move program code to internal package - only leave cmd wrapper in ./cmd

4 files changed, 170 insertions, 159 deletions

diff --git a/Makefile b/Makefile
index d336e2f..c2c7bad 100644
--- a/Makefile
+++ b/Makefile
@@ -16,7 +16,7 @@ bpfbuild:
 
 .PHONY: gobuild
 gobuild:
-	echo 'package main' > internal/opids.go
+	echo 'package internal' > internal/opids.go
 	echo >> internal/opids.go
 	sed -E 's/#define (.*) ([0-9]+)/const \1 = \2/' opids.h >> internal/opids.go
 	go build -tags netgo -ldflags '-w -extldflags "-static"' -o ioriotng ./cmd/ioriotng/main.go
diff --git a/cmd/ioriotng/main.go b/cmd/ioriotng/main.go
index e353cc0..16771a0 100644
--- a/cmd/ioriotng/main.go
+++ b/cmd/ioriotng/main.go
@@ -1,165 +1,11 @@
 package main
 
-import "C"
-
 import (
-	"bytes"
-	"context"
-	"encoding/binary"
-	"fmt"
-	"log"
-	"runtime"
-	"sync"
-
-	"ioriotng/internal/debugfs"
-	"ioriotng/internal/tracepoints"
-
-	bpf "github.com/aquasecurity/libbpfgo"
+	"ioriotng/internal"
 )
 
-type BpfMapper interface {
-	String() string
-}
-
-type openEvent struct {
-	FD        int32
-	OpID      int32
-	TID       uint32
-	EnterTime uint64
-	ExitTime  uint64
-	Filename  [256]byte // TODO, use same value as in ioriot.bpf.h
-	Comm      [16]byte
-}
-
-func (e openEvent) String() string {
-	filename := e.Filename[:]
-	comm := e.Comm[:]
-	duration := (e.ExitTime - e.EnterTime) / 1000000000000.0
-	return fmt.Sprintf("%vms opId:%d tid:%d fd:%d filename:%s, comm:%s",
-		duration, e.OpID, e.TID, e.FD, string(filename), string(comm))
-}
-
-type fdEvent struct {
-	FD        int32
-	OpID      int32
-	TID       uint32
-	EnterTime uint64
-	ExitTime  uint64
-}
-
-func (e fdEvent) String() string {
-	duration := (e.ExitTime - e.EnterTime) / 1000000000000.0
-	return fmt.Sprintf("%vms opId:%d tid:%v fd:%v", duration, e.OpID, e.TID, e.FD)
-}
-
-func resizeMap(module *bpf.Module, name string, size uint32) error {
-	m, err := module.GetMap("open_event_map")
-	if err != nil {
-		return err
-	}
-
-	if err = m.SetMaxEntries(size); err != nil {
-		return err
-	}
-
-	if actual := m.MaxEntries(); actual != size {
-		return fmt.Errorf("map resize failed, expected %v, actual %v", size, actual)
-	}
-
-	return nil
-}
-
 func main() {
-	// To consider for implementation!
-	log.Println(debugfs.TracepointsWithFd())
-
-	bpfModule, err := bpf.NewModuleFromFile("ioriotng.bpf.o")
-	if err != nil {
-		log.Fatal(err)
-	}
-	defer bpfModule.Close()
-
-	if err = resizeMap(bpfModule, "open_event_map", 8192); err != nil {
-		log.Fatal(err)
-	}
-	if err = resizeMap(bpfModule, "fd_event_map", 8192); err != nil {
-		log.Fatal(err)
-	}
-
-	err = bpfModule.BPFLoadObject()
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	if err := tracepoints.AttachSyscalls(bpfModule); err != nil {
-		log.Fatal(err)
-	}
-
-	ctx, cancel := context.WithCancel(context.Background())
-	defer cancel()
-	var wg sync.WaitGroup
-	wg.Add(2)
-
-	go func() {
-		defer wg.Done()
-		for ev := range listenToEvents[fdEvent](ctx, bpfModule, "fd_event_map") {
-			log.Println(ev)
-		}
-	}()
-	go func() {
-		defer wg.Done()
-		for ev := range listenToEvents[openEvent](ctx, bpfModule, "open_event_map") {
-			log.Println(ev)
-		}
-	}()
-
-	wg.Wait()
-	log.Println("Good bye")
-}
-
-func listenToEvents[T BpfMapper](ctx context.Context, bpfModule *bpf.Module, mapName string) <-chan T {
-	rawEventsCh := make(chan []byte)
-	rawLostCh := make(chan uint64) // TODO: Of any use this channel?
-	eventsCh := make(chan T)
-
-	pb, err := bpfModule.InitPerfBuf(mapName, rawEventsCh, rawLostCh, 4096)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	go func() {
-		defer func() {
-			pb.Stop()
-			pb.Close()
-			close(eventsCh)
-		}()
-		pb.Poll(300)
-		for {
-			select {
-			case <-ctx.Done():
-				return
-			case lost := <-rawLostCh:
-				log.Println("Lost", lost, mapName, "events. Consider increasing ring buffer!")
-			case rawEv := <-rawEventsCh:
-				var ev T
-				if err := binary.Read(bytes.NewReader(rawEv), binary.LittleEndian, &ev); err != nil {
-					log.Fatal(err)
-				}
-				eventsCh <- ev
-			}
-		}
-	}()
-
-	return eventsCh
-}
+	// Here could be some flag parsing....
 
-func ksymArch() string {
-	switch runtime.GOARCH {
-	case "amd64":
-		return "x64"
-	case "arm64":
-		return "arm64"
-	default:
-		panic("unsupported architecture")
-	}
+	internal.Run()
 }
diff --git a/internal/ioriotng.go b/internal/ioriotng.go
new file mode 100644
index 0000000..ca2a02e
--- /dev/null
+++ b/internal/ioriotng.go
@@ -0,0 +1,165 @@
+package internal
+
+import "C"
+
+import (
+	"bytes"
+	"context"
+	"encoding/binary"
+	"fmt"
+	"log"
+	"runtime"
+	"sync"
+
+	"ioriotng/internal/debugfs"
+	"ioriotng/internal/tracepoints"
+
+	bpf "github.com/aquasecurity/libbpfgo"
+)
+
+type BpfMapper interface {
+	String() string
+}
+
+type openEvent struct {
+	FD        int32
+	OpID      int32
+	TID       uint32
+	EnterTime uint64
+	ExitTime  uint64
+	Filename  [256]byte // TODO, use same value as in ioriot.bpf.h
+	Comm      [16]byte
+}
+
+func (e openEvent) String() string {
+	filename := e.Filename[:]
+	comm := e.Comm[:]
+	duration := (e.ExitTime - e.EnterTime) / 1000000000000.0
+	return fmt.Sprintf("%vms opId:%d tid:%d fd:%d filename:%s, comm:%s",
+		duration, e.OpID, e.TID, e.FD, string(filename), string(comm))
+}
+
+type fdEvent struct {
+	FD        int32
+	OpID      int32
+	TID       uint32
+	EnterTime uint64
+	ExitTime  uint64
+}
+
+func (e fdEvent) String() string {
+	duration := (e.ExitTime - e.EnterTime) / 1000000000000.0
+	return fmt.Sprintf("%vms opId:%d tid:%v fd:%v", duration, e.OpID, e.TID, e.FD)
+}
+
+func resizeMap(module *bpf.Module, name string, size uint32) error {
+	m, err := module.GetMap("open_event_map")
+	if err != nil {
+		return err
+	}
+
+	if err = m.SetMaxEntries(size); err != nil {
+		return err
+	}
+
+	if actual := m.MaxEntries(); actual != size {
+		return fmt.Errorf("map resize failed, expected %v, actual %v", size, actual)
+	}
+
+	return nil
+}
+
+func Run() {
+	// To consider for implementation!
+	log.Println(debugfs.TracepointsWithFd())
+
+	bpfModule, err := bpf.NewModuleFromFile("ioriotng.bpf.o")
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer bpfModule.Close()
+
+	if err = resizeMap(bpfModule, "open_event_map", 8192); err != nil {
+		log.Fatal(err)
+	}
+	if err = resizeMap(bpfModule, "fd_event_map", 8192); err != nil {
+		log.Fatal(err)
+	}
+
+	err = bpfModule.BPFLoadObject()
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	if err := tracepoints.AttachSyscalls(bpfModule); err != nil {
+		log.Fatal(err)
+	}
+
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+	var wg sync.WaitGroup
+	wg.Add(2)
+
+	go func() {
+		defer wg.Done()
+		for ev := range listenToEvents[fdEvent](ctx, bpfModule, "fd_event_map") {
+			log.Println(ev)
+		}
+	}()
+	go func() {
+		defer wg.Done()
+		for ev := range listenToEvents[openEvent](ctx, bpfModule, "open_event_map") {
+			log.Println(ev)
+		}
+	}()
+
+	wg.Wait()
+	log.Println("Good bye")
+}
+
+func listenToEvents[T BpfMapper](ctx context.Context, bpfModule *bpf.Module, mapName string) <-chan T {
+	rawEventsCh := make(chan []byte)
+	rawLostCh := make(chan uint64) // TODO: Of any use this channel?
+	eventsCh := make(chan T)
+
+	pb, err := bpfModule.InitPerfBuf(mapName, rawEventsCh, rawLostCh, 4096)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	go func() {
+		defer func() {
+			pb.Stop()
+			pb.Close()
+			close(eventsCh)
+		}()
+		pb.Poll(300)
+		for {
+			select {
+			case <-ctx.Done():
+				return
+			case lost := <-rawLostCh:
+				log.Println("Lost", lost, mapName, "events. Consider increasing ring buffer!")
+			case rawEv := <-rawEventsCh:
+				var ev T
+				if err := binary.Read(bytes.NewReader(rawEv), binary.LittleEndian, &ev); err != nil {
+					log.Fatal(err)
+				}
+				eventsCh <- ev
+			}
+		}
+	}()
+
+	return eventsCh
+}
+
+func ksymArch() string {
+	switch runtime.GOARCH {
+	case "amd64":
+		return "x64"
+	case "arm64":
+		return "arm64"
+	default:
+		panic("unsupported architecture")
+	}
+}
diff --git a/internal/opids.go b/internal/opids.go
index eda15fd..972aaa7 100644
--- a/internal/opids.go
+++ b/internal/opids.go
@@ -1,4 +1,4 @@
-package main
+package internal
 
 const OPEN = 1
 const OPEN_AT = 2