summaryrefslogtreecommitdiffstats
path: root/src/deal.go
diff options
context:
space:
mode:
Diffstat (limited to 'src/deal.go')
-rw-r--r--src/deal.go51
1 files changed, 40 insertions, 11 deletions
diff --git a/src/deal.go b/src/deal.go
index f2b7d4b..e553174 100644
--- a/src/deal.go
+++ b/src/deal.go
@@ -2,6 +2,7 @@ package main
2 2
3import ( 3import (
4 "fmt" 4 "fmt"
5 "os"
5 "syscall" 6 "syscall"
6 7
7 "go.mongodb.org/mongo-driver/bson" 8 "go.mongodb.org/mongo-driver/bson"
@@ -26,7 +27,7 @@ func deal() {
26 var ok bool 27 var ok bool
27 28
28 if err = pidCol.init(dbName, pidColName); err != nil { 29 if err = pidCol.init(dbName, pidColName); err != nil {
29 fmt.Printf("Error while initing the mongodb: %v\n", err) 30 fmt.Fprintf(os.Stderr, "Error while initing the mongodb: %v\n", err)
30 return 31 return
31 } 32 }
32 err = pidCol.InsertOne(bson.M{ 33 err = pidCol.InsertOne(bson.M{
@@ -37,16 +38,16 @@ func deal() {
37 "daemon": true, 38 "daemon": true,
38 }) 39 })
39 if err != nil { 40 if err != nil {
40 fmt.Printf("Error while initing the mongodb: %v\n", err) 41 fmt.Fprintf(os.Stderr, "Error while initing the mongodb: %v\n", err)
41 return 42 return
42 } 43 }
43 44
44 if err = fdCol.init(dbName, fdColName); err != nil { 45 if err = fdCol.init(dbName, fdColName); err != nil {
45 fmt.Printf("Error while initing the mongodb: %v\n", err) 46 fmt.Fprintf(os.Stderr, "Error while initing the mongodb: %v\n", err)
46 return 47 return
47 } 48 }
48 if err = fileCol.init(dbName, fileColName); err != nil { 49 if err = fileCol.init(dbName, fileColName); err != nil {
49 fmt.Printf("Error while initing the mongodb: %v\n", err) 50 fmt.Fprintf(os.Stderr, "Error while initing the mongodb: %v\n", err)
50 } 51 }
51 52
52 fmt.Printf("Containerd: %d\n", containerdPid) 53 fmt.Printf("Containerd: %d\n", containerdPid)
@@ -73,6 +74,8 @@ func deal() {
73 go fileWrite(cooked) 74 go fileWrite(cooked)
74 case FILECLOSE: 75 case FILECLOSE:
75 go fileClose(cooked) 76 go fileClose(cooked)
77 case PIVOTROOT:
78 go pivotRoot(cooked)
76 } 79 }
77 } 80 }
78} 81}
@@ -85,9 +88,6 @@ func deletePid(cooked Event) {
85 }, 88 },
86 }) 89 })
87 90
88 // 孩子们需要收容
89 // 不必到children里一个个找,直接看ppid即可
90 // pidCol.UpdateMany(bson.M{"ppid": cooked.pid}, bson.M{"ppid": 1})
91 // 在这套逻辑里,孩子是不需要收容的,因为我们根本就不看ppid来工作 91 // 在这套逻辑里,孩子是不需要收容的,因为我们根本就不看ppid来工作
92 92
93 // 可以去死了 93 // 可以去死了
@@ -98,13 +98,15 @@ func deletePid(cooked Event) {
98 "exit_signal": cooked.exit_signal, 98 "exit_signal": cooked.exit_signal,
99 }, 99 },
100 }) 100 })
101
102 // 理论上这里需要关闭所有文件描述符,但为了处理效率,留给后续流程
101} 103}
102 104
103func dealNewPid(cooked Event) { 105func dealNewPid(cooked Event) {
104 // 自身是否已经记录 106 // 自身是否已经记录
105 docRes, err = pidCol.Finddoc(bson.M{"pid": cooked.pid}) 107 docRes, err = pidCol.Finddoc(bson.M{"pid": cooked.pid})
106 if err != nil { 108 if err != nil {
107 fmt.Printf("Err finding: %v\n", err) 109 fmt.Fprintf(os.Stderr, "Err finding: %v\n", err)
108 return 110 return
109 } 111 }
110 112
@@ -189,7 +191,7 @@ func fileOpen(cooked Event) {
189 // 权限检查过了,不必再查 191 // 权限检查过了,不必再查
190 fdCol.InsertOne(bson.M{ 192 fdCol.InsertOne(bson.M{
191 "timestamp": cooked.timestamp, 193 "timestamp": cooked.timestamp,
192 "fileName": cooked.pathName, 194 "fileName": cooked.srcPath,
193 "pid": cooked.pid, 195 "pid": cooked.pid,
194 "fd": cooked.exit_code, 196 "fd": cooked.exit_code,
195 "flags": cooked.syscallParam, 197 "flags": cooked.syscallParam,
@@ -212,7 +214,7 @@ func fileClose(cooked Event) {
212 } 214 }
213 res["close_timestamp"] = cooked.timestamp 215 res["close_timestamp"] = cooked.timestamp
214 if err := fileCol.InsertOne(res); err != nil { 216 if err := fileCol.InsertOne(res); err != nil {
215 fmt.Printf("Err inserting files: %v\n", err) 217 fmt.Fprintf(os.Stderr, "Err inserting files: %v\n", err)
216 } 218 }
217} 219}
218 220
@@ -223,7 +225,7 @@ func fileWrite(cooked Event) {
223 "close_timestamp": bson.M{"$exists": false}, 225 "close_timestamp": bson.M{"$exists": false},
224 }) 226 })
225 if err != nil { 227 if err != nil {
226 fmt.Printf("Err closing fd %d of pid %d: %v\n", cooked.syscallParam[0], cooked.pid, err) 228 fmt.Fprintf(os.Stderr, "Err closing fd %d of pid %d: %v\n", cooked.syscallParam[0], cooked.pid, err)
227 } 229 }
228 if len(res) == 0 { 230 if len(res) == 0 {
229 return 231 return
@@ -234,3 +236,30 @@ func fileWrite(cooked Event) {
234 "close_timestamp": bson.M{"$exists": false}, 236 "close_timestamp": bson.M{"$exists": false},
235 }, bson.M{"$push": bson.M{"written": cooked.timestamp}}) 237 }, bson.M{"$push": bson.M{"written": cooked.timestamp}})
236} 238}
239
240func pivotRoot(cooked Event) {
241 // docker的根目录信息,记录
242 docRes, err := pidCol.Finddoc(bson.M{"pid": cooked.pid})
243 if err != nil {
244 fmt.Fprintf(os.Stderr, "Err finding: %v\n", err)
245 return
246 }
247
248 if len(docRes) == 0 {
249 // fork还没到,等一下
250 pidCol.InsertOne(bson.M{
251 "start_timestamp": cooked.timestamp,
252 "ppid": cooked.ppid,
253 "pid": cooked.pid,
254 "rootfs": "cwd",
255 })
256 } else {
257 // 读取已有的工作目录
258 cwd := docRes[0]["cwd"]
259 pidCol.UpdateOne(bson.M{"pid": cooked.pid}, bson.M{
260 "$set": bson.M{
261 "rootfs": cwd,
262 },
263 })
264 }
265}
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-01-07 17:07:09 +0800