package main

import (
	"sync"
	"time"
)

type eventType int

const (
	NEWPID eventType = iota
	PIDEXIT
	EXECVE
	FILEOPEN
	FILEWRITE
	FILECLOSE
	TYPENUM
)

type Event struct {
	tag          eventType
	timestamp    time.Time
	pid, ppid    int
	syscall      int
	exit_code    uint64
	argc         int
	argv         []string
	cwd          string
	syscallParam [4]uint64
	pathName     string
}

func (et eventType) String() string {
	names := []string{"NEWPID", "PIDEXIT", "EXECVE", "FILEOPEN", "FILEWRITE", "TYPENUM"}
	if et < NEWPID || et > TYPENUM {
		return "Unknown"
	}
	return names[et]
}

var wg sync.WaitGroup        // 掌管协程
var rawChan chan interface{} // 从接收到整理的管道
var cookedChan chan Event    // 整理好的信息的管道
var syscallTable [500]string //记录一下系统调用
var containerdPid int