tqbf/gist:b65d08d68f67d2fa976319f6512893a5 Secret

## gistfile1.txt
// /sys/fs/bpf/tc/globals/perf_map
// records traces from BPF, using the snapshot_* functions, read by userland tcpdump-style;
// note this is implicitly per-CPU (the "size" of the perf map is the max number of CPUs)
DECLARE_GLOBAL_MAP(perf_map, BPF_MAP_TYPE_PERF_EVENT_ARRAY, sizeof(int), sizeof(u_int32_t), 8);

kfn void
_snapshot(int type, void *ctx, u_char *sp, void *ep, u_int16_t len) {
  u_int64_t flags = BPF_F_CURRENT_CPU;

  struct perf_meta_packet meta =
    {
     .magic = PP_MAGIC,
     .type = type,
     .flags = 0,
     .len = (u_int16_t)((u_char *)ep - sp),
    };

  if(len == 0) {
    len = meta.len;
  }

  if(len > meta.len) {
    len = meta.len;
  }

  flags |= (u_int64_t)len << 32;

  perf_event_output(ctx, &perf_map, flags, &meta, sizeof(meta));
}
	// /sys/fs/bpf/tc/globals/perf_map
	// records traces from BPF, using the snapshot_* functions, read by userland tcpdump-style;
	// note this is implicitly per-CPU (the "size" of the perf map is the max number of CPUs)
	DECLARE_GLOBAL_MAP(perf_map, BPF_MAP_TYPE_PERF_EVENT_ARRAY, sizeof(int), sizeof(u_int32_t), 8);

	kfn void
	_snapshot(int type, void ctx, u_char sp, void *ep, u_int16_t len) {
	u_int64_t flags = BPF_F_CURRENT_CPU;

	struct perf_meta_packet meta =
	{
	.magic = PP_MAGIC,
	.type = type,
	.flags = 0,
	.len = (u_int16_t)((u_char *)ep - sp),
	};

	if(len == 0) {
	len = meta.len;
	}

	if(len > meta.len) {
	len = meta.len;
	}

	flags \|= (u_int64_t)len << 32;

	perf_event_output(ctx, &perf_map, flags, &meta, sizeof(meta));
	}