diff options
| author | Paul Buetow <paul@buetow.org> | 2024-02-19 13:56:41 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2024-02-19 13:56:41 +0200 |
| commit | b9d61a32d03b0872e4ec83d81a90f74c7cba6dd9 (patch) | |
| tree | 1d2ade0d608bf23a44270ecde6d2437ce9921807 /internal/eventloop.go | |
| parent | d5dcacdf9e5bca9aabac29981cdd1936fc7f3c55 (diff) | |
refactor
Diffstat (limited to 'internal/eventloop.go')
| -rw-r--r-- | internal/eventloop.go | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/internal/eventloop.go b/internal/eventloop.go new file mode 100644 index 0000000..287198a --- /dev/null +++ b/internal/eventloop.go @@ -0,0 +1,88 @@ +package internal + +import "C" + +import ( + "bytes" + "encoding/binary" + "fmt" + + "ioriotng/internal/syncpool" + . "ioriotng/internal/types" + + bpf "github.com/aquasecurity/libbpfgo" +) + +func eventLoop(bpfModule *bpf.Module, ch <-chan []byte) { + enterOpen := make(map[uint32]*OpenatEnterEvent) + enterFd := make(map[uint32]*FdEvent) + // To do this, extract the PID from the TID (pid_tid >> 32) + // openFiles := make(map[ + + for raw := range ch { + switch OpId(raw[0]) { + case OPENAT_ENTER_OP_ID: + fallthrough + case OPEN_ENTER_OP_ID: + ev := readRaw(raw, syncpool.OpenEnterEvent.Get().(*OpenatEnterEvent)) + enterOpen[ev.PidTGid] = ev + + case OPENAT_EXIT_OP_ID: + fallthrough + case OPEN_EXIT_OP_ID: + ev := readRaw(raw, syncpool.FdEvent.Get().(*FdEvent)) + enterEv, ok := enterOpen[ev.PidTGid] + if !ok { + fmt.Println("Dropping", ev) + syncpool.FdEvent.Put(ev) + continue + } + duration := float64(ev.Time-enterEv.Time) / float64(1_000_000) + fmt.Println(duration, "ms", enterEv, ev) + + delete(enterOpen, ev.PidTGid) + syncpool.FdEvent.Put(ev) + syncpool.OpenEnterEvent.Put(enterEv) + + case CLOSE_ENTER_OP_ID: + fallthrough + case WRITE_ENTER_OP_ID: + fallthrough + case WRITEV_ENTER_OP_ID: + ev := readRaw(raw, syncpool.FdEvent.Get().(*FdEvent)) + enterFd[ev.PidTGid] = ev + + case CLOSE_EXIT_OP_ID: + fallthrough + case WRITE_EXIT_OP_ID: + fallthrough + case WRITEV_EXIT_OP_ID: + ev := readRaw(raw, syncpool.NullEvent.Get().(*NullEvent)) + enterEv, ok := enterFd[ev.PidTGid] + if !ok { + fmt.Println("Dropping", ev) + syncpool.NullEvent.Put(ev) + continue + } + duration := float64(ev.Time-enterEv.Time) / float64(1_000_000) + fmt.Println(duration, "ms", enterEv, ev) + + delete(enterFd, ev.PidTGid) + syncpool.NullEvent.Put(ev) + syncpool.FdEvent.Put(enterEv) + + default: + panic(fmt.Sprintf("UNKNOWN Ringbuf data received len:%d raw:%v", len(raw), raw)) + } + } + + fmt.Println("Good bye") +} + +func readRaw[T any](raw []byte, ev *T) *T { + if err := binary.Read(bytes.NewReader(raw), binary.LittleEndian, ev); err != nil { + fmt.Println(ev, raw, len(raw), err) + panic(raw) + } + return ev +} |