kernel_explainer/
syscalls.rs

1// Syscall name → plain English; x86_64 number → name for /proc/<pid>/syscall.
2//
3// This is a small curated set focused on the most common syscalls users are
4// likely to see in `/proc/<pid>/syscall` or tracing output.
5
6/// Returns the syscall name for x86_64 syscall number, or `None` if unknown.
7#[cfg(target_arch = "x86_64")]
8pub fn syscall_name_x86_64(num: u64) -> Option<&'static str> {
9    Some(match num {
10        0 => "read",
11        1 => "write",
12        2 => "open",
13        3 => "close",
14        9 => "mmap",
15        11 => "munmap",
16        23 => "nanosleep",
17        59 => "execve",
18        57 => "fork",
19        58 => "vfork",
20        61 => "wait4",
21        202 => "futex",
22        228 => "clone",
23        232 => "epoll_wait",
24        270 => "poll",
25        293 => "accept4",
26        288 => "accept",
27        42 => "connect",
28        44 => "sendto",
29        45 => "recvfrom",
30        46 => "sendmsg",
31        47 => "recvmsg",
32        257 => "openat",
33        326 => "execveat",
34        494 => "pselect6",
35        525 => "io_uring_enter",
36        40 => "sendfile",
37        10 => "mprotect",
38        12 => "brk",
39        274 => "ppoll",
40        _ => return None,
41    })
42}
43
44#[cfg(not(target_arch = "x86_64"))]
45pub fn syscall_name_x86_64(_num: u64) -> Option<&'static str> {
46    None
47}
48
49pub fn syscall_description(name: &str) -> &'static str {
50    match name {
51        "epoll_wait" | "epoll_pwait" => "Waiting for I/O events (network or file activity)",
52        "select" | "pselect6" => "Waiting for readiness on multiple file descriptors",
53        "poll" | "ppoll" => "Polling file descriptors for events",
54        "read" | "pread64" => "Reading data from a file or socket",
55        "write" | "pwrite64" => "Writing data to a file or socket",
56        "recvfrom" | "recvmsg" => "Receiving data from a socket",
57        "sendto" | "sendmsg" => "Sending data to a socket",
58        "accept" | "accept4" => "Accepting a new incoming network connection",
59        "connect" => "Establishing a new outgoing network connection",
60        "open" | "openat" => "Opening a file or device",
61        "close" => "Closing a file descriptor",
62        "futex" => "Synchronising threads (futex wait/wake)",
63        "nanosleep" | "clock_nanosleep" => "Sleeping for a specified duration",
64        "mmap" | "mmap2" => "Mapping files or anonymous memory into the process",
65        "munmap" => "Unmapping a memory region",
66        "clone" | "clone3" => "Creating a new thread or process",
67        "fork" | "vfork" => "Creating a new process",
68        "execve" | "execveat" => "Executing a new program image",
69        "wait4" | "waitid" => "Waiting for child process status changes",
70        "sendfile" => "Transferring file data directly between descriptors",
71        "io_uring_enter" => "Submitting or waiting for async I/O via io_uring",
72        "brk" | "mprotect" => "Managing the process heap or memory protections",
73        _ => "System call",
74    }
75}
kernel_explainer/syscalls.rs

kernel_explainer/
syscalls.rs
