cleanup: refactor submit event functions

A new event_args_t type is added to group together common arguments used
by all submit event functions. This reduces the number of arguments that
need to be passed into these functions and make it harder to make
mistakes in the ordering of the actual arguments.

Author: Molter73

fact-ebpf/src/bpf/events.h

@@ -12,120 +12,113 @@
 #include <bpf/bpf_helpers.h>
 // clang-format on
 
-__always_inline static void __submit_event(struct event_t* event,
-                                           struct metrics_by_hook_t* m,
-                                           file_activity_type_t event_type,
-                                           const char filename[PATH_MAX],
-                                           inode_key_t* inode,
-                                           inode_key_t* parent_inode,
-                                           bool use_bpf_d_path) {
-  event->type = event_type;
+struct event_args_t {
+  struct event_t* event;
+  struct metrics_by_hook_t* metrics;
+  const char* filename;
+  inode_key_t* inode;
+  inode_key_t parent_inode;
+  bool use_bpf_d_path;
+};
+
+__always_inline static void __submit_event(struct event_args_t* args) {
+  struct event_t* event = args->event;
   event->timestamp = bpf_ktime_get_boot_ns();
-  inode_copy_or_reset(&event->inode, inode);
-  inode_copy_or_reset(&event->parent_inode, parent_inode);
-  bpf_probe_read_str(event->filename, PATH_MAX, filename);
+  inode_copy_or_reset(&event->inode, args->inode);
+  inode_copy_or_reset(&event->parent_inode, &args->parent_inode);
+  bpf_probe_read_str(event->filename, PATH_MAX, args->filename);
 
   struct helper_t* helper = get_helper();
   if (helper == NULL) {
     goto error;
   }
 
-  int64_t err = process_fill(&event->process, use_bpf_d_path);
+  int64_t err = process_fill(&event->process, args->use_bpf_d_path);
   if (err) {
     bpf_printk("Failed to fill process information: %d", err);
     goto error;
   }
 
-  m->added++;
+  args->metrics->added++;
   bpf_ringbuf_submit(event, 0);
   return;
 
 error:
-  m->error++;
+  args->metrics->error++;
   bpf_ringbuf_discard(event, 0);
 }
 
-__always_inline static void submit_open_event(struct metrics_by_hook_t* m,
-                                              file_activity_type_t event_type,
-                                              const char filename[PATH_MAX],
-                                              inode_key_t* inode,
-                                              inode_key_t* parent_inode) {
-  struct event_t* event = bpf_ringbuf_reserve(&rb, sizeof(struct event_t), 0);
-  if (event == NULL) {
-    m->ringbuffer_full++;
+__always_inline static void submit_open_event(struct event_args_t* args,
+                                              file_activity_type_t event_type) {
+  args->event = bpf_ringbuf_reserve(&rb, sizeof(struct event_t), 0);
+  if (args->event == NULL) {
+    args->metrics->ringbuffer_full++;
     return;
   }
+  args->event->type = event_type;
 
-  __submit_event(event, m, event_type, filename, inode, parent_inode, true);
+  __submit_event(args);
 }
 
-__always_inline static void submit_unlink_event(struct metrics_by_hook_t* m,
-                                                const char filename[PATH_MAX],
-                                                inode_key_t* inode,
-                                                inode_key_t* parent_inode) {
-  struct event_t* event = bpf_ringbuf_reserve(&rb, sizeof(struct event_t), 0);
-  if (event == NULL) {
-    m->ringbuffer_full++;
+__always_inline static void submit_unlink_event(struct event_args_t* args) {
+  args->event = bpf_ringbuf_reserve(&rb, sizeof(struct event_t), 0);
+  if (args->event == NULL) {
+    args->metrics->ringbuffer_full++;
     return;
   }
+  args->event->type = FILE_ACTIVITY_UNLINK;
 
-  __submit_event(event, m, FILE_ACTIVITY_UNLINK, filename, inode, parent_inode, path_hooks_support_bpf_d_path);
+  __submit_event(args);
 }
 
-__always_inline static void submit_mode_event(struct metrics_by_hook_t* m,
-                                              const char filename[PATH_MAX],
-                                              inode_key_t* inode,
-                                              inode_key_t* parent_inode,
+__always_inline static void submit_mode_event(struct event_args_t* args,
                                               umode_t mode,
                                               umode_t old_mode) {
-  struct event_t* event = bpf_ringbuf_reserve(&rb, sizeof(struct event_t), 0);
-  if (event == NULL) {
-    m->ringbuffer_full++;
+  args->event = bpf_ringbuf_reserve(&rb, sizeof(struct event_t), 0);
+  if (args->event == NULL) {
+    args->metrics->ringbuffer_full++;
     return;
   }
 
-  event->chmod.new = mode;
-  event->chmod.old = old_mode;
+  args->event->type = FILE_ACTIVITY_CHMOD;
+  args->event->chmod.new = mode;
+  args->event->chmod.old = old_mode;
 
-  __submit_event(event, m, FILE_ACTIVITY_CHMOD, filename, inode, parent_inode, path_hooks_support_bpf_d_path);
+  __submit_event(args);
 }
 
-__always_inline static void submit_ownership_event(struct metrics_by_hook_t* m,
-                                                   const char filename[PATH_MAX],
-                                                   inode_key_t* inode,
-                                                   inode_key_t* parent_inode,
+__always_inline static void submit_ownership_event(struct event_args_t* args,
                                                    unsigned long long uid,
                                                    unsigned long long gid,
                                                    unsigned long long old_uid,
                                                    unsigned long long old_gid) {
-  struct event_t* event = bpf_ringbuf_reserve(&rb, sizeof(struct event_t), 0);
-  if (event == NULL) {
-    m->ringbuffer_full++;
+  args->event = bpf_ringbuf_reserve(&rb, sizeof(struct event_t), 0);
+  if (args->event == NULL) {
+    args->metrics->ringbuffer_full++;
     return;
   }
 
-  event->chown.new.uid = uid;
-  event->chown.new.gid = gid;
-  event->chown.old.uid = old_uid;
-  event->chown.old.gid = old_gid;
+  args->event->type = FILE_ACTIVITY_CHOWN;
+  args->event->chown.new.uid = uid;
+  args->event->chown.new.gid = gid;
+  args->event->chown.old.uid = old_uid;
+  args->event->chown.old.gid = old_gid;
 
-  __submit_event(event, m, FILE_ACTIVITY_CHOWN, filename, inode, parent_inode, path_hooks_support_bpf_d_path);
+  __submit_event(args);
 }
 
-__always_inline static void submit_rename_event(struct metrics_by_hook_t* m,
-                                                const char new_filename[PATH_MAX],
+__always_inline static void submit_rename_event(struct event_args_t* args,
                                                 const char old_filename[PATH_MAX],
-                                                inode_key_t* new_inode,
-                                                inode_key_t* old_inode,
-                                                inode_key_t* new_parent_inode) {
-  struct event_t* event = bpf_ringbuf_reserve(&rb, sizeof(struct event_t), 0);
-  if (event == NULL) {
-    m->ringbuffer_full++;
+                                                inode_key_t* old_inode) {
+  args->event = bpf_ringbuf_reserve(&rb, sizeof(struct event_t), 0);
+  if (args->event == NULL) {
+    args->metrics->ringbuffer_full++;
     return;
   }
 
-  bpf_probe_read_str(event->rename.old_filename, PATH_MAX, old_filename);
-  inode_copy_or_reset(&event->rename.old_inode, old_inode);
+  args->event->type = FILE_ACTIVITY_RENAME;
+  bpf_probe_read_str(args->event->rename.old_filename, PATH_MAX, old_filename);
+  inode_copy_or_reset(&args->event->rename.old_inode, old_inode);
 
-  __submit_event(event, m, FILE_ACTIVITY_RENAME, new_filename, new_inode, new_parent_inode, path_hooks_support_bpf_d_path);
+  __submit_event(args);
 }