4 files changed, 25 insertions, 38 deletions

diff --git a/internal/ioriotng.go b/internal/ioriotng.go
index b189590..890ac73 100644
--- a/internal/ioriotng.go
+++ b/internal/ioriotng.go
@@ -78,13 +78,13 @@ func Run(flags flags.Flags) {
 	go func() {
 		defer wg.Done()
 		for ev := range listenToEvents[types.FdEvent](ctx, bpfModule, "fd_event_map") {
-			log.Println(ev)
+			fmt.Println(ev)
 		}
 	}()
 	go func() {
 		defer wg.Done()
 		for ev := range listenToEvents[types.OpenEvent](ctx, bpfModule, "open_event_map") {
-			log.Println(ev)
+			fmt.Println(ev)
 		}
 	}()
 
diff --git a/internal/types/types.go b/internal/types/types.go
index 890891b..c9e2101 100644
--- a/internal/types/types.go
+++ b/internal/types/types.go
@@ -3,21 +3,16 @@ package types
 import "fmt"
 
 type OpenEvent struct {
-	FD        int32
-	OpID      int32
-	TID       uint32
-	EnterTime uint64
-	ExitTime  uint64
-	Filename  [256]byte // TODO, use same value as in ioriot.bpf.h
-	Comm      [16]byte
+	FD       int32
+	TID      uint32
+	Filename [256]byte // TODO, use same value as in ioriot.bpf.h
+	Comm     [16]byte
 }
 
 func (e OpenEvent) String() string {
 	filename := e.Filename[:]
 	comm := e.Comm[:]
-	duration := (e.ExitTime - e.EnterTime) / 1000000000000.0
-	return fmt.Sprintf("%vms opId:%d tid:%d fd:%d filename:%s, comm:%s",
-		duration, e.OpID, e.TID, e.FD, string(filename), string(comm))
+	return fmt.Sprintf("tid:%d fd:%d filename:%s, comm:%s", e.TID, e.FD, string(filename), string(comm))
 }
 
 type FdEvent struct {
diff --git a/ioriotng.bpf.c b/ioriotng.bpf.c
index 3eb2e93..ebb8458 100644
--- a/ioriotng.bpf.c
+++ b/ioriotng.bpf.c
@@ -17,14 +17,13 @@ int handle_enter_open(struct trace_event_raw_sys_enter *ctx) {
         return 0;
 
     u32 tid = bpf_get_current_pid_tgid();
-    struct open_event event = {};
-    event.op_id = OPEN;
-    event.enter_time = bpf_ktime_get_ns();
 
-    bpf_probe_read_user_str(event.filename, sizeof(event.filename), (void *)ctx->args[0]);
-    bpf_get_current_comm(&event.comm, sizeof(event.comm));
-    event.tid = tid;
-    bpf_map_update_elem(&open_event_temp_map, &tid, &event, BPF_ANY);
+    struct open_event open_event = {};
+    open_event.tid = tid;
+    bpf_probe_read_user_str(open_event.filename, sizeof(open_event.filename), (void *)ctx->args[0]);
+    bpf_get_current_comm(&open_event.comm, sizeof(open_event.comm));
+
+    bpf_map_update_elem(&open_event_temp_map, &tid, &open_event, BPF_ANY);
 
     return 0;
 }
@@ -35,13 +34,12 @@ int handle_exit_open(struct trace_event_raw_sys_exit *ctx) {
         return 0;
 
     u32 tid = bpf_get_current_pid_tgid();
-    struct open_event *eventp = bpf_map_lookup_elem(&open_event_temp_map, &tid);
-    if (!eventp) {
+    struct open_event *open_eventp = bpf_map_lookup_elem(&open_event_temp_map, &tid);
+    if (!open_eventp) {
         return 0;
     }
-    eventp->fd = ctx->ret;
-    eventp->exit_time = bpf_ktime_get_ns();
-    bpf_perf_event_output(ctx, &open_event_map, BPF_F_CURRENT_CPU, eventp, sizeof(struct open_event));
+    open_eventp->fd = ctx->ret;
+    bpf_perf_event_output(ctx, &open_event_map, BPF_F_CURRENT_CPU, open_eventp, sizeof(struct open_event));
     bpf_map_delete_elem(&open_event_temp_map, &tid);
 
     return 0;
@@ -54,14 +52,12 @@ int handle_enter_openat(struct trace_event_raw_sys_enter *ctx) {
 
     u32 tid = bpf_get_current_pid_tgid();
 
-    struct open_event event = {};
-    event.op_id = OPEN_AT;
-    event.enter_time = bpf_ktime_get_ns();
-    event.tid = tid;
+    struct open_event open_event = {};
+    open_event.tid = tid;
 
-    bpf_probe_read_user_str(event.filename, sizeof(event.filename), (void *)ctx->args[1]);
-    bpf_get_current_comm(&event.comm, sizeof(event.comm));
-    bpf_map_update_elem(&open_event_temp_map, &tid, &event, BPF_ANY);
+    bpf_probe_read_user_str(open_event.filename, sizeof(open_event.filename), (void *)ctx->args[1]);
+    bpf_get_current_comm(&open_event.comm, sizeof(open_event.comm));
+    bpf_map_update_elem(&open_event_temp_map, &tid, &open_event, BPF_ANY);
 
     return 0;
 }
@@ -99,13 +95,12 @@ int handle_exit_close(struct trace_event_raw_sys_enter *ctx) {
 
     u32 tid = bpf_get_current_pid_tgid();
 
-    struct open_event *eventp = bpf_map_lookup_elem(&fd_event_temp_map, &tid);
-    if (!eventp) {
+    struct open_event *open_eventp = bpf_map_lookup_elem(&fd_event_temp_map, &tid);
+    if (!open_eventp) {
         return 0;
     }
-    eventp->exit_time = bpf_ktime_get_ns();
 
-    bpf_perf_event_output(ctx, &fd_event_map, BPF_F_CURRENT_CPU, eventp, sizeof(struct fd_event));
+    bpf_perf_event_output(ctx, &fd_event_map, BPF_F_CURRENT_CPU, open_eventp, sizeof(struct fd_event));
     bpf_map_delete_elem(&fd_event_temp_map, &tid);
 
     return 0;
diff --git a/maps.bpf.h b/maps.bpf.h
index d725a1c..d402428 100644
--- a/maps.bpf.h
+++ b/maps.bpf.h
@@ -17,10 +17,7 @@ struct {
 
 struct open_event {
     __s32 fd;
-    __s32 op_id;
     __u32 tid;
-    __u64 enter_time;
-    __u64 exit_time;
     char filename[MAX_FILENAME_LENGTH];
     char comm[MAX_PROGNAME_LENGTH];
 };