summaryrefslogtreecommitdiffstats
path: root/src/deal.go
diff options
context:
space:
mode:
authorWe-unite <3205135446@qq.com>2024-08-07 19:08:59 +0800
committerWe-unite <3205135446@qq.com>2024-08-07 19:08:59 +0800
commitea32e017e579f168d87732893335c38d539ac2f1 (patch)
tree96a893ae0ffd4c5186e1c87f2fd7c60a125e970a /src/deal.go
parent2104c8ac26f320eacc3fa04d608843c3bf0fdc57 (diff)
downloadgodo-collector.tar.gz
godo-collector.zip
Print err in stderr, Find out docker rootfs.collector
When I use godo, error infomation comes along with other output, so change all err report into stderr. And I listen to `pivot_root` sys- call to find out the root file system of dockers. However, I'm afraid of causing too more delay, so don't check rootfs of ppid and record in the pid. Besides, the method to deal with pivot_root is hardcoded, which may causes crush. Shall I listen to the chdir syscall to find out exact cwd? Maybe It's useful to the pivot_root? Next step: Find out appropriate data stracture, and add more file operations to be watched. This task must be completed this week.
Diffstat (limited to 'src/deal.go')
-rw-r--r--src/deal.go51
1 files changed, 40 insertions, 11 deletions
diff --git a/src/deal.go b/src/deal.go
index f2b7d4b..e553174 100644
--- a/src/deal.go
+++ b/src/deal.go
@@ -2,6 +2,7 @@ package main
2 2
3import ( 3import (
4 "fmt" 4 "fmt"
5 "os"
5 "syscall" 6 "syscall"
6 7
7 "go.mongodb.org/mongo-driver/bson" 8 "go.mongodb.org/mongo-driver/bson"
@@ -26,7 +27,7 @@ func deal() {
26 var ok bool 27 var ok bool
27 28
28 if err = pidCol.init(dbName, pidColName); err != nil { 29 if err = pidCol.init(dbName, pidColName); err != nil {
29 fmt.Printf("Error while initing the mongodb: %v\n", err) 30 fmt.Fprintf(os.Stderr, "Error while initing the mongodb: %v\n", err)
30 return 31 return
31 } 32 }
32 err = pidCol.InsertOne(bson.M{ 33 err = pidCol.InsertOne(bson.M{
@@ -37,16 +38,16 @@ func deal() {
37 "daemon": true, 38 "daemon": true,
38 }) 39 })
39 if err != nil { 40 if err != nil {
40 fmt.Printf("Error while initing the mongodb: %v\n", err) 41 fmt.Fprintf(os.Stderr, "Error while initing the mongodb: %v\n", err)
41 return 42 return
42 } 43 }
43 44
44 if err = fdCol.init(dbName, fdColName); err != nil { 45 if err = fdCol.init(dbName, fdColName); err != nil {
45 fmt.Printf("Error while initing the mongodb: %v\n", err) 46 fmt.Fprintf(os.Stderr, "Error while initing the mongodb: %v\n", err)
46 return 47 return
47 } 48 }
48 if err = fileCol.init(dbName, fileColName); err != nil { 49 if err = fileCol.init(dbName, fileColName); err != nil {
49 fmt.Printf("Error while initing the mongodb: %v\n", err) 50 fmt.Fprintf(os.Stderr, "Error while initing the mongodb: %v\n", err)
50 } 51 }
51 52
52 fmt.Printf("Containerd: %d\n", containerdPid) 53 fmt.Printf("Containerd: %d\n", containerdPid)
@@ -73,6 +74,8 @@ func deal() {
73 go fileWrite(cooked) 74 go fileWrite(cooked)
74 case FILECLOSE: 75 case FILECLOSE:
75 go fileClose(cooked) 76 go fileClose(cooked)
77 case PIVOTROOT:
78 go pivotRoot(cooked)
76 } 79 }
77 } 80 }
78} 81}
@@ -85,9 +88,6 @@ func deletePid(cooked Event) {
85 }, 88 },
86 }) 89 })
87 90
88 // 孩子们需要收容
89 // 不必到children里一个个找,直接看ppid即可
90 // pidCol.UpdateMany(bson.M{"ppid": cooked.pid}, bson.M{"ppid": 1})
91 // 在这套逻辑里,孩子是不需要收容的,因为我们根本就不看ppid来工作 91 // 在这套逻辑里,孩子是不需要收容的,因为我们根本就不看ppid来工作
92 92
93 // 可以去死了 93 // 可以去死了
@@ -98,13 +98,15 @@ func deletePid(cooked Event) {
98 "exit_signal": cooked.exit_signal, 98 "exit_signal": cooked.exit_signal,
99 }, 99 },
100 }) 100 })
101
102 // 理论上这里需要关闭所有文件描述符,但为了处理效率,留给后续流程
101} 103}
102 104
103func dealNewPid(cooked Event) { 105func dealNewPid(cooked Event) {
104 // 自身是否已经记录 106 // 自身是否已经记录
105 docRes, err = pidCol.Finddoc(bson.M{"pid": cooked.pid}) 107 docRes, err = pidCol.Finddoc(bson.M{"pid": cooked.pid})
106 if err != nil { 108 if err != nil {
107 fmt.Printf("Err finding: %v\n", err) 109 fmt.Fprintf(os.Stderr, "Err finding: %v\n", err)
108 return 110 return
109 } 111 }
110 112
@@ -189,7 +191,7 @@ func fileOpen(cooked Event) {
189 // 权限检查过了,不必再查 191 // 权限检查过了,不必再查
190 fdCol.InsertOne(bson.M{ 192 fdCol.InsertOne(bson.M{
191 "timestamp": cooked.timestamp, 193 "timestamp": cooked.timestamp,
192 "fileName": cooked.pathName, 194 "fileName": cooked.srcPath,
193 "pid": cooked.pid, 195 "pid": cooked.pid,
194 "fd": cooked.exit_code, 196 "fd": cooked.exit_code,
195 "flags": cooked.syscallParam, 197 "flags": cooked.syscallParam,
@@ -212,7 +214,7 @@ func fileClose(cooked Event) {
212 } 214 }
213 res["close_timestamp"] = cooked.timestamp 215 res["close_timestamp"] = cooked.timestamp
214 if err := fileCol.InsertOne(res); err != nil { 216 if err := fileCol.InsertOne(res); err != nil {
215 fmt.Printf("Err inserting files: %v\n", err) 217 fmt.Fprintf(os.Stderr, "Err inserting files: %v\n", err)
216 } 218 }
217} 219}
218 220
@@ -223,7 +225,7 @@ func fileWrite(cooked Event) {
223 "close_timestamp": bson.M{"$exists": false}, 225 "close_timestamp": bson.M{"$exists": false},
224 }) 226 })
225 if err != nil { 227 if err != nil {
226 fmt.Printf("Err closing fd %d of pid %d: %v\n", cooked.syscallParam[0], cooked.pid, err) 228 fmt.Fprintf(os.Stderr, "Err closing fd %d of pid %d: %v\n", cooked.syscallParam[0], cooked.pid, err)
227 } 229 }
228 if len(res) == 0 { 230 if len(res) == 0 {
229 return 231 return
@@ -234,3 +236,30 @@ func fileWrite(cooked Event) {
234 "close_timestamp": bson.M{"$exists": false}, 236 "close_timestamp": bson.M{"$exists": false},
235 }, bson.M{"$push": bson.M{"written": cooked.timestamp}}) 237 }, bson.M{"$push": bson.M{"written": cooked.timestamp}})
236} 238}
239
240func pivotRoot(cooked Event) {
241 // docker的根目录信息,记录
242 docRes, err := pidCol.Finddoc(bson.M{"pid": cooked.pid})
243 if err != nil {
244 fmt.Fprintf(os.Stderr, "Err finding: %v\n", err)
245 return
246 }
247
248 if len(docRes) == 0 {
249 // fork还没到,等一下
250 pidCol.InsertOne(bson.M{
251 "start_timestamp": cooked.timestamp,
252 "ppid": cooked.ppid,
253 "pid": cooked.pid,
254 "rootfs": "cwd",
255 })
256 } else {
257 // 读取已有的工作目录
258 cwd := docRes[0]["cwd"]
259 pidCol.UpdateOne(bson.M{"pid": cooked.pid}, bson.M{
260 "$set": bson.M{
261 "rootfs": cwd,
262 },
263 })
264 }
265}