diff options
| author | Paul Buetow <paul@buetow.org> | 2024-02-27 20:39:16 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2024-02-28 00:15:12 +0200 |
| commit | d44c509284eaf0db2b1f7d14ede3687ff06c4853 (patch) | |
| tree | f675f3f1578dbf8a3342fdb67f79ac3b216ed5dd /internal/eventloop.go | |
| parent | 139d2dca45306071a30562a94b69ac20ada515c8 (diff) | |
introduce event type for better deserializing
Diffstat (limited to 'internal/eventloop.go')
| -rw-r--r-- | internal/eventloop.go | 102 |
1 files changed, 26 insertions, 76 deletions
diff --git a/internal/eventloop.go b/internal/eventloop.go index 5fb8c5c..d22ea62 100644 --- a/internal/eventloop.go +++ b/internal/eventloop.go @@ -31,87 +31,37 @@ func binaryCompare(ev *OpenEnterEvent, raw []byte) { fmt.Println("raw ", raw) } -func eventLoop(bpfModule *bpf.Module, ch <-chan []byte) { - enterOpen := make(map[uint32]*OpenEnterEvent) - enterFd := make(map[uint32]*FdEvent) +type Event interface { + String() string + GetTid() uint32 +} - openFdMap := make(map[int32]openFile) +func eventLoop(bpfModule *bpf.Module, ch <-chan []byte) { + type Event interface { + String() string + } for raw := range ch { - switch SyscallId(raw[0]) { - case SYS_ENTER_OPENAT: - fallthrough - case SYS_ENTER_OPEN: - ev := NewOpenEnterEvent(raw) - enterOpen[ev.Tid] = ev - - case SYS_EXIT_OPENAT: - fallthrough - case SYS_EXIT_OPEN: - ev := NewFdEvent(raw) - enterEv, ok := enterOpen[ev.Tid] - if !ok { - ev.Recycle() - continue - } - file := openFile{ - fd: ev.Fd, - path: string(enterEv.Filename[:]), - } - openFdMap[ev.Fd] = file - duration := ev.Time - enterEv.Time - fmt.Println(duration, "μs", "closed", file) - - delete(enterOpen, ev.Tid) - ev.Recycle() - enterEv.Recycle() - - case SYS_ENTER_CLOSE: - fallthrough - case SYS_ENTER_WRITE: - ev := NewFdEvent(raw) - if _, ok := openFdMap[ev.Fd]; !ok { - // File open not traced (todo: read from procfs?) - ev.Recycle() - continue - } - enterFd[ev.Tid] = ev - - case SYS_EXIT_CLOSE: - ev := NewNullEvent(raw) - enterEv, ok := enterFd[ev.Tid] - if !ok { - ev.Recycle() - continue - } - duration := ev.Time - enterEv.Time - file, _ := openFdMap[enterEv.Fd] - fmt.Println(duration, "μs", "closed", file) - - delete(openFdMap, enterEv.Fd) - delete(enterFd, ev.Tid) - ev.Recycle() - enterEv.Recycle() - - case SYS_EXIT_WRITE: - ev := NewRetEvent(raw) - enterEv, ok := enterFd[ev.Tid] - if !ok { - ev.Recycle() - continue - } - duration := ev.Time - enterEv.Time - if file, ok := openFdMap[enterEv.Fd]; ok { - fmt.Println(duration, "μs", "retval", ev.Ret, file) - } - - delete(enterFd, ev.Tid) - ev.Recycle() - enterEv.Recycle() - + var ev Event + switch EventType(raw[0]) { + case ENTER_OPEN_EVENT: + ev = NewOpenEnterEvent(raw) + case EXIT_OPEN_EVENT: + ev = NewFdEvent(raw) + case ENTER_FD_EVENT: + ev = NewFdEvent(raw) + case EXIT_FD_EVENT: + ev = NewFdEvent(raw) + case ENTER_NULL_EVENT: + ev = NewNullEvent(raw) + case EXIT_NULL_EVENT: + ev = NewNullEvent(raw) + case EXIT_RET_EVENT: + ev = NewRetEvent(raw) default: - panic(fmt.Sprintf("UNKNOWN Ringbuf data received len:%d raw:%v", len(raw), raw)) + panic("Unknown event type") } + fmt.Println(ev) } fmt.Println("Good bye") |