diff options
| author | Paul Buetow <paul@buetow.org> | 2024-03-02 00:28:21 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2024-03-02 00:28:21 +0200 |
| commit | f7409fb04a90f956abd7d538e31cc2b47bbea871 (patch) | |
| tree | bd3ba493bc27a5f43388c700e676af5207e6cb7d | |
| parent | 1f9639a256a4eae3b5ea133976beb1ead7fe39ab (diff) | |
add some comments
| -rw-r--r-- | internal/eventloop.go | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/internal/eventloop.go b/internal/eventloop.go index 9285db4..03652cf 100644 --- a/internal/eventloop.go +++ b/internal/eventloop.go @@ -19,9 +19,13 @@ func eventLoop(bpfModule *bpf.Module, rawCh <-chan []byte) { } func events(rawCh <-chan []byte) <-chan enterExitEvent { + // Channel of events (enter+exit tracepoint results of a syscall). evCh := make(chan enterExitEvent) + // Temporally store tracepoints of syscall entering tracepoits (e.g. SYS_ENTER_OPEN). enterEvs := make(map[uint32]enterExitEvent) + // Track all open file by file descriptor. files := make(map[int32]file) + // Program or thread name of the current Tid. comms := make(map[uint32]string) enter := func(enterEv event) { @@ -39,7 +43,9 @@ func events(rawCh <-chan []byte) <-chan enterExitEvent { delete(enterEvs, exitEv.GetTid()) ev.exitEv = exitEv - // Expect ID one lower, otherwise, doesn't match. + // Expect ID one lower, otherwise, enter and exit tracepoints + // don't match up. E.g.: + // enterEv:SYS_ENTER_OPEN => exitEv:SYS_EXIT_OPEN if ev.enterEv.GetSyscallId()-1 != ev.exitEv.GetSyscallId() { fmt.Println(fmt.Sprintf("Loss of event (not matching) %v", ev)) ev.enterEv.Recycle() @@ -47,6 +53,7 @@ func events(rawCh <-chan []byte) <-chan enterExitEvent { return } + // Handle the opening of a file. if ev.is(SYS_ENTER_OPENAT) || ev.is(SYS_ENTER_OPEN) { openEnterEv := ev.enterEv.(*OpenEnterEvent) @@ -65,6 +72,7 @@ func events(rawCh <-chan []byte) <-chan enterExitEvent { return } + // Generic handling of any syscall expecting a file descriptor (fd) if fdEvent, ok := ev.enterEv.(*FdEvent); ok { if file_, ok := files[fdEvent.Fd]; ok { ev.file = file_ @@ -80,6 +88,7 @@ func events(rawCh <-chan []byte) <-chan enterExitEvent { evCh <- ev } + // Deserialise raw byte stream from BPF ringbuffer. go func() { defer close(evCh) for raw := range rawCh { |