Helper function bpf_get_current_pid_tgid
Definition
Copyright (c) 2015 The Libbpf Authors. All rights reserved.
Get the current pid and tgid.
Returns
A 64-bit integer containing the current tgid and pid, and created as such: current_task->tgid << 32 | current_task->pid.
static __u64 (* const bpf_get_current_pid_tgid)(void) = (void *) 14;
Usage
The bpf_get_current_pid_tgid helper function returns a 64-bit value containing the current task's PID in the lower 32 bits and TGID (thread group ID) in the upper 32 bits. This helper allows eBPF programs to identify the process and its thread group, which is useful for tracking individual threads or entire processes, enforcing thread-specific policies.
Program types
This helper call can be used in the following program types:
BPF_PROG_TYPE_CGROUP_DEVICEv6.10BPF_PROG_TYPE_CGROUP_SKBv6.10BPF_PROG_TYPE_CGROUP_SOCKBPF_PROG_TYPE_CGROUP_SOCKOPTv6.10BPF_PROG_TYPE_CGROUP_SOCK_ADDRBPF_PROG_TYPE_CGROUP_SYSCTLv6.10BPF_PROG_TYPE_FLOW_DISSECTORv6.10BPF_PROG_TYPE_KPROBEBPF_PROG_TYPE_LSMBPF_PROG_TYPE_LWT_INv6.10BPF_PROG_TYPE_LWT_OUTv6.10BPF_PROG_TYPE_LWT_SEG6LOCALv6.10BPF_PROG_TYPE_LWT_XMITv6.10BPF_PROG_TYPE_NETFILTERv6.10BPF_PROG_TYPE_PERF_EVENTBPF_PROG_TYPE_RAW_TRACEPOINTBPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLEBPF_PROG_TYPE_SCHED_ACTv6.10BPF_PROG_TYPE_SCHED_CLSv6.10BPF_PROG_TYPE_SK_LOOKUPv6.10BPF_PROG_TYPE_SK_MSGBPF_PROG_TYPE_SK_REUSEPORTv6.10BPF_PROG_TYPE_SK_SKBv6.10BPF_PROG_TYPE_SOCKET_FILTERv6.10BPF_PROG_TYPE_SOCK_OPSv6.10BPF_PROG_TYPE_STRUCT_OPSv6.10BPF_PROG_TYPE_SYSCALLBPF_PROG_TYPE_TRACEPOINTBPF_PROG_TYPE_TRACINGBPF_PROG_TYPE_XDPv6.10
Example
#include <vmlinux.h>
#include <bpf/bpf_helpers.h>
SEC("tp/syscalls/sys_enter_open")
int sys_open_trace(void *ctx) {
__u64 pid_tgid = bpf_get_current_pid_tgid();
__u32 pid = pid_tgid >> 32;
__u32 tgid = pid_tgid & 0xFFFFFFFF;
bpf_printk("Hello from PID %u, TGID %u\n", pid, tgid);
return 0;
}