Helper function bpf_get_current_comm

v4.2

Definition

Copyright (c) 2015 The Libbpf Authors. All rights reserved.

Copy the comm attribute of the current task into buf of size_of_buf. The comm attribute contains the name of the executable (excluding the path) for the current task. The size_of_buf must be strictly positive. On success, the helper makes sure that the buf is NUL-terminated. On failure, it is filled with zeroes.

Returns

0 on success, or a negative error in case of failure.

static long (* const bpf_get_current_comm)(void *buf, __u32 size_of_buf) = (void *) 16;

Usage

Docs could be improved

This part of the docs is incomplete, contributions are very welcome

Program types

This helper call can be used in the following program types:

• BPF_PROG_TYPE_CGROUP_SOCK
• BPF_PROG_TYPE_CGROUP_SOCK_ADDR
• BPF_PROG_TYPE_KPROBE
• BPF_PROG_TYPE_LSM
• BPF_PROG_TYPE_PERF_EVENT
• BPF_PROG_TYPE_RAW_TRACEPOINT
• BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE
• BPF_PROG_TYPE_SYSCALL
• BPF_PROG_TYPE_TRACEPOINT
• BPF_PROG_TYPE_TRACING

Example

#include <vmlinux.h>
#include <bpf/bpf_helpers.h>

SEC("tp/syscalls/sys_enter_open")
int sys_open_trace(void *ctx) {
  // TASK_COMM_LEN is defined in vmlinux.h
  char comm[TASK_COMM_LEN];
  if (bpf_get_current_comm(comm, TASK_COMM_LEN)) {
    bpf_printk("Failed to get comm\n");
    return 0;
  }
  bpf_printk("Hello from %s\n", comm);
  return 0;
}