From 5512e4441ba93d1a8d55faf56d66eaf9986551f1 Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Thu, 29 Feb 2024 21:20:52 +0200 Subject: nicer output --- internal/event.go | 8 ++++++++ internal/eventloop.go | 22 ++++++---------------- internal/generated/nqc.raku | 4 ++++ internal/generated/types/types.go | 16 ++++++++++++++++ 4 files changed, 34 insertions(+), 16 deletions(-) (limited to 'internal') diff --git a/internal/event.go b/internal/event.go index 7de9307..e05a048 100644 --- a/internal/event.go +++ b/internal/event.go @@ -12,11 +12,13 @@ type event interface { GetPid() uint32 GetTid() uint32 GetTime() uint32 + GetRet() (int64, bool) Recycle() } type enterExitEvent struct { enterEv, exitEv event + filePath string } func (e enterExitEvent) String() string { @@ -25,9 +27,15 @@ func (e enterExitEvent) String() string { duration := e.exitEv.GetTime() - e.enterEv.GetTime() sb.WriteString(fmt.Sprintf("%08d µs", duration)) + sb.WriteString(fmt.Sprintf(" %v.%v", e.enterEv.GetPid(), e.enterEv.GetTid())) + sb.WriteString(" ") sb.WriteString(e.enterEv.GetSyscallId().Name()) + if ret, ok := e.exitEv.GetRet(); ok { + sb.WriteString(fmt.Sprintf(" => %v", ret)) + } + return sb.String() } diff --git a/internal/eventloop.go b/internal/eventloop.go index 765345d..6163ebf 100644 --- a/internal/eventloop.go +++ b/internal/eventloop.go @@ -10,13 +10,12 @@ import ( bpf "github.com/aquasecurity/libbpfgo" ) -type openFile struct { - fd int32 - path string -} - -func (o openFile) String() string { - return fmt.Sprintf("(%d) %s", o.fd, o.path) +func eventLoop(bpfModule *bpf.Module, rawCh <-chan []byte) { + for ev := range events(rawCh) { + fmt.Println(ev) + ev.recycle() + } + fmt.Println("Good bye") } func events(rawCh <-chan []byte) <-chan enterExitEvent { @@ -64,12 +63,3 @@ func events(rawCh <-chan []byte) <-chan enterExitEvent { return evCh } - -func eventLoop(bpfModule *bpf.Module, rawCh <-chan []byte) { - for ev := range events(rawCh) { - fmt.Println(ev.dump()) - ev.recycle() - } - - fmt.Println("Good bye") -} diff --git a/internal/generated/nqc.raku b/internal/generated/nqc.raku index f53f34e..536e893 100644 --- a/internal/generated/nqc.raku +++ b/internal/generated/nqc.raku @@ -122,6 +122,10 @@ class NQCToGoActions { func ($self-ref *{$.made}) GetTime() uint32 \{ return $self-ref.Time \} + + func ($self-ref *{$.made}) GetRet() (int64, bool) \{ + return {$.made eq 'RetEvent' ?? "$self-ref.Ret, true" !! '0, false' } + \} END } diff --git a/internal/generated/types/types.go b/internal/generated/types/types.go index 6f520e5..85350ca 100644 --- a/internal/generated/types/types.go +++ b/internal/generated/types/types.go @@ -294,6 +294,10 @@ func (o *OpenEnterEvent) GetTime() uint32 { return o.Time } +func (o *OpenEnterEvent) GetRet() (int64, bool) { + return 0, false +} + var poolOfOpenEnterEvents = sync.Pool{ New: func() interface{} { return &OpenEnterEvent{} }, } @@ -343,6 +347,10 @@ func (n *NullEvent) GetTime() uint32 { return n.Time } +func (n *NullEvent) GetRet() (int64, bool) { + return 0, false +} + var poolOfNullEvents = sync.Pool{ New: func() interface{} { return &NullEvent{} }, } @@ -393,6 +401,10 @@ func (f *FdEvent) GetTime() uint32 { return f.Time } +func (f *FdEvent) GetRet() (int64, bool) { + return 0, false +} + var poolOfFdEvents = sync.Pool{ New: func() interface{} { return &FdEvent{} }, } @@ -443,6 +455,10 @@ func (r *RetEvent) GetTime() uint32 { return r.Time } +func (r *RetEvent) GetRet() (int64, bool) { + return r.Ret, true +} + var poolOfRetEvents = sync.Pool{ New: func() interface{} { return &RetEvent{} }, } -- cgit v1.2.3