Ë fkãó—d„Zd„Zd„Zy)có0—|syd}|jd|«S)NzV static inline int _cgroup_filter() { return 0; } zå BPF_TABLE_PINNED("hash", u64, u64, cgroupset, 1024, "CGROUP_PATH"); static inline int _cgroup_filter() { u64 cgroupid = bpf_get_current_cgroup_id(); return cgroupset.lookup(&cgroupid) == NULL; } Ú CGROUP_PATH©Úreplace)Ú cgroupmapÚtexts ú0/usr/lib/python3/dist-packages/bcc/containers.pyÚ_cgroup_filter_func_writerr s$€Ù ð ð  €Dð <‰<˜  yÓ 1Ð1ócó0—|syd}|jd|«S)NzU static inline int _mntns_filter() { return 0; } aã #include #include #include /* see mountsnoop.py: * XXX: struct mnt_namespace is defined in fs/mount.h, which is private * to the VFS and not installed in any kernel-devel packages. So, let's * duplicate the important part of the definition. There are actually * more members in the real struct, but we don't need them, and they're * more likely to change. */ struct mnt_namespace { // This field was removed in https://github.com/torvalds/linux/commit/1a7b8969e664d6af328f00fe6eb7aabd61a71d13 #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 11, 0) atomic_t count; #endif struct ns_common ns; }; /* * To add mountsnoop support for --selector option, we need to call * filter_by_containers(). * This function adds code which defines struct mnt_namespace. * The problem is that this struct is also defined in mountsnoop BPF code. * To avoid redefining it in mountnsoop code, we define * MNT_NAMESPACE_DEFINED here. * Then, in mountsnoop code, the struct mnt_namespace definition is guarded * by: * #ifndef MNT_NAMESPACE_DEFINED * // ... * #endif */ #define MNT_NAMESPACE_DEFINED BPF_TABLE_PINNED("hash", u64, u32, mount_ns_set, 1024, "MOUNT_NS_PATH"); static inline int _mntns_filter() { struct task_struct *current_task; struct nsproxy *nsproxy; struct mnt_namespace *mnt_ns; unsigned int inum; u64 ns_id; current_task = (struct task_struct *)bpf_get_current_task(); if (bpf_probe_read_kernel(&nsproxy, sizeof(nsproxy), ¤t_task->nsproxy)) return 0; if (bpf_probe_read_kernel(&mnt_ns, sizeof(mnt_ns), &nsproxy->mnt_ns)) return 0; if (bpf_probe_read_kernel(&inum, sizeof(inum), &mnt_ns->ns.inum)) return 0; ns_id = (u64) inum; return mount_ns_set.lookup(&ns_id) == NULL; } Ú MOUNT_NS_PATHr)Úmntnsmaprs rÚ_mntns_filter_func_writerr"s%€Ù ð ð : €Dðx <‰<˜¨Ó 2Ð2r cój—d}t|j«}t|j«}||z|zS)Nzv static inline int container_should_be_filtered() { return _cgroup_filter() || _mntns_filter(); } )r rrr )ÚargsÚfilter_by_containers_textÚcgroupmap_textÚ mntnsmap_texts rÚfilter_by_containersrgs9€ð!Ðô 0°·±Ó?€NÜ-¨d¯m©mÓ<€Mà ˜MÑ )Ð,EÑ EÐEr N)r rr©r rúrsðò2ò&C3óJ Fr