diff options
| -rw-r--r-- | fs-tracer/src/main.rs | 1 | ||||
| -rw-r--r-- | fs-tracer/src/syscall_handler.rs | 26 | ||||
| -rw-r--r-- | tests/openat.c | 7 | ||||
| -rw-r--r-- | tests/testfile | 3 |
4 files changed, 27 insertions, 10 deletions
diff --git a/fs-tracer/src/main.rs b/fs-tracer/src/main.rs index e7a85bf..223f35a 100644 --- a/fs-tracer/src/main.rs +++ b/fs-tracer/src/main.rs @@ -145,6 +145,7 @@ struct FSTracerFile { timestamp: String, absolute_path: String, contents: String, + offset: usize, } fn send_request(url: &str, fs_tracer_api_key: &str, files: &Vec<FSTracerFile>) { diff --git a/fs-tracer/src/syscall_handler.rs b/fs-tracer/src/syscall_handler.rs index a9fda97..9dc2946 100644 --- a/fs-tracer/src/syscall_handler.rs +++ b/fs-tracer/src/syscall_handler.rs @@ -9,7 +9,7 @@ use crate::FSTracerFile; pub struct SyscallHandler { resolved_files: Sender<FSTracerFile>, - open_files: HashMapDelay<(i32, u32), String>, + open_files: HashMapDelay<(i32, u32), (String, usize)>, } impl SyscallHandler { @@ -28,8 +28,8 @@ impl SyscallHandler { } } - fn handle_write(&self, write_syscall: WriteSyscallBPF) -> Result<(), ()> { - let filename = match self.open_files.get(&(write_syscall.fd, write_syscall.pid)) { + fn handle_write(&mut self, write_syscall: WriteSyscallBPF) -> Result<(), ()> { + let (filename, offset) = match self.open_files.get(&(write_syscall.fd, write_syscall.pid)) { None => { println!( "DIDNT FIND AN OPEN FILE FOR THE WRITE SYSCALL (fd: {}, ret: {})", @@ -37,21 +37,31 @@ impl SyscallHandler { ); return Ok(()); } - Some(str) => str, + Some(str) => str.clone(), }; let contents = CStr::from_bytes_until_nul(&write_syscall.buf) .unwrap_or_default() .to_str() .unwrap_or_default(); println!( - "WRITE KERNEL: DATA {:?} FILENAME: {:?}", - write_syscall, filename + "WRITE KERNEL: DATA {:?} FILENAME: {:?} OFFSET: {:?} LEN: {:?}", + write_syscall, + filename, + offset, + contents.len() ); let _ = self.resolved_files.send(FSTracerFile { timestamp: chrono::Utc::now().to_rfc3339(), absolute_path: filename.to_string(), contents: contents.to_string(), + offset: offset, }); + self.open_files + .remove(&(write_syscall.fd, write_syscall.pid)); + self.open_files.insert( + (write_syscall.fd, write_syscall.pid), + (filename.clone(), offset + write_syscall.count), + ); Ok(()) } @@ -64,7 +74,7 @@ impl SyscallHandler { println!("OPEN FILENAME: {:?}", filename); let fd = open_syscall.ret; self.open_files - .insert((fd, open_syscall.pid), filename.to_string()); + .insert((fd, open_syscall.pid), (filename.to_string(), 0)); Ok(()) } @@ -84,8 +94,6 @@ impl SyscallHandler { }; println!("CLOSE KERNEL DATA: {:?}", close_syscall); println!("CLOSE FILENAME: {:?}", filename); - self.open_files - .remove(&(close_syscall.fd, close_syscall.pid)); Ok(()) } } diff --git a/tests/openat.c b/tests/openat.c index d843d2f..e5f6f17 100644 --- a/tests/openat.c +++ b/tests/openat.c @@ -22,6 +22,13 @@ int main(int argc, char** argv) { printf("Write error: %s\n", strerror(errno)); } + ret = syscall(SYS_write, fd, "\nplease", 7); + printf("Write ret: %d\n", ret); + + if (ret == -1) { + printf("Write error: %s\n", strerror(errno)); + } + ret = syscall(SYS_close, fd); printf("Close ret: %d\n", ret); diff --git a/tests/testfile b/tests/testfile index 6426eb5..993bbba 100644 --- a/tests/testfile +++ b/tests/testfile @@ -1 +1,2 @@ -I'm writing this :) pls. \ No newline at end of file +I'm writing this :) pls. +please \ No newline at end of file |