nd_syscalls.stp: Probe sys_accept4 for kernel 2.6.28+.

Since 2.6.28 sys_accept is chained through sys_accept4. Probe
sys_accept4 only for newer kernels to not miss some accept
syscalls. Don't probe both or we will get double hits.

diff --git a/tapset/nd_syscalls.stp b/tapset/nd_syscalls.stp
index f2cebe6e52663d7f9bbde86153c18a1ac84b6375..75201c652b2d2fbc3bb7abad81640623ad12a3e2 100644 (file)
--- a/tapset/nd_syscalls.stp
+++ b/tapset/nd_syscalls.stp
@@ -34,7 +34,11 @@
 # accept _____________________________________________________
 # long sys_accept(int fd, struct sockaddr __user *upeer_sockaddr,
 #                 int __user *upeer_addrlen)
+%( kernel_v >= "2.6.28" %?
+probe nd_syscall.accept = kprobe.function("sys_accept4") ?
+%:
 probe nd_syscall.accept = kprobe.function("sys_accept") ?
+%)
 {
        name = "accept"
        // sockfd = $fd
@@ -54,7 +58,11 @@ probe nd_syscall.accept = kprobe.function("sys_accept") ?
        argstr = sprintf("%d, %p, %p, %s", sockfd, addr_uaddr, addrlen_uaddr,
                         flags_str)
 }
+%( kernel_v >= "2.6.28" %?
+probe nd_syscall.accept.return = kprobe.function("sys_accept4").return ?
+%:
 probe nd_syscall.accept.return = kprobe.function("sys_accept").return ?
+%)
 {
        name = "accept"
        retstr = returnstr(1)