refactor

author: Paul Buetow <paul@buetow.org> 2024-02-19 13:56:41 +0200
committer: Paul Buetow <paul@buetow.org> 2024-02-19 13:56:41 +0200
commit: b9d61a32d03b0872e4ec83d81a90f74c7cba6dd9 (patch)
tree: 1d2ade0d608bf23a44270ecde6d2437ce9921807
parent: d5dcacdf9e5bca9aabac29981cdd1936fc7f3c55 (diff)
3 files changed, 104 insertions, 102 deletions
diff --git a/internal/eventloop.go b/internal/eventloop.go
new file mode 100644
index 0000000..287198a
--- /dev/null
+++ b/internal/eventloop.go
@@ -0,0 +1,88 @@
+package internal
+
+import "C"
+
+import (
+	"bytes"
+	"encoding/binary"
+	"fmt"
+
+	"ioriotng/internal/syncpool"
+	. "ioriotng/internal/types"
+
+	bpf "github.com/aquasecurity/libbpfgo"
+)
+
+func eventLoop(bpfModule *bpf.Module, ch <-chan []byte) {
+	enterOpen := make(map[uint32]*OpenatEnterEvent)
+	enterFd := make(map[uint32]*FdEvent)
+	// To do this, extract the PID from the TID (pid_tid >> 32)
+	// openFiles := make(map[
+
+	for raw := range ch {
+		switch OpId(raw[0]) {
+		case OPENAT_ENTER_OP_ID:
+			fallthrough
+		case OPEN_ENTER_OP_ID:
+			ev := readRaw(raw, syncpool.OpenEnterEvent.Get().(*OpenatEnterEvent))
+			enterOpen[ev.PidTGid] = ev
+
+		case OPENAT_EXIT_OP_ID:
+			fallthrough
+		case OPEN_EXIT_OP_ID:
+			ev := readRaw(raw, syncpool.FdEvent.Get().(*FdEvent))
+			enterEv, ok := enterOpen[ev.PidTGid]
+			if !ok {
+				fmt.Println("Dropping", ev)
+				syncpool.FdEvent.Put(ev)
+				continue
+			}
+			duration := float64(ev.Time-enterEv.Time) / float64(1_000_000)
+			fmt.Println(duration, "ms", enterEv, ev)
+
+			delete(enterOpen, ev.PidTGid)
+			syncpool.FdEvent.Put(ev)
+			syncpool.OpenEnterEvent.Put(enterEv)
+
+		case CLOSE_ENTER_OP_ID:
+			fallthrough
+		case WRITE_ENTER_OP_ID:
+			fallthrough
+		case WRITEV_ENTER_OP_ID:
+			ev := readRaw(raw, syncpool.FdEvent.Get().(*FdEvent))
+			enterFd[ev.PidTGid] = ev
+
+		case CLOSE_EXIT_OP_ID:
+			fallthrough
+		case WRITE_EXIT_OP_ID:
+			fallthrough
+		case WRITEV_EXIT_OP_ID:
+			ev := readRaw(raw, syncpool.NullEvent.Get().(*NullEvent))
+			enterEv, ok := enterFd[ev.PidTGid]
+			if !ok {
+				fmt.Println("Dropping", ev)
+				syncpool.NullEvent.Put(ev)
+				continue
+			}
+			duration := float64(ev.Time-enterEv.Time) / float64(1_000_000)
+			fmt.Println(duration, "ms", enterEv, ev)
+
+			delete(enterFd, ev.PidTGid)
+			syncpool.NullEvent.Put(ev)
+			syncpool.FdEvent.Put(enterEv)
+
+		default:
+			panic(fmt.Sprintf("UNKNOWN Ringbuf data received len:%d raw:%v", len(raw), raw))
+		}
+	}
+
+	fmt.Println("Good bye")
+}
+
+func readRaw[T any](raw []byte, ev *T) *T {
+	if err := binary.Read(bytes.NewReader(raw), binary.LittleEndian, ev); err != nil {
+		fmt.Println(ev, raw, len(raw), err)
+		panic(raw)
+	}
+	return ev
+}
diff --git a/internal/ioriotng.go b/internal/ioriotng.go
index 9b7ec2d..72a57ad 100644
--- a/internal/ioriotng.go
+++ b/internal/ioriotng.go
@@ -3,21 +3,28 @@ package internal
 import "C"
 
 import (
-	"bytes"
-	"encoding/binary"
 	"fmt"
 
 	"ioriotng/internal/debugfs"
 	"ioriotng/internal/flags"
-	"ioriotng/internal/syncpool"
-	"ioriotng/internal/tracepoints"
-	. "ioriotng/internal/types"
+	"ioriotng/internal/generated"
 
 	bpf "github.com/aquasecurity/libbpfgo"
 )
 
-type BpfMapper interface {
-	String() string
+func attachSyscalls(bpfModule *bpf.Module) error {
+	for _, name := range generated.TracepointList {
+		prog, err := bpfModule.GetProgram(fmt.Sprintf("handle_%s", name))
+		if err != nil {
+			return fmt.Errorf("Failed to get BPF program handle_%s: %v", name, err)
+		}
+		fmt.Println("Attached prog handle_" + name)
+		if _, err = prog.AttachTracepoint("syscalls", fmt.Sprintf("sys_%s", name)); err != nil {
+			return fmt.Errorf("Failed to attach to sys_%s tracepoint: %v", name, err)
+		}
+		fmt.Println("Attached tracepoint sys_" + name)
+	}
+	return nil
 }
 
 func Run(flags flags.Flags) {
@@ -42,7 +49,7 @@ func Run(flags flags.Flags) {
 		panic(err)
 	}
 
-	if err := tracepoints.AttachSyscalls(bpfModule); err != nil {
+	if err := attachSyscalls(bpfModule); err != nil {
 		panic(err)
 	}
 
@@ -53,76 +60,7 @@ func Run(flags flags.Flags) {
 		panic(err)
 	}
 	rb.Poll(300)
-
-	enterOpen := make(map[uint32]*OpenatEnterEvent)
-	enterFd := make(map[uint32]*FdEvent)
-	// To do this, extract the PID from the TID (pid_tid >> 32)
-	// openFiles := make(map[
-
-	for raw := range ch {
-		switch OpId(raw[0]) {
-		case OPENAT_ENTER_OP_ID:
-			fallthrough
-		case OPEN_ENTER_OP_ID:
-			ev := readRaw(raw, syncpool.OpenEnterEvent.Get().(*OpenatEnterEvent))
-			enterOpen[ev.PidTGid] = ev
-
-		case OPENAT_EXIT_OP_ID:
-			fallthrough
-		case OPEN_EXIT_OP_ID:
-			ev := readRaw(raw, syncpool.FdEvent.Get().(*FdEvent))
-			enterEv, ok := enterOpen[ev.PidTGid]
-			if !ok {
-				fmt.Println("Dropping", ev)
-				syncpool.FdEvent.Put(ev)
-				continue
-			}
-			duration := float64(ev.Time-enterEv.Time) / float64(1_000_000)
-			fmt.Println(duration, "ms", enterEv, ev)
-
-			delete(enterOpen, ev.PidTGid)
-			syncpool.FdEvent.Put(ev)
-			syncpool.OpenEnterEvent.Put(enterEv)
-
-		case CLOSE_ENTER_OP_ID:
-			fallthrough
-		case WRITE_ENTER_OP_ID:
-			fallthrough
-		case WRITEV_ENTER_OP_ID:
-			ev := readRaw(raw, syncpool.FdEvent.Get().(*FdEvent))
-			enterFd[ev.PidTGid] = ev
-
-		case CLOSE_EXIT_OP_ID:
-			fallthrough
-		case WRITE_EXIT_OP_ID:
-			fallthrough
-		case WRITEV_EXIT_OP_ID:
-			ev := readRaw(raw, syncpool.NullEvent.Get().(*NullEvent))
-			enterEv, ok := enterFd[ev.PidTGid]
-			if !ok {
-				fmt.Println("Dropping", ev)
-				syncpool.NullEvent.Put(ev)
-				continue
-			}
-			duration := float64(ev.Time-enterEv.Time) / float64(1_000_000)
-			fmt.Println(duration, "ms", enterEv, ev)
-
-			delete(enterFd, ev.PidTGid)
-			syncpool.NullEvent.Put(ev)
-			syncpool.FdEvent.Put(enterEv)
-
-		default:
-			panic(fmt.Sprintf("UNKNOWN Ringbuf data received len:%d raw:%v", len(raw), raw))
-		}
-	}
+	eventLoop(bpfModule, ch)
 
 	fmt.Println("Good bye")
 }
-
-func readRaw[T any](raw []byte, ev *T) *T {
-	if err := binary.Read(bytes.NewReader(raw), binary.LittleEndian, ev); err != nil {
-		fmt.Println(ev, raw, len(raw), err)
-		panic(raw)
-	}
-	return ev
-}
diff --git a/internal/tracepoints/tracepoints.go b/internal/tracepoints/tracepoints.go
deleted file mode 100644
index bf6323f..0000000
--- a/internal/tracepoints/tracepoints.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package tracepoints
-
-import (
-	"fmt"
-	"ioriotng/internal/generated"
-
-	bpf "github.com/aquasecurity/libbpfgo"
-)
-
-func AttachSyscalls(bpfModule *bpf.Module) error {
-	for _, name := range generated.TracepointList {
-		// Attach to tracepoint
-		prog, err := bpfModule.GetProgram(fmt.Sprintf("handle_%s", name))
-		if err != nil {
-			return fmt.Errorf("Failed to get BPF program handle_%s: %v", name, err)
-		}
-		fmt.Println("Attached prog handle_" + name)
-		if _, err = prog.AttachTracepoint("syscalls", fmt.Sprintf("sys_%s", name)); err != nil {
-			return fmt.Errorf("Failed to attach to sys_%s tracepoint: %v", name, err)
-		}
-		fmt.Println("Attached tracepoint sys_" + name)
-	}
-	return nil
-}
author	Paul Buetow <paul@buetow.org>	2024-02-19 13:56:41 +0200
committer	Paul Buetow <paul@buetow.org>	2024-02-19 13:56:41 +0200
commit	b9d61a32d03b0872e4ec83d81a90f74c7cba6dd9 (patch)
tree	1d2ade0d608bf23a44270ecde6d2437ce9921807
parent	d5dcacdf9e5bca9aabac29981cdd1936fc7f3c55 (diff)