summaryrefslogtreecommitdiff
path: root/internal
diff options
context:
space:
mode:
Diffstat (limited to 'internal')
-rw-r--r--internal/event.go26
-rw-r--r--internal/eventloop.go26
-rw-r--r--internal/generated/nqc.raku4
-rw-r--r--internal/generated/types/types.go16
4 files changed, 46 insertions, 26 deletions
diff --git a/internal/event.go b/internal/event.go
index e05a048..6a867b7 100644
--- a/internal/event.go
+++ b/internal/event.go
@@ -3,6 +3,7 @@ package internal
import (
"fmt"
. "ioriotng/internal/generated/types"
+ "strconv"
"strings"
)
@@ -12,13 +13,17 @@ type event interface {
GetPid() uint32
GetTid() uint32
GetTime() uint32
- GetRet() (int64, bool)
Recycle()
}
type enterExitEvent struct {
enterEv, exitEv event
- filePath string
+ comm string
+ file file
+}
+
+func (e enterExitEvent) is(enterId, exitId SyscallId) bool {
+ return enterId == e.enterEv.GetSyscallId() && exitId == e.exitEv.GetSyscallId()
}
func (e enterExitEvent) String() string {
@@ -27,15 +32,24 @@ func (e enterExitEvent) String() string {
duration := e.exitEv.GetTime() - e.enterEv.GetTime()
sb.WriteString(fmt.Sprintf("%08d µs", duration))
- sb.WriteString(fmt.Sprintf(" %v.%v", e.enterEv.GetPid(), e.enterEv.GetTid()))
+ sb.WriteString(" ")
+ sb.WriteString(e.comm)
sb.WriteString(" ")
- sb.WriteString(e.enterEv.GetSyscallId().Name())
+ sb.WriteString(strconv.FormatInt(int64(e.enterEv.GetPid()), 10))
+ sb.WriteString(".")
+ sb.WriteString(strconv.FormatInt(int64(e.enterEv.GetTid()), 10))
- if ret, ok := e.exitEv.GetRet(); ok {
- sb.WriteString(fmt.Sprintf(" => %v", ret))
+ sb.WriteString(" ")
+ sb.WriteString(e.enterEv.GetSyscallId().Name())
+ if retEv, ok := e.exitEv.(*RetEvent); ok {
+ sb.WriteString(":")
+ sb.WriteString(strconv.FormatInt(int64(retEv.Ret), 10))
}
+ sb.WriteString(" ")
+ sb.WriteString(e.file.String())
+
return sb.String()
}
diff --git a/internal/eventloop.go b/internal/eventloop.go
index 6163ebf..37771ee 100644
--- a/internal/eventloop.go
+++ b/internal/eventloop.go
@@ -21,6 +21,7 @@ func eventLoop(bpfModule *bpf.Module, rawCh <-chan []byte) {
func events(rawCh <-chan []byte) <-chan enterExitEvent {
evCh := make(chan enterExitEvent)
enterEvs := make(map[uint32]enterExitEvent)
+ files := make(map[int32]file)
enter := func(enterEv event) {
enterEvs[enterEv.GetTid()] = enterExitEvent{
@@ -36,6 +37,31 @@ func events(rawCh <-chan []byte) <-chan enterExitEvent {
}
delete(enterEvs, exitEv.GetTid())
ev.exitEv = exitEv
+
+ if ev.is(SYS_ENTER_OPENAT, SYS_EXIT_OPENAT) || ev.is(SYS_ENTER_OPEN, SYS_EXIT_OPEN) {
+ openEnterEv := ev.enterEv.(*OpenEnterEvent)
+ fd := ev.exitEv.(*FdEvent).Fd
+ file := file{fd, string(openEnterEv.Filename[:])}
+
+ if fd >= 0 {
+ files[fd] = file
+ }
+ ev.comm = string(openEnterEv.Comm[:])
+ ev.file = file
+ return
+ }
+
+ if fdEvent, ok := ev.enterEv.(*FdEvent); ok {
+ if file_, ok := files[fdEvent.Fd]; ok {
+ ev.file = file_
+ } else {
+ ev.file = file{fdEvent.Fd, "?"}
+ }
+ if ev.is(SYS_ENTER_CLOSE, SYS_EXIT_CLOSE) {
+ delete(files, fdEvent.Fd)
+ }
+ }
+
evCh <- ev
}
diff --git a/internal/generated/nqc.raku b/internal/generated/nqc.raku
index 536e893..f53f34e 100644
--- a/internal/generated/nqc.raku
+++ b/internal/generated/nqc.raku
@@ -122,10 +122,6 @@ class NQCToGoActions {
func ($self-ref *{$<identifier>.made}) GetTime() uint32 \{
return $self-ref.Time
\}
-
- func ($self-ref *{$<identifier>.made}) GetRet() (int64, bool) \{
- return {$<identifier>.made eq 'RetEvent' ?? "$self-ref.Ret, true" !! '0, false' }
- \}
END
}
diff --git a/internal/generated/types/types.go b/internal/generated/types/types.go
index 85350ca..6f520e5 100644
--- a/internal/generated/types/types.go
+++ b/internal/generated/types/types.go
@@ -294,10 +294,6 @@ func (o *OpenEnterEvent) GetTime() uint32 {
return o.Time
}
-func (o *OpenEnterEvent) GetRet() (int64, bool) {
- return 0, false
-}
-
var poolOfOpenEnterEvents = sync.Pool{
New: func() interface{} { return &OpenEnterEvent{} },
}
@@ -347,10 +343,6 @@ func (n *NullEvent) GetTime() uint32 {
return n.Time
}
-func (n *NullEvent) GetRet() (int64, bool) {
- return 0, false
-}
-
var poolOfNullEvents = sync.Pool{
New: func() interface{} { return &NullEvent{} },
}
@@ -401,10 +393,6 @@ func (f *FdEvent) GetTime() uint32 {
return f.Time
}
-func (f *FdEvent) GetRet() (int64, bool) {
- return 0, false
-}
-
var poolOfFdEvents = sync.Pool{
New: func() interface{} { return &FdEvent{} },
}
@@ -455,10 +443,6 @@ func (r *RetEvent) GetTime() uint32 {
return r.Time
}
-func (r *RetEvent) GetRet() (int64, bool) {
- return r.Ret, true
-}
-
var poolOfRetEvents = sync.Pool{
New: func() interface{} { return &RetEvent{} },
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-16 17:05:44 +0000