1 files changed, 26 insertions, 76 deletions

diff --git a/internal/eventloop.go b/internal/eventloop.go
index 5fb8c5c..d22ea62 100644
--- a/internal/eventloop.go
+++ b/internal/eventloop.go
@@ -31,87 +31,37 @@ func binaryCompare(ev *OpenEnterEvent, raw []byte) {
 	fmt.Println("raw  ", raw)
 }
 
-func eventLoop(bpfModule *bpf.Module, ch <-chan []byte) {
-	enterOpen := make(map[uint32]*OpenEnterEvent)
-	enterFd := make(map[uint32]*FdEvent)
+type Event interface {
+	String() string
+	GetTid() uint32
+}
 
-	openFdMap := make(map[int32]openFile)
+func eventLoop(bpfModule *bpf.Module, ch <-chan []byte) {
+	type Event interface {
+		String() string
+	}
 
 	for raw := range ch {
-		switch SyscallId(raw[0]) {
-		case SYS_ENTER_OPENAT:
-			fallthrough
-		case SYS_ENTER_OPEN:
-			ev := NewOpenEnterEvent(raw)
-			enterOpen[ev.Tid] = ev
-
-		case SYS_EXIT_OPENAT:
-			fallthrough
-		case SYS_EXIT_OPEN:
-			ev := NewFdEvent(raw)
-			enterEv, ok := enterOpen[ev.Tid]
-			if !ok {
-				ev.Recycle()
-				continue
-			}
-			file := openFile{
-				fd:   ev.Fd,
-				path: string(enterEv.Filename[:]),
-			}
-			openFdMap[ev.Fd] = file
-			duration := ev.Time - enterEv.Time
-			fmt.Println(duration, "μs", "closed", file)
-
-			delete(enterOpen, ev.Tid)
-			ev.Recycle()
-			enterEv.Recycle()
-
-		case SYS_ENTER_CLOSE:
-			fallthrough
-		case SYS_ENTER_WRITE:
-			ev := NewFdEvent(raw)
-			if _, ok := openFdMap[ev.Fd]; !ok {
-				// File open not traced (todo: read from procfs?)
-				ev.Recycle()
-				continue
-			}
-			enterFd[ev.Tid] = ev
-
-		case SYS_EXIT_CLOSE:
-			ev := NewNullEvent(raw)
-			enterEv, ok := enterFd[ev.Tid]
-			if !ok {
-				ev.Recycle()
-				continue
-			}
-			duration := ev.Time - enterEv.Time
-			file, _ := openFdMap[enterEv.Fd]
-			fmt.Println(duration, "μs", "closed", file)
-
-			delete(openFdMap, enterEv.Fd)
-			delete(enterFd, ev.Tid)
-			ev.Recycle()
-			enterEv.Recycle()
-
-		case SYS_EXIT_WRITE:
-			ev := NewRetEvent(raw)
-			enterEv, ok := enterFd[ev.Tid]
-			if !ok {
-				ev.Recycle()
-				continue
-			}
-			duration := ev.Time - enterEv.Time
-			if file, ok := openFdMap[enterEv.Fd]; ok {
-				fmt.Println(duration, "μs", "retval", ev.Ret, file)
-			}
-
-			delete(enterFd, ev.Tid)
-			ev.Recycle()
-			enterEv.Recycle()
-
+		var ev Event
+		switch EventType(raw[0]) {
+		case ENTER_OPEN_EVENT:
+			ev = NewOpenEnterEvent(raw)
+		case EXIT_OPEN_EVENT:
+			ev = NewFdEvent(raw)
+		case ENTER_FD_EVENT:
+			ev = NewFdEvent(raw)
+		case EXIT_FD_EVENT:
+			ev = NewFdEvent(raw)
+		case ENTER_NULL_EVENT:
+			ev = NewNullEvent(raw)
+		case EXIT_NULL_EVENT:
+			ev = NewNullEvent(raw)
+		case EXIT_RET_EVENT:
+			ev = NewRetEvent(raw)
 		default:
-			panic(fmt.Sprintf("UNKNOWN Ringbuf data received len:%d raw:%v", len(raw), raw))
+			panic("Unknown event type")
 		}
+		fmt.Println(ev)
 	}
 
 	fmt.Println("Good bye")