diff options
| author | Paul Buetow <paul@buetow.org> | 2024-02-19 13:56:41 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2024-02-19 13:56:41 +0200 |
| commit | b9d61a32d03b0872e4ec83d81a90f74c7cba6dd9 (patch) | |
| tree | 1d2ade0d608bf23a44270ecde6d2437ce9921807 /internal/ioriotng.go | |
| parent | d5dcacdf9e5bca9aabac29981cdd1936fc7f3c55 (diff) | |
refactor
Diffstat (limited to 'internal/ioriotng.go')
| -rw-r--r-- | internal/ioriotng.go | 94 |
1 files changed, 16 insertions, 78 deletions
diff --git a/internal/ioriotng.go b/internal/ioriotng.go index 9b7ec2d..72a57ad 100644 --- a/internal/ioriotng.go +++ b/internal/ioriotng.go @@ -3,21 +3,28 @@ package internal import "C" import ( - "bytes" - "encoding/binary" "fmt" "ioriotng/internal/debugfs" "ioriotng/internal/flags" - "ioriotng/internal/syncpool" - "ioriotng/internal/tracepoints" - . "ioriotng/internal/types" + "ioriotng/internal/generated" bpf "github.com/aquasecurity/libbpfgo" ) -type BpfMapper interface { - String() string +func attachSyscalls(bpfModule *bpf.Module) error { + for _, name := range generated.TracepointList { + prog, err := bpfModule.GetProgram(fmt.Sprintf("handle_%s", name)) + if err != nil { + return fmt.Errorf("Failed to get BPF program handle_%s: %v", name, err) + } + fmt.Println("Attached prog handle_" + name) + if _, err = prog.AttachTracepoint("syscalls", fmt.Sprintf("sys_%s", name)); err != nil { + return fmt.Errorf("Failed to attach to sys_%s tracepoint: %v", name, err) + } + fmt.Println("Attached tracepoint sys_" + name) + } + return nil } func Run(flags flags.Flags) { @@ -42,7 +49,7 @@ func Run(flags flags.Flags) { panic(err) } - if err := tracepoints.AttachSyscalls(bpfModule); err != nil { + if err := attachSyscalls(bpfModule); err != nil { panic(err) } @@ -53,76 +60,7 @@ func Run(flags flags.Flags) { panic(err) } rb.Poll(300) - - enterOpen := make(map[uint32]*OpenatEnterEvent) - enterFd := make(map[uint32]*FdEvent) - // To do this, extract the PID from the TID (pid_tid >> 32) - // openFiles := make(map[ - - for raw := range ch { - switch OpId(raw[0]) { - case OPENAT_ENTER_OP_ID: - fallthrough - case OPEN_ENTER_OP_ID: - ev := readRaw(raw, syncpool.OpenEnterEvent.Get().(*OpenatEnterEvent)) - enterOpen[ev.PidTGid] = ev - - case OPENAT_EXIT_OP_ID: - fallthrough - case OPEN_EXIT_OP_ID: - ev := readRaw(raw, syncpool.FdEvent.Get().(*FdEvent)) - enterEv, ok := enterOpen[ev.PidTGid] - if !ok { - fmt.Println("Dropping", ev) - syncpool.FdEvent.Put(ev) - continue - } - duration := float64(ev.Time-enterEv.Time) / float64(1_000_000) - fmt.Println(duration, "ms", enterEv, ev) - - delete(enterOpen, ev.PidTGid) - syncpool.FdEvent.Put(ev) - syncpool.OpenEnterEvent.Put(enterEv) - - case CLOSE_ENTER_OP_ID: - fallthrough - case WRITE_ENTER_OP_ID: - fallthrough - case WRITEV_ENTER_OP_ID: - ev := readRaw(raw, syncpool.FdEvent.Get().(*FdEvent)) - enterFd[ev.PidTGid] = ev - - case CLOSE_EXIT_OP_ID: - fallthrough - case WRITE_EXIT_OP_ID: - fallthrough - case WRITEV_EXIT_OP_ID: - ev := readRaw(raw, syncpool.NullEvent.Get().(*NullEvent)) - enterEv, ok := enterFd[ev.PidTGid] - if !ok { - fmt.Println("Dropping", ev) - syncpool.NullEvent.Put(ev) - continue - } - duration := float64(ev.Time-enterEv.Time) / float64(1_000_000) - fmt.Println(duration, "ms", enterEv, ev) - - delete(enterFd, ev.PidTGid) - syncpool.NullEvent.Put(ev) - syncpool.FdEvent.Put(enterEv) - - default: - panic(fmt.Sprintf("UNKNOWN Ringbuf data received len:%d raw:%v", len(raw), raw)) - } - } + eventLoop(bpfModule, ch) fmt.Println("Good bye") } - -func readRaw[T any](raw []byte, ev *T) *T { - if err := binary.Read(bytes.NewReader(raw), binary.LittleEndian, ev); err != nil { - fmt.Println(ev, raw, len(raw), err) - panic(raw) - } - return ev -} |