update Go types

author: Paul Buetow <paul@buetow.org> 2024-02-16 00:39:50 +0200
committer: Paul Buetow <paul@buetow.org> 2024-02-16 00:39:50 +0200
commit: 5818548de594c17e4b6f5cfc3cf25ae0702e2e3d (patch)
tree: 3bc8a3d2ab0d5e7dcef9ab40f144917e841c638f
parent: 064c2499e887637e270a420a92e17f326c2ab268 (diff)
5 files changed, 66 insertions, 84 deletions
diff --git a/internal/ioriotng.go b/internal/ioriotng.go
index f368c09..0cf97b0 100644
--- a/internal/ioriotng.go
+++ b/internal/ioriotng.go
@@ -63,27 +63,6 @@ func Run(flags flags.Flags) {
 		log.Println("Ringbuf data received", len(b), b)
 	}
 
-	/*
-		ctx, cancel := context.WithCancel(context.Background())
-		defer cancel()
-		var wg sync.WaitGroup
-		wg.Add(2)
-
-			go func() {
-				defer wg.Done()
-				for ev := range listenToEvents[types.FdEvent](ctx, bpfModule, "fd_event_map") {
-					fmt.Println(ev)
-				}
-			}()
-		go func() {
-			defer wg.Done()
-			for ev := range listenToEvents[types.OpenEvent](ctx, bpfModule, "open_event_map") {
-				fmt.Println(ev)
-			}
-		}()
-
-		wg.Wait()
-	*/
 	log.Println("Good bye")
 }
 
diff --git a/internal/types/types.go b/internal/types/types.go
index c4ea2ad..473339f 100644
--- a/internal/types/types.go
+++ b/internal/types/types.go
@@ -1,34 +1,34 @@
+// These types mirror the C types from types.bpf.h
 package types
 
-import "fmt"
+const (
+	MAX_FILENAME_LENGTH = 256
+	MAX_PROGNAME_LENGTH = 16
+)
 
-type OpenEvent struct {
-	FD        int32
-	TID       uint32
-	EnterTime uint64
-	ExitTime  uint64
-	Filename  [256]byte // TODO, use same value as in ioriot.bpf.h
-	Comm      [16]byte
-}
+const (
+	OPENAT_ENTER_OP_ID = iota + 1
+	OPENAT_EXIT_OP_ID
+	CLOSE_ENTER_OP_ID
+	CLOSE_EXIT_OP_ID
+)
 
-func (e OpenEvent) String() string {
-	filename := e.Filename[:]
-	comm := e.Comm[:]
-	duration := float64(e.ExitTime-e.EnterTime) / float64(1_000_000)
-	return fmt.Sprintf("time:(%v=(%v-%v)/1mio) tid:%d fd:%d filename:%s, comm:%s",
-		duration, e.EnterTime, e.ExitTime, e.TID, e.FD, string(filename), string(comm))
+type NullEvent struct {
+	Tid  uint32
+	Time uint64
 }
 
 type FdEvent struct {
-	FD        int32
-	OpID      int32
-	TID       uint32
-	EnterTime uint64
-	ExitTime  uint64
+	NullEvent
+	Fd int32
 }
 
-func (e FdEvent) String() string {
-	duration := float64(e.ExitTime-e.EnterTime) / float64(1_000_000)
-	return fmt.Sprintf("time:(%vms=(%v-%v)/1mio) opId:%d tid:%v fd:%v",
-		duration, e.EnterTime, e.ExitTime, e.OpID, e.TID, e.FD)
+type OpenatEnterEvent struct {
+	NullEvent
+	Filename [MAX_FILENAME_LENGTH]byte
+	Comm     [MAX_PROGNAME_LENGTH]byte
 }
+
+// TODO: Move Flags type struct to here, too
+
+// duration := float64(e.ExitTime-e.EnterTime) / float64(1_000_000)
diff --git a/ioriotng.bpf.c b/ioriotng.bpf.c
index 5ca0cf2..e20c314 100644
--- a/ioriotng.bpf.c
+++ b/ioriotng.bpf.c
@@ -3,6 +3,7 @@
 #include "vmlinux.h"
 #include "opids.h"
 #include <bpf/bpf_helpers.h>
+#include "types.bpf.h"
 #include "maps.bpf.h"
 
 static inline int filter() {
diff --git a/maps.bpf.h b/maps.bpf.h
index e6307ba..dc55993 100644
--- a/maps.bpf.h
+++ b/maps.bpf.h
@@ -1,48 +1,13 @@
 //+build ignore
 
-#define TEMP_MAP_SIZES 1024 // Adjust size as needed
-#define MAX_FILENAME_LENGTH 256
-#define MAX_PROGNAME_LENGTH 16
-
-struct flags {
-   __u32 uid_filter;
-};
+struct {
+    __uint(type, BPF_MAP_TYPE_RINGBUF);
+    __uint(max_entries, 1 << 24);
+} event_map SEC(".maps");
 
-// To pass command line flags from userspace to BPF kernel space.
 struct {
    __uint(type, BPF_MAP_TYPE_HASH);
    __type(key, u32);
    __type(value, struct flags);
    __uint(max_entries, 1 << 24);
 } flags_map SEC(".maps");
-
-#define OPENAT_ENTER_OP_ID 1
-#define OPENAT_EXIT_OP_ID 2
-#define CLOSE_ENTER_OP_ID 1
-#define CLOSE_EXIT_OP_ID 2
-
-struct openat_enter_event {
-    __u32 op_id; 
-    __u32 tid;
-    __u64 time;
-    char filename[MAX_FILENAME_LENGTH];
-    char comm[MAX_PROGNAME_LENGTH];
-};
-
-struct fd_event {
-    __u32 op_id;
-    __u32 tid;
-    __u64 time;
-    __s32 fd;
-};
-
-struct null_event {
-    __u32 op_id;
-    __u32 tid;
-    __u64 time;
-};
-
-struct {
-    __uint(type, BPF_MAP_TYPE_RINGBUF);
-    __uint(max_entries, 1 << 24);
-} event_map SEC(".maps");
diff --git a/types.bpf.h b/types.bpf.h
new file mode 100644
index 0000000..57feaaa
--- /dev/null
+++ b/types.bpf.h
@@ -0,0 +1,37 @@
+//+build ignore
+
+// These types mirror the Go types from internal/types/types.go
+//
+#define MAX_FILENAME_LENGTH 256
+#define MAX_PROGNAME_LENGTH 16
+
+#define OPENAT_ENTER_OP_ID 1
+#define OPENAT_EXIT_OP_ID 2
+#define CLOSE_ENTER_OP_ID 3
+#define CLOSE_EXIT_OP_ID 4
+
+struct null_event {
+    __u32 op_id;
+    __u32 tid;
+    __u64 time;
+};
+
+struct fd_event {
+    __u32 op_id;
+    __u32 tid;
+    __u64 time;
+    __s32 fd;
+};
+
+struct openat_enter_event {
+    __u32 op_id; 
+    __u32 tid;
+    __u64 time;
+    char filename[MAX_FILENAME_LENGTH];
+    char comm[MAX_PROGNAME_LENGTH];
+};
+
+struct flags {
+   __u32 uid_filter;
+};
+
author	Paul Buetow <paul@buetow.org>	2024-02-16 00:39:50 +0200
committer	Paul Buetow <paul@buetow.org>	2024-02-16 00:39:50 +0200
commit	5818548de594c17e4b6f5cfc3cf25ae0702e2e3d (patch)
tree	3bc8a3d2ab0d5e7dcef9ab40f144917e841c638f
parent	064c2499e887637e270a420a92e17f326c2ab268 (diff)