aya-utils: add syscall_prefix and syscall_fnname_add_prefix

These two functions are needed because kernel symbols representing syscalls have architecture-specific prefixes. These are the equivalent of bcc's get_syscall_fnname and get_syscall_prefix. Solves: #534
aya-rs · Jun 8, 2023 · 685b275 · 685b275
1 parent 4f85ff8
commit 685b275
Showing 1 changed file with 28 additions and 0 deletions.
diff --git a/aya/src/util.rs b/aya/src/util.rs
@@ -95,6 +95,34 @@ fn parse_kernel_symbols(reader: impl BufRead) -> Result<BTreeMap<u64, String>, i
     Ok(syms)
 }
 
+/// Returns the prefix used by syscalls.
+/// ## Example
+/// ```no_run
+/// let prefix = syscall_prefix()?;
+/// let syscall_fname = format!("{prefix}exec");
+/// ```
+/// ## Errors
+/// Returns an [`std::io::ErrorKind::NotFound`] if kernel symbols can't be found or the prefix can't be determined.
+pub fn syscall_prefix() -> Result<&'static str, io::Error> {
+    const PREFIXES: [&str; 7] = [
+        "sys_",
+        "__x64_sys_",
+        "__x32_compat_sys_",
+        "__ia32_compat_sys_",
+        "__arm64_sys_",
+        "__s390x_sys_",
+        "__s390_sys_",
+    ];
+    let ksym = kernel_symbols()?;
+    let values = ksym.into_values().collect::<Vec<_>>();
+    for p in PREFIXES {
+        if values.contains(&format!("{}bpf", p)) {
+            return Ok(p);
+        }
+    }
+    Err(io::ErrorKind::NotFound.into())
+}
+
 pub(crate) fn ifindex_from_ifname(if_name: &str) -> Result<u32, io::Error> {
     let c_str_if_name = CString::new(if_name)?;
     let c_if_name = c_str_if_name.as_ptr();