1 files changed, 23 insertions, 25 deletions
diff --git a/src/deal.go b/src/deal.go
index 871b7ff..483d4d2 100644
--- a/src/deal.go
+++ b/src/deal.go
@@ -2,20 +2,20 @@ package main
 import (
        "fmt"
-        "sync"
        "syscall"
        "go.mongodb.org/mongo-driver/bson"
 )
 const (
-        dbName     string = "test"
+        dbName      string = "test"
-        pidColName string = "pids"
+        pidColName  string = "pids"
-        fdColName  string = "fds"
+        fdColName   string = "fds"
+        fileColName string = "files"
 )
-var mongoMutex sync.Mutex
+// var mongoMutex sync.Mutex
-var pidCol, fdCol mongoClient
+var pidCol, fdCol, fileCol mongoClient
 var docRes []bson.M
 var err error
@@ -44,10 +44,14 @@ func deal() {
                fmt.Printf("Error while initing the mongodb: %v\n", err)
                return
        }
+        if err = fileCol.init(dbName, fileColName); err != nil {
+                fmt.Printf("Error while initing the mongodb: %v\n", err)
+        }
        fmt.Printf("Containerd: %d\n", containerdPid)
        defer pidCol.Disconnect()
        defer fdCol.Disconnect()
+        defer fileCol.Disconnect()
        for {
                cooked, ok = <-cookedChan
@@ -57,11 +61,11 @@ func deal() {
                switch cooked.tag {
                case NEWPID:
-                        dealNewPid(cooked)
+                        go dealNewPid(cooked)
                case EXECVE:
-                        dealExecve(cooked)
+                        go dealExecve(cooked)
                case PIDEXIT:
-                        deletePid(cooked)
+                        go deletePid(cooked)
                case FILEOPEN:
                        fileOpen(cooked)
                case FILEWRITE:
@@ -73,9 +77,7 @@ func deal() {
 }
 func deletePid(cooked Event) {
-        // TODO: 是否还需要延时？
+        pidCol.GetLock()
-        // time.Sleep(1 * time.Second)
-        mongoMutex.Lock()
        // 先从老爹那里销户
        pidCol.UpdateOne(bson.M{"pid": cooked.ppid}, bson.M{
                "$pull": bson.M{
@@ -85,7 +87,8 @@ func deletePid(cooked Event) {
        // 孩子们需要收容
        // 不必到children里一个个找，直接看ppid即可
-        pidCol.UpdateMany(bson.M{"ppid": cooked.pid}, bson.M{"ppid": 1})
+        // pidCol.UpdateMany(bson.M{"ppid": cooked.pid}, bson.M{"ppid": 1})
+        // 在这套逻辑里，孩子是不需要收容的，因为我们根本就不看ppid来工作
        // 可以去死了
        pidCol.UpdateOne(bson.M{"pid": cooked.pid}, bson.M{
@@ -95,8 +98,7 @@ func deletePid(cooked Event) {
                        "exit_signal":    cooked.exit_signal,
                },
        })
-        mongoMutex.Unlock()
+        pidCol.Mutex.Unlock()
-        fmt.Printf("Exit: %v\t%6d\t%6d\n", cooked.timestamp, cooked.pid, cooked.exit_code)
 }
 func dealNewPid(cooked Event) {
@@ -113,7 +115,8 @@ func dealNewPid(cooked Event) {
                fmt.Printf("Err finding: %v\n", err)
                return
        }
-        mongoMutex.Lock()
+        pidCol.GetLock()
        if len(docRes) != 0 {
                // 进程原本就存在，换言之别的消息先到了
                // 所有先行抵达的消息必须保留execve/children字段
@@ -146,7 +149,7 @@ func dealNewPid(cooked Event) {
                        "children": cooked.pid,
                },
        })
-        mongoMutex.Unlock()
+        pidCol.Mutex.Unlock()
 }
 func dealExecve(cooked Event) {
@@ -162,7 +165,8 @@ func dealExecve(cooked Event) {
        if err != nil {
                return
        }
-        mongoMutex.Lock()
+        pidCol.GetLock()
        if len(docRes) == 1 {
                // 自身已在，直接记录
                pidCol.UpdateOne(bson.M{"pid": cooked.pid}, bson.M{
@@ -187,12 +191,10 @@ func dealExecve(cooked Event) {
                        },
                })
        }
-        mongoMutex.Unlock()
+        pidCol.Mutex.Unlock()
 }
 func fileOpen(cooked Event) {
-        // fmt.Printf("Open: %6d\t%6d\t%s\n", cooked.ppid, cooked.pid, cooked.pathName)
        // 权限检查过了，不必再查
        fdCol.InsertOne(bson.M{
                "timestamp": cooked.timestamp,
@@ -213,8 +215,6 @@ func fileOpen(cooked Event) {
 }
 func fileClose(cooked Event) {
-        // fmt.Printf("Close: %6d\t%6d\t%s\n", cooked.ppid, cooked.pid, cooked.pathName)
-        // 直接看文件表有无记录
        res, err := fdCol.Finddoc(bson.M{
                "pid":             cooked.pid,
                "fd":              cooked.syscallParam[0],
@@ -234,8 +234,6 @@ func fileClose(cooked Event) {
 }
 func fileWrite(cooked Event) {
-        // fmt.Printf("Write: %6d\t%6d\t%s\n", cooked.ppid, cooked.pid, cooked.pathName)
-        // 直接看文件表有无记录
        res, err := fdCol.Finddoc(bson.M{
                "pid":             cooked.pid,
                "fd":              cooked.syscallParam[0],

diff --git a/src/deal.go b/src/deal.go index 871b7ff..483d4d2 100644 --- a/src/deal.go +++ b/src/deal.go
@@ -2,20 +2,20 @@ package main
2		2
3	import (	3	import (
4	"fmt"	4	"fmt"
5	"sync"
6	"syscall"	5	"syscall"
7		6
8	"go.mongodb.org/mongo-driver/bson"	7	"go.mongodb.org/mongo-driver/bson"
9	)	8	)
10		9
11	const (	10	const (
12	dbName string = "test"	11	dbName string = "test"
13	pidColName string = "pids"	12	pidColName string = "pids"
14	fdColName string = "fds"	13	fdColName string = "fds"
		14	fileColName string = "files"
15	)	15	)
16		16
17	var mongoMutex sync.Mutex	17	// var mongoMutex sync.Mutex
18	var pidCol, fdCol mongoClient	18	var pidCol, fdCol, fileCol mongoClient
19		19
20	var docRes []bson.M	20	var docRes []bson.M
21	var err error	21	var err error
@@ -44,10 +44,14 @@ func deal() {
44	fmt.Printf("Error while initing the mongodb: %v\n", err)	44	fmt.Printf("Error while initing the mongodb: %v\n", err)
45	return	45	return
46	}	46	}
		47	if err = fileCol.init(dbName, fileColName); err != nil {
		48	fmt.Printf("Error while initing the mongodb: %v\n", err)
		49	}
47		50
48	fmt.Printf("Containerd: %d\n", containerdPid)	51	fmt.Printf("Containerd: %d\n", containerdPid)
49	defer pidCol.Disconnect()	52	defer pidCol.Disconnect()
50	defer fdCol.Disconnect()	53	defer fdCol.Disconnect()
		54	defer fileCol.Disconnect()
51		55
52	for {	56	for {
53	cooked, ok = <-cookedChan	57	cooked, ok = <-cookedChan
@@ -57,11 +61,11 @@ func deal() {
57		61
58	switch cooked.tag {	62	switch cooked.tag {
59	case NEWPID:	63	case NEWPID:
60	dealNewPid(cooked)	64	go dealNewPid(cooked)
61	case EXECVE:	65	case EXECVE:
62	dealExecve(cooked)	66	go dealExecve(cooked)
63	case PIDEXIT:	67	case PIDEXIT:
64	deletePid(cooked)	68	go deletePid(cooked)
65	case FILEOPEN:	69	case FILEOPEN:
66	fileOpen(cooked)	70	fileOpen(cooked)
67	case FILEWRITE:	71	case FILEWRITE:
@@ -73,9 +77,7 @@ func deal() {
73	}	77	}
74		78
75	func deletePid(cooked Event) {	79	func deletePid(cooked Event) {
76	// TODO: 是否还需要延时？	80	pidCol.GetLock()
77	// time.Sleep(1 * time.Second)
78	mongoMutex.Lock()
79	// 先从老爹那里销户	81	// 先从老爹那里销户
80	pidCol.UpdateOne(bson.M{"pid": cooked.ppid}, bson.M{	82	pidCol.UpdateOne(bson.M{"pid": cooked.ppid}, bson.M{
81	"$pull": bson.M{	83	"$pull": bson.M{
@@ -85,7 +87,8 @@ func deletePid(cooked Event) {
85		87
86	// 孩子们需要收容	88	// 孩子们需要收容
87	// 不必到children里一个个找，直接看ppid即可	89	// 不必到children里一个个找，直接看ppid即可
88	pidCol.UpdateMany(bson.M{"ppid": cooked.pid}, bson.M{"ppid": 1})	90	// pidCol.UpdateMany(bson.M{"ppid": cooked.pid}, bson.M{"ppid": 1})
		91	// 在这套逻辑里，孩子是不需要收容的，因为我们根本就不看ppid来工作
89		92
90	// 可以去死了	93	// 可以去死了
91	pidCol.UpdateOne(bson.M{"pid": cooked.pid}, bson.M{	94	pidCol.UpdateOne(bson.M{"pid": cooked.pid}, bson.M{
@@ -95,8 +98,7 @@ func deletePid(cooked Event) {
95	"exit_signal": cooked.exit_signal,	98	"exit_signal": cooked.exit_signal,
96	},	99	},
97	})	100	})
98	mongoMutex.Unlock()	101	pidCol.Mutex.Unlock()
99	fmt.Printf("Exit: %v\t%6d\t%6d\n", cooked.timestamp, cooked.pid, cooked.exit_code)
100	}	102	}
101		103
102	func dealNewPid(cooked Event) {	104	func dealNewPid(cooked Event) {
@@ -113,7 +115,8 @@ func dealNewPid(cooked Event) {
113	fmt.Printf("Err finding: %v\n", err)	115	fmt.Printf("Err finding: %v\n", err)
114	return	116	return
115	}	117	}
116	mongoMutex.Lock()	118
		119	pidCol.GetLock()
117	if len(docRes) != 0 {	120	if len(docRes) != 0 {
118	// 进程原本就存在，换言之别的消息先到了	121	// 进程原本就存在，换言之别的消息先到了
119	// 所有先行抵达的消息必须保留execve/children字段	122	// 所有先行抵达的消息必须保留execve/children字段
@@ -146,7 +149,7 @@ func dealNewPid(cooked Event) {
146	"children": cooked.pid,	149	"children": cooked.pid,
147	},	150	},
148	})	151	})
149	mongoMutex.Unlock()	152	pidCol.Mutex.Unlock()
150	}	153	}
151		154
152	func dealExecve(cooked Event) {	155	func dealExecve(cooked Event) {
@@ -162,7 +165,8 @@ func dealExecve(cooked Event) {
162	if err != nil {	165	if err != nil {
163	return	166	return
164	}	167	}
165	mongoMutex.Lock()	168
		169	pidCol.GetLock()
166	if len(docRes) == 1 {	170	if len(docRes) == 1 {
167	// 自身已在，直接记录	171	// 自身已在，直接记录
168	pidCol.UpdateOne(bson.M{"pid": cooked.pid}, bson.M{	172	pidCol.UpdateOne(bson.M{"pid": cooked.pid}, bson.M{
@@ -187,12 +191,10 @@ func dealExecve(cooked Event) {
187	},	191	},
188	})	192	})
189	}	193	}
190	mongoMutex.Unlock()	194	pidCol.Mutex.Unlock()
191	}	195	}
192		196
193	func fileOpen(cooked Event) {	197	func fileOpen(cooked Event) {
194	// fmt.Printf("Open: %6d\t%6d\t%s\n", cooked.ppid, cooked.pid, cooked.pathName)
195
196	// 权限检查过了，不必再查	198	// 权限检查过了，不必再查
197	fdCol.InsertOne(bson.M{	199	fdCol.InsertOne(bson.M{
198	"timestamp": cooked.timestamp,	200	"timestamp": cooked.timestamp,
@@ -213,8 +215,6 @@ func fileOpen(cooked Event) {
213	}	215	}
214		216
215	func fileClose(cooked Event) {	217	func fileClose(cooked Event) {
216	// fmt.Printf("Close: %6d\t%6d\t%s\n", cooked.ppid, cooked.pid, cooked.pathName)
217	// 直接看文件表有无记录
218	res, err := fdCol.Finddoc(bson.M{	218	res, err := fdCol.Finddoc(bson.M{
219	"pid": cooked.pid,	219	"pid": cooked.pid,
220	"fd": cooked.syscallParam[0],	220	"fd": cooked.syscallParam[0],
@@ -234,8 +234,6 @@ func fileClose(cooked Event) {
234	}	234	}
235		235
236	func fileWrite(cooked Event) {	236	func fileWrite(cooked Event) {
237	// fmt.Printf("Write: %6d\t%6d\t%s\n", cooked.ppid, cooked.pid, cooked.pathName)
238	// 直接看文件表有无记录
239	res, err := fdCol.Finddoc(bson.M{	237	res, err := fdCol.Finddoc(bson.M{
240	"pid": cooked.pid,	238	"pid": cooked.pid,
241	"fd": cooked.syscallParam[0],	239	"fd": cooked.syscallParam[0],