Basically fixed info lost

As previous envisioned, the lost is caused by slow consumption. So
I make several changes:

- Delete all the mutexs, especially those in the mongodb. There seems
  to have no necessity to use thread mutex, because execve, fork
  and exit has no conflicton(really?)
- Insert all pid info into db, just ws what we do to file infos. So
  we should filter out useful info from them, but this does works
  to decrease lost infos.

Besides, the problem that recvfrom is always blocked may got solved.
When the machine is just started, it's blocked; but after i run the
C program to connect to ketlink connector and listen to it, both C
program and godo can recv infos well.

Also, left questions:

- Now i use many coroutine in 2nd and 3rd coroutines in the hope that
  there will be less time to deal info and hear the kernel again as
  quick as possible. But does it work? As we know, too much thread
  will slower the program, because too frequent switch between threads
  or processes.
- Sometimes the eventTable has bugs, when eoe is recvd, the pointer
  in it is null. It may be out of thread confliction? But it's
  unreasonable, there's only one place to delete the event, that's
  just in eoe, after it's sent. Or the eoe info is got more than once?
- For some processes, when i look into /proc to find cwd and cmeline,
  it has exited. If i go back to use audit for pid info, it will be hard
  to distinguish between thread and process. Anyway, It doesn't matter
  now, but what if?

Next step: Figure out the root fs of a docker, and its name.

3 files changed, 1 insertions, 36 deletions

diff --git a/src/deal.go b/src/deal.go
index 1dd309c..f2b7d4b 100644
--- a/src/deal.go
+++ b/src/deal.go
@@ -34,6 +34,7 @@ func deal() {
 		"pid":      containerdPid,
 		"cwd":      "/",
 		"children": []bson.M{},
+		"daemon":   true,
 	})
 	if err != nil {
 		fmt.Printf("Error while initing the mongodb: %v\n", err)
@@ -77,9 +78,6 @@ func deal() {
 }
 
 func deletePid(cooked Event) {
-	if !pidCol.GetLock() {
-		return
-	}
 	// 先从老爹那里销户
 	pidCol.UpdateOne(bson.M{"pid": cooked.ppid}, bson.M{
 		"$pull": bson.M{
@@ -100,17 +98,9 @@ func deletePid(cooked Event) {
 			"exit_signal":    cooked.exit_signal,
 		},
 	})
-	pidCol.Mutex.Unlock()
 }
 
 func dealNewPid(cooked Event) {
-	fmt.Printf("Fork\t%6d\t%6d\t%6d\t%6d\n", cooked.ppid, cooked.parentTgid, cooked.pid, cooked.tgid)
-	// 有无父进程在观察中
-	docRes, err = pidCol.Finddoc(bson.M{"pid": cooked.parentTgid})
-	if err != nil || len(docRes) != 1 {
-		return
-	}
-
 	// 自身是否已经记录
 	docRes, err = pidCol.Finddoc(bson.M{"pid": cooked.pid})
 	if err != nil {
@@ -118,9 +108,6 @@ func dealNewPid(cooked Event) {
 		return
 	}
 
-	if !pidCol.GetLock() {
-		return
-	}
 	if len(docRes) != 0 {
 		// 进程原本就存在，换言之别的消息先到了
 		// 所有先行抵达的消息必须保留execve/children字段
@@ -157,7 +144,6 @@ func dealNewPid(cooked Event) {
 			"children": cooked.pid,
 		},
 	})
-	pidCol.Mutex.Unlock()
 }
 
 func dealExecve(cooked Event) {
@@ -173,9 +159,6 @@ func dealExecve(cooked Event) {
 		return
 	}
 
-	if !pidCol.GetLock() {
-		return
-	}
 	if len(docRes) == 1 {
 		// 自身已在，直接记录
 		pidCol.UpdateOne(bson.M{"pid": cooked.pid}, bson.M{
@@ -200,7 +183,6 @@ func dealExecve(cooked Event) {
 			},
 		})
 	}
-	pidCol.Mutex.Unlock()
 }
 
 func fileOpen(cooked Event) {
diff --git a/src/mongo.go b/src/mongo.go
index 764f877..1d9f74f 100644
--- a/src/mongo.go
+++ b/src/mongo.go
@@ -2,8 +2,6 @@ package main
 
 import (
 	"context"
-	"fmt"
-	"sync"
 	"time"
 
 	"go.mongodb.org/mongo-driver/bson"
@@ -15,8 +13,6 @@ type mongoClient struct {
 	dbName, colName string
 	client          *mongo.Client
 	col             *mongo.Collection
-	Mutex           sync.Mutex
-	// Attention: 这把锁是否有必要？
 }
 
 func (mc *mongoClient) init(dbName, colName string) error {
@@ -100,15 +96,3 @@ func (mc *mongoClient) Disconnect() error {
 	mc.colName = ""
 	return nil
 }
-
-func (mc *mongoClient) GetLock() bool {
-	for i := 0; i < 200000; {
-		if !mc.Mutex.TryLock() {
-			i++
-		} else {
-			return true
-		}
-	}
-	fmt.Printf("Die...\n")
-	return false
-}
diff --git a/src/organize.go b/src/organize.go
index 5268a90..12119ad 100644
--- a/src/organize.go
+++ b/src/organize.go
@@ -47,7 +47,6 @@ func orgnaze() {
 			break
 		}
 		rawEvent = raw.(libaudit.RawAuditMessage)
-		fmt.Printf("type=%v msg=%s\n", rawEvent.Type, rawEvent.Data)
 
 		switch rawEvent.Type {
 		case auparse.AUDIT_SYSCALL: