package main

import (
	"sync"
	"time"
)

type Event struct {
	timestamp time.Time
	pid, ppid int
	syscall   int
	argc      int
	argv      []string
	cwd       string
}

type process struct {
	timestamp time.Time
	pid, ppid int
	argv      []string
	cwd       string
	rootfs    string
	children  []int
}

var pids sync.Map            // 古希腊掌管进程的神，int->*process
var wg sync.WaitGroup        // 掌管协程
var rawChan chan interface{} // 从接收到整理的管道
var cookedChan chan Event    // 整理好的信息的管道
var syscallTable [500]string //记录一下系统调用
var containerdPid int