From 23a5ca9d0782e658188fd568fc3d3aa2b828bc45 Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Sun, 11 Feb 2024 22:35:06 +0200 Subject: move go cmd to cmd/ioriotng --- clean.sh | 3 + cmd/ioriotng/main.go | 163 +++++++++++++++++++++++++++++++++++++++++++++++++++ internal/opids.go | 5 ++ main.go | 163 --------------------------------------------------- opids.go | 5 -- 5 files changed, 171 insertions(+), 168 deletions(-) create mode 100644 cmd/ioriotng/main.go create mode 100644 internal/opids.go delete mode 100644 main.go delete mode 100644 opids.go diff --git a/clean.sh b/clean.sh index 0c7aeb8..f7863db 100755 --- a/clean.sh +++ b/clean.sh @@ -4,3 +4,6 @@ set -xeuf -o pipefail find . -name ioriotng -exec rm -v {} \; find . -name \*.o -exec rm -v {} \; +if [ -f internal/vmlinux.h ]; then + rm -v internal/vmlinux.h +fi diff --git a/cmd/ioriotng/main.go b/cmd/ioriotng/main.go new file mode 100644 index 0000000..54b3c85 --- /dev/null +++ b/cmd/ioriotng/main.go @@ -0,0 +1,163 @@ +package main + +import "C" + +import ( + "bytes" + "context" + "encoding/binary" + "fmt" + "log" + "runtime" + "sync" + + "ioriotng/internal/debugfs" + "ioriotng/internal/tracepoints" + + bpf "github.com/aquasecurity/libbpfgo" +) + +type BpfMapper interface { + String() string +} + +type openEvent struct { + FD int32 + OpID int32 + TID uint32 + EnterTime int64 + ExitTime int64 + Filename [256]byte + Comm [16]byte +} + +func (e openEvent) String() string { + filename := e.Filename[:] + comm := e.Comm[:] + return fmt.Sprintf("opId:%d tid:%v fd:%v filename:%s, comm:%s", + e.OpID, e.TID, e.FD, string(filename), string(comm)) +} + +type fdEvent struct { + FD int32 + OpID int32 + TID uint32 + EnterTime int64 + ExitTime int64 +} + +func (e fdEvent) String() string { + return fmt.Sprintf("opId:%d tid:%v fd:%v", e.OpID, e.TID, e.FD) +} + +func resizeMap(module *bpf.Module, name string, size uint32) error { + m, err := module.GetMap("open_event_map") + if err != nil { + return err + } + + if err = m.SetMaxEntries(size); err != nil { + return err + } + + if actual := m.MaxEntries(); actual != size { + return fmt.Errorf("map resize failed, expected %v, actual %v", size, actual) + } + + return nil +} + +func main() { + // To consider for implementation! + log.Println(debugfs.TracepointsWithFd()) + + bpfModule, err := bpf.NewModuleFromFile("main.bpf.o") + if err != nil { + log.Fatal(err) + } + defer bpfModule.Close() + + if err = resizeMap(bpfModule, "open_event_map", 8192); err != nil { + log.Fatal(err) + } + if err = resizeMap(bpfModule, "fd_event_map", 8192); err != nil { + log.Fatal(err) + } + + err = bpfModule.BPFLoadObject() + if err != nil { + log.Fatal(err) + } + + if err := tracepoints.AttachSyscalls(bpfModule); err != nil { + log.Fatal(err) + } + + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + var wg sync.WaitGroup + wg.Add(2) + + go func() { + defer wg.Done() + for ev := range listenToEvents[fdEvent](ctx, bpfModule, "fd_event_map") { + log.Println(ev) + } + }() + go func() { + defer wg.Done() + for ev := range listenToEvents[openEvent](ctx, bpfModule, "open_event_map") { + log.Println(ev) + } + }() + + wg.Wait() + log.Println("Good bye") +} + +func listenToEvents[T BpfMapper](ctx context.Context, bpfModule *bpf.Module, mapName string) <-chan T { + rawEventsCh := make(chan []byte) + rawLostCh := make(chan uint64) // TODO: Of any use this channel? + eventsCh := make(chan T) + + pb, err := bpfModule.InitPerfBuf(mapName, rawEventsCh, rawLostCh, 4096) + if err != nil { + log.Fatal(err) + } + + go func() { + defer func() { + pb.Stop() + pb.Close() + close(eventsCh) + }() + pb.Poll(300) + for { + select { + case <-ctx.Done(): + return + case lost := <-rawLostCh: + log.Println("Lost", lost, mapName, "events. Consider increasing ring buffer!") + case rawEv := <-rawEventsCh: + var ev T + if err := binary.Read(bytes.NewReader(rawEv), binary.LittleEndian, &ev); err != nil { + log.Fatal(err) + } + eventsCh <- ev + } + } + }() + + return eventsCh +} + +func ksymArch() string { + switch runtime.GOARCH { + case "amd64": + return "x64" + case "arm64": + return "arm64" + default: + panic("unsupported architecture") + } +} diff --git a/internal/opids.go b/internal/opids.go new file mode 100644 index 0000000..eda15fd --- /dev/null +++ b/internal/opids.go @@ -0,0 +1,5 @@ +package main + +const OPEN = 1 +const OPEN_AT = 2 +const CLOSE = 3 diff --git a/main.go b/main.go deleted file mode 100644 index 54b3c85..0000000 --- a/main.go +++ /dev/null @@ -1,163 +0,0 @@ -package main - -import "C" - -import ( - "bytes" - "context" - "encoding/binary" - "fmt" - "log" - "runtime" - "sync" - - "ioriotng/internal/debugfs" - "ioriotng/internal/tracepoints" - - bpf "github.com/aquasecurity/libbpfgo" -) - -type BpfMapper interface { - String() string -} - -type openEvent struct { - FD int32 - OpID int32 - TID uint32 - EnterTime int64 - ExitTime int64 - Filename [256]byte - Comm [16]byte -} - -func (e openEvent) String() string { - filename := e.Filename[:] - comm := e.Comm[:] - return fmt.Sprintf("opId:%d tid:%v fd:%v filename:%s, comm:%s", - e.OpID, e.TID, e.FD, string(filename), string(comm)) -} - -type fdEvent struct { - FD int32 - OpID int32 - TID uint32 - EnterTime int64 - ExitTime int64 -} - -func (e fdEvent) String() string { - return fmt.Sprintf("opId:%d tid:%v fd:%v", e.OpID, e.TID, e.FD) -} - -func resizeMap(module *bpf.Module, name string, size uint32) error { - m, err := module.GetMap("open_event_map") - if err != nil { - return err - } - - if err = m.SetMaxEntries(size); err != nil { - return err - } - - if actual := m.MaxEntries(); actual != size { - return fmt.Errorf("map resize failed, expected %v, actual %v", size, actual) - } - - return nil -} - -func main() { - // To consider for implementation! - log.Println(debugfs.TracepointsWithFd()) - - bpfModule, err := bpf.NewModuleFromFile("main.bpf.o") - if err != nil { - log.Fatal(err) - } - defer bpfModule.Close() - - if err = resizeMap(bpfModule, "open_event_map", 8192); err != nil { - log.Fatal(err) - } - if err = resizeMap(bpfModule, "fd_event_map", 8192); err != nil { - log.Fatal(err) - } - - err = bpfModule.BPFLoadObject() - if err != nil { - log.Fatal(err) - } - - if err := tracepoints.AttachSyscalls(bpfModule); err != nil { - log.Fatal(err) - } - - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - var wg sync.WaitGroup - wg.Add(2) - - go func() { - defer wg.Done() - for ev := range listenToEvents[fdEvent](ctx, bpfModule, "fd_event_map") { - log.Println(ev) - } - }() - go func() { - defer wg.Done() - for ev := range listenToEvents[openEvent](ctx, bpfModule, "open_event_map") { - log.Println(ev) - } - }() - - wg.Wait() - log.Println("Good bye") -} - -func listenToEvents[T BpfMapper](ctx context.Context, bpfModule *bpf.Module, mapName string) <-chan T { - rawEventsCh := make(chan []byte) - rawLostCh := make(chan uint64) // TODO: Of any use this channel? - eventsCh := make(chan T) - - pb, err := bpfModule.InitPerfBuf(mapName, rawEventsCh, rawLostCh, 4096) - if err != nil { - log.Fatal(err) - } - - go func() { - defer func() { - pb.Stop() - pb.Close() - close(eventsCh) - }() - pb.Poll(300) - for { - select { - case <-ctx.Done(): - return - case lost := <-rawLostCh: - log.Println("Lost", lost, mapName, "events. Consider increasing ring buffer!") - case rawEv := <-rawEventsCh: - var ev T - if err := binary.Read(bytes.NewReader(rawEv), binary.LittleEndian, &ev); err != nil { - log.Fatal(err) - } - eventsCh <- ev - } - } - }() - - return eventsCh -} - -func ksymArch() string { - switch runtime.GOARCH { - case "amd64": - return "x64" - case "arm64": - return "arm64" - default: - panic("unsupported architecture") - } -} diff --git a/opids.go b/opids.go deleted file mode 100644 index eda15fd..0000000 --- a/opids.go +++ /dev/null @@ -1,5 +0,0 @@ -package main - -const OPEN = 1 -const OPEN_AT = 2 -const CLOSE = 3 -- cgit v1.2.3