diff options
Diffstat (limited to '')
| -rw-r--r-- | listener/deal.go | 47 |
1 files changed, 33 insertions, 14 deletions
diff --git a/listener/deal.go b/listener/deal.go index 8f77431..8225224 100644 --- a/listener/deal.go +++ b/listener/deal.go | |||
| @@ -3,6 +3,7 @@ package main | |||
| 3 | import ( | 3 | import ( |
| 4 | "fmt" | 4 | "fmt" |
| 5 | "os" | 5 | "os" |
| 6 | "strconv" | ||
| 6 | "syscall" | 7 | "syscall" |
| 7 | "time" | 8 | "time" |
| 8 | 9 | ||
| @@ -17,27 +18,45 @@ const ( | |||
| 17 | ) | 18 | ) |
| 18 | 19 | ||
| 19 | var pidCol, fdCol, fileCol mongoClient | 20 | var pidCol, fdCol, fileCol mongoClient |
| 20 | var err error | 21 | |
| 22 | func initPidCol() (err error) { | ||
| 23 | // TODO: 这里是否需要补全一下进程信息? | ||
| 24 | dirs, err := os.ReadDir(fmt.Sprintf("/proc/%d/task", containerdPid)) | ||
| 25 | if err != nil { | ||
| 26 | return err | ||
| 27 | } | ||
| 28 | for _, file := range dirs { | ||
| 29 | pid, _ := strconv.Atoi(file.Name()) | ||
| 30 | process := Process{ | ||
| 31 | Ppid: 1, | ||
| 32 | ParentTgid: 1, | ||
| 33 | Pid: pid, | ||
| 34 | Tgid: containerdPid, | ||
| 35 | Cwd: "/", | ||
| 36 | Children: make([]int, 0), | ||
| 37 | Execve: make([]Exec, 0), | ||
| 38 | Args: make([]string, 0), | ||
| 39 | } | ||
| 40 | if pid == containerdPid { | ||
| 41 | process.Star = true | ||
| 42 | } | ||
| 43 | err = pidCol.InsertOne(process) | ||
| 44 | } | ||
| 45 | return nil | ||
| 46 | } | ||
| 21 | 47 | ||
| 22 | func deal() { | 48 | func deal() { |
| 23 | defer wg.Done() | 49 | defer wg.Done() |
| 24 | var cooked Event | 50 | var cooked Event |
| 25 | var ok bool | 51 | var ok bool |
| 52 | var err error | ||
| 26 | 53 | ||
| 27 | if err = pidCol.init(dbName, pidColName); err != nil { | 54 | if err = pidCol.init(dbName, pidColName); err != nil { |
| 28 | fmt.Fprintf(os.Stderr, "Error while initing the mongodb: %v\n", err) | 55 | fmt.Fprintf(os.Stderr, "Error while initing the mongodb: %v\n", err) |
| 29 | return | 56 | return |
| 30 | } | 57 | } |
| 31 | err = pidCol.InsertOne(Process{ | 58 | if err = initPidCol(); err != nil { |
| 32 | Ppid: 1, | 59 | fmt.Fprintf(os.Stderr, "Err while initing pidcol: %v\n", err) |
| 33 | Pid: containerdPid, | ||
| 34 | Cwd: "/", | ||
| 35 | Children: make([]int, 0), | ||
| 36 | Star: true, | ||
| 37 | }) | ||
| 38 | if err != nil { | ||
| 39 | fmt.Fprintf(os.Stderr, "Error while initing the mongodb: %v\n", err) | ||
| 40 | return | ||
| 41 | } | 60 | } |
| 42 | 61 | ||
| 43 | if err = fdCol.init(dbName, fdColName); err != nil { | 62 | if err = fdCol.init(dbName, fdColName); err != nil { |
| @@ -96,7 +115,7 @@ func deletePid(cooked Event) { | |||
| 96 | func dealNewPid(cooked Event) { | 115 | func dealNewPid(cooked Event) { |
| 97 | // 自身是否已经记录 | 116 | // 自身是否已经记录 |
| 98 | var docRes []Process | 117 | var docRes []Process |
| 99 | err = pidCol.Finddoc(bson.M{"pid": cooked.pid}, &docRes) | 118 | err := pidCol.Finddoc(bson.M{"pid": cooked.pid}, &docRes) |
| 100 | if err != nil { | 119 | if err != nil { |
| 101 | fmt.Fprintf(os.Stderr, "Err finding: %v\n", err) | 120 | fmt.Fprintf(os.Stderr, "Err finding: %v\n", err) |
| 102 | return | 121 | return |
| @@ -136,7 +155,7 @@ func dealNewPid(cooked Event) { | |||
| 136 | } | 155 | } |
| 137 | } | 156 | } |
| 138 | 157 | ||
| 139 | err := pidCol.UpdateOne(bson.M{"pid": cooked.ppid}, bson.M{ | 158 | err = pidCol.UpdateOne(bson.M{"pid": cooked.ppid}, bson.M{ |
| 140 | "$push": bson.M{ | 159 | "$push": bson.M{ |
| 141 | "children": cooked.pid, | 160 | "children": cooked.pid, |
| 142 | }, | 161 | }, |
| @@ -149,7 +168,7 @@ func dealNewPid(cooked Event) { | |||
| 149 | func dealExecve(cooked Event) { | 168 | func dealExecve(cooked Event) { |
| 150 | var docRes []Process | 169 | var docRes []Process |
| 151 | // 首先检查进程是否存在,如不存在则为之创建 | 170 | // 首先检查进程是否存在,如不存在则为之创建 |
| 152 | err = pidCol.Finddoc(bson.M{"pid": cooked.pid}, &docRes) | 171 | err := pidCol.Finddoc(bson.M{"pid": cooked.pid}, &docRes) |
| 153 | if err != nil { | 172 | if err != nil { |
| 154 | return | 173 | return |
| 155 | } | 174 | } |