Skip to content

Fix bash module v2 #508

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Fix bash module v2 #508

wants to merge 2 commits into from

Conversation

sancppp
Copy link
Contributor

@sancppp sancppp commented Mar 7, 2024
edited
Loading

Fix #490.
in this PR:

  • The BPF program in kernel space merely sends the collected data to user space.
  • Change bashEvent.eventType from EventTypeOutput to EventTypeEventProcessor.
  • Add context information about the Module name.
  • Implement a bash IParser.
  • Fix some typo.

cfc4n
cfc4n requested changes Mar 7, 2024
View reviewed changes
cli/cmd/bash.go
@@ -58,7 +59,7 @@ func bashCommandFunc(command *cobra.Command, args []string) {
stopper := make(chan os.Signal, 1)
signal.Notify(stopper, os.Interrupt, syscall.SIGTERM)
ctx, cancelFun := context.WithCancel(context.TODO())

ctx = context.WithValue(ctx, config.CONTEXT_KEY_MODULE_NAME, module.ModuleNameBash)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems that the code here is not necessary?

pkg/event_processor/bash_parser.go
}

func (bp *BashParser) detect(ctx context.Context, b []byte) error {
if ctx.Value(config.CONTEXT_KEY_MODULE_NAME) == "EBPFProbeBash" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the design here is not elegant. The pkg directory should be a business-independent third-party package, and the config package should not be referenced.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. In my implementation, it's necessary to determine whether to use the bash parser based on context information.
  2. When setting a key in the context, it cannot be a string or any other built-in type (see https://staticcheck.io/docs/checks#SA1029).
  3. Therefore, a custom type contextKey is required, which needs to be introduced in "ecapture/pkg/event_processor" and "ecapture/cli/cmd" as the type for context information keys.
  4. I didn't delve too deeply into where to define this type in the config package. Where would be the most appropriate place to put it?"

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed, abstraction here is a bit troublesome. I'll think about it later too

@cfc4n cfc4n added enhancement New feature or request improve labels Mar 8, 2024
@sancppp sancppp mentioned this pull request Mar 8, 2024
Merged
@sancppp sancppp closed this Mar 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cfc4n cfc4n cfc4n requested changes

Assignees
No one assigned
Labels
enhancement New feature or request improve
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Interactive bash command might be missed/lost under some circumstances
2 participants
@sancppp @cfc4n