Please sign in to comment.
Remove dynamic generation of opensnoop.c.
Instead of changing the generated C code for opensnoop.c based on the --pid and --tid flags, create a BPF array that stores the values of the --pid and --tid arguments. The flag values are written by the client and read by the probe. By parameterizing the BPF program this way, we could potentially rewrite opensnoop.c in Rust and use the techniques discussed in https://github.com/bolinfest/rust-ebpf-demo/ to create a pure-Rust implementation of opensnoop powered by BPF. The primary downside is that now every call to trace_entry() makes two calls to lookup_or_init() whereas previously it made zero. (I plan to get this down to one call in the next commit.) I haven't had a chance to diff the BPF bytecode before and after this change.
- Loading branch information...