1. Add some new args to sysdig

2. implement processLoop

Author: YLonely

main.go

@@ -20,5 +20,7 @@ func main() {
 		},
 	}
 
-	
+	app.Action = func(c *cli.Context) error {
+		
+	}
 }

server/controller/container/container.go

@@ -1,6 +1,10 @@
 package container
 
 import (
+	"context"
+	"sync"
+
+	"github.com/YLonely/sysdig-monitor/log"
 	"github.com/YLonely/sysdig-monitor/server/controller"
 	"github.com/YLonely/sysdig-monitor/server/model"
 	"github.com/YLonely/sysdig-monitor/server/router"
@@ -13,17 +17,25 @@ type ContainerController struct {
 	// event chan
 	ec chan sysdig.Event
 
-	// containers
+	// containers use container id as key
 	containers map[string]*model.Container
 	// container process channels
-	containerCh map[string]chan sysdig.Event
+	containerCh map[string]chan containerEvent
+
+	//containers mutex
+	cm sync.RWMutex
 }
 
-func NewController(ec chan sysdig.Event) controller.Controller {
+const eventBufferLen = 512
+
+func NewController(ctx context.Context, ec chan sysdig.Event) (controller.Controller, error) {
 	r := router.NewGroupRouter("/container")
-	res := &ContainerController{containerRouter: r, ec: ec, containers: map[string]*model.Container{}}
+	res := &ContainerController{containerRouter: r, ec: ec, containers: map[string]*model.Container{}, containerCh: map[string]chan containerEvent{}}
 	res.initRouter()
-	return res
+	if err := res.start(ctx); err != nil {
+		return res, err
+	}
+	return res, nil
 }
 
 var _ controller.Controller = &ContainerController{}
@@ -35,3 +47,63 @@ func (cc *ContainerController) BindedRoutes() []router.Route {
 func (cc *ContainerController) initRouter() {
 	// TODO
 }
+
+func (cc *ContainerController) start(ctx context.Context) error {
+	func() {
+		var e sysdig.Event
+		for {
+			select {
+			case e = <-cc.ec:
+			case <-ctx.Done():
+				return
+			}
+			if e.ContainerName == "host" {
+				continue
+			}
+			ce := convert(e)
+			containerID := ce.containerID
+			if _, exists := cc.containers[containerID]; !exists {
+				container := model.NewContainer(ce.containerID, ce.containerName)
+				ch := make(chan containerEvent, eventBufferLen)
+				cc.cm.Lock()
+				cc.containers[containerID] = container
+				cc.cm.Unlock()
+				cc.containerCh[containerID] = ch
+				go func() {
+					log.L.WithField("container-id", containerID).Info("processLoop start")
+					err := processLoop(ctx, container, ch)
+					log.L.WithField("container-id", containerID).Info("processLoop exits")
+					if err != nil {
+						log.L.WithError(err).Error("")
+					}
+					cc.cm.Lock()
+					cc.containers[container.ID] = nil
+					cc.cm.Unlock()
+					cc.containerCh[container.ID] = nil
+					close(ch)
+				}()
+			}
+			ch := cc.containerCh[containerID]
+			ch <- ce
+		}
+	}()
+	return nil
+}
+
+func convert(e sysdig.Event) containerEvent {
+	res := containerEvent{}
+	res.containerID = e.ContainerID
+	res.containerName = e.ContainerName
+	res.bufferLen = e.EventBuflen
+	res.eventDir = e.EventDir
+	res.eventType = e.EventType
+	res.fdName = e.FdName
+	res.fdType = e.FdType
+	res.isIORead = e.EventIsIORead
+	res.isIOWrite = e.EventIsIOWrite
+	res.latency = e.EventLatency
+	res.rawRes = e.RawRes
+	res.syscallType = e.SyscallType
+	res.virtualtid = e.ThreadVirtualID
+	return res
+}

server/controller/container/util.go

@@ -2,16 +2,201 @@ package container
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"strconv"
+	"strings"
+	"time"
 
 	"github.com/YLonely/sysdig-monitor/log"
 	"github.com/YLonely/sysdig-monitor/server/model"
-	"github.com/YLonely/sysdig-monitor/sysdig"
 )
 
-func processLoop(ctx context.Context, c *model.Container, ch chan sysdig.Event) {
-	log.L.WithField("container-id", c.ID).Info("process loop start.")
-	for e := range ch {
+const latency100 = time.Millisecond * 100
+const latency10 = time.Millisecond * 10
+const latency1 = time.Millisecond * 1
 
+type containerEvent struct {
+	eventType           string
+	eventDir            string
+	containerID         string
+	containerName       string
+	fdType              string
+	fdName              string
+	isIOWrite, isIORead bool
+	bufferLen           int
+	latency             time.Duration
+	rawRes              int
+	syscallType         string
+	virtualtid          int
+}
+
+func processLoop(ctx context.Context, c *model.Container, ch chan containerEvent) error {
+	var e containerEvent
+	var err error
+	for {
+		select {
+		case e = <-ch:
+		case <-ctx.Done():
+			return nil
+		}
+		if e.containerID != c.ID {
+			return errors.New("event id mismatch")
+		}
+		// container exits
+		if e.eventType == "procexit" && e.virtualtid == 1 {
+			return nil
+		}
+		if e.eventDir == "<" {
+			if err = handleSysCall(c, e); err != nil {
+				log.L.WithError(err).WithField("container-id", c.ID).Error("syscall handler error")
+			}
+			if e.rawRes >= 0 && (e.isIORead || e.isIOWrite) {
+				if err = handleIO(c, e); err != nil {
+					//if something wrong happens, just log it out
+					log.L.WithField("container-id", c.ID).WithError(err).Error("io handle error")
+				}
+			} else {
+				// may have some other handler?
+				if err = handleNetwork(c, e); err != nil {
+					log.L.WithField("container-id", c.ID).WithError(err).Error("network handler error")
+				}
+			}
+		}
+	}
+}
+
+func handleSysCall(c *model.Container, e containerEvent) error {
+	syscall := e.syscallType
+	latency := e.latency
+	if len(syscall) <= 0 {
+		return nil
+	}
+	if _, exists := c.IndividualCalls[syscall]; !exists {
+		c.IndividualCalls[syscall] = &model.SystemCall{Name: syscall}
+	}
+	call := c.IndividualCalls[syscall]
+	call.Calls++
+	call.TotalTime += latency
+	c.SystemCalls.TotalCalls++
+	return nil
+}
+
+func handleIO(c *model.Container, e containerEvent) error {
+	if e.fdType == "file" {
+		return handleFileIO(c, e)
+	} else if e.fdType == "ipv4" || e.fdType == "ipv6" {
+		return handleNetIO(c, e)
+	}
+	return nil
+}
+
+func handleNetIO(c *model.Container, e containerEvent) error {
+	bufLen := e.bufferLen
+	meta, err := connectionMeta(e.fdName)
+	if err != nil {
+		return err
+	}
+	// if event shows that a net io begins before "connect" or "accpet",
+	// we just ignore the error sequence and add a new connection
+	if _, exists := c.ActiveConnections[meta]; !exists {
+		c.ActiveConnections[meta] = &model.Connection{Type: e.fdType}
+	}
+	conn := c.ActiveConnections[meta]
+	if e.isIORead {
+		conn.ReadIn += int64(bufLen)
+		c.Network.TotalReadIn += int64(bufLen)
+	} else if e.isIOWrite {
+		conn.WriteOut += int64(bufLen)
+		c.Network.TotalWriteOut += int64(bufLen)
+	}
+	return nil
+}
+
+func handleFileIO(c *model.Container, e containerEvent) error {
+	fileName := e.fdName
+	bufLen := e.bufferLen
+	if _, exists := c.AccessedFiles[fileName]; !exists {
+		c.AccessedFiles[fileName] = &model.File{Name: fileName}
+	}
+	file := c.AccessedFiles[fileName]
+	if e.isIOWrite {
+		file.WriteOut += int64(bufLen)
+		c.FileSystem.TotalWriteOut += int64(bufLen)
+	} else if e.isIORead {
+		file.ReadIn += int64(bufLen)
+		c.FileSystem.TotalReadIn += int64(bufLen)
+	}
+	latency := e.latency
+	if !strings.HasPrefix(e.fdName, "/dev/") {
+		iocall := &model.IOCall{FileName: fileName, Latency: latency}
+		if latency > latency100 {
+			c.IOCalls100 = append(c.IOCalls100, iocall)
+		}
+		if latency > latency10 {
+			c.IOCalls10 = append(c.IOCalls10, iocall)
+		}
+		if latency > latency1 {
+			c.IOCalls1 = append(c.IOCalls1, iocall)
+		}
+	}
+	return nil
+}
+
+func handleNetwork(c *model.Container, e containerEvent) error {
+	var (
+		meta model.ConnectionMeta
+		err  error
+	)
+	if e.eventType == "connect" || e.eventType == "accept" {
+		if meta, err = connectionMeta(e.fdName); err != nil {
+			return err
+		}
+		if _, exists := c.ActiveConnections[meta]; !exists {
+			c.ActiveConnections[meta] = &model.Connection{Type: e.fdType}
+		}
+	} else if e.eventType == "close" && !strings.HasPrefix(e.fdName, "/") {
+		if meta, err = connectionMeta(e.fdName); err != nil {
+			return err
+		}
+		// should return nonexists error?
+		if _, exists := c.ActiveConnections[meta]; exists {
+			c.ActiveConnections[meta] = nil
+		}
+	}
+	return nil
+}
+
+func connectionMeta(fdname string) (model.ConnectionMeta, error) {
+	parts := strings.Split(fdname, "->")
+	meta := model.ConnectionMeta{}
+	if len(parts) != 2 {
+		return meta, fmt.Errorf("wrong connection meta format:%v", fdname)
+	}
+	source, dest := parts[0], parts[1]
+
+	var err error
+	if meta.SourceIP, meta.SourcePort, err = splitAddress(source); err != nil {
+		return meta, err
+	}
+	if meta.DestIP, meta.DestPort, err = splitAddress(dest); err != nil {
+		return meta, err
+	}
+	return meta, nil
+}
+
+func splitAddress(address string) (string, int, error) {
+	var (
+		portStart, port int
+		err             error
+	)
+	if len(address) <= 0 {
+		return "", -1, errors.New("empty address")
+	}
+	for portStart := len(address) - 1; portStart >= 0 && address[portStart] != ':'; portStart-- {
+	}
+	if port, err = strconv.Atoi(address[portStart+1:]); err != nil {
+		return "", -1, fmt.Errorf("wrong address format:%v", address)
 	}
-	log.L.WithField("container-id", c.ID).Error("process loop unexpected exited.")
+	return address[:portStart], port, nil
 }

server/controller/controller.go

@@ -5,5 +5,6 @@ import (
 )
 
 type Controller interface {
+	// BindedRoutes return all the routes binded to the controller
 	BindedRoutes() []router.Route
 }

server/model/container.go

@@ -3,7 +3,8 @@ package model
 import "time"
 
 type Container struct {
-	ID string
+	ID   string
+	Name string
 
 	SystemCalls
 
@@ -12,27 +13,34 @@ type Container struct {
 	Network
 }
 
+func NewContainer(id, name string) *Container {
+	system := SystemCalls{IndividualCalls: map[string]*SystemCall{}}
+	fileSys := FileSystem{AccessedFiles: map[string]*File{}}
+	net := Network{ActiveConnections: map[ConnectionMeta]*Connection{}}
+	return &Container{ID: id, Name: name, SystemCalls: system, FileSystem: fileSys, Network: net}
+}
+
 type SystemCalls struct {
 	// map system call name to SystemCall
-	IndividualCalls map[string]SystemCall
+	IndividualCalls map[string]*SystemCall
 	TotalCalls      int64
 }
 
 type FileSystem struct {
 	// map file name to file
-	AccessedFiles map[string]File
+	AccessedFiles map[string]*File
 	// io calls whose latency is bigger than 1ms
-	IOCalls1 []IOCall
+	IOCalls1 []*IOCall
 	// io calls whose latency is bigger than 10ms
-	IOCalls10 []IOCall
+	IOCalls10 []*IOCall
 	// io calls whose latency is bigger than 100ms
-	IOCalls100    []IOCall
+	IOCalls100    []*IOCall
 	TotalReadIn   int64
 	TotalWriteOut int64
 }
 
 type Network struct {
-	ActiveConnections          map[ConnectionMeta]Connection
+	ActiveConnections          map[ConnectionMeta]*Connection
 	TotalReadIn, TotalWriteOut int64
 }
 
@@ -50,8 +58,8 @@ type File struct {
 }
 
 type Connection struct {
-	Type string
-	ConnectionMeta
+	// ipv4 or ipv6
+	Type     string
 	WriteOut int64
 	ReadIn   int64
 }