diff --git a/go.mod b/go.mod index 8155ba50e8de..8607f69da187 100644 --- a/go.mod +++ b/go.mod @@ -173,3 +173,5 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect kernel.org/pub/linux/libs/security/libcap/psx v1.2.70 // indirect ) + +replace github.com/aquasecurity/tracee/types => ./types diff --git a/pkg/bufferdecoder/decoder.go b/pkg/bufferdecoder/decoder.go index 4acb3f5407a5..c76c03df2443 100644 --- a/pkg/bufferdecoder/decoder.go +++ b/pkg/bufferdecoder/decoder.go @@ -39,8 +39,14 @@ func (decoder *EbpfDecoder) BuffLen() int { return len(decoder.buffer) } -// ReadAmountBytes returns the total amount of bytes that decoder has read from its buffer up until now. -func (decoder *EbpfDecoder) ReadAmountBytes() int { +// BytesRead returns the total amount of bytes that decoder has read from its buffer up until now. +func (decoder *EbpfDecoder) BytesRead() int { + return decoder.cursor +} + +// MoveCursor moves the buffer cursor over n bytes. Returns the new cursor position. +func (decoder *EbpfDecoder) MoveCursor(n int) int { + decoder.cursor += n return decoder.cursor } @@ -107,7 +113,7 @@ func (decoder *EbpfDecoder) DecodeArguments(args []trace.Argument, argnum int, e args[idx] = arg } - // Fill missing arguments metadata + // Fill missing arguments for i := 0; i < len(evtFields); i++ { if args[i].Value == nil { args[i].ArgMeta = evtFields[i] @@ -260,8 +266,20 @@ func (decoder *EbpfDecoder) DecodeBytes(msg []byte, size int) error { return nil } -// DecodeIntArray translate from the decoder buffer, starting from the decoder cursor, to msg, size * 4 bytes (in order to get int32). -func (decoder *EbpfDecoder) DecodeIntArray(msg []int32, size int) error { +// ReadBytesLen is a helper which allocates a known size bytes buffer and decodes +// the bytes from the buffer into it. +func (decoder *EbpfDecoder) ReadBytesLen(len int) ([]byte, error) { + var err error + res := make([]byte, len) + err = decoder.DecodeBytes(res[:], len) + if err != nil { + return nil, errfmt.Errorf("error reading byte array: %v", err) + } + return res, nil +} + +// DecodeInt32Array translate from the decoder buffer, starting from the decoder cursor, to msg, size * 4 bytes (in order to get int32). +func (decoder *EbpfDecoder) DecodeInt32Array(msg []int32, size int) error { offset := decoder.cursor if len(decoder.buffer[offset:]) < size*4 { return ErrBufferTooShort diff --git a/pkg/bufferdecoder/decoder_test.go b/pkg/bufferdecoder/decoder_test.go index 6d7900b6ff3c..78beb51dbaf3 100644 --- a/pkg/bufferdecoder/decoder_test.go +++ b/pkg/bufferdecoder/decoder_test.go @@ -354,7 +354,7 @@ func TestDecodeIntArray(t *testing.T) { raw = append(raw, 1, 2, 3, 4, 5, 6, 7, 8) decoder := New(raw) var obtained [2]int32 - err := decoder.DecodeIntArray(obtained[:], 2) + err := decoder.DecodeInt32Array(obtained[:], 2) assert.Equal(t, nil, err) rawcp := append(raw, 1, 2, 3, 4, 5, 6, 7, 8) dataBuff := bytes.NewBuffer(rawcp) diff --git a/pkg/bufferdecoder/eventsreader.go b/pkg/bufferdecoder/eventsreader.go index 00c7a797cff9..e732cbc354c3 100644 --- a/pkg/bufferdecoder/eventsreader.go +++ b/pkg/bufferdecoder/eventsreader.go @@ -13,40 +13,6 @@ import ( "github.com/aquasecurity/tracee/types/trace" ) -// argType is an enum that encodes the argument types that the BPF program may write to the shared buffer -// argument types should match defined values in ebpf code -type ArgType uint8 - -const ( - noneT ArgType = iota - intT - uintT - longT - ulongT - offT - modeT - devT - sizeT - pointerT - strT - strArrT - sockAddrT - bytesT - u16T - credT - intArr2T - uint64ArrT - u8T - timespecT -) - -// These types don't match the ones defined in the ebpf code since they are not being used by syscalls arguments. -// They have their own set of value to avoid collision in the future. -const ( - argsArrT ArgType = iota + 0x80 - boolT -) - // readArgFromBuff read the next argument from the buffer. // Return the index of the argument and the parsed argument. func readArgFromBuff(id events.ID, ebpfMsgDecoder *EbpfDecoder, fields []trace.ArgMeta, @@ -66,67 +32,69 @@ func readArgFromBuff(id events.ID, ebpfMsgDecoder *EbpfDecoder, fields []trace.A return 0, arg, errfmt.Errorf("invalid arg index %d", argIdx) } arg.ArgMeta = fields[argIdx] - argType := GetFieldType(arg.Type) + decodeType := arg.DecodeAs + if decodeType == trace.NONE_T { + return 0, arg, errfmt.Errorf("arg \"%s\" from event %d: did not declare a decode type, this should not happen", arg.Name, id) + } - switch argType { - case u8T: + switch decodeType { + case trace.U8_T: var data uint8 err = ebpfMsgDecoder.DecodeUint8(&data) res = data - case u16T: + case trace.U16_T: var data uint16 err = ebpfMsgDecoder.DecodeUint16(&data) res = data - case intT: + case trace.INT_T: var data int32 err = ebpfMsgDecoder.DecodeInt32(&data) res = data - case uintT, devT, modeT: + case trace.UINT_T: var data uint32 err = ebpfMsgDecoder.DecodeUint32(&data) res = data - case longT: + case trace.LONG_T: var data int64 err = ebpfMsgDecoder.DecodeInt64(&data) res = data - case ulongT, offT, sizeT: + case trace.ULONG_T: var data uint64 err = ebpfMsgDecoder.DecodeUint64(&data) res = data - case boolT: + case trace.BOOL_T: var data bool err = ebpfMsgDecoder.DecodeBool(&data) res = data - case pointerT: + case trace.POINTER_T: var data uint64 err = ebpfMsgDecoder.DecodeUint64(&data) res = uintptr(data) - case sockAddrT: + case trace.SOCK_ADDR_T: res, err = readSockaddrFromBuff(ebpfMsgDecoder) - case credT: + case trace.CRED_T: var data SlimCred err = ebpfMsgDecoder.DecodeSlimCred(&data) res = trace.SlimCred(data) // here we cast to trace.SlimCred to ensure we send the public interface and not bufferdecoder.SlimCred - case strT: + case trace.STR_T: res, err = readStringFromBuff(ebpfMsgDecoder) - case strArrT: - // TODO optimization: create slice after getting arrLen - var ss []string + case trace.STR_ARR_T: var arrLen uint8 err = ebpfMsgDecoder.DecodeUint8(&arrLen) if err != nil { return uint(argIdx), arg, errfmt.Errorf("error reading string array number of elements: %v", err) } + strSlice := make([]string, 0, arrLen) for i := 0; i < int(arrLen); i++ { s, err := readStringFromBuff(ebpfMsgDecoder) if err != nil { return uint(argIdx), arg, errfmt.Errorf("error reading string element: %v", err) } - ss = append(ss, s) + strSlice = append(strSlice, s) } - res = ss - case argsArrT: - var ss []string + res = strSlice + case trace.ARGS_ARR_T: + var strSlice []string var arrLen uint32 var argNum uint32 @@ -138,19 +106,19 @@ func readArgFromBuff(id events.ID, ebpfMsgDecoder *EbpfDecoder, fields []trace.A if err != nil { return uint(argIdx), arg, errfmt.Errorf("error reading args number: %v", err) } - resBytes, err := ReadByteSliceFromBuff(ebpfMsgDecoder, int(arrLen)) + resBytes, err := ebpfMsgDecoder.ReadBytesLen(int(arrLen)) if err != nil { return uint(argIdx), arg, errfmt.Errorf("error reading args array: %v", err) } - ss = strings.Split(string(resBytes), "\x00") - if ss[len(ss)-1] == "" { - ss = ss[:len(ss)-1] + strSlice = strings.Split(string(resBytes), "\x00") + if strSlice[len(strSlice)-1] == "" { + strSlice = strSlice[:len(strSlice)-1] } - for int(argNum) > len(ss) { - ss = append(ss, "?") + for int(argNum) > len(strSlice) { + strSlice = append(strSlice, "?") } - res = ss - case bytesT: + res = strSlice + case trace.BYTES_T: var size uint32 err = ebpfMsgDecoder.DecodeUint32(&size) if err != nil { @@ -160,22 +128,22 @@ func readArgFromBuff(id events.ID, ebpfMsgDecoder *EbpfDecoder, fields []trace.A if size > 4096 && (id < events.NetPacketBase || id > events.MaxNetID) { return uint(argIdx), arg, errfmt.Errorf("byte array size too big: %d", size) } - res, err = ReadByteSliceFromBuff(ebpfMsgDecoder, int(size)) - case intArr2T: + res, err = ebpfMsgDecoder.ReadBytesLen(int(size)) + case trace.INT_ARR_2_T: var intArray [2]int32 - err = ebpfMsgDecoder.DecodeIntArray(intArray[:], 2) + err = ebpfMsgDecoder.DecodeInt32Array(intArray[:], 2) if err != nil { return uint(argIdx), arg, errfmt.Errorf("error reading int elements: %v", err) } res = intArray - case uint64ArrT: + case trace.UINT64_ARR_T: ulongArray := make([]uint64, 0) err := ebpfMsgDecoder.DecodeUint64Array(&ulongArray) if err != nil { return uint(argIdx), arg, errfmt.Errorf("error reading ulong elements: %v", err) } res = ulongArray - case timespecT: + case trace.TIMESPEC_T: var sec int64 var nsec int64 err = ebpfMsgDecoder.DecodeInt64(&sec) @@ -187,7 +155,7 @@ func readArgFromBuff(id events.ID, ebpfMsgDecoder *EbpfDecoder, fields []trace.A default: // if we don't recognize the arg type, we can't parse the rest of the buffer - return uint(argIdx), arg, errfmt.Errorf("error unknown arg type %v", argType) + return uint(argIdx), arg, errfmt.Errorf("error unknown arg type %v", decodeType) } if err != nil { return uint(argIdx), arg, errfmt.WrapError(err) @@ -196,53 +164,45 @@ func readArgFromBuff(id events.ID, ebpfMsgDecoder *EbpfDecoder, fields []trace.A return uint(argIdx), arg, nil } -func GetFieldType(fieldType string) ArgType { +func GetDecodeType(fieldType string) trace.DecodeAs { switch fieldType { - case "int", "pid_t", "uid_t", "gid_t", "mqd_t", "clockid_t", "const clockid_t", "key_t", "key_serial_t", "timer_t": - return intT - case "unsigned int", "u32": - return uintT + case "int": + return trace.INT_T + case "unsigned int": + return trace.UINT_T case "long": - return longT - case "unsigned long", "u64": - return ulongT + return trace.LONG_T + case "unsigned long": + return trace.ULONG_T + case "u16": + return trace.U16_T + case "u8": + return trace.U8_T case "bool": - return boolT - case "off_t", "loff_t": - return offT - case "mode_t": - return modeT - case "dev_t": - return devT - case "size_t": - return sizeT - case "void*", "const void*": - return pointerT - case "char*", "const char*": - return strT + return trace.BOOL_T + case "void*": + return trace.POINTER_T + case "char*": + return trace.STR_T case "const char*const*": // used by execve(at) argv and env - return strArrT - case "const char**": // used by sched_process_exec argv and envp - return argsArrT - case "const struct sockaddr*", "struct sockaddr*": - return sockAddrT + return trace.STR_ARR_T + case "const char**": // used by sched_process_exec argv and env + return trace.ARGS_ARR_T + case "struct sockaddr*": + return trace.SOCK_ADDR_T case "bytes": - return bytesT - case "int[2]": - return intArr2T + return trace.BYTES_T + case "[2]int32": + return trace.INT_ARR_2_T case "slim_cred_t": - return credT - case "umode_t": - return u16T - case "u8": - return u8T + return trace.CRED_T case "unsigned long[]", "[]trace.HookedSymbolData": - return uint64ArrT - case "struct timespec*", "const struct timespec*": - return timespecT + return trace.UINT64_ARR_T + case "struct timespec*": + return trace.TIMESPEC_T default: // Default to pointer (printed as hex) for unsupported types - return pointerT + return trace.POINTER_T } } @@ -267,7 +227,7 @@ func readSockaddrFromBuff(ebpfMsgDecoder *EbpfDecoder) (map[string]string, error char sun_path[108]; // Pathname }; */ - sunPath, err := readStringVarFromBuff(ebpfMsgDecoder, 108) + sunPath, err := readVarStringFromBuffer(ebpfMsgDecoder, 108) if err != nil { return nil, errfmt.Errorf("error parsing sockaddr_un: %v", err) } @@ -297,7 +257,7 @@ func readSockaddrFromBuff(ebpfMsgDecoder *EbpfDecoder) (map[string]string, error return nil, errfmt.Errorf("error parsing sockaddr_in: %v", err) } res["sin_addr"] = PrintUint32IP(addr) - _, err := ReadByteSliceFromBuff(ebpfMsgDecoder, 8) + _, err := ebpfMsgDecoder.ReadBytesLen(8) if err != nil { return nil, errfmt.Errorf("error parsing sockaddr_in: %v", err) } @@ -328,7 +288,7 @@ func readSockaddrFromBuff(ebpfMsgDecoder *EbpfDecoder) (map[string]string, error return nil, errfmt.Errorf("error parsing sockaddr_in6: %v", err) } res["sin6_flowinfo"] = strconv.Itoa(int(flowinfo)) - addr, err := ReadByteSliceFromBuff(ebpfMsgDecoder, 16) + addr, err := ebpfMsgDecoder.ReadBytesLen(16) if err != nil { return nil, errfmt.Errorf("error parsing sockaddr_in6: %v", err) } @@ -343,6 +303,9 @@ func readSockaddrFromBuff(ebpfMsgDecoder *EbpfDecoder) (map[string]string, error return res, nil } +// readStringFromBuff reads strings from the event buffer using the following format: +// +// [32bit:string_size][string_size-1:byte_buffer][8bit:null_terminator] func readStringFromBuff(ebpfMsgDecoder *EbpfDecoder) (string, error) { var err error var size uint32 @@ -353,7 +316,7 @@ func readStringFromBuff(ebpfMsgDecoder *EbpfDecoder) (string, error) { if size > 4096 { return "", errfmt.Errorf("string size too big: %d", size) } - res, err := ReadByteSliceFromBuff(ebpfMsgDecoder, int(size-1)) // last byte is string terminating null + res, err := ebpfMsgDecoder.ReadBytesLen(int(size - 1)) // last byte is string terminating null defer func() { var dummy int8 err := ebpfMsgDecoder.DecodeInt8(&dummy) // discard last byte which is string terminating null @@ -367,9 +330,10 @@ func readStringFromBuff(ebpfMsgDecoder *EbpfDecoder) (string, error) { return string(res), nil } -// readStringVarFromBuff reads a null-terminated string from `buff` -// max length can be passed as `max` to optimize memory allocation, otherwise pass 0 -func readStringVarFromBuff(decoder *EbpfDecoder, max int) (string, error) { +// readVarStringFromBuffer reads a null-terminated string from the ebpf buffer where the size is not +// known. The helper will read from the buffer char-by-char until it hits the null terminator +// or the given max length. The cursor will then skip to the point in the buffer after the max length. +func readVarStringFromBuffer(decoder *EbpfDecoder, max int) (string, error) { var err error var char int8 res := make([]byte, 0, max) @@ -394,20 +358,10 @@ func readStringVarFromBuff(decoder *EbpfDecoder, max int) (string, error) { // The exact reason for this Trim is not known, so remove it for now, // since it increases processing time. // res = bytes.TrimLeft(res[:], "\000") - decoder.cursor += max - count // move cursor to the end of the buffer + decoder.MoveCursor(max - count) // skip the cursor to the desired endpoint return string(res), nil } -func ReadByteSliceFromBuff(ebpfMsgDecoder *EbpfDecoder, len int) ([]byte, error) { - var err error - res := make([]byte, len) - err = ebpfMsgDecoder.DecodeBytes(res[:], len) - if err != nil { - return nil, errfmt.Errorf("error reading byte array: %v", err) - } - return res, nil -} - // PrintUint32IP prints the IP address encoded as a uint32 func PrintUint32IP(in uint32) string { ip := make(net.IP, net.IPv4len) diff --git a/pkg/bufferdecoder/eventsreader_bench_test.go b/pkg/bufferdecoder/eventsreader_bench_test.go index 305b0c3f9d50..bd1136a69ceb 100644 --- a/pkg/bufferdecoder/eventsreader_bench_test.go +++ b/pkg/bufferdecoder/eventsreader_bench_test.go @@ -12,7 +12,7 @@ func BenchmarkReadStringVarFromBuff_ShortString(b *testing.B) { for i := 0; i < b.N; i++ { decoder := New(buffer) - str, _ = readStringVarFromBuff(decoder, max) + str, _ = readVarStringFromBuffer(decoder, max) } _ = str } @@ -24,7 +24,7 @@ func BenchmarkReadStringVarFromBuff_MediumString(b *testing.B) { for i := 0; i < b.N; i++ { decoder := New(buffer) - str, _ = readStringVarFromBuff(decoder, max) + str, _ = readVarStringFromBuffer(decoder, max) } _ = str } @@ -37,7 +37,7 @@ func BenchmarkReadStringVarFromBuff_LongString(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { decoder := New(buffer) - str, _ = readStringVarFromBuff(decoder, max) + str, _ = readVarStringFromBuffer(decoder, max) } _ = str } @@ -50,7 +50,7 @@ func BenchmarkReadStringVarFromBuff_LongStringLowMax(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { decoder := New(buffer) - str, _ = readStringVarFromBuff(decoder, max) + str, _ = readVarStringFromBuffer(decoder, max) } _ = str } diff --git a/pkg/bufferdecoder/eventsreader_test.go b/pkg/bufferdecoder/eventsreader_test.go index 870a15f6cb87..fa14e76f8b86 100644 --- a/pkg/bufferdecoder/eventsreader_test.go +++ b/pkg/bufferdecoder/eventsreader_test.go @@ -24,7 +24,7 @@ func TestReadArgFromBuff(t *testing.T) { input: []byte{0, 0xFF, 0xFF, 0xFF, 0xFF, // -1 }, - fields: []trace.ArgMeta{{Type: "int", Name: "int0"}}, + fields: []trace.ArgMeta{{DecodeAs: trace.INT_T, Name: "int0"}}, expectedArg: int32(-1), }, { @@ -32,7 +32,7 @@ func TestReadArgFromBuff(t *testing.T) { input: []byte{0, 0xFF, 0xFF, 0xFF, 0xFF, // 4294967295 }, - fields: []trace.ArgMeta{{Type: "unsigned int", Name: "uint0"}}, + fields: []trace.ArgMeta{{DecodeAs: trace.UINT_T, Name: "uint0"}}, expectedArg: uint32(4294967295), }, { @@ -40,7 +40,7 @@ func TestReadArgFromBuff(t *testing.T) { input: []byte{0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // -1 }, - fields: []trace.ArgMeta{{Type: "long", Name: "long0"}}, + fields: []trace.ArgMeta{{DecodeAs: trace.LONG_T, Name: "long0"}}, expectedArg: int64(-1), }, { @@ -48,7 +48,7 @@ func TestReadArgFromBuff(t *testing.T) { input: []byte{0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // 18446744073709551615 }, - fields: []trace.ArgMeta{{Type: "unsigned long", Name: "ulong0"}}, + fields: []trace.ArgMeta{{DecodeAs: trace.ULONG_T, Name: "ulong0"}}, expectedArg: uint64(18446744073709551615), }, { @@ -56,7 +56,7 @@ func TestReadArgFromBuff(t *testing.T) { input: []byte{0, 0xB6, 0x11, 0x0, 0x0, // 0x000011B6 == 010666 == S_IFIFO|S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH }, - fields: []trace.ArgMeta{{Type: "mode_t", Name: "modeT0"}}, + fields: []trace.ArgMeta{{DecodeAs: trace.UINT_T, Name: "modeT0"}}, expectedArg: uint32(0x11b6), }, { @@ -64,7 +64,7 @@ func TestReadArgFromBuff(t *testing.T) { input: []byte{0, 0xFF, 0xFF, 0xFF, 0xFF, // 4294967295 }, - fields: []trace.ArgMeta{{Type: "dev_t", Name: "devT0"}}, + fields: []trace.ArgMeta{{DecodeAs: trace.UINT_T, Name: "devT0"}}, expectedArg: uint32(4294967295), }, { @@ -72,7 +72,7 @@ func TestReadArgFromBuff(t *testing.T) { input: []byte{0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // 18446744073709551615 }, - fields: []trace.ArgMeta{{Type: "off_t", Name: "offT0"}}, + fields: []trace.ArgMeta{{DecodeAs: trace.ULONG_T, Name: "offT0"}}, expectedArg: uint64(18446744073709551615), }, { @@ -80,7 +80,7 @@ func TestReadArgFromBuff(t *testing.T) { input: []byte{0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // 18446744073709551615 }, - fields: []trace.ArgMeta{{Type: "loff_t", Name: "loffT0"}}, + fields: []trace.ArgMeta{{DecodeAs: trace.ULONG_T, Name: "loffT0"}}, expectedArg: uint64(18446744073709551615), }, { // This is expected to fail. TODO: change pointer parsed type to uint64 @@ -88,7 +88,7 @@ func TestReadArgFromBuff(t *testing.T) { input: []byte{0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, }, - fields: []trace.ArgMeta{{Type: "void*", Name: "pointer0"}}, + fields: []trace.ArgMeta{{DecodeAs: trace.POINTER_T, Name: "pointer0"}}, expectedArg: uintptr(0xFFFFFFFFFFFFFFFF), }, { @@ -97,7 +97,7 @@ func TestReadArgFromBuff(t *testing.T) { 16, 0, 0, 0, // len=16 47, 117, 115, 114, 47, 98, 105, 110, 47, 100, 111, 99, 107, 101, 114, 0, // /usr/bin/docker }, - fields: []trace.ArgMeta{{Type: "const char*", Name: "str0"}}, + fields: []trace.ArgMeta{{DecodeAs: trace.STR_T, Name: "str0"}}, expectedArg: "/usr/bin/docker", }, { @@ -109,7 +109,7 @@ func TestReadArgFromBuff(t *testing.T) { 7, 0, 0, 0, // len=7 100, 111, 99, 107, 101, 114, 0, // docker }, - fields: []trace.ArgMeta{{Type: "const char*const*", Name: "strArr0"}}, + fields: []trace.ArgMeta{{DecodeAs: trace.STR_ARR_T, Name: "strArr0"}}, expectedArg: []string{"/usr/bin", "docker"}, }, { @@ -120,7 +120,7 @@ func TestReadArgFromBuff(t *testing.T) { 47, 117, 115, 114, 47, 98, 105, 110, 0, // /usr/bin 100, 111, 99, 107, 101, 114, 0, // docker }, - fields: []trace.ArgMeta{{Type: "const char**", Name: "argsArr0"}}, + fields: []trace.ArgMeta{{DecodeAs: trace.ARGS_ARR_T, Name: "argsArr0"}}, expectedArg: []string{"/usr/bin", "docker"}, }, { @@ -131,7 +131,7 @@ func TestReadArgFromBuff(t *testing.T) { 0xFF, 0xFF, 0xFF, 0xFF, // sin_addr=255.255.255.255 0, 0, 0, 0, 0, 0, 0, 0, // padding[8] }, - fields: []trace.ArgMeta{{Type: "struct sockaddr*", Name: "sockAddr0"}}, + fields: []trace.ArgMeta{{DecodeAs: trace.SOCK_ADDR_T, Name: "sockAddr0"}}, expectedArg: map[string]string(map[string]string{"sa_family": "AF_INET", "sin_addr": "255.255.255.255", "sin_port": "65535"}), }, { @@ -140,7 +140,7 @@ func TestReadArgFromBuff(t *testing.T) { 1, 0, // sa_family=AF_UNIX 47, 116, 109, 112, 47, 115, 111, 99, 107, 101, 116, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 101, 110, 0, 0, 0, // sun_path=/tmp/socket }, - fields: []trace.ArgMeta{{Type: "struct sockaddr*", Name: "sockAddr0"}}, + fields: []trace.ArgMeta{{DecodeAs: trace.SOCK_ADDR_T, Name: "sockAddr0"}}, expectedArg: map[string]string{"sa_family": "AF_UNIX", "sun_path": "/tmp/socket"}, }, { @@ -153,7 +153,7 @@ func TestReadArgFromBuff(t *testing.T) { input: []byte{0, 0, 0, 0, 1, // len=16777216 }, - fields: []trace.ArgMeta{{Type: "const char*", Name: "str0"}}, + fields: []trace.ArgMeta{{DecodeAs: trace.STR_T, Name: "str0"}}, expectedError: errors.New("string size too big: 16777216"), }, { @@ -161,7 +161,7 @@ func TestReadArgFromBuff(t *testing.T) { input: []byte{1, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // 18446744073709551615 }, - fields: []trace.ArgMeta{{Type: "const char*", Name: "str0"}, {Type: "off_t", Name: "offT1"}}, + fields: []trace.ArgMeta{{DecodeAs: trace.STR_T, Name: "str0"}, {DecodeAs: trace.ULONG_T, Name: "offT1"}}, expectedArg: uint64(18446744073709551615), }, } @@ -183,7 +183,7 @@ func TestReadArgFromBuff(t *testing.T) { if tc.name == "unknown" { return } - assert.Empty(t, decoder.BuffLen()-decoder.ReadAmountBytes(), tc.name) // passed in buffer should be emptied out + assert.Empty(t, decoder.BuffLen()-decoder.BytesRead(), tc.name) // passed in buffer should be emptied out }) } } @@ -258,13 +258,13 @@ func TestReadStringVarFromBuff(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { decoder := New(tt.buffer) - actual, err := readStringVarFromBuff(decoder, tt.max) + actual, err := readVarStringFromBuffer(decoder, tt.max) if tt.expectError { assert.Error(t, err) } else { assert.NoError(t, err) assert.Equal(t, tt.expected, actual) - assert.Equal(t, tt.expectedCursor, decoder.ReadAmountBytes()) + assert.Equal(t, tt.expectedCursor, decoder.BytesRead()) } }) } diff --git a/pkg/dnscache/dns_events_test.gz b/pkg/dnscache/dns_events_test.gz index c8109fe6102b..7473ee37b7d2 100644 Binary files a/pkg/dnscache/dns_events_test.gz and b/pkg/dnscache/dns_events_test.gz differ diff --git a/pkg/ebpf/c/common/buffer.h b/pkg/ebpf/c/common/buffer.h index 19f135503fcf..013bd246ee96 100644 --- a/pkg/ebpf/c/common/buffer.h +++ b/pkg/ebpf/c/common/buffer.h @@ -3,6 +3,7 @@ #include +#include #include #include #include @@ -43,7 +44,7 @@ statfunc data_filter_lpm_key_t *get_string_data_filter_lpm_buf(int idx) } // biggest elem to be saved with 'save_to_submit_buf' should be defined here: -#define MAX_ELEMENT_SIZE bpf_core_type_size(struct sockaddr_un) +#define MAX_ELEMENT_SIZE sizeof(struct sockaddr_un) statfunc int reverse_string(char *dst, char *src, int src_off, int len) { @@ -82,29 +83,40 @@ statfunc int save_to_submit_buf(args_buffer_t *buf, void *ptr, u32 size, u8 inde { // Data saved to submit buf: [index][ ... buffer[size] ... ] - if (size == 0) + barrier(); + // set argument size bounds + if (size == 0 || size > MAX_ELEMENT_SIZE || buf->offset >= ARGS_BUF_SIZE) return 0; - barrier(); - if (buf->offset > ARGS_BUF_SIZE - 1) + u32 buffer_index_offset = buf->offset + 1; // buffer offset after writing the index + if (buffer_index_offset > ARGS_BUF_SIZE) return 0; - // Save argument index + // Save argument index (add 1 to index later) buf->args[buf->offset] = index; - // Satisfy verifier - if (buf->offset > ARGS_BUF_SIZE - (MAX_ELEMENT_SIZE + 1)) + // Force verifier to compare size register with a bound maximum + asm volatile("if %[size] < %[max_size] goto +1;\n" + "%[size] = %[max_size];\n" + : + : [size] "r"(size), [max_size] "i"(MAX_ELEMENT_SIZE)); + + u32 buffer_arg_offset = buffer_index_offset + size; // buffer offset after writing the ptr + + // Satisfy verifier - offset+index+size(offset+size+1) must not go above ARGS_BUF_SIZE + if (buffer_arg_offset > ARGS_BUF_SIZE) return 0; - // Read into buffer - if (bpf_probe_read(&(buf->args[buf->offset + 1]), size, ptr) == 0) { - // We update offset only if all writes were successful - buf->offset += size + 1; - buf->argnum++; - return 1; - } + // Read into buffer after the argument index + if (bpf_probe_read(&(buf->args[buffer_index_offset]), size, ptr) < 0) + return 0; - return 0; + // Update buffer only if all writes were successful: + // 1. Update the buffer offset + // 2. Increment the argument count + buf->offset = buffer_arg_offset; + buf->argnum++; + return 1; } statfunc int save_bytes_to_buf(args_buffer_t *buf, void *ptr, u32 size, u8 index) @@ -376,8 +388,9 @@ statfunc int save_str_arr_to_buf(args_buffer_t *buf, const char __user *const __ statfunc int save_args_str_arr_to_buf( args_buffer_t *buf, const char *start, const char *end, int elem_num, u8 index) { - // Data saved to submit buf: [index][len][arg_len][arg #][null delimited string array] - // Note: This helper saves null (0x00) delimited string array into buf + // Data saved to submit buf: [index][len][arg_len][arg #][array of null delimited string] + // Note: This helper saves null (0x00) delimited string array into buf in the format: + // [[str1][\n][str2][\n][...][strn][\n])] if (start >= end) return 0; @@ -455,39 +468,35 @@ statfunc int save_sockaddr_to_buf(args_buffer_t *buf, struct socket *sock, u8 in #define DEC_ARG(n, enc_arg) ((enc_arg >> (8 * n)) & 0xFF) +// types whose arguments needs to be directly in type_size_table (arg = (void *) args->args[i]) #define BITMASK_INDIRECT_VALUE_TYPES \ - ((u64) 1 << STR_T | (u64) 1 << SOCKADDR_T | (u64) 1 << INT_ARR_2_T | (u64) 1 << TIMESPEC_T) + ((u64) 1 << INT_ARR_2_T | (u64) 1 << STR_T | (u64) 1 << SOCKADDR_T | (u64) 1 << TIMESPEC_T) +// types whose arguments needs to be handled through their address in type_size_table +// ((arg = (void *) &args->args[i])) #define BITMASK_COMMON_TYPES \ ((u64) 1 << INT_T | (u64) 1 << UINT_T | (u64) 1 << LONG_T | (u64) 1 << ULONG_T | \ - (u64) 1 << OFF_T_T | (u64) 1 << MODE_T_T | (u64) 1 << DEV_T_T | (u64) 1 << SIZE_T_T | \ - (u64) 1 << POINTER_T | (u64) 1 << STR_ARR_T | (u64) 1 << BYTES_T | (u64) 1 << U16_T | \ - (u64) 1 << CRED_T | (u64) 1 << UINT64_ARR_T | (u64) 1 << U8_T) - -#define ARG_TYPE_MAX_ARRAY (u8) TIMESPEC_T // last element defined in argument_type_e + (u64) 1 << U16_T | (u64) 1 << U8_T | (u64) 1 << UINT64_ARR_T | (u64) 1 << POINTER_T | \ + (u64) 1 << BYTES_T | (u64) 1 << STR_ARR_T | (u64) 1 << U8_T) -// Ensure that only values that can be held by an u8 are assigned to sizes. +// Ensure that only values that can be held by an u32 are assigned to sizes. // If the size is greater than 255, assign 0 (making it evident) and handle it as a special case. -static u8 type_size_table[ARG_TYPE_MAX_ARRAY + 1] = { +static u32 type_size_table[ARG_TYPE_MAX_ARRAY + 1] = { [NONE_T] = 0, [INT_T] = sizeof(int), [UINT_T] = sizeof(unsigned int), [LONG_T] = sizeof(long), [ULONG_T] = sizeof(unsigned long), - [OFF_T_T] = sizeof(off_t), - [MODE_T_T] = sizeof(mode_t), - [DEV_T_T] = sizeof(dev_t), - [SIZE_T_T] = sizeof(size_t), + [U16_T] = sizeof(unsigned short), + [U8_T] = sizeof(unsigned char), + [INT_ARR_2_T] = sizeof(int[2]), + [UINT64_ARR_T] = 0, [POINTER_T] = sizeof(void *), + [BYTES_T] = 0, [STR_T] = 0, [STR_ARR_T] = 0, [SOCKADDR_T] = sizeof(short), - [BYTES_T] = 0, - [U16_T] = sizeof(u16), [CRED_T] = sizeof(struct cred), - [INT_ARR_2_T] = sizeof(int[2]), - [UINT64_ARR_T] = 0, - [U8_T] = sizeof(u8), [TIMESPEC_T] = 0, }; diff --git a/pkg/ebpf/c/types.h b/pkg/ebpf/c/types.h index fa4c0260e0bb..b2666bcb33c7 100644 --- a/pkg/ebpf/c/types.h +++ b/pkg/ebpf/c/types.h @@ -156,32 +156,31 @@ typedef struct args { } args_t; // NOTE: If any fields are added to argument_type_e, the array type_size_table -// (and related defines) must be updated accordingly. +// (and related defines) must be updated accordingly. Corresponds to the ArgType enum in +// pkg/bufferdecoder/eventsreader.go. enum argument_type_e { - NONE_T = 0UL, + NONE_T = 0UL, // Default value - the argument does not originate from a decodable buffer. INT_T, UINT_T, LONG_T, ULONG_T, - OFF_T_T, - MODE_T_T, - DEV_T_T, - SIZE_T_T, + U16_T, + U8_T, + INT_ARR_2_T, + UINT64_ARR_T, POINTER_T, + BYTES_T, STR_T, STR_ARR_T, SOCKADDR_T, - BYTES_T, - U16_T, CRED_T, - INT_ARR_2_T, - UINT64_ARR_T, - U8_T, TIMESPEC_T, TYPE_MAX = 255UL }; +#define ARG_TYPE_MAX_ARRAY (u8) TIMESPEC_T // last element defined in argument_type_e + enum internal_hook_e { EXEC_BINPRM = 80000, diff --git a/pkg/ebpf/capture.go b/pkg/ebpf/capture.go index 296c8f35bbc3..f17a81bcdc88 100644 --- a/pkg/ebpf/capture.go +++ b/pkg/ebpf/capture.go @@ -170,7 +170,7 @@ func (t *Tracee) handleFileCaptures(ctx context.Context) { } } - dataBytes, err := bufferdecoder.ReadByteSliceFromBuff(ebpfMsgDecoder, int(meta.Size)) + dataBytes, err := ebpfMsgDecoder.ReadBytesLen(int(meta.Size)) if err != nil { if err := f.Close(); err != nil { t.handleError(err) diff --git a/pkg/ebpf/processor_funcs.go b/pkg/ebpf/processor_funcs.go index 253b16fd5116..4c71b50baa6a 100644 --- a/pkg/ebpf/processor_funcs.go +++ b/pkg/ebpf/processor_funcs.go @@ -383,7 +383,7 @@ func (t *Tracee) addHashArg(event *trace.Event, fileKey *filehash.Key) error { } hashArg := trace.Argument{ - ArgMeta: trace.ArgMeta{Name: "sha256", Type: "const char*"}, + ArgMeta: trace.ArgMeta{Name: "sha256", Type: "string"}, } hash, err := t.fileHashes.Get(fileKey) diff --git a/pkg/ebpf/tracee.go b/pkg/ebpf/tracee.go index 7167d6b13ef9..66e85fe4452c 100644 --- a/pkg/ebpf/tracee.go +++ b/pkg/ebpf/tracee.go @@ -18,7 +18,6 @@ import ( bpf "github.com/aquasecurity/libbpfgo" "github.com/aquasecurity/tracee/pkg/bucketscache" - "github.com/aquasecurity/tracee/pkg/bufferdecoder" "github.com/aquasecurity/tracee/pkg/capabilities" "github.com/aquasecurity/tracee/pkg/cgroup" "github.com/aquasecurity/tracee/pkg/config" @@ -69,7 +68,7 @@ type Tracee struct { // Events eventsSorter *sorting.EventsChronologicalSorter eventsPool *sync.Pool - eventsFieldTypes map[events.ID][]bufferdecoder.ArgType + eventDecodeTypes map[events.ID][]trace.DecodeAs eventProcessor map[events.ID][]func(evt *trace.Event) error eventDerivations derive.Table // Artifacts @@ -421,12 +420,12 @@ func (t *Tracee) Init(ctx gocontext.Context) error { // Initialize events field types map - t.eventsFieldTypes = make(map[events.ID][]bufferdecoder.ArgType) + t.eventDecodeTypes = make(map[events.ID][]trace.DecodeAs) for _, eventDefinition := range events.Core.GetDefinitions() { id := eventDefinition.GetID() fields := eventDefinition.GetFields() for _, field := range fields { - t.eventsFieldTypes[id] = append(t.eventsFieldTypes[id], bufferdecoder.GetFieldType(field.Type)) + t.eventDecodeTypes[id] = append(t.eventDecodeTypes[id], field.DecodeAs) } } @@ -1129,7 +1128,7 @@ func (t *Tracee) populateFilterMaps(updateProcTree bool) error { polCfg, err := t.policyManager.UpdateBPF( t.bpfModule, t.containers, - t.eventsFieldTypes, + t.eventDecodeTypes, true, updateProcTree, ) @@ -1291,7 +1290,7 @@ func (t *Tracee) initBPF() error { } // returned PoliciesConfig is not used here, therefore it's discarded - _, err = t.policyManager.UpdateBPF(t.bpfModule, t.containers, t.eventsFieldTypes, false, true) + _, err = t.policyManager.UpdateBPF(t.bpfModule, t.containers, t.eventDecodeTypes, false, true) if err != nil { return errfmt.WrapError(err) } diff --git a/pkg/events/core.go b/pkg/events/core.go index 146b58bd63ba..d5be133dc228 100644 --- a/pkg/events/core.go +++ b/pkg/events/core.go @@ -212,9 +212,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_read_write"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "void*", Name: "buf"}, - {Type: "size_t", Name: "count"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "buf"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "count"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -237,9 +237,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_read_write"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "void*", Name: "buf"}, - {Type: "size_t", Name: "count"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "buf"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "count"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -262,9 +262,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_ops"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "int", Name: "flags"}, - {Type: "umode_t", Name: "mode"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "mode"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -287,7 +287,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_ops"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -310,8 +310,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "struct stat*", Name: "statbuf"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "statbuf"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -334,8 +334,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "struct stat*", Name: "statbuf"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "statbuf"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -358,8 +358,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "struct stat*", Name: "statbuf"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "statbuf"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -382,9 +382,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_mux_io"}, fields: []trace.ArgMeta{ - {Type: "struct pollfd*", Name: "fds"}, - {Type: "unsigned int", Name: "nfds"}, - {Type: "int", Name: "timeout"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "fds"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "nfds"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "timeout"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -407,9 +407,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_read_write"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "off_t", Name: "offset"}, - {Type: "unsigned int", Name: "whence"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "offset"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "whence"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -432,12 +432,12 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_mem"}, fields: []trace.ArgMeta{ - {Type: "void*", Name: "addr"}, - {Type: "size_t", Name: "length"}, - {Type: "int", Name: "prot"}, - {Type: "int", Name: "flags"}, - {Type: "int", Name: "fd"}, - {Type: "off_t", Name: "off"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addr"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "length"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "prot"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "off"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -460,9 +460,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_mem"}, fields: []trace.ArgMeta{ - {Type: "void*", Name: "addr"}, - {Type: "size_t", Name: "len"}, - {Type: "int", Name: "prot"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addr"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "len"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "prot"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -485,8 +485,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_mem"}, fields: []trace.ArgMeta{ - {Type: "void*", Name: "addr"}, - {Type: "size_t", Name: "length"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addr"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "length"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -509,7 +509,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_mem"}, fields: []trace.ArgMeta{ - {Type: "void*", Name: "addr"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addr"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -532,10 +532,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "signals"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "signum"}, - {Type: "const struct sigaction*", Name: "act"}, - {Type: "struct sigaction*", Name: "oldact"}, - {Type: "size_t", Name: "sigsetsize"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "signum"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "act"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "oldact"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "sigsetsize"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -558,10 +558,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "signals"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "how"}, - {Type: "sigset_t*", Name: "set"}, - {Type: "sigset_t*", Name: "oldset"}, - {Type: "size_t", Name: "sigsetsize"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "how"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "set"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "oldset"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "sigsetsize"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -605,9 +605,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_fd_ops"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "unsigned long", Name: "request"}, - {Type: "unsigned long", Name: "arg"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "request"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "arg"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -630,10 +630,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_read_write"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "void*", Name: "buf"}, - {Type: "size_t", Name: "count"}, - {Type: "off_t", Name: "offset"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "buf"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "count"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "offset"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -656,10 +656,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_read_write"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "const void*", Name: "buf"}, - {Type: "size_t", Name: "count"}, - {Type: "off_t", Name: "offset"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "buf"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "count"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "offset"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -682,9 +682,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_read_write"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "const struct iovec*", Name: "iov"}, - {Type: "int", Name: "iovcnt"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "iov"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "iovcnt"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -707,9 +707,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_read_write"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "const struct iovec*", Name: "iov"}, - {Type: "int", Name: "iovcnt"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "iov"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "iovcnt"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -732,8 +732,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "int", Name: "mode"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "mode"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -756,7 +756,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_pipe"}, fields: []trace.ArgMeta{ - {Type: "int[2]", Name: "pipefd"}, + {DecodeAs: trace.INT_ARR_2_T, Type: "[2]int32", Name: "pipefd"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -779,11 +779,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_mux_io"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "nfds"}, - {Type: "fd_set*", Name: "readfds"}, - {Type: "fd_set*", Name: "writefds"}, - {Type: "fd_set*", Name: "exceptfds"}, - {Type: "struct timeval*", Name: "timeout"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "nfds"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "readfds"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "writefds"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "exceptfds"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "timeout"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -827,11 +827,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_mem"}, fields: []trace.ArgMeta{ - {Type: "void*", Name: "old_address"}, - {Type: "size_t", Name: "old_size"}, - {Type: "size_t", Name: "new_size"}, - {Type: "int", Name: "flags"}, - {Type: "void*", Name: "new_address"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "old_address"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "old_size"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "new_size"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "new_address"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -854,9 +854,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_sync"}, fields: []trace.ArgMeta{ - {Type: "void*", Name: "addr"}, - {Type: "size_t", Name: "length"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addr"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "length"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -879,9 +879,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_mem"}, fields: []trace.ArgMeta{ - {Type: "void*", Name: "addr"}, - {Type: "size_t", Name: "length"}, - {Type: "unsigned char*", Name: "vec"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addr"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "length"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "vec"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -904,9 +904,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_mem"}, fields: []trace.ArgMeta{ - {Type: "void*", Name: "addr"}, - {Type: "size_t", Name: "length"}, - {Type: "int", Name: "advice"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addr"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "length"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "advice"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -929,9 +929,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_shm"}, fields: []trace.ArgMeta{ - {Type: "key_t", Name: "key"}, - {Type: "size_t", Name: "size"}, - {Type: "int", Name: "shmflg"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "key"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "size"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "shmflg"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -954,9 +954,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_shm"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "shmid"}, - {Type: "const void*", Name: "shmaddr"}, - {Type: "int", Name: "shmflg"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "shmid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "shmaddr"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "shmflg"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -979,9 +979,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_shm"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "shmid"}, - {Type: "int", Name: "cmd"}, - {Type: "struct shmid_ds*", Name: "buf"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "shmid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "cmd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "buf"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1004,7 +1004,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_fd_ops"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "oldfd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "oldfd"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1021,8 +1021,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_fd_ops"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "oldfd"}, - {Type: "int", Name: "newfd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "oldfd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "newfd"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1060,8 +1060,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "time", "time_timer"}, fields: []trace.ArgMeta{ - {Type: "const struct timespec*", Name: "req"}, - {Type: "struct timespec*", Name: "rem"}, + {DecodeAs: trace.TIMESPEC_T, Type: "struct timespec*", Name: "req"}, + {DecodeAs: trace.TIMESPEC_T, Type: "struct timespec*", Name: "rem"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1084,8 +1084,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "time", "time_timer"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "which"}, - {Type: "struct itimerval*", Name: "curr_value"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "which"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "curr_value"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1108,7 +1108,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "time", "time_timer"}, fields: []trace.ArgMeta{ - {Type: "unsigned int", Name: "seconds"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "seconds"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1131,9 +1131,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "time", "time_timer"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "which"}, - {Type: "struct itimerval*", Name: "new_value"}, - {Type: "struct itimerval*", Name: "old_value"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "which"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "new_value"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "old_value"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1177,10 +1177,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_read_write"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "out_fd"}, - {Type: "int", Name: "in_fd"}, - {Type: "off_t*", Name: "offset"}, - {Type: "size_t", Name: "count"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "out_fd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "in_fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "offset"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "count"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1203,9 +1203,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "net", "net_sock"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "domain"}, - {Type: "int", Name: "type"}, - {Type: "int", Name: "protocol"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "domain"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "type"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "protocol"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1228,9 +1228,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "net", "net_sock"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "sockfd"}, - {Type: "struct sockaddr*", Name: "addr"}, - {Type: "int", Name: "addrlen"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sockfd"}, + {DecodeAs: trace.SOCK_ADDR_T, Type: "struct sockaddr*", Name: "addr"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "addrlen"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1253,9 +1253,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "net", "net_sock"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "sockfd"}, - {Type: "struct sockaddr*", Name: "addr"}, - {Type: "int*", Name: "addrlen"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sockfd"}, + {DecodeAs: trace.SOCK_ADDR_T, Type: "struct sockaddr*", Name: "addr"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addrlen"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1278,12 +1278,12 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "net", "net_snd_rcv"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "sockfd"}, - {Type: "void*", Name: "buf"}, - {Type: "size_t", Name: "len"}, - {Type: "int", Name: "flags"}, - {Type: "struct sockaddr*", Name: "dest_addr"}, - {Type: "int", Name: "addrlen"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sockfd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "buf"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "len"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, + {DecodeAs: trace.SOCK_ADDR_T, Type: "struct sockaddr*", Name: "dest_addr"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "addrlen"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1306,12 +1306,12 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "net", "net_snd_rcv"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "sockfd"}, - {Type: "void*", Name: "buf"}, - {Type: "size_t", Name: "len"}, - {Type: "int", Name: "flags"}, - {Type: "struct sockaddr*", Name: "src_addr"}, - {Type: "int*", Name: "addrlen"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sockfd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "buf"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "len"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, + {DecodeAs: trace.SOCK_ADDR_T, Type: "struct sockaddr*", Name: "src_addr"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addrlen"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1334,9 +1334,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "net", "net_snd_rcv"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "sockfd"}, - {Type: "struct msghdr*", Name: "msg"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sockfd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "msg"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1359,9 +1359,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "net", "net_snd_rcv"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "sockfd"}, - {Type: "struct msghdr*", Name: "msg"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sockfd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "msg"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1384,8 +1384,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "net", "net_sock"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "sockfd"}, - {Type: "int", Name: "how"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sockfd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "how"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1408,9 +1408,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "net", "net_sock"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "sockfd"}, - {Type: "struct sockaddr*", Name: "addr"}, - {Type: "int", Name: "addrlen"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sockfd"}, + {DecodeAs: trace.SOCK_ADDR_T, Type: "struct sockaddr*", Name: "addr"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "addrlen"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1433,8 +1433,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "net", "net_sock"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "sockfd"}, - {Type: "int", Name: "backlog"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sockfd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "backlog"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1457,9 +1457,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "net", "net_sock"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "sockfd"}, - {Type: "struct sockaddr*", Name: "addr"}, - {Type: "int*", Name: "addrlen"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sockfd"}, + {DecodeAs: trace.SOCK_ADDR_T, Type: "struct sockaddr*", Name: "addr"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addrlen"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1482,9 +1482,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "net", "net_sock"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "sockfd"}, - {Type: "struct sockaddr*", Name: "addr"}, - {Type: "int*", Name: "addrlen"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sockfd"}, + {DecodeAs: trace.SOCK_ADDR_T, Type: "struct sockaddr*", Name: "addr"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addrlen"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1507,10 +1507,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "net", "net_sock"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "domain"}, - {Type: "int", Name: "type"}, - {Type: "int", Name: "protocol"}, - {Type: "int[2]", Name: "sv"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "domain"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "type"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "protocol"}, + {DecodeAs: trace.INT_ARR_2_T, Type: "[2]int32", Name: "sv"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1533,11 +1533,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "net", "net_sock"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "sockfd"}, - {Type: "int", Name: "level"}, - {Type: "int", Name: "optname"}, - {Type: "const void*", Name: "optval"}, - {Type: "int", Name: "optlen"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sockfd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "level"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "optname"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "optval"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "optlen"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1560,11 +1560,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "net", "net_sock"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "sockfd"}, - {Type: "int", Name: "level"}, - {Type: "int", Name: "optname"}, - {Type: "void*", Name: "optval"}, - {Type: "int*", Name: "optlen"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sockfd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "level"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "optname"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "optval"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "optlen"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1587,11 +1587,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_life"}, fields: []trace.ArgMeta{ - {Type: "unsigned long", Name: "flags"}, - {Type: "void*", Name: "stack"}, - {Type: "int*", Name: "parent_tid"}, - {Type: "int*", Name: "child_tid"}, - {Type: "unsigned long", Name: "tls"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "flags"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "stack"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "parent_tid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "child_tid"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "tls"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1656,9 +1656,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_life"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "const char*const*", Name: "argv"}, - {Type: "const char*const*", Name: "envp"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.STR_ARR_T, Type: "[]string", Name: "argv"}, + {DecodeAs: trace.STR_ARR_T, Type: "[]string", Name: "envp"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1683,7 +1683,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_life"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "status"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "status"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1706,10 +1706,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_life"}, fields: []trace.ArgMeta{ - {Type: "pid_t", Name: "pid"}, - {Type: "int*", Name: "wstatus"}, - {Type: "int", Name: "options"}, - {Type: "struct rusage*", Name: "rusage"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "wstatus"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "options"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "rusage"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1732,8 +1732,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "signals"}, fields: []trace.ArgMeta{ - {Type: "pid_t", Name: "pid"}, - {Type: "int", Name: "sig"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sig"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1756,7 +1756,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "system"}, fields: []trace.ArgMeta{ - {Type: "struct utsname*", Name: "buf"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "buf"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1779,9 +1779,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_sem"}, fields: []trace.ArgMeta{ - {Type: "key_t", Name: "key"}, - {Type: "int", Name: "nsems"}, - {Type: "int", Name: "semflg"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "key"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "nsems"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "semflg"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1804,9 +1804,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_sem"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "semid"}, - {Type: "struct sembuf*", Name: "sops"}, - {Type: "size_t", Name: "nsops"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "semid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "sops"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "nsops"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1829,10 +1829,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_sem"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "semid"}, - {Type: "int", Name: "semnum"}, - {Type: "int", Name: "cmd"}, - {Type: "unsigned long", Name: "arg"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "semid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "semnum"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "cmd"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "arg"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1855,7 +1855,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_shm"}, fields: []trace.ArgMeta{ - {Type: "const void*", Name: "shmaddr"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "shmaddr"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1878,8 +1878,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_msgq"}, fields: []trace.ArgMeta{ - {Type: "key_t", Name: "key"}, - {Type: "int", Name: "msgflg"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "key"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "msgflg"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1902,10 +1902,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_msgq"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "msqid"}, - {Type: "struct msgbuf*", Name: "msgp"}, - {Type: "size_t", Name: "msgsz"}, - {Type: "int", Name: "msgflg"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "msqid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "msgp"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "msgsz"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "msgflg"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1928,11 +1928,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_msgq"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "msqid"}, - {Type: "struct msgbuf*", Name: "msgp"}, - {Type: "size_t", Name: "msgsz"}, - {Type: "long", Name: "msgtyp"}, - {Type: "int", Name: "msgflg"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "msqid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "msgp"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "msgsz"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "msgtyp"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "msgflg"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1955,9 +1955,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_msgq"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "msqid"}, - {Type: "int", Name: "cmd"}, - {Type: "struct msqid_ds*", Name: "buf"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "msqid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "cmd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "buf"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -1980,9 +1980,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_fd_ops"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "int", Name: "cmd"}, - {Type: "unsigned long", Name: "arg"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "cmd"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "arg"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2005,8 +2005,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_fd_ops"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "int", Name: "operation"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "operation"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2029,7 +2029,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_sync"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2052,7 +2052,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_sync"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2075,8 +2075,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_ops"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "path"}, - {Type: "off_t", Name: "length"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "path"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "length"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2099,8 +2099,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_ops"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "off_t", Name: "length"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "length"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2123,9 +2123,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_dir_ops"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "struct linux_dirent*", Name: "dirp"}, - {Type: "unsigned int", Name: "count"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "dirp"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "count"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2148,8 +2148,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_dir_ops"}, fields: []trace.ArgMeta{ - {Type: "char*", Name: "buf"}, - {Type: "size_t", Name: "size"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "buf"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "size"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2172,7 +2172,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_dir_ops"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "path"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "path"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2195,7 +2195,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_dir_ops"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2218,8 +2218,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_ops"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "oldpath"}, - {Type: "const char*", Name: "newpath"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "oldpath"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "newpath"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2242,8 +2242,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_dir_ops"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "umode_t", Name: "mode"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "mode"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2266,7 +2266,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_dir_ops"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2287,10 +2287,10 @@ var CoreEvents = map[ID]Definition{ name: "creat", version: NewVersion(1, 0, 0), syscall: true, - sets: []string{"syscalls", "fs", "fs_file_ops"}, + sets: []string{"default", "syscalls", "fs", "fs_file_ops"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "umode_t", Name: "mode"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "mode"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2313,8 +2313,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_link_ops"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "oldpath"}, - {Type: "const char*", Name: "newpath"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "oldpath"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "newpath"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2337,7 +2337,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_link_ops"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2360,8 +2360,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_link_ops"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "target"}, - {Type: "const char*", Name: "linkpath"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "target"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "linkpath"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2384,9 +2384,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_link_ops"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "char*", Name: "buf"}, - {Type: "size_t", Name: "bufsiz"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "buf"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "bufsiz"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2407,10 +2407,10 @@ var CoreEvents = map[ID]Definition{ name: "chmod", version: NewVersion(1, 0, 0), syscall: true, - sets: []string{"syscalls", "fs", "fs_file_attr"}, + sets: []string{"default", "syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "umode_t", Name: "mode"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "mode"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2431,10 +2431,10 @@ var CoreEvents = map[ID]Definition{ name: "fchmod", version: NewVersion(1, 0, 0), syscall: true, - sets: []string{"syscalls", "fs", "fs_file_attr"}, + sets: []string{"default", "syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "umode_t", Name: "mode"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "mode"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2455,11 +2455,11 @@ var CoreEvents = map[ID]Definition{ name: "chown", version: NewVersion(1, 0, 0), syscall: true, - sets: []string{"syscalls", "fs", "fs_file_attr"}, + sets: []string{"default", "syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "uid_t", Name: "owner"}, - {Type: "gid_t", Name: "group"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "owner"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "group"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2480,11 +2480,11 @@ var CoreEvents = map[ID]Definition{ name: "fchown", version: NewVersion(1, 0, 0), syscall: true, - sets: []string{"syscalls", "fs", "fs_file_attr"}, + sets: []string{"default", "syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "uid_t", Name: "owner"}, - {Type: "gid_t", Name: "group"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "owner"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "group"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2505,11 +2505,11 @@ var CoreEvents = map[ID]Definition{ name: "lchown", version: NewVersion(1, 0, 0), syscall: true, - sets: []string{"syscalls", "fs", "fs_file_attr"}, + sets: []string{"default", "syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "uid_t", Name: "owner"}, - {Type: "gid_t", Name: "group"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "owner"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "group"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2532,7 +2532,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "mode_t", Name: "mask"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "mask"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2555,8 +2555,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "time", "time_tod"}, fields: []trace.ArgMeta{ - {Type: "struct timeval*", Name: "tv"}, - {Type: "struct timezone*", Name: "tz"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "tv"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "tz"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2579,8 +2579,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "resource"}, - {Type: "struct rlimit*", Name: "rlim"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "resource"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "rlim"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2603,8 +2603,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "who"}, - {Type: "struct rusage*", Name: "usage"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "who"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "usage"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2627,7 +2627,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "system"}, fields: []trace.ArgMeta{ - {Type: "struct sysinfo*", Name: "info"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "info"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2650,7 +2650,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc"}, fields: []trace.ArgMeta{ - {Type: "struct tms*", Name: "buf"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "buf"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2673,10 +2673,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"default", "syscalls", "proc"}, fields: []trace.ArgMeta{ - {Type: "long", Name: "request"}, - {Type: "pid_t", Name: "pid"}, - {Type: "void*", Name: "addr"}, - {Type: "void*", Name: "data"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "request"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addr"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "data"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2714,9 +2714,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "system"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "type"}, - {Type: "char*", Name: "bufp"}, - {Type: "int", Name: "len"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "type"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "bufp"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "len"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2758,9 +2758,9 @@ var CoreEvents = map[ID]Definition{ name: "setuid", version: NewVersion(1, 0, 0), syscall: true, - sets: []string{"syscalls", "proc", "proc_ids"}, + sets: []string{"default", "syscalls", "proc", "proc_ids"}, fields: []trace.ArgMeta{ - {Type: "uid_t", Name: "uid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "uid"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2781,9 +2781,9 @@ var CoreEvents = map[ID]Definition{ name: "setgid", version: NewVersion(1, 0, 0), syscall: true, - sets: []string{"syscalls", "proc", "proc_ids"}, + sets: []string{"default", "syscalls", "proc", "proc_ids"}, fields: []trace.ArgMeta{ - {Type: "gid_t", Name: "gid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "gid"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2846,10 +2846,10 @@ var CoreEvents = map[ID]Definition{ name: "setpgid", version: NewVersion(1, 0, 0), syscall: true, - sets: []string{"syscalls", "proc", "proc_ids"}, + sets: []string{"default", "syscalls", "proc", "proc_ids"}, fields: []trace.ArgMeta{ - {Type: "pid_t", Name: "pid"}, - {Type: "pid_t", Name: "pgid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pgid"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2933,10 +2933,10 @@ var CoreEvents = map[ID]Definition{ name: "setreuid", version: NewVersion(1, 0, 0), syscall: true, - sets: []string{"syscalls", "proc", "proc_ids"}, + sets: []string{"default", "syscalls", "proc", "proc_ids"}, fields: []trace.ArgMeta{ - {Type: "uid_t", Name: "ruid"}, - {Type: "uid_t", Name: "euid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "ruid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "euid"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2957,10 +2957,10 @@ var CoreEvents = map[ID]Definition{ name: "setregid", version: NewVersion(1, 0, 0), syscall: true, - sets: []string{"syscalls", "proc", "proc_ids"}, + sets: []string{"default", "syscalls", "proc", "proc_ids"}, fields: []trace.ArgMeta{ - {Type: "gid_t", Name: "rgid"}, - {Type: "gid_t", Name: "egid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "rgid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "egid"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -2983,8 +2983,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_ids"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "size"}, - {Type: "gid_t*", Name: "list"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "size"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "list"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3007,8 +3007,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_ids"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "size"}, - {Type: "gid_t*", Name: "list"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "size"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "list"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3029,11 +3029,11 @@ var CoreEvents = map[ID]Definition{ name: "setresuid", version: NewVersion(1, 0, 0), syscall: true, - sets: []string{"syscalls", "proc", "proc_ids"}, + sets: []string{"default", "syscalls", "proc", "proc_ids"}, fields: []trace.ArgMeta{ - {Type: "uid_t", Name: "ruid"}, - {Type: "uid_t", Name: "euid"}, - {Type: "uid_t", Name: "suid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "ruid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "euid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "suid"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3056,9 +3056,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_ids"}, fields: []trace.ArgMeta{ - {Type: "uid_t*", Name: "ruid"}, - {Type: "uid_t*", Name: "euid"}, - {Type: "uid_t*", Name: "suid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "ruid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "euid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "suid"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3079,11 +3079,11 @@ var CoreEvents = map[ID]Definition{ name: "setresgid", version: NewVersion(1, 0, 0), syscall: true, - sets: []string{"syscalls", "proc", "proc_ids"}, + sets: []string{"default", "syscalls", "proc", "proc_ids"}, fields: []trace.ArgMeta{ - {Type: "gid_t", Name: "rgid"}, - {Type: "gid_t", Name: "egid"}, - {Type: "gid_t", Name: "sgid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "rgid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "egid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sgid"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3106,9 +3106,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_ids"}, fields: []trace.ArgMeta{ - {Type: "gid_t*", Name: "rgid"}, - {Type: "gid_t*", Name: "egid"}, - {Type: "gid_t*", Name: "sgid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "rgid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "egid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "sgid"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3131,7 +3131,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_ids"}, fields: []trace.ArgMeta{ - {Type: "pid_t", Name: "pid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3152,9 +3152,9 @@ var CoreEvents = map[ID]Definition{ name: "setfsuid", version: NewVersion(1, 0, 0), syscall: true, - sets: []string{"syscalls", "proc", "proc_ids"}, + sets: []string{"default", "syscalls", "proc", "proc_ids"}, fields: []trace.ArgMeta{ - {Type: "uid_t", Name: "fsuid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fsuid"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3175,9 +3175,9 @@ var CoreEvents = map[ID]Definition{ name: "setfsgid", version: NewVersion(1, 0, 0), syscall: true, - sets: []string{"syscalls", "proc", "proc_ids"}, + sets: []string{"default", "syscalls", "proc", "proc_ids"}, fields: []trace.ArgMeta{ - {Type: "gid_t", Name: "fsgid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fsgid"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3200,7 +3200,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_ids"}, fields: []trace.ArgMeta{ - {Type: "pid_t", Name: "pid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3223,8 +3223,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc"}, fields: []trace.ArgMeta{ - {Type: "cap_user_header_t", Name: "hdrp"}, - {Type: "cap_user_data_t", Name: "datap"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "hdrp"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "datap"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3247,8 +3247,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc"}, fields: []trace.ArgMeta{ - {Type: "cap_user_header_t", Name: "hdrp"}, - {Type: "const cap_user_data_t", Name: "datap"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "hdrp"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "datap"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3271,8 +3271,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "signals"}, fields: []trace.ArgMeta{ - {Type: "sigset_t*", Name: "set"}, - {Type: "size_t", Name: "sigsetsize"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "set"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "sigsetsize"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3295,10 +3295,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "signals"}, fields: []trace.ArgMeta{ - {Type: "const sigset_t*", Name: "set"}, - {Type: "siginfo_t*", Name: "info"}, - {Type: "const struct timespec*", Name: "timeout"}, - {Type: "size_t", Name: "sigsetsize"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "set"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "info"}, + {DecodeAs: trace.TIMESPEC_T, Type: "struct timespec*", Name: "timeout"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "sigsetsize"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3321,9 +3321,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "signals"}, fields: []trace.ArgMeta{ - {Type: "pid_t", Name: "tgid"}, - {Type: "int", Name: "sig"}, - {Type: "siginfo_t*", Name: "info"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "tgid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sig"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "info"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3346,8 +3346,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "signals"}, fields: []trace.ArgMeta{ - {Type: "sigset_t*", Name: "mask"}, - {Type: "size_t", Name: "sigsetsize"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "mask"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "sigsetsize"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3370,8 +3370,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "signals"}, fields: []trace.ArgMeta{ - {Type: "const stack_t*", Name: "ss"}, - {Type: "stack_t*", Name: "old_ss"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "ss"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "old_ss"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3394,8 +3394,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "filename"}, - {Type: "const struct utimbuf*", Name: "times"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "filename"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "times"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3418,9 +3418,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_ops"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "umode_t", Name: "mode"}, - {Type: "dev_t", Name: "dev"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "mode"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3443,7 +3443,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "library"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "library"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3466,7 +3466,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "system"}, fields: []trace.ArgMeta{ - {Type: "unsigned long", Name: "persona"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "persona"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3489,8 +3489,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_info"}, fields: []trace.ArgMeta{ - {Type: "dev_t", Name: "dev"}, - {Type: "struct ustat*", Name: "ubuf"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "ubuf"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3513,8 +3513,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_info"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "path"}, - {Type: "struct statfs*", Name: "buf"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "path"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "buf"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3537,8 +3537,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_info"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "struct statfs*", Name: "buf"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "buf"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3561,7 +3561,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_info"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "option"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "option"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3584,8 +3584,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_sched"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "which"}, - {Type: "int", Name: "who"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "which"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "who"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3608,9 +3608,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_sched"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "which"}, - {Type: "int", Name: "who"}, - {Type: "int", Name: "prio"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "which"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "who"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "prio"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3633,8 +3633,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_sched"}, fields: []trace.ArgMeta{ - {Type: "pid_t", Name: "pid"}, - {Type: "struct sched_param*", Name: "param"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "param"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3657,8 +3657,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_sched"}, fields: []trace.ArgMeta{ - {Type: "pid_t", Name: "pid"}, - {Type: "struct sched_param*", Name: "param"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "param"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3681,9 +3681,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_sched"}, fields: []trace.ArgMeta{ - {Type: "pid_t", Name: "pid"}, - {Type: "int", Name: "policy"}, - {Type: "struct sched_param*", Name: "param"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "policy"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "param"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3706,7 +3706,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_sched"}, fields: []trace.ArgMeta{ - {Type: "pid_t", Name: "pid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3729,7 +3729,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_sched"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "policy"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "policy"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3752,7 +3752,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_sched"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "policy"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "policy"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3775,8 +3775,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_sched"}, fields: []trace.ArgMeta{ - {Type: "pid_t", Name: "pid"}, - {Type: "struct timespec*", Name: "tp"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, + {DecodeAs: trace.TIMESPEC_T, Type: "struct timespec*", Name: "tp"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3799,8 +3799,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_mem"}, fields: []trace.ArgMeta{ - {Type: "const void*", Name: "addr"}, - {Type: "size_t", Name: "len"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addr"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "len"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3823,8 +3823,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_mem"}, fields: []trace.ArgMeta{ - {Type: "const void*", Name: "addr"}, - {Type: "size_t", Name: "len"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addr"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "len"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3847,7 +3847,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_mem"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3912,9 +3912,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_mem"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "func"}, - {Type: "void*", Name: "ptr"}, - {Type: "unsigned long", Name: "bytecount"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "func"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "ptr"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "bytecount"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3937,8 +3937,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "new_root"}, - {Type: "const char*", Name: "put_old"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "new_root"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "put_old"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3961,7 +3961,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "system"}, fields: []trace.ArgMeta{ - {Type: "struct __sysctl_args*", Name: "args"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "args"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -3984,11 +3984,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "option"}, - {Type: "unsigned long", Name: "arg2"}, - {Type: "unsigned long", Name: "arg3"}, - {Type: "unsigned long", Name: "arg4"}, - {Type: "unsigned long", Name: "arg5"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "option"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "arg2"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "arg3"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "arg4"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "arg5"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4011,8 +4011,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "option"}, - {Type: "unsigned long", Name: "addr"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "option"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "addr"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4029,7 +4029,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "time", "time_clock"}, fields: []trace.ArgMeta{ - {Type: "struct timex*", Name: "buf"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "buf"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4052,8 +4052,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "resource"}, - {Type: "const struct rlimit*", Name: "rlim"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "resource"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "rlim"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4076,7 +4076,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_dir_ops"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "path"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "path"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4120,7 +4120,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "system"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "filename"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "filename"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4143,8 +4143,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "time", "time_tod"}, fields: []trace.ArgMeta{ - {Type: "const struct timeval*", Name: "tv"}, - {Type: "const struct timezone*", Name: "tz"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "tv"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "tz"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4167,11 +4167,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "source"}, - {Type: "const char*", Name: "target"}, - {Type: "const char*", Name: "filesystemtype"}, - {Type: "unsigned long", Name: "mountflags"}, - {Type: "const void*", Name: "data"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "source"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "target"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "filesystemtype"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "mountflags"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "data"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4194,8 +4194,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "target"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "target"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4218,8 +4218,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "path"}, - {Type: "int", Name: "swapflags"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "path"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "swapflags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4242,7 +4242,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "path"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "path"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4265,10 +4265,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "system"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "magic"}, - {Type: "int", Name: "magic2"}, - {Type: "int", Name: "cmd"}, - {Type: "void*", Name: "arg"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "magic"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "magic2"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "cmd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "arg"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4291,8 +4291,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "net"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "name"}, - {Type: "size_t", Name: "len"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "name"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "len"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4315,8 +4315,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "net"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "name"}, - {Type: "size_t", Name: "len"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "name"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "len"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4339,7 +4339,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "system"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "level"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "level"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4362,9 +4362,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "system"}, fields: []trace.ArgMeta{ - {Type: "unsigned long", Name: "from"}, - {Type: "unsigned long", Name: "num"}, - {Type: "int", Name: "turn_on"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "from"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "num"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "turn_on"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4406,11 +4406,11 @@ var CoreEvents = map[ID]Definition{ name: "init_module", version: NewVersion(1, 0, 0), syscall: true, - sets: []string{"syscalls", "system", "system_module"}, + sets: []string{"default", "syscalls", "system", "system_module"}, fields: []trace.ArgMeta{ - {Type: "void*", Name: "module_image"}, - {Type: "unsigned long", Name: "len"}, - {Type: "const char*", Name: "param_values"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "module_image"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "len"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "param_values"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4433,8 +4433,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "system", "system_module"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "name"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "name"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4499,10 +4499,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "system"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "cmd"}, - {Type: "const char*", Name: "special"}, - {Type: "int", Name: "id"}, - {Type: "void*", Name: "addr"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "cmd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "special"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "id"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addr"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4672,9 +4672,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "off_t", Name: "offset"}, - {Type: "size_t", Name: "count"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "offset"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "count"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4697,11 +4697,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "path"}, - {Type: "const char*", Name: "name"}, - {Type: "const void*", Name: "value"}, - {Type: "size_t", Name: "size"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "path"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "name"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "value"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "size"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4724,11 +4724,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "path"}, - {Type: "const char*", Name: "name"}, - {Type: "const void*", Name: "value"}, - {Type: "size_t", Name: "size"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "path"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "name"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "value"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "size"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4751,11 +4751,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "const char*", Name: "name"}, - {Type: "const void*", Name: "value"}, - {Type: "size_t", Name: "size"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "name"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "value"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "size"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4778,10 +4778,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "path"}, - {Type: "const char*", Name: "name"}, - {Type: "void*", Name: "value"}, - {Type: "size_t", Name: "size"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "path"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "name"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "value"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "size"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4804,10 +4804,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "path"}, - {Type: "const char*", Name: "name"}, - {Type: "void*", Name: "value"}, - {Type: "size_t", Name: "size"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "path"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "name"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "value"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "size"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4830,10 +4830,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "const char*", Name: "name"}, - {Type: "void*", Name: "value"}, - {Type: "size_t", Name: "size"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "name"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "value"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "size"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4856,9 +4856,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "path"}, - {Type: "char*", Name: "list"}, - {Type: "size_t", Name: "size"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "path"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "list"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "size"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4881,9 +4881,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "path"}, - {Type: "char*", Name: "list"}, - {Type: "size_t", Name: "size"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "path"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "list"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "size"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4906,9 +4906,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "char*", Name: "list"}, - {Type: "size_t", Name: "size"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "list"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "size"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4931,8 +4931,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "path"}, - {Type: "const char*", Name: "name"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "path"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "name"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4955,8 +4955,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "path"}, - {Type: "const char*", Name: "name"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "path"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "name"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -4979,8 +4979,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "const char*", Name: "name"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "name"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5003,8 +5003,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "signals"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "tid"}, - {Type: "int", Name: "sig"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "tid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sig"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5027,7 +5027,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "time", "time_tod"}, fields: []trace.ArgMeta{ - {Type: "time_t*", Name: "tloc"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "tloc"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5050,12 +5050,12 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_futex"}, fields: []trace.ArgMeta{ - {Type: "int*", Name: "uaddr"}, - {Type: "int", Name: "futex_op"}, - {Type: "int", Name: "val"}, - {Type: "const struct timespec*", Name: "timeout"}, - {Type: "int*", Name: "uaddr2"}, - {Type: "int", Name: "val3"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "uaddr"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "futex_op"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "val"}, + {DecodeAs: trace.TIMESPEC_T, Type: "struct timespec*", Name: "timeout"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "uaddr2"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "val3"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5078,9 +5078,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_sched"}, fields: []trace.ArgMeta{ - {Type: "pid_t", Name: "pid"}, - {Type: "size_t", Name: "cpusetsize"}, - {Type: "unsigned long*", Name: "mask"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "cpusetsize"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "mask"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5103,9 +5103,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_sched"}, fields: []trace.ArgMeta{ - {Type: "pid_t", Name: "pid"}, - {Type: "size_t", Name: "cpusetsize"}, - {Type: "unsigned long*", Name: "mask"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "cpusetsize"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "mask"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5128,7 +5128,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc"}, fields: []trace.ArgMeta{ - {Type: "struct user_desc*", Name: "u_info"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "u_info"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5151,8 +5151,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_async_io"}, fields: []trace.ArgMeta{ - {Type: "unsigned int", Name: "nr_events"}, - {Type: "aio_context_t*", Name: "ctx_idp"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "nr_events"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "ctx_idp"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5175,7 +5175,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_async_io"}, fields: []trace.ArgMeta{ - {Type: "aio_context_t", Name: "ctx_id"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "ctx_id"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5198,11 +5198,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_async_io"}, fields: []trace.ArgMeta{ - {Type: "aio_context_t", Name: "ctx_id"}, - {Type: "long", Name: "min_nr"}, - {Type: "long", Name: "nr"}, - {Type: "struct io_event*", Name: "events"}, - {Type: "struct timespec*", Name: "timeout"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "ctx_id"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "min_nr"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "nr"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "events"}, + {DecodeAs: trace.TIMESPEC_T, Type: "struct timespec*", Name: "timeout"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5225,9 +5225,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_async_io"}, fields: []trace.ArgMeta{ - {Type: "aio_context_t", Name: "ctx_id"}, - {Type: "long", Name: "nr"}, - {Type: "struct iocb**", Name: "iocbpp"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "ctx_id"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "nr"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "iocbpp"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5250,9 +5250,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_async_io"}, fields: []trace.ArgMeta{ - {Type: "aio_context_t", Name: "ctx_id"}, - {Type: "struct iocb*", Name: "iocb"}, - {Type: "struct io_event*", Name: "result"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "ctx_id"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "iocb"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "result"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5275,7 +5275,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc"}, fields: []trace.ArgMeta{ - {Type: "struct user_desc*", Name: "u_info"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "u_info"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5298,9 +5298,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_dir_ops"}, fields: []trace.ArgMeta{ - {Type: "u64", Name: "cookie"}, - {Type: "char*", Name: "buffer"}, - {Type: "size_t", Name: "len"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "cookie"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "buffer"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "len"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5323,7 +5323,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_mux_io"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "size"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "size"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5388,11 +5388,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls"}, fields: []trace.ArgMeta{ - {Type: "void*", Name: "addr"}, - {Type: "size_t", Name: "size"}, - {Type: "int", Name: "prot"}, - {Type: "size_t", Name: "pgoff"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addr"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "size"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "prot"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "pgoff"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5415,9 +5415,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_dir_ops"}, fields: []trace.ArgMeta{ - {Type: "unsigned int", Name: "fd"}, - {Type: "struct linux_dirent64*", Name: "dirp"}, - {Type: "unsigned int", Name: "count"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "dirp"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "count"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5440,7 +5440,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc"}, fields: []trace.ArgMeta{ - {Type: "int*", Name: "tidptr"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "tidptr"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5484,10 +5484,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_sem"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "semid"}, - {Type: "struct sembuf*", Name: "sops"}, - {Type: "size_t", Name: "nsops"}, - {Type: "const struct timespec*", Name: "timeout"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "semid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "sops"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "nsops"}, + {DecodeAs: trace.TIMESPEC_T, Type: "struct timespec*", Name: "timeout"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5510,10 +5510,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "off_t", Name: "offset"}, - {Type: "size_t", Name: "len"}, - {Type: "int", Name: "advice"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "offset"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "len"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "advice"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5536,9 +5536,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "time", "time_timer"}, fields: []trace.ArgMeta{ - {Type: "const clockid_t", Name: "clockid"}, - {Type: "struct sigevent*", Name: "sevp"}, - {Type: "timer_t*", Name: "timer_id"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "clockid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "sevp"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "timer_id"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5561,10 +5561,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "time", "time_timer"}, fields: []trace.ArgMeta{ - {Type: "timer_t", Name: "timer_id"}, - {Type: "int", Name: "flags"}, - {Type: "const struct itimerspec*", Name: "new_value"}, - {Type: "struct itimerspec*", Name: "old_value"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "timer_id"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "new_value"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "old_value"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5587,8 +5587,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "time", "time_timer"}, fields: []trace.ArgMeta{ - {Type: "timer_t", Name: "timer_id"}, - {Type: "struct itimerspec*", Name: "curr_value"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "timer_id"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "curr_value"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5611,7 +5611,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "time", "time_timer"}, fields: []trace.ArgMeta{ - {Type: "timer_t", Name: "timer_id"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "timer_id"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5634,7 +5634,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "time", "time_timer"}, fields: []trace.ArgMeta{ - {Type: "timer_t", Name: "timer_id"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "timer_id"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5657,8 +5657,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "time", "time_clock"}, fields: []trace.ArgMeta{ - {Type: "const clockid_t", Name: "clockid"}, - {Type: "const struct timespec*", Name: "tp"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "clockid"}, + {DecodeAs: trace.TIMESPEC_T, Type: "struct timespec*", Name: "tp"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5681,8 +5681,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "time", "time_clock"}, fields: []trace.ArgMeta{ - {Type: "const clockid_t", Name: "clockid"}, - {Type: "struct timespec*", Name: "tp"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "clockid"}, + {DecodeAs: trace.TIMESPEC_T, Type: "struct timespec*", Name: "tp"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5705,8 +5705,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "time", "time_clock"}, fields: []trace.ArgMeta{ - {Type: "const clockid_t", Name: "clockid"}, - {Type: "struct timespec*", Name: "res"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "clockid"}, + {DecodeAs: trace.TIMESPEC_T, Type: "struct timespec*", Name: "res"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5729,10 +5729,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "time", "time_clock"}, fields: []trace.ArgMeta{ - {Type: "const clockid_t", Name: "clockid"}, - {Type: "int", Name: "flags"}, - {Type: "const struct timespec*", Name: "request"}, - {Type: "struct timespec*", Name: "remain"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "clockid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, + {DecodeAs: trace.TIMESPEC_T, Type: "struct timespec*", Name: "request"}, + {DecodeAs: trace.TIMESPEC_T, Type: "struct timespec*", Name: "remain"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5755,7 +5755,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_life"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "status"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "status"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5778,10 +5778,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_mux_io"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "epfd"}, - {Type: "struct epoll_event*", Name: "events"}, - {Type: "int", Name: "maxevents"}, - {Type: "int", Name: "timeout"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "epfd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "events"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "maxevents"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "timeout"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5804,10 +5804,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_mux_io"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "epfd"}, - {Type: "int", Name: "op"}, - {Type: "int", Name: "fd"}, - {Type: "struct epoll_event*", Name: "event"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "epfd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "op"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "event"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5830,9 +5830,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "signals"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "tgid"}, - {Type: "int", Name: "tid"}, - {Type: "int", Name: "sig"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "tgid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "tid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sig"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5855,8 +5855,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "char*", Name: "filename"}, - {Type: "struct timeval*", Name: "times"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "filename"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "times"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5900,12 +5900,12 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "system", "system_numa"}, fields: []trace.ArgMeta{ - {Type: "void*", Name: "addr"}, - {Type: "unsigned long", Name: "len"}, - {Type: "int", Name: "mode"}, - {Type: "const unsigned long*", Name: "nodemask"}, - {Type: "unsigned long", Name: "maxnode"}, - {Type: "unsigned int", Name: "flags"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addr"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "len"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "mode"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "nodemask"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "maxnode"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5928,9 +5928,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "system", "system_numa"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "mode"}, - {Type: "const unsigned long*", Name: "nodemask"}, - {Type: "unsigned long", Name: "maxnode"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "mode"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "nodemask"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "maxnode"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5953,11 +5953,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "system", "system_numa"}, fields: []trace.ArgMeta{ - {Type: "int*", Name: "mode"}, - {Type: "unsigned long*", Name: "nodemask"}, - {Type: "unsigned long", Name: "maxnode"}, - {Type: "void*", Name: "addr"}, - {Type: "unsigned long", Name: "flags"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "mode"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "nodemask"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "maxnode"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addr"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -5980,10 +5980,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_msgq"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "name"}, - {Type: "int", Name: "oflag"}, - {Type: "umode_t", Name: "mode"}, - {Type: "struct mq_attr*", Name: "attr"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "name"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "oflag"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "mode"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "attr"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6006,7 +6006,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_msgq"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "name"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "name"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6029,11 +6029,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_msgq"}, fields: []trace.ArgMeta{ - {Type: "mqd_t", Name: "mqdes"}, - {Type: "const char*", Name: "msg_ptr"}, - {Type: "size_t", Name: "msg_len"}, - {Type: "unsigned int", Name: "msg_prio"}, - {Type: "const struct timespec*", Name: "abs_timeout"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "mqdes"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "msg_ptr"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "msg_len"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "msg_prio"}, + {DecodeAs: trace.TIMESPEC_T, Type: "struct timespec*", Name: "abs_timeout"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6056,11 +6056,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_msgq"}, fields: []trace.ArgMeta{ - {Type: "mqd_t", Name: "mqdes"}, - {Type: "char*", Name: "msg_ptr"}, - {Type: "size_t", Name: "msg_len"}, - {Type: "unsigned int*", Name: "msg_prio"}, - {Type: "const struct timespec*", Name: "abs_timeout"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "mqdes"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "msg_ptr"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "msg_len"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "msg_prio"}, + {DecodeAs: trace.TIMESPEC_T, Type: "struct timespec*", Name: "abs_timeout"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6083,8 +6083,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_msgq"}, fields: []trace.ArgMeta{ - {Type: "mqd_t", Name: "mqdes"}, - {Type: "const struct sigevent*", Name: "sevp"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "mqdes"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "sevp"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6107,9 +6107,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_msgq"}, fields: []trace.ArgMeta{ - {Type: "mqd_t", Name: "mqdes"}, - {Type: "const struct mq_attr*", Name: "newattr"}, - {Type: "struct mq_attr*", Name: "oldattr"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "mqdes"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "newattr"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "oldattr"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6132,10 +6132,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "system"}, fields: []trace.ArgMeta{ - {Type: "unsigned long", Name: "entry"}, - {Type: "unsigned long", Name: "nr_segments"}, - {Type: "struct kexec_segment*", Name: "segments"}, - {Type: "unsigned long", Name: "flags"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "entry"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "nr_segments"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "segments"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6158,11 +6158,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_life"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "idtype"}, - {Type: "pid_t", Name: "id"}, - {Type: "struct siginfo*", Name: "infop"}, - {Type: "int", Name: "options"}, - {Type: "struct rusage*", Name: "rusage"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "idtype"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "id"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "infop"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "options"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "rusage"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6185,11 +6185,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "system", "system_keys"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "type"}, - {Type: "const char*", Name: "description"}, - {Type: "const void*", Name: "payload"}, - {Type: "size_t", Name: "plen"}, - {Type: "key_serial_t", Name: "keyring"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "type"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "description"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "payload"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "plen"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "keyring"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6212,10 +6212,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "system", "system_keys"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "type"}, - {Type: "const char*", Name: "description"}, - {Type: "const char*", Name: "callout_info"}, - {Type: "key_serial_t", Name: "dest_keyring"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "type"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "description"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "callout_info"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "dest_keyring"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6238,11 +6238,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "system", "system_keys"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "operation"}, - {Type: "unsigned long", Name: "arg2"}, - {Type: "unsigned long", Name: "arg3"}, - {Type: "unsigned long", Name: "arg4"}, - {Type: "unsigned long", Name: "arg5"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "operation"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "arg2"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "arg3"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "arg4"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "arg5"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6265,9 +6265,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_sched"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "which"}, - {Type: "int", Name: "who"}, - {Type: "int", Name: "ioprio"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "which"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "who"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "ioprio"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6290,8 +6290,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_sched"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "which"}, - {Type: "int", Name: "who"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "which"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "who"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6335,9 +6335,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_monitor"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "const char*", Name: "pathname"}, - {Type: "u32", Name: "mask"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "mask"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6360,8 +6360,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_monitor"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "int", Name: "wd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "wd"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6384,10 +6384,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "system", "system_numa"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "pid"}, - {Type: "unsigned long", Name: "maxnode"}, - {Type: "const unsigned long*", Name: "old_nodes"}, - {Type: "const unsigned long*", Name: "new_nodes"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "maxnode"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "old_nodes"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "new_nodes"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6410,10 +6410,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_ops"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "dirfd"}, - {Type: "const char*", Name: "pathname"}, - {Type: "int", Name: "flags"}, - {Type: "umode_t", Name: "mode"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "dirfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "mode"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6436,9 +6436,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_dir_ops"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "dirfd"}, - {Type: "const char*", Name: "pathname"}, - {Type: "umode_t", Name: "mode"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "dirfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "mode"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6461,10 +6461,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_ops"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "dirfd"}, - {Type: "const char*", Name: "pathname"}, - {Type: "umode_t", Name: "mode"}, - {Type: "dev_t", Name: "dev"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "dirfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "mode"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6485,13 +6485,13 @@ var CoreEvents = map[ID]Definition{ name: "fchownat", version: NewVersion(1, 0, 0), syscall: true, - sets: []string{"syscalls", "fs", "fs_file_attr"}, + sets: []string{"default", "syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "dirfd"}, - {Type: "const char*", Name: "pathname"}, - {Type: "uid_t", Name: "owner"}, - {Type: "gid_t", Name: "group"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "dirfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "owner"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "group"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6514,9 +6514,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "dirfd"}, - {Type: "const char*", Name: "pathname"}, - {Type: "struct timeval*", Name: "times"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "dirfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "times"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6539,10 +6539,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "dirfd"}, - {Type: "const char*", Name: "pathname"}, - {Type: "struct stat*", Name: "statbuf"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "dirfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "statbuf"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6565,9 +6565,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_link_ops"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "dirfd"}, - {Type: "const char*", Name: "pathname"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "dirfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6590,10 +6590,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_ops"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "olddirfd"}, - {Type: "const char*", Name: "oldpath"}, - {Type: "int", Name: "newdirfd"}, - {Type: "const char*", Name: "newpath"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "olddirfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "oldpath"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "newdirfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "newpath"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6616,11 +6616,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_link_ops"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "olddirfd"}, - {Type: "const char*", Name: "oldpath"}, - {Type: "int", Name: "newdirfd"}, - {Type: "const char*", Name: "newpath"}, - {Type: "unsigned int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "olddirfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "oldpath"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "newdirfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "newpath"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6643,9 +6643,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_link_ops"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "target"}, - {Type: "int", Name: "newdirfd"}, - {Type: "const char*", Name: "linkpath"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "target"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "newdirfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "linkpath"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6668,10 +6668,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_link_ops"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "dirfd"}, - {Type: "const char*", Name: "pathname"}, - {Type: "char*", Name: "buf"}, - {Type: "int", Name: "bufsiz"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "dirfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "buf"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "bufsiz"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6692,12 +6692,12 @@ var CoreEvents = map[ID]Definition{ name: "fchmodat", version: NewVersion(1, 0, 0), syscall: true, - sets: []string{"syscalls", "fs", "fs_file_attr"}, + sets: []string{"default", "syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "dirfd"}, - {Type: "const char*", Name: "pathname"}, - {Type: "umode_t", Name: "mode"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "dirfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "mode"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6720,10 +6720,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "dirfd"}, - {Type: "const char*", Name: "pathname"}, - {Type: "int", Name: "mode"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "dirfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "mode"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6746,12 +6746,12 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_mux_io"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "nfds"}, - {Type: "fd_set*", Name: "readfds"}, - {Type: "fd_set*", Name: "writefds"}, - {Type: "fd_set*", Name: "exceptfds"}, - {Type: "struct timespec*", Name: "timeout"}, - {Type: "void*", Name: "sigmask"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "nfds"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "readfds"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "writefds"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "exceptfds"}, + {DecodeAs: trace.TIMESPEC_T, Type: "struct timespec*", Name: "timeout"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "sigmask"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6774,11 +6774,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_mux_io"}, fields: []trace.ArgMeta{ - {Type: "struct pollfd*", Name: "fds"}, - {Type: "unsigned int", Name: "nfds"}, - {Type: "struct timespec*", Name: "tmo_p"}, - {Type: "const sigset_t*", Name: "sigmask"}, - {Type: "size_t", Name: "sigsetsize"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "fds"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "nfds"}, + {DecodeAs: trace.TIMESPEC_T, Type: "struct timespec*", Name: "tmo_p"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "sigmask"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "sigsetsize"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6801,7 +6801,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6824,8 +6824,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_futex"}, fields: []trace.ArgMeta{ - {Type: "struct robust_list_head*", Name: "head"}, - {Type: "size_t", Name: "len"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "head"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "len"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6848,9 +6848,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_futex"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "pid"}, - {Type: "struct robust_list_head**", Name: "head_ptr"}, - {Type: "size_t*", Name: "len_ptr"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "head_ptr"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "len_ptr"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6873,12 +6873,12 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_pipe"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd_in"}, - {Type: "off_t*", Name: "off_in"}, - {Type: "int", Name: "fd_out"}, - {Type: "off_t*", Name: "off_out"}, - {Type: "size_t", Name: "len"}, - {Type: "unsigned int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd_in"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "off_in"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd_out"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "off_out"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "len"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6901,10 +6901,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_pipe"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd_in"}, - {Type: "int", Name: "fd_out"}, - {Type: "size_t", Name: "len"}, - {Type: "unsigned int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd_in"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd_out"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "len"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6927,10 +6927,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_sync"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "off_t", Name: "offset"}, - {Type: "off_t", Name: "nbytes"}, - {Type: "unsigned int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "offset"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "nbytes"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6953,10 +6953,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_pipe"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "const struct iovec*", Name: "iov"}, - {Type: "unsigned long", Name: "nr_segs"}, - {Type: "unsigned int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "iov"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "nr_segs"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -6979,12 +6979,12 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "system", "system_numa"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "pid"}, - {Type: "unsigned long", Name: "count"}, - {Type: "const void**", Name: "pages"}, - {Type: "const int*", Name: "nodes"}, - {Type: "int*", Name: "status"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "count"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "pages"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "nodes"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "status"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7007,10 +7007,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "dirfd"}, - {Type: "const char*", Name: "pathname"}, - {Type: "struct timespec*", Name: "times"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "dirfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.TIMESPEC_T, Type: "struct timespec*", Name: "times"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7033,12 +7033,12 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_mux_io"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "epfd"}, - {Type: "struct epoll_event*", Name: "events"}, - {Type: "int", Name: "maxevents"}, - {Type: "int", Name: "timeout"}, - {Type: "const sigset_t*", Name: "sigmask"}, - {Type: "size_t", Name: "sigsetsize"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "epfd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "events"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "maxevents"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "timeout"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "sigmask"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "sigsetsize"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7061,9 +7061,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "signals"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "sigset_t*", Name: "mask"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "mask"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7086,8 +7086,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "time", "time_timer"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "clockid"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "clockid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7110,8 +7110,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "signals"}, fields: []trace.ArgMeta{ - {Type: "unsigned int", Name: "initval"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "initval"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7134,10 +7134,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_ops"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "int", Name: "mode"}, - {Type: "off_t", Name: "offset"}, - {Type: "off_t", Name: "len"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "mode"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "offset"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "len"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7160,10 +7160,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "time", "time_timer"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "int", Name: "flags"}, - {Type: "const struct itimerspec*", Name: "new_value"}, - {Type: "struct itimerspec*", Name: "old_value"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "new_value"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "old_value"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7186,8 +7186,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "time", "time_timer"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "struct itimerspec*", Name: "curr_value"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "curr_value"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7210,10 +7210,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "net", "net_sock"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "sockfd"}, - {Type: "struct sockaddr*", Name: "addr"}, - {Type: "int*", Name: "addrlen"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sockfd"}, + {DecodeAs: trace.SOCK_ADDR_T, Type: "struct sockaddr*", Name: "addr"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addrlen"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7236,10 +7236,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "signals"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "const sigset_t*", Name: "mask"}, - {Type: "size_t", Name: "sizemask"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "mask"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "sizemask"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7262,8 +7262,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "signals"}, fields: []trace.ArgMeta{ - {Type: "unsigned int", Name: "initval"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "initval"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7286,7 +7286,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_mux_io"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7309,9 +7309,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_fd_ops"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "oldfd"}, - {Type: "int", Name: "newfd"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "oldfd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "newfd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7328,8 +7328,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "ipc", "ipc_pipe"}, fields: []trace.ArgMeta{ - {Type: "int[2]", Name: "pipefd"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_ARR_2_T, Type: "[2]int32", Name: "pipefd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7352,7 +7352,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_monitor"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7375,11 +7375,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_read_write"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "const struct iovec*", Name: "iov"}, - {Type: "unsigned long", Name: "iovcnt"}, - {Type: "unsigned long", Name: "pos_l"}, - {Type: "unsigned long", Name: "pos_h"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "iov"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "iovcnt"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "pos_l"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "pos_h"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7402,11 +7402,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_read_write"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "const struct iovec*", Name: "iov"}, - {Type: "unsigned long", Name: "iovcnt"}, - {Type: "unsigned long", Name: "pos_l"}, - {Type: "unsigned long", Name: "pos_h"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "iov"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "iovcnt"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "pos_l"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "pos_h"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7429,10 +7429,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "signals"}, fields: []trace.ArgMeta{ - {Type: "pid_t", Name: "tgid"}, - {Type: "pid_t", Name: "tid"}, - {Type: "int", Name: "sig"}, - {Type: "siginfo_t*", Name: "info"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "tgid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "tid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sig"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "info"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7455,11 +7455,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "system"}, fields: []trace.ArgMeta{ - {Type: "struct perf_event_attr*", Name: "attr"}, - {Type: "pid_t", Name: "pid"}, - {Type: "int", Name: "cpu"}, - {Type: "int", Name: "group_fd"}, - {Type: "unsigned long", Name: "flags"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "attr"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "cpu"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "group_fd"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7482,11 +7482,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "net", "net_snd_rcv"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "sockfd"}, - {Type: "struct mmsghdr*", Name: "msgvec"}, - {Type: "unsigned int", Name: "vlen"}, - {Type: "int", Name: "flags"}, - {Type: "struct timespec*", Name: "timeout"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sockfd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "msgvec"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "vlen"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, + {DecodeAs: trace.TIMESPEC_T, Type: "struct timespec*", Name: "timeout"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7509,8 +7509,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_monitor"}, fields: []trace.ArgMeta{ - {Type: "unsigned int", Name: "flags"}, - {Type: "unsigned int", Name: "event_f_flags"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "event_f_flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7533,11 +7533,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_monitor"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fanotify_fd"}, - {Type: "unsigned int", Name: "flags"}, - {Type: "u64", Name: "mask"}, - {Type: "int", Name: "dirfd"}, - {Type: "const char*", Name: "pathname"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fanotify_fd"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "mask"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "dirfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7560,10 +7560,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc"}, fields: []trace.ArgMeta{ - {Type: "pid_t", Name: "pid"}, - {Type: "int", Name: "resource"}, - {Type: "const struct rlimit64*", Name: "new_limit"}, - {Type: "struct rlimit64*", Name: "old_limit"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "resource"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "new_limit"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "old_limit"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7586,11 +7586,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_ops"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "dirfd"}, - {Type: "const char*", Name: "pathname"}, - {Type: "struct file_handle*", Name: "handle"}, - {Type: "int*", Name: "mount_id"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "dirfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "handle"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "mount_id"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7613,9 +7613,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_ops"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "mount_fd"}, - {Type: "struct file_handle*", Name: "handle"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "mount_fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "handle"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7638,8 +7638,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "time", "time_clock"}, fields: []trace.ArgMeta{ - {Type: "const clockid_t", Name: "clk_id"}, - {Type: "struct timex*", Name: "buf"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "clk_id"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "buf"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7662,7 +7662,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_sync"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7685,10 +7685,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "net", "net_snd_rcv"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "sockfd"}, - {Type: "struct mmsghdr*", Name: "msgvec"}, - {Type: "unsigned int", Name: "vlen"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sockfd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "msgvec"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "vlen"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7709,10 +7709,10 @@ var CoreEvents = map[ID]Definition{ name: "setns", version: NewVersion(1, 0, 0), syscall: true, - sets: []string{"syscalls", "proc"}, + sets: []string{"default", "syscalls", "proc"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "int", Name: "nstype"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "nstype"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7735,9 +7735,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "system", "system_numa"}, fields: []trace.ArgMeta{ - {Type: "unsigned int*", Name: "cpu"}, - {Type: "unsigned int*", Name: "node"}, - {Type: "struct getcpu_cache*", Name: "tcache"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "cpu"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "node"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "tcache"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7758,14 +7758,14 @@ var CoreEvents = map[ID]Definition{ name: "process_vm_readv", version: NewVersion(1, 0, 0), syscall: true, - sets: []string{"syscalls", "proc"}, + sets: []string{"default", "syscalls", "proc"}, fields: []trace.ArgMeta{ - {Type: "pid_t", Name: "pid"}, - {Type: "const struct iovec*", Name: "local_iov"}, - {Type: "unsigned long", Name: "liovcnt"}, - {Type: "const struct iovec*", Name: "remote_iov"}, - {Type: "unsigned long", Name: "riovcnt"}, - {Type: "unsigned long", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "local_iov"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "liovcnt"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "remote_iov"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "riovcnt"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7788,12 +7788,12 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"default", "syscalls", "proc"}, fields: []trace.ArgMeta{ - {Type: "pid_t", Name: "pid"}, - {Type: "const struct iovec*", Name: "local_iov"}, - {Type: "unsigned long", Name: "liovcnt"}, - {Type: "const struct iovec*", Name: "remote_iov"}, - {Type: "unsigned long", Name: "riovcnt"}, - {Type: "unsigned long", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "local_iov"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "liovcnt"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "remote_iov"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "riovcnt"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7810,11 +7810,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc"}, fields: []trace.ArgMeta{ - {Type: "pid_t", Name: "pid1"}, - {Type: "pid_t", Name: "pid2"}, - {Type: "int", Name: "type"}, - {Type: "unsigned long", Name: "idx1"}, - {Type: "unsigned long", Name: "idx2"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid1"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid2"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "type"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "idx1"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "idx2"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7835,11 +7835,11 @@ var CoreEvents = map[ID]Definition{ name: "finit_module", version: NewVersion(1, 0, 0), syscall: true, - sets: []string{"syscalls", "system", "system_module"}, + sets: []string{"default", "syscalls", "system", "system_module"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "const char*", Name: "param_values"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "param_values"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7862,9 +7862,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_sched"}, fields: []trace.ArgMeta{ - {Type: "pid_t", Name: "pid"}, - {Type: "struct sched_attr*", Name: "attr"}, - {Type: "unsigned int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "attr"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7887,10 +7887,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_sched"}, fields: []trace.ArgMeta{ - {Type: "pid_t", Name: "pid"}, - {Type: "struct sched_attr*", Name: "attr"}, - {Type: "unsigned int", Name: "size"}, - {Type: "unsigned int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "attr"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "size"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7913,11 +7913,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_ops"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "olddirfd"}, - {Type: "const char*", Name: "oldpath"}, - {Type: "int", Name: "newdirfd"}, - {Type: "const char*", Name: "newpath"}, - {Type: "unsigned int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "olddirfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "oldpath"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "newdirfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "newpath"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7940,9 +7940,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc"}, fields: []trace.ArgMeta{ - {Type: "unsigned int", Name: "operation"}, - {Type: "unsigned int", Name: "flags"}, - {Type: "const void*", Name: "args"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "operation"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "args"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7965,9 +7965,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs"}, fields: []trace.ArgMeta{ - {Type: "void*", Name: "buf"}, - {Type: "size_t", Name: "buflen"}, - {Type: "unsigned int", Name: "flags"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "buf"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "buflen"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -7988,10 +7988,10 @@ var CoreEvents = map[ID]Definition{ name: "memfd_create", version: NewVersion(1, 0, 0), syscall: true, - sets: []string{"syscalls", "fs", "fs_file_ops"}, + sets: []string{"default", "syscalls", "fs", "fs_file_ops"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "name"}, - {Type: "unsigned int", Name: "flags"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "name"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8014,11 +8014,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "system"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "kernel_fd"}, - {Type: "int", Name: "initrd_fd"}, - {Type: "unsigned long", Name: "cmdline_len"}, - {Type: "const char*", Name: "cmdline"}, - {Type: "unsigned long", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "kernel_fd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "initrd_fd"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "cmdline_len"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "cmdline"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8041,9 +8041,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "system"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "cmd"}, - {Type: "union bpf_attr*", Name: "attr"}, - {Type: "unsigned int", Name: "size"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "cmd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "attr"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "size"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8066,11 +8066,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_life"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "dirfd"}, - {Type: "const char*", Name: "pathname"}, - {Type: "const char*const*", Name: "argv"}, - {Type: "const char*const*", Name: "envp"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "dirfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.STR_ARR_T, Type: "[]string", Name: "argv"}, + {DecodeAs: trace.STR_ARR_T, Type: "[]string", Name: "envp"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8095,7 +8095,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "system"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8118,8 +8118,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_mem"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "cmd"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "cmd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8142,9 +8142,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_mem"}, fields: []trace.ArgMeta{ - {Type: "const void*", Name: "addr"}, - {Type: "size_t", Name: "len"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addr"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "len"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8167,12 +8167,12 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_read_write"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd_in"}, - {Type: "off_t*", Name: "off_in"}, - {Type: "int", Name: "fd_out"}, - {Type: "off_t*", Name: "off_out"}, - {Type: "size_t", Name: "len"}, - {Type: "unsigned int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd_in"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "off_in"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd_out"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "off_out"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "len"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8195,12 +8195,12 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_read_write"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "const struct iovec*", Name: "iov"}, - {Type: "unsigned long", Name: "iovcnt"}, - {Type: "unsigned long", Name: "pos_l"}, - {Type: "unsigned long", Name: "pos_h"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "iov"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "iovcnt"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "pos_l"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "pos_h"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8223,12 +8223,12 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_read_write"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "const struct iovec*", Name: "iov"}, - {Type: "unsigned long", Name: "iovcnt"}, - {Type: "unsigned long", Name: "pos_l"}, - {Type: "unsigned long", Name: "pos_h"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "iov"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "iovcnt"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "pos_l"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "pos_h"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8251,10 +8251,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_mem"}, fields: []trace.ArgMeta{ - {Type: "void*", Name: "addr"}, - {Type: "size_t", Name: "len"}, - {Type: "int", Name: "prot"}, - {Type: "int", Name: "pkey"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addr"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "len"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "prot"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pkey"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8277,8 +8277,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_mem"}, fields: []trace.ArgMeta{ - {Type: "unsigned int", Name: "flags"}, - {Type: "unsigned long", Name: "access_rights"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "access_rights"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8301,7 +8301,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_mem"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "pkey"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pkey"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8324,11 +8324,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "dirfd"}, - {Type: "const char*", Name: "pathname"}, - {Type: "int", Name: "flags"}, - {Type: "unsigned int", Name: "mask"}, - {Type: "struct statx*", Name: "statxbuf"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "dirfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "mask"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "statxbuf"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8351,12 +8351,12 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_async_io"}, fields: []trace.ArgMeta{ - {Type: "aio_context_t", Name: "ctx_id"}, - {Type: "long", Name: "min_nr"}, - {Type: "long", Name: "nr"}, - {Type: "struct io_event*", Name: "events"}, - {Type: "struct timespec*", Name: "timeout"}, - {Type: "const struct __aio_sigset*", Name: "usig"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "ctx_id"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "min_nr"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "nr"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "events"}, + {DecodeAs: trace.TIMESPEC_T, Type: "struct timespec*", Name: "timeout"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "usig"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8379,10 +8379,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls"}, fields: []trace.ArgMeta{ - {Type: "struct rseq*", Name: "rseq"}, - {Type: "u32", Name: "rseq_len"}, - {Type: "int", Name: "flags"}, - {Type: "u32", Name: "sig"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "rseq"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "rseq_len"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "sig"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8405,10 +8405,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "signals"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "pidfd"}, - {Type: "int", Name: "sig"}, - {Type: "siginfo_t*", Name: "info"}, - {Type: "unsigned int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pidfd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sig"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "info"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8431,8 +8431,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls"}, fields: []trace.ArgMeta{ - {Type: "unsigned int", Name: "entries"}, - {Type: "struct io_uring_params*", Name: "p"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "entries"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "p"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8455,11 +8455,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls"}, fields: []trace.ArgMeta{ - {Type: "unsigned int", Name: "fd"}, - {Type: "unsigned int", Name: "to_submit"}, - {Type: "unsigned int", Name: "min_complete"}, - {Type: "unsigned int", Name: "flags"}, - {Type: "sigset_t*", Name: "sig"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "fd"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "to_submit"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "min_complete"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "sig"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8482,10 +8482,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls"}, fields: []trace.ArgMeta{ - {Type: "unsigned int", Name: "fd"}, - {Type: "unsigned int", Name: "opcode"}, - {Type: "void*", Name: "arg"}, - {Type: "unsigned int", Name: "nr_args"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "fd"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "opcode"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "arg"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "nr_args"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8508,9 +8508,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "dfd"}, - {Type: "const char*", Name: "filename"}, - {Type: "unsigned int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "dfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "filename"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8531,13 +8531,13 @@ var CoreEvents = map[ID]Definition{ name: "move_mount", version: NewVersion(1, 0, 0), syscall: true, - sets: []string{"syscalls", "fs"}, + sets: []string{"default", "syscalls", "fs"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "from_dfd"}, - {Type: "const char*", Name: "from_path"}, - {Type: "int", Name: "to_dfd"}, - {Type: "const char*", Name: "to_path"}, - {Type: "unsigned int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "from_dfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "from_path"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "to_dfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "to_path"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8560,8 +8560,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "fsname"}, - {Type: "unsigned int", Name: "flags"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "fsname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8584,11 +8584,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs"}, fields: []trace.ArgMeta{ - {Type: "int*", Name: "fs_fd"}, - {Type: "unsigned int", Name: "cmd"}, - {Type: "const char*", Name: "key"}, - {Type: "const void*", Name: "value"}, - {Type: "int", Name: "aux"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "fs_fd"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "cmd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "key"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "value"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "aux"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8611,9 +8611,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fsfd"}, - {Type: "unsigned int", Name: "flags"}, - {Type: "unsigned int", Name: "ms_flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fsfd"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "ms_flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8636,9 +8636,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "dirfd"}, - {Type: "const char*", Name: "pathname"}, - {Type: "unsigned int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "dirfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8661,8 +8661,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls"}, fields: []trace.ArgMeta{ - {Type: "pid_t", Name: "pid"}, - {Type: "unsigned int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8685,8 +8685,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "proc_life"}, fields: []trace.ArgMeta{ - {Type: "struct clone_args*", Name: "cl_args"}, - {Type: "size_t", Name: "size"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "cl_args"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "size"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8709,8 +8709,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_ops"}, fields: []trace.ArgMeta{ - {Type: "unsigned int", Name: "first"}, - {Type: "unsigned int", Name: "last"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "first"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "last"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8733,10 +8733,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_ops"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "dirfd"}, - {Type: "const char*", Name: "pathname"}, - {Type: "struct open_how*", Name: "how"}, - {Type: "size_t", Name: "size"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "dirfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "how"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "size"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8759,9 +8759,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "pidfd"}, - {Type: "int", Name: "targetfd"}, - {Type: "unsigned int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pidfd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "targetfd"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8784,10 +8784,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_file_attr"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "const char*", Name: "path"}, - {Type: "int", Name: "mode"}, - {Type: "int", Name: "flag"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "path"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "mode"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flag"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8810,11 +8810,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "pidfd"}, - {Type: "void*", Name: "addr"}, - {Type: "size_t", Name: "length"}, - {Type: "int", Name: "advice"}, - {Type: "unsigned long", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pidfd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addr"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "length"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "advice"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8837,11 +8837,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs", "fs_mux_io"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "struct epoll_event*", Name: "events"}, - {Type: "int", Name: "maxevents"}, - {Type: "const struct timespec*", Name: "timeout"}, - {Type: "const sigset_t*", Name: "sigset"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "events"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "maxevents"}, + {DecodeAs: trace.TIMESPEC_T, Type: "struct timespec*", Name: "timeout"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "sigset"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8864,11 +8864,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "dfd"}, - {Type: "char*", Name: "path"}, - {Type: "unsigned int", Name: "flags"}, - {Type: "struct mount_attr*", Name: "uattr"}, - {Type: "size_t", Name: "usize"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "dfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "path"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "uattr"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "usize"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8891,10 +8891,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "fs"}, fields: []trace.ArgMeta{ - {Type: "unsigned int", Name: "fd"}, - {Type: "unsigned int", Name: "cmd"}, - {Type: "qid_t", Name: "id"}, - {Type: "void *", Name: "addr"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "fd"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "cmd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "id"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addr"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8917,9 +8917,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "fs"}, fields: []trace.ArgMeta{ - {Type: "struct landlock_ruleset_attr*", Name: "attr"}, - {Type: "size_t", Name: "size"}, - {Type: "u32", Name: "flags"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "attr"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "size"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8942,10 +8942,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "fs"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "ruleset_fd"}, - {Type: "landlock_rule_type", Name: "rule_type"}, - {Type: "void*", Name: "rule_attr"}, - {Type: "u32", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "ruleset_fd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "rule_type"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "rule_attr"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8968,8 +8968,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "proc", "fs"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "ruleset_fd"}, - {Type: "u32", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "ruleset_fd"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -8992,7 +8992,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls"}, fields: []trace.ArgMeta{ - {Type: "unsigned int", Name: "flags"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9015,8 +9015,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "pidfd"}, - {Type: "unsigned int", Name: "flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pidfd"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9039,9 +9039,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "pid_t", Name: "pid"}, - {Type: "int*", Name: "status"}, - {Type: "int", Name: "options"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "status"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "options"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9106,8 +9106,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "char*", Name: "filename"}, - {Type: "struct __old_kernel_stat*", Name: "statbuf"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "filename"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "statbuf"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9130,7 +9130,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "target"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "target"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9153,7 +9153,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "const time_t*", Name: "t"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "t"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9218,7 +9218,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "inc"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "inc"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9283,8 +9283,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "signum"}, - {Type: "sighandler_t", Name: "handler"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "signum"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "handler"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9370,7 +9370,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "struct oldold_utsname*", Name: "name"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "name"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9393,9 +9393,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "sig"}, - {Type: "const struct sigaction*", Name: "act"}, - {Type: "struct sigaction*", Name: "oact"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sig"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "act"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "oact"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9439,7 +9439,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "long", Name: "newmask"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "newmask"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9462,7 +9462,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "const sigset_t*", Name: "mask"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "mask"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9485,7 +9485,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "sigset_t*", Name: "set"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "set"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9508,8 +9508,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "struct stat*", Name: "statbuf"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "statbuf"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9532,9 +9532,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "unsigned int", Name: "fd"}, - {Type: "struct old_linux_dirent*", Name: "dirp"}, - {Type: "unsigned int", Name: "count"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "dirp"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "count"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9578,8 +9578,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "call"}, - {Type: "unsigned long*", Name: "args"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "call"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "args"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9602,7 +9602,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "struct utsname*", Name: "buf"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "buf"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9646,7 +9646,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "struct vm86_struct*", Name: "info"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "info"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9669,12 +9669,12 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "unsigned int", Name: "call"}, - {Type: "int", Name: "first"}, - {Type: "unsigned long", Name: "second"}, - {Type: "unsigned long", Name: "third"}, - {Type: "void*", Name: "ptr"}, - {Type: "long", Name: "fifth"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "call"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "first"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "second"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "third"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "ptr"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "fifth"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9718,9 +9718,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "how"}, - {Type: "const sigset_t *restrict", Name: "set"}, - {Type: "sigset_t *restrict", Name: "oldset"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "how"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "set"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "oldset"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9785,11 +9785,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "unsigned int", Name: "fd"}, - {Type: "unsigned long", Name: "offset_high"}, - {Type: "unsigned long", Name: "offset_low"}, - {Type: "loff_t*", Name: "result"}, - {Type: "unsigned int", Name: "whence"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "fd"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "offset_high"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "offset_low"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "result"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "whence"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9812,11 +9812,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "nfds"}, - {Type: "fd_set*", Name: "readfds"}, - {Type: "fd_set*", Name: "writefds"}, - {Type: "fd_set*", Name: "exceptfds"}, - {Type: "struct timeval*", Name: "timeout"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "nfds"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "readfds"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "writefds"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "exceptfds"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "timeout"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9839,8 +9839,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "unsigned long", Name: "fn"}, - {Type: "struct vm86plus_struct*", Name: "v86"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "fn"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "v86"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9863,8 +9863,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "resource"}, - {Type: "struct rlimit*", Name: "rlim"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "resource"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "rlim"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9887,12 +9887,12 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "unsigned long", Name: "addr"}, - {Type: "unsigned long", Name: "length"}, - {Type: "unsigned long", Name: "prot"}, - {Type: "unsigned long", Name: "flags"}, - {Type: "unsigned long", Name: "fd"}, - {Type: "unsigned long", Name: "pgoffset"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "addr"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "length"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "prot"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "flags"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "fd"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "pgoffset"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9915,8 +9915,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "path"}, - {Type: "off_t", Name: "length"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "path"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "length"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9939,8 +9939,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "off_t", Name: "length"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "length"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9963,8 +9963,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "struct stat64*", Name: "statbuf"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "statbuf"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -9987,8 +9987,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "struct stat64*", Name: "statbuf"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "statbuf"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10011,8 +10011,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "struct stat64*", Name: "statbuf"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "statbuf"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10035,9 +10035,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "old_uid_t", Name: "owner"}, - {Type: "old_gid_t", Name: "group"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "owner"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "group"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10144,8 +10144,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "old_uid_t", Name: "ruid"}, - {Type: "old_uid_t", Name: "euid"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "ruid"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "euid"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10168,8 +10168,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "old_gid_t", Name: "rgid"}, - {Type: "old_gid_t", Name: "egid"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "rgid"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "egid"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10192,8 +10192,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "size"}, - {Type: "old_gid_t*", Name: "list"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "size"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "list"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10216,8 +10216,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "size_t", Name: "size"}, - {Type: "const gid_t*", Name: "list"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "size"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "list"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10240,9 +10240,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "unsigned int", Name: "fd"}, - {Type: "old_uid_t", Name: "user"}, - {Type: "old_gid_t", Name: "group"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "fd"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "user"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "group"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10265,9 +10265,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "old_uid_t", Name: "ruid"}, - {Type: "old_uid_t", Name: "euid"}, - {Type: "old_uid_t", Name: "suid"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "ruid"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "euid"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "suid"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10290,9 +10290,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "old_uid_t*", Name: "ruid"}, - {Type: "old_uid_t*", Name: "euid"}, - {Type: "old_uid_t*", Name: "suid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "ruid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "euid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "suid"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10315,9 +10315,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "old_uid_t", Name: "rgid"}, - {Type: "old_uid_t", Name: "euid"}, - {Type: "old_uid_t", Name: "suid"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "rgid"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "euid"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "suid"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10340,9 +10340,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "old_gid_t*", Name: "rgid"}, - {Type: "old_gid_t*", Name: "egid"}, - {Type: "old_gid_t*", Name: "sgid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "rgid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "egid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "sgid"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10365,9 +10365,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "old_uid_t", Name: "owner"}, - {Type: "old_gid_t", Name: "group"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "owner"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "group"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10390,7 +10390,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "old_uid_t", Name: "uid"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "uid"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10413,7 +10413,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "old_gid_t", Name: "gid"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "gid"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10436,7 +10436,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "old_uid_t", Name: "fsuid"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "fsuid"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10459,7 +10459,7 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "old_gid_t", Name: "fsgid"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "fsgid"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10482,9 +10482,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "int", Name: "cmd"}, - {Type: "unsigned long", Name: "arg"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "cmd"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "arg"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10507,10 +10507,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "out_fd"}, - {Type: "int", Name: "in_fd"}, - {Type: "off_t*", Name: "offset"}, - {Type: "size_t", Name: "count"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "out_fd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "in_fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "offset"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "count"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10533,9 +10533,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "path"}, - {Type: "size_t", Name: "sz"}, - {Type: "struct statfs64*", Name: "buf"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "path"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "sz"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "buf"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10558,9 +10558,9 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "size_t", Name: "sz"}, - {Type: "struct statfs64*", Name: "buf"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "sz"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "buf"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10583,10 +10583,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "loff_t", Name: "offset"}, - {Type: "loff_t", Name: "len"}, - {Type: "int", Name: "advice"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "offset"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "len"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "advice"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10609,8 +10609,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "clockid_t", Name: "which_clock"}, - {Type: "struct old_timespec32*", Name: "tp"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "which_clock"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "tp"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10633,8 +10633,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "clockid_t", Name: "which_clock"}, - {Type: "struct old_timespec32*", Name: "tp"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "which_clock"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "tp"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10678,8 +10678,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "clockid_t", Name: "which_clock"}, - {Type: "struct old_timespec32*", Name: "tp"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "which_clock"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "tp"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10702,10 +10702,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "clockid_t", Name: "which_clock"}, - {Type: "int", Name: "flags"}, - {Type: "struct old_timespec32*", Name: "rqtp"}, - {Type: "struct old_timespec32*", Name: "rmtp"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "which_clock"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "rqtp"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "rmtp"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10728,8 +10728,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "timer_t", Name: "timer_id"}, - {Type: "struct old_itimerspec32*", Name: "setting"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "timer_id"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "setting"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10752,10 +10752,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "timer_t", Name: "timer_id"}, - {Type: "int", Name: "flags"}, - {Type: "struct old_itimerspec32*", Name: "new"}, - {Type: "struct old_itimerspec32*", Name: "old"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "timer_id"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "new"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "old"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10778,8 +10778,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "ufd"}, - {Type: "struct old_itimerspec32*", Name: "otmr"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "ufd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "otmr"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10802,10 +10802,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "ufd"}, - {Type: "int", Name: "flags"}, - {Type: "struct old_itimerspec32*", Name: "utmr"}, - {Type: "struct old_itimerspec32*", Name: "otmr"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "ufd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "utmr"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "otmr"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10828,10 +10828,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "unsigned int", Name: "dfd"}, - {Type: "char*", Name: "filename"}, - {Type: "struct old_timespec32*", Name: "t"}, - {Type: "int", Name: "flags"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dfd"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "filename"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "t"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10854,12 +10854,12 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "n"}, - {Type: "fd_set*", Name: "inp"}, - {Type: "fd_set*", Name: "outp"}, - {Type: "fd_set*", Name: "exp"}, - {Type: "struct old_timespec32*", Name: "tsp"}, - {Type: "void*", Name: "sig"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "n"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "inp"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "outp"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "exp"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "tsp"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "sig"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10882,11 +10882,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "struct pollfd*", Name: "ufds"}, - {Type: "unsigned int", Name: "nfds"}, - {Type: "struct old_timespec32*", Name: "tsp"}, - {Type: "sigset_t*", Name: "sigmask"}, - {Type: "size_t", Name: "sigsetsize"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "ufds"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "nfds"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "tsp"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "sigmask"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "sigsetsize"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10930,11 +10930,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "fd"}, - {Type: "struct mmsghdr*", Name: "mmsg"}, - {Type: "unsigned int", Name: "vlen"}, - {Type: "unsigned int", Name: "flags"}, - {Type: "struct old_timespec32*", Name: "timeout"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "fd"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "mmsg"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "vlen"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "timeout"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10957,11 +10957,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "mqd_t", Name: "mqdes"}, - {Type: "char*", Name: "u_msg_ptr"}, - {Type: "unsigned int", Name: "msg_len"}, - {Type: "unsigned int", Name: "msg_prio"}, - {Type: "struct old_timespec32*", Name: "u_abs_timeout"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "mqdes"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "u_msg_ptr"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "msg_len"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "msg_prio"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "u_abs_timeout"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -10984,11 +10984,11 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "mqd_t", Name: "mqdes"}, - {Type: "char*", Name: "u_msg_ptr"}, - {Type: "unsigned int", Name: "msg_len"}, - {Type: "unsigned int*", Name: "u_msg_prio"}, - {Type: "struct old_timespec32*", Name: "u_abs_timeout"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "mqdes"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "u_msg_ptr"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "msg_len"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "u_msg_prio"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "u_abs_timeout"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -11011,10 +11011,10 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "sigset_t*", Name: "uthese"}, - {Type: "siginfo_t*", Name: "uinfo"}, - {Type: "struct old_timespec32*", Name: "uts"}, - {Type: "size_t", Name: "sigsetsize"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "uthese"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "uinfo"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "uts"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "sigsetsize"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -11037,12 +11037,12 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "u32*", Name: "uaddr"}, - {Type: "int", Name: "op"}, - {Type: "u32", Name: "val"}, - {Type: "struct old_timespec32*", Name: "utime"}, - {Type: "u32*", Name: "uaddr2"}, - {Type: "u32", Name: "val3"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "uaddr"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "op"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "val"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "utime"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "uaddr2"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "val3"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -11065,8 +11065,8 @@ var CoreEvents = map[ID]Definition{ syscall: true, sets: []string{"syscalls", "32bit_unique"}, fields: []trace.ArgMeta{ - {Type: "pid_t", Name: "pid"}, - {Type: "struct old_timespec32*", Name: "interval"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "interval"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -11096,7 +11096,7 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "int", Name: "syscall"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "syscall"}, }, }, SysExit: { @@ -11111,7 +11111,7 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "int", Name: "syscall"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "syscall"}, }, }, SchedProcessFork: { @@ -11127,30 +11127,30 @@ var CoreEvents = map[ID]Definition{ sets: []string{}, fields: []trace.ArgMeta{ // Real Parent - {Type: "int", Name: "parent_tid"}, - {Type: "int", Name: "parent_ns_tid"}, - {Type: "int", Name: "parent_pid"}, - {Type: "int", Name: "parent_ns_pid"}, - {Type: "unsigned long", Name: "parent_start_time"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "parent_tid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "parent_ns_tid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "parent_pid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "parent_ns_pid"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "parent_start_time"}, // Child - {Type: "int", Name: "child_tid"}, - {Type: "int", Name: "child_ns_tid"}, - {Type: "int", Name: "child_pid"}, - {Type: "int", Name: "child_ns_pid"}, - {Type: "unsigned long", Name: "start_time"}, // child_start_time + {DecodeAs: trace.INT_T, Type: "int32", Name: "child_tid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "child_ns_tid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "child_pid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "child_ns_pid"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "start_time"}, // child_start_time // Arguments set by OPT_PROCESS_FORK (when process tree source is enabled for fork events). // Parent Process (Go up in hierarchy until parent is a process and not a lwp) - {Type: "int", Name: "parent_process_tid"}, - {Type: "int", Name: "parent_process_ns_tid"}, - {Type: "int", Name: "parent_process_pid"}, - {Type: "int", Name: "parent_process_ns_pid"}, - {Type: "unsigned long", Name: "parent_process_start_time"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "parent_process_tid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "parent_process_ns_tid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "parent_process_pid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "parent_process_ns_pid"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "parent_process_start_time"}, // Thread Group Leader - {Type: "int", Name: "leader_tid"}, - {Type: "int", Name: "leader_ns_tid"}, - {Type: "int", Name: "leader_pid"}, - {Type: "int", Name: "leader_ns_pid"}, - {Type: "unsigned long", Name: "leader_start_time"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "leader_tid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "leader_ns_tid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "leader_pid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "leader_ns_pid"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "leader_start_time"}, }, }, SchedProcessExec: { @@ -11180,23 +11180,23 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"default", "proc"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "cmdpath"}, - {Type: "const char*", Name: "pathname"}, - {Type: "dev_t", Name: "dev"}, - {Type: "unsigned long", Name: "inode"}, - {Type: "unsigned long", Name: "ctime"}, - {Type: "umode_t", Name: "inode_mode"}, - {Type: "const char*", Name: "interpreter_pathname"}, - {Type: "dev_t", Name: "interpreter_dev"}, - {Type: "unsigned long", Name: "interpreter_inode"}, - {Type: "unsigned long", Name: "interpreter_ctime"}, - {Type: "const char**", Name: "argv"}, - {Type: "const char*", Name: "interp"}, - {Type: "umode_t", Name: "stdin_type"}, - {Type: "char*", Name: "stdin_path"}, - {Type: "int", Name: "invoked_from_kernel"}, - {Type: "const char*", Name: "prev_comm"}, - {Type: "const char**", Name: "env"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "cmdpath"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "inode"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "ctime"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "inode_mode"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "interpreter_pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "interpreter_dev"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "interpreter_inode"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "interpreter_ctime"}, + {DecodeAs: trace.ARGS_ARR_T, Type: "[]string", Name: "argv"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "interp"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "stdin_type"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "stdin_path"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "invoked_from_kernel"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "prev_comm"}, + {DecodeAs: trace.ARGS_ARR_T, Type: "[]string", Name: "env"}, }, }, SchedProcessExit: { @@ -11212,11 +11212,11 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"proc", "proc_life"}, fields: []trace.ArgMeta{ - {Type: "long", Name: "exit_code"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "exit_code"}, // The field value represents that all threads exited at the event time. // Multiple exits of threads of the same process group at the same time could result that all threads exit // events would have 'true' value in this field altogether. - {Type: "bool", Name: "process_group_exit"}, + {DecodeAs: trace.BOOL_T, Type: "bool", Name: "process_group_exit"}, }, }, SchedSwitch: { @@ -11231,11 +11231,11 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "int", Name: "cpu"}, - {Type: "int", Name: "prev_tid"}, - {Type: "const char*", Name: "prev_comm"}, - {Type: "int", Name: "next_tid"}, - {Type: "const char*", Name: "next_comm"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "cpu"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "prev_tid"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "prev_comm"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "next_tid"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "next_comm"}, }, }, DoExit: { @@ -11261,7 +11261,7 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "int", Name: "cap"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "cap"}, }, }, VfsWrite: { @@ -11277,11 +11277,11 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "dev_t", Name: "dev"}, - {Type: "unsigned long", Name: "inode"}, - {Type: "size_t", Name: "count"}, - {Type: "off_t", Name: "pos"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "inode"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "count"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "pos"}, }, }, VfsWritev: { @@ -11297,11 +11297,11 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "dev_t", Name: "dev"}, - {Type: "unsigned long", Name: "inode"}, - {Type: "unsigned long", Name: "vlen"}, - {Type: "off_t", Name: "pos"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "inode"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "vlen"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "pos"}, }, }, MemProtAlert: { @@ -11317,15 +11317,15 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "u32", Name: "alert"}, - {Type: "void*", Name: "addr"}, - {Type: "size_t", Name: "len"}, - {Type: "int", Name: "prot"}, - {Type: "int", Name: "prev_prot"}, - {Type: "const char*", Name: "pathname"}, - {Type: "dev_t", Name: "dev"}, - {Type: "unsigned long", Name: "inode"}, - {Type: "u64", Name: "ctime"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "alert"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addr"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "len"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "prot"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "prev_prot"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "inode"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "ctime"}, }, }, CommitCreds: { @@ -11338,10 +11338,10 @@ var CoreEvents = map[ID]Definition{ {handle: probes.CommitCreds, required: true}, }, }, - sets: []string{"default"}, + sets: []string{}, fields: []trace.ArgMeta{ - {Type: "slim_cred_t", Name: "old_cred"}, - {Type: "slim_cred_t", Name: "new_cred"}, + {DecodeAs: trace.CRED_T, Type: "trace.SlimCred", Name: "old_cred"}, + {DecodeAs: trace.CRED_T, Type: "trace.SlimCred", Name: "new_cred"}, }, }, SwitchTaskNS: { @@ -11356,13 +11356,13 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "pid_t", Name: "pid"}, - {Type: "u32", Name: "new_mnt"}, - {Type: "u32", Name: "new_pid"}, - {Type: "u32", Name: "new_uts"}, - {Type: "u32", Name: "new_ipc"}, - {Type: "u32", Name: "new_net"}, - {Type: "u32", Name: "new_cgroup"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "new_mnt"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "new_pid"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "new_uts"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "new_ipc"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "new_net"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "new_cgroup"}, }, }, MagicWrite: { @@ -11383,10 +11383,10 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "bytes", Name: "bytes"}, - {Type: "dev_t", Name: "dev"}, - {Type: "unsigned long", Name: "inode"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.BYTES_T, Type: "[]byte", Name: "bytes"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "inode"}, }, }, CgroupAttachTask: { @@ -11401,9 +11401,9 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "cgroup_path"}, - {Type: "const char*", Name: "comm"}, - {Type: "pid_t", Name: "pid"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "cgroup_path"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "comm"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pid"}, }, }, CgroupMkdir: { @@ -11418,9 +11418,9 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "u64", Name: "cgroup_id"}, - {Type: "const char*", Name: "cgroup_path"}, - {Type: "u32", Name: "hierarchy_id"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "cgroup_id"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "cgroup_path"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "hierarchy_id"}, }, }, CgroupRmdir: { @@ -11435,9 +11435,9 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "u64", Name: "cgroup_id"}, - {Type: "const char*", Name: "cgroup_path"}, - {Type: "u32", Name: "hierarchy_id"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "cgroup_id"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "cgroup_path"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "hierarchy_id"}, }, }, SecurityBprmCheck: { @@ -11462,11 +11462,11 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"lsm_hooks", "proc", "proc_life"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "dev_t", Name: "dev"}, - {Type: "unsigned long", Name: "inode"}, - {Type: "const char*const*", Name: "argv"}, - {Type: "const char*const*", Name: "envp"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "inode"}, + {DecodeAs: trace.STR_ARR_T, Type: "[]string", Name: "argv"}, + {DecodeAs: trace.STR_ARR_T, Type: "[]string", Name: "envp"}, }, }, SecurityFileOpen: { @@ -11481,12 +11481,12 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"lsm_hooks", "fs", "fs_file_ops"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "int", Name: "flags"}, - {Type: "dev_t", Name: "dev"}, - {Type: "unsigned long", Name: "inode"}, - {Type: "unsigned long", Name: "ctime"}, - {Type: "const char*", Name: "syscall_pathname"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "inode"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "ctime"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "syscall_pathname"}, }, }, SecurityInodeUnlink: { @@ -11501,10 +11501,10 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"default", "lsm_hooks", "fs", "fs_file_ops"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "unsigned long", Name: "inode"}, - {Type: "dev_t", Name: "dev"}, - {Type: "u64", Name: "ctime"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "inode"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "ctime"}, }, }, SecuritySocketCreate: { @@ -11519,10 +11519,10 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"lsm_hooks", "net", "net_sock"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "family"}, - {Type: "int", Name: "type"}, - {Type: "int", Name: "protocol"}, - {Type: "int", Name: "kern"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "family"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "type"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "protocol"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "kern"}, }, }, SecuritySocketListen: { @@ -11541,9 +11541,9 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"lsm_hooks", "net", "net_sock"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "sockfd"}, - {Type: "struct sockaddr*", Name: "local_addr"}, - {Type: "int", Name: "backlog"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sockfd"}, + {DecodeAs: trace.SOCK_ADDR_T, Type: "struct sockaddr*", Name: "local_addr"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "backlog"}, }, }, SecuritySocketConnect: { @@ -11558,9 +11558,9 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"default", "lsm_hooks", "net", "net_sock"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "sockfd"}, - {Type: "int", Name: "type"}, - {Type: "struct sockaddr*", Name: "remote_addr"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sockfd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "type"}, + {DecodeAs: trace.SOCK_ADDR_T, Type: "struct sockaddr*", Name: "remote_addr"}, }, }, NetTCPConnect: { @@ -11575,9 +11575,9 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"default", "flows"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "dst"}, - {Type: "int", Name: "dst_port"}, - {Type: "const char **", Name: "dst_dns"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "dst"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "dst_port"}, + {DecodeAs: trace.ARGS_ARR_T, Type: "[]string", Name: "dst_dns"}, }, }, SecuritySocketAccept: { @@ -11592,8 +11592,8 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"default", "lsm_hooks", "net", "net_sock"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "sockfd"}, - {Type: "struct sockaddr*", Name: "local_addr"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sockfd"}, + {DecodeAs: trace.SOCK_ADDR_T, Type: "struct sockaddr*", Name: "local_addr"}, }, }, // TODO: NetTCPAccept ? Problem: we don't have the remote address in current security_socket_accept @@ -11609,8 +11609,8 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"default", "lsm_hooks", "net", "net_sock"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "sockfd"}, - {Type: "struct sockaddr*", Name: "local_addr"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sockfd"}, + {DecodeAs: trace.SOCK_ADDR_T, Type: "struct sockaddr*", Name: "local_addr"}, }, }, SecuritySocketSetsockopt: { @@ -11626,10 +11626,10 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"lsm_hooks", "net", "net_sock"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "sockfd"}, - {Type: "int", Name: "level"}, - {Type: "int", Name: "optname"}, - {Type: "struct sockaddr*", Name: "local_addr"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sockfd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "level"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "optname"}, + {DecodeAs: trace.SOCK_ADDR_T, Type: "struct sockaddr*", Name: "local_addr"}, }, }, SecuritySbMount: { @@ -11644,10 +11644,10 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"default", "lsm_hooks", "fs"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "dev_name"}, - {Type: "const char*", Name: "path"}, - {Type: "const char*", Name: "type"}, - {Type: "unsigned long", Name: "flags"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "dev_name"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "path"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "type"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "flags"}, }, }, SecurityBPF: { @@ -11662,7 +11662,7 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"lsm_hooks"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "cmd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "cmd"}, }, }, SecurityBPFMap: { @@ -11677,8 +11677,8 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"lsm_hooks"}, fields: []trace.ArgMeta{ - {Type: "unsigned int", Name: "map_id"}, - {Type: "const char*", Name: "map_name"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "map_id"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "map_name"}, }, }, SecurityKernelReadFile: { @@ -11693,11 +11693,11 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"lsm_hooks"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "dev_t", Name: "dev"}, - {Type: "unsigned long", Name: "inode"}, - {Type: "int", Name: "type"}, - {Type: "unsigned long", Name: "ctime"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "inode"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "type"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "ctime"}, }, }, SecurityPostReadFile: { @@ -11712,9 +11712,9 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"lsm_hooks"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "long", Name: "size"}, - {Type: "int", Name: "type"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "size"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "type"}, }, }, SecurityInodeMknod: { @@ -11729,9 +11729,9 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"lsm_hooks"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "file_name"}, - {Type: "umode_t", Name: "mode"}, - {Type: "dev_t", Name: "dev"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "file_name"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "mode"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, }, }, SecurityInodeSymlinkEventId: { @@ -11746,8 +11746,8 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"lsm_hooks", "fs", "fs_file_ops"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "linkpath"}, - {Type: "const char*", Name: "target"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "linkpath"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "target"}, }, }, SecurityMmapFile: { @@ -11762,13 +11762,13 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"lsm_hooks", "fs", "fs_file_ops", "proc", "proc_mem"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "int", Name: "flags"}, - {Type: "dev_t", Name: "dev"}, - {Type: "unsigned long", Name: "inode"}, - {Type: "unsigned long", Name: "ctime"}, - {Type: "unsigned long", Name: "prot"}, - {Type: "unsigned long", Name: "mmap_flags"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "inode"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "ctime"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "prot"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "mmap_flags"}, }, }, DoMmap: { @@ -11784,16 +11784,16 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"fs", "fs_file_ops", "proc", "proc_mem"}, fields: []trace.ArgMeta{ - {Type: "void*", Name: "addr"}, - {Type: "const char*", Name: "pathname"}, - {Type: "unsigned int", Name: "flags"}, - {Type: "dev_t", Name: "dev"}, - {Type: "unsigned long", Name: "inode"}, - {Type: "unsigned long", Name: "ctime"}, - {Type: "unsigned long", Name: "pgoff"}, - {Type: "unsigned long", Name: "len"}, - {Type: "unsigned long", Name: "prot"}, - {Type: "unsigned long", Name: "mmap_flags"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addr"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "inode"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "ctime"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "pgoff"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "len"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "prot"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "mmap_flags"}, }, }, SecurityFileMprotect: { @@ -11813,13 +11813,13 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"lsm_hooks", "proc", "proc_mem", "fs", "fs_file_ops"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "int", Name: "prot"}, - {Type: "unsigned long", Name: "ctime"}, - {Type: "int", Name: "prev_prot"}, - {Type: "void*", Name: "addr"}, - {Type: "size_t", Name: "len"}, - {Type: "int", Name: "pkey"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "prot"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "ctime"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "prev_prot"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "addr"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "len"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "pkey"}, }, }, InitNamespaces: { @@ -11836,16 +11836,16 @@ var CoreEvents = map[ID]Definition{ }, }, fields: []trace.ArgMeta{ - {Type: "u32", Name: "cgroup"}, - {Type: "u32", Name: "ipc"}, - {Type: "u32", Name: "mnt"}, - {Type: "u32", Name: "net"}, - {Type: "u32", Name: "pid"}, - {Type: "u32", Name: "pid_for_children"}, - {Type: "u32", Name: "time"}, - {Type: "u32", Name: "time_for_children"}, - {Type: "u32", Name: "user"}, - {Type: "u32", Name: "uts"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "cgroup"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "ipc"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "mnt"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "net"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "pid"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "pid_for_children"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "time"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "time_for_children"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "user"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "uts"}, }, }, TraceeInfo: { @@ -11856,9 +11856,9 @@ var CoreEvents = map[ID]Definition{ sets: []string{}, dependencies: Dependencies{}, fields: []trace.ArgMeta{ - {Type: "u64", Name: "boot_time"}, - {Type: "u64", Name: "start_time"}, - {Type: "const char*", Name: "version"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "boot_time"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "start_time"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "version"}, }, }, SocketDup: { @@ -11881,9 +11881,9 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "int", Name: "oldfd"}, - {Type: "int", Name: "newfd"}, - {Type: "struct sockaddr*", Name: "remote_addr"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "oldfd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "newfd"}, + {DecodeAs: trace.SOCK_ADDR_T, Type: "struct sockaddr*", Name: "remote_addr"}, }, }, HiddenInodes: { @@ -11898,7 +11898,7 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "char*", Name: "hidden_process"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "hidden_process"}, }, }, KernelWrite: { @@ -11914,11 +11914,11 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "dev_t", Name: "dev"}, - {Type: "unsigned long", Name: "inode"}, - {Type: "size_t", Name: "count"}, - {Type: "off_t", Name: "pos"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "inode"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "count"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "pos"}, }, }, DirtyPipeSplice: { @@ -11937,13 +11937,13 @@ var CoreEvents = map[ID]Definition{ }, }, fields: []trace.ArgMeta{ - {Type: "unsigned long", Name: "inode_in"}, - {Type: "umode_t", Name: "in_file_type"}, - {Type: "const char*", Name: "in_file_path"}, - {Type: "loff_t", Name: "exposed_data_start_offset"}, - {Type: "size_t", Name: "exposed_data_len"}, - {Type: "unsigned long", Name: "inode_out"}, - {Type: "unsigned int", Name: "out_pipe_last_buffer_flags"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "inode_in"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "in_file_type"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "in_file_path"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "exposed_data_start_offset"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "exposed_data_len"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "inode_out"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "out_pipe_last_buffer_flags"}, }, }, ContainerCreate: { @@ -11956,16 +11956,16 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"default", "containers"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "runtime"}, - {Type: "const char*", Name: "container_id"}, - {Type: "unsigned long", Name: "ctime"}, - {Type: "const char*", Name: "container_image"}, - {Type: "const char*", Name: "container_image_digest"}, - {Type: "const char*", Name: "container_name"}, - {Type: "const char*", Name: "pod_name"}, - {Type: "const char*", Name: "pod_namespace"}, - {Type: "const char*", Name: "pod_uid"}, - {Type: "bool", Name: "pod_sandbox"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "runtime"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "container_id"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "ctime"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "container_image"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "container_image_digest"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "container_name"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pod_name"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pod_namespace"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pod_uid"}, + {DecodeAs: trace.BOOL_T, Type: "bool", Name: "pod_sandbox"}, }, }, ContainerRemove: { @@ -11978,8 +11978,8 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"default", "containers"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "runtime"}, - {Type: "const char*", Name: "container_id"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "runtime"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "container_id"}, }, }, ExistingContainer: { @@ -11989,16 +11989,16 @@ var CoreEvents = map[ID]Definition{ version: NewVersion(1, 0, 0), sets: []string{"containers"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "runtime"}, - {Type: "const char*", Name: "container_id"}, - {Type: "unsigned long", Name: "ctime"}, - {Type: "const char*", Name: "container_image"}, - {Type: "const char*", Name: "container_image_digest"}, - {Type: "const char*", Name: "container_name"}, - {Type: "const char*", Name: "pod_name"}, - {Type: "const char*", Name: "pod_namespace"}, - {Type: "const char*", Name: "pod_uid"}, - {Type: "bool", Name: "pod_sandbox"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "runtime"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "container_id"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "ctime"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "container_image"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "container_image_digest"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "container_name"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pod_name"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pod_namespace"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pod_uid"}, + {DecodeAs: trace.BOOL_T, Type: "bool", Name: "pod_sandbox"}, }, }, ProcCreate: { @@ -12013,8 +12013,8 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "char*", Name: "name"}, - {Type: "void*", Name: "proc_ops_addr"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "name"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "proc_ops_addr"}, }, }, KprobeAttach: { @@ -12030,9 +12030,9 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "char*", Name: "symbol_name"}, - {Type: "void*", Name: "pre_handler_addr"}, - {Type: "void*", Name: "post_handler_addr"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "symbol_name"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "pre_handler_addr"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "post_handler_addr"}, }, }, CallUsermodeHelper: { @@ -12047,10 +12047,10 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "const char*const*", Name: "argv"}, - {Type: "const char*const*", Name: "envp"}, - {Type: "int", Name: "wait"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.STR_ARR_T, Type: "[]string", Name: "argv"}, + {DecodeAs: trace.STR_ARR_T, Type: "[]string", Name: "envp"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "wait"}, }, }, DebugfsCreateFile: { @@ -12065,10 +12065,10 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "file_name"}, - {Type: "const char*", Name: "path"}, - {Type: "umode_t", Name: "mode"}, - {Type: "void*", Name: "proc_ops_addr"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "file_name"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "path"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "mode"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "proc_ops_addr"}, }, }, SyscallTableCheck: { @@ -12087,8 +12087,8 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "int", Name: "syscall_id"}, - {Type: "unsigned long", Name: "syscall_address"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "syscall_id"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "syscall_address"}, }, }, HiddenKernelModule: { @@ -12103,9 +12103,9 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "address"}, - {Type: "const char*", Name: "name"}, - {Type: "const char*", Name: "srcversion"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "address"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "name"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "srcversion"}, }, }, HiddenKernelModuleSeeker: { @@ -12138,10 +12138,10 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "unsigned long", Name: "address"}, - {Type: "bytes", Name: "name"}, - {Type: "unsigned int", Name: "flags"}, - {Type: "bytes", Name: "srcversion"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "address"}, + {DecodeAs: trace.BYTES_T, Type: "[]byte", Name: "name"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "flags"}, + {DecodeAs: trace.BYTES_T, Type: "[]byte", Name: "srcversion"}, }, }, HookedSyscall: { @@ -12162,10 +12162,10 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "syscall"}, - {Type: "const char*", Name: "address"}, - {Type: "const char*", Name: "function"}, - {Type: "const char*", Name: "owner"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "syscall"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "address"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "function"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "owner"}, }, }, DebugfsCreateDir: { @@ -12180,8 +12180,8 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "name"}, - {Type: "const char*", Name: "path"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "name"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "path"}, }, }, DeviceAdd: { @@ -12196,8 +12196,8 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "name"}, - {Type: "const char*", Name: "parent_name"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "name"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "parent_name"}, }, }, RegisterChrdev: { @@ -12213,10 +12213,10 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "unsigned int", Name: "requested_major_number"}, - {Type: "unsigned int", Name: "granted_major_number"}, - {Type: "const char*", Name: "char_device_name"}, - {Type: "struct file_operations *", Name: "char_device_fops"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "requested_major_number"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "granted_major_number"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "char_device_name"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "char_device_fops"}, }, }, SharedObjectLoaded: { @@ -12236,11 +12236,11 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"lsm_hooks", "fs", "fs_file_ops", "proc", "proc_mem"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "int", Name: "flags"}, - {Type: "dev_t", Name: "dev"}, - {Type: "unsigned long", Name: "inode"}, - {Type: "unsigned long", Name: "ctime"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "inode"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "ctime"}, }, }, SymbolsLoaded: { @@ -12257,9 +12257,9 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"derived", "fs", "security_alert"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "library_path"}, - {Type: "const char*const*", Name: "symbols"}, - {Type: "const char *", Name: "sha256"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "library_path"}, + {DecodeAs: trace.STR_ARR_T, Type: "[]string", Name: "symbols"}, + {Type: "string", Name: "sha256"}, }, }, SymbolsCollision: { @@ -12276,9 +12276,9 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"lsm_hooks", "fs", "fs_file_ops", "proc", "proc_mem"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "loaded_path"}, - {Type: "const char*", Name: "collision_path"}, - {Type: "const char*const*", Name: "symbols"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "loaded_path"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "collision_path"}, + {DecodeAs: trace.STR_ARR_T, Type: "[]string", Name: "symbols"}, }, }, CaptureFileWrite: { @@ -12416,9 +12416,9 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "name"}, - {Type: "const char*", Name: "version"}, - {Type: "const char*", Name: "src_version"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "name"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "version"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "src_version"}, }, }, ModuleLoad: { @@ -12431,15 +12431,15 @@ var CoreEvents = map[ID]Definition{ {handle: probes.ModuleLoad, required: true}, }, }, - sets: []string{"default"}, + sets: []string{}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "name"}, - {Type: "const char*", Name: "version"}, - {Type: "const char*", Name: "src_version"}, - {Type: "const char*", Name: "pathname"}, - {Type: "dev_t", Name: "dev"}, - {Type: "unsigned long", Name: "inode"}, - {Type: "u64", Name: "ctime"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "name"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "version"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "src_version"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "inode"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "ctime"}, }, }, ModuleFree: { @@ -12454,9 +12454,9 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "name"}, - {Type: "const char*", Name: "version"}, - {Type: "const char*", Name: "src_version"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "name"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "version"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "src_version"}, }, }, SocketAccept: { @@ -12480,9 +12480,9 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "int", Name: "sockfd"}, - {Type: "struct sockaddr*", Name: "local_addr"}, - {Type: "struct sockaddr*", Name: "remote_addr"}}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sockfd"}, + {DecodeAs: trace.SOCK_ADDR_T, Type: "struct sockaddr*", Name: "local_addr"}, + {DecodeAs: trace.SOCK_ADDR_T, Type: "struct sockaddr*", Name: "remote_addr"}}, }, LoadElfPhdrs: { id: LoadElfPhdrs, @@ -12496,9 +12496,9 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"proc"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "dev_t", Name: "dev"}, - {Type: "unsigned long", Name: "inode"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "inode"}, }, }, HookedProcFops: { @@ -12525,7 +12525,7 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "[]trace.HookedSymbolData", Name: "hooked_fops_pointers"}, + {DecodeAs: trace.UINT64_ARR_T, Type: "[]trace.HookedSymbolData", Name: "hooked_fops_pointers"}, }, }, PrintNetSeqOps: { @@ -12549,8 +12549,8 @@ var CoreEvents = map[ID]Definition{ internal: true, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "unsigned long[]", Name: "net_seq_ops"}, - {Type: "unsigned long", Name: trigger.ContextArgName}, + {DecodeAs: trace.UINT64_ARR_T, Type: "[]uint64", Name: "net_seq_ops"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: trigger.ContextArgName}, }, }, HookedSeqOps: { @@ -12590,8 +12590,8 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"proc"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "old_name"}, - {Type: "const char*", Name: "new_name"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "old_name"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "new_name"}, }, }, SecurityInodeRename: { @@ -12604,10 +12604,10 @@ var CoreEvents = map[ID]Definition{ {handle: probes.SecurityInodeRename, required: true}, }, }, - sets: []string{"default"}, + sets: []string{}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "old_path"}, - {Type: "const char*", Name: "new_path"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "old_path"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "new_path"}, }, }, DoSigaction: { @@ -12622,17 +12622,17 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"proc"}, fields: []trace.ArgMeta{ - {Type: "int", Name: "sig"}, - {Type: "bool", Name: "is_sa_initialized"}, - {Type: "unsigned long", Name: "sa_flags"}, - {Type: "unsigned long", Name: "sa_mask"}, - {Type: "u8", Name: "sa_handle_method"}, - {Type: "void*", Name: "sa_handler"}, - {Type: "bool", Name: "is_old_sa_initialized"}, - {Type: "unsigned long", Name: "old_sa_flags"}, - {Type: "unsigned long", Name: "old_sa_mask"}, - {Type: "u8", Name: "old_sa_handle_method"}, - {Type: "void*", Name: "old_sa_handler"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "sig"}, + {DecodeAs: trace.BOOL_T, Type: "bool", Name: "is_sa_initialized"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "sa_flags"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "sa_mask"}, + {DecodeAs: trace.U8_T, Type: "uint8", Name: "sa_handle_method"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "sa_handler"}, + {DecodeAs: trace.BOOL_T, Type: "bool", Name: "is_old_sa_initialized"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "old_sa_flags"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "old_sa_mask"}, + {DecodeAs: trace.U8_T, Type: "uint8", Name: "old_sa_handle_method"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "old_sa_handler"}, }, }, BpfAttach: { @@ -12653,13 +12653,13 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "int", Name: "prog_type"}, - {Type: "const char*", Name: "prog_name"}, - {Type: "u32", Name: "prog_id"}, - {Type: "unsigned long[]", Name: "prog_helpers"}, - {Type: "const char*", Name: "symbol_name"}, - {Type: "u64", Name: "symbol_addr"}, - {Type: "int", Name: "attach_type"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "prog_type"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "prog_name"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "prog_id"}, + {DecodeAs: trace.UINT64_ARR_T, Type: "[]uint64", Name: "prog_helpers"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "symbol_name"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "symbol_addr"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "attach_type"}, }, }, KallsymsLookupName: { @@ -12676,8 +12676,8 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "symbol_name"}, - {Type: "void*", Name: "symbol_address"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "symbol_name"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "symbol_address"}, }, }, PrintMemDump: { @@ -12707,13 +12707,13 @@ var CoreEvents = map[ID]Definition{ }, }, fields: []trace.ArgMeta{ - {Type: "bytes", Name: "bytes"}, - {Type: "void*", Name: "address"}, - {Type: "u64", Name: "length"}, - {Type: "u64", Name: "caller_context_id"}, - {Type: "char*", Name: "arch"}, - {Type: "char*", Name: "symbol_name"}, - {Type: "char*", Name: "symbol_owner"}, + {DecodeAs: trace.BYTES_T, Type: "[]byte", Name: "bytes"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "address"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "length"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "caller_context_id"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "arch"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "symbol_name"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "symbol_owner"}, }, }, VfsRead: { @@ -12729,11 +12729,11 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "dev_t", Name: "dev"}, - {Type: "unsigned long", Name: "inode"}, - {Type: "size_t", Name: "count"}, - {Type: "off_t", Name: "pos"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "inode"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "count"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "pos"}, }, }, VfsReadv: { @@ -12749,11 +12749,11 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "dev_t", Name: "dev"}, - {Type: "unsigned long", Name: "inode"}, - {Type: "unsigned long", Name: "vlen"}, - {Type: "off_t", Name: "pos"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "inode"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "vlen"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "pos"}, }, }, VfsUtimes: { @@ -12769,11 +12769,11 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "dev_t", Name: "dev"}, - {Type: "unsigned long", Name: "inode"}, - {Type: "u64", Name: "atime"}, - {Type: "u64", Name: "mtime"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "inode"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "atime"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "mtime"}, }, }, DoTruncate: { @@ -12788,10 +12788,10 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "unsigned long", Name: "inode"}, - {Type: "dev_t", Name: "dev"}, - {Type: "u64", Name: "length"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "inode"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "length"}, }, }, FileModification: { @@ -12802,11 +12802,11 @@ var CoreEvents = map[ID]Definition{ docPath: "kprobes/file_modification.md", sets: []string{}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "file_path"}, - {Type: "dev_t", Name: "dev"}, - {Type: "unsigned long", Name: "inode"}, - {Type: "unsigned long", Name: "old_ctime"}, - {Type: "unsigned long", Name: "new_ctime"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "file_path"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "inode"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "old_ctime"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "new_ctime"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -12832,9 +12832,9 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "unsigned long", Name: "inode"}, - {Type: "dev_t", Name: "dev"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "inode"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, }, }, SecurityBpfProg: { @@ -12853,11 +12853,11 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "int", Name: "type"}, - {Type: "const char*", Name: "name"}, - {Type: "unsigned long[]", Name: "helpers"}, - {Type: "u32", Name: "id"}, - {Type: "bool", Name: "load"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "type"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "name"}, + {DecodeAs: trace.UINT64_ARR_T, Type: "[]uint64", Name: "helpers"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "id"}, + {DecodeAs: trace.BOOL_T, Type: "bool", Name: "load"}, }, }, ExecuteFinished: { @@ -12881,20 +12881,20 @@ var CoreEvents = map[ID]Definition{ }, }, fields: []trace.ArgMeta{ - {Type: "int", Name: "dirfd"}, - {Type: "int", Name: "flags"}, - {Type: "const char*", Name: "pathname"}, - {Type: "const char*", Name: "binary.path"}, - {Type: "dev_t", Name: "binary.device_id"}, - {Type: "unsigned long", Name: "binary.inode_number"}, - {Type: "unsigned long", Name: "binary.ctime"}, - {Type: "umode_t", Name: "binary.inode_mode"}, - {Type: "const char*", Name: "interpreter_path"}, - {Type: "umode_t", Name: "stdin_type"}, - {Type: "char*", Name: "stdin_path"}, - {Type: "int", Name: "kernel_invoked"}, - {Type: "const char*const*", Name: "argv"}, - {Type: "const char*const*", Name: "envp"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "dirfd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "binary.path"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "binary.device_id"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "binary.inode_number"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "binary.ctime"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "binary.inode_mode"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "interpreter_path"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "stdin_type"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "stdin_path"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "kernel_invoked"}, + {DecodeAs: trace.STR_ARR_T, Type: "[]string", Name: "argv"}, + {DecodeAs: trace.STR_ARR_T, Type: "[]string", Name: "envp"}, }, }, ProcessExecuteFailedInternal: { @@ -12915,20 +12915,20 @@ var CoreEvents = map[ID]Definition{ }, }, fields: []trace.ArgMeta{ - {Type: "int", Name: "dirfd"}, - {Type: "int", Name: "flags"}, - {Type: "const char*", Name: "pathname"}, - {Type: "const char*", Name: "binary.path"}, - {Type: "dev_t", Name: "binary.device_id"}, - {Type: "unsigned long", Name: "binary.inode_number"}, - {Type: "unsigned long", Name: "binary.ctime"}, - {Type: "umode_t", Name: "binary.inode_mode"}, - {Type: "const char*", Name: "interpreter_path"}, - {Type: "umode_t", Name: "stdin_type"}, - {Type: "char*", Name: "stdin_path"}, - {Type: "int", Name: "kernel_invoked"}, - {Type: "const char*const*", Name: "argv"}, - {Type: "const char*const*", Name: "envp"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "dirfd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "binary.path"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "binary.device_id"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "binary.inode_number"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "binary.ctime"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "binary.inode_mode"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "interpreter_path"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "stdin_type"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "stdin_path"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "kernel_invoked"}, + {DecodeAs: trace.STR_ARR_T, Type: "[]string", Name: "argv"}, + {DecodeAs: trace.STR_ARR_T, Type: "[]string", Name: "envp"}, }, }, ProcessExecuteFailed: { @@ -12941,20 +12941,20 @@ var CoreEvents = map[ID]Definition{ ids: []ID{ProcessExecuteFailedInternal}, }, fields: []trace.ArgMeta{ - {Type: "int", Name: "dirfd"}, - {Type: "int", Name: "flags"}, - {Type: "const char*", Name: "pathname"}, - {Type: "const char*", Name: "binary.path"}, - {Type: "dev_t", Name: "binary.device_id"}, - {Type: "unsigned long", Name: "binary.inode_number"}, - {Type: "unsigned long", Name: "binary.ctime"}, - {Type: "umode_t", Name: "binary.inode_mode"}, - {Type: "const char*", Name: "interpreter_path"}, - {Type: "umode_t", Name: "stdin_type"}, - {Type: "char*", Name: "stdin_path"}, - {Type: "int", Name: "kernel_invoked"}, - {Type: "const char*const*", Name: "argv"}, - {Type: "const char*const*", Name: "envp"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "dirfd"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "flags"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "binary.path"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "binary.device_id"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "binary.inode_number"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "binary.ctime"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "binary.inode_mode"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "interpreter_path"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "stdin_type"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "stdin_path"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "kernel_invoked"}, + {DecodeAs: trace.STR_ARR_T, Type: "[]string", Name: "argv"}, + {DecodeAs: trace.STR_ARR_T, Type: "[]string", Name: "envp"}, }, }, FtraceHook: { @@ -12968,13 +12968,13 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "symbol"}, - {Type: "const char*", Name: "trampoline"}, - {Type: "const char*", Name: "callback"}, - {Type: "off_t", Name: "callback_offset"}, - {Type: "const char*", Name: "callback_owner"}, - {Type: "const char*", Name: "flags"}, - {Type: "unsigned long", Name: "count"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "symbol"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "trampoline"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "callback"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "callback_offset"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "callback_owner"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "flags"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "count"}, }, }, SecurityPathNotify: { @@ -12989,11 +12989,11 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"lsm_hooks", "fs_monitor"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "unsigned long", Name: "inode"}, - {Type: "dev_t", Name: "dev"}, - {Type: "u64", Name: "mask"}, - {Type: "unsigned int", Name: "obj_type"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "inode"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "mask"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "obj_type"}, }, }, SetFsPwd: { @@ -13007,8 +13007,8 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "unresolved_path"}, - {Type: "const char*", Name: "resolved_path"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "unresolved_path"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "resolved_path"}, }, }, SecurityTaskSetrlimit: { @@ -13022,10 +13022,10 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"lsm"}, fields: []trace.ArgMeta{ - {Type: "u32", Name: "target_host_pid"}, - {Type: "int", Name: "resource"}, - {Type: "u64", Name: "new_rlim_cur"}, - {Type: "u64", Name: "new_rlim_max"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "target_host_pid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "resource"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "new_rlim_cur"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "new_rlim_max"}, }, }, SecuritySettime64: { @@ -13039,10 +13039,10 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"lsm"}, fields: []trace.ArgMeta{ - {Type: "u64", Name: "tv_sec"}, - {Type: "u64", Name: "tv_nsec"}, - {Type: "int", Name: "tz_minuteswest"}, - {Type: "int", Name: "tz_dsttime"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "tv_sec"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "tv_nsec"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "tz_minuteswest"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "tz_dsttime"}, }, }, ChmodCommon: { @@ -13051,10 +13051,10 @@ var CoreEvents = map[ID]Definition{ name: "chmod_common", version: NewVersion(1, 0, 0), syscall: true, - sets: []string{"default"}, + sets: []string{}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "pathname"}, - {Type: "umode_t", Name: "mode"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "mode"}, }, dependencies: Dependencies{ probes: []Probe{ @@ -13068,12 +13068,12 @@ var CoreEvents = map[ID]Definition{ name: "suspicious_syscall_source", sets: []string{}, fields: []trace.ArgMeta{ - {Type: "int", Name: "syscall"}, - {Type: "void*", Name: "ip"}, - {Type: "char*", Name: "vma_type"}, - {Type: "void*", Name: "vma_start"}, - {Type: "unsigned long", Name: "vma_size"}, - {Type: "unsigned long", Name: "vma_flags"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "syscall"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "ip"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "vma_type"}, + {DecodeAs: trace.POINTER_T, Type: "void*", Name: "vma_start"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "vma_size"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "vma_flags"}, }, }, // @@ -13091,9 +13091,9 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"signal"}, fields: []trace.ArgMeta{ - {Type: "u64", Name: "cgroup_id"}, - {Type: "const char*", Name: "cgroup_path"}, - {Type: "u32", Name: "hierarchy_id"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "cgroup_id"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "cgroup_path"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "hierarchy_id"}, }, }, SignalCgroupRmdir: { @@ -13108,9 +13108,9 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"signal"}, fields: []trace.ArgMeta{ - {Type: "u64", Name: "cgroup_id"}, - {Type: "const char*", Name: "cgroup_path"}, - {Type: "u32", Name: "hierarchy_id"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "cgroup_id"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "cgroup_path"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "hierarchy_id"}, }, }, SignalSchedProcessFork: { @@ -13125,31 +13125,31 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"signal"}, fields: []trace.ArgMeta{ - {Type: "u64", Name: "timestamp"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "timestamp"}, // Real Parent - {Type: "int", Name: "parent_tid"}, - {Type: "int", Name: "parent_ns_tid"}, - {Type: "int", Name: "parent_pid"}, - {Type: "int", Name: "parent_ns_pid"}, - {Type: "unsigned long", Name: "parent_start_time"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "parent_tid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "parent_ns_tid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "parent_pid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "parent_ns_pid"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "parent_start_time"}, // Child - {Type: "int", Name: "child_tid"}, - {Type: "int", Name: "child_ns_tid"}, - {Type: "int", Name: "child_pid"}, - {Type: "int", Name: "child_ns_pid"}, - {Type: "unsigned long", Name: "start_time"}, // child_start_time + {DecodeAs: trace.INT_T, Type: "int32", Name: "child_tid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "child_ns_tid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "child_pid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "child_ns_pid"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "start_time"}, // child_start_time // Parent Process (Go up in hierarchy until parent is a process and not a lwp) - {Type: "int", Name: "parent_process_tid"}, - {Type: "int", Name: "parent_process_ns_tid"}, - {Type: "int", Name: "parent_process_pid"}, - {Type: "int", Name: "parent_process_ns_pid"}, - {Type: "unsigned long", Name: "parent_process_start_time"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "parent_process_tid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "parent_process_ns_tid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "parent_process_pid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "parent_process_ns_pid"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "parent_process_start_time"}, // Thread Group Leader - {Type: "int", Name: "leader_tid"}, - {Type: "int", Name: "leader_ns_tid"}, - {Type: "int", Name: "leader_pid"}, - {Type: "int", Name: "leader_ns_pid"}, - {Type: "unsigned long", Name: "leader_start_time"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "leader_tid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "leader_ns_tid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "leader_pid"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "leader_ns_pid"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "leader_start_time"}, }, }, SignalSchedProcessExec: { @@ -13167,28 +13167,28 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"signal"}, fields: []trace.ArgMeta{ - {Type: "u64", Name: "timestamp"}, - {Type: "u32", Name: "task_hash"}, - {Type: "u32", Name: "parent_hash"}, - {Type: "u32", Name: "leader_hash"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "timestamp"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "task_hash"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "parent_hash"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "leader_hash"}, // command - {Type: "const char*", Name: "cmdpath"}, - {Type: "const char*", Name: "pathname"}, - {Type: "dev_t", Name: "dev"}, - {Type: "unsigned long", Name: "inode"}, - {Type: "unsigned long", Name: "ctime"}, - {Type: "umode_t", Name: "inode_mode"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "cmdpath"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "dev"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "inode"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "ctime"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "inode_mode"}, // interpreter - {Type: "const char*", Name: "interpreter_pathname"}, - {Type: "dev_t", Name: "interpreter_dev"}, - {Type: "unsigned long", Name: "interpreter_inode"}, - {Type: "unsigned long", Name: "interpreter_ctime"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "interpreter_pathname"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "interpreter_dev"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "interpreter_inode"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "interpreter_ctime"}, // other - {Type: "const char**", Name: "argv"}, - {Type: "const char*", Name: "interp"}, - {Type: "umode_t", Name: "stdin_type"}, - {Type: "char*", Name: "stdin_path"}, - {Type: "int", Name: "invoked_from_kernel"}, + {DecodeAs: trace.ARGS_ARR_T, Type: "[]string", Name: "argv"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "interp"}, + {DecodeAs: trace.U16_T, Type: "uint16", Name: "stdin_type"}, + {DecodeAs: trace.STR_T, Type: "string", Name: "stdin_path"}, + {DecodeAs: trace.INT_T, Type: "int32", Name: "invoked_from_kernel"}, }, }, SignalSchedProcessExit: { @@ -13203,12 +13203,12 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"signal"}, fields: []trace.ArgMeta{ - {Type: "u64", Name: "timestamp"}, - {Type: "u32", Name: "task_hash"}, - {Type: "u32", Name: "parent_hash"}, - {Type: "u32", Name: "leader_hash"}, - {Type: "long", Name: "exit_code"}, - {Type: "bool", Name: "process_group_exit"}, + {DecodeAs: trace.ULONG_T, Type: "uint64", Name: "timestamp"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "task_hash"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "parent_hash"}, + {DecodeAs: trace.UINT_T, Type: "uint32", Name: "leader_hash"}, + {DecodeAs: trace.LONG_T, Type: "int64", Name: "exit_code"}, + {DecodeAs: trace.BOOL_T, Type: "bool", Name: "process_group_exit"}, }, }, // @@ -13252,7 +13252,7 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"packets"}, fields: []trace.ArgMeta{ - {Type: "bytes", Name: "data"}, + {DecodeAs: trace.BYTES_T, Type: "[]byte", Name: "data"}, }, }, NetPacketIPBase: { @@ -13268,7 +13268,7 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"network_events"}, fields: []trace.ArgMeta{ - {Type: "bytes", Name: "payload"}, + {DecodeAs: trace.BYTES_T, Type: "[]byte", Name: "payload"}, }, }, NetPacketIPv4: { @@ -13283,8 +13283,8 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"network_events"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "src"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering - {Type: "const char*", Name: "dst"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering + {Type: "string", Name: "src"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering + {Type: "string", Name: "dst"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering {Type: "trace.PacketMetadata", Name: "metadata"}, {Type: "trace.ProtoIPv4", Name: "proto_ipv4"}, }, @@ -13301,8 +13301,8 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"network_events"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "src"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering - {Type: "const char*", Name: "dst"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering + {Type: "string", Name: "src"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering + {Type: "string", Name: "dst"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering {Type: "trace.PacketMetadata", Name: "metadata"}, {Type: "trace.ProtoIPv6", Name: "proto_ipv6"}, }, @@ -13320,7 +13320,7 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"network_events"}, fields: []trace.ArgMeta{ - {Type: "bytes", Name: "payload"}, + {DecodeAs: trace.BYTES_T, Type: "[]byte", Name: "payload"}, }, }, NetPacketTCP: { @@ -13335,10 +13335,10 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"network_events"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "src"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering - {Type: "const char*", Name: "dst"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering - {Type: "u16", Name: "src_port"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering - {Type: "u16", Name: "dst_port"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering + {Type: "string", Name: "src"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering + {Type: "string", Name: "dst"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering + {Type: "uint16", Name: "src_port"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering + {Type: "uint16", Name: "dst_port"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering {Type: "trace.PacketMetadata", Name: "metadata"}, {Type: "trace.ProtoTCP", Name: "proto_tcp"}, }, @@ -13356,7 +13356,7 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"network_events"}, fields: []trace.ArgMeta{ - {Type: "bytes", Name: "payload"}, + {DecodeAs: trace.BYTES_T, Type: "[]byte", Name: "payload"}, }, }, NetPacketUDP: { @@ -13371,10 +13371,10 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"network_events"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "src"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering - {Type: "const char*", Name: "dst"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering - {Type: "u16", Name: "src_port"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering - {Type: "u16", Name: "dst_port"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering + {Type: "string", Name: "src"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering + {Type: "string", Name: "dst"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering + {Type: "uint16", Name: "src_port"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering + {Type: "uint16", Name: "dst_port"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering {Type: "trace.PacketMetadata", Name: "metadata"}, {Type: "trace.ProtoUDP", Name: "proto_udp"}, }, @@ -13392,7 +13392,7 @@ var CoreEvents = map[ID]Definition{ internal: true, sets: []string{"network_events"}, fields: []trace.ArgMeta{ - {Type: "bytes", Name: "payload"}, + {DecodeAs: trace.BYTES_T, Type: "[]byte", Name: "payload"}, }, }, NetPacketICMP: { @@ -13407,8 +13407,8 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"default", "network_events"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "src"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering - {Type: "const char*", Name: "dst"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering + {Type: "string", Name: "src"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering + {Type: "string", Name: "dst"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering {Type: "trace.PacketMetadata", Name: "metadata"}, {Type: "trace.ProtoICMP", Name: "proto_icmp"}, }, @@ -13426,7 +13426,7 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"network_events"}, fields: []trace.ArgMeta{ - {Type: "bytes", Name: "payload"}, + {DecodeAs: trace.BYTES_T, Type: "[]byte", Name: "payload"}, }, }, NetPacketICMPv6: { @@ -13441,8 +13441,8 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"default", "network_events"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "src"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering - {Type: "const char*", Name: "dst"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering + {Type: "string", Name: "src"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering + {Type: "string", Name: "dst"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering {Type: "trace.PacketMetadata", Name: "metadata"}, {Type: "trace.ProtoICMPv6", Name: "proto_icmpv6"}, }, @@ -13460,7 +13460,7 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"network_events"}, fields: []trace.ArgMeta{ - {Type: "bytes", Name: "payload"}, + {DecodeAs: trace.BYTES_T, Type: "[]byte", Name: "payload"}, }, }, NetPacketDNS: { @@ -13475,10 +13475,10 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"network_events"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "src"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering - {Type: "const char*", Name: "dst"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering - {Type: "u16", Name: "src_port"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering - {Type: "u16", Name: "dst_port"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering + {Type: "string", Name: "src"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering + {Type: "string", Name: "dst"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering + {Type: "uint16", Name: "src_port"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering + {Type: "uint16", Name: "dst_port"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering {Type: "trace.PacketMetadata", Name: "metadata"}, {Type: "trace.ProtoDNS", Name: "proto_dns"}, }, @@ -13528,7 +13528,7 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"network_events"}, fields: []trace.ArgMeta{ - {Type: "bytes", Name: "payload"}, + {DecodeAs: trace.BYTES_T, Type: "[]byte", Name: "payload"}, }, }, NetPacketHTTP: { @@ -13543,10 +13543,10 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"network_events"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "src"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering - {Type: "const char*", Name: "dst"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering - {Type: "u16", Name: "src_port"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering - {Type: "u16", Name: "dst_port"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering + {Name: "src"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering + {Name: "dst"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering + {Name: "src_port"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering + {Name: "dst_port"}, // TODO: pack and remove into trace.PacketMetadata after it supports filtering {Type: "trace.PacketMetadata", Name: "metadata"}, {Type: "trace.ProtoHTTP", Name: "proto_http"}, }, @@ -13595,7 +13595,7 @@ var CoreEvents = map[ID]Definition{ }, }, fields: []trace.ArgMeta{ - {Type: "bytes", Name: "payload"}, + {DecodeAs: trace.BYTES_T, Type: "[]byte", Name: "payload"}, }, }, CaptureNetPacket: { @@ -13623,7 +13623,7 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"network_events"}, fields: []trace.ArgMeta{ - {Type: "bytes", Name: "payload"}, + {DecodeAs: trace.BYTES_T, Type: "[]byte", Name: "payload"}, }, }, NetFlowTCPBegin: { @@ -13638,13 +13638,13 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"network_events", "flows"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "conn_direction"}, - {Type: "const char*", Name: "src"}, - {Type: "const char*", Name: "dst"}, - {Type: "u16", Name: "src_port"}, - {Type: "u16", Name: "dst_port"}, - {Type: "const char **", Name: "src_dns"}, - {Type: "const char **", Name: "dst_dns"}, + {Type: "string", Name: "conn_direction"}, + {Type: "string", Name: "src"}, + {Type: "string", Name: "dst"}, + {Type: "uint16", Name: "src_port"}, + {Type: "uint16", Name: "dst_port"}, + {Type: "[]string", Name: "src_dns"}, + {Type: "[]string", Name: "dst_dns"}, }, }, NetFlowTCPEnd: { @@ -13659,13 +13659,13 @@ var CoreEvents = map[ID]Definition{ }, sets: []string{"network_events", "flows"}, fields: []trace.ArgMeta{ - {Type: "const char*", Name: "conn_direction"}, - {Type: "const char*", Name: "src"}, - {Type: "const char*", Name: "dst"}, - {Type: "u16", Name: "src_port"}, - {Type: "u16", Name: "dst_port"}, - {Type: "const char **", Name: "src_dns"}, - {Type: "const char **", Name: "dst_dns"}, + {Type: "string", Name: "conn_direction"}, + {Type: "string", Name: "src"}, + {Type: "string", Name: "dst"}, + {Type: "uint16", Name: "src_port"}, + {Type: "uint16", Name: "dst_port"}, + {Type: "[]string", Name: "src_dns"}, + {Type: "[]string", Name: "dst_dns"}, }, }, diff --git a/pkg/events/derive/symbols_loaded_test.go b/pkg/events/derive/symbols_loaded_test.go index 33052b01f8f5..1eb183690603 100644 --- a/pkg/events/derive/symbols_loaded_test.go +++ b/pkg/events/derive/symbols_loaded_test.go @@ -62,7 +62,7 @@ func generateSOLoadedEvent(pid int, so sharedobjs.ObjInfo) trace.Event { Args: []trace.Argument{ {ArgMeta: trace.ArgMeta{Type: "const char*", Name: "pathname"}, Value: so.Path}, {ArgMeta: trace.ArgMeta{Type: "int", Name: "flags"}, Value: 0}, - {ArgMeta: trace.ArgMeta{Type: "dev_t", Name: "dev"}, Value: so.Id.Device}, + {ArgMeta: trace.ArgMeta{Type: "unsigned int", Name: "dev"}, Value: so.Id.Device}, {ArgMeta: trace.ArgMeta{Type: "unsigned long", Name: "inode"}, Value: so.Id.Inode}, {ArgMeta: trace.ArgMeta{Type: "unsigned long", Name: "ctime"}, Value: so.Id.Ctime}, }, diff --git a/pkg/events/parse/params.go b/pkg/events/parse/params.go index e2550a602496..7f313bc03ccd 100644 --- a/pkg/events/parse/params.go +++ b/pkg/events/parse/params.go @@ -1,8 +1,6 @@ package parse import ( - "strings" - "github.com/aquasecurity/tracee/pkg/errfmt" "github.com/aquasecurity/tracee/types/trace" ) @@ -28,66 +26,33 @@ func ArgVal[T any](args []trace.Argument, argName string) (T, error) { func ArgZeroValueFromType(t string) interface{} { switch t { - case "char": + case "char", "byte": return byte(0) - case "bytes": + case "[]byte": return []byte{} - case "s8": + case "int8": return int8(0) - case "u8": + case "uint8": return uint8(0) - case "s16", - "short": + case "int16": return int16(0) - case "u16", - "unsigned short", - "old_gid_t", - "old_uid_t", - "umode_t": + case "uint16": return uint16(0) - case "s32", - "int", - "pid_t", - "key_t", - "clockid_t", - "const clockid_t", - "timer_t", - "mqd_t", - "key_serial_t", - "landlock_rule_type": + case "int32": return int32(0) - case "u32", - "unsigned int", - "dev_t", - "uid_t", - "gid_t", - "mode_t", - "qid_t": + case "uint32": return uint32(0) - case "int[2]": + case "[2]int32": return [2]int32{} - case "s64", - "long", - "long long", - "off_t", - "loff_t": + case "int64": return int64(0) - case "u64", - "unsigned long", - "unsigned long long", - "const unsigned long", - "const unsigned long long", - "size_t", - "aio_context_t": + case "uint64": return uint64(0) - case "unsigned long[]": + case "[]uint64": return []uint64{} - case "char*", - "const char*", - "const char *": + case "string": return string("") - case "const char**", - "const char **": + case "[]string": return []string{} case "bool": return false @@ -95,7 +60,7 @@ func ArgZeroValueFromType(t string) interface{} { return float32(0) case "float64": return float64(0) - case "slim_cred_t": + case "trace.SlimCred": return trace.SlimCred{} case "trace.ProtoIPv4": return trace.ProtoIPv4{} @@ -129,26 +94,12 @@ func ArgZeroValueFromType(t string) interface{} { return []trace.HookedSymbolData{} case "map[string]trace.HookedSymbolData": return map[string]trace.HookedSymbolData{} - default: - // + case "void*": // pointer types - // - switch { - case strings.HasSuffix(t, "*"), - strings.HasSuffix(t, " *restrict"): - return uintptr(0) - } - switch t { - case "cap_user_header_t", - "cap_user_data_t", - "const cap_user_data_t", - "sighandler_t": - return uintptr(0) - } - - // unknown type - return nil + return uintptr(0) } + // unknown type + return nil } // ArgIndex find the index of an argument by name diff --git a/pkg/policy/ebpf.go b/pkg/policy/ebpf.go index 7a6767273323..1ccc50d49c64 100644 --- a/pkg/policy/ebpf.go +++ b/pkg/policy/ebpf.go @@ -10,13 +10,13 @@ import ( bpf "github.com/aquasecurity/libbpfgo" - "github.com/aquasecurity/tracee/pkg/bufferdecoder" "github.com/aquasecurity/tracee/pkg/containers" "github.com/aquasecurity/tracee/pkg/errfmt" "github.com/aquasecurity/tracee/pkg/events" "github.com/aquasecurity/tracee/pkg/filters" "github.com/aquasecurity/tracee/pkg/logger" "github.com/aquasecurity/tracee/pkg/utils/proc" + "github.com/aquasecurity/tracee/types/trace" ) const ( @@ -288,7 +288,7 @@ type eventConfig struct { func (ps *policies) createNewEventsMapVersion( bpfModule *bpf.Module, rules map[events.ID]*eventFlags, - eventsFields map[events.ID][]bufferdecoder.ArgType, + eventsFields map[events.ID][]trace.DecodeAs, eventsFilterCfg map[events.ID]stringFilterConfig, ) error { polsVersion := ps.version() @@ -318,6 +318,15 @@ func (ps *policies) createNewEventsMapVersion( // encoded event's field types var fieldTypes uint64 fields := eventsFields[id] + + /* + each event may have at most 8 argument data types stored. + in the map, the arguments are stored in a 64bit sized bitmap where each 8 bits + represent some argument type. + For example consider an event with two int arguments (argType = 1) and one string + (argType = 10): + 0 0 0 0 0 a 1 1 - would be the encoded argument types bitmap + */ for n, fieldType := range fields { fieldTypes = fieldTypes | (uint64(fieldType) << (8 * n)) } @@ -673,7 +682,7 @@ func (ps *policies) updateBPF( bpfModule *bpf.Module, cts *containers.Containers, rules map[events.ID]*eventFlags, - eventsFields map[events.ID][]bufferdecoder.ArgType, + eventsFields map[events.ID][]trace.DecodeAs, createNewMaps bool, updateProcTree bool, ) (*PoliciesConfig, error) { diff --git a/pkg/policy/policy_manager.go b/pkg/policy/policy_manager.go index de9ed68afbae..80676883f281 100644 --- a/pkg/policy/policy_manager.go +++ b/pkg/policy/policy_manager.go @@ -5,7 +5,6 @@ import ( bpf "github.com/aquasecurity/libbpfgo" - "github.com/aquasecurity/tracee/pkg/bufferdecoder" "github.com/aquasecurity/tracee/pkg/capabilities" "github.com/aquasecurity/tracee/pkg/config" "github.com/aquasecurity/tracee/pkg/containers" @@ -17,6 +16,7 @@ import ( "github.com/aquasecurity/tracee/pkg/pcaps" "github.com/aquasecurity/tracee/pkg/proctree" "github.com/aquasecurity/tracee/pkg/utils" + "github.com/aquasecurity/tracee/types/trace" ) type ManagerConfig struct { @@ -593,7 +593,7 @@ func (m *Manager) LookupByName(name string) (*Policy, error) { func (m *Manager) UpdateBPF( bpfModule *bpf.Module, cts *containers.Containers, - eventsFields map[events.ID][]bufferdecoder.ArgType, + eventsFields map[events.ID][]trace.DecodeAs, createNewMaps bool, updateProcTree bool, ) (*PoliciesConfig, error) { diff --git a/pkg/server/grpc/event_data_test.go b/pkg/server/grpc/event_data_test.go index da9b5d2a9f5f..7377858ca610 100644 --- a/pkg/server/grpc/event_data_test.go +++ b/pkg/server/grpc/event_data_test.go @@ -128,7 +128,7 @@ func Test_getEventData(t *testing.T) { { ArgMeta: trace.ArgMeta{ Name: "pos", - Type: "off_t", + Type: "long", }, Value: uint64(2), }, @@ -168,7 +168,7 @@ func Test_getEventData(t *testing.T) { { ArgMeta: trace.ArgMeta{ Name: "dev", - Type: "dev_t", + Type: "unsigned int", }, Value: uint32(59), }, @@ -298,7 +298,7 @@ func Test_getEventData(t *testing.T) { { ArgMeta: trace.ArgMeta{ Name: "inode_mode", - Type: "umode_t", + Type: "u16", }, Value: uint16(1818), }, @@ -358,7 +358,7 @@ func Test_getEventData(t *testing.T) { { ArgMeta: trace.ArgMeta{ Name: "pipefd", - Type: "int[2]", + Type: "[2]int32", }, Value: [2]int32{3, 4}, }, @@ -532,7 +532,7 @@ func Test_getEventData(t *testing.T) { { ArgMeta: trace.ArgMeta{ Name: "inode_mode", - Type: "umode_t", + Type: "u16", }, Value: uint16(1818), }, @@ -580,7 +580,7 @@ func Test_getEventData(t *testing.T) { { ArgMeta: trace.ArgMeta{ Name: "inode_mode", - Type: "umode_t", + Type: "u16", }, Value: uint16(1818), }, @@ -608,7 +608,7 @@ func Test_getEventData(t *testing.T) { { ArgMeta: trace.ArgMeta{ Name: "inode_mode", - Type: "umode_t", + Type: "u16", }, Value: uint16(1818), }, diff --git a/tests/integration/capture_test.go b/tests/integration/capture_test.go index 5cdde7cd0388..3b6dbcb2a408 100644 --- a/tests/integration/capture_test.go +++ b/tests/integration/capture_test.go @@ -69,7 +69,7 @@ func Test_TraceeCapture(t *testing.T) { }, { name: "capture packet context", - coolDown: 0 * time.Second, + coolDown: 2 * time.Second, directory: "/tmp/tracee/4", captureFilters: []string{"network", "pcap:single,command,container,process"}, test: packetContext, diff --git a/tests/integration/event_filters_test.go b/tests/integration/event_filters_test.go index 08868ede73f6..0a8e6d6523c4 100644 --- a/tests/integration/event_filters_test.go +++ b/tests/integration/event_filters_test.go @@ -1603,7 +1603,7 @@ func Test_EventFilters(t *testing.T) { expectEvent(anyHost, "fakeprog1", testutils.CPUForTests, anyPID, 0, events.Openat, orPolNames("comm-event-data-64"), orPolIDs(64), expectArg("dirfd", int32(0)), expectArg("flags", int32(0)), - expectArg("mode", uint16(0)), + expectArg("mode", uint32(0)), ), }, []string{}, @@ -1615,7 +1615,7 @@ func Test_EventFilters(t *testing.T) { []trace.Event{ expectEvent(anyHost, "fakeprog2", testutils.CPUForTests, anyPID, 0, events.Open, orPolNames("comm-event-data-42"), orPolIDs(42), expectArg("flags", int32(0)), - expectArg("mode", uint16(0)), + expectArg("mode", uint32(0)), ), }, []string{}, @@ -1683,7 +1683,7 @@ func Test_EventFilters(t *testing.T) { expectEvent(anyHost, "fakeprog1", testutils.CPUForTests, anyPID, 0, events.Openat, orPolNames("comm-event-retval-64"), orPolIDs(64), expectArg("dirfd", int32(0)), expectArg("flags", int32(0)), - expectArg("mode", uint16(0)), + expectArg("mode", uint32(0)), ), }, []string{}, @@ -2852,16 +2852,16 @@ func ExpectAllEvtsEqualToOne(t *testing.T, cmdEvents []cmdEvents, actual *eventB if strings.Contains(v, "*") { v = strings.ReplaceAll(v, "*", "") if !strings.Contains(actVal, v) { - return fmt.Errorf("Event %+v:\narg value mismatch: expected %s, got %s", expEvt, v, actVal) + return fmt.Errorf("Event %+v:\narg value mismatch: expected %s (type %T), got %s (type %T)", expEvt, v, v, actVal, actVal) } } else { if !assert.ObjectsAreEqual(v, actVal) { - return fmt.Errorf("Event %+v:\narg value mismatch: expected %s, got %s", expEvt, v, actVal) + return fmt.Errorf("Event %+v:\narg value mismatch: expected %s (type %T), got %s (type %T)", expEvt, v, v, actVal, actVal) } } default: if !assert.ObjectsAreEqual(v, actArg.Value) { - return fmt.Errorf("Event %+v:\narg value mismatch: expected %v, got %v", expEvt, v, actArg.Value) + return fmt.Errorf("Event %+v:\narg value mismatch: expected %v (type %T), got %v (type %T)", expEvt, v, v, actArg.Value, actArg.Value) } } } @@ -2960,17 +2960,17 @@ func ExpectAllInOrderSequentially(t *testing.T, cmdEvents []cmdEvents, actual *e if strings.Contains(v, "*") { v = strings.ReplaceAll(v, "*", "") if !strings.Contains(actVal, v) { - return fmt.Errorf("Event %+v:\narg value mismatch: expected %s, got %s", expEvt, v, actVal) + return fmt.Errorf("Event %+v:\narg value mismatch: expected %s (type %T), got %s (type %T)", expEvt, v, v, actVal, actVal) } } else { if !assert.ObjectsAreEqual(v, actArg.Value) { - return fmt.Errorf("Event %+v:\narg value mismatch: expected %s, got %s", expEvt, v, actVal) + return fmt.Errorf("Event %+v:\narg value mismatch: expected %s (type %T), got %s (type %T)", expEvt, v, v, actVal, actVal) } } default: if !assert.ObjectsAreEqual(v, actArg.Value) { - return fmt.Errorf("Event %+v:\narg value mismatch: expected %v, got %v", expEvt, v, actArg.Value) + return fmt.Errorf("Event %+v:\narg value mismatch: expected %v (type %T), got %v (type %T)", expEvt, v, v, actArg.Value, actArg.Value) } } } diff --git a/types/trace/trace.go b/types/trace/trace.go index 3e55f6a2f9e0..bdc6b7dada38 100644 --- a/types/trace/trace.go +++ b/types/trace/trace.go @@ -134,11 +134,105 @@ type Argument struct { Value interface{} `json:"value"` } +// DecodeAs is an enum that encodes the argument types that an +// eBPF program may write to the shared buffer. In practice they designate +// either/or a type which is specifically encoded as an argument type in eBPF +// or a strategy of passing an argument on the submission buffer via some +// function. +type DecodeAs uint16 + +// The types of this section in particular are those possibly submitted in +// syscall events. Therefore, these should match to the type enum and table in: +// pkg/ebpf/c/types.h and buffer.h respetively. +const ( + NONE_T DecodeAs = iota // Default value - the argument does not originate from a decodable buffer. + INT_T + UINT_T + LONG_T + ULONG_T + U16_T + U8_T + INT_ARR_2_T + UINT64_ARR_T + POINTER_T + BYTES_T + STR_T + STR_ARR_T + SOCK_ADDR_T + CRED_T + TIMESPEC_T +) + +// These types are in a seprate section since they are not defined as enums in the ebpf code. +// That is because they are unused by syscalls. +// Instead, they designate a functional submission strategy. +// (ie. ARGS_ARR_T is submitted by the strategy defined in buffer.h:save_args_str_arr_to_buf). +const ( + ARGS_ARR_T DecodeAs = iota + 128 + BOOL_T + FLOAT_T + FLOAT64_T + MAX_TRACEE_DECODES +) +const ( + USER_DEFINED_DEOCDE_BEGIN DecodeAs = iota + 256 + USER_DEFINED_DEOCDE_END DecodeAs = iota + 256 +) + +func (d DecodeAs) String() string { + // in the future register these along deocde strategies + switch d { + case NONE_T: + return "nil" + case INT_T: + return "int32" + case UINT_T: + return "uint32" + case LONG_T: + return "int64" + case ULONG_T: + return "uint64" + case U16_T: + return "uint16" + case U8_T: + return "uint8" + case INT_ARR_2_T: + return "[2]int" + case UINT64_ARR_T: + return "[]uint64" + case POINTER_T: + return "uintptr" + case BYTES_T: + return "[]byte" + case STR_T: + return "string" + case STR_ARR_T: + return "[]string" + case SOCK_ADDR_T: + return "SockAddr" + case CRED_T: + return "trace.SlimCred" + case TIMESPEC_T: + return "time.Time" + case ARGS_ARR_T: + return "[]string" + case BOOL_T: + return "bool" + case FLOAT_T: + return "float" + case FLOAT64_T: + return "float64" + } + return "nil" +} + // ArgMeta describes an argument type ArgMeta struct { Name string `json:"name"` Type string `json:"type"` + // DecodeAs includes designates the decoding strategy. + DecodeAs DecodeAs `json:"-"` // Zero contains the zero value for Argument.Value. // It is automatically initialized based on ArgMeta.Type when the Core DefinitionGroup is initialized. Zero interface{} `json:"-"` @@ -162,29 +256,29 @@ func (arg *Argument) UnmarshalJSON(b []byte) error { if err != nil { return err } - arg.Value = uint64(tmp) + arg.Value = uintptr(tmp) return nil } switch arg.Type { - case "int", "pid_t", "uid_t", "gid_t", "mqd_t", "clockid_t", "const clockid_t", "key_t", "key_serial_t", "timer_t", "landlock_rule_type": + case "int32": tmp, err := strconv.ParseInt(num.String(), 10, 32) if err != nil { return err } arg.Value = int32(tmp) - case "long": + case "int64": tmp, err := num.Int64() if err != nil { return err } arg.Value = tmp - case "unsigned int", "u32", "mode_t", "dev_t": + case "uint32": tmp, err := strconv.ParseUint(num.String(), 10, 32) if err != nil { return err } arg.Value = uint32(tmp) - case "unsigned long", "u64", "off_t", "size_t": + case "uint64": tmp, err := strconv.ParseUint(num.String(), 10, 64) if err != nil { return err @@ -196,13 +290,13 @@ func (arg *Argument) UnmarshalJSON(b []byte) error { return err } arg.Value = float32(tmp) - case "float64", "double": + case "float64": tmp, err := num.Float64() if err != nil { return err } arg.Value = tmp - case "unsigned short", "old_uid_t", "old_gid_t", "umode_t", "u16", "uint16": + case "uint16": tmp, err := strconv.ParseUint(num.String(), 10, 16) if err != nil { return err @@ -214,7 +308,7 @@ func (arg *Argument) UnmarshalJSON(b []byte) error { return err } arg.Value = int8(tmp) - case "u8", "uint8": + case "uint8": tmp, err := strconv.ParseUint(num.String(), 10, 8) if err != nil { return err @@ -228,7 +322,7 @@ func (arg *Argument) UnmarshalJSON(b []byte) error { var err error switch arg.Type { - case "const char*const*", "const char**": + case "[]string": if arg.Value != nil { argValue, ok := arg.Value.([]interface{}) if !ok { @@ -447,9 +541,6 @@ func (arg *Argument) UnmarshalJSON(b []byte) error { if !ok { return fmt.Errorf("packet metadata: type error") } - if err != nil { - return err - } argPacketMetadata, err = jsonConvertToPacketMetadata(argPacketMetadataMap) if err != nil { return err @@ -935,9 +1026,6 @@ func jsonConvertToProtoDNSResourceRecordType(argMap map[string]interface{}) (Pro } txtsValue = jsonConvertToStringSlice(txtsInterfaceSlice) - if err != nil { - return ProtoDNSResourceRecord{}, err - } } // SOA conversion diff --git a/types/trace/trace_test.go b/types/trace/trace_test.go index 5abf8943436a..ac7eb2aa57ce 100644 --- a/types/trace/trace_test.go +++ b/types/trace/trace_test.go @@ -28,9 +28,9 @@ func TestEventUnmarshalJSON(t *testing.T) { json: `{"timestamp":26018249532,"processId":12434,"threadId":12434,"parentprocessid":23921, "hostprocessid":12434,"hostthreadid":12434,"hostparentprocessid":23921,"userid":1000,"mountnamespace":4026531840, "pidnamespace":4026531836,"processname":"strace","hostname":"ubuntu","eventid":"101","eventname":"ptrace", - "argsnum":4,"returnvalue":0,"args":[{"name":"request","type":"long","value":"ptrace_seize"}, - {"name":"pid","type":"pid_t","value":12435},{"name":"addr","type":"void*","value":"0x0"},{"name":"data","type":"void*","value":"0x7f6f1eb44b83"}]}`, - expect: Event{Timestamp: 26018249532, ProcessID: 12434, ThreadID: 12434, ParentProcessID: 23921, HostProcessID: 12434, HostThreadID: 12434, HostParentProcessID: 23921, UserID: 1000, MountNS: 4026531840, PIDNS: 4026531836, ProcessName: "strace", HostName: "ubuntu", EventID: 101, EventName: "ptrace", ArgsNum: 4, ReturnValue: 0, Args: []Argument{{ArgMeta: ArgMeta{Name: "request", Type: "long"}, Value: "ptrace_seize"}, {ArgMeta: ArgMeta{Name: "pid", Type: "pid_t"}, Value: int32(12435)}, {ArgMeta: ArgMeta{Name: "addr", Type: "void*"}, Value: "0x0"}, {ArgMeta: ArgMeta{Name: "data", Type: "void*"}, Value: "0x7f6f1eb44b83"}}, ContextFlags: ContextFlags{ContainerStarted: false}}, + "argsnum":4,"returnvalue":0,"args":[{"name":"request","type":"int64","value":"ptrace_seize"}, + {"name":"pid","type":"int32","value":12435},{"name":"addr","type":"void*","value":"0x0"},{"name":"data","type":"void*","value":"0x7f6f1eb44b83"}]}`, + expect: Event{Timestamp: 26018249532, ProcessID: 12434, ThreadID: 12434, ParentProcessID: 23921, HostProcessID: 12434, HostThreadID: 12434, HostParentProcessID: 23921, UserID: 1000, MountNS: 4026531840, PIDNS: 4026531836, ProcessName: "strace", HostName: "ubuntu", EventID: 101, EventName: "ptrace", ArgsNum: 4, ReturnValue: 0, Args: []Argument{{ArgMeta: ArgMeta{Name: "request", Type: "int64"}, Value: "ptrace_seize"}, {ArgMeta: ArgMeta{Name: "pid", Type: "int32"}, Value: int32(12435)}, {ArgMeta: ArgMeta{Name: "addr", Type: "void*"}, Value: "0x0"}, {ArgMeta: ArgMeta{Name: "data", Type: "void*"}, Value: "0x7f6f1eb44b83"}}, ContextFlags: ContextFlags{ContainerStarted: false}}, }, } for _, tc := range testCases { @@ -77,28 +77,28 @@ func TestArgumentUnmarshalJSON(t *testing.T) { testCases := []testCase{ { name: "int arg", - json: `{ "name":"test", "type":"int", "value": ` + string(maxInt32JSON) + `}`, - expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "int"}, Value: int32(math.MaxInt32)}, + json: `{ "name":"test", "type":"int32", "value": ` + string(maxInt32JSON) + `}`, + expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "int32"}, Value: int32(math.MaxInt32)}, }, { - name: "unsigned int arg", - json: `{ "name":"test", "type":"unsigned int", "value": ` + string(maxUint32JSON) + `}`, - expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "unsigned int"}, Value: uint32(math.MaxUint32)}, + name: "uint32 arg", + json: `{ "name":"test", "type":"uint32", "value": ` + string(maxUint32JSON) + `}`, + expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "uint32"}, Value: uint32(math.MaxUint32)}, }, { - name: "long arg", - json: `{ "name":"test", "type":"long", "value": ` + string(maxInt64JSON) + `}`, - expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "long"}, Value: int64(math.MaxInt64)}, + name: "int64 arg", + json: `{ "name":"test", "type":"int64", "value": ` + string(maxInt64JSON) + `}`, + expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "int64"}, Value: int64(math.MaxInt64)}, }, { - name: "unsigned long arg", - json: `{ "name":"test", "type":"unsigned long", "value": ` + string(maxUint64JSON) + `}`, - expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "unsigned long"}, Value: uint64(math.MaxUint64)}, + name: "uint64 arg", + json: `{ "name":"test", "type":"uint64", "value": ` + string(maxUint64JSON) + `}`, + expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "uint64"}, Value: uint64(math.MaxUint64)}, }, { name: "random_struct* arg", json: `{ "name":"test", "type":"random_struct*", "value": ` + string(maxUint64JSON) + `}`, - expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "random_struct*"}, Value: uint64(math.MaxUint64)}, + expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "random_struct*"}, Value: uintptr(math.MaxUint64)}, }, { name: "float arg", @@ -111,14 +111,14 @@ func TestArgumentUnmarshalJSON(t *testing.T) { expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "float64"}, Value: float64(math.MaxFloat64)}, }, { - name: "const char*const* arg", - json: `{ "name":"test", "type":"const char*const*", "value": [ "foo", "bar" ]}`, - expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "const char*const*"}, Value: []string{"foo", "bar"}}, + name: "[]string arg", + json: `{ "name":"test", "type":"[]string", "value": [ "foo", "bar" ]}`, + expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "[]string"}, Value: []string{"foo", "bar"}}, }, { - name: "const char*const* arg", - json: `{ "name":"test", "type":"const char*const*", "value": null}`, - expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "const char*const*"}, Value: nil}, + name: "[]string arg", + json: `{ "name":"test", "type":"[]string", "value": null}`, + expect: Argument{ArgMeta: ArgMeta{Name: "test", Type: "[]string"}, Value: nil}, }, { name: "err arg",