diff options
author | We-unite <3205135446@qq.com> | 2024-08-14 17:28:28 +0800 |
---|---|---|
committer | We-unite <3205135446@qq.com> | 2024-08-14 17:28:28 +0800 |
commit | 61809e72c524294cb07535d0e31c80a283495f80 (patch) | |
tree | f3f8c6b4584d9071b58e8866b747399b3797c22c /filter/global.go | |
parent | dfdb18f83f7a957f99196369d97827d6209eeb9a (diff) | |
download | godo-61809e72c524294cb07535d0e31c80a283495f80.tar.gz godo-61809e72c524294cb07535d0e31c80a283495f80.zip |
Filter mainly finished, fix sth in lintener
This commit I make some changes:
- The filter got mainly finished.
- Build a big node by the same tgid, and use the tgid node to
build th tree we need by bfs.
- Filt relative files, and for the files not closed, add close
time stamp according to the exit time of their pids.
- Put all the results into database.
Besides, I enlarge the buffer size of netlink connector and channels
in lintener.
TODO:
- the pivot_root syscall is used only by the initial shell(`docker
start` makes a shell), other processes of shell change their root
by changing namespace(mnt ns?), using setns syscall. So fix it.
- It's time to fix the netlink connector socket.
Diffstat (limited to '')
-rw-r--r-- | filter/global.go | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/filter/global.go b/filter/global.go index 45706d4..37af52b 100644 --- a/filter/global.go +++ b/filter/global.go | |||
@@ -28,9 +28,16 @@ type Process struct { | |||
28 | ExitTimestamp time.Time `bson:"exit_timestamp"` | 28 | ExitTimestamp time.Time `bson:"exit_timestamp"` |
29 | } | 29 | } |
30 | 30 | ||
31 | type tgidNode struct { | ||
32 | Tgid int `bson:"tgid"` | ||
33 | FindPid map[int]int `bson:"findPid"` | ||
34 | Threads []Process `bson:"threads"` | ||
35 | ChildTgid []int `bson:"child_tgid"` | ||
36 | } | ||
37 | |||
31 | func (p Process) String() string { | 38 | func (p Process) String() string { |
32 | var res string | 39 | var res string |
33 | res = "" | 40 | res = "---------------------\n" |
34 | res += fmt.Sprintf("timestamp\t%v\n", p.StartTimestamp) | 41 | res += fmt.Sprintf("timestamp\t%v\n", p.StartTimestamp) |
35 | res += fmt.Sprintf("ppid\t%d\nparentTgid\t%d\n", p.Ppid, p.ParentTgid) | 42 | res += fmt.Sprintf("ppid\t%d\nparentTgid\t%d\n", p.Ppid, p.ParentTgid) |
36 | res += fmt.Sprintf("pid\t%d\ntgid\t%d\nargs: ", p.Pid, p.Tgid) | 43 | res += fmt.Sprintf("pid\t%d\ntgid\t%d\nargs: ", p.Pid, p.Tgid) |
@@ -53,9 +60,20 @@ func (p Process) String() string { | |||
53 | res += fmt.Sprintf("%d ", p.Children[i]) | 60 | res += fmt.Sprintf("%d ", p.Children[i]) |
54 | } | 61 | } |
55 | res += fmt.Sprintf("\n") | 62 | res += fmt.Sprintf("\n") |
63 | res += fmt.Sprintf("exit_timestamp:\t%v\nexit_code:\t%d\nexit_signal:\t%d\n", p.ExitTimestamp, p.ExitCode, p.ExitSignal) | ||
56 | return res | 64 | return res |
57 | } | 65 | } |
58 | 66 | ||
67 | type File struct { | ||
68 | OpenTimestamp time.Time `bson:"timestamp"` | ||
69 | FileName string `bson:"fileName"` | ||
70 | Pid int `bson:"pid"` | ||
71 | Fd int `bson:"fd"` | ||
72 | Flags [4]uint64 `bson:"flags"` | ||
73 | Written []time.Time `bson:"written"` | ||
74 | CloseTimestamp time.Time `bson:"close_timestamp"` | ||
75 | } | ||
76 | |||
59 | // Queue 定义一个队列结构体 | 77 | // Queue 定义一个队列结构体 |
60 | type Queue struct { | 78 | type Queue struct { |
61 | items []interface{} | 79 | items []interface{} |