From 344e6e12e10e7ca535c116d6df335a3200352563 Mon Sep 17 00:00:00 2001
From: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
Date: Tue, 14 Jan 2025 17:44:43 +0100
Subject: [PATCH] feat: add events dimensions file generator in modern probe

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
---
 .clang-format-ignore                          |   2 +
 driver/modern_bpf/CMakeLists.txt              |  28 +-
 .../definitions/events_dimensions.h           | 411 +++++++++---------
 .../definitions/generator/generator.cpp       | 234 ++++++++++
 .../attached/dispatchers/syscall_exit.bpf.c   |   4 +-
 .../attached/events/sched_switch.bpf.c        |   2 +-
 .../attached/events/signal_deliver.bpf.c      |   2 +-
 .../syscall_dispatched_events/generic.bpf.c   |   4 +-
 .../syscall_dispatched_events/pread64.bpf.c   |   2 +-
 .../syscall_dispatched_events/prlimit64.bpf.c |   4 +-
 .../syscall_dispatched_events/pwrite64.bpf.c  |   2 +-
 11 files changed, 471 insertions(+), 224 deletions(-)
 create mode 100644 driver/modern_bpf/definitions/generator/generator.cpp

diff --git a/.clang-format-ignore b/.clang-format-ignore
index b5ffeafaf2..0cdd0a0e97 100644
--- a/.clang-format-ignore
+++ b/.clang-format-ignore
@@ -3,6 +3,8 @@ driver/modern_bpf/definitions/aarch64/vmlinux.h
 driver/modern_bpf/definitions/ppc64le/vmlinux.h
 driver/modern_bpf/definitions/s390x/vmlinux.h
 driver/modern_bpf/definitions/x86_64/vmlinux.h
+# Autogenerated events dimensions file for modern probe is not formatted
+driver/modern_bpf/definitions/events_dimensions.h
 # All syscall_compat autogenerated headers are not formatted
 driver/syscall_compat_aarch64.h
 driver/syscall_compat_loongarch64.h
diff --git a/driver/modern_bpf/CMakeLists.txt b/driver/modern_bpf/CMakeLists.txt
index 24fd6beb95..4cde3588c1 100644
--- a/driver/modern_bpf/CMakeLists.txt
+++ b/driver/modern_bpf/CMakeLists.txt
@@ -256,6 +256,32 @@ file(GLOB_RECURSE BPF_H_FILES ${CMAKE_CURRENT_SOURCE_DIR}/*.h)
 # Search all bpf.c files
 file(GLOB_RECURSE BPF_C_FILES ${CMAKE_CURRENT_SOURCE_DIR}/*.bpf.c)
 
+# ##################################################################################################
+# Generate the events dimensions file generator executable.
+# ##################################################################################################
+
+add_executable(
+	events_dimensions_generator ${CMAKE_CURRENT_SOURCE_DIR}/definitions/generator/generator.cpp
+)
+target_link_libraries(events_dimensions_generator PRIVATE scap_event_schema)
+add_dependencies(events_dimensions_generator scap_event_schema)
+
+# ##################################################################################################
+# Generate the events dimensions file.
+# ##################################################################################################
+
+set(BPF_EVENTS_DIMENSIONS_FILE ${CMAKE_CURRENT_SOURCE_DIR}/definitions/events_dimensions.h)
+add_custom_command(
+	OUTPUT ${BPF_EVENTS_DIMENSIONS_FILE}
+	COMMAND events_dimensions_generator ${BPF_EVENTS_DIMENSIONS_FILE}
+	VERBATIM
+	DEPENDS events_dimensions_generator ${CMAKE_CURRENT_SOURCE_DIR}/../event_table.c
+	COMMENT
+		"${MODERN_BPF_LOG_PREFIX} Building events dimensions file: ${BPF_EVENTS_DIMENSIONS_FILE}"
+)
+
+add_custom_target(EventsDimensions ALL DEPENDS ${BPF_EVENTS_DIMENSIONS_FILE})
+
 # ##################################################################################################
 # Generate an `bpf.o` file for every `bpf.c`
 # ##################################################################################################
@@ -278,7 +304,7 @@ foreach(BPF_C_FILE ${BPF_C_FILES})
 				${BPF_O_FILE}
 		VERBATIM
 		DEPENDS lbpf
-		DEPENDS ${BPF_C_FILE} ${BPF_H_FILES}
+		DEPENDS ${BPF_C_FILE} ${BPF_H_FILES} EventsDimensions
 		COMMENT "${MODERN_BPF_LOG_PREFIX} Building BPF object: ${BPF_O_FILE}"
 	)
 
diff --git a/driver/modern_bpf/definitions/events_dimensions.h b/driver/modern_bpf/definitions/events_dimensions.h
index c046b31191..992feff8ed 100644
--- a/driver/modern_bpf/definitions/events_dimensions.h
+++ b/driver/modern_bpf/definitions/events_dimensions.h
@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: GPL-2.0-only OR MIT
 /*
- * Copyright (C) 2023 The Falco Authors.
+ * Copyright (C) 2025 The Falco Authors.
  *
  * This file is dual licensed under either the MIT or GPL 2. See MIT.txt
  * or GPL2.txt for full copies of the license.
@@ -21,243 +21,239 @@
 /// want to touch scap tables.
 
 /* Syscall events */
-#define GENERIC_E_SIZE HEADER_LEN + sizeof(uint16_t) * 2 + PARAM_LEN * 2
-#define GENERIC_X_SIZE HEADER_LEN + sizeof(uint16_t) + PARAM_LEN
-#define GETCWD_E_SIZE HEADER_LEN
-#define GETDENTS_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define GETDENTS_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define GETDENTS64_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define GETDENTS64_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define EPOLL_WAIT_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define EPOLL_WAIT_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define GETPEERNAME_E_SIZE HEADER_LEN
-#define GETPEERNAME_X_SIZE HEADER_LEN
-#define GETSOCKNAME_E_SIZE HEADER_LEN
-#define GETSOCKNAME_X_SIZE HEADER_LEN
-#define MKDIR_E_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
-#define MMAP_E_SIZE \
-	HEADER_LEN + sizeof(uint64_t) * 3 + sizeof(int64_t) + sizeof(uint32_t) * 2 + PARAM_LEN * 6
-#define MMAP_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) * 3 + PARAM_LEN * 4
-#define MUNMAP_E_SIZE HEADER_LEN + sizeof(uint64_t) * 2 + PARAM_LEN * 2
-#define MUNMAP_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) * 3 + PARAM_LEN * 4
-#define OPEN_BY_HANDLE_AT_E_SIZE HEADER_LEN
+#define SYSCALL_E_SIZE HEADER_LEN + sizeof(uint16_t) * 2 + PARAM_LEN * 2
+#define SYSCALL_X_SIZE HEADER_LEN + sizeof(uint16_t) + PARAM_LEN
 #define CLOSE_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
 #define CLOSE_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define COPY_FILE_RANGE_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint64_t) * 2 + PARAM_LEN * 3
-#define COPY_FILE_RANGE_X_SIZE HEADER_LEN + sizeof(int64_t) * 2 + sizeof(uint64_t) + PARAM_LEN * 3
-#define DUP_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define DUP_X_SIZE HEADER_LEN + sizeof(int64_t) * 2 + PARAM_LEN * 2
-#define DUP2_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define DUP2_X_SIZE HEADER_LEN + sizeof(int64_t) * 3 + PARAM_LEN * 3
-#define DUP3_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define DUP3_X_SIZE HEADER_LEN + sizeof(int64_t) * 3 + sizeof(uint32_t) + PARAM_LEN * 4
+#define READ_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + PARAM_LEN * 2
+#define WRITE_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + PARAM_LEN * 2
+#define SOCKET_E_SIZE HEADER_LEN + sizeof(uint32_t) * 3 + PARAM_LEN * 3
+#define SOCKET_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) * 3 + PARAM_LEN * 4
+#define BIND_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define LISTEN_E_SIZE HEADER_LEN + sizeof(int32_t) + sizeof(int64_t) + PARAM_LEN * 2
+#define LISTEN_X_SIZE HEADER_LEN + sizeof(int32_t) + sizeof(int64_t) * 2 + PARAM_LEN * 3
+#define SEND_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + PARAM_LEN * 2
+#define RECV_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + PARAM_LEN * 2
+#define RECVFROM_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + PARAM_LEN * 2
+#define SHUTDOWN_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint8_t) + PARAM_LEN * 2
+#define SHUTDOWN_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define GETSOCKNAME_E_SIZE HEADER_LEN
+#define GETSOCKNAME_X_SIZE HEADER_LEN
+#define GETPEERNAME_E_SIZE HEADER_LEN
+#define GETPEERNAME_X_SIZE HEADER_LEN
+#define SOCKETPAIR_E_SIZE HEADER_LEN + sizeof(uint32_t) * 3 + PARAM_LEN * 3
+#define SOCKETPAIR_X_SIZE HEADER_LEN + sizeof(int64_t) * 3 + sizeof(uint64_t) * 2 + PARAM_LEN * 5
+#define SETSOCKOPT_E_SIZE HEADER_LEN
+#define GETSOCKOPT_E_SIZE HEADER_LEN
+#define SENDMMSG_E_SIZE HEADER_LEN
+#define RECVMSG_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define RECVMMSG_E_SIZE HEADER_LEN
+#define PIPE_E_SIZE HEADER_LEN
+#define PIPE_X_SIZE HEADER_LEN + sizeof(int64_t) * 3 + sizeof(uint64_t) + PARAM_LEN * 4
+#define EVENTFD_E_SIZE HEADER_LEN + sizeof(uint32_t) + sizeof(uint64_t) + PARAM_LEN * 2
+#define EVENTFD_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define FUTEX_E_SIZE HEADER_LEN + sizeof(uint16_t) + sizeof(uint64_t) * 2 + PARAM_LEN * 3
+#define FUTEX_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define STAT_E_SIZE HEADER_LEN
+#define LSTAT_E_SIZE HEADER_LEN
+#define FSTAT_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define FSTAT_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define STAT64_E_SIZE HEADER_LEN
+#define LSTAT64_E_SIZE HEADER_LEN
+#define FSTAT64_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define FSTAT64_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define EPOLL_WAIT_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define EPOLL_WAIT_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define SELECT_E_SIZE HEADER_LEN
+#define SELECT_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define LSEEK_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint64_t) + sizeof(uint8_t) + PARAM_LEN * 3
+#define LSEEK_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define LLSEEK_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint64_t) + sizeof(uint8_t) + PARAM_LEN * 3
+#define LLSEEK_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define GETCWD_E_SIZE HEADER_LEN
 #define CHDIR_E_SIZE HEADER_LEN
-#define CHMOD_E_SIZE HEADER_LEN
-#define CHOWN_E_SIZE HEADER_LEN
-#define LCHOWN_E_SIZE HEADER_LEN
-#define CHROOT_E_SIZE HEADER_LEN
 #define FCHDIR_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
 #define FCHDIR_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define FCHMOD_E_SIZE HEADER_LEN
-#define FCHMOD_X_SIZE HEADER_LEN + sizeof(int64_t) * 2 + sizeof(uint32_t) + PARAM_LEN * 3
-#define FCHMODAT_E_SIZE HEADER_LEN
-#define FCHOWN_E_SIZE HEADER_LEN
-#define FCHOWN_X_SIZE HEADER_LEN + sizeof(int64_t) * 2 + sizeof(uint32_t) * 2 + PARAM_LEN * 4
-#define FCHOWNAT_E_SIZE HEADER_LEN
-#define MKDIRAT_E_SIZE HEADER_LEN
-#define RMDIR_E_SIZE HEADER_LEN
-#define EVENTFD_E_SIZE HEADER_LEN + sizeof(uint64_t) + sizeof(uint32_t) + PARAM_LEN * 2
-#define EVENTFD_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define INOTIFY_INIT_E_SIZE HEADER_LEN + sizeof(uint8_t) + PARAM_LEN
-#define INOTIFY_INIT_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define TIMERFD_CREATE_E_SIZE HEADER_LEN + sizeof(uint8_t) * 2 + PARAM_LEN * 2
-#define TIMERFD_CREATE_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define USERFAULTFD_E_SIZE HEADER_LEN
-#define USERFAULTFD_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + PARAM_LEN * 2
-#define SIGNALFD_E_SIZE \
-	HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + sizeof(uint8_t) + PARAM_LEN * 3
+#define PREAD_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + sizeof(uint64_t) + PARAM_LEN * 3
+#define PWRITE_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + sizeof(uint64_t) + PARAM_LEN * 3
+#define READV_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define WRITEV_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + PARAM_LEN * 2
+#define PREADV_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint64_t) + PARAM_LEN * 2
+#define PWRITEV_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + sizeof(uint64_t) + PARAM_LEN * 3
+#define SIGNALFD_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + sizeof(uint8_t) + PARAM_LEN * 3
 #define SIGNALFD_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
 #define KILL_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint8_t) + PARAM_LEN * 2
 #define KILL_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define TGKILL_E_SIZE HEADER_LEN + sizeof(int64_t) * 2 + sizeof(uint8_t) + PARAM_LEN * 3
-#define TGKILL_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
 #define TKILL_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint8_t) + PARAM_LEN * 2
 #define TKILL_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define SECCOMP_E_SIZE HEADER_LEN + sizeof(uint64_t) * 2 + PARAM_LEN * 2
-#define SECCOMP_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define TGKILL_E_SIZE HEADER_LEN + sizeof(int64_t) * 2 + sizeof(uint8_t) + PARAM_LEN * 3
+#define TGKILL_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define NANOSLEEP_E_SIZE HEADER_LEN + sizeof(uint64_t) + PARAM_LEN
+#define NANOSLEEP_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define TIMERFD_CREATE_E_SIZE HEADER_LEN + sizeof(uint8_t) * 2 + PARAM_LEN * 2
+#define TIMERFD_CREATE_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define INOTIFY_INIT_E_SIZE HEADER_LEN + sizeof(uint8_t) + PARAM_LEN
+#define INOTIFY_INIT_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define GETRLIMIT_E_SIZE HEADER_LEN + sizeof(uint8_t) + PARAM_LEN
+#define GETRLIMIT_X_SIZE HEADER_LEN + sizeof(int64_t) * 3 + PARAM_LEN * 3
+#define SETRLIMIT_E_SIZE HEADER_LEN + sizeof(uint8_t) + PARAM_LEN
+#define SETRLIMIT_X_SIZE HEADER_LEN + sizeof(int64_t) * 3 + sizeof(uint8_t) + PARAM_LEN * 4
+#define PRLIMIT_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint8_t) + PARAM_LEN * 2
+#define PRLIMIT_X_SIZE HEADER_LEN + sizeof(int64_t) * 6 + sizeof(uint8_t) + PARAM_LEN * 7
+#define DROP_E_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
+#define DROP_X_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
+#define FCNTL_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint8_t) + PARAM_LEN * 2
+#define FCNTL_X_SIZE HEADER_LEN + sizeof(int64_t) * 2 + sizeof(uint8_t) + PARAM_LEN * 3
+#define SWITCH_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) * 3 + sizeof(uint64_t) * 2 + PARAM_LEN * 6
+#define BRK_E_SIZE HEADER_LEN + sizeof(uint64_t) + PARAM_LEN
+#define BRK_X_SIZE HEADER_LEN + sizeof(uint32_t) * 3 + sizeof(uint64_t) + PARAM_LEN * 4
+#define MMAP_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) * 2 + sizeof(uint64_t) * 3 + PARAM_LEN * 6
+#define MMAP_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) * 3 + PARAM_LEN * 4
+#define MMAP2_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) * 2 + sizeof(uint64_t) * 3 + PARAM_LEN * 6
+#define MMAP2_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) * 3 + PARAM_LEN * 4
+#define MUNMAP_E_SIZE HEADER_LEN + sizeof(uint64_t) * 2 + PARAM_LEN * 2
+#define MUNMAP_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) * 3 + PARAM_LEN * 4
+#define SPLICE_E_SIZE HEADER_LEN + sizeof(int64_t) * 2 + sizeof(uint32_t) + sizeof(uint64_t) + PARAM_LEN * 4
+#define SPLICE_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
 #define PTRACE_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint16_t) + PARAM_LEN * 2
-#define CAPSET_E_SIZE HEADER_LEN
-#define CAPSET_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint64_t) * 3 + PARAM_LEN * 4
-#define SOCKET_E_SIZE HEADER_LEN + sizeof(uint32_t) * 3 + PARAM_LEN * 3
-#define SOCKET_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) * 3 + PARAM_LEN * 4
-#define SOCKETPAIR_E_SIZE HEADER_LEN + sizeof(uint32_t) * 3 + PARAM_LEN * 3
-#define SOCKETPAIR_X_SIZE HEADER_LEN + sizeof(int64_t) * 3 + sizeof(uint64_t) * 2 + PARAM_LEN * 5
-#define ACCEPT_E_SIZE HEADER_LEN
-#define ACCEPT4_E_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
-#define BIND_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define LISTEN_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(int32_t) + PARAM_LEN * 2
-#define LISTEN_X_SIZE HEADER_LEN + sizeof(int64_t) * 2 + sizeof(int32_t) + PARAM_LEN * 3
-#define CLONE_E_SIZE HEADER_LEN
-#define CLONE3_E_SIZE HEADER_LEN
-#define FORK_E_SIZE HEADER_LEN
-#define VFORK_E_SIZE HEADER_LEN
-#define RENAME_E_SIZE HEADER_LEN
-#define RENAMEAT_E_SIZE HEADER_LEN
-#define RENAMEAT2_E_SIZE HEADER_LEN
-#define PIPE_E_SIZE HEADER_LEN
-#define PIPE_X_SIZE HEADER_LEN + sizeof(int64_t) * 3 + sizeof(uint64_t) + PARAM_LEN * 4
-#define BPF_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define BPF_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(int32_t) + PARAM_LEN * 2
-#define FLOCK_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + PARAM_LEN * 2
-#define FLOCK_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
 #define IOCTL_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint64_t) * 2 + PARAM_LEN * 3
 #define IOCTL_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define QUOTACTL_E_SIZE \
-	HEADER_LEN + sizeof(uint16_t) + sizeof(uint8_t) * 2 + sizeof(uint32_t) + PARAM_LEN * 4
-#define UNSHARE_E_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
-#define UNSHARE_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define MOUNT_E_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
-#define UMOUNT2_E_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
-#define UMOUNT_E_SIZE HEADER_LEN
-#define LINK_E_SIZE HEADER_LEN
-#define LINKAT_E_SIZE HEADER_LEN
+#define RENAME_E_SIZE HEADER_LEN
+#define RENAMEAT_E_SIZE HEADER_LEN
 #define SYMLINK_E_SIZE HEADER_LEN
 #define SYMLINKAT_E_SIZE HEADER_LEN
-#define UNLINK_E_SIZE HEADER_LEN
-#define UNLINKAT_E_SIZE HEADER_LEN
-#define SETGID_E_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
-#define SETGID_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define SETUID_E_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
-#define SETUID_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define SETNS_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + PARAM_LEN * 2
-#define SETNS_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define SETPGID_E_SIZE HEADER_LEN + sizeof(int64_t) * 2 + PARAM_LEN * 2
-#define SETPGID_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define SETRESGID_E_SIZE HEADER_LEN + sizeof(uint32_t) * 3 + PARAM_LEN * 3
-#define SETRESGID_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define PROCEXIT_SIZE HEADER_LEN + sizeof(int64_t) * 3 + sizeof(uint8_t) * 2 + PARAM_LEN * 5
+#define SENDFILE_E_SIZE HEADER_LEN + sizeof(int64_t) * 2 + sizeof(uint64_t) * 2 + PARAM_LEN * 4
+#define SENDFILE_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint64_t) + PARAM_LEN * 2
+#define QUOTACTL_E_SIZE HEADER_LEN + sizeof(uint16_t) + sizeof(uint32_t) + sizeof(uint8_t) * 2 + PARAM_LEN * 4
 #define SETRESUID_E_SIZE HEADER_LEN + sizeof(uint32_t) * 3 + PARAM_LEN * 3
 #define SETRESUID_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define SETSID_E_SIZE HEADER_LEN
-#define SETSID_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define SETRLIMIT_E_SIZE HEADER_LEN + sizeof(uint8_t) + PARAM_LEN
-#define SETRLIMIT_X_SIZE HEADER_LEN + sizeof(int64_t) * 3 + sizeof(uint8_t) + PARAM_LEN * 4
-#define PRLIMIT64_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint8_t) + PARAM_LEN * 2
-#define PRLIMIT64_X_SIZE HEADER_LEN + sizeof(int64_t) * 6 + sizeof(uint8_t) + PARAM_LEN * 7
-#define GETSOCKOPT_E_SIZE HEADER_LEN
-#define SETSOCKOPT_E_SIZE HEADER_LEN
-#define RECVMSG_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define READV_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define PREADV_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint64_t) + PARAM_LEN * 2
-#define PREAD64_E_SIZE \
-	HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + sizeof(uint64_t) + PARAM_LEN * 3
-#define RECVFROM_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + PARAM_LEN * 2
-#define FCNTL_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint8_t) + PARAM_LEN * 2
-#define FCNTL_X_SIZE \
-	HEADER_LEN + sizeof(int64_t) + sizeof(int64_t) + sizeof(uint8_t) + PARAM_LEN * 3
-#define SHUTDOWN_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint8_t) + PARAM_LEN * 2
-#define SHUTDOWN_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define FSCONFIG_E_SIZE HEADER_LEN
-#define EPOLL_CREATE_E_SIZE HEADER_LEN + sizeof(int32_t) + PARAM_LEN
-#define EPOLL_CREATE_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define EPOLL_CREATE1_E_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
-#define EPOLL_CREATE1_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define ACCESS_E_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
-#define MPROTECT_E_SIZE HEADER_LEN + sizeof(uint64_t) * 2 + sizeof(uint32_t) + PARAM_LEN * 3
-#define MPROTECT_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define SETRESGID_E_SIZE HEADER_LEN + sizeof(uint32_t) * 3 + PARAM_LEN * 3
+#define SETRESGID_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define SCAPEVENT_E_SIZE HEADER_LEN + sizeof(uint32_t) + sizeof(uint64_t) + PARAM_LEN * 2
+#define SCAPEVENT_X_SIZE HEADER_LEN
+#define SETUID_E_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
+#define SETUID_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define SETGID_E_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
+#define SETGID_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
 #define GETUID_E_SIZE HEADER_LEN
 #define GETUID_X_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
-#define GETGID_E_SIZE HEADER_LEN
-#define GETGID_X_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
 #define GETEUID_E_SIZE HEADER_LEN
 #define GETEUID_X_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
+#define GETGID_E_SIZE HEADER_LEN
+#define GETGID_X_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
 #define GETEGID_E_SIZE HEADER_LEN
 #define GETEGID_X_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
+#define GETRESUID_E_SIZE HEADER_LEN
+#define GETRESUID_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) * 3 + PARAM_LEN * 4
+#define GETRESGID_E_SIZE HEADER_LEN
+#define GETRESGID_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) * 3 + PARAM_LEN * 4
+#define CLONE_E_SIZE HEADER_LEN
+#define FORK_E_SIZE HEADER_LEN
+#define VFORK_E_SIZE HEADER_LEN
+#define SIGNALDELIVER_SIZE HEADER_LEN + sizeof(int64_t) * 2 + sizeof(uint8_t) + PARAM_LEN * 3
+#define PROCINFO_E_SIZE HEADER_LEN + sizeof(uint64_t) * 2 + PARAM_LEN * 2
+#define GETDENTS_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define GETDENTS_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define GETDENTS64_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define GETDENTS64_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define SETNS_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + PARAM_LEN * 2
+#define SETNS_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define FLOCK_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + PARAM_LEN * 2
+#define FLOCK_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define CPU_HOTPLUG_E_SIZE HEADER_LEN + sizeof(uint32_t) * 2 + PARAM_LEN * 2
+#define ACCEPT_E_SIZE HEADER_LEN
+#define SEMOP_E_SIZE HEADER_LEN + sizeof(int32_t) + PARAM_LEN
+#define SEMOP_X_SIZE HEADER_LEN + sizeof(int16_t) * 2 + sizeof(int64_t) + sizeof(uint16_t) * 4 + sizeof(uint32_t) + PARAM_LEN * 8
+#define SEMCTL_E_SIZE HEADER_LEN + sizeof(int32_t) * 3 + sizeof(uint16_t) + PARAM_LEN * 4
+#define SEMCTL_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define MOUNT_E_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
+#define SEMGET_E_SIZE HEADER_LEN + sizeof(int32_t) * 2 + sizeof(uint32_t) + PARAM_LEN * 3
+#define SEMGET_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define ACCESS_E_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
+#define CHROOT_E_SIZE HEADER_LEN
+#define SETSID_E_SIZE HEADER_LEN
+#define SETSID_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define MKDIR_E_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
+#define RMDIR_E_SIZE HEADER_LEN
+#define UNSHARE_E_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
+#define UNSHARE_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define PAGE_FAULT_SIZE HEADER_LEN + sizeof(uint32_t) + sizeof(uint64_t) * 2 + PARAM_LEN * 3
+#define SETPGID_E_SIZE HEADER_LEN + sizeof(int64_t) * 2 + PARAM_LEN * 2
+#define SETPGID_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define SECCOMP_E_SIZE HEADER_LEN + sizeof(uint64_t) * 2 + PARAM_LEN * 2
+#define SECCOMP_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define UNLINK_E_SIZE HEADER_LEN
+#define UNLINKAT_E_SIZE HEADER_LEN
+#define MKDIRAT_E_SIZE HEADER_LEN
+#define LINK_E_SIZE HEADER_LEN
+#define LINKAT_E_SIZE HEADER_LEN
+#define FCHMODAT_E_SIZE HEADER_LEN
+#define CHMOD_E_SIZE HEADER_LEN
+#define FCHMOD_E_SIZE HEADER_LEN
+#define FCHMOD_X_SIZE HEADER_LEN + sizeof(int64_t) * 2 + sizeof(uint32_t) + PARAM_LEN * 3
+#define RENAMEAT2_E_SIZE HEADER_LEN
+#define USERFAULTFD_E_SIZE HEADER_LEN
+#define USERFAULTFD_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + PARAM_LEN * 2
+#define MPROTECT_E_SIZE HEADER_LEN + sizeof(uint32_t) + sizeof(uint64_t) * 2 + PARAM_LEN * 3
+#define MPROTECT_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define COPY_FILE_RANGE_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint64_t) * 2 + PARAM_LEN * 3
+#define COPY_FILE_RANGE_X_SIZE HEADER_LEN + sizeof(int64_t) * 2 + sizeof(uint64_t) + PARAM_LEN * 3
+#define CLONE3_E_SIZE HEADER_LEN
+#define OPEN_BY_HANDLE_AT_E_SIZE HEADER_LEN
+#define IO_URING_SETUP_E_SIZE HEADER_LEN
+#define IO_URING_SETUP_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) * 7 + PARAM_LEN * 8
+#define IO_URING_ENTER_E_SIZE HEADER_LEN
+#define IO_URING_ENTER_X_SIZE HEADER_LEN + sizeof(int64_t) * 2 + sizeof(uint32_t) * 4 + PARAM_LEN * 6
+#define IO_URING_REGISTER_E_SIZE HEADER_LEN
+#define IO_URING_REGISTER_X_SIZE HEADER_LEN + sizeof(int64_t) * 2 + sizeof(uint16_t) + sizeof(uint32_t) + sizeof(uint64_t) + PARAM_LEN * 5
 #define MLOCK_E_SIZE HEADER_LEN
 #define MLOCK_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint64_t) * 2 + PARAM_LEN * 3
-#define MLOCK2_E_SIZE HEADER_LEN
-#define MLOCK2_X_SIZE \
-	HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + sizeof(uint64_t) * 2 + PARAM_LEN * 4
 #define MUNLOCK_E_SIZE HEADER_LEN
 #define MUNLOCK_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint64_t) * 2 + PARAM_LEN * 3
 #define MLOCKALL_E_SIZE HEADER_LEN
 #define MLOCKALL_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + PARAM_LEN * 2
 #define MUNLOCKALL_E_SIZE HEADER_LEN
 #define MUNLOCKALL_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define READ_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + PARAM_LEN * 2
-#define IO_URING_ENTER_E_SIZE HEADER_LEN
-#define IO_URING_ENTER_X_SIZE \
-	HEADER_LEN + sizeof(int64_t) * 2 + sizeof(uint32_t) * 4 + PARAM_LEN * 6
-#define IO_URING_REGISTER_E_SIZE HEADER_LEN
-#define IO_URING_REGISTER_X_SIZE                                                                \
-	HEADER_LEN + sizeof(int64_t) * 2 + sizeof(uint16_t) + sizeof(uint64_t) + sizeof(uint32_t) + \
-	        PARAM_LEN * 5
-#define IO_URING_SETUP_E_SIZE HEADER_LEN
-#define IO_URING_SETUP_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) * 7 + PARAM_LEN * 8
-#define MMAP2_E_SIZE \
-	HEADER_LEN + sizeof(uint64_t) * 3 + sizeof(int64_t) + sizeof(uint32_t) * 2 + PARAM_LEN * 6
-#define MMAP2_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) * 3 + PARAM_LEN * 4
-#define SEMGET_E_SIZE HEADER_LEN + sizeof(int32_t) * 2 + sizeof(uint32_t) + PARAM_LEN * 3
-#define SEMGET_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define SEMCTL_E_SIZE HEADER_LEN + sizeof(int32_t) * 3 + sizeof(uint16_t) + PARAM_LEN * 4
-#define SEMCTL_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define SELECT_E_SIZE HEADER_LEN
-#define SELECT_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define SPLICE_E_SIZE \
-	HEADER_LEN + sizeof(int64_t) * 2 + sizeof(uint64_t) + sizeof(uint32_t) + PARAM_LEN * 4
-#define SPLICE_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define RECVMMSG_E_SIZE HEADER_LEN
-#define SENDMMSG_E_SIZE HEADER_LEN
-#define SEMOP_E_SIZE HEADER_LEN + sizeof(int32_t) + PARAM_LEN
-#define SEMOP_X_SIZE                                                                               \
-	HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + sizeof(uint16_t) * 4 + sizeof(int16_t) * 2 + \
-	        PARAM_LEN * 8
-#define GETRESUID_E_SIZE HEADER_LEN
-#define GETRESUID_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) * 3 + PARAM_LEN * 4
-#define SENDFILE_E_SIZE HEADER_LEN + sizeof(int64_t) * 2 + sizeof(uint64_t) * 2 + PARAM_LEN * 4
-#define SENDFILE_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint64_t) + PARAM_LEN * 2
-#define FUTEX_E_SIZE HEADER_LEN + sizeof(uint64_t) * 2 + sizeof(uint16_t) + PARAM_LEN * 3
-#define FUTEX_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define STAT_E_SIZE HEADER_LEN
-#define LSTAT_E_SIZE HEADER_LEN
-#define FSTAT_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define FSTAT_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define LSEEK_E_SIZE \
-	HEADER_LEN + sizeof(int64_t) + sizeof(uint64_t) + sizeof(uint8_t) + 3 * PARAM_LEN
-#define LSEEK_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define LLSEEK_E_SIZE \
-	HEADER_LEN + sizeof(int64_t) + sizeof(uint64_t) + sizeof(uint8_t) + 3 * PARAM_LEN
-#define LLSEEK_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
-#define WRITE_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + PARAM_LEN * 2
-#define WRITEV_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + PARAM_LEN * 2
-#define PWRITEV_E_SIZE \
-	HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + sizeof(uint64_t) + PARAM_LEN * 3
-#define PWRITE64_E_SIZE \
-	HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + sizeof(uint64_t) + PARAM_LEN * 3
-#define GETRESGID_E_SIZE HEADER_LEN
-#define GETRESGID_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) * 3 + PARAM_LEN * 4
-#define BRK_E_SIZE HEADER_LEN + sizeof(uint64_t) + PARAM_LEN
-#define BRK_X_SIZE HEADER_LEN + sizeof(uint64_t) + sizeof(uint32_t) * 3 + PARAM_LEN * 4
-#define GETRLIMIT_E_SIZE HEADER_LEN + sizeof(uint8_t) + PARAM_LEN
-#define GETRLIMIT_X_SIZE HEADER_LEN + sizeof(int64_t) * 3 + PARAM_LEN * 3
-#define SEND_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + PARAM_LEN * 2
-#define RECV_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + PARAM_LEN * 2
-#define NANOSLEEP_E_SIZE HEADER_LEN + sizeof(uint64_t) + PARAM_LEN
-#define NANOSLEEP_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define CAPSET_E_SIZE HEADER_LEN
+#define CAPSET_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint64_t) * 3 + PARAM_LEN * 4
+#define DUP2_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define DUP2_X_SIZE HEADER_LEN + sizeof(int64_t) * 3 + PARAM_LEN * 3
+#define DUP3_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define DUP3_X_SIZE HEADER_LEN + sizeof(int64_t) * 3 + sizeof(uint32_t) + PARAM_LEN * 4
+#define DUP_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define DUP_X_SIZE HEADER_LEN + sizeof(int64_t) * 2 + PARAM_LEN * 2
+#define BPF_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define BPF_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + PARAM_LEN * 2
+#define MLOCK2_E_SIZE HEADER_LEN
+#define MLOCK2_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + sizeof(uint64_t) * 2 + PARAM_LEN * 4
+#define FSCONFIG_E_SIZE HEADER_LEN
+#define EPOLL_CREATE_E_SIZE HEADER_LEN + sizeof(int32_t) + PARAM_LEN
+#define EPOLL_CREATE_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define EPOLL_CREATE1_E_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
+#define EPOLL_CREATE1_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN
+#define CHOWN_E_SIZE HEADER_LEN
+#define LCHOWN_E_SIZE HEADER_LEN
+#define FCHOWN_E_SIZE HEADER_LEN
+#define FCHOWN_X_SIZE HEADER_LEN + sizeof(int64_t) * 2 + sizeof(uint32_t) * 2 + PARAM_LEN * 4
+#define FCHOWNAT_E_SIZE HEADER_LEN
+#define UMOUNT_E_SIZE HEADER_LEN
+#define ACCEPT4_E_SIZE HEADER_LEN + sizeof(int32_t) + PARAM_LEN
+#define UMOUNT2_E_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
 #define PIPE2_E_SIZE HEADER_LEN
-#define PIPE2_X_SIZE \
-	HEADER_LEN + sizeof(int64_t) * 3 + sizeof(uint64_t) + sizeof(uint32_t) + PARAM_LEN * 5
+#define PIPE2_X_SIZE HEADER_LEN + sizeof(int64_t) * 3 + sizeof(uint32_t) + sizeof(uint64_t) + PARAM_LEN * 5
 #define INOTIFY_INIT1_E_SIZE HEADER_LEN
-#define INOTIFY_INIT1_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint16_t) + 2 * PARAM_LEN
+#define INOTIFY_INIT1_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint16_t) + PARAM_LEN * 2
 #define EVENTFD2_E_SIZE HEADER_LEN + sizeof(uint64_t) + PARAM_LEN
-#define EVENTFD2_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint16_t) + 2 * PARAM_LEN
-#define SIGNALFD4_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + 2 * PARAM_LEN
-#define SIGNALFD4_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint16_t) + 2 * PARAM_LEN
+#define EVENTFD2_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint16_t) + PARAM_LEN * 2
+#define SIGNALFD4_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + PARAM_LEN * 2
+#define SIGNALFD4_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint16_t) + PARAM_LEN * 2
 #define PRCTL_E_SIZE HEADER_LEN
 #define MEMFD_CREATE_E_SIZE HEADER_LEN
 #define PIDFD_GETFD_E_SIZE HEADER_LEN
-#define PIDFD_GETFD_X_SIZE HEADER_LEN + sizeof(int64_t) * 3 + sizeof(uint32_t) + 4 * PARAM_LEN
+#define PIDFD_GETFD_X_SIZE HEADER_LEN + sizeof(int64_t) * 3 + sizeof(uint32_t) + PARAM_LEN * 4
 #define PIDFD_OPEN_E_SIZE HEADER_LEN
-#define PIDFD_OPEN_X_SIZE HEADER_LEN + sizeof(int64_t) * 2 + sizeof(uint32_t) + 3 * PARAM_LEN
+#define PIDFD_OPEN_X_SIZE HEADER_LEN + sizeof(int64_t) * 2 + sizeof(uint32_t) + PARAM_LEN * 3
 #define INIT_MODULE_E_SIZE HEADER_LEN
 #define FINIT_MODULE_E_SIZE HEADER_LEN
 #define MKNOD_E_SIZE HEADER_LEN
@@ -267,19 +263,8 @@
 #define PROCESS_VM_WRITEV_E_SIZE HEADER_LEN
 #define DELETE_MODULE_E_SIZE HEADER_LEN
 #define SETREUID_E_SIZE HEADER_LEN
-#define SETREUID_X_SIZE HEADER_LEN + sizeof(uint32_t) * 2 + sizeof(int64_t) + 3 * PARAM_LEN
+#define SETREUID_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) * 2 + PARAM_LEN * 3
 #define SETREGID_E_SIZE HEADER_LEN
-#define SETREGID_X_SIZE HEADER_LEN + sizeof(uint32_t) * 2 + sizeof(int64_t) + 3 * PARAM_LEN
-
-/* Generic tracepoints events. */
-#define SCHED_SWITCH_SIZE \
-	HEADER_LEN + sizeof(int64_t) + sizeof(uint64_t) * 2 + sizeof(uint32_t) * 3 + PARAM_LEN * 6
-#define PAGE_FAULT_SIZE HEADER_LEN + sizeof(uint64_t) * 2 + sizeof(uint32_t) + PARAM_LEN * 3
-#define SIGNAL_DELIVER_SIZE HEADER_LEN + sizeof(int64_t) * 2 + sizeof(uint8_t) + PARAM_LEN * 3
-
-/* Special internal events */
-#define DROP_E_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
-#define DROP_X_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN
-#define HOTPLUG_E_SIZE HEADER_LEN + sizeof(uint32_t) * 2 + PARAM_LEN * 2
+#define SETREGID_X_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) * 2 + PARAM_LEN * 3
 
 #endif /* __EVENT_DIMENSIONS_H__ */
diff --git a/driver/modern_bpf/definitions/generator/generator.cpp b/driver/modern_bpf/definitions/generator/generator.cpp
new file mode 100644
index 0000000000..4e143431f6
--- /dev/null
+++ b/driver/modern_bpf/definitions/generator/generator.cpp
@@ -0,0 +1,234 @@
+#include <functional>
+#include <iostream>
+#include <map>
+#include <sstream>
+#include <fstream>
+#include <algorithm>
+
+#include "driver/ppm_events_public.h"
+
+extern const struct ppm_event_info g_event_info[];
+
+auto PREFACE = R"(// SPDX-License-Identifier: GPL-2.0-only OR MIT
+/*
+ * Copyright (C) 2025 The Falco Authors.
+ *
+ * This file is dual licensed under either the MIT or GPL 2. See MIT.txt
+ * or GPL2.txt for full copies of the license.
+ */
+
+#ifndef __EVENT_DIMENSIONS_H__
+#define __EVENT_DIMENSIONS_H__
+
+#include "vmlinux.h"
+
+/* Here we have all the dimensions for fixed-size events.
+ */
+
+#define PARAM_LEN 2
+#define HEADER_LEN sizeof(struct ppm_evt_hdr)
+
+/// TODO: We have to move these in the event_table.c. Right now we don't
+/// want to touch scap tables.
+
+/* Syscall events */
+)";
+
+auto POSTFACE = R"(
+#endif /* __EVENT_DIMENSIONS_H__ */
+)";
+
+// Use the following macro to get the stringified version of the C expression retrieving the type
+// size (e.g.: SIZE_OF_EXPR(uint8_t) is resolved in "sizeof(uint8_t)").
+#define SIZE_OF_EXPR(type) SIZE_OF_EXPR_##type
+
+// Generate the "sizeof" stringified expression for the listed types. New handled types must be
+// appended to the list.
+#define SIZE_OF_EXPR_DECL_LIST_GEN(FN) \
+	FN(int8_t)                         \
+	FN(int16_t)                        \
+	FN(int32_t)                        \
+	FN(int64_t)                        \
+	FN(uint8_t)                        \
+	FN(uint16_t)                       \
+	FN(uint32_t)                       \
+	FN(uint64_t)
+#define SIZE_OF_EXPR_DECL(type) char SIZE_OF_EXPR(type)[] = "sizeof(" #type ")";
+SIZE_OF_EXPR_DECL_LIST_GEN(SIZE_OF_EXPR_DECL)
+#undef SIZE_OF_EXPR_DECL
+#undef SIZE_OF_EXPR_DECL_LIST_GEN
+
+// Special expressions denoting variable size or unused parameter types.
+char SIZE_OF_EXPR_VARIABLE_SIZE[] = "<variable_size>", SIZE_OF_EXPR_UNUSED[] = "<unused>";
+
+// Table containing the mapping between parameter types and the corresponding stringified "sizeof"
+// expression.
+std::map<long long, char *> type_to_size_expr{
+        {PT_NONE, SIZE_OF_EXPR_UNUSED},
+        {PT_INT8, SIZE_OF_EXPR(int8_t)},
+        {PT_INT16, SIZE_OF_EXPR(int16_t)},
+        {PT_INT32, SIZE_OF_EXPR(int32_t)},
+        {PT_INT64, SIZE_OF_EXPR(int64_t)},
+        {PT_UINT8, SIZE_OF_EXPR(uint8_t)},
+        {PT_UINT16, SIZE_OF_EXPR(uint16_t)},
+        {PT_UINT32, SIZE_OF_EXPR(uint32_t)},
+        {PT_UINT64, SIZE_OF_EXPR(uint64_t)},
+        {PT_CHARBUF, SIZE_OF_EXPR_VARIABLE_SIZE},
+        {PT_BYTEBUF, SIZE_OF_EXPR_VARIABLE_SIZE},
+        {PT_ERRNO, SIZE_OF_EXPR(int64_t)},
+        {PT_SOCKADDR, SIZE_OF_EXPR_VARIABLE_SIZE},
+        {PT_SOCKTUPLE, SIZE_OF_EXPR_VARIABLE_SIZE},
+        {PT_FD, SIZE_OF_EXPR(int64_t)},
+        {PT_PID, SIZE_OF_EXPR(int64_t)},
+        {PT_FDLIST, SIZE_OF_EXPR_VARIABLE_SIZE},
+        {PT_FSPATH, SIZE_OF_EXPR_VARIABLE_SIZE},
+        {PT_SYSCALLID, SIZE_OF_EXPR(uint16_t)},
+        {PT_SIGTYPE, SIZE_OF_EXPR(uint8_t)},
+        {PT_RELTIME, SIZE_OF_EXPR(uint64_t)},
+        {PT_ABSTIME, SIZE_OF_EXPR(uint64_t)},
+        {PT_PORT, SIZE_OF_EXPR_UNUSED},
+        {PT_L4PROTO, SIZE_OF_EXPR_UNUSED},
+        {PT_SOCKFAMILY, SIZE_OF_EXPR_UNUSED},
+        {PT_BOOL, SIZE_OF_EXPR_UNUSED},
+        {PT_IPV4ADDR, SIZE_OF_EXPR_UNUSED},
+        {PT_DYN, SIZE_OF_EXPR_VARIABLE_SIZE},
+        {PT_FLAGS8, SIZE_OF_EXPR(uint8_t)},
+        {PT_FLAGS16, SIZE_OF_EXPR(uint16_t)},
+        {PT_FLAGS32, SIZE_OF_EXPR(uint32_t)},
+        {PT_UID, SIZE_OF_EXPR(uint32_t)},
+        {PT_GID, SIZE_OF_EXPR(uint32_t)},
+        {PT_DOUBLE, SIZE_OF_EXPR_UNUSED},
+        {PT_SIGSET, SIZE_OF_EXPR(uint32_t)},
+        {PT_CHARBUFARRAY, SIZE_OF_EXPR_VARIABLE_SIZE},
+        {PT_CHARBUF_PAIR_ARRAY, SIZE_OF_EXPR_VARIABLE_SIZE},
+        {PT_IPV4NET, SIZE_OF_EXPR_UNUSED},
+        {PT_IPV6ADDR, SIZE_OF_EXPR_UNUSED},
+        {PT_IPV6NET, SIZE_OF_EXPR_UNUSED},
+        {PT_IPADDR, SIZE_OF_EXPR_UNUSED},
+        {PT_IPNET, SIZE_OF_EXPR_UNUSED},
+        {PT_MODE, SIZE_OF_EXPR(uint32_t)},
+        {PT_FSRELPATH, SIZE_OF_EXPR_VARIABLE_SIZE},
+        {PT_ENUMFLAGS8, SIZE_OF_EXPR(uint8_t)},
+        {PT_ENUMFLAGS16, SIZE_OF_EXPR(uint16_t)},
+        {PT_ENUMFLAGS32, SIZE_OF_EXPR(uint32_t)},
+};
+
+// is_fixed_size_event determines if the provided event has a fixed size or not.
+bool is_fixed_size_event(struct ppm_event_info const *const evt) {
+	for(uint32_t i = 0; i < evt->nparams; i++) {
+		auto &param = evt->params[i];
+		auto const param_type = param.type;
+
+		auto it = type_to_size_expr.find(param_type);
+		if(it == type_to_size_expr.end()) {
+			throw std::runtime_error("Unknown event parameter type: " + std::to_string(param_type));
+		}
+
+		auto const size_expr = it->second;
+		// Just compare pointers is enough.
+		if(size_expr == SIZE_OF_EXPR_UNUSED) {
+			throw std::runtime_error("Unexpected unused event parameter type: " +
+			                         std::to_string(param_type));
+		}
+		if(size_expr == SIZE_OF_EXPR_VARIABLE_SIZE) {
+			return false;
+		}
+	}
+	return true;
+}
+
+// get_vent_size_expr_counts returns, given the provided event and the resulting size expression of
+// its parameters, a map containing, for each size expression, the number of occurrences.
+std::map<std::string, size_t> get_event_size_expr_counts(struct ppm_event_info const *const evt) {
+	std::map<std::string, size_t> size_expr_counts;
+	for(uint32_t i = 0; i < evt->nparams; i++) {
+		auto const &param = evt->params[i];
+		auto const param_type = param.type;
+		auto const it = type_to_size_expr.find(param_type);
+		if(it == type_to_size_expr.end()) {
+			throw std::runtime_error("Unknown event parameter type: " + std::to_string(param_type));
+		}
+		auto const size_expr = it->second;
+		size_expr_counts[size_expr]++;
+	}
+	return size_expr_counts;
+}
+
+// output_event_size outputs the event size macro for the provided event into the provided output
+// stream.
+void output_event_size(std::ostream &os,
+                       struct ppm_event_info const *const evt,
+                       bool const is_enter_evt) {
+	// Exclude old versions.
+	if(evt->flags & EF_OLD_VERSION) {
+		return;
+	}
+
+	std::string name{evt->name};
+	// Ignore events without name.
+	if(name == "NA") {
+		return;
+	}
+
+	// Exclude events not having a fixed size.
+	if(!is_fixed_size_event(evt)) {
+		return;
+	}
+
+	// Generate the complete event size macro name.
+	std::transform(name.cbegin(), name.cend(), name.begin(), toupper);
+	if((evt->category & EC_TRACEPOINT) == 0) {
+		name += is_enter_evt ? "_E" : "_X";
+	}
+	name += "_SIZE";
+
+	// The event contains at least the header.
+	os << "#define " << name << " HEADER_LEN";
+
+	auto const params_num = evt->nparams;
+
+	// Count the number of occurrences for each size expression.
+	auto size_expr_counts = get_event_size_expr_counts(evt);
+
+	// Output "size expression" * "number of occurrences of size expression", for each size
+	// expression.
+	for(auto const &[size_expr, count] : size_expr_counts) {
+		os << " + " << size_expr;
+		if(count != 1) {
+			os << " * " << count;
+		}
+	}
+
+	// Add "number of parameters" * PARAM_LEN, to account the size of each parameter length.
+	if(params_num != 0) {
+		os << " + PARAM_LEN";
+		if(params_num != 1) {
+			os << " * " << params_num;
+		}
+	}
+	os << '\n';
+}
+
+int main(int argc, char *argv[]) {
+	if(argc != 2) {
+		std::cerr << "Usage: " << argv[0] << " <filepath>\n";
+		std::exit(EXIT_FAILURE);
+	}
+
+	std::string filepath{argv[1]};
+
+	// Build file content.
+	std::ostringstream oss;
+	oss << PREFACE;
+	for(int i = 0; i < PPM_EVENT_MAX; i++) {
+		output_event_size(oss, &g_event_info[i], i % 2 == 0);
+	}
+	oss << POSTFACE;
+
+	// Write content to file.
+	std::ofstream f{filepath, std::fstream::out | std::fstream::trunc};
+	f << oss.str();
+	f.close();
+
+	return 0;
+}
diff --git a/driver/modern_bpf/programs/attached/dispatchers/syscall_exit.bpf.c b/driver/modern_bpf/programs/attached/dispatchers/syscall_exit.bpf.c
index 22356436f5..bfafb14556 100644
--- a/driver/modern_bpf/programs/attached/dispatchers/syscall_exit.bpf.c
+++ b/driver/modern_bpf/programs/attached/dispatchers/syscall_exit.bpf.c
@@ -36,9 +36,9 @@ int BPF_PROG(t_hotplug) {
 	 * the event collection.
 	 */
 	struct ringbuf_struct ringbuf;
-	ringbuf.reserved_event_size = HOTPLUG_E_SIZE;
+	ringbuf.reserved_event_size = CPU_HOTPLUG_E_SIZE;
 	ringbuf.event_type = PPME_CPU_HOTPLUG_E;
-	ringbuf.data = bpf_ringbuf_reserve(rb, HOTPLUG_E_SIZE, 0);
+	ringbuf.data = bpf_ringbuf_reserve(rb, CPU_HOTPLUG_E_SIZE, 0);
 	if(!ringbuf.data) {
 		counter->n_drops_buffer++;
 		return 0;
diff --git a/driver/modern_bpf/programs/attached/events/sched_switch.bpf.c b/driver/modern_bpf/programs/attached/events/sched_switch.bpf.c
index a060f4e945..2eb1c2fb86 100644
--- a/driver/modern_bpf/programs/attached/events/sched_switch.bpf.c
+++ b/driver/modern_bpf/programs/attached/events/sched_switch.bpf.c
@@ -22,7 +22,7 @@ int BPF_PROG(sched_switch, bool preempt, struct task_struct *prev, struct task_s
 	/// TODO: we could avoid switches from kernel threads to kernel threads (?).
 
 	struct ringbuf_struct ringbuf;
-	if(!ringbuf__reserve_space(&ringbuf, SCHED_SWITCH_SIZE, PPME_SCHEDSWITCH_6_E)) {
+	if(!ringbuf__reserve_space(&ringbuf, SWITCH_SIZE, PPME_SCHEDSWITCH_6_E)) {
 		return 0;
 	}
 
diff --git a/driver/modern_bpf/programs/attached/events/signal_deliver.bpf.c b/driver/modern_bpf/programs/attached/events/signal_deliver.bpf.c
index 9057d4f054..f0fd3cb468 100644
--- a/driver/modern_bpf/programs/attached/events/signal_deliver.bpf.c
+++ b/driver/modern_bpf/programs/attached/events/signal_deliver.bpf.c
@@ -19,7 +19,7 @@ int BPF_PROG(signal_deliver, int sig, struct kernel_siginfo *info, struct k_siga
 	}
 
 	struct ringbuf_struct ringbuf;
-	if(!ringbuf__reserve_space(&ringbuf, SIGNAL_DELIVER_SIZE, PPME_SIGNALDELIVER_E)) {
+	if(!ringbuf__reserve_space(&ringbuf, SIGNALDELIVER_SIZE, PPME_SIGNALDELIVER_E)) {
 		return 0;
 	}
 
diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/generic.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/generic.bpf.c
index 2c4cca26ed..94511047ee 100644
--- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/generic.bpf.c
+++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/generic.bpf.c
@@ -13,7 +13,7 @@
 SEC("tp_btf/sys_enter")
 int BPF_PROG(generic_e, struct pt_regs *regs, long id) {
 	struct ringbuf_struct ringbuf;
-	if(!ringbuf__reserve_space(&ringbuf, GENERIC_E_SIZE, PPME_GENERIC_E)) {
+	if(!ringbuf__reserve_space(&ringbuf, SYSCALL_E_SIZE, PPME_GENERIC_E)) {
 		return 0;
 	}
 
@@ -52,7 +52,7 @@ int BPF_PROG(generic_e, struct pt_regs *regs, long id) {
 SEC("tp_btf/sys_exit")
 int BPF_PROG(generic_x, struct pt_regs *regs, long ret) {
 	struct ringbuf_struct ringbuf;
-	if(!ringbuf__reserve_space(&ringbuf, GENERIC_X_SIZE, PPME_GENERIC_X)) {
+	if(!ringbuf__reserve_space(&ringbuf, SYSCALL_X_SIZE, PPME_GENERIC_X)) {
 		return 0;
 	}
 
diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/pread64.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/pread64.bpf.c
index 6034a2775f..a06cf3ef2c 100644
--- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/pread64.bpf.c
+++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/pread64.bpf.c
@@ -14,7 +14,7 @@
 SEC("tp_btf/sys_enter")
 int BPF_PROG(pread64_e, struct pt_regs *regs, long id) {
 	struct ringbuf_struct ringbuf;
-	if(!ringbuf__reserve_space(&ringbuf, PREAD64_E_SIZE, PPME_SYSCALL_PREAD_E)) {
+	if(!ringbuf__reserve_space(&ringbuf, PREAD_E_SIZE, PPME_SYSCALL_PREAD_E)) {
 		return 0;
 	}
 
diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/prlimit64.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/prlimit64.bpf.c
index 8961b002b7..1ed8112def 100644
--- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/prlimit64.bpf.c
+++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/prlimit64.bpf.c
@@ -13,7 +13,7 @@
 SEC("tp_btf/sys_enter")
 int BPF_PROG(prlimit64_e, struct pt_regs *regs, long id) {
 	struct ringbuf_struct ringbuf;
-	if(!ringbuf__reserve_space(&ringbuf, PRLIMIT64_E_SIZE, PPME_SYSCALL_PRLIMIT_E)) {
+	if(!ringbuf__reserve_space(&ringbuf, PRLIMIT_E_SIZE, PPME_SYSCALL_PRLIMIT_E)) {
 		return 0;
 	}
 
@@ -43,7 +43,7 @@ int BPF_PROG(prlimit64_e, struct pt_regs *regs, long id) {
 SEC("tp_btf/sys_exit")
 int BPF_PROG(prlimit64_x, struct pt_regs *regs, long ret) {
 	struct ringbuf_struct ringbuf;
-	if(!ringbuf__reserve_space(&ringbuf, PRLIMIT64_X_SIZE, PPME_SYSCALL_PRLIMIT_X)) {
+	if(!ringbuf__reserve_space(&ringbuf, PRLIMIT_X_SIZE, PPME_SYSCALL_PRLIMIT_X)) {
 		return 0;
 	}
 
diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/pwrite64.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/pwrite64.bpf.c
index a58ce89e99..fee3a0f8b4 100644
--- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/pwrite64.bpf.c
+++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/pwrite64.bpf.c
@@ -14,7 +14,7 @@
 SEC("tp_btf/sys_enter")
 int BPF_PROG(pwrite64_e, struct pt_regs *regs, long id) {
 	struct ringbuf_struct ringbuf;
-	if(!ringbuf__reserve_space(&ringbuf, PWRITE64_E_SIZE, PPME_SYSCALL_PWRITE_E)) {
+	if(!ringbuf__reserve_space(&ringbuf, PWRITE_E_SIZE, PPME_SYSCALL_PWRITE_E)) {
 		return 0;
 	}