diff options
| author |   We-unite <3205135446@qq.com> | 2024-08-06 19:45:04 +0800 |
|---|---|---|
| committer | We-unite <3205135446@qq.com> | 2024-08-06 20:02:34 +0800 |
| commit | 2104c8ac26f320eacc3fa04d608843c3bf0fdc57 (patch) | |
| tree | 79607526aab02b44ef86e311074c715b42461d69 /src/deal.go | |
| parent | f4655e64a1461c22ad7a3871375269915a743f40 (diff) | |
| download | godo-2104c8ac26f320eacc3fa04d608843c3bf0fdc57.tar.gz godo-2104c8ac26f320eacc3fa04d608843c3bf0fdc57.zip | |
Basically fixed info lost
As previous envisioned, the lost is caused by slow consumption. So
I make several changes:
- Delete all the mutexs, especially those in the mongodb. There seems
to have no necessity to use thread mutex, because execve, fork
and exit has no conflicton(really?)
- Insert all pid info into db, just ws what we do to file infos. So
we should filter out useful info from them, but this does works
to decrease lost infos.
Besides, the problem that recvfrom is always blocked may got solved.
When the machine is just started, it's blocked; but after i run the
C program to connect to ketlink connector and listen to it, both C
program and godo can recv infos well.
Also, left questions:
- Now i use many coroutine in 2nd and 3rd coroutines in the hope that
there will be less time to deal info and hear the kernel again as
quick as possible. But does it work? As we know, too much thread
will slower the program, because too frequent switch between threads
or processes.
- Sometimes the eventTable has bugs, when eoe is recvd, the pointer
in it is null. It may be out of thread confliction? But it's
unreasonable, there's only one place to delete the event, that's
just in eoe, after it's sent. Or the eoe info is got more than once?
- For some processes, when i look into /proc to find cwd and cmeline,
it has exited. If i go back to use audit for pid info, it will be hard
to distinguish between thread and process. Anyway, It doesn't matter
now, but what if?
Next step: Figure out the root fs of a docker, and its name.
Diffstat (limited to 'src/deal.go')
| -rw-r--r-- | src/deal.go | 20 |
1 files changed, 1 insertions, 19 deletions
diff --git a/src/deal.go b/src/deal.go index 1dd309c..f2b7d4b 100644 --- a/src/deal.go +++ b/src/deal.go | |||
| @@ -34,6 +34,7 @@ func deal() { | |||
| 34 | "pid": containerdPid, | 34 | "pid": containerdPid, |
| 35 | "cwd": "/", | 35 | "cwd": "/", |
| 36 | "children": []bson.M{}, | 36 | "children": []bson.M{}, |
| 37 | "daemon": true, | ||
| 37 | }) | 38 | }) |
| 38 | if err != nil { | 39 | if err != nil { |
| 39 | fmt.Printf("Error while initing the mongodb: %v\n", err) | 40 | fmt.Printf("Error while initing the mongodb: %v\n", err) |
| @@ -77,9 +78,6 @@ func deal() { | |||
| 77 | } | 78 | } |
| 78 | 79 | ||
| 79 | func deletePid(cooked Event) { | 80 | func deletePid(cooked Event) { |
| 80 | if !pidCol.GetLock() { | ||
| 81 | return | ||
| 82 | } | ||
| 83 | // 先从老爹那里销户 | 81 | // 先从老爹那里销户 |
| 84 | pidCol.UpdateOne(bson.M{"pid": cooked.ppid}, bson.M{ | 82 | pidCol.UpdateOne(bson.M{"pid": cooked.ppid}, bson.M{ |
| 85 | "$pull": bson.M{ | 83 | "$pull": bson.M{ |
| @@ -100,17 +98,9 @@ func deletePid(cooked Event) { | |||
| 100 | "exit_signal": cooked.exit_signal, | 98 | "exit_signal": cooked.exit_signal, |
| 101 | }, | 99 | }, |
| 102 | }) | 100 | }) |
| 103 | pidCol.Mutex.Unlock() | ||
| 104 | } | 101 | } |
| 105 | 102 | ||
| 106 | func dealNewPid(cooked Event) { | 103 | func dealNewPid(cooked Event) { |
| 107 | fmt.Printf("Fork\t%6d\t%6d\t%6d\t%6d\n", cooked.ppid, cooked.parentTgid, cooked.pid, cooked.tgid) | ||
| 108 | // 有无父进程在观察中 | ||
| 109 | docRes, err = pidCol.Finddoc(bson.M{"pid": cooked.parentTgid}) | ||
| 110 | if err != nil || len(docRes) != 1 { | ||
| 111 | return | ||
| 112 | } | ||
| 113 | |||
| 114 | // 自身是否已经记录 | 104 | // 自身是否已经记录 |
| 115 | docRes, err = pidCol.Finddoc(bson.M{"pid": cooked.pid}) | 105 | docRes, err = pidCol.Finddoc(bson.M{"pid": cooked.pid}) |
| 116 | if err != nil { | 106 | if err != nil { |
| @@ -118,9 +108,6 @@ func dealNewPid(cooked Event) { | |||
| 118 | return | 108 | return |
| 119 | } | 109 | } |
| 120 | 110 | ||
| 121 | if !pidCol.GetLock() { | ||
| 122 | return | ||
| 123 | } | ||
| 124 | if len(docRes) != 0 { | 111 | if len(docRes) != 0 { |
| 125 | // 进程原本就存在,换言之别的消息先到了 | 112 | // 进程原本就存在,换言之别的消息先到了 |
| 126 | // 所有先行抵达的消息必须保留execve/children字段 | 113 | // 所有先行抵达的消息必须保留execve/children字段 |
| @@ -157,7 +144,6 @@ func dealNewPid(cooked Event) { | |||
| 157 | "children": cooked.pid, | 144 | "children": cooked.pid, |
| 158 | }, | 145 | }, |
| 159 | }) | 146 | }) |
| 160 | pidCol.Mutex.Unlock() | ||
| 161 | } | 147 | } |
| 162 | 148 | ||
| 163 | func dealExecve(cooked Event) { | 149 | func dealExecve(cooked Event) { |
| @@ -173,9 +159,6 @@ func dealExecve(cooked Event) { | |||
| 173 | return | 159 | return |
| 174 | } | 160 | } |
| 175 | 161 | ||
| 176 | if !pidCol.GetLock() { | ||
| 177 | return | ||
| 178 | } | ||
| 179 | if len(docRes) == 1 { | 162 | if len(docRes) == 1 { |
| 180 | // 自身已在,直接记录 | 163 | // 自身已在,直接记录 |
| 181 | pidCol.UpdateOne(bson.M{"pid": cooked.pid}, bson.M{ | 164 | pidCol.UpdateOne(bson.M{"pid": cooked.pid}, bson.M{ |
| @@ -200,7 +183,6 @@ func dealExecve(cooked Event) { | |||
| 200 | }, | 183 | }, |
| 201 | }) | 184 | }) |
| 202 | } | 185 | } |
| 203 | pidCol.Mutex.Unlock() | ||
| 204 | } | 186 | } |
| 205 | 187 | ||
| 206 | func fileOpen(cooked Event) { | 188 | func fileOpen(cooked Event) { |