kernel-explainer 1.0.0

Kernel event and scheduling explanation library for the Peek process intelligence tool
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

// Syscall name → plain English; x86_64 number → name for /proc/<pid>/syscall.
//
// This is a small curated set focused on the most common syscalls users are
// likely to see in `/proc/<pid>/syscall` or tracing output.

/// Returns the syscall name for x86_64 syscall number, or `None` if unknown.
#[cfg(target_arch = "x86_64")]
pub fn syscall_name_x86_64(num: u64) -> Option<&'static str> {
    Some(match num {
        0 => "read",
        1 => "write",
        2 => "open",
        3 => "close",
        9 => "mmap",
        11 => "munmap",
        23 => "nanosleep",
        59 => "execve",
        57 => "fork",
        58 => "vfork",
        61 => "wait4",
        202 => "futex",
        228 => "clone",
        232 => "epoll_wait",
        270 => "poll",
        293 => "accept4",
        288 => "accept",
        42 => "connect",
        44 => "sendto",
        45 => "recvfrom",
        46 => "sendmsg",
        47 => "recvmsg",
        257 => "openat",
        326 => "execveat",
        494 => "pselect6",
        525 => "io_uring_enter",
        40 => "sendfile",
        10 => "mprotect",
        12 => "brk",
        274 => "ppoll",
        _ => return None,
    })
}

#[cfg(not(target_arch = "x86_64"))]
pub fn syscall_name_x86_64(_num: u64) -> Option<&'static str> {
    None
}

pub fn syscall_description(name: &str) -> &'static str {
    match name {
        "epoll_wait" | "epoll_pwait" => "Waiting for I/O events (network or file activity)",
        "select" | "pselect6" => "Waiting for readiness on multiple file descriptors",
        "poll" | "ppoll" => "Polling file descriptors for events",
        "read" | "pread64" => "Reading data from a file or socket",
        "write" | "pwrite64" => "Writing data to a file or socket",
        "recvfrom" | "recvmsg" => "Receiving data from a socket",
        "sendto" | "sendmsg" => "Sending data to a socket",
        "accept" | "accept4" => "Accepting a new incoming network connection",
        "connect" => "Establishing a new outgoing network connection",
        "open" | "openat" => "Opening a file or device",
        "close" => "Closing a file descriptor",
        "futex" => "Synchronising threads (futex wait/wake)",
        "nanosleep" | "clock_nanosleep" => "Sleeping for a specified duration",
        "mmap" | "mmap2" => "Mapping files or anonymous memory into the process",
        "munmap" => "Unmapping a memory region",
        "clone" | "clone3" => "Creating a new thread or process",
        "fork" | "vfork" => "Creating a new process",
        "execve" | "execveat" => "Executing a new program image",
        "wait4" | "waitid" => "Waiting for child process status changes",
        "sendfile" => "Transferring file data directly between descriptors",
        "io_uring_enter" => "Submitting or waiting for async I/O via io_uring",
        "brk" | "mprotect" => "Managing the process heap or memory protections",
        _ => "System call",
    }
}