From 5dfa5b99928c9ed3fff891f676fe22857f689200 Mon Sep 17 00:00:00 2001 From: Baitinq Date: Sun, 21 Jul 2024 13:55:01 +0200 Subject: fs-tracer: open files should be referenced with pid+fd --- fs-tracer/src/syscall_handler.rs | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/fs-tracer/src/syscall_handler.rs b/fs-tracer/src/syscall_handler.rs index 3fa77b4..c393bae 100644 --- a/fs-tracer/src/syscall_handler.rs +++ b/fs-tracer/src/syscall_handler.rs @@ -7,7 +7,7 @@ use fs_tracer_common::{OpenSyscallBPF, SyscallInfo, WriteSyscallBPF}; pub struct SyscallHandler { resolved_files: Sender, - open_files: HashMapDelay, + open_files: HashMapDelay<(i32, u32), String>, } impl SyscallHandler { @@ -27,7 +27,7 @@ impl SyscallHandler { } fn handle_write(&self, write_syscall: WriteSyscallBPF) -> Result<(), ()> { - let filename = match self.open_files.get(&write_syscall.fd) { + let filename = match self.open_files.get(&(write_syscall.fd, write_syscall.pid)) { None => { println!( "DIDNT FIND AN OPEN FILE FOR THE WRITE SYSCALL (fd: {}, ret: {})", @@ -41,7 +41,10 @@ impl SyscallHandler { .unwrap_or_default() .to_str() .unwrap_or_default(); - println!("WRITE KERNEL: DATA {:?}", write_syscall); + println!( + "WRITE KERNEL: DATA {:?} FILENAME: {:?}", + write_syscall, filename + ); let serialized_filename = serde_json::to_string(&filename).unwrap(); let serialized_contents = serde_json::to_string(&contents).unwrap(); let _ = self.resolved_files.send(format!( @@ -67,7 +70,8 @@ impl SyscallHandler { println!("OPEN KERNEL DATA: {:?}", open_syscall); println!("OPEN FILENAME: {:?}", filename); let fd = open_syscall.ret; - self.open_files.insert(fd, filename.to_string()); + self.open_files + .insert((fd, open_syscall.pid), filename.to_string()); Ok(()) } } -- cgit 1.4.1