tracee icon indicating copy to clipboard operation
tracee copied to clipboard

Published 20 hours ago verified publisher icon aquasecurity

fix(events): fix ftrace_hook

Open OriGlassman opened this issue 1 year ago • 1 comments

1. Explain what the PR does

We need to count how many ftrace based hooks will be placed on each symbol. eventsState may contain duplicate events due to dependencies. To get the real count, we consider the program name and the prob type. Furthermore, added logic that addresses the situation where there may be multiple k[ret]probes from a single probe request (due to multiple symbols at different locations).

2. Explain how to test it

./tracee -e=ftrace_hook

3. Other comments

OriGlassman avatar Feb 22 '24 16:02 OriGlassman

@OriGlassman I have this PR https://github.com/aquasecurity/tracee/pull/3848 related to Events States. I think it's worth taking a look just to catch on upcoming changes.

geyslan avatar Feb 23 '24 12:02 geyslan