From 1d8941667906dced913a308c9a39fd055ac5186f Mon Sep 17 00:00:00 2001
From: Santo Cariotti <santo@dcariotti.me>
Date: Mon, 16 Oct 2023 22:41:38 +0200
Subject: Filter sys calls

---
 src/cli.rs       | 6 +++++-
 src/registers.rs | 9 +++++++--
 src/trace.rs     | 8 ++++++++
 src/ui.rs        | 7 +++++++
 4 files changed, 27 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/cli.rs b/src/cli.rs
index 685b26f..7ee5307 100644
--- a/src/cli.rs
+++ b/src/cli.rs
@@ -12,8 +12,12 @@ pub struct Args {
     #[arg(short = 'p', long)]
     pub attach: Option<i32>,
 
+    /// Show only defined sys calls. Multi values separated by comma `,`
+    #[arg(short = 'f', long)]
+    pub filter: Option<String>,
+
     /// Write the output to a file instead of the standard output
-    #[arg(short = 'f', long = "file")]
+    #[arg(long = "file")]
     pub file_to_print: Option<String>,
 
     /// If defined, it hides the TUI
diff --git a/src/registers.rs b/src/registers.rs
index ec2e12c..5832bc5 100644
--- a/src/registers.rs
+++ b/src/registers.rs
@@ -40,12 +40,17 @@ impl RegistersData {
         self.timestamp.format("%+").to_string()
     }
 
+    /// Return the rax name as syscall name
+    pub fn rax(&self) -> &str {
+        syscall_name(self.orig_rax)
+    }
+
     /// Returns a good string which shows the output for a line
     pub fn output(&self) -> String {
         format!(
             "[{}]: {}({:x}, {:x}, {:x}, ...) = {:x}",
             self.date(),
-            syscall_name(self.orig_rax).bold(),
+            self.rax().bold(),
             self.rdi,
             self.rsi,
             self.rdx,
@@ -58,7 +63,7 @@ impl RegistersData {
         Line::from(vec![
             Span::raw(format!("[{}]: ", self.date())),
             Span::styled(
-                format!("{}", syscall_name(self.orig_rax)),
+                format!("{}", self.rax()),
                 Style::default().add_modifier(Modifier::BOLD),
             ),
             Span::raw(format!(
diff --git a/src/trace.rs b/src/trace.rs
index cbb52c3..2341394 100644
--- a/src/trace.rs
+++ b/src/trace.rs
@@ -59,9 +59,17 @@ pub fn trace(pid: Pid, args: &Args) -> anyhow::Result<Vec<RegistersData>> {
     // because it could be equals except for the `rax` register.
     let mut have_to_print = true;
 
+    let filters: Vec<&str> = match &args.filter {
+        Some(filter) => filter.split(",").collect::<Vec<&str>>(),
+        None => vec![],
+    };
     while let Some(reg) = trace_next(pid)? {
         have_to_print ^= true;
         if have_to_print {
+            if !filters.is_empty() && !filters.contains(&reg.rax()) {
+                continue;
+            }
+
             if let Some(ref mut f) = f {
                 writeln!(f, "{}", reg.output())?;
             }
diff --git a/src/ui.rs b/src/ui.rs
index cf8078f..081802f 100644
--- a/src/ui.rs
+++ b/src/ui.rs
@@ -76,11 +76,18 @@ impl UI {
             _ = waitpid(pid, None)?;
         }
 
+        let filters: Vec<&str> = match &args.filter {
+            Some(filter) => filter.split(",").collect::<Vec<&str>>(),
+            None => vec![],
+        };
         while !should_quit {
             if have_to_trace {
                 if let Some(reg) = trace_next(pid)? {
                     have_to_print ^= true;
                     if have_to_print {
+                        if !filters.is_empty() && !filters.contains(&reg.rax()) {
+                            continue;
+                        }
                         self.add_line(reg);
                     }
                 } else {
-- 
cgit v1.2.3-18-g5258