syscall_fnname(name) returns kernel function name for the syscall, e.g., on x64, get_syscall_fnname("clone") will return "sys_clone" if kernel has it, otherwise, "__x64_sys_clone". get_syscall_prefix() is mostly useful for the regex func specifier of attach_kprobe(). This patch only fixed the code using python API on examples and tests directory. TOTO: python on tools directory, C++ and lua Signed-off-by: Yonghong Song <yhs@fb.com>
Showing
Please register or sign in to comment