diff --git a/observation/src/ttysnoop/ttysnoop.c b/observation/src/ttysnoop/ttysnoop.c index 27c85943ef31a870b3f7cb04393f81d4c4f06e3b..20d0e580c794814277411017619f35c97cff0812 100644 --- a/observation/src/ttysnoop/ttysnoop.c +++ b/observation/src/ttysnoop/ttysnoop.c @@ -107,6 +107,11 @@ static int libbpf_print_fn(enum libbpf_print_level level, const char *format, return vfprintf(stderr, format, args); } +static void sig_handler(int sig) +{ + exiting = 1; +} + static int handle_event(void *ctx, void *data, size_t data_sz) { const struct event *e = data; @@ -209,7 +214,7 @@ int main(int argc, char *argv[]) err = argp_parse(&argp, argc, argv, 0, NULL, NULL); if (err) return err; - + if (!bpf_is_root()) return 1; @@ -221,16 +226,16 @@ int main(int argc, char *argv[]) new_tty_write = tty_write_is_newly(); libbpf_set_print(libbpf_print_fn); - + obj = ttysnoop_bpf__open_opts(&open_opts); if (!obj) { warning("Failed to open BPF object\n"); return 1; } - obj->rodata->user_data_count = env.count; + obj->rodata->user_data_count = env.count; obj->rodata->pts_inode = env.pts_inode; - + buf = bpf_buffer__new(obj->maps.events, obj->maps.heap); if (!buf) { warning("Failed to create ring/perf buffer: %s\n", strerror(errno)); @@ -243,7 +248,7 @@ int main(int argc, char *argv[]) else bpf_program__set_autoload(obj->progs.kprobe__tty_write_new, false); - err = ttysnoop_bpf__load(obj); + err = ttysnoop_bpf__load(obj); if (err) { warning("Failed to load BPF object: %d\n", err); goto cleanup; @@ -270,10 +275,33 @@ int main(int argc, char *argv[]) goto cleanup; } + if (signal(SIGINT, sig_handler) == SIG_ERR) { + warning("Can't set signal handler: %s\n", strerror(errno)); + err = 1; + goto cleanup; + } + + if (env.clear_screen) + system("clear"); + + while (!exiting) { + err = bpf_buffer__poll(buf, POLL_TIMEOUT_MS); + if (err < 0 && err != -EINTR) { + warning("Error polling ring/perf buffer: %d\n", err); + break; + } + /* reset err to 0 when exiting */ + err = 0; + } + cleanup: bpf_buffer__free(buf); ttysnoop_bpf__destroy(obj); cleanup_core_btf(&open_opts); + if (fd > 0) + close(fd); + return err != 0; } +