feat: change bash line size to 256 bytes

gojue · May 4, 2022 · 595292d · 595292d
1 parent 06d50a8
commit 595292d
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 4 deletions.
diff --git a/kern/bash_kern.c b/kern/bash_kern.c
@@ -2,7 +2,7 @@
 
 struct event {
     u32 pid;
-    u8 line[80];
+    u8 line[MAX_DATA_SIZE_BASH];
     u32 retval;
     char comm[TASK_COMM_LEN];
 };
@@ -60,4 +60,4 @@ int uretprobe_bash_retval(struct pt_regs *ctx){
                          sizeof(struct event)); 
     }
     return 0;
-}
+}
diff --git a/kern/common.h b/kern/common.h
@@ -15,6 +15,7 @@
 #define MAX_DATA_SIZE_OPENSSL 1024 * 4
 #define MAX_DATA_SIZE_MYSQL 256
 #define MAX_DATA_SIZE_POSTGRES 256
+#define MAX_DATA_SIZE_BASH 256
 
 // enum_server_command, via
 // https://dev.mysql.com/doc/internals/en/com-query.html COM_QUERT command 03
@@ -35,4 +36,4 @@ const volatile u64 target_pid = 0;
 char __license[] SEC("license") = "Dual MIT/GPL";
 __u32 _version SEC("version") = 0xFFFFFFFE;
 
-#endif
+#endif
diff --git a/user/event_bash.go b/user/event_bash.go
@@ -8,10 +8,19 @@ import (
 	"golang.org/x/sys/unix"
 )
 
+/*
+ u32 pid;
+ u8 line[MAX_DATE_SIZE_BASH];
+ u32 retval;
+ char comm[TASK_COMM_LEN];
+*/
+
+const MAX_DATA_SIZE_BASH = 256
+
 type bashEvent struct {
 	module IModule
 	Pid    uint32
-	Line   [80]uint8
+	Line   [MAX_DATA_SIZE_BASH]uint8
 	Retval uint32
 	Comm   [16]byte
 }