From 5818548de594c17e4b6f5cfc3cf25ae0702e2e3d Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Fri, 16 Feb 2024 00:39:50 +0200 Subject: update Go types --- internal/ioriotng.go | 21 --------------------- internal/types/types.go | 48 ++++++++++++++++++++++++------------------------ 2 files changed, 24 insertions(+), 45 deletions(-) (limited to 'internal') diff --git a/internal/ioriotng.go b/internal/ioriotng.go index f368c09..0cf97b0 100644 --- a/internal/ioriotng.go +++ b/internal/ioriotng.go @@ -63,27 +63,6 @@ func Run(flags flags.Flags) { log.Println("Ringbuf data received", len(b), b) } - /* - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - var wg sync.WaitGroup - wg.Add(2) - - go func() { - defer wg.Done() - for ev := range listenToEvents[types.FdEvent](ctx, bpfModule, "fd_event_map") { - fmt.Println(ev) - } - }() - go func() { - defer wg.Done() - for ev := range listenToEvents[types.OpenEvent](ctx, bpfModule, "open_event_map") { - fmt.Println(ev) - } - }() - - wg.Wait() - */ log.Println("Good bye") } diff --git a/internal/types/types.go b/internal/types/types.go index c4ea2ad..473339f 100644 --- a/internal/types/types.go +++ b/internal/types/types.go @@ -1,34 +1,34 @@ +// These types mirror the C types from types.bpf.h package types -import "fmt" +const ( + MAX_FILENAME_LENGTH = 256 + MAX_PROGNAME_LENGTH = 16 +) -type OpenEvent struct { - FD int32 - TID uint32 - EnterTime uint64 - ExitTime uint64 - Filename [256]byte // TODO, use same value as in ioriot.bpf.h - Comm [16]byte -} +const ( + OPENAT_ENTER_OP_ID = iota + 1 + OPENAT_EXIT_OP_ID + CLOSE_ENTER_OP_ID + CLOSE_EXIT_OP_ID +) -func (e OpenEvent) String() string { - filename := e.Filename[:] - comm := e.Comm[:] - duration := float64(e.ExitTime-e.EnterTime) / float64(1_000_000) - return fmt.Sprintf("time:(%v=(%v-%v)/1mio) tid:%d fd:%d filename:%s, comm:%s", - duration, e.EnterTime, e.ExitTime, e.TID, e.FD, string(filename), string(comm)) +type NullEvent struct { + Tid uint32 + Time uint64 } type FdEvent struct { - FD int32 - OpID int32 - TID uint32 - EnterTime uint64 - ExitTime uint64 + NullEvent + Fd int32 } -func (e FdEvent) String() string { - duration := float64(e.ExitTime-e.EnterTime) / float64(1_000_000) - return fmt.Sprintf("time:(%vms=(%v-%v)/1mio) opId:%d tid:%v fd:%v", - duration, e.EnterTime, e.ExitTime, e.OpID, e.TID, e.FD) +type OpenatEnterEvent struct { + NullEvent + Filename [MAX_FILENAME_LENGTH]byte + Comm [MAX_PROGNAME_LENGTH]byte } + +// TODO: Move Flags type struct to here, too + +// duration := float64(e.ExitTime-e.EnterTime) / float64(1_000_000) -- cgit v1.2.3