From f7332c93c1946e219c7cbfe55ae563b4c0adce1c Mon Sep 17 00:00:00 2001
From: jxy_git <jiangxinyu@kylinos.cn>
Date: Wed, 21 Jun 2023 19:02:37 +0800
Subject: [PATCH] Filter the files to be monitored according to target_op

---
 observation/src/filesnoop/filesnoop.bpf.c | 32 +++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/observation/src/filesnoop/filesnoop.bpf.c b/observation/src/filesnoop/filesnoop.bpf.c
index 2d79190d..f70c9c2c 100644
--- a/observation/src/filesnoop/filesnoop.bpf.c
+++ b/observation/src/filesnoop/filesnoop.bpf.c
@@ -66,3 +66,35 @@ static __always_inline bool filename_matched(const char *filename)
 
 	return true;
 }
+
+/* Filter target operation */
+static __always_inline bool is_target_operation(enum file_op op)
+{
+	switch (target_op) {
+	case F_READ:
+	case F_READV:
+		return op == F_READ || op == F_READV;
+	case F_WRITE:
+	case F_WRITEV:
+		return op == F_WRITE || op == F_WRITEV;
+	case F_OPEN:
+	case F_OPENAT:
+	case F_OPENAT2:
+		return op == F_OPEN || op == F_OPENAT || op == F_OPENAT2;
+	case F_STATX:
+	case F_FSTATFS:
+	case F_NEWFSTAT:
+		return op == F_STATX || op == F_FSTATFS || op == F_NEWFSTAT;
+	case F_RENAMEAT:
+	case F_RENAMEAT2:
+		return op == F_RENAMEAT || op == F_RENAMEAT2;
+	case F_UNLINKAT:
+		return op == F_UNLINKAT;
+	case F_CLOSE:
+		return op == F_CLOSE;
+	case F_UTIMENSAT:
+		return op == F_UTIMENSAT;
+	}
+
+	return true;
+}
-- 
Gitee