From 61809e72c524294cb07535d0e31c80a283495f80 Mon Sep 17 00:00:00 2001
From: We-unite <3205135446@qq.com>
Date: Wed, 14 Aug 2024 17:28:28 +0800
Subject: Filter mainly finished, fix sth in lintener

This commit I make some changes:
- The filter got mainly finished.
  - Build a big node by the same tgid, and use the tgid node to
    build th tree we need by bfs.
  - Filt relative files, and for the files not closed, add close
    time stamp according to the exit time of their pids.
  - Put all the results into database.
Besides, I enlarge the buffer size of netlink connector and channels
in lintener.

TODO:
- the pivot_root syscall is used only by the initial shell(`docker
  start` makes a shell), other processes of shell change their root
  by changing namespace(mnt ns?), using setns syscall. So fix it.
- It's time to fix the netlink connector socket.
---
 filter/global.go | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

(limited to 'filter/global.go')

diff --git a/filter/global.go b/filter/global.go
index 45706d4..37af52b 100644
--- a/filter/global.go
+++ b/filter/global.go
@@ -28,9 +28,16 @@ type Process struct {
 	ExitTimestamp  time.Time `bson:"exit_timestamp"`
 }
 
+type tgidNode struct {
+	Tgid      int         `bson:"tgid"`
+	FindPid   map[int]int `bson:"findPid"`
+	Threads   []Process   `bson:"threads"`
+	ChildTgid []int       `bson:"child_tgid"`
+}
+
 func (p Process) String() string {
 	var res string
-	res = ""
+	res = "---------------------\n"
 	res += fmt.Sprintf("timestamp\t%v\n", p.StartTimestamp)
 	res += fmt.Sprintf("ppid\t%d\nparentTgid\t%d\n", p.Ppid, p.ParentTgid)
 	res += fmt.Sprintf("pid\t%d\ntgid\t%d\nargs: ", p.Pid, p.Tgid)
@@ -53,9 +60,20 @@ func (p Process) String() string {
 		res += fmt.Sprintf("%d ", p.Children[i])
 	}
 	res += fmt.Sprintf("\n")
+	res += fmt.Sprintf("exit_timestamp:\t%v\nexit_code:\t%d\nexit_signal:\t%d\n", p.ExitTimestamp, p.ExitCode, p.ExitSignal)
 	return res
 }
 
+type File struct {
+	OpenTimestamp  time.Time   `bson:"timestamp"`
+	FileName       string      `bson:"fileName"`
+	Pid            int         `bson:"pid"`
+	Fd             int         `bson:"fd"`
+	Flags          [4]uint64   `bson:"flags"`
+	Written        []time.Time `bson:"written"`
+	CloseTimestamp time.Time   `bson:"close_timestamp"`
+}
+
 // Queue 定义一个队列结构体
 type Queue struct {
 	items []interface{}
-- 
cgit v1.2.3-70-g09d2