diff options
author | We-unite <3205135446@qq.com> | 2024-07-26 17:23:53 +0800 |
---|---|---|
committer | We-unite <3205135446@qq.com> | 2024-07-26 17:23:53 +0800 |
commit | ec260a31927ef77295eaa07ba370b58b416f47f5 (patch) | |
tree | 317dcc68bbeb095af71e5135bf57caefff0bd123 /src/global.go | |
parent | b765715b4795ce4bc8940c7b1a1092a78550de94 (diff) | |
download | godo-ec260a31927ef77295eaa07ba370b58b416f47f5.tar.gz godo-ec260a31927ef77295eaa07ba370b58b416f47f5.zip |
Fix execve before fork & Fix regex to match "exit"
There's 2 bugs from ancestor commits:
- In the 'things_left' tag commit(the grandpa of this commit), we
add a function that allows execve comes before fork, but when it
happens, I forget to insert the basic info (pid, ppid, etc.), as a
result of which it doesn't work in the designed way. Now it is well,
insert execve with pid and ppid, so that the fork event can find it
and finish other info. However, we shouldn't make start_stamp in
this case, so that it's also a flag. I've not removed the unused
execve info, waiting for the future.
- In the parent commit, the syscallRegex is changed, because when we
add more syscalls to be watched, we need more info about their params
but not only the first one. Instead of keeping using single a0 to get
the first param, i use argsRegex for all the params. But this change
causes mismatch of syscallRegex. Now it's fixed.
Diffstat (limited to '')
-rw-r--r-- | src/global.go | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/global.go b/src/global.go index 3ddbc79..7401dc5 100644 --- a/src/global.go +++ b/src/global.go | |||
@@ -10,6 +10,7 @@ type eventType int | |||
10 | const ( | 10 | const ( |
11 | NEWPID eventType = iota | 11 | NEWPID eventType = iota |
12 | PIDEXIT | 12 | PIDEXIT |
13 | EXECVE | ||
13 | FILEOPEN | 14 | FILEOPEN |
14 | FILEWRITE | 15 | FILEWRITE |
15 | TYPENUM | 16 | TYPENUM |
@@ -29,7 +30,7 @@ type Event struct { | |||
29 | } | 30 | } |
30 | 31 | ||
31 | func (et eventType) String() string { | 32 | func (et eventType) String() string { |
32 | names := []string{"newPid", "pidExit", "open", "write", "typeNum"} | 33 | names := []string{"NEWPID", "PIDEXIT", "EXECVE", "FILEOPEN", "FILEWRITE", "TYPENUM"} |
33 | if et < NEWPID || et > TYPENUM { | 34 | if et < NEWPID || et > TYPENUM { |
34 | return "Unknown" | 35 | return "Unknown" |
35 | } | 36 | } |