// Copyright (C) 2018 Marko Myllynen <myllynen@redhat.com>
// Licensed under the Apache License, Version 2.0 (the "License")

#include <linux/sched.h>

struct key_t {
    char comm[TASK_COMM_LEN];
};

BPF_HASH(stats, struct key_t, u64, 16384);

int trace_execve(struct pt_regs *ctx)
{
    u64 zero = 0, *val;
    struct key_t key = {};
    bpf_get_current_comm(&key.comm, sizeof(key.comm));
    val = stats.lookup_or_init(&key, &zero);
    if (val) {
        (*val)++;
    }
    return 0;
}