can deserialise ring buffer messages in Go

author: Paul Buetow <paul@buetow.org> 2024-02-16 01:34:32 +0200
committer: Paul Buetow <paul@buetow.org> 2024-02-16 01:34:32 +0200
commit: a07573713571637336dd2a64a58234cdc1b83626 (patch)
tree: 852ac3ea051179232c7ad8c18220128a7497af44 /internal
parent: 02707dde82ed3030aa66d8155928f364cefe143d (diff)
2 files changed, 51 insertions, 6 deletions
diff --git a/internal/ioriotng.go b/internal/ioriotng.go
index 0cf97b0..614aa8a 100644
--- a/internal/ioriotng.go
+++ b/internal/ioriotng.go
@@ -6,12 +6,14 @@ import (
 	"bytes"
 	"context"
 	"encoding/binary"
+	"fmt"
 	"log"
 	"runtime"
 
 	"ioriotng/internal/debugfs"
 	"ioriotng/internal/flags"
 	"ioriotng/internal/tracepoints"
+	"ioriotng/internal/types"
 
 	bpf "github.com/aquasecurity/libbpfgo"
 )
@@ -54,18 +56,41 @@ func Run(flags flags.Flags) {
 	}
 	rb.Poll(300)
 
-	for b := range ch {
-		/*
-			if binary.LittleEndian.Uint32(b) != 2021 {
-				log.Fatal("invalid data retrieved", len(b), b)
+	for raw := range ch {
+		switch raw[0] {
+		case types.OPENAT_ENTER_OP_ID:
+			var ev types.OpenatEnterEvent
+			if err := binary.Read(bytes.NewReader(raw), binary.LittleEndian, &ev); err != nil {
+				log.Fatal(err)
 			}
-		*/
-		log.Println("Ringbuf data received", len(b), b)
+			fmt.Println(ev)
+		case types.OPENAT_EXIT_OP_ID:
+			fallthrough
+		case types.CLOSE_ENTER_OP_ID:
+			var ev types.FdEvent
+			if err := binary.Read(bytes.NewReader(raw), binary.LittleEndian, &ev); err != nil {
+				log.Fatal(err)
+			}
+			log.Println(ev)
+		case types.CLOSE_EXIT_OP_ID:
+			var ev types.NullEvent
+			if err := binary.Read(bytes.NewReader(raw), binary.LittleEndian, &ev); err != nil {
+				log.Fatal(err)
+			}
+			log.Println(ev)
+		default:
+			panic(fmt.Sprintf("UNKNOWN Ringbuf data received len:%d raw:%v", len(raw), raw))
+		}
 	}
 
 	log.Println("Good bye")
 }
 
+func deserialize() {
+	// TODO: Use sync pool to speed up
+
+}
+
 func listenToEvents[T BpfMapper](ctx context.Context, bpfModule *bpf.Module, mapName string) <-chan T {
 	rawEventsCh := make(chan []byte)
 	rawLostCh := make(chan uint64) // TODO: Of any use this channel?
diff --git a/internal/types/types.go b/internal/types/types.go
index 2339727..336ce5a 100644
--- a/internal/types/types.go
+++ b/internal/types/types.go
@@ -1,6 +1,10 @@
 // These types mirror the C types from types.bpf.h
 package types
 
+import (
+	"fmt"
+)
+
 const (
 	MAX_FILENAME_LENGTH = 256
 	MAX_PROGNAME_LENGTH = 16
@@ -14,21 +18,37 @@ const (
 )
 
 type NullEvent struct {
+	OpID uint32
 	Tid  uint32
 	Time uint64
 }
 
+func (ev NullEvent) String() string {
+	return fmt.Sprintf("Tid:%v Time:%v", ev.Tid, ev.Time)
+}
+
 type FdEvent struct {
 	NullEvent
 	Fd int32
 }
 
+func (ev FdEvent) String() string {
+	return fmt.Sprintf("%s Fd:%v", ev.NullEvent.String(), ev.Fd)
+}
+
 type OpenatEnterEvent struct {
 	NullEvent
 	Filename [MAX_FILENAME_LENGTH]byte
 	Comm     [MAX_PROGNAME_LENGTH]byte
 }
 
+func (ev OpenatEnterEvent) String() string {
+	filename := string(ev.Filename[:])
+	comm := string(ev.Comm[:])
+
+	return fmt.Sprintf("%s Filename:%s Comm:%s", ev.NullEvent.String(), filename, comm)
+}
+
 type FlagValues struct {
 	UidFilter uint32
 }
author	Paul Buetow <paul@buetow.org>	2024-02-16 01:34:32 +0200
committer	Paul Buetow <paul@buetow.org>	2024-02-16 01:34:32 +0200
commit	a07573713571637336dd2a64a58234cdc1b83626 (patch)
tree	852ac3ea051179232c7ad8c18220128a7497af44 /internal
parent	02707dde82ed3030aa66d8155928f364cefe143d (diff)