diff options
| author | Paul Buetow <paul@buetow.org> | 2025-03-06 22:24:41 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2025-03-06 22:24:41 +0200 |
| commit | c9490649f7474c6442637b71c04b235713853ca8 (patch) | |
| tree | 8b1152c5463704b53a7daaad895f98b270b7fcb3 /internal/eventloop.go | |
| parent | 10925e4fda4af9211ee0b697f3139df500ff3679 (diff) | |
initial event filter
Diffstat (limited to 'internal/eventloop.go')
| -rw-r--r-- | internal/eventloop.go | 31 |
1 files changed, 18 insertions, 13 deletions
diff --git a/internal/eventloop.go b/internal/eventloop.go index 4c582e3..634e5d5 100644 --- a/internal/eventloop.go +++ b/internal/eventloop.go @@ -5,20 +5,21 @@ import "C" import ( "fmt" + "ioriotng/internal/flags" . "ioriotng/internal/generated/types" ) type eventLoop struct { - evCh chan *eventPair // Channel of events (enter+exit tracepoint results of a syscall). + filter *eventFilter enterEvs map[uint32]*eventPair // Temp. store of sys_enter tracepoints per Tid. files map[int32]file // Track all open files by file descriptor. comms map[uint32]string // Program or thread name of the current Tid. prevPairs map[uint32]*eventPair // Previous event (to calculate time differences between two events) } -func newEventLoop() *eventLoop { +func newEventLoop(flags flags.Flags) *eventLoop { return &eventLoop{ - evCh: make(chan *eventPair), + filter: newEventFilter(flags), enterEvs: make(map[uint32]*eventPair), files: make(map[int32]file), comms: make(map[uint32]string), @@ -39,24 +40,28 @@ func (e *eventLoop) run(rawCh <-chan []byte) { fmt.Println("Good bye") } +// Deserialise raw byte stream from BPF ringbuffer. func (e *eventLoop) events(rawCh <-chan []byte) <-chan *eventPair { - // Deserialise raw byte stream from BPF ringbuffer. + ch := make(chan *eventPair) + go func() { - defer close(e.evCh) + defer close(ch) for raw := range rawCh { switch EventType(raw[0]) { case ENTER_OPEN_EVENT: - e.syscallEnter(NewOpenEvent(raw)) + if ev, ok := e.filter.openEvent(NewOpenEvent(raw)); ok { + e.syscallEnter(ev) + } case EXIT_OPEN_EVENT: - e.syscallExit(NewFdEvent(raw)) + e.syscallExit(NewFdEvent(raw), ch) case ENTER_FD_EVENT: e.syscallEnter(NewFdEvent(raw)) case EXIT_FD_EVENT: - e.syscallExit(NewFdEvent(raw)) + e.syscallExit(NewFdEvent(raw), ch) case EXIT_NULL_EVENT: - e.syscallExit(NewNullEvent(raw)) + e.syscallExit(NewNullEvent(raw), ch) case EXIT_RET_EVENT: - e.syscallExit(NewRetEvent(raw)) + e.syscallExit(NewRetEvent(raw), ch) case ENTER_NAME_EVENT: e.syscallEnter(NewNameEvent(raw)) case ENTER_PATH_EVENT: @@ -67,14 +72,14 @@ func (e *eventLoop) events(rawCh <-chan []byte) <-chan *eventPair { } }() - return e.evCh + return ch } func (e *eventLoop) syscallEnter(enterEv event) { e.enterEvs[enterEv.GetTid()] = newEventPair(enterEv) } -func (e *eventLoop) syscallExit(exitEv event) { +func (e *eventLoop) syscallExit(exitEv event, ch chan<- *eventPair) { ev, ok := e.enterEvs[exitEv.GetTid()] if !ok { exitEv.Recycle() @@ -139,5 +144,5 @@ func (e *eventLoop) syscallExit(exitEv event) { ev.prevPair, _ = e.prevPairs[ev.enterEv.GetTid()] ev.calculateDurations() e.prevPairs[ev.enterEv.GetTid()] = ev - e.evCh <- ev + ch <- ev } |