From dec3ba29a4a631cd35ca2d4ad65741ee72850b08 Mon Sep 17 00:00:00 2001
From: jxy_git <jiangxinyu@kylinos.cn>
Date: Wed, 21 Jun 2023 16:22:43 +0800
Subject: [PATCH] Store and retrieve data and record related information

---
 observation/src/filesnoop/filesnoop.bpf.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/observation/src/filesnoop/filesnoop.bpf.c b/observation/src/filesnoop/filesnoop.bpf.c
index 479f0cf7..cfce8645 100644
--- a/observation/src/filesnoop/filesnoop.bpf.c
+++ b/observation/src/filesnoop/filesnoop.bpf.c
@@ -31,3 +31,24 @@ struct print_value {
 	struct key_t key;
 	struct fsfilename *filename;
 };
+
+struct {
+	__uint(type, BPF_MAP_TYPE_HASH);
+	__uint(max_entries, MAX_ENTRIES);
+	__type(key, struct key_t);
+	__type(value, struct fsfilename);
+} files SEC(".maps");
+
+struct {
+	__uint(type, BPF_MAP_TYPE_HASH);
+	__uint(max_entries, MAX_ENTRIES);
+	__type(key, pid_t);
+	__type(value, struct fsfilename);
+} opens SEC(".maps");
+
+struct {
+	__uint(type, BPF_MAP_TYPE_HASH);
+	__uint(max_entries, MAX_ENTRIES);
+	__type(key, pid_t);
+	__type(value, struct print_value);
+} prints SEC(".maps");
-- 
Gitee