|
|
|
|
@@ -1,557 +0,0 @@
|
|
|
|
|
From 3d22309a7317d500f75d053af6f9e5b5b5728b40 Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: Jason Dellaluce <jasondellaluce@gmail.com>
|
|
|
|
|
Date: Mon, 22 May 2023 09:56:04 +0000
|
|
|
|
|
Subject: [PATCH 1/6] update(cmake): bump driver to 5.0.0+driver
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
|
|
|
|
|
---
|
|
|
|
|
cmake/modules/driver.cmake | 4 ++--
|
|
|
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
|
|
|
|
|
|
diff --git a/cmake/modules/driver.cmake b/cmake/modules/driver.cmake
|
|
|
|
|
index bee1926d3a..7fd35d7f99 100644
|
|
|
|
|
--- a/cmake/modules/driver.cmake
|
|
|
|
|
+++ b/cmake/modules/driver.cmake
|
|
|
|
|
@@ -31,8 +31,8 @@ else()
|
|
|
|
|
# In case you want to test against another driver version (or branch, or commit) just pass the variable -
|
|
|
|
|
# ie., `cmake -DDRIVER_VERSION=dev ..`
|
|
|
|
|
if(NOT DRIVER_VERSION)
|
|
|
|
|
- set(DRIVER_VERSION "4.0.1+driver")
|
|
|
|
|
- set(DRIVER_CHECKSUM "SHA256=424d647aa6b6fa45b6701c4bbc9293c161ed00a08254d83eea419c0a736f280d")
|
|
|
|
|
+ set(DRIVER_VERSION "5.0.0+driver")
|
|
|
|
|
+ set(DRIVER_CHECKSUM "SHA256=c988ca7ac7d174f62d1bfbaaca49efd117f7b329f474d1b46b643635b2e35083")
|
|
|
|
|
endif()
|
|
|
|
|
|
|
|
|
|
# cd /path/to/build && cmake /path/to/source
|
|
|
|
|
|
|
|
|
|
From 847e602404dcee85f06dde5a1d8ad0c740c49c98 Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: Jason Dellaluce <jasondellaluce@gmail.com>
|
|
|
|
|
Date: Mon, 22 May 2023 09:56:08 +0000
|
|
|
|
|
Subject: [PATCH 2/6] update(cmake): bump libs to 0.11.0-rc1
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
|
|
|
|
|
---
|
|
|
|
|
cmake/modules/falcosecurity-libs.cmake | 4 ++--
|
|
|
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
|
|
|
|
|
|
diff --git a/cmake/modules/falcosecurity-libs.cmake b/cmake/modules/falcosecurity-libs.cmake
|
|
|
|
|
index b345c057ad..f30233b9e3 100644
|
|
|
|
|
--- a/cmake/modules/falcosecurity-libs.cmake
|
|
|
|
|
+++ b/cmake/modules/falcosecurity-libs.cmake
|
|
|
|
|
@@ -32,8 +32,8 @@ else()
|
|
|
|
|
# In case you want to test against another falcosecurity/libs version (or branch, or commit) just pass the variable -
|
|
|
|
|
# ie., `cmake -DFALCOSECURITY_LIBS_VERSION=dev ..`
|
|
|
|
|
if(NOT FALCOSECURITY_LIBS_VERSION)
|
|
|
|
|
- set(FALCOSECURITY_LIBS_VERSION "0.10.5")
|
|
|
|
|
- set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=2a4b37c08bec4ba81326314831f341385aff267062e8d4483437958689662936")
|
|
|
|
|
+ set(FALCOSECURITY_LIBS_VERSION "0.11.0-rc1")
|
|
|
|
|
+ set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=bb6e57f66ae85dcda6e695226cd14082d9a1215902909cdde5b83f7abef44d8f")
|
|
|
|
|
endif()
|
|
|
|
|
|
|
|
|
|
# cd /path/to/build && cmake /path/to/source
|
|
|
|
|
|
|
|
|
|
From 1d1dbaf06265d8eefd4038e8474f71f7958ec840 Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: Jason Dellaluce <jasondellaluce@gmail.com>
|
|
|
|
|
Date: Mon, 22 May 2023 10:43:27 +0000
|
|
|
|
|
Subject: [PATCH 3/6] fix(cmake): solve c++17 compilation issues
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
|
|
|
|
|
---
|
|
|
|
|
CMakeLists.txt | 3 +++
|
|
|
|
|
cmake/modules/falcosecurity-libs.cmake | 10 +++++-----
|
|
|
|
|
2 files changed, 8 insertions(+), 5 deletions(-)
|
|
|
|
|
|
|
|
|
|
diff --git a/CMakeLists.txt b/CMakeLists.txt
|
|
|
|
|
index 0309d66633..6d28c6c67d 100644
|
|
|
|
|
--- a/CMakeLists.txt
|
|
|
|
|
+++ b/CMakeLists.txt
|
|
|
|
|
@@ -146,6 +146,9 @@ if(NOT DEFINED SYSDIG_COMPONENT_NAME)
|
|
|
|
|
set(SYSDIG_COMPONENT_NAME "${CMAKE_PROJECT_NAME}")
|
|
|
|
|
endif()
|
|
|
|
|
|
|
|
|
|
+set(CMAKE_CXX_STANDARD 17)
|
|
|
|
|
+set(CMAKE_CXX_EXTENSIONS OFF)
|
|
|
|
|
+
|
|
|
|
|
include(falcosecurity-libs)
|
|
|
|
|
include(yaml-cpp)
|
|
|
|
|
include(nlohmann-json)
|
|
|
|
|
diff --git a/cmake/modules/falcosecurity-libs.cmake b/cmake/modules/falcosecurity-libs.cmake
|
|
|
|
|
index f30233b9e3..fe5dacd7ad 100644
|
|
|
|
|
--- a/cmake/modules/falcosecurity-libs.cmake
|
|
|
|
|
+++ b/cmake/modules/falcosecurity-libs.cmake
|
|
|
|
|
@@ -94,12 +94,12 @@ else()
|
|
|
|
|
endif()
|
|
|
|
|
|
|
|
|
|
include(CheckCXXCompilerFlag)
|
|
|
|
|
-CHECK_CXX_COMPILER_FLAG("-std=c++14" COMPILER_SUPPORTS_CXX14)
|
|
|
|
|
-if(CREATE_TEST_TARGETS AND NOT WIN32 AND COMPILER_SUPPORTS_CXX14)
|
|
|
|
|
- set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++14")
|
|
|
|
|
+CHECK_CXX_COMPILER_FLAG("-std=c++17" COMPILER_SUPPORTS_CXX17)
|
|
|
|
|
+if(CREATE_TEST_TARGETS AND NOT WIN32 AND COMPILER_SUPPORTS_CXX17)
|
|
|
|
|
+ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++17")
|
|
|
|
|
include(gtest)
|
|
|
|
|
-elseif(CREATE_TEST_TARGETS AND NOT COMPILER_SUPPORTS_CXX14)
|
|
|
|
|
- message(FATAL_ERROR "Your compiler doesn't support c++14: cannot include gtest and create test targets.")
|
|
|
|
|
+elseif(CREATE_TEST_TARGETS AND NOT COMPILER_SUPPORTS_CXX17)
|
|
|
|
|
+ message(FATAL_ERROR "Your compiler doesn't support c++17: cannot include gtest and create test targets.")
|
|
|
|
|
endif()
|
|
|
|
|
|
|
|
|
|
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
|
|
|
|
|
|
|
|
|
|
From d5fcbad2d5ea63e1439ab7174a5cfd9a7a2e1545 Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: Jason Dellaluce <jasondellaluce@gmail.com>
|
|
|
|
|
Date: Mon, 22 May 2023 10:44:05 +0000
|
|
|
|
|
Subject: [PATCH 4/6] update(userspace): sync sysdig and csysdig with latest
|
|
|
|
|
libs
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
|
|
|
|
|
---
|
|
|
|
|
userspace/sysdig/csysdig.cpp | 6 +--
|
|
|
|
|
userspace/sysdig/sysdig.cpp | 9 +---
|
|
|
|
|
userspace/sysdig/utils/plugin_utils.cpp | 37 ++++++++++-----
|
|
|
|
|
userspace/sysdig/utils/sinsp_opener.cpp | 18 ++++----
|
|
|
|
|
userspace/sysdig/utils/supported_events.cpp | 50 +++++++++++----------
|
|
|
|
|
userspace/sysdig/utils/supported_fields.cpp | 15 +++----
|
|
|
|
|
6 files changed, 70 insertions(+), 65 deletions(-)
|
|
|
|
|
|
|
|
|
|
diff --git a/userspace/sysdig/csysdig.cpp b/userspace/sysdig/csysdig.cpp
|
|
|
|
|
index 9419882341..edd8129a0e 100644
|
|
|
|
|
--- a/userspace/sysdig/csysdig.cpp
|
|
|
|
|
+++ b/userspace/sysdig/csysdig.cpp
|
|
|
|
|
@@ -39,11 +39,11 @@ limitations under the License.
|
|
|
|
|
#include "chisel.h"
|
|
|
|
|
#include "chisel_utils.h"
|
|
|
|
|
#endif
|
|
|
|
|
-#include "fields_info.h"
|
|
|
|
|
#include "chisel_table.h"
|
|
|
|
|
#include "utils.h"
|
|
|
|
|
#include "utils/plugin_utils.h"
|
|
|
|
|
#include "utils/sinsp_opener.h"
|
|
|
|
|
+#include "utils/supported_fields.h"
|
|
|
|
|
|
|
|
|
|
#ifdef _WIN32
|
|
|
|
|
#include "win32/getopt.h"
|
|
|
|
|
@@ -704,8 +704,8 @@ sysdig_init_res csysdig_init(int argc, char **argv)
|
|
|
|
|
//
|
|
|
|
|
if(list_flds)
|
|
|
|
|
{
|
|
|
|
|
- list_fields(false, false);
|
|
|
|
|
-
|
|
|
|
|
+ // todo(jasondellaluce): support source selection, verbosity, markdown
|
|
|
|
|
+ print_supported_fields(inspector, plugins, "", true, false);
|
|
|
|
|
res.m_res = EXIT_SUCCESS;
|
|
|
|
|
goto exit;
|
|
|
|
|
}
|
|
|
|
|
diff --git a/userspace/sysdig/sysdig.cpp b/userspace/sysdig/sysdig.cpp
|
|
|
|
|
index 40f2b39ef9..a978070d73 100644
|
|
|
|
|
--- a/userspace/sysdig/sysdig.cpp
|
|
|
|
|
+++ b/userspace/sysdig/sysdig.cpp
|
|
|
|
|
@@ -43,7 +43,6 @@ limitations under the License.
|
|
|
|
|
#include "chisel_utils.h"
|
|
|
|
|
#include "chisel_fields_info.h"
|
|
|
|
|
#endif
|
|
|
|
|
-#include "fields_info.h"
|
|
|
|
|
#include "utils.h"
|
|
|
|
|
#include "plugin.h"
|
|
|
|
|
#include "plugin_manager.h"
|
|
|
|
|
@@ -455,8 +454,6 @@ void print_summary_table(sinsp* inspector,
|
|
|
|
|
std::vector<summary_table_entry> &summary_table,
|
|
|
|
|
uint32_t nentries)
|
|
|
|
|
{
|
|
|
|
|
- sinsp_evttables* einfo = inspector->get_event_info_tables();
|
|
|
|
|
-
|
|
|
|
|
std::cout << "----------------------\n";
|
|
|
|
|
std::string tstr = std::string("Event");
|
|
|
|
|
tstr.resize(16, ' ');
|
|
|
|
|
@@ -478,7 +475,7 @@ void print_summary_table(sinsp* inspector,
|
|
|
|
|
|
|
|
|
|
if(e.m_is_unsupported_syscall)
|
|
|
|
|
{
|
|
|
|
|
- tstr = einfo->m_syscall_info_table[e.m_id / 2].name;
|
|
|
|
|
+ tstr = scap_get_ppm_sc_name((ppm_sc_code) (e.m_id / 2));
|
|
|
|
|
tstr.resize(16, ' ');
|
|
|
|
|
|
|
|
|
|
printf("%s%s%" PRIu64 "\n",
|
|
|
|
|
@@ -488,7 +485,7 @@ void print_summary_table(sinsp* inspector,
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
- tstr = einfo->m_event_info[e.m_id].name;
|
|
|
|
|
+ tstr = libsinsp::events::info((ppm_event_code) e.m_id)->name;
|
|
|
|
|
tstr.resize(16, ' ');
|
|
|
|
|
|
|
|
|
|
printf("%s%s%" PRIu64 "\n",
|
|
|
|
|
@@ -1862,8 +1859,6 @@ sysdig_init_res sysdig_init(int argc, char **argv)
|
|
|
|
|
res.m_res = EXIT_FAILURE;
|
|
|
|
|
goto exit;
|
|
|
|
|
}
|
|
|
|
|
-
|
|
|
|
|
- inspector->filter_proc_table_when_saving(true);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
diff --git a/userspace/sysdig/utils/plugin_utils.cpp b/userspace/sysdig/utils/plugin_utils.cpp
|
|
|
|
|
index ad69543b3e..b99de98b66 100644
|
|
|
|
|
--- a/userspace/sysdig/utils/plugin_utils.cpp
|
|
|
|
|
+++ b/userspace/sysdig/utils/plugin_utils.cpp
|
|
|
|
|
@@ -146,6 +146,7 @@ void plugin_utils::plugin_entry::init(sinsp *inspector)
|
|
|
|
|
}
|
|
|
|
|
if (plugin->caps() & CAP_EXTRACTION)
|
|
|
|
|
{
|
|
|
|
|
+ // todo(jasondellaluce): manage field name conflicts
|
|
|
|
|
g_filterlist.add_filter_check(sinsp_plugin::new_filtercheck(plugin));
|
|
|
|
|
}
|
|
|
|
|
inited = true;
|
|
|
|
|
@@ -185,13 +186,30 @@ void plugin_utils::plugin_entry::print_info(sinsp* inspector, std::ostringstream
|
|
|
|
|
os << "Capabilities: " << std::endl;
|
|
|
|
|
if(plugin->caps() & CAP_SOURCING)
|
|
|
|
|
{
|
|
|
|
|
- os << " - Event Sourcing (ID=" << plugin->id();
|
|
|
|
|
- os << ", source='" << plugin->event_source() << "')" << std::endl;
|
|
|
|
|
+ os << " - Event Sourcing";
|
|
|
|
|
+ if (plugin->id() != 0)
|
|
|
|
|
+ {
|
|
|
|
|
+ os << " (ID=" << plugin->id();
|
|
|
|
|
+ os << ", source='" << plugin->event_source() << "')";
|
|
|
|
|
+ }
|
|
|
|
|
+ else
|
|
|
|
|
+ {
|
|
|
|
|
+ os << " (system events)";
|
|
|
|
|
+ }
|
|
|
|
|
+ os << std::endl;
|
|
|
|
|
}
|
|
|
|
|
if(plugin->caps() & CAP_EXTRACTION)
|
|
|
|
|
{
|
|
|
|
|
os << " - Field Extraction" << std::endl;
|
|
|
|
|
}
|
|
|
|
|
+ if(plugin->caps() & CAP_PARSING)
|
|
|
|
|
+ {
|
|
|
|
|
+ os << " - Event Parsing" << std::endl;
|
|
|
|
|
+ }
|
|
|
|
|
+ if(plugin->caps() & CAP_ASYNC)
|
|
|
|
|
+ {
|
|
|
|
|
+ os << " - Async Events" << std::endl;
|
|
|
|
|
+ }
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void plugin_utils::add_dir(std::string dirname, bool front_add)
|
|
|
|
|
@@ -609,7 +627,7 @@ std::vector<std::string> plugin_utils::get_event_sources(sinsp *inspector)
|
|
|
|
|
// the plugin, in case it was not registered already
|
|
|
|
|
pl.get_plugin(inspector);
|
|
|
|
|
}
|
|
|
|
|
- return inspector->get_plugin_manager()->sources();
|
|
|
|
|
+ return inspector->event_sources();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
std::vector<std::unique_ptr<sinsp_filter_check>> plugin_utils::get_filterchecks(sinsp *inspector, const std::string& source)
|
|
|
|
|
@@ -617,16 +635,13 @@ std::vector<std::unique_ptr<sinsp_filter_check>> plugin_utils::get_filterchecks(
|
|
|
|
|
std::vector<std::unique_ptr<sinsp_filter_check>> list;
|
|
|
|
|
list.push_back(std::unique_ptr<sinsp_filter_check>(inspector->new_generic_filtercheck()));
|
|
|
|
|
|
|
|
|
|
- // todo(jasondellaluce): remove this once we support extracting plugin fields from syscalls
|
|
|
|
|
- if (source != s_syscall_source)
|
|
|
|
|
+ for (auto &pl : m_plugins)
|
|
|
|
|
{
|
|
|
|
|
- for (auto &pl : m_plugins)
|
|
|
|
|
+ auto plugin = pl.get_plugin(inspector);
|
|
|
|
|
+ if (plugin->caps() & CAP_EXTRACTION
|
|
|
|
|
+ && sinsp_plugin::is_source_compatible(plugin->extract_event_sources(), source))
|
|
|
|
|
{
|
|
|
|
|
- auto plugin = pl.get_plugin(inspector);
|
|
|
|
|
- if (plugin->caps() & CAP_EXTRACTION && plugin->is_source_compatible(source))
|
|
|
|
|
- {
|
|
|
|
|
- list.push_back(std::unique_ptr<sinsp_filter_check>(sinsp_plugin::new_filtercheck(plugin)));
|
|
|
|
|
- }
|
|
|
|
|
+ list.push_back(std::unique_ptr<sinsp_filter_check>(sinsp_plugin::new_filtercheck(plugin)));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return list;
|
|
|
|
|
diff --git a/userspace/sysdig/utils/sinsp_opener.cpp b/userspace/sysdig/utils/sinsp_opener.cpp
|
|
|
|
|
index eafdb631d3..7315b99c7d 100644
|
|
|
|
|
--- a/userspace/sysdig/utils/sinsp_opener.cpp
|
|
|
|
|
+++ b/userspace/sysdig/utils/sinsp_opener.cpp
|
|
|
|
|
@@ -50,14 +50,12 @@ void sinsp_opener::open(sinsp* inspector) const
|
|
|
|
|
|
|
|
|
|
#if defined(HAS_CAPTURE)
|
|
|
|
|
/* Populate syscalls of interest */
|
|
|
|
|
- std::unordered_set<uint32_t> sc_of_interest = inspector->get_all_ppm_sc();
|
|
|
|
|
+ auto sc_of_interest = libsinsp::events::all_sc_set();
|
|
|
|
|
|
|
|
|
|
- /* Populate tracepoints of interest */
|
|
|
|
|
- std::unordered_set<uint32_t> tp_of_interest = inspector->get_all_tp();
|
|
|
|
|
if(!options.page_faults)
|
|
|
|
|
{
|
|
|
|
|
- tp_of_interest.erase(PAGE_FAULT_USER);
|
|
|
|
|
- tp_of_interest.erase(PAGE_FAULT_KERN);
|
|
|
|
|
+ sc_of_interest.remove(ppm_sc_code::PPM_SC_PAGE_FAULT_USER);
|
|
|
|
|
+ sc_of_interest.remove(ppm_sc_code::PPM_SC_PAGE_FAULT_KERNEL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(udig.enabled)
|
|
|
|
|
@@ -77,7 +75,7 @@ void sinsp_opener::open(sinsp* inspector) const
|
|
|
|
|
#ifdef HAS_MODERN_BPF
|
|
|
|
|
if(bpf.modern)
|
|
|
|
|
{
|
|
|
|
|
- inspector->open_modern_bpf(DEFAULT_DRIVER_BUFFER_BYTES_DIM, bpf.cpus_for_each_syscall_buffer, true, sc_of_interest, tp_of_interest);
|
|
|
|
|
+ inspector->open_modern_bpf(DEFAULT_DRIVER_BUFFER_BYTES_DIM, bpf.cpus_for_each_syscall_buffer, true, sc_of_interest);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
@@ -95,7 +93,7 @@ void sinsp_opener::open(sinsp* inspector) const
|
|
|
|
|
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
- inspector->open_bpf(probe, DEFAULT_DRIVER_BUFFER_BYTES_DIM, sc_of_interest, tp_of_interest);
|
|
|
|
|
+ inspector->open_bpf(probe, DEFAULT_DRIVER_BUFFER_BYTES_DIM, sc_of_interest);
|
|
|
|
|
}
|
|
|
|
|
catch(const sinsp_exception& e)
|
|
|
|
|
{
|
|
|
|
|
@@ -103,7 +101,7 @@ void sinsp_opener::open(sinsp* inspector) const
|
|
|
|
|
{
|
|
|
|
|
fprintf(stderr, "Unable to load the BPF probe\n");
|
|
|
|
|
}
|
|
|
|
|
- inspector->open_bpf(probe, DEFAULT_DRIVER_BUFFER_BYTES_DIM, sc_of_interest, tp_of_interest);
|
|
|
|
|
+ inspector->open_bpf(probe, DEFAULT_DRIVER_BUFFER_BYTES_DIM, sc_of_interest);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Enable gathering the CPU from the kernel module
|
|
|
|
|
@@ -114,7 +112,7 @@ void sinsp_opener::open(sinsp* inspector) const
|
|
|
|
|
// default to kernel module if no other option is specified
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
- inspector->open_kmod(DEFAULT_DRIVER_BUFFER_BYTES_DIM, sc_of_interest, tp_of_interest);
|
|
|
|
|
+ inspector->open_kmod(DEFAULT_DRIVER_BUFFER_BYTES_DIM, sc_of_interest);
|
|
|
|
|
}
|
|
|
|
|
catch(const sinsp_exception& e)
|
|
|
|
|
{
|
|
|
|
|
@@ -124,7 +122,7 @@ void sinsp_opener::open(sinsp* inspector) const
|
|
|
|
|
{
|
|
|
|
|
fprintf(stderr, "Unable to load the driver\n");
|
|
|
|
|
}
|
|
|
|
|
- inspector->open_kmod(DEFAULT_DRIVER_BUFFER_BYTES_DIM, sc_of_interest, tp_of_interest);
|
|
|
|
|
+ inspector->open_kmod(DEFAULT_DRIVER_BUFFER_BYTES_DIM, sc_of_interest);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Enable gathering the CPU from the kernel module
|
|
|
|
|
diff --git a/userspace/sysdig/utils/supported_events.cpp b/userspace/sysdig/utils/supported_events.cpp
|
|
|
|
|
index 1442911209..7f0d630011 100644
|
|
|
|
|
--- a/userspace/sysdig/utils/supported_events.cpp
|
|
|
|
|
+++ b/userspace/sysdig/utils/supported_events.cpp
|
|
|
|
|
@@ -27,25 +27,25 @@ struct event_entry
|
|
|
|
|
{
|
|
|
|
|
bool is_enter;
|
|
|
|
|
std::string name;
|
|
|
|
|
- struct ppm_event_info info;
|
|
|
|
|
+ const ppm_event_info* info;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
-static std::vector<event_entry> get_event_entries(sinsp* inspector, bool include_generics)
|
|
|
|
|
+static std::vector<event_entry> get_event_entries(bool include_generics)
|
|
|
|
|
{
|
|
|
|
|
event_entry entry;
|
|
|
|
|
std::vector<event_entry> events;
|
|
|
|
|
- const struct ppm_event_info* etable = inspector->get_event_info_tables()->m_event_info;
|
|
|
|
|
|
|
|
|
|
// skip generic events
|
|
|
|
|
- for(uint32_t evt = PPME_GENERIC_X + 1; evt < PPM_EVENT_MAX; evt++)
|
|
|
|
|
+ for(const auto& evt : libsinsp::events::all_event_set())
|
|
|
|
|
{
|
|
|
|
|
- if (!sinsp::is_old_version_event(evt)
|
|
|
|
|
- && !sinsp::is_unused_event(evt)
|
|
|
|
|
- && !sinsp::is_unknown_event(evt))
|
|
|
|
|
+ if (!libsinsp::events::is_generic(evt)
|
|
|
|
|
+ && !libsinsp::events::is_old_version_event(evt)
|
|
|
|
|
+ && !libsinsp::events::is_unused_event(evt)
|
|
|
|
|
+ && !libsinsp::events::is_unknown_event(evt))
|
|
|
|
|
{
|
|
|
|
|
entry.is_enter = PPME_IS_ENTER(evt);
|
|
|
|
|
- entry.name = etable[evt].name;
|
|
|
|
|
- entry.info = etable[evt];
|
|
|
|
|
+ entry.info = libsinsp::events::info(evt);
|
|
|
|
|
+ entry.name = entry.info->name;
|
|
|
|
|
events.push_back(entry);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
@@ -53,17 +53,19 @@ static std::vector<event_entry> get_event_entries(sinsp* inspector, bool include
|
|
|
|
|
if (include_generics)
|
|
|
|
|
{
|
|
|
|
|
// append generic events
|
|
|
|
|
- const auto generic_syscalls = inspector->get_events_names({PPME_GENERIC_E});
|
|
|
|
|
- for (const auto& name : generic_syscalls)
|
|
|
|
|
- {
|
|
|
|
|
- for(uint32_t evt = PPME_GENERIC_E; evt <= PPME_GENERIC_X; evt++)
|
|
|
|
|
- {
|
|
|
|
|
- entry.is_enter = PPME_IS_ENTER(evt);
|
|
|
|
|
- entry.name = name;
|
|
|
|
|
- entry.info = etable[evt];
|
|
|
|
|
- events.push_back(entry);
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
+ const auto names = libsinsp::events::event_set_to_names({ppm_event_code::PPME_GENERIC_E});
|
|
|
|
|
+ for (const auto& name : names)
|
|
|
|
|
+ {
|
|
|
|
|
+ entry.is_enter = PPME_IS_ENTER(ppm_event_code::PPME_GENERIC_E);
|
|
|
|
|
+ entry.info = libsinsp::events::info(ppm_event_code::PPME_GENERIC_E);
|
|
|
|
|
+ entry.name = name;
|
|
|
|
|
+ events.push_back(entry);
|
|
|
|
|
+
|
|
|
|
|
+ entry.is_enter = PPME_IS_ENTER(ppm_event_code::PPME_GENERIC_X);
|
|
|
|
|
+ entry.info = libsinsp::events::info(ppm_event_code::PPME_GENERIC_X);
|
|
|
|
|
+ entry.name = name;
|
|
|
|
|
+ events.push_back(entry);
|
|
|
|
|
+ }
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return events;
|
|
|
|
|
@@ -71,7 +73,7 @@ static std::vector<event_entry> get_event_entries(sinsp* inspector, bool include
|
|
|
|
|
|
|
|
|
|
void print_supported_events(sinsp* inspector, bool markdown)
|
|
|
|
|
{
|
|
|
|
|
- const auto events = get_event_entries(inspector, true);
|
|
|
|
|
+ const auto events = get_event_entries(true);
|
|
|
|
|
|
|
|
|
|
if(markdown)
|
|
|
|
|
{
|
|
|
|
|
@@ -91,15 +93,15 @@ void print_supported_events(sinsp* inspector, bool markdown)
|
|
|
|
|
printf("%c %s(", dir, e.name.c_str());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
- for(uint32_t k = 0; k < e.info.nparams; k++)
|
|
|
|
|
+ for(uint32_t k = 0; k < e.info->nparams; k++)
|
|
|
|
|
{
|
|
|
|
|
if(k != 0)
|
|
|
|
|
{
|
|
|
|
|
printf(", ");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
- printf("%s %s", param_type_to_string(e.info.params[k].type),
|
|
|
|
|
- e.info.params[k].name);
|
|
|
|
|
+ printf("%s %s", param_type_to_string(e.info->params[k].type),
|
|
|
|
|
+ e.info->params[k].name);
|
|
|
|
|
}
|
|
|
|
|
printf(")\n");
|
|
|
|
|
}
|
|
|
|
|
diff --git a/userspace/sysdig/utils/supported_fields.cpp b/userspace/sysdig/utils/supported_fields.cpp
|
|
|
|
|
index 6e2575b030..3127fb7220 100644
|
|
|
|
|
--- a/userspace/sysdig/utils/supported_fields.cpp
|
|
|
|
|
+++ b/userspace/sysdig/utils/supported_fields.cpp
|
|
|
|
|
@@ -35,11 +35,9 @@ void print_supported_fields(sinsp* inspector, plugin_utils& plugins, const std::
|
|
|
|
|
{
|
|
|
|
|
std::vector<fields_info> field_infos;
|
|
|
|
|
std::vector<std::unique_ptr<const sinsp_filter_check>> filtecheck_lists; // only used to retain memory until we finish
|
|
|
|
|
- std::vector<std::string> sources = { s_syscall_source };
|
|
|
|
|
+ std::vector<std::string> sources = plugins.get_event_sources(inspector);
|
|
|
|
|
|
|
|
|
|
// add event sources defined by the loaded plugins
|
|
|
|
|
- const auto& plugin_sources = plugins.get_event_sources(inspector);
|
|
|
|
|
- sources.insert(sources.end(), plugin_sources.begin(), plugin_sources.end());
|
|
|
|
|
if (!source.empty())
|
|
|
|
|
{
|
|
|
|
|
bool found = false;
|
|
|
|
|
@@ -66,7 +64,6 @@ void print_supported_fields(sinsp* inspector, plugin_utils& plugins, const std::
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
std::vector<const filter_check_info*> filterchecks;
|
|
|
|
|
- // todo(jasondellaluce): change this once we support extracting plugin fields from syscalls
|
|
|
|
|
if (src == s_syscall_source)
|
|
|
|
|
{
|
|
|
|
|
std::vector<const filter_check_info*> all_checks;
|
|
|
|
|
@@ -81,13 +78,11 @@ void print_supported_fields(sinsp* inspector, plugin_utils& plugins, const std::
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
- else
|
|
|
|
|
+
|
|
|
|
|
+ for (auto& check: plugins.get_filterchecks(inspector, src))
|
|
|
|
|
{
|
|
|
|
|
- for (auto& check: plugins.get_filterchecks(inspector, src))
|
|
|
|
|
- {
|
|
|
|
|
- filterchecks.push_back(check->get_fields());
|
|
|
|
|
- filtecheck_lists.push_back(std::move(check));
|
|
|
|
|
- }
|
|
|
|
|
+ filterchecks.push_back(check->get_fields());
|
|
|
|
|
+ filtecheck_lists.push_back(std::move(check));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const auto classes = sinsp_filter_factory::check_infos_to_fieldclass_infos(filterchecks);
|
|
|
|
|
|
|
|
|
|
From c8b0d055aec4d2378b7934dd9436fd4500d1021e Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: Jason Dellaluce <jasondellaluce@gmail.com>
|
|
|
|
|
Date: Mon, 22 May 2023 14:15:23 +0000
|
|
|
|
|
Subject: [PATCH 5/6] fix: solve compilation issues on windows
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
|
|
|
|
|
---
|
|
|
|
|
CMakeLists.txt | 3 +++
|
|
|
|
|
1 file changed, 3 insertions(+)
|
|
|
|
|
|
|
|
|
|
diff --git a/CMakeLists.txt b/CMakeLists.txt
|
|
|
|
|
index 6d28c6c67d..5afd967f27 100644
|
|
|
|
|
--- a/CMakeLists.txt
|
|
|
|
|
+++ b/CMakeLists.txt
|
|
|
|
|
@@ -148,6 +148,9 @@ endif()
|
|
|
|
|
|
|
|
|
|
set(CMAKE_CXX_STANDARD 17)
|
|
|
|
|
set(CMAKE_CXX_EXTENSIONS OFF)
|
|
|
|
|
+if(MSVC OR WIN32)
|
|
|
|
|
+ add_compile_definitions(_HAS_STD_BYTE=0)
|
|
|
|
|
+endif()
|
|
|
|
|
|
|
|
|
|
include(falcosecurity-libs)
|
|
|
|
|
include(yaml-cpp)
|
|
|
|
|
|
|
|
|
|
From 954e6fc6238f21d4870a491395d68a7dd3062aa9 Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: Roberto Scolaro <roberto.scolaro21@gmail.com>
|
|
|
|
|
Date: Mon, 5 Jun 2023 10:34:03 +0000
|
|
|
|
|
Subject: [PATCH 6/6] update(cmake): bump libs 0.11.0 + driver 5.0.1
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>
|
|
|
|
|
---
|
|
|
|
|
CMakeLists.txt | 2 +-
|
|
|
|
|
cmake/modules/driver.cmake | 4 ++--
|
|
|
|
|
cmake/modules/falcosecurity-libs.cmake | 4 ++--
|
|
|
|
|
3 files changed, 5 insertions(+), 5 deletions(-)
|
|
|
|
|
|
|
|
|
|
diff --git a/CMakeLists.txt b/CMakeLists.txt
|
|
|
|
|
index 5afd967f27..f3f23b5e9a 100644
|
|
|
|
|
--- a/CMakeLists.txt
|
|
|
|
|
+++ b/CMakeLists.txt
|
|
|
|
|
@@ -90,7 +90,7 @@ if(NOT WIN32)
|
|
|
|
|
endif()
|
|
|
|
|
|
|
|
|
|
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${CMAKE_COMMON_FLAGS}")
|
|
|
|
|
- set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${CMAKE_COMMON_FLAGS} -std=c++0x")
|
|
|
|
|
+ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${CMAKE_COMMON_FLAGS} -std=c++17")
|
|
|
|
|
|
|
|
|
|
set(CMAKE_C_FLAGS_DEBUG "${SYSDIG_DEBUG_FLAGS}")
|
|
|
|
|
set(CMAKE_CXX_FLAGS_DEBUG "${SYSDIG_DEBUG_FLAGS}")
|
|
|
|
|
diff --git a/cmake/modules/driver.cmake b/cmake/modules/driver.cmake
|
|
|
|
|
index 7fd35d7f99..ca1e56718c 100644
|
|
|
|
|
--- a/cmake/modules/driver.cmake
|
|
|
|
|
+++ b/cmake/modules/driver.cmake
|
|
|
|
|
@@ -31,8 +31,8 @@ else()
|
|
|
|
|
# In case you want to test against another driver version (or branch, or commit) just pass the variable -
|
|
|
|
|
# ie., `cmake -DDRIVER_VERSION=dev ..`
|
|
|
|
|
if(NOT DRIVER_VERSION)
|
|
|
|
|
- set(DRIVER_VERSION "5.0.0+driver")
|
|
|
|
|
- set(DRIVER_CHECKSUM "SHA256=c988ca7ac7d174f62d1bfbaaca49efd117f7b329f474d1b46b643635b2e35083")
|
|
|
|
|
+ set(DRIVER_VERSION "5.0.1+driver")
|
|
|
|
|
+ set(DRIVER_CHECKSUM "SHA256=8b197b916b6419dac8fb41807aa05d822164c7bfd2c3eef66d20d060a05a485a")
|
|
|
|
|
endif()
|
|
|
|
|
|
|
|
|
|
# cd /path/to/build && cmake /path/to/source
|
|
|
|
|
diff --git a/cmake/modules/falcosecurity-libs.cmake b/cmake/modules/falcosecurity-libs.cmake
|
|
|
|
|
index fe5dacd7ad..c626d7944e 100644
|
|
|
|
|
--- a/cmake/modules/falcosecurity-libs.cmake
|
|
|
|
|
+++ b/cmake/modules/falcosecurity-libs.cmake
|
|
|
|
|
@@ -32,8 +32,8 @@ else()
|
|
|
|
|
# In case you want to test against another falcosecurity/libs version (or branch, or commit) just pass the variable -
|
|
|
|
|
# ie., `cmake -DFALCOSECURITY_LIBS_VERSION=dev ..`
|
|
|
|
|
if(NOT FALCOSECURITY_LIBS_VERSION)
|
|
|
|
|
- set(FALCOSECURITY_LIBS_VERSION "0.11.0-rc1")
|
|
|
|
|
- set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=bb6e57f66ae85dcda6e695226cd14082d9a1215902909cdde5b83f7abef44d8f")
|
|
|
|
|
+ set(FALCOSECURITY_LIBS_VERSION "0.11.0")
|
|
|
|
|
+ set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=90414d00591986e94f2c49e7d65eef5c2dedee266354dd3db8234bb3b06c86fa")
|
|
|
|
|
endif()
|
|
|
|
|
|
|
|
|
|
# cd /path/to/build && cmake /path/to/source
|
Đoàn Trần Công Danh