diff options
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/event.go | 8 | ||||
| -rw-r--r-- | internal/eventloop.go | 22 | ||||
| -rw-r--r-- | internal/generated/nqc.raku | 4 | ||||
| -rw-r--r-- | internal/generated/types/types.go | 16 |
4 files changed, 34 insertions, 16 deletions
diff --git a/internal/event.go b/internal/event.go index 7de9307..e05a048 100644 --- a/internal/event.go +++ b/internal/event.go @@ -12,11 +12,13 @@ type event interface { GetPid() uint32 GetTid() uint32 GetTime() uint32 + GetRet() (int64, bool) Recycle() } type enterExitEvent struct { enterEv, exitEv event + filePath string } func (e enterExitEvent) String() string { @@ -25,9 +27,15 @@ func (e enterExitEvent) String() string { duration := e.exitEv.GetTime() - e.enterEv.GetTime() sb.WriteString(fmt.Sprintf("%08d µs", duration)) + sb.WriteString(fmt.Sprintf(" %v.%v", e.enterEv.GetPid(), e.enterEv.GetTid())) + sb.WriteString(" ") sb.WriteString(e.enterEv.GetSyscallId().Name()) + if ret, ok := e.exitEv.GetRet(); ok { + sb.WriteString(fmt.Sprintf(" => %v", ret)) + } + return sb.String() } diff --git a/internal/eventloop.go b/internal/eventloop.go index 765345d..6163ebf 100644 --- a/internal/eventloop.go +++ b/internal/eventloop.go @@ -10,13 +10,12 @@ import ( bpf "github.com/aquasecurity/libbpfgo" ) -type openFile struct { - fd int32 - path string -} - -func (o openFile) String() string { - return fmt.Sprintf("(%d) %s", o.fd, o.path) +func eventLoop(bpfModule *bpf.Module, rawCh <-chan []byte) { + for ev := range events(rawCh) { + fmt.Println(ev) + ev.recycle() + } + fmt.Println("Good bye") } func events(rawCh <-chan []byte) <-chan enterExitEvent { @@ -64,12 +63,3 @@ func events(rawCh <-chan []byte) <-chan enterExitEvent { return evCh } - -func eventLoop(bpfModule *bpf.Module, rawCh <-chan []byte) { - for ev := range events(rawCh) { - fmt.Println(ev.dump()) - ev.recycle() - } - - fmt.Println("Good bye") -} diff --git a/internal/generated/nqc.raku b/internal/generated/nqc.raku index f53f34e..536e893 100644 --- a/internal/generated/nqc.raku +++ b/internal/generated/nqc.raku @@ -122,6 +122,10 @@ class NQCToGoActions { func ($self-ref *{$<identifier>.made}) GetTime() uint32 \{ return $self-ref.Time \} + + func ($self-ref *{$<identifier>.made}) GetRet() (int64, bool) \{ + return {$<identifier>.made eq 'RetEvent' ?? "$self-ref.Ret, true" !! '0, false' } + \} END } diff --git a/internal/generated/types/types.go b/internal/generated/types/types.go index 6f520e5..85350ca 100644 --- a/internal/generated/types/types.go +++ b/internal/generated/types/types.go @@ -294,6 +294,10 @@ func (o *OpenEnterEvent) GetTime() uint32 { return o.Time } +func (o *OpenEnterEvent) GetRet() (int64, bool) { + return 0, false +} + var poolOfOpenEnterEvents = sync.Pool{ New: func() interface{} { return &OpenEnterEvent{} }, } @@ -343,6 +347,10 @@ func (n *NullEvent) GetTime() uint32 { return n.Time } +func (n *NullEvent) GetRet() (int64, bool) { + return 0, false +} + var poolOfNullEvents = sync.Pool{ New: func() interface{} { return &NullEvent{} }, } @@ -393,6 +401,10 @@ func (f *FdEvent) GetTime() uint32 { return f.Time } +func (f *FdEvent) GetRet() (int64, bool) { + return 0, false +} + var poolOfFdEvents = sync.Pool{ New: func() interface{} { return &FdEvent{} }, } @@ -443,6 +455,10 @@ func (r *RetEvent) GetTime() uint32 { return r.Time } +func (r *RetEvent) GetRet() (int64, bool) { + return r.Ret, true +} + var poolOfRetEvents = sync.Pool{ New: func() interface{} { return &RetEvent{} }, } |