diff options
| author |   We-unite <3205135446@qq.com> | 2024-08-14 17:28:28 +0800 |
|---|---|---|
| committer | We-unite <3205135446@qq.com> | 2024-08-14 17:28:28 +0800 |
| commit | 61809e72c524294cb07535d0e31c80a283495f80 (patch) | |
| tree | f3f8c6b4584d9071b58e8866b747399b3797c22c /filter/global.go | |
| parent | dfdb18f83f7a957f99196369d97827d6209eeb9a (diff) | |
| download | godo-61809e72c524294cb07535d0e31c80a283495f80.tar.gz godo-61809e72c524294cb07535d0e31c80a283495f80.zip | |
Filter mainly finished, fix sth in lintener
This commit I make some changes:
- The filter got mainly finished.
- Build a big node by the same tgid, and use the tgid node to
build th tree we need by bfs.
- Filt relative files, and for the files not closed, add close
time stamp according to the exit time of their pids.
- Put all the results into database.
Besides, I enlarge the buffer size of netlink connector and channels
in lintener.
TODO:
- the pivot_root syscall is used only by the initial shell(`docker
start` makes a shell), other processes of shell change their root
by changing namespace(mnt ns?), using setns syscall. So fix it.
- It's time to fix the netlink connector socket.
Diffstat (limited to 'filter/global.go')
| -rw-r--r-- | filter/global.go | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/filter/global.go b/filter/global.go index 45706d4..37af52b 100644 --- a/filter/global.go +++ b/filter/global.go | |||
| @@ -28,9 +28,16 @@ type Process struct { | |||
| 28 | ExitTimestamp time.Time `bson:"exit_timestamp"` | 28 | ExitTimestamp time.Time `bson:"exit_timestamp"` |
| 29 | } | 29 | } |
| 30 | 30 | ||
| 31 | type tgidNode struct { | ||
| 32 | Tgid int `bson:"tgid"` | ||
| 33 | FindPid map[int]int `bson:"findPid"` | ||
| 34 | Threads []Process `bson:"threads"` | ||
| 35 | ChildTgid []int `bson:"child_tgid"` | ||
| 36 | } | ||
| 37 | |||
| 31 | func (p Process) String() string { | 38 | func (p Process) String() string { |
| 32 | var res string | 39 | var res string |
| 33 | res = "" | 40 | res = "---------------------\n" |
| 34 | res += fmt.Sprintf("timestamp\t%v\n", p.StartTimestamp) | 41 | res += fmt.Sprintf("timestamp\t%v\n", p.StartTimestamp) |
| 35 | res += fmt.Sprintf("ppid\t%d\nparentTgid\t%d\n", p.Ppid, p.ParentTgid) | 42 | res += fmt.Sprintf("ppid\t%d\nparentTgid\t%d\n", p.Ppid, p.ParentTgid) |
| 36 | res += fmt.Sprintf("pid\t%d\ntgid\t%d\nargs: ", p.Pid, p.Tgid) | 43 | res += fmt.Sprintf("pid\t%d\ntgid\t%d\nargs: ", p.Pid, p.Tgid) |
| @@ -53,9 +60,20 @@ func (p Process) String() string { | |||
| 53 | res += fmt.Sprintf("%d ", p.Children[i]) | 60 | res += fmt.Sprintf("%d ", p.Children[i]) |
| 54 | } | 61 | } |
| 55 | res += fmt.Sprintf("\n") | 62 | res += fmt.Sprintf("\n") |
| 63 | res += fmt.Sprintf("exit_timestamp:\t%v\nexit_code:\t%d\nexit_signal:\t%d\n", p.ExitTimestamp, p.ExitCode, p.ExitSignal) | ||
| 56 | return res | 64 | return res |
| 57 | } | 65 | } |
| 58 | 66 | ||
| 67 | type File struct { | ||
| 68 | OpenTimestamp time.Time `bson:"timestamp"` | ||
| 69 | FileName string `bson:"fileName"` | ||
| 70 | Pid int `bson:"pid"` | ||
| 71 | Fd int `bson:"fd"` | ||
| 72 | Flags [4]uint64 `bson:"flags"` | ||
| 73 | Written []time.Time `bson:"written"` | ||
| 74 | CloseTimestamp time.Time `bson:"close_timestamp"` | ||
| 75 | } | ||
| 76 | |||
| 59 | // Queue 定义一个队列结构体 | 77 | // Queue 定义一个队列结构体 |
| 60 | type Queue struct { | 78 | type Queue struct { |
| 61 | items []interface{} | 79 | items []interface{} |