From 17ff6a39dc293f6d45ffd355c637a181e28c31ee Mon Sep 17 00:00:00 2001 From: Baitinq Date: Fri, 31 May 2024 00:00:44 +0200 Subject: fs-tracer: create syscall handler --- fs-tracer/src/main.rs | 68 +++++++++++++++++--------------------- fs-tracer/src/syscall_handler.rs | 70 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 100 insertions(+), 38 deletions(-) create mode 100644 fs-tracer/src/syscall_handler.rs diff --git a/fs-tracer/src/main.rs b/fs-tracer/src/main.rs index d974d66..a6d41b7 100644 --- a/fs-tracer/src/main.rs +++ b/fs-tracer/src/main.rs @@ -1,3 +1,5 @@ +mod syscall_handler; + use aya::util::online_cpus; use aya::{include_bytes_aligned, Ebpf}; use aya::{maps::AsyncPerfEventArray, programs::TracePoint}; @@ -7,7 +9,8 @@ use fs_tracer_common::SyscallInfo; use log::{debug, info, warn}; use std::env; use std::sync::atomic::{AtomicBool, Ordering}; -use std::sync::Arc; +use std::sync::mpsc; +use std::sync::{Arc, Mutex}; use tokio::task; #[tokio::main] @@ -72,13 +75,19 @@ async fn main() -> Result<(), anyhow::Error> { }) .expect("could not set Ctrl+C handler"); + let (resolved_files_send, resolved_files_recv) = mpsc::channel(); + + // Create arcmutex for the syscall handler in order to use it in threads + let syscall_handler = Arc::new(Mutex::new(syscall_handler::SyscallHandler::new( + resolved_files_send, + ))); + let mut handles = vec![]; let mut perf_array = AsyncPerfEventArray::try_from(bpf.take_map("EVENTS").unwrap())?; for cpu_id in online_cpus()? { let mut buf = perf_array.open(cpu_id, None)?; - let thread_url = url.clone(); - let thread_api_key = fs_tracer_api_key.clone(); + let thread_syscall_handler = syscall_handler.clone(); let thread_exit = exit.clone(); handles.push(task::spawn(async move { let mut buffers = (0..10) @@ -93,47 +102,30 @@ async fn main() -> Result<(), anyhow::Error> { } let ptr = buf.as_ptr() as *const SyscallInfo; let data = unsafe { ptr.read_unaligned() }; - match data { - SyscallInfo::Write(x) => { - println!("WRITE KERNEL: DATA {:?}", x); - // TODO: Batching. - let resp = ureq::post(&thread_url) - .set("API_KEY", &thread_api_key) - .send_string(&format!( - r#" -[ - {{ - "timestamp": "{}", - "absolute_path": "/tmp/test.txt", - "contents": "Hello, world!" - }} -] -"#, - chrono::Utc::now().to_rfc3339() - )) - .expect("Failed to send request"); - if resp.status() != 200 { - panic!("Failed to send request: {:?}", resp); - } - } - SyscallInfo::Open(x) => { - // if !CStr::from_bytes_until_nul(&x.filename) - // .unwrap_or_default() - // .to_str() - // .unwrap_or_default() - // .starts_with('/') - // { - println!("OPEN KERNEL DATA: {:?}", x) - // } - } - } + thread_syscall_handler.lock().unwrap().handle_syscall(data); } } })); } info!("Waiting for threads to stop"); - futures::future::join_all(handles).await; + for elt in resolved_files_recv { + // TODO: Batching. + let resp = ureq::post(&url) + .set("API_KEY", &fs_tracer_api_key) + .send_string(&format!( + r#" + [ + {} + ] + "#, + elt + )) + .expect("Failed to send request"); + if resp.status() != 200 { + panic!("Failed to send request: {:?}", resp); + } + } info!("All threads stopped, exiting now..."); Ok(()) diff --git a/fs-tracer/src/syscall_handler.rs b/fs-tracer/src/syscall_handler.rs new file mode 100644 index 0000000..bdb3a6e --- /dev/null +++ b/fs-tracer/src/syscall_handler.rs @@ -0,0 +1,70 @@ +use std::{collections::HashMap, sync::mpsc::Sender}; + +use fs_tracer_common::SyscallInfo; + +pub struct SyscallHandler { + resolved_files: Sender, + syscall_map: HashMap u64>, //TODO +} + +impl SyscallHandler { + pub fn new(resolved_files: Sender) -> Self { + Self { + resolved_files, + syscall_map: HashMap::new(), + } + } + + pub fn handle_syscall(&self, data: SyscallInfo) -> u64 { + match data { + SyscallInfo::Write(x) => { + println!("WRITE KERNEL: DATA {:?}", x); + let _ = self.resolved_files.send(format!( + r#" + {{ + "timestamp": "{}", + "absolute_path": "{}", + "contents": "{}" + }} + "#, + chrono::Utc::now().to_rfc3339(), + "/tmp/file.txt", + "some contents!!" + )); + return 0; + // TODO: Batching. + // let resp = ureq::post(&thread_url) + // .set("API_KEY", &thread_api_key) + // .send_string(&format!( + // r#" + // [ + // {{ + // "timestamp": "{}", + // "absolute_path": "{}", + // "contents": "{}" + // }} + // ] + // "#, + // chrono::Utc::now().to_rfc3339(), + // "/tmp/file.txt", + // "some contents!!" + // )) + // .expect("Failed to send request"); + // if resp.status() != 200 { + // panic!("Failed to send request: {:?}", resp); + // } + } + SyscallInfo::Open(x) => { + // if !CStr::from_bytes_until_nul(&x.filename) + // .unwrap_or_default() + // .to_str() + // .unwrap_or_default() + // .starts_with('/') + // { + println!("OPEN KERNEL DATA: {:?}", x); + return 0; + // } + } + } + } +} -- cgit 1.4.1