diff --git a/collector/application/application.go b/collector/application/application.go index cc3ae987e..7a1a79891 100644 --- a/collector/application/application.go +++ b/collector/application/application.go @@ -16,7 +16,7 @@ import ( "github.com/Kindling-project/kindling/collector/consumer/processor/aggregateprocessor" "github.com/Kindling-project/kindling/collector/consumer/processor/k8sprocessor" "github.com/Kindling-project/kindling/collector/receiver" - "github.com/Kindling-project/kindling/collector/receiver/udsreceiver" + "github.com/Kindling-project/kindling/collector/receiver/cgoreceiver" "github.com/spf13/viper" "go.uber.org/multierr" ) @@ -73,7 +73,7 @@ func initFlags() error { } func (a *Application) registerFactory() { - a.componentsFactory.RegisterReceiver(udsreceiver.Uds, udsreceiver.NewUdsReceiver, &udsreceiver.Config{}) + a.componentsFactory.RegisterReceiver(cgoreceiver.Cgo, cgoreceiver.NewCgoReceiver, &cgoreceiver.Config{}) a.componentsFactory.RegisterAnalyzer(network.Network.String(), network.NewNetworkAnalyzer, &network.Config{}) a.componentsFactory.RegisterProcessor(k8sprocessor.K8sMetadata, k8sprocessor.NewKubernetesProcessor, &k8sprocessor.DefaultConfig) a.componentsFactory.RegisterExporter(otelexporter.Otel, otelexporter.NewExporter, &otelexporter.Config{}) @@ -130,8 +130,9 @@ func (a *Application) buildPipeline() error { return fmt.Errorf("error happened while creating analyzer manager: %w", err) } a.analyzerManager = analyzerManager - udsReceiverFactory := a.componentsFactory.Receivers[udsreceiver.Uds] - udsReceiver := udsReceiverFactory.NewFunc(udsReceiverFactory.Config, a.telemetry.Telemetry, analyzerManager) - a.receiver = udsReceiver + + cgoReceiverFactory := a.componentsFactory.Receivers[cgoreceiver.Cgo] + cgoReceiver := cgoReceiverFactory.NewFunc(cgoReceiverFactory.Config, a.telemetry.Telemetry, analyzerManager) + a.receiver = cgoReceiver return nil } diff --git a/collector/docker/Dockerfile b/collector/docker/Dockerfile index 0504d59ed..e42513037 100644 --- a/collector/docker/Dockerfile +++ b/collector/docker/Dockerfile @@ -1,9 +1,14 @@ FROM centos:7 -COPY libso/libzmq.so.5 /lib64/ +WORKDIR /app/ +RUN curl https://k8s-bpf-probes-public.oss-cn-hangzhou.aliyuncs.com/kindling-falcolib-probe-v0.3.0.tar.gz -o kindling-falcolib-probe.tar.gz --progress +COPY libso/libkindling.so /lib64/ RUN ldconfig +COPY kindling-probe-loader /usr/bin/kindling-probe-loader +RUN chmod +x /usr/bin/kindling-probe-loader COPY kindling-collector-config.yml /etc/kindling/config/ COPY kindling-collector /usr/bin/kindling-collector +COPY start.sh /app/ -CMD ["/usr/bin/kindling-collector", "--config=/etc/kindling/config/kindling-collector-config.yml"] +CMD ["sh", "start.sh"] diff --git a/collector/docker/DockerfileLocalProbe b/collector/docker/DockerfileLocalProbe new file mode 100644 index 000000000..1967d4de6 --- /dev/null +++ b/collector/docker/DockerfileLocalProbe @@ -0,0 +1,12 @@ +FROM centos:7 + +WORKDIR /app/ +COPY kindling-falcolib-probe.tar.gz ./ + +COPY libso/libkindling.so /lib64/ +RUN ldconfig + +COPY kindling-collector-config.yml /etc/kindling/config/ +COPY kindling-collector /usr/bin/kindling-collector + +CMD ["sh", "start.sh"] diff --git a/collector/docker/kindling-collector-config.yml b/collector/docker/kindling-collector-config.yml index 3d53416f6..0336bc504 100644 --- a/collector/docker/kindling-collector-config.yml +++ b/collector/docker/kindling-collector-config.yml @@ -1,35 +1,29 @@ receivers: - udsreceiver: - zeromqpull: - # Address for pulling events from probe - endpoint: ipc:///home/kindling-sub/0 - zeromqreq: - # Address for sending subscribe messages to probe - endpoint: ipc:///home/kindling/0 - subscribe: - - name: syscall_exit-writev - category: net - - name: syscall_exit-readv - category: net - - name: syscall_exit-write - category: net - - name: syscall_exit-read - category: net - - name: syscall_exit-sendto - category: net - - name: syscall_exit-recvfrom - category: net - - name: syscall_exit-sendmsg - category: net - - name: syscall_exit-recvmsg - category: net - - name: kprobe-tcp_close - - name: kprobe-tcp_rcv_established - - name: kprobe-tcp_drop - - name: kprobe-tcp_retransmit_skb - - name: syscall_exit-connect - - name: kretprobe-tcp_connect - - name: kprobe-tcp_set_state + cgoreceiver: + subscribe: + - name: syscall_exit-writev + category: net + - name: syscall_exit-readv + category: net + - name: syscall_exit-write + category: net + - name: syscall_exit-read + category: net + - name: syscall_exit-sendto + category: net + - name: syscall_exit-recvfrom + category: net + - name: syscall_exit-sendmsg + category: net + - name: syscall_exit-recvmsg + category: net + - name: kprobe-tcp_close + - name: kprobe-tcp_rcv_established + - name: kprobe-tcp_drop + - name: kprobe-tcp_retransmit_skb + - name: syscall_exit-connect + - name: kretprobe-tcp_connect + - name: kprobe-tcp_set_state analyzers: tcpconnectanalyzer: channel_size: 10000 diff --git a/probe/docker/kindling-probe-loader b/collector/docker/kindling-probe-loader similarity index 98% rename from probe/docker/kindling-probe-loader rename to collector/docker/kindling-probe-loader index 13f65129f..7d632173c 100644 --- a/probe/docker/kindling-probe-loader +++ b/collector/docker/kindling-probe-loader @@ -101,7 +101,7 @@ SCRIPT_NAME=$(basename "${0}") PROBE_NAME="kindling-falcolib-probe" MAX_RMMOD_WAIT=60 -tar -zxvf /pl/kindling-falcolib-probe.tar.gz -C /opt +tar -zxvf /app/kindling-falcolib-probe.tar.gz -C /opt mv /opt/kindling-falcolib-probe /opt/.kindling if [ -d /opt/kindling-extra-probe ]; then diff --git a/collector/docker/libso/libzmq.so.5 b/collector/docker/libso/libzmq.so.5 deleted file mode 100755 index 154f4aea0..000000000 Binary files a/collector/docker/libso/libzmq.so.5 and /dev/null differ diff --git a/collector/docker/start.sh b/collector/docker/start.sh new file mode 100644 index 000000000..346da003c --- /dev/null +++ b/collector/docker/start.sh @@ -0,0 +1,8 @@ + +/usr/bin/kindling-probe-loader + +if [ -f "/opt/probe.o" ]; then + export SYSDIG_BPF_PROBE="/opt/probe.o" +fi + +/usr/bin/kindling-collector --config=/etc/kindling/config/kindling-collector-config.yml \ No newline at end of file diff --git a/collector/go.sum b/collector/go.sum index 76a3c8a1a..25f15949b 100644 --- a/collector/go.sum +++ b/collector/go.sum @@ -578,6 +578,7 @@ golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRu golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug= golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= @@ -590,6 +591,7 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.5.0 h1:UG21uOlmZabA4fW5i7ZX6bjw1xELEGg/ZLgZq9auk/Q= golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -836,6 +838,7 @@ golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.5 h1:ouewzE6p+/VEB31YYnTbEJdi8pFqKp4P4n85vwo3DHA= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/collector/model/kindling_event.go b/collector/model/kindling_event.go new file mode 100644 index 000000000..1b5983231 --- /dev/null +++ b/collector/model/kindling_event.go @@ -0,0 +1,517 @@ +package model + +import "encoding/json" + +type Source int32 + +const ( + Source_SOURCE_UNKNOWN Source = 0 + Source_SYSCALL_ENTER Source = 1 + Source_SYSCALL_EXIT Source = 2 + Source_TRACEPOINT Source = 3 + Source_KRPOBE Source = 4 + Source_KRETPROBE Source = 5 + Source_UPROBE Source = 6 + Source_URETPROBE Source = 7 +) + +var Source_name = map[int32]string{ + 0: "SOURCE_UNKNOWN", + 1: "SYSCALL_ENTER", + 2: "SYSCALL_EXIT", + 3: "TRACEPOINT", + 4: "KRPOBE", + 5: "KRETPROBE", + 6: "UPROBE", + 7: "URETPROBE", +} + +var Source_value = map[string]int32{ + "SOURCE_UNKNOWN": 0, + "SYSCALL_ENTER": 1, + "SYSCALL_EXIT": 2, + "TRACEPOINT": 3, + "KRPOBE": 4, + "KRETPROBE": 5, + "UPROBE": 6, + "URETPROBE": 7, +} + +func (x Source) String() string { + return "SOURCE_UNKNOWN" +} + +type Category int32 + +const ( + Category_CAT_NONE Category = 0 + Category_CAT_OTHER Category = 1 + Category_CAT_FILE Category = 2 + Category_CAT_NET Category = 3 + Category_CAT_IPC Category = 4 + Category_CAT_WAIT Category = 5 + Category_CAT_SIGNAL Category = 6 + Category_CAT_SLEEP Category = 7 + Category_CAT_TIME Category = 8 + Category_CAT_PROCESS Category = 9 + Category_CAT_SCHEDULER Category = 10 + Category_CAT_MEMORY Category = 11 + Category_CAT_USER Category = 12 + Category_CAT_SYSTEM Category = 13 +) + +var Category_name = map[int32]string{ + 0: "CAT_NONE", + 1: "CAT_OTHER", + 2: "CAT_FILE", + 3: "CAT_NET", + 4: "CAT_IPC", + 5: "CAT_WAIT", + 6: "CAT_SIGNAL", + 7: "CAT_SLEEP", + 8: "CAT_TIME", + 9: "CAT_PROCESS", + 10: "CAT_SCHEDULER", + 11: "CAT_MEMORY", + 12: "CAT_USER", + 13: "CAT_SYSTEM", +} + +var Category_value = map[string]int32{ + "CAT_NONE": 0, + "CAT_OTHER": 1, + "CAT_FILE": 2, + "CAT_NET": 3, + "CAT_IPC": 4, + "CAT_WAIT": 5, + "CAT_SIGNAL": 6, + "CAT_SLEEP": 7, + "CAT_TIME": 8, + "CAT_PROCESS": 9, + "CAT_SCHEDULER": 10, + "CAT_MEMORY": 11, + "CAT_USER": 12, + "CAT_SYSTEM": 13, +} + +type ValueType int32 + +const ( + ValueType_NONE ValueType = 0 + ValueType_INT8 ValueType = 1 + ValueType_INT16 ValueType = 2 + ValueType_INT32 ValueType = 3 + ValueType_INT64 ValueType = 4 + ValueType_UINT8 ValueType = 5 + ValueType_UINT16 ValueType = 6 + ValueType_UINT32 ValueType = 7 + ValueType_UINT64 ValueType = 8 + ValueType_CHARBUF ValueType = 9 + ValueType_BYTEBUF ValueType = 10 + ValueType_FLOAT ValueType = 11 + ValueType_DOUBLE ValueType = 12 + ValueType_BOOL ValueType = 13 +) + +var ValueType_name = map[int32]string{ + 0: "NONE", + 1: "INT8", + 2: "INT16", + 3: "INT32", + 4: "INT64", + 5: "UINT8", + 6: "UINT16", + 7: "UINT32", + 8: "UINT64", + 9: "CHARBUF", + 10: "BYTEBUF", + 11: "FLOAT", + 12: "DOUBLE", + 13: "BOOL", +} + +var ValueType_value = map[string]int32{ + "NONE": 0, + "INT8": 1, + "INT16": 2, + "INT32": 3, + "INT64": 4, + "UINT8": 5, + "UINT16": 6, + "UINT32": 7, + "UINT64": 8, + "CHARBUF": 9, + "BYTEBUF": 10, + "FLOAT": 11, + "DOUBLE": 12, + "BOOL": 13, +} + +// File Descriptor type +type FDType int32 + +const ( + FDType_FD_UNKNOWN FDType = 0 + FDType_FD_FILE FDType = 1 + FDType_FD_DIRECTORY FDType = 2 + FDType_FD_IPV4_SOCK FDType = 3 + FDType_FD_IPV6_SOCK FDType = 4 + FDType_FD_IPV4_SERVSOCK FDType = 5 + FDType_FD_IPV6_SERVSOCK FDType = 6 + FDType_FD_FIFO FDType = 7 + FDType_FD_UNIX_SOCK FDType = 8 + FDType_FD_EVENT FDType = 9 + FDType_FD_UNSUPPORTED FDType = 10 + FDType_FD_SIGNALFD FDType = 11 + FDType_FD_EVENTPOLL FDType = 12 + FDType_FD_INOTIFY FDType = 13 + FDType_FD_TIMERFD FDType = 14 + FDType_FD_NETLINK FDType = 15 + FDType_FD_FILE_V2 FDType = 16 +) + +var FDType_name = map[int32]string{ + 0: "FD_UNKNOWN", + 1: "FD_FILE", + 2: "FD_DIRECTORY", + 3: "FD_IPV4_SOCK", + 4: "FD_IPV6_SOCK", + 5: "FD_IPV4_SERVSOCK", + 6: "FD_IPV6_SERVSOCK", + 7: "FD_FIFO", + 8: "FD_UNIX_SOCK", + 9: "FD_EVENT", + 10: "FD_UNSUPPORTED", + 11: "FD_SIGNALFD", + 12: "FD_EVENTPOLL", + 13: "FD_INOTIFY", + 14: "FD_TIMERFD", + 15: "FD_NETLINK", + 16: "FD_FILE_V2", +} + +var FDType_value = map[string]int32{ + "FD_UNKNOWN": 0, + "FD_FILE": 1, + "FD_DIRECTORY": 2, + "FD_IPV4_SOCK": 3, + "FD_IPV6_SOCK": 4, + "FD_IPV4_SERVSOCK": 5, + "FD_IPV6_SERVSOCK": 6, + "FD_FIFO": 7, + "FD_UNIX_SOCK": 8, + "FD_EVENT": 9, + "FD_UNSUPPORTED": 10, + "FD_SIGNALFD": 11, + "FD_EVENTPOLL": 12, + "FD_INOTIFY": 13, + "FD_TIMERFD": 14, + "FD_NETLINK": 15, + "FD_FILE_V2": 16, +} + +type L4Proto int32 + +const ( + L4Proto_UNKNOWN L4Proto = 0 + L4Proto_TCP L4Proto = 1 + L4Proto_UDP L4Proto = 2 + L4Proto_ICMP L4Proto = 3 + L4Proto_RAW L4Proto = 4 +) + +var L4Proto_name = map[int32]string{ + 0: "UNKNOWN", + 1: "TCP", + 2: "UDP", + 3: "ICMP", + 4: "RAW", +} + +var L4Proto_value = map[string]int32{ + "UNKNOWN": 0, + "TCP": 1, + "UDP": 2, + "ICMP": 3, + "RAW": 4, +} + +func (m *KindlingEvent) String() string { + data, _ := json.Marshal(&m) + return string(data) +} + +type KindlingEvent struct { + Source Source + // Timestamp in nanoseconds at which the event were collected. + Timestamp uint64 + // Name of Kindling Event + Name string + // Category of Kindling Event, enum + Category Category + // Number of UserAttributes + ParamsNumber uint16 + // User-defined Attributions of Kindling Event, now including latency for syscall. + UserAttributes [8]KeyValue + // Context includes Thread information and Fd information. + Ctx Context +} + +func (k *KindlingEvent) Reset() { + k.Ctx.FdInfo.Num = 0 + k.Ctx.ThreadInfo.Pid = 0 +} + +func (m *KindlingEvent) GetSource() Source { + if m != nil { + return m.Source + } + return Source_SOURCE_UNKNOWN +} + +func (m *KindlingEvent) GetTimestamp() uint64 { + if m != nil { + return m.Timestamp + } + return 0 +} + +func (m *KindlingEvent) GetName() string { + if m != nil { + return m.Name + } + return "" +} + +func (m *KindlingEvent) GetCategory() Category { + if m != nil { + return m.Category + } + return Category_CAT_NONE +} + +func (m *KindlingEvent) GetUserAttributes() *[8]KeyValue { + return &m.UserAttributes +} + +func (m *KindlingEvent) GetCtx() *Context { + return &m.Ctx +} + +type KeyValue struct { + // Arguments' Name or Attributions' Name. + Key string + // Type of Value. + ValueType ValueType + // Value of Key in bytes, should be converted according to ValueType. + Value []byte +} + +func (m *KeyValue) GetKey() string { + if m != nil { + return m.Key + } + return "" +} + +func (m *KeyValue) GetValueType() ValueType { + if m != nil { + return m.ValueType + } + return ValueType_NONE +} + +func (m *KeyValue) GetValue() []byte { + if m != nil { + return m.Value + } + return nil +} + +type Context struct { + // Thread information corresponding to Kindling Event, optional. + ThreadInfo Thread + // Fd information corresponding to Kindling Event, optional. + FdInfo Fd +} + +func (m *Context) GetThreadInfo() *Thread { + return &m.ThreadInfo +} + +func (m *Context) GetFdInfo() *Fd { + return &m.FdInfo +} + +type Thread struct { + // Process id of thread. + Pid uint32 + // Thread/task id of thread. + Tid uint32 + // User id of thread + Uid uint32 + // Group id of thread + Gid uint32 + // Command of thread. + Comm string + // ContainerId of thread + ContainerId string + // ContainerName of thread + ContainerName string +} + +func (m *Thread) GetPid() uint32 { + if m != nil { + return m.Pid + } + return 0 +} + +func (m *Thread) GetTid() uint32 { + if m != nil { + return m.Tid + } + return 0 +} + +func (m *Thread) GetUid() uint32 { + if m != nil { + return m.Uid + } + return 0 +} + +func (m *Thread) GetGid() uint32 { + if m != nil { + return m.Gid + } + return 0 +} + +func (m *Thread) GetComm() string { + if m != nil { + return m.Comm + } + return "" +} + +func (m *Thread) GetContainerId() string { + if m != nil { + return m.ContainerId + } + return "" +} + +func (m *Thread) GetContainerName() string { + if m != nil { + return m.ContainerName + } + return "" +} + +type Fd struct { + // FD number. + Num int32 + // Type of FD in enum. + TypeFd FDType + // if FD is type of file + Filename string + Directory string + // if FD is type of ipv4 or ipv6 + Protocol L4Proto + // repeated for ipv6, client_ip[0] for ipv4 + Role bool + Sip []uint32 + Dip []uint32 + Sport uint32 + Dport uint32 + // if FD is type of unix_sock + // Source socket endpoint + Source uint64 + // Destination socket endpoint + Destination uint64 +} + +func (m *Fd) GetNum() int32 { + if m != nil { + return m.Num + } + return 0 +} + +func (m *Fd) GetTypeFd() FDType { + if m != nil { + return m.TypeFd + } + return FDType_FD_UNKNOWN +} + +func (m *Fd) GetFilename() string { + if m != nil { + return m.Filename + } + return "" +} + +func (m *Fd) GetDirectory() string { + if m != nil { + return m.Directory + } + return "" +} + +func (m *Fd) GetProtocol() L4Proto { + if m != nil { + return m.Protocol + } + return L4Proto_UNKNOWN +} + +func (m *Fd) GetRole() bool { + if m != nil { + return m.Role + } + return false +} + +func (m *Fd) GetSip() []uint32 { + if m != nil { + return m.Sip + } + return nil +} + +func (m *Fd) GetDip() []uint32 { + if m != nil { + return m.Dip + } + return nil +} + +func (m *Fd) GetSport() uint32 { + if m != nil { + return m.Sport + } + return 0 +} + +func (m *Fd) GetDport() uint32 { + if m != nil { + return m.Dport + } + return 0 +} + +func (m *Fd) GetSource() uint64 { + if m != nil { + return m.Source + } + return 0 +} + +func (m *Fd) GetDestination() uint64 { + if m != nil { + return m.Destination + } + return 0 +} diff --git a/collector/model/kindling_event.pb.go b/collector/model/kindling_event.pb.go deleted file mode 100644 index 385822ca0..000000000 --- a/collector/model/kindling_event.pb.go +++ /dev/null @@ -1,895 +0,0 @@ -// Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: kindling_event.proto - -package model - -import ( - fmt "fmt" - proto "github.com/gogo/protobuf/proto" - math "math" -) - -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package - -type Source int32 - -const ( - Source_SOURCE_UNKNOWN Source = 0 - Source_SYSCALL_ENTER Source = 1 - Source_SYSCALL_EXIT Source = 2 - Source_TRACEPOINT Source = 3 - Source_KRPOBE Source = 4 - Source_KRETPROBE Source = 5 - Source_UPROBE Source = 6 - Source_URETPROBE Source = 7 -) - -var Source_name = map[int32]string{ - 0: "SOURCE_UNKNOWN", - 1: "SYSCALL_ENTER", - 2: "SYSCALL_EXIT", - 3: "TRACEPOINT", - 4: "KRPOBE", - 5: "KRETPROBE", - 6: "UPROBE", - 7: "URETPROBE", -} - -var Source_value = map[string]int32{ - "SOURCE_UNKNOWN": 0, - "SYSCALL_ENTER": 1, - "SYSCALL_EXIT": 2, - "TRACEPOINT": 3, - "KRPOBE": 4, - "KRETPROBE": 5, - "UPROBE": 6, - "URETPROBE": 7, -} - -func (x Source) String() string { - return proto.EnumName(Source_name, int32(x)) -} - -func (Source) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_81bb5d1665ce2a0c, []int{0} -} - -type Category int32 - -const ( - Category_CAT_NONE Category = 0 - Category_CAT_OTHER Category = 1 - Category_CAT_FILE Category = 2 - Category_CAT_NET Category = 3 - Category_CAT_IPC Category = 4 - Category_CAT_WAIT Category = 5 - Category_CAT_SIGNAL Category = 6 - Category_CAT_SLEEP Category = 7 - Category_CAT_TIME Category = 8 - Category_CAT_PROCESS Category = 9 - Category_CAT_SCHEDULER Category = 10 - Category_CAT_MEMORY Category = 11 - Category_CAT_USER Category = 12 - Category_CAT_SYSTEM Category = 13 -) - -var Category_name = map[int32]string{ - 0: "CAT_NONE", - 1: "CAT_OTHER", - 2: "CAT_FILE", - 3: "CAT_NET", - 4: "CAT_IPC", - 5: "CAT_WAIT", - 6: "CAT_SIGNAL", - 7: "CAT_SLEEP", - 8: "CAT_TIME", - 9: "CAT_PROCESS", - 10: "CAT_SCHEDULER", - 11: "CAT_MEMORY", - 12: "CAT_USER", - 13: "CAT_SYSTEM", -} - -var Category_value = map[string]int32{ - "CAT_NONE": 0, - "CAT_OTHER": 1, - "CAT_FILE": 2, - "CAT_NET": 3, - "CAT_IPC": 4, - "CAT_WAIT": 5, - "CAT_SIGNAL": 6, - "CAT_SLEEP": 7, - "CAT_TIME": 8, - "CAT_PROCESS": 9, - "CAT_SCHEDULER": 10, - "CAT_MEMORY": 11, - "CAT_USER": 12, - "CAT_SYSTEM": 13, -} - -func (x Category) String() string { - return proto.EnumName(Category_name, int32(x)) -} - -func (Category) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_81bb5d1665ce2a0c, []int{1} -} - -type ValueType int32 - -const ( - ValueType_NONE ValueType = 0 - ValueType_INT8 ValueType = 1 - ValueType_INT16 ValueType = 2 - ValueType_INT32 ValueType = 3 - ValueType_INT64 ValueType = 4 - ValueType_UINT8 ValueType = 5 - ValueType_UINT16 ValueType = 6 - ValueType_UINT32 ValueType = 7 - ValueType_UINT64 ValueType = 8 - ValueType_CHARBUF ValueType = 9 - ValueType_BYTEBUF ValueType = 10 - ValueType_FLOAT ValueType = 11 - ValueType_DOUBLE ValueType = 12 - ValueType_BOOL ValueType = 13 -) - -var ValueType_name = map[int32]string{ - 0: "NONE", - 1: "INT8", - 2: "INT16", - 3: "INT32", - 4: "INT64", - 5: "UINT8", - 6: "UINT16", - 7: "UINT32", - 8: "UINT64", - 9: "CHARBUF", - 10: "BYTEBUF", - 11: "FLOAT", - 12: "DOUBLE", - 13: "BOOL", -} - -var ValueType_value = map[string]int32{ - "NONE": 0, - "INT8": 1, - "INT16": 2, - "INT32": 3, - "INT64": 4, - "UINT8": 5, - "UINT16": 6, - "UINT32": 7, - "UINT64": 8, - "CHARBUF": 9, - "BYTEBUF": 10, - "FLOAT": 11, - "DOUBLE": 12, - "BOOL": 13, -} - -func (x ValueType) String() string { - return proto.EnumName(ValueType_name, int32(x)) -} - -func (ValueType) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_81bb5d1665ce2a0c, []int{2} -} - -// File Descriptor type -type FDType int32 - -const ( - FDType_FD_UNKNOWN FDType = 0 - FDType_FD_FILE FDType = 1 - FDType_FD_DIRECTORY FDType = 2 - FDType_FD_IPV4_SOCK FDType = 3 - FDType_FD_IPV6_SOCK FDType = 4 - FDType_FD_IPV4_SERVSOCK FDType = 5 - FDType_FD_IPV6_SERVSOCK FDType = 6 - FDType_FD_FIFO FDType = 7 - FDType_FD_UNIX_SOCK FDType = 8 - FDType_FD_EVENT FDType = 9 - FDType_FD_UNSUPPORTED FDType = 10 - FDType_FD_SIGNALFD FDType = 11 - FDType_FD_EVENTPOLL FDType = 12 - FDType_FD_INOTIFY FDType = 13 - FDType_FD_TIMERFD FDType = 14 - FDType_FD_NETLINK FDType = 15 - FDType_FD_FILE_V2 FDType = 16 -) - -var FDType_name = map[int32]string{ - 0: "FD_UNKNOWN", - 1: "FD_FILE", - 2: "FD_DIRECTORY", - 3: "FD_IPV4_SOCK", - 4: "FD_IPV6_SOCK", - 5: "FD_IPV4_SERVSOCK", - 6: "FD_IPV6_SERVSOCK", - 7: "FD_FIFO", - 8: "FD_UNIX_SOCK", - 9: "FD_EVENT", - 10: "FD_UNSUPPORTED", - 11: "FD_SIGNALFD", - 12: "FD_EVENTPOLL", - 13: "FD_INOTIFY", - 14: "FD_TIMERFD", - 15: "FD_NETLINK", - 16: "FD_FILE_V2", -} - -var FDType_value = map[string]int32{ - "FD_UNKNOWN": 0, - "FD_FILE": 1, - "FD_DIRECTORY": 2, - "FD_IPV4_SOCK": 3, - "FD_IPV6_SOCK": 4, - "FD_IPV4_SERVSOCK": 5, - "FD_IPV6_SERVSOCK": 6, - "FD_FIFO": 7, - "FD_UNIX_SOCK": 8, - "FD_EVENT": 9, - "FD_UNSUPPORTED": 10, - "FD_SIGNALFD": 11, - "FD_EVENTPOLL": 12, - "FD_INOTIFY": 13, - "FD_TIMERFD": 14, - "FD_NETLINK": 15, - "FD_FILE_V2": 16, -} - -func (x FDType) String() string { - return proto.EnumName(FDType_name, int32(x)) -} - -func (FDType) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_81bb5d1665ce2a0c, []int{3} -} - -type L4Proto int32 - -const ( - L4Proto_UNKNOWN L4Proto = 0 - L4Proto_TCP L4Proto = 1 - L4Proto_UDP L4Proto = 2 - L4Proto_ICMP L4Proto = 3 - L4Proto_RAW L4Proto = 4 -) - -var L4Proto_name = map[int32]string{ - 0: "UNKNOWN", - 1: "TCP", - 2: "UDP", - 3: "ICMP", - 4: "RAW", -} - -var L4Proto_value = map[string]int32{ - "UNKNOWN": 0, - "TCP": 1, - "UDP": 2, - "ICMP": 3, - "RAW": 4, -} - -func (x L4Proto) String() string { - return proto.EnumName(L4Proto_name, int32(x)) -} - -func (L4Proto) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_81bb5d1665ce2a0c, []int{4} -} - -type KindlingEventList struct { - KindlingEventList []*KindlingEvent `protobuf:"bytes,1,rep,name=kindling_event_list,json=kindlingEventList,proto3" json:"kindling_event_list,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *KindlingEventList) Reset() { *m = KindlingEventList{} } -func (m *KindlingEventList) String() string { return proto.CompactTextString(m) } -func (*KindlingEventList) ProtoMessage() {} -func (*KindlingEventList) Descriptor() ([]byte, []int) { - return fileDescriptor_81bb5d1665ce2a0c, []int{0} -} -func (m *KindlingEventList) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_KindlingEventList.Unmarshal(m, b) -} -func (m *KindlingEventList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_KindlingEventList.Marshal(b, m, deterministic) -} -func (m *KindlingEventList) XXX_Merge(src proto.Message) { - xxx_messageInfo_KindlingEventList.Merge(m, src) -} -func (m *KindlingEventList) XXX_Size() int { - return xxx_messageInfo_KindlingEventList.Size(m) -} -func (m *KindlingEventList) XXX_DiscardUnknown() { - xxx_messageInfo_KindlingEventList.DiscardUnknown(m) -} - -var xxx_messageInfo_KindlingEventList proto.InternalMessageInfo - -func (m *KindlingEventList) GetKindlingEventList() []*KindlingEvent { - if m != nil { - return m.KindlingEventList - } - return nil -} - -type KindlingEvent struct { - Source Source `protobuf:"varint,1,opt,name=source,proto3,enum=kindling.Source" json:"source,omitempty"` - // Timestamp in nanoseconds at which the event were collected. - Timestamp uint64 `protobuf:"varint,2,opt,name=timestamp,proto3" json:"timestamp,omitempty"` - // Name of Kindling Event - Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` - // Category of Kindling Event, enum - Category Category `protobuf:"varint,4,opt,name=category,proto3,enum=kindling.Category" json:"category,omitempty"` - // Native attributes of hook point, including arguments or return value. - NativeAttributes *Property `protobuf:"bytes,5,opt,name=Native_attributes,json=NativeAttributes,proto3" json:"Native_attributes,omitempty"` - // User-defined Attributions of Kindling Event, now including latency for syscall. - UserAttributes []*KeyValue `protobuf:"bytes,6,rep,name=user_attributes,json=userAttributes,proto3" json:"user_attributes,omitempty"` - // Context includes Thread information and Fd information. - Ctx *Context `protobuf:"bytes,7,opt,name=ctx,proto3" json:"ctx,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *KindlingEvent) Reset() { *m = KindlingEvent{} } -func (m *KindlingEvent) String() string { return proto.CompactTextString(m) } -func (*KindlingEvent) ProtoMessage() {} -func (*KindlingEvent) Descriptor() ([]byte, []int) { - return fileDescriptor_81bb5d1665ce2a0c, []int{1} -} -func (m *KindlingEvent) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_KindlingEvent.Unmarshal(m, b) -} -func (m *KindlingEvent) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_KindlingEvent.Marshal(b, m, deterministic) -} -func (m *KindlingEvent) XXX_Merge(src proto.Message) { - xxx_messageInfo_KindlingEvent.Merge(m, src) -} -func (m *KindlingEvent) XXX_Size() int { - return xxx_messageInfo_KindlingEvent.Size(m) -} -func (m *KindlingEvent) XXX_DiscardUnknown() { - xxx_messageInfo_KindlingEvent.DiscardUnknown(m) -} - -var xxx_messageInfo_KindlingEvent proto.InternalMessageInfo - -func (m *KindlingEvent) GetSource() Source { - if m != nil { - return m.Source - } - return Source_SOURCE_UNKNOWN -} - -func (m *KindlingEvent) GetTimestamp() uint64 { - if m != nil { - return m.Timestamp - } - return 0 -} - -func (m *KindlingEvent) GetName() string { - if m != nil { - return m.Name - } - return "" -} - -func (m *KindlingEvent) GetCategory() Category { - if m != nil { - return m.Category - } - return Category_CAT_NONE -} - -func (m *KindlingEvent) GetNativeAttributes() *Property { - if m != nil { - return m.NativeAttributes - } - return nil -} - -func (m *KindlingEvent) GetUserAttributes() []*KeyValue { - if m != nil { - return m.UserAttributes - } - return nil -} - -func (m *KindlingEvent) GetCtx() *Context { - if m != nil { - return m.Ctx - } - return nil -} - -type Property struct { - // If type of syscall_enter, kprobe, uprobe, tracepoint - Args []*KeyValue `protobuf:"bytes,1,rep,name=args,proto3" json:"args,omitempty"` - // If type of syscall_exit, kretprobe, uretprobe - Ret []*KeyValue `protobuf:"bytes,2,rep,name=ret,proto3" json:"ret,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *Property) Reset() { *m = Property{} } -func (m *Property) String() string { return proto.CompactTextString(m) } -func (*Property) ProtoMessage() {} -func (*Property) Descriptor() ([]byte, []int) { - return fileDescriptor_81bb5d1665ce2a0c, []int{2} -} -func (m *Property) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Property.Unmarshal(m, b) -} -func (m *Property) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Property.Marshal(b, m, deterministic) -} -func (m *Property) XXX_Merge(src proto.Message) { - xxx_messageInfo_Property.Merge(m, src) -} -func (m *Property) XXX_Size() int { - return xxx_messageInfo_Property.Size(m) -} -func (m *Property) XXX_DiscardUnknown() { - xxx_messageInfo_Property.DiscardUnknown(m) -} - -var xxx_messageInfo_Property proto.InternalMessageInfo - -func (m *Property) GetArgs() []*KeyValue { - if m != nil { - return m.Args - } - return nil -} - -func (m *Property) GetRet() []*KeyValue { - if m != nil { - return m.Ret - } - return nil -} - -type KeyValue struct { - // Arguments' Name or Attributions' Name. - Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` - // Type of Value. - ValueType ValueType `protobuf:"varint,2,opt,name=value_type,json=valueType,proto3,enum=kindling.ValueType" json:"value_type,omitempty"` - // Value of Key in bytes, should be converted according to ValueType. - Value []byte `protobuf:"bytes,3,opt,name=value,proto3" json:"value,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *KeyValue) Reset() { *m = KeyValue{} } -func (m *KeyValue) String() string { return proto.CompactTextString(m) } -func (*KeyValue) ProtoMessage() {} -func (*KeyValue) Descriptor() ([]byte, []int) { - return fileDescriptor_81bb5d1665ce2a0c, []int{3} -} -func (m *KeyValue) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_KeyValue.Unmarshal(m, b) -} -func (m *KeyValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_KeyValue.Marshal(b, m, deterministic) -} -func (m *KeyValue) XXX_Merge(src proto.Message) { - xxx_messageInfo_KeyValue.Merge(m, src) -} -func (m *KeyValue) XXX_Size() int { - return xxx_messageInfo_KeyValue.Size(m) -} -func (m *KeyValue) XXX_DiscardUnknown() { - xxx_messageInfo_KeyValue.DiscardUnknown(m) -} - -var xxx_messageInfo_KeyValue proto.InternalMessageInfo - -func (m *KeyValue) GetKey() string { - if m != nil { - return m.Key - } - return "" -} - -func (m *KeyValue) GetValueType() ValueType { - if m != nil { - return m.ValueType - } - return ValueType_NONE -} - -func (m *KeyValue) GetValue() []byte { - if m != nil { - return m.Value - } - return nil -} - -type Context struct { - // Thread information corresponding to Kindling Event, optional. - ThreadInfo *Thread `protobuf:"bytes,1,opt,name=thread_info,json=threadInfo,proto3" json:"thread_info,omitempty"` - // Fd information corresponding to Kindling Event, optional. - FdInfo *Fd `protobuf:"bytes,2,opt,name=fd_info,json=fdInfo,proto3" json:"fd_info,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *Context) Reset() { *m = Context{} } -func (m *Context) String() string { return proto.CompactTextString(m) } -func (*Context) ProtoMessage() {} -func (*Context) Descriptor() ([]byte, []int) { - return fileDescriptor_81bb5d1665ce2a0c, []int{4} -} -func (m *Context) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Context.Unmarshal(m, b) -} -func (m *Context) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Context.Marshal(b, m, deterministic) -} -func (m *Context) XXX_Merge(src proto.Message) { - xxx_messageInfo_Context.Merge(m, src) -} -func (m *Context) XXX_Size() int { - return xxx_messageInfo_Context.Size(m) -} -func (m *Context) XXX_DiscardUnknown() { - xxx_messageInfo_Context.DiscardUnknown(m) -} - -var xxx_messageInfo_Context proto.InternalMessageInfo - -func (m *Context) GetThreadInfo() *Thread { - if m != nil { - return m.ThreadInfo - } - return nil -} - -func (m *Context) GetFdInfo() *Fd { - if m != nil { - return m.FdInfo - } - return nil -} - -type Thread struct { - // Process id of thread. - Pid uint32 `protobuf:"varint,1,opt,name=pid,proto3" json:"pid,omitempty"` - // Thread/task id of thread. - Tid uint32 `protobuf:"varint,2,opt,name=tid,proto3" json:"tid,omitempty"` - // User id of thread - Uid uint32 `protobuf:"varint,3,opt,name=uid,proto3" json:"uid,omitempty"` - // Group id of thread - Gid uint32 `protobuf:"varint,4,opt,name=gid,proto3" json:"gid,omitempty"` - // Command of thread. - Comm string `protobuf:"bytes,5,opt,name=comm,proto3" json:"comm,omitempty"` - // ContainerId of thread - ContainerId string `protobuf:"bytes,6,opt,name=container_id,json=containerId,proto3" json:"container_id,omitempty"` - // ContainerName of thread - ContainerName string `protobuf:"bytes,7,opt,name=container_name,json=containerName,proto3" json:"container_name,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *Thread) Reset() { *m = Thread{} } -func (m *Thread) String() string { return proto.CompactTextString(m) } -func (*Thread) ProtoMessage() {} -func (*Thread) Descriptor() ([]byte, []int) { - return fileDescriptor_81bb5d1665ce2a0c, []int{5} -} -func (m *Thread) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Thread.Unmarshal(m, b) -} -func (m *Thread) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Thread.Marshal(b, m, deterministic) -} -func (m *Thread) XXX_Merge(src proto.Message) { - xxx_messageInfo_Thread.Merge(m, src) -} -func (m *Thread) XXX_Size() int { - return xxx_messageInfo_Thread.Size(m) -} -func (m *Thread) XXX_DiscardUnknown() { - xxx_messageInfo_Thread.DiscardUnknown(m) -} - -var xxx_messageInfo_Thread proto.InternalMessageInfo - -func (m *Thread) GetPid() uint32 { - if m != nil { - return m.Pid - } - return 0 -} - -func (m *Thread) GetTid() uint32 { - if m != nil { - return m.Tid - } - return 0 -} - -func (m *Thread) GetUid() uint32 { - if m != nil { - return m.Uid - } - return 0 -} - -func (m *Thread) GetGid() uint32 { - if m != nil { - return m.Gid - } - return 0 -} - -func (m *Thread) GetComm() string { - if m != nil { - return m.Comm - } - return "" -} - -func (m *Thread) GetContainerId() string { - if m != nil { - return m.ContainerId - } - return "" -} - -func (m *Thread) GetContainerName() string { - if m != nil { - return m.ContainerName - } - return "" -} - -type Fd struct { - // FD number. - Num int32 `protobuf:"varint,1,opt,name=num,proto3" json:"num,omitempty"` - // Type of FD in enum. - TypeFd FDType `protobuf:"varint,2,opt,name=type_fd,json=typeFd,proto3,enum=kindling.FDType" json:"type_fd,omitempty"` - // if FD is type of file - Filename string `protobuf:"bytes,3,opt,name=filename,proto3" json:"filename,omitempty"` - Directory string `protobuf:"bytes,4,opt,name=directory,proto3" json:"directory,omitempty"` - // if FD is type of ipv4 or ipv6 - Protocol L4Proto `protobuf:"varint,5,opt,name=protocol,proto3,enum=kindling.L4Proto" json:"protocol,omitempty"` - // repeated for ipv6, client_ip[0] for ipv4 - Role bool `protobuf:"varint,6,opt,name=role,proto3" json:"role,omitempty"` - Sip []uint32 `protobuf:"varint,7,rep,packed,name=sip,proto3" json:"sip,omitempty"` - Dip []uint32 `protobuf:"varint,8,rep,packed,name=dip,proto3" json:"dip,omitempty"` - Sport uint32 `protobuf:"varint,9,opt,name=sport,proto3" json:"sport,omitempty"` - Dport uint32 `protobuf:"varint,10,opt,name=dport,proto3" json:"dport,omitempty"` - // if FD is type of unix_sock - // Source socket endpoint - Source uint64 `protobuf:"varint,11,opt,name=source,proto3" json:"source,omitempty"` - // Destination socket endpoint - Destination uint64 `protobuf:"varint,12,opt,name=destination,proto3" json:"destination,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *Fd) Reset() { *m = Fd{} } -func (m *Fd) String() string { return proto.CompactTextString(m) } -func (*Fd) ProtoMessage() {} -func (*Fd) Descriptor() ([]byte, []int) { - return fileDescriptor_81bb5d1665ce2a0c, []int{6} -} -func (m *Fd) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Fd.Unmarshal(m, b) -} -func (m *Fd) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Fd.Marshal(b, m, deterministic) -} -func (m *Fd) XXX_Merge(src proto.Message) { - xxx_messageInfo_Fd.Merge(m, src) -} -func (m *Fd) XXX_Size() int { - return xxx_messageInfo_Fd.Size(m) -} -func (m *Fd) XXX_DiscardUnknown() { - xxx_messageInfo_Fd.DiscardUnknown(m) -} - -var xxx_messageInfo_Fd proto.InternalMessageInfo - -func (m *Fd) GetNum() int32 { - if m != nil { - return m.Num - } - return 0 -} - -func (m *Fd) GetTypeFd() FDType { - if m != nil { - return m.TypeFd - } - return FDType_FD_UNKNOWN -} - -func (m *Fd) GetFilename() string { - if m != nil { - return m.Filename - } - return "" -} - -func (m *Fd) GetDirectory() string { - if m != nil { - return m.Directory - } - return "" -} - -func (m *Fd) GetProtocol() L4Proto { - if m != nil { - return m.Protocol - } - return L4Proto_UNKNOWN -} - -func (m *Fd) GetRole() bool { - if m != nil { - return m.Role - } - return false -} - -func (m *Fd) GetSip() []uint32 { - if m != nil { - return m.Sip - } - return nil -} - -func (m *Fd) GetDip() []uint32 { - if m != nil { - return m.Dip - } - return nil -} - -func (m *Fd) GetSport() uint32 { - if m != nil { - return m.Sport - } - return 0 -} - -func (m *Fd) GetDport() uint32 { - if m != nil { - return m.Dport - } - return 0 -} - -func (m *Fd) GetSource() uint64 { - if m != nil { - return m.Source - } - return 0 -} - -func (m *Fd) GetDestination() uint64 { - if m != nil { - return m.Destination - } - return 0 -} - -func init() { - proto.RegisterEnum("kindling.Source", Source_name, Source_value) - proto.RegisterEnum("kindling.Category", Category_name, Category_value) - proto.RegisterEnum("kindling.ValueType", ValueType_name, ValueType_value) - proto.RegisterEnum("kindling.FDType", FDType_name, FDType_value) - proto.RegisterEnum("kindling.L4Proto", L4Proto_name, L4Proto_value) - proto.RegisterType((*KindlingEventList)(nil), "kindling.KindlingEventList") - proto.RegisterType((*KindlingEvent)(nil), "kindling.KindlingEvent") - proto.RegisterType((*Property)(nil), "kindling.Property") - proto.RegisterType((*KeyValue)(nil), "kindling.KeyValue") - proto.RegisterType((*Context)(nil), "kindling.Context") - proto.RegisterType((*Thread)(nil), "kindling.Thread") - proto.RegisterType((*Fd)(nil), "kindling.Fd") -} - -func init() { proto.RegisterFile("kindling_event.proto", fileDescriptor_81bb5d1665ce2a0c) } - -var fileDescriptor_81bb5d1665ce2a0c = []byte{ - // 1158 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x54, 0xdb, 0x6e, 0xdb, 0x46, - 0x13, 0x0e, 0x75, 0xe0, 0x61, 0x28, 0x29, 0xeb, 0x4d, 0xf0, 0xff, 0x44, 0xd1, 0x0b, 0x55, 0x6d, - 0x0a, 0xd7, 0x40, 0x5d, 0x44, 0x31, 0x8c, 0x02, 0xb9, 0x28, 0x64, 0x71, 0x99, 0x10, 0xa2, 0x49, - 0x62, 0x45, 0x39, 0x71, 0x51, 0x80, 0x50, 0x44, 0xca, 0x25, 0x22, 0x89, 0x02, 0x45, 0x1b, 0xd1, - 0x13, 0xf4, 0x5d, 0x5a, 0xa0, 0x8f, 0xd0, 0xeb, 0x3e, 0x44, 0x1f, 0xa6, 0x98, 0xe5, 0x41, 0x72, - 0xd1, 0xde, 0x10, 0xdf, 0x7c, 0xf3, 0xcd, 0x81, 0xb3, 0xb3, 0x0b, 0xcf, 0x3f, 0x26, 0x9b, 0x68, - 0x95, 0x6c, 0xee, 0xc2, 0xf8, 0x21, 0xde, 0xe4, 0xe7, 0xdb, 0x2c, 0xcd, 0x53, 0xaa, 0x56, 0xec, - 0xe0, 0x27, 0x38, 0x99, 0x94, 0x98, 0xa1, 0xc0, 0x49, 0x76, 0x39, 0x7d, 0x03, 0xcf, 0x1e, 0x87, - 0x85, 0xab, 0x64, 0x97, 0x1b, 0x52, 0xbf, 0x79, 0xaa, 0x0f, 0xff, 0x7f, 0x5e, 0xf9, 0xce, 0x1f, - 0x45, 0xf2, 0x93, 0x8f, 0xff, 0x4c, 0x34, 0xf8, 0xa3, 0x01, 0xdd, 0x47, 0x22, 0x7a, 0x0a, 0xf2, - 0x2e, 0xbd, 0xcf, 0x16, 0xb1, 0x21, 0xf5, 0xa5, 0xd3, 0xde, 0x90, 0x1c, 0xb2, 0x4d, 0x05, 0xcf, - 0x4b, 0x3f, 0xfd, 0x1c, 0xb4, 0x3c, 0x59, 0xc7, 0xbb, 0x7c, 0xbe, 0xde, 0x1a, 0x8d, 0xbe, 0x74, - 0xda, 0xe2, 0x07, 0x82, 0x52, 0x68, 0x6d, 0xe6, 0xeb, 0xd8, 0x68, 0xf6, 0xa5, 0x53, 0x8d, 0x0b, - 0x4c, 0xcf, 0x41, 0x5d, 0xcc, 0xf3, 0xf8, 0x2e, 0xcd, 0xf6, 0x46, 0x4b, 0x64, 0xa7, 0x87, 0xec, - 0xe3, 0xd2, 0xc3, 0x6b, 0x0d, 0xfd, 0x01, 0x4e, 0xdc, 0x79, 0x9e, 0x3c, 0xc4, 0xe1, 0x3c, 0xcf, - 0xb3, 0xe4, 0xc3, 0x7d, 0x1e, 0xef, 0x8c, 0x76, 0x5f, 0x3a, 0xd5, 0x8f, 0x03, 0xfd, 0x2c, 0xdd, - 0xc6, 0x59, 0xbe, 0xe7, 0xa4, 0x10, 0x8f, 0x6a, 0x2d, 0x7d, 0x0d, 0x4f, 0xef, 0x77, 0x71, 0x76, - 0x1c, 0x2e, 0x8b, 0x19, 0x1d, 0x85, 0x4f, 0xe2, 0xfd, 0xcd, 0x7c, 0x75, 0x1f, 0xf3, 0x1e, 0x4a, - 0x8f, 0x82, 0xbf, 0x84, 0xe6, 0x22, 0xff, 0x64, 0x28, 0xa2, 0xde, 0xc9, 0x51, 0xa3, 0xe9, 0x26, - 0x8f, 0x3f, 0xe5, 0x1c, 0xbd, 0x83, 0xf7, 0xa0, 0x56, 0xf5, 0xe9, 0xd7, 0xd0, 0x9a, 0x67, 0x77, - 0xbb, 0xf2, 0x18, 0xfe, 0xad, 0x84, 0xf0, 0xd3, 0xaf, 0xa0, 0x99, 0xc5, 0xb9, 0xd1, 0xf8, 0x4f, - 0x19, 0xba, 0x07, 0x4b, 0x50, 0x2b, 0x82, 0x12, 0x68, 0x7e, 0x8c, 0xf7, 0xe2, 0x44, 0x34, 0x8e, - 0x90, 0x0e, 0x01, 0x1e, 0xd0, 0x15, 0xe6, 0xfb, 0x6d, 0x2c, 0xa6, 0xdf, 0x1b, 0x3e, 0x3b, 0xa4, - 0x12, 0x61, 0xc1, 0x7e, 0x1b, 0x73, 0xed, 0xa1, 0x82, 0xf4, 0x39, 0xb4, 0x85, 0x21, 0xce, 0xa4, - 0xc3, 0x0b, 0x63, 0xb0, 0x00, 0xa5, 0xfc, 0x23, 0xfa, 0x12, 0xf4, 0xfc, 0xe7, 0x2c, 0x9e, 0x47, - 0x61, 0xb2, 0x59, 0xa6, 0xa2, 0x9c, 0x7e, 0xbc, 0x00, 0x81, 0x70, 0x72, 0x28, 0x44, 0xf6, 0x66, - 0x99, 0xd2, 0x17, 0xa0, 0x2c, 0x4b, 0x79, 0x43, 0xc8, 0x3b, 0x07, 0xb9, 0x15, 0x71, 0x79, 0x29, - 0x64, 0x83, 0xdf, 0x25, 0x90, 0x8b, 0x68, 0xfc, 0x97, 0x6d, 0x12, 0x89, 0xe4, 0x5d, 0x8e, 0x10, - 0x99, 0x3c, 0x89, 0x44, 0x7c, 0x97, 0x23, 0x44, 0xe6, 0x3e, 0x89, 0x44, 0x9f, 0x5d, 0x8e, 0x10, - 0x99, 0xbb, 0x24, 0x12, 0x5b, 0xd3, 0xe5, 0x08, 0x71, 0xc1, 0x16, 0xe9, 0x7a, 0x2d, 0xf6, 0x41, - 0xe3, 0x02, 0xd3, 0x2f, 0xa0, 0xb3, 0x48, 0x37, 0xf9, 0x3c, 0xd9, 0xc4, 0x59, 0x98, 0x44, 0x86, - 0x2c, 0x7c, 0x7a, 0xcd, 0xd9, 0x11, 0x7d, 0x01, 0xbd, 0x83, 0x44, 0x6c, 0xa8, 0x22, 0x44, 0xdd, - 0x9a, 0x75, 0xe7, 0xeb, 0x78, 0xf0, 0x67, 0x03, 0x1a, 0x96, 0x28, 0xbb, 0xb9, 0x5f, 0x8b, 0x66, - 0xdb, 0x1c, 0x21, 0xfd, 0x06, 0x14, 0x1c, 0x79, 0xb8, 0x8c, 0xca, 0xa9, 0x1f, 0xcd, 0xc7, 0x32, - 0xc5, 0xc8, 0x65, 0x14, 0x58, 0x11, 0xfd, 0x0c, 0xd4, 0x65, 0xb2, 0x8a, 0x8f, 0xae, 0x41, 0x6d, - 0xe3, 0xe5, 0x89, 0x92, 0x2c, 0x5e, 0xe4, 0xd5, 0x5d, 0xd0, 0xf8, 0x81, 0xa0, 0xdf, 0x82, 0x2a, - 0xde, 0x81, 0x45, 0xba, 0x12, 0xff, 0xd7, 0x3b, 0xde, 0x3f, 0xe7, 0xc2, 0x47, 0x1f, 0xaf, 0x25, - 0x38, 0x8a, 0x2c, 0x5d, 0xc5, 0xe2, 0x77, 0x55, 0x2e, 0x30, 0x76, 0xbe, 0x4b, 0xb6, 0x86, 0xd2, - 0x6f, 0xe2, 0xc0, 0x76, 0xc9, 0x16, 0x99, 0x28, 0xd9, 0x1a, 0x6a, 0xc1, 0x44, 0xc9, 0x16, 0x17, - 0x62, 0xb7, 0x4d, 0xb3, 0xdc, 0xd0, 0xc4, 0x58, 0x0b, 0x03, 0xd9, 0x48, 0xb0, 0x50, 0xb0, 0xc2, - 0xa0, 0xff, 0xab, 0xdf, 0x05, 0x5d, 0x5c, 0xf5, 0xea, 0x15, 0xe8, 0x83, 0x1e, 0xc5, 0xbb, 0x3c, - 0xd9, 0xcc, 0xf3, 0x24, 0xdd, 0x18, 0x1d, 0xe1, 0x3c, 0xa6, 0xce, 0x7e, 0x91, 0x40, 0x2e, 0x9e, - 0x0e, 0x4a, 0xa1, 0x37, 0xf5, 0x66, 0x7c, 0xcc, 0xc2, 0x99, 0x3b, 0x71, 0xbd, 0x77, 0x2e, 0x79, - 0x42, 0x4f, 0xa0, 0x3b, 0xbd, 0x9d, 0x8e, 0x47, 0x8e, 0x13, 0x32, 0x37, 0x60, 0x9c, 0x48, 0x94, - 0x40, 0xa7, 0xa6, 0xde, 0xdb, 0x01, 0x69, 0xd0, 0x1e, 0x40, 0xc0, 0x47, 0x63, 0xe6, 0x7b, 0xb6, - 0x1b, 0x90, 0x26, 0x05, 0x90, 0x27, 0xdc, 0xf7, 0xae, 0x18, 0x69, 0xd1, 0x2e, 0x68, 0x13, 0xce, - 0x02, 0x9f, 0xa3, 0xd9, 0x46, 0xd7, 0xac, 0xc0, 0x32, 0xba, 0x66, 0xb5, 0x4b, 0x39, 0xfb, 0x4b, - 0x02, 0xb5, 0x7a, 0x66, 0x68, 0x07, 0xd4, 0xf1, 0x28, 0x08, 0x5d, 0xcf, 0x65, 0xe4, 0x09, 0x2a, - 0xd1, 0xf2, 0x82, 0xb7, 0xa2, 0x83, 0xd2, 0x69, 0xd9, 0x0e, 0x23, 0x0d, 0xaa, 0x83, 0x22, 0xa4, - 0x0c, 0x4b, 0x97, 0x86, 0xed, 0x8f, 0x49, 0xab, 0xd2, 0xbd, 0x1b, 0xd9, 0x01, 0x69, 0x63, 0x97, - 0x68, 0x4d, 0xed, 0x37, 0xee, 0xc8, 0x29, 0xca, 0x0b, 0xdb, 0x61, 0xcc, 0x27, 0x4a, 0x25, 0x0e, - 0xec, 0x6b, 0x46, 0x54, 0xfa, 0x14, 0x74, 0xb4, 0x7c, 0xee, 0x8d, 0xd9, 0x74, 0x4a, 0x34, 0x1c, - 0x84, 0x50, 0x8f, 0xdf, 0x32, 0x73, 0xe6, 0x30, 0x4e, 0xa0, 0x4a, 0x78, 0xcd, 0xae, 0x3d, 0x7e, - 0x4b, 0xf4, 0x2a, 0xc3, 0x6c, 0xca, 0x38, 0xe9, 0xd4, 0xe5, 0x6e, 0xa7, 0x01, 0xbb, 0x26, 0xdd, - 0xb3, 0x5f, 0x25, 0xd0, 0xea, 0x8b, 0x4f, 0x55, 0x68, 0x95, 0xff, 0xa6, 0x42, 0xcb, 0x76, 0x83, - 0xef, 0x89, 0x44, 0x35, 0x68, 0xdb, 0x6e, 0xf0, 0xf2, 0x92, 0x34, 0x4a, 0xf8, 0x6a, 0x48, 0x9a, - 0x25, 0xbc, 0xbc, 0x20, 0x2d, 0x84, 0x33, 0xa1, 0x2d, 0xe6, 0x58, 0x88, 0xe5, 0x0a, 0xbf, 0x1a, - 0x12, 0xa5, 0xc2, 0x97, 0x17, 0x44, 0x15, 0xb3, 0x78, 0x3b, 0xe2, 0x57, 0x33, 0x8b, 0x68, 0x68, - 0x5c, 0xdd, 0x06, 0x0c, 0x0d, 0xc0, 0x44, 0x96, 0xe3, 0x8d, 0x02, 0xa2, 0x63, 0x80, 0xe9, 0xcd, - 0xae, 0x1c, 0x46, 0x3a, 0xd8, 0xca, 0x95, 0xe7, 0x39, 0xa4, 0x7b, 0xf6, 0x5b, 0x03, 0xe4, 0xe2, - 0xbe, 0xe0, 0x7f, 0x58, 0xe6, 0xd1, 0x46, 0xe8, 0xa0, 0x58, 0x66, 0x31, 0x7b, 0xb1, 0x0b, 0x96, - 0x19, 0x9a, 0x36, 0x67, 0xe3, 0x00, 0x87, 0xd0, 0x28, 0x19, 0xdb, 0xbf, 0xb9, 0x08, 0xa7, 0xde, - 0x78, 0x42, 0x9a, 0x07, 0xe6, 0xb2, 0x60, 0x5a, 0xf4, 0x39, 0x90, 0x5a, 0xc3, 0xf8, 0x8d, 0x60, - 0xdb, 0x07, 0xf6, 0xf2, 0xc0, 0xca, 0x75, 0x39, 0xcb, 0x23, 0x4a, 0x99, 0x6a, 0xe6, 0xda, 0xef, - 0x8b, 0x54, 0x2a, 0xce, 0xdc, 0x32, 0x43, 0x76, 0xc3, 0xdc, 0x80, 0x68, 0xb8, 0xc1, 0xc2, 0x3f, - 0x9d, 0xf9, 0xbe, 0xc7, 0x03, 0x66, 0x12, 0xc0, 0x93, 0xb4, 0xcc, 0xf2, 0xd4, 0x2d, 0x93, 0xe8, - 0x65, 0x12, 0x11, 0xe2, 0x7b, 0x8e, 0x53, 0x1c, 0x15, 0x56, 0x76, 0xbd, 0xc0, 0xb6, 0x6e, 0x49, - 0xb7, 0xb4, 0x71, 0x13, 0xb8, 0x65, 0x92, 0x5e, 0x69, 0xbb, 0x2c, 0x70, 0x6c, 0x77, 0x42, 0x9e, - 0x96, 0x36, 0x8e, 0x20, 0xbc, 0x19, 0x12, 0x72, 0xf6, 0x1a, 0x94, 0xf2, 0xda, 0x63, 0xbb, 0x87, - 0x51, 0x29, 0xd0, 0x0c, 0xc6, 0x3e, 0x91, 0x10, 0xcc, 0x4c, 0x9f, 0x34, 0xc4, 0x61, 0x8f, 0xaf, - 0x7d, 0xd2, 0x44, 0x8a, 0x8f, 0xde, 0x91, 0xd6, 0x55, 0xf7, 0x47, 0x7d, 0x9d, 0x46, 0xf1, 0xea, - 0x3b, 0xf1, 0xfd, 0x20, 0x8b, 0x77, 0xe3, 0xd5, 0xdf, 0x01, 0x00, 0x00, 0xff, 0xff, 0x5c, 0xb7, - 0x0c, 0x9b, 0x7a, 0x08, 0x00, 0x00, -} diff --git a/collector/model/kindling_event.proto b/collector/model/kindling_event.proto deleted file mode 100644 index df4a696b7..000000000 --- a/collector/model/kindling_event.proto +++ /dev/null @@ -1,159 +0,0 @@ -syntax = "proto3"; - -package kindling; -option go_package = "model/model"; -message KindlingEventList { - repeated KindlingEvent kindling_event_list = 1; -} -message KindlingEvent { - Source source = 1; - // Timestamp in nanoseconds at which the event were collected. - uint64 timestamp = 2; - // Name of Kindling Event - string name = 3; - // Category of Kindling Event, enum - Category category = 4; - // Native attributes of hook point, including arguments or return value. - Property Native_attributes = 5; - // User-defined Attributions of Kindling Event, now including latency for syscall. - repeated KeyValue user_attributes = 6; - // Context includes Thread information and Fd information. - Context ctx = 7; -} - -enum Source { - SOURCE_UNKNOWN = 0; - SYSCALL_ENTER = 1; - SYSCALL_EXIT = 2; - TRACEPOINT = 3; - KRPOBE = 4; - KRETPROBE = 5; - UPROBE = 6; - URETPROBE = 7; -} -enum Category { - CAT_NONE = 0; - CAT_OTHER = 1; // No specific category - CAT_FILE = 2; // File operations or File I/O - CAT_NET = 3; // Network operations or network I/O - CAT_IPC = 4; // IPC operations or IPC I/O - CAT_WAIT = 5; // - CAT_SIGNAL = 6; // Signal-related operations (signal) - CAT_SLEEP = 7; // nanosleep - CAT_TIME = 8; // Time-related event (e.g. gettimeofday) - CAT_PROCESS = 9; // Process-related event (e.g. fork, clone, - CAT_SCHEDULER = 10; // Scheduler event (context switch) - CAT_MEMORY = 11; // Memory-related operations (e.g. brk, mmap, unmap) - CAT_USER = 12; // User-related operations (e.g. getuid, setgid) - CAT_SYSTEM = 13; // System-related operations (e.g. reboot) -} - -message Property { - // If type of syscall_enter, kprobe, uprobe, tracepoint - repeated KeyValue args = 1; - // If type of syscall_exit, kretprobe, uretprobe - repeated KeyValue ret = 2; -} - -message KeyValue { - // Arguments' Name or Attributions' Name. - string key = 1; - // Type of Value. - ValueType value_type = 2; - // Value of Key in bytes, should be converted according to ValueType. - bytes value = 3; -} -enum ValueType { - NONE = 0; - INT8 = 1; // 1 byte - INT16 = 2; // 2 bytes - INT32 = 3; // 4 bytes - INT64 = 4; // 8 bytes - UINT8 = 5; // 1 byte - UINT16 = 6; // 2 bytes - UINT32 = 7; // 4 bytes - UINT64 = 8; // 8 bytes - CHARBUF = 9; // bytes, NULL terminated - BYTEBUF = 10; // bytes - FLOAT = 11; // 4 bytes - DOUBLE = 12; // 8 bytes - BOOL = 13; // 4 bytes -} -message Context { - // Thread information corresponding to Kindling Event, optional. - Thread thread_info = 1; - // Fd information corresponding to Kindling Event, optional. - Fd fd_info = 2; -} - -message Thread { - // Process id of thread. - uint32 pid = 1; - // Thread/task id of thread. - uint32 tid = 2; - // User id of thread - uint32 uid = 3; - // Group id of thread - uint32 gid = 4; - // Command of thread. - string comm = 5; - // ContainerId of thread - string container_id = 6; - // ContainerName of thread - string container_name = 7; -} - -message Fd { - // FD number. - int32 num = 1; - // Type of FD in enum. - FDType type_fd = 2; - - // if FD is type of file - string filename = 3; - string directory = 4; - - // if FD is type of ipv4 or ipv6 - L4Proto protocol = 5; - // repeated for ipv6, client_ip[0] for ipv4 - bool role = 6; - repeated uint32 sip = 7; - repeated uint32 dip = 8; - uint32 sport = 9; - uint32 dport = 10; - - // if FD is type of unix_sock - // Source socket endpoint - uint64 source = 11; - // Destination socket endpoint - uint64 destination = 12; -} - -// File Descriptor type -enum FDType { - FD_UNKNOWN = 0; - FD_FILE = 1; - FD_DIRECTORY = 2; - FD_IPV4_SOCK = 3; - FD_IPV6_SOCK = 4; - FD_IPV4_SERVSOCK = 5; - FD_IPV6_SERVSOCK = 6; - FD_FIFO = 7; - FD_UNIX_SOCK = 8; - FD_EVENT = 9; - FD_UNSUPPORTED = 10; // TODO - FD_SIGNALFD = 11; - FD_EVENTPOLL = 12; - FD_INOTIFY = 13; - FD_TIMERFD = 14; - FD_NETLINK = 15; - FD_FILE_V2 = 16; -} - -enum L4Proto { - UNKNOWN = 0; - TCP = 1; - UDP = 2; - ICMP = 3; - RAW = 4; -} \ No newline at end of file diff --git a/collector/model/kindling_event_helper.go b/collector/model/kindling_event_helper.go index 7cb9ae21a..fd41914a7 100644 --- a/collector/model/kindling_event_helper.go +++ b/collector/model/kindling_event_helper.go @@ -104,12 +104,15 @@ func (x *KindlingEvent) GetStartTime() uint64 { } func (x *KindlingEvent) GetUserAttribute(key string) *KeyValue { - if x.UserAttributes == nil { + if x.ParamsNumber == 0 { return nil } - for _, keyValue := range x.UserAttributes { + for index, keyValue := range x.UserAttributes { + if index+1 > int(x.ParamsNumber) { + break + } if keyValue.Key == key { - return keyValue + return &keyValue } } return nil diff --git a/collector/model/kindling_event_helper_test.go b/collector/model/kindling_event_helper_test.go index 3d99c197a..51726106e 100644 --- a/collector/model/kindling_event_helper_test.go +++ b/collector/model/kindling_event_helper_test.go @@ -26,7 +26,7 @@ func TestGetUintUserAttribute(t *testing.T) { for _, test := range tests { t.Run(test.key, func(t *testing.T) { event := &KindlingEvent{ - UserAttributes: []*KeyValue{ + UserAttributes: [8]KeyValue{ {Key: test.key, ValueType: test.valueType, Value: test.value}, }, } @@ -55,7 +55,8 @@ func TestGetIntUserAttribute(t *testing.T) { for _, test := range tests { t.Run(test.key, func(t *testing.T) { event := &KindlingEvent{ - UserAttributes: []*KeyValue{ + ParamsNumber: 1, + UserAttributes: [8]KeyValue{ {Key: test.key, ValueType: test.valueType, Value: test.value}, }, } @@ -78,7 +79,7 @@ func TestGetFloatUserAttribute(t *testing.T) { for _, test := range tests { t.Run(test.key, func(t *testing.T) { event := &KindlingEvent{ - UserAttributes: []*KeyValue{ + UserAttributes: [8]KeyValue{ {Key: test.key, ValueType: ValueType_FLOAT, Value: test.value}, }, } @@ -101,7 +102,7 @@ func TestGetDoubleUserAttribute(t *testing.T) { for _, test := range tests { t.Run(test.key, func(t *testing.T) { event := &KindlingEvent{ - UserAttributes: []*KeyValue{ + UserAttributes: [8]KeyValue{ {Key: test.key, ValueType: ValueType_FLOAT, Value: test.value}, }, } diff --git a/collector/receiver/cgoreceiver/cgo_func.h b/collector/receiver/cgoreceiver/cgo_func.h new file mode 100644 index 000000000..838f063f4 --- /dev/null +++ b/collector/receiver/cgoreceiver/cgo_func.h @@ -0,0 +1,57 @@ +// +// Created by jundi zhou on 2022/6/1. +// + +#ifndef SYSDIG_CGO_FUNC_H +#define SYSDIG_CGO_FUNC_H + +#ifdef __cplusplus +extern "C" { +#endif +void runForGo(); +int getKindlingEvent(void **kindlingEvent); +int subEventForGo(char* eventName, char* category); +#ifdef __cplusplus +} + +#endif + +#endif //SYSDIG_CGO_FUNC_H + +struct kindling_event_t_for_go{ + uint64_t timestamp; + char *name; + uint32_t category; + uint16_t paramsNumber; + struct KeyValue { + char *key; + char* value; + uint32_t len; + uint32_t valueType; + }userAttributes[8]; + struct event_context { + struct thread_info { + uint32_t pid; + uint32_t tid; + uint32_t uid; + uint32_t gid; + char *comm; + char *containerId; + }tinfo; + struct fd_info { + int32_t num; + uint32_t fdType; + char *filename; + char *directory; + uint32_t protocol; + uint8_t role; + uint32_t sip; + uint32_t dip; + uint32_t sport; + uint32_t dport; + + uint64_t source; + uint64_t destination; + }fdInfo; + }context; +}; diff --git a/collector/receiver/cgoreceiver/cgoreceiver.go b/collector/receiver/cgoreceiver/cgoreceiver.go new file mode 100644 index 000000000..bc4dc50d0 --- /dev/null +++ b/collector/receiver/cgoreceiver/cgoreceiver.go @@ -0,0 +1,204 @@ +package cgoreceiver + +/* +#cgo LDFLAGS: -L ./ -lkindling -lstdc++ -ldl +#cgo CFLAGS: -I . +#include +#include +#include +#include "cgo_func.h" +*/ +import "C" +import ( + "sync" + "time" + "unsafe" + + analyzerpackage "github.com/Kindling-project/kindling/collector/analyzer" + "github.com/Kindling-project/kindling/collector/component" + "github.com/Kindling-project/kindling/collector/model" + "go.uber.org/zap" + "go.uber.org/zap/zapcore" + + "github.com/Kindling-project/kindling/collector/receiver" +) + +const ( + Cgo = "cgoreceiver" +) + +type CKindlingEventForGo C.struct_kindling_event_t_for_go + +type CgoReceiver struct { + cfg *Config + analyzerManager *analyzerpackage.Manager + shutdownWG sync.WaitGroup + telemetry *component.TelemetryTools + eventChannel chan *model.KindlingEvent + eventCount int + stopCh chan interface{} +} + +type Config struct { + SubcribeInfo []SubEvent `mapstructure:"subscribe"` +} + +type SubEvent struct { + Category string `mapstructure:"category"` + Name string `mapstructure:"name"` +} + +func NewCgoReceiver(config interface{}, telemetry *component.TelemetryTools, analyzerManager *analyzerpackage.Manager) receiver.Receiver { + cfg, ok := config.(*Config) + if !ok { + telemetry.Logger.Sugar().Panicf("Cannot convert [%s] config", Cgo) + } + cgoReceiver := &CgoReceiver{ + cfg: cfg, + analyzerManager: analyzerManager, + telemetry: telemetry, + eventChannel: make(chan *model.KindlingEvent, 3e5), + stopCh: make(chan interface{}, 1), + } + return cgoReceiver +} + +func (r *CgoReceiver) Start() error { + r.telemetry.Logger.Info("Start CgoReceiver") + C.runForGo() + go r.printMetrics() + time.Sleep(2 * time.Second) + r.subEvent() + // Wait for the C routine running + time.Sleep(2 * time.Second) + go r.consumeEvents() + go r.startGetEvent() + return nil +} + +// TODO finish it using opentelemetry +func (r *CgoReceiver) printMetrics() { + timer := time.NewTicker(1 * time.Second) + r.shutdownWG.Add(1) + for { + select { + case <-r.stopCh: + r.shutdownWG.Done() + return + case <-timer.C: + r.telemetry.Logger.Info("Total number events received: ", zap.Int("events", r.eventCount)) + r.eventCount = 0 + r.telemetry.Logger.Info("Current channel size: ", zap.Int("channel size", len(r.eventChannel))) + } + } +} + +func (r *CgoReceiver) startGetEvent() { + var pKindlingEvent unsafe.Pointer + r.shutdownWG.Add(1) + for { + select { + case <-r.stopCh: + r.shutdownWG.Done() + return + default: + res := int(C.getKindlingEvent(&pKindlingEvent)) + if res == 1 { + r.eventCount++ + r.eventChannel <- convertEvent((*CKindlingEventForGo)(pKindlingEvent)) + } + } + } +} + +func (r *CgoReceiver) consumeEvents() { + r.shutdownWG.Add(1) + for { + select { + case <-r.stopCh: + r.shutdownWG.Done() + return + case ev := <-r.eventChannel: + err := r.sendToNextConsumer(ev) + if err != nil { + r.telemetry.Logger.Info("Failed to send KindlingEvent: ", zap.Error(err)) + } + } + } +} + +func (r *CgoReceiver) Shutdown() error { + // TODO stop the C routine + close(r.stopCh) + r.shutdownWG.Wait() + return nil +} + +func convertEvent(cgoEvent *CKindlingEventForGo) *model.KindlingEvent { + ev := new(model.KindlingEvent) + ev.Timestamp = uint64(cgoEvent.timestamp) + ev.Name = C.GoString(cgoEvent.name) + ev.Category = model.Category(cgoEvent.category) + ev.Ctx.ThreadInfo.Pid = uint32(cgoEvent.context.tinfo.pid) + ev.Ctx.ThreadInfo.Tid = uint32(cgoEvent.context.tinfo.tid) + ev.Ctx.ThreadInfo.Uid = uint32(cgoEvent.context.tinfo.uid) + ev.Ctx.ThreadInfo.Gid = uint32(cgoEvent.context.tinfo.gid) + ev.Ctx.ThreadInfo.Comm = C.GoString(cgoEvent.context.tinfo.comm) + ev.Ctx.ThreadInfo.ContainerId = C.GoString(cgoEvent.context.tinfo.containerId) + ev.Ctx.FdInfo.Protocol = model.L4Proto(cgoEvent.context.fdInfo.protocol) + ev.Ctx.FdInfo.Num = int32(cgoEvent.context.fdInfo.num) + ev.Ctx.FdInfo.TypeFd = model.FDType(cgoEvent.context.fdInfo.fdType) + ev.Ctx.FdInfo.Filename = C.GoString(cgoEvent.context.fdInfo.filename) + ev.Ctx.FdInfo.Directory = C.GoString(cgoEvent.context.fdInfo.directory) + ev.Ctx.FdInfo.Role = If(cgoEvent.context.fdInfo.role != 0, true, false).(bool) + ev.Ctx.FdInfo.Sip = []uint32{uint32(cgoEvent.context.fdInfo.sip)} + ev.Ctx.FdInfo.Dip = []uint32{uint32(cgoEvent.context.fdInfo.dip)} + ev.Ctx.FdInfo.Sport = uint32(cgoEvent.context.fdInfo.sport) + ev.Ctx.FdInfo.Dport = uint32(cgoEvent.context.fdInfo.dport) + ev.Ctx.FdInfo.Source = uint64(cgoEvent.context.fdInfo.source) + ev.Ctx.FdInfo.Destination = uint64(cgoEvent.context.fdInfo.destination) + + ev.ParamsNumber = uint16(cgoEvent.paramsNumber) + for i := 0; i < int(ev.ParamsNumber); i++ { + ev.UserAttributes[i].Key = C.GoString(cgoEvent.userAttributes[i].key) + userAttributesLen := cgoEvent.userAttributes[i].len + ev.UserAttributes[i].Value = C.GoBytes(unsafe.Pointer(cgoEvent.userAttributes[i].value), C.int(userAttributesLen)) + ev.UserAttributes[i].ValueType = model.ValueType(cgoEvent.userAttributes[i].valueType) + } + return ev +} + +func If(condition bool, trueVal, falseVal interface{}) interface{} { + if condition { + return trueVal + } + return falseVal +} + +func (r *CgoReceiver) sendToNextConsumer(evt *model.KindlingEvent) error { + + if ce := r.telemetry.Logger.Check(zapcore.DebugLevel, "Receive Event"); ce != nil { + ce.Write( + zap.String("event", evt.String()), + ) + } + analyzers := r.analyzerManager.GetConsumableAnalyzers(evt.Name) + if analyzers == nil || len(analyzers) == 0 { + r.telemetry.Logger.Info("analyzer not found for event ", zap.String("eventName", evt.Name)) + return nil + } + for _, analyzer := range analyzers { + err := analyzer.ConsumeEvent(evt) + if err != nil { + r.telemetry.Logger.Warn("Error sending event to next consumer: ", zap.Error(err)) + } + } + return nil +} + +func (r *CgoReceiver) subEvent() { + for _, value := range r.cfg.SubcribeInfo { + C.subEventForGo(C.CString(value.Name), C.CString(value.Category)) + } + +} diff --git a/collector/receiver/udsreceiver/metrics.go b/collector/receiver/udsreceiver/metrics.go deleted file mode 100644 index f727bc5bb..000000000 --- a/collector/receiver/udsreceiver/metrics.go +++ /dev/null @@ -1,113 +0,0 @@ -package udsreceiver - -import ( - "context" - "sync" - "sync/atomic" - - "github.com/Kindling-project/kindling/collector/model/constnames" - "go.opentelemetry.io/otel/attribute" - "go.opentelemetry.io/otel/metric" -) - -var once sync.Once - -const eventReceivedMetric = "kindling_telemetry_udsreceiver_events_total" - -func newSelfMetrics(meterProvider metric.MeterProvider, counter eventCounter) { - once.Do(func() { - meter := metric.Must(meterProvider.Meter("kindling")) - meter.NewInt64CounterObserver(eventReceivedMetric, - func(ctx context.Context, result metric.Int64ObserverResult) { - for name, value := range counter.getStats() { - result.Observe(value, attribute.String("name", name)) - } - }) - }) -} - -type eventCounter interface { - add(name string, value int64) - getStats() map[string]int64 -} - -type stats struct { - read int64 - write int64 - readv int64 - writev int64 - sendTo int64 - recvFrom int64 - sendMsg int64 - recvMsg int64 - connect int64 - grpcUprobe int64 - tcpClose int64 - tcpRcvEstablished int64 - tcpDrop int64 - tcpRetransmitSkb int64 - tcpConnect int64 - tcpSetState int64 - other int64 -} - -func (i *stats) add(name string, value int64) { - switch name { - case constnames.ReadEvent: - atomic.AddInt64(&i.read, value) - case constnames.WriteEvent: - atomic.AddInt64(&i.write, value) - case constnames.ReadvEvent: - atomic.AddInt64(&i.readv, value) - case constnames.WritevEvent: - atomic.AddInt64(&i.writev, value) - case constnames.SendToEvent: - atomic.AddInt64(&i.sendTo, value) - case constnames.RecvFromEvent: - atomic.AddInt64(&i.recvFrom, value) - case constnames.SendMsgEvent: - atomic.AddInt64(&i.sendMsg, value) - case constnames.RecvMsgEvent: - atomic.AddInt64(&i.recvMsg, value) - case constnames.GrpcUprobeEvent: - atomic.AddInt64(&i.grpcUprobe, value) - case constnames.TcpCloseEvent: - atomic.AddInt64(&i.tcpClose, value) - case constnames.TcpRcvEstablishedEvent: - atomic.AddInt64(&i.tcpRcvEstablished, value) - case constnames.TcpDropEvent: - atomic.AddInt64(&i.tcpDrop, value) - case constnames.TcpRetransmitSkbEvent: - atomic.AddInt64(&i.tcpRetransmitSkb, value) - case constnames.ConnectEvent: - atomic.AddInt64(&i.connect, value) - case constnames.TcpConnectEvent: - atomic.AddInt64(&i.tcpConnect, value) - case constnames.TcpSetStateEvent: - atomic.AddInt64(&i.tcpSetState, value) - default: - atomic.AddInt64(&i.other, value) - } -} - -func (i *stats) getStats() map[string]int64 { - ret := make(map[string]int64, 14) - ret[constnames.ReadEvent] = atomic.LoadInt64(&i.read) - ret[constnames.WriteEvent] = atomic.LoadInt64(&i.write) - ret[constnames.ReadvEvent] = atomic.LoadInt64(&i.readv) - ret[constnames.WritevEvent] = atomic.LoadInt64(&i.writev) - ret[constnames.SendToEvent] = atomic.LoadInt64(&i.sendTo) - ret[constnames.RecvFromEvent] = atomic.LoadInt64(&i.recvFrom) - ret[constnames.SendMsgEvent] = atomic.LoadInt64(&i.sendMsg) - ret[constnames.RecvMsgEvent] = atomic.LoadInt64(&i.recvMsg) - ret[constnames.GrpcUprobeEvent] = atomic.LoadInt64(&i.grpcUprobe) - ret[constnames.TcpCloseEvent] = atomic.LoadInt64(&i.tcpClose) - ret[constnames.TcpRcvEstablishedEvent] = atomic.LoadInt64(&i.tcpRcvEstablished) - ret[constnames.TcpCloseEvent] = atomic.LoadInt64(&i.tcpClose) - ret[constnames.TcpRetransmitSkbEvent] = atomic.LoadInt64(&i.tcpRetransmitSkb) - ret[constnames.ConnectEvent] = atomic.LoadInt64(&i.connect) - ret[constnames.TcpConnectEvent] = atomic.LoadInt64(&i.tcpConnect) - ret[constnames.TcpSetStateEvent] = atomic.LoadInt64(&i.tcpSetState) - ret[constnames.OtherEvent] = atomic.LoadInt64(&i.other) - return ret -} diff --git a/collector/receiver/udsreceiver/metrics_test.go b/collector/receiver/udsreceiver/metrics_test.go deleted file mode 100644 index acfe86752..000000000 --- a/collector/receiver/udsreceiver/metrics_test.go +++ /dev/null @@ -1,190 +0,0 @@ -package udsreceiver - -import ( - "context" - "github.com/Kindling-project/kindling/collector/model/constnames" - "go.opentelemetry.io/otel/attribute" - "go.opentelemetry.io/otel/exporters/stdout/stdoutmetric" - "go.opentelemetry.io/otel/metric" - controller "go.opentelemetry.io/otel/sdk/metric/controller/basic" - otelprocessor "go.opentelemetry.io/otel/sdk/metric/processor/basic" - selector "go.opentelemetry.io/otel/sdk/metric/selector/simple" - "os" - "sync" - "testing" - "time" -) - -func runTest(counter eventCounter, workerNum int, loopNum int) { - wg := sync.WaitGroup{} - for i := 0; i < workerNum; i++ { - wg.Add(1) - go func() { - runRecordCounter(loopNum, counter) - wg.Done() - }() - } - wg.Wait() -} - -var eventLists = []string{constnames.ReadEvent, constnames.WriteEvent, constnames.ReadvEvent, constnames.WritevEvent, - constnames.SendToEvent, constnames.RecvFromEvent, constnames.SendMsgEvent, constnames.RecvMsgEvent, - constnames.GrpcUprobeEvent, constnames.TcpCloseEvent, constnames.TcpRcvEstablishedEvent, constnames.TcpDropEvent, - constnames.TcpRetransmitSkbEvent, "another_event"} - -func runRecordCounter(loopNum int, counter eventCounter) { - for i := 0; i < loopNum; i++ { - for _, name := range eventLists { - counter.add(name, 1) - } - } -} - -func assertTest(t *testing.T, counter eventCounter, workerNum int, loopNum int) { - runTest(counter, workerNum, loopNum) - expectedNum := workerNum * loopNum - for _, value := range counter.getStats() { - if value != int64(expectedNum) { - t.Errorf("The result is expected to be %d, but got %d", expectedNum, value) - } - } -} - -func TestCounterMutexMap(t *testing.T) { - counter := &mutexMap{m: make(map[string]int64)} - assertTest(t, counter, 5, 100000) -} - -func TestCounterRwMutexMap(t *testing.T) { - counter := &rwMutexMap{m: make(map[string]int64)} - assertTest(t, counter, 5, 100000) -} - -func TestCounterIntCombination(t *testing.T) { - counter := &stats{} - assertTest(t, counter, 5, 100000) -} - -func BenchmarkCounterMutexMap(b *testing.B) { - counter := &mutexMap{m: make(map[string]int64)} - initOtelCounterObserver(counter) - b.ResetTimer() - for i := 0; i < b.N; i++ { - runTest(counter, 5, 1000) - } -} - -func BenchmarkCounterRwMutexMap(b *testing.B) { - counter := &rwMutexMap{m: make(map[string]int64)} - initOtelCounterObserver(counter) - b.ResetTimer() - for i := 0; i < b.N; i++ { - runTest(counter, 5, 1000) - } -} - -func BenchmarkCounterIntCombination(b *testing.B) { - counter := &stats{} - initOtelCounterObserver(counter) - b.ResetTimer() - for i := 0; i < b.N; i++ { - runTest(counter, 5, 1000) - } -} - -func BenchmarkCounterOtelCounter(b *testing.B) { - counter := newOtelRecorder() - - b.ResetTimer() - for i := 0; i < b.N; i++ { - runTest(counter, 5, 1000) - } -} - -// It's not practical to implement with sync.Map, -// because you still need to lock the value when increasing it. -// type syncMap struct { -// m sync.Map -// mutex sync.Mutex -// } - -type mutexMap struct { - m map[string]int64 - mutex sync.Mutex -} - -func (m *mutexMap) add(name string, value int64) { - m.mutex.Lock() - v := m.m[name] - m.m[name] = v + value - m.mutex.Unlock() -} -func (m *mutexMap) getStats() map[string]int64 { - m.mutex.Lock() - ret := make(map[string]int64, len(m.m)) - for k, v := range m.m { - ret[k] = v - } - m.mutex.Unlock() - return ret -} - -type rwMutexMap struct { - m map[string]int64 - mutex sync.RWMutex -} - -func (m *rwMutexMap) add(name string, value int64) { - m.mutex.Lock() - v := m.m[name] - m.m[name] = v + value - m.mutex.Unlock() -} -func (m *rwMutexMap) getStats() map[string]int64 { - m.mutex.RLock() - ret := make(map[string]int64, len(m.m)) - for k, v := range m.m { - ret[k] = v - } - m.mutex.RUnlock() - return ret -} - -type otelRecorder struct { - otelCounter metric.Int64Counter -} - -func newOtelRecorder() *otelRecorder { - meter := initOpentelemetry() - return &otelRecorder{otelCounter: meter.NewInt64Counter("event_counter_total")} -} -func (m *otelRecorder) add(name string, value int64) { - m.otelCounter.Add(context.Background(), value, attribute.String("name", name)) -} -func (m *otelRecorder) getStats() map[string]int64 { - return nil -} - -func initOpentelemetry() metric.MeterMust { - devNullWriter, _ := os.Open(os.DevNull) - exp, _ := stdoutmetric.New(stdoutmetric.WithWriter(devNullWriter)) - - cont := controller.New( - otelprocessor.NewFactory(selector.NewWithInexpensiveDistribution(), exp), - controller.WithExporter(exp), - controller.WithCollectPeriod(100*time.Millisecond), - ) - _ = cont.Start(context.Background()) - return metric.Must(cont.Meter("kindling")) -} - -func initOtelCounterObserver(counter eventCounter) { - meter := initOpentelemetry() - meter.NewInt64CounterObserver("event_counter_total", - func(ctx context.Context, result metric.Int64ObserverResult) { - metrics := counter.getStats() - for name, value := range metrics { - result.Observe(value, attribute.String("name", name)) - } - }) -} diff --git a/collector/receiver/udsreceiver/udsreceiver.go b/collector/receiver/udsreceiver/udsreceiver.go deleted file mode 100644 index 7080ddc0f..000000000 --- a/collector/receiver/udsreceiver/udsreceiver.go +++ /dev/null @@ -1,242 +0,0 @@ -package udsreceiver - -import ( - "os" - "sync" - "time" - - analyzerpackage "github.com/Kindling-project/kindling/collector/analyzer" - "github.com/Kindling-project/kindling/collector/component" - "github.com/Kindling-project/kindling/collector/model" - "github.com/Kindling-project/kindling/collector/receiver" - "github.com/gogo/protobuf/proto" - zmq "github.com/pebbe/zmq4" - "go.uber.org/zap" - "go.uber.org/zap/zapcore" -) - -const ( - Uds = "udsreceiver" -) - -type Socket struct { - *zmq.Socket -} - -type UdsReceiver struct { - cfg *Config - analyzerManager *analyzerpackage.Manager - zmqPullSocket Socket - zmqReqSocket Socket - shutdownWG sync.WaitGroup - shutdownState bool - telemetry *component.TelemetryTools - stats eventCounter -} - -type Config struct { - ZEROMQPULL *ZeroMqPullSettings `mapstructure:"zeromqpull"` - ZEROMQREQ *ZeroMqReqSettings `mapstructure:"zeromqreq"` -} - -type ZeroMqPullSettings struct { - // Endpoint configures the listening address for the server. - Endpoint string `mapstructure:"endpoint"` - hwm int `mapstructure:"hwm"` -} - -type SubEvent struct { - Category string `mapstructure:"category"` - Name string `mapstructure:"name"` -} - -type ZeroMqReqSettings struct { - // Endpoint configures the listening address for the server. - Endpoint string `mapstructure:"endpoint"` - hwm int `mapstructure:"hwm"` - SubcribeInfo []SubEvent `mapstructure:"subscribe"` -} - -func (r *UdsReceiver) newPullSocket(zss *ZeroMqPullSettings) Socket { - - zmqContextServer, _ := zmq.NewContext() - ServerClient, _ := zmqContextServer.NewSocket(zmq.PULL) - if zss.hwm != 0 { - _ = ServerClient.SetRcvhwm(zss.hwm) - } - return Socket{ServerClient} -} - -func (r *UdsReceiver) newReqSocket(zss *ZeroMqReqSettings) Socket { - zmqContextServer, _ := zmq.NewContext() - ServerClient, _ := zmqContextServer.NewSocket(zmq.REQ) - if zss.hwm != 0 { - _ = ServerClient.SetSndhwm(zss.hwm) - } - return Socket{ServerClient} -} - -func (soc Socket) connect(endpoint string) error { - var failedCount = 0 - var err error - for { - err = soc.Connect(endpoint) - if err != nil { - failedCount++ - if failedCount > 3 { - break - } - time.Sleep(time.Second) - } else { - err = nil - break - } - } - return err -} - -func NewUdsReceiver(config interface{}, telemetry *component.TelemetryTools, analyzerManager *analyzerpackage.Manager) receiver.Receiver { - cfg, ok := config.(*Config) - if !ok { - telemetry.Logger.Sugar().Panicf("Cannot convert [%s] config", Uds) - } - udsReceiver := &UdsReceiver{ - cfg: cfg, - analyzerManager: analyzerManager, - telemetry: telemetry, - stats: &stats{}, - } - newSelfMetrics(telemetry.MeterProvider, udsReceiver.stats) - return udsReceiver -} - -func (r *UdsReceiver) startZeroMqPull() error { - cfg := r.cfg.ZEROMQPULL - r.telemetry.Logger.Info("Starting ZeroMq Pull connect on endpoint", zap.String("endpoint", cfg.Endpoint)) - pullSocket := r.zmqPullSocket - err := pullSocket.connect(cfg.Endpoint) - if err != nil { - r.telemetry.Logger.Panic("Connecting ZeroMq Pull failed on endpoint", zap.String("endpoint", cfg.Endpoint)) - } - r.shutdownWG.Add(1) - go func() { - defer r.shutdownWG.Done() - for { - if r.shutdownState == true { - err := pullSocket.Close() - if err != nil { - return - } - r.shutdownState = false - break - } - req, _ := pullSocket.RecvMessage(0) - if len(req) >= 1 { - events := &model.KindlingEventList{} - err = proto.Unmarshal([]byte(req[0]), events) - if err != nil { - r.telemetry.Logger.Error("Error unmarshalling event: %v", zap.Error(err)) - continue - } - err = r.SendToNextConsumer(events) - if err != nil { - r.telemetry.Logger.Error("Error sending event to next consumer: %v", zap.Error(err)) - continue - } - } - } - }() - return nil -} - -func (r *UdsReceiver) startZeroMqReq() error { - cfg := r.cfg.ZEROMQREQ - cfgPull := r.cfg.ZEROMQPULL - reqSocket := r.zmqReqSocket - err := reqSocket.connect(cfg.Endpoint) - if err != nil { - r.telemetry.Logger.Error("Connecting ZeroMq Req failed on endpoint " + cfg.Endpoint) - return err - } - labels := make([]*model.Label, len(cfg.SubcribeInfo)) - for i, e := range cfg.SubcribeInfo { - labels[i] = &model.Label{Name: e.Name, Category: e.Category} - } - pid := os.Getpid() - subEvent := &model.SubEvent{ - Address: []byte(cfgPull.Endpoint), - Pid: uint32(pid), - Labels: labels, - } - p, err := proto.Marshal(subEvent) - if err != nil { - r.telemetry.Logger.Error("subscribe events marshal failed.") - } - _, err = reqSocket.SendMessage(p) - if err != nil { - r.telemetry.Logger.Error("subscribe request failed") - } - rep, err := reqSocket.RecvMessage(8) - if ce := r.telemetry.Logger.Check(zapcore.DebugLevel, "Receiver Message"); ce != nil { - ce.Write( - zap.String("rep", rep[0]), - ) - } - return err -} - -func (r *UdsReceiver) Start() error { - var err error - if r.cfg.ZEROMQREQ != nil { - r.zmqReqSocket = r.newReqSocket(r.cfg.ZEROMQREQ) - } - if r.cfg.ZEROMQPULL != nil { - r.zmqPullSocket = r.newPullSocket(r.cfg.ZEROMQPULL) - } - r.telemetry.Logger.Info("startZeroMqReq") - err = r.startZeroMqReq() - if err != nil { - return err - } - r.telemetry.Logger.Info("startZeroMqPull") - err = r.startZeroMqPull() - if err != nil { - return err - } - return err -} - -func (r *UdsReceiver) Shutdown() error { - var err error - if r.zmqPullSocket.Socket != nil { - r.shutdownState = true - } - r.shutdownWG.Wait() - return err -} - -func (r *UdsReceiver) SendToNextConsumer(events *model.KindlingEventList) error { - for _, evt := range events.KindlingEventList { - r.stats.add(evt.Name, 1) - if ce := r.telemetry.Logger.Check(zapcore.DebugLevel, "Receive Event"); ce != nil { - ce.Write( - zap.String("event", evt.String()), - ) - } - analyzers := r.analyzerManager.GetConsumableAnalyzers(evt.Name) - if analyzers == nil || len(analyzers) == 0 { - r.telemetry.Logger.Info("analyzer not found for event ", zap.String("eventName", evt.Name)) - continue - } - for _, analyzer := range analyzers { - err := analyzer.ConsumeEvent(evt) - if err != nil { - return err - } - if err != nil { - r.telemetry.Logger.Warn("Error sending event to next consumer: ", zap.Error(err)) - } - } - } - return nil -} diff --git a/collector/receiver/udsreceiver/udsreceiver_test.go b/collector/receiver/udsreceiver/udsreceiver_test.go deleted file mode 100644 index 90dc1f16a..000000000 --- a/collector/receiver/udsreceiver/udsreceiver_test.go +++ /dev/null @@ -1,39 +0,0 @@ -package udsreceiver - -import ( - "github.com/Kindling-project/kindling/collector/analyzer" - "github.com/Kindling-project/kindling/collector/component" - "testing" -) - -func TestUdsReceiver_Start(t *testing.T) { - cfg := &Config{ - ZEROMQPULL: &ZeroMqPullSettings{ - Endpoint: "ipc:///home/kindling/0", - }, - ZEROMQREQ: &ZeroMqReqSettings{ - Endpoint: "ipc:///home/kindling/0", - SubcribeInfo: []SubEvent{ - { - Name: "syscall_exit-write", - Category: "net", - }, - { - Name: "syscall_exit-read", - Category: "net", - }, - { - Name: "syscall_exit-sendto", - Category: "net", - }, - { - Name: "syscall_exit-recvform", - Category: "net", - }, - }, - }, - } - am, _ := analyzer.NewManager() - r := NewUdsReceiver(cfg, component.NewDefaultTelemetryTools(), am) - r.Start() -} diff --git a/deploy/agent/kindling-deploy.yml b/deploy/agent/kindling-deploy.yml index a74f1fef8..4871aa402 100644 --- a/deploy/agent/kindling-deploy.yml +++ b/deploy/agent/kindling-deploy.yml @@ -16,20 +16,14 @@ spec: spec: serviceAccount: kindling-agent containers: - - name: kindling-probe - image: kindlingproject/kindling-probe:latest + - name: kindling-agent + image: kindlingproject/kindling-agent:latest imagePullPolicy: Always - lifecycle: - postStart: - exec: - command: - - sh - - /pl/post_start.sh - command: - - /pl/docker-entrypoint.sh + securityContext: + privileged: true resources: limits: - memory: 300Mi + memory: 1Gi requests: memory: 300Mi env: @@ -39,8 +33,16 @@ spec: value: /host - name: SYSDIG_HOST_ROOT value: /host - securityContext: - privileged: true + - name: GOGC + value: "400" + - name: MY_NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName readinessProbe: exec: command: @@ -49,11 +51,8 @@ spec: initialDelaySeconds: 5 periodSeconds: 5 volumeMounts: - - name: shared-volume-kindling - mountPath: /home/kindling - readOnly: false - - name: shared-volume-subpub - mountPath: /home/kindling-sub + - mountPath: /etc/kindling/config + name: kindlingcfg - mountPath: /sys name: sys-vol - mountPath: /etc/modprobe.d @@ -82,36 +81,6 @@ spec: name: varrun-vol - mountPath: /dev/shm name: dshm - - name: kindling-collector - image: kindlingproject/kindling-collector:latest - imagePullPolicy: Always - securityContext: - privileged: true - resources: - limits: - memory: 800Mi - requests: - memory: 300Mi - env: - - name: GOGC - value: "400" - - name: MY_NODE_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: MY_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - mountPath: /etc/kindling/config - name: kindlingcfg - - name: shared-volume-kindling - mountPath: /home/kindling - readOnly: false - - name: shared-volume-subpub - mountPath: /home/kindling-sub - readOnly: false dnsPolicy: ClusterFirstWithHostNet hostNetwork: true hostPID: true @@ -126,10 +95,6 @@ spec: - hostPath: path: /etc/modprobe.d name: modprobe-d - - hostPath: - path: /etc/os-release - type: FileOrCreate - name: osrel - emptyDir: medium: Memory name: dshm @@ -159,8 +124,4 @@ spec: name: varrun-vol - hostPath: path: /sys - name: sys-vol - - name: shared-volume-kindling - emptyDir: {} - - name: shared-volume-subpub - emptyDir: {} + name: sys-vol \ No newline at end of file diff --git a/deploy/scripts/build.sh b/deploy/scripts/build.sh new file mode 100644 index 000000000..0d6021968 --- /dev/null +++ b/deploy/scripts/build.sh @@ -0,0 +1,23 @@ +cd ../../ +mkdir -p probe/build +cd probe/build +cmake -DBUILD_DRIVER=OFF -DPROBE_VERSION=0.1.1dev .. +make +libKindlingPath="./src/libkindling.so" +if [ ! -f "$libKindlingPath" ]; then + echo "compiler libkindling failed! exit!" + +else + cp -rf ./src/libkindling.so ../../collector/docker/libso + cp -rf ./src/libkindling.so /usr/lib64/ + cd ../../collector/ + sh collector-version-build.sh + collectorPath="./collector" + if [ ! -f "$collectorPath" ]; then + echo "compiler collector failed! exit!" + else + cp -rf ./collector ./docker/kindling-collector + cd docker + docker build -t kindling-collector . + fi +fi \ No newline at end of file diff --git a/probe/scripts/run_docker.sh b/deploy/scripts/run_docker.sh similarity index 88% rename from probe/scripts/run_docker.sh rename to deploy/scripts/run_docker.sh index 32e11eb55..897d456a8 100755 --- a/probe/scripts/run_docker.sh +++ b/deploy/scripts/run_docker.sh @@ -2,7 +2,7 @@ script_dir="$(dirname "$0")" workspace_root=$(realpath "${script_dir}/../") # Docker image information. -docker_image_with_tag="kindlingproject/kindling-compiler" +docker_image_with_tag="kindlingproject/agent-builder" configs=(-v "$HOME/.config:/root/.config" \ -v "$HOME/.ssh:/root/.ssh" \ @@ -22,7 +22,8 @@ docker run --rm -it \ "${configs[@]}" \ -v /var/run/docker.sock:/var/run/docker.sock \ -v "${workspace_root}/../:/kindling" \ - -w "/kindling/probe" \ + -w "/kindling" \ + --privileged=true \ "${RUN_DOCKER_EXTRA_ARGS[@]}" \ "${docker_image_with_tag}" \ "${exec_cmd[@]}" diff --git a/probe/.bazelrc b/probe/.bazelrc deleted file mode 100644 index df5656a13..000000000 --- a/probe/.bazelrc +++ /dev/null @@ -1,220 +0,0 @@ -# Global bazelrc file, see https://docs.bazel.build/versions/master/guide.html#bazelrc. -build --incompatible_restrict_string_escapes=false -build --incompatible_require_linker_input_cc_api=false - -query --incompatible_restrict_string_escapes=false -query --incompatible_require_linker_input_cc_api=false - -# This is to flush bazel cache for new version of clang/gcc. -build --action_env=CLANG_COMPILER_VERSION=11.1_0 -build --host_action_env=CLANG_COMPILER_VERSION=11.1_0 -build:clang --action_env=CC=/opt/clang-11.1/bin/clang -build:clang --host_action_env=CC=/opt/clang-11.1/bin/clang -build:clang --action_env=CXX=/opt/clang-11.1/bin/clang++ -build:clang --host_action_env=CXX=/opt/clang-11.1/bin/clang++ -build:clang --copt -Wno-dtor-name -build:clang --copt -Wno-unknown-warning-option -build:clang --copt -Wno-mismatched-tags - -# Get version information into the build. -build --workspace_status_command=bazel/get_workspace_status.sh - -# We only have support for python3 on the Ubuntu 20.04 image. -build --host_force_python=PY3 - -# Limit memory for JVM to reduce runaway usage. -startup --host_jvm_args=-Xmx1g - -# For all builds, by default, exclude tests that require root or BPF privileges. -# To run a test that was filtered out: -# bazel test //path/to:test --test_tag_filter= -# Which reset the filter to empty. -build --test_tag_filters=-requires_root,-requires_bpf,-disabled - -# Sets the default Apple platform to macOS. -build --apple_platform_type=macos - -# Keep debug symbols (required for go binaries). -# Unfortunately, this affects C++ with -c fastbuild too. -# Upgrading io_bazel_rules_go provides a better way to do this, but that upgrade is a tangled web. -# TODO(oazizi): Remove after upgrading io_bazel_rules_go. -build --strip=never - - -# Give each sandbox its own tmp directory. -# This is important for //src/stirling/utils:java_test, which otherwise creates conflicting writes -# when multiple instances are running simultaneously. -# It is also generally not a bad idea, since it improves heremeticity. -# For more context, see: https://github.com/bazelbuild/bazel/issues/3236 -test --sandbox_tmpfs_path=/tmp - -# Build for Clang: -build:clang --linkopt -fuse-ld=lld -build:clang --host_linkopt -fuse-ld=lld -build:clang --action_env=BAZEL_LINKLIBS=-l%:libstdc++.a -build:clang --host_action_env=BAZEL_LINKLIBS=-l%:libstdc++.a -build:clang --action_env=BAZEL_LINKOPTS=-lm:-static-libgcc -build:clang --host_action_env=BAZEL_LINKOPTS=-lm:-static-libgcc -# We need this to ensure that external projects are built with -# C++17 support. This is needed in some libraries like absl which -# have different behavior with C++17. -build:clang --action_env=BAZEL_CXXOPTS=-std=c++17 -build:clang --host_action_env=BAZEL_CXXOPTS=-std=c++17 -build:clang --action_env=BAZEL_COMPILER=clang -build:clang --host_action_env=BAZEL_COMPILER=clang -build:clang --action_env=CC=clang -build:clang --host_action_env=CC=clang -build:clang --action_env=CXX=clang++ -build:clang --host_action_env=CXX=clang++ - -# Build for Clang using Libc++. -build:libc++ --action_env=CXXFLAGS=-stdlib=libc++ -build:libc++ --action_env=LDFLAGS=-stdlib=libc++ -build:libc++ --action_env=BAZEL_CXXOPTS=-std=c++17:-stdlib=libc++ -build:libc++ --action_env=BAZEL_LINKLIBS=-l%:libc++.a:-l%:libc++abi.a:-lm -build:libc++ --action_env=CC=/opt/clang-11.1-libc++/bin/clang -build:libc++ --action_env=CXX=/opt/clang-11.1-libc++/bin/clang++ -build:libc++ --define use_libcpp=1 -# TODO(zasgar): Remove this in next diff. -build:libc++ --copt -D_LIBCPP_NO_EXPERIMENTAL_DEPRECATION_WARNING_FILESYSTEM -build:libc++ --build_tag_filters=-no_libcpp -build:libc++ --test_tag_filters=-no_libcpp,-requires_root,-requires_bpf,-disabled - -# Build for GCC. -build:gcc --action_env=BAZEL_LINKLIBS=-l%:libstdc++.a -build:gcc --action_env=BAZEL_LINKOPTS=-lm:-static-libgcc -# We need this to ensure that external projects are built with -# C++17 support. This is needed in some libraries like absl which -# have different behavior with C++17. -build:gcc --action_env=BAZEL_CXXOPTS=-std=c++17 -build:gcc --action_env=BAZEL_COMPILER=gcc -build:gcc --action_env=CC=/usr/bin/gcc-10 -build:gcc --action_env=CXX=/usr/bin/g++-10 -# These are copts because they apply to both c++ and c files. -# In particular, upb is has issues with this that will hopefully be -# fixed upstream soon. -build:gcc --copt -Wno-error=sign-compare -build:gcc --copt -Wno-error=stringop-truncation -build:gcc --copt -Wno-error=maybe-uninitialized -build:gcc --copt -Wno-unknown-warning-option -build:gcc --build_tag_filters=-no_gcc -build:gcc --test_tag_filters=-no_gcc,-requires_root,-requires_bpf,-disabled - -# Default build opts: -build --config=clang - -# Default mac config. Same as clang except we can't statically link, -# and mac does not use libstdc++. -build:macos --action_env=BAZEL_LINKLIBS -build:macos --action_env=BAZEL_LINKOPTS - -# bazel build --config asan ... -build:asan --define PL_CONFIG_ASAN=1 -build:asan --copt -DPL_CONFIG_ASAN -build:asan --copt -D__SANITIZE_ADDRESS__ -build:asan --copt -fsanitize=address,undefined -build:asan --linkopt -fsanitize=address,undefined -build:asan --copt -fno-sanitize=vptr -build:asan --linkopt -fno-sanitize=vptr -build:asan --copt -fsanitize-recover=all -build:asan --linkopt -ldl -build:asan --define tcmalloc=disabled -build:asan --build_tag_filters=-no_asan -build:asan --test_tag_filters=-no_asan,-requires_root,-requires_bpf,-disabled -build:asan --define signal_trace=disabled -build:asan --copt -DADDRESS_SANITIZER=1 -build:asan --test_env=ASAN_SYMBOLIZER_PATH -build:asan --test_env=ASAN_OPTIONS=handle_abort=1:allow_addr2line=true -build:asan --test_env=UBSAN_OPTIONS=halt_on_error=1:print_stacktrace=1 -build:asan --define tcmalloc=disabled -# Clang-10 requires additional linkopts to make sure ubsan is linked in correctly. -build:asan --linkopt=-L/opt/clang-11.1/lib/clang/11.1.0/lib/linux -build:asan --linkopt=-l:libclang_rt.ubsan_standalone-x86_64.a -build:asan --linkopt=-l:libclang_rt.ubsan_standalone_cxx-x86_64.a - -# bazel build --config msan -build:msan --define PL_CONFIG_MSAN=1 -build:msan --copt -fsanitize=memory -build:msan --linkopt -fsanitize=memory -build:msan --define tcmalloc=disabled -build:msan --build_tag_filters=-no_msan -build:msan --test_tag_filters=-no_msan,-requires_root,-requires_bpf,-disabled -build:msan --copt -fsanitize-memory-track-origins=2 -build:msan --define tcmalloc=disabled -build:msan --copt -DMEMORY_SANITIZER=1 - -# bazel build --config tsan -build:tsan --define PL_CONFIG_TSAN=1 -build:tsan --copt -fsanitize=thread -build:tsan --copt -fsanitize-recover=all -build:tsan --linkopt -fsanitize=thread -build:tsan --define tcmalloc=disabled -build:tsan --build_tag_filters=-no_tsan -build:tsan --test_tag_filters=-no_tsan,-requires_root,-requires_bpf,-disabled -build:tsan --define tcmalloc=disabled -build:tsan --copt -DTHREAD_SANITIZER=1 -# This is needed to address false positive problem with abseil. -# https://github.com/google/sanitizers/issues/953 -build:tsan --test_env=TSAN_OPTIONS=report_atomic_races=0 - -# Note that we are lumping tests that require root into the BPF tests below -# to minimize number of configs. -# If there are ever a lot of tests with requires_root, a new config is warranted. - -# Note 2: BPF tests are limited to --jobs=4, because otherwise the parallel tests -# cause a lot of flakiness. In particular, many of the BPF tests deploy containers, -# and the sudden deployment of too many containers causes some containers to get -# stuck for minutes without actually running. - -# bazel build --config bpf -build:bpf --build_tag_filters=requires_bpf,requires_root -build:bpf --test_tag_filters=requires_bpf,requires_root,-disabled -test:bpf --jobs=4 --strategy=TestRunner=standalone - -# bazel build --config bpf_asan -# Need to repeat the negative build_tag_filters from config=asan, -# because the positive build_tag_filters here can re-enable such tests. -build:bpf_asan --config=asan -build:bpf_asan --build_tag_filters=requires_bpf,requires_root,-no_asan -build:bpf_asan --test_tag_filters=requires_bpf,requires_root,-no_asan,-disabled -test:bpf_asan --jobs=4 --strategy=TestRunner=standalone - -# bazel build --config bpf_tsan -# Need to repeat the negative build_tag_filters from config=tsan, -# because the positive build_tag_filters here can re-enable such tests. -build:bpf_tsan --config=tsan -build:bpf_tsan --build_tag_filters=requires_bpf,requires_root,-no_tsan -build:bpf_tsan --test_tag_filters=requires_bpf,requires_root,-no_tsan,-disabled -test:bpf_tsan --jobs=4 --strategy=TestRunner=standalone - -coverage --config=gcc -coverage --cxxopt -fprofile-arcs -coverage --cxxopt -ftest-coverage -coverage --instrument_test_targets -coverage --define PL_COVERAGE=true -coverage --copt -DPL_COVERAGE -coverage --test_tag_filters=-requires_root,-requires_bpf,-no_coverage,-disabled,-no_gcc -# Uploading to BES from the coverage build seems to fail on jenkins. -coverage --experimental_build_event_upload_strategy=local - -# Use stable GIT build tag by default. -build --define BUNDLE_VERSION={STABLE_BUILD_TAG} - -# jenkins.bazelrc is copied from ci/jenkins.bazelrc by Jenkins workers during the build. -# The intention is to avoid polluting configurations of bazel for developers. -try-import %workspace%/jenkins.bazelrc - -# Put your own configurations into user.bazelrc, which is ignored by git. -try-import %workspace%/user.bazelrc - -# Import a machine specific bazelrc. This can be used to enable caching. -try-import /etc/bazelrc - -try-import %workspace%/bes.bazelrc - -# Tensorflow requires this option -common --experimental_repo_remote_exec - -# Try Stirling flakes more than the default 3 times. -test --flaky_test_attempts=//src/stirling/source_connectors/socket_tracer/.*bpf_test@5 - diff --git a/probe/.gitignore b/probe/.gitignore deleted file mode 100644 index 901bf8647..000000000 --- a/probe/.gitignore +++ /dev/null @@ -1,5 +0,0 @@ -.idea -cmake-build-debug -bazel-* -.git -.clwb \ No newline at end of file diff --git a/probe/BUILD.bazel b/probe/BUILD.bazel deleted file mode 100644 index e69de29bb..000000000 diff --git a/probe/CMakeLists.txt b/probe/CMakeLists.txt new file mode 100644 index 000000000..e3b73c4bd --- /dev/null +++ b/probe/CMakeLists.txt @@ -0,0 +1,70 @@ +# +# Copyright (C) 2013-2018 Draios Inc dba Sysdig. +# +# This file is part of sysdig . +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +cmake_minimum_required(VERSION 2.8.1) + +add_compile_options(-fPIC) +add_compile_options(-pie) +option(MINIMAL_BUILD "Produce a minimal sysdig binary with only the essential features (no eBPF probe driver, no kubernetes, no mesos, no marathon and no container metadata)" ON) +option(USE_BUNDLED_DEPS "Enable bundled dependencies instead of using the system ones" ON) + +# Add path for custom CMake modules. +list(APPEND CMAKE_MODULE_PATH + "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules") + +if(NOT CMAKE_BUILD_TYPE) + SET(CMAKE_BUILD_TYPE Release) +endif() + +project(kindling-probe) +set(PACKAGE_NAME "kindling") + +add_definitions(-DPLATFORM_NAME="${CMAKE_SYSTEM_NAME}") + +option(BUILD_WARNINGS_AS_ERRORS "Enable building with -Wextra -Werror flags") + +if(MINIMAL_BUILD) + set(MINIMAL_BUILD_FLAGS "-DMINIMAL_BUILD") +endif() + +set(KINDLING_DEBUG_FLAGS "-D_DEBUG") +set(CMAKE_COMMON_FLAGS "-Wall -ggdb ${MINIMAL_BUILD_FLAGS}") + +if (BUILD_WARNINGS_AS_ERRORS) + set(CMAKE_SUPPRESSED_WARNINGS "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-sign-compare -Wno-type-limits -Wno-implicit-fallthrough -Wno-format-truncation") + set(CMAKE_COMMON_FLAGS "${CMAKE_COMMON_FLAGS} -Wextra -Werror ${CMAKE_SUPPRESSED_WARNINGS}") +endif () + +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${CMAKE_COMMON_FLAGS}") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${CMAKE_COMMON_FLAGS} -std=c++0x") + +set(CMAKE_C_FLAGS_DEBUG "${KINDLING_DEBUG_FLAGS}") +set(CMAKE_CXX_FLAGS_DEBUG "${KINDLING_DEBUG_FLAGS}") + +set(CMAKE_C_FLAGS_RELEASE "-O3 -fno-strict-aliasing -DNDEBUG") +set(CMAKE_CXX_FLAGS_RELEASE "-O3 -fno-strict-aliasing -DNDEBUG") + +if (CMAKE_SYSTEM_NAME MATCHES "SunOS") + set(CMD_MAKE gmake) +else () + set(CMD_MAKE make) +endif () + +include(agent-libs) +add_subdirectory(src) + diff --git a/probe/COPYING b/probe/COPYING deleted file mode 100644 index 9f7ded338..000000000 --- a/probe/COPYING +++ /dev/null @@ -1,203 +0,0 @@ -The contents of the driver/ subdirectory are licensed separately--see COPYING.driver. - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/probe/NOTICES b/probe/NOTICES deleted file mode 100644 index bba7c1f43..000000000 --- a/probe/NOTICES +++ /dev/null @@ -1,28 +0,0 @@ -Copyright (C) 2013-2018 Draios Inc. dba Sysdig - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -SYSDIG SUBCOMPONENTS: - --The files in and its subdirectories are used to compile the - kernel module and may be injected into eBPF; these are dual licensed - under the MIT license or the GNU General Public License 2. Copies of - both licenses are available in the subdirectory. - --The following files are under Apache 2.0: - - userspace/sysdig/chisels/fileslower.lua, Copyright (C) 2014 Brendan Gregg - userspace/sysdig/chisels/memcachelog.lua, Copyright (C) 2015 Donatas Abraitis - userspace/sysdig/chisels/subsecoffset.lua, Copryight (C) 2013-2014 Draios Inc. dba Sysdig, Copyright (C) 2015 Brendan Gregg - userspace/sysdig/chisels/v_backlog.lua, Copyright (C) Donatas Abraitis - diff --git a/probe/README.md b/probe/README.md deleted file mode 100644 index ccc9a046a..000000000 --- a/probe/README.md +++ /dev/null @@ -1,22 +0,0 @@ -## 编译 ---- -### 启动编译镜像 -```shell -cd scripts -./run_docker.sh - -### daemon形式启动 -./run_docker_bpf_daemon.sh -``` -### 编译probe二进制 -```shell -bazel build -s --config=clang src/probe:kindling_probe -``` - -### 编译运行镜像 -```shell -### 编译 -bazel build -s --config=clang src/probe:push_image -### 推送,这里需要registry的密码,可以修改 src/probe/BUILD.bazel 来修改推送的registry -./bazel-bin/src/probe/push_image -``` \ No newline at end of file diff --git a/probe/WORKSPACE b/probe/WORKSPACE deleted file mode 100644 index 2387399b8..000000000 --- a/probe/WORKSPACE +++ /dev/null @@ -1,167 +0,0 @@ -workspace(name = "kp") - -load("@bazel_tools//tools/build_defs/repo:git.bzl","git_repository") -git_repository( - name = "px", - remote = "https://github.com/Kindling-project/pixie.git", - commit = "c98c1e8c041038d535db1fb2590087dcb91cf92f", -) - -BUILD_ALL_CONTENT = """filegroup(name = "all", srcs = glob(["**"]), visibility = ["//visibility:public"])""" - -load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") - -http_archive( - name = "lib_zmq", - urls = ["https://github.com/zeromq/libzmq/releases/download/v4.3.2/zeromq-4.3.2.tar.gz"], - sha256 = "ebd7b5c830d6428956b67a0454a7f8cbed1de74b3b01e5c33c5378e22740f763", - strip_prefix = "zeromq-4.3.2", - build_file_content = BUILD_ALL_CONTENT, - ) - -http_archive( - name = "agent-libs", - urls = ["https://github.com/Kindling-project/agent-libs/archive/92b86531d3f325ff7153b61a9346f4efb3cb9e01.tar.gz"], - sha256 = "d8415c0730860bfe7940164ba9a88b407be29fb6b7712f7544d3720537f14106", - strip_prefix = "agent-libs-92b86531d3f325ff7153b61a9346f4efb3cb9e01", - build_file_content = BUILD_ALL_CONTENT, - ) - - -new_local_repository( - name = "libzmq", - build_file = "bazel/external/libzmq.BUILD", - path = "/usr/local", - ) - -load("@px//:workspace.bzl", "check_min_bazel_version") - -check_min_bazel_version("4.0.0") - -load("@px//bazel:repositories.bzl", "pl_deps") - -# Install Pixie Labs Dependencies. -pl_deps() - -load("//bazel:kindling_probes.bzl", "kindling_probes") -kindling_probes() - -# Order is important. Try to go from most basic/primitive to higher level packages. -# - protobuf_deps -# - grpc_deps (must come after protobuf_deps) -# - go_rules_dependencies -# - apple_rules_dependencies (must come after grpc_deps) -# ... -load("@com_google_protobuf//:protobuf_deps.bzl", "protobuf_deps") - -protobuf_deps() - -load("@com_github_grpc_grpc//bazel:grpc_deps.bzl", "grpc_deps") - -grpc_deps() - -load("@com_github_jupp0r_prometheus_cpp//bazel:repositories.bzl", "prometheus_cpp_repositories") - -prometheus_cpp_repositories() - -load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies") - -go_rules_dependencies() - -go_register_toolchains(go_version = "1.16") - -load("@io_bazel_rules_scala//:scala_config.bzl", "scala_config") - -scala_version = "2.13.6" - -scala_config(scala_version = scala_version) - -load("@io_bazel_rules_scala//scala:scala.bzl", "scala_repositories") - -scala_repositories() - -load("@io_bazel_rules_scala//scala:toolchains.bzl", "scala_register_toolchains") - -scala_register_toolchains() - -# These dependencies are needed by GRPC. -load("@build_bazel_rules_apple//apple:repositories.bzl", "apple_rules_dependencies") - -apple_rules_dependencies() - -load("@build_bazel_apple_support//lib:repositories.bzl", "apple_support_dependencies") - -apple_support_dependencies() - -load("@px//bazel:pl_workspace.bzl", "pl_container_images", "pl_workspace_setup") - -pl_workspace_setup() - -# The pip_deps rule cannot be loaded until we load all the basic packages in the Pixie -# workspace. Also, bazel requires that loads are done at the top level (not in a function), so -# we need to pull it out over here. -load("@io_bazel_rules_docker//repositories:py_repositories.bzl", "py_deps") - -# py_deps() - -# The docker images can't be loaded until all pip_deps are satisfied. -pl_container_images() - -load("@com_github_grpc_grpc//bazel:grpc_extra_deps.bzl", "grpc_extra_deps") - -grpc_extra_deps() - -load("@rules_foreign_cc//foreign_cc:repositories.bzl", "rules_foreign_cc_dependencies") - -rules_foreign_cc_dependencies() - -load("@px//bazel:gogo.bzl", "gogo_grpc_proto") - -gogo_grpc_proto(name = "gogo_grpc_proto") - -# Setup tensorflow. -# load("@org_tensorflow//tensorflow:workspace.bzl", "tf_repositories") - -# tf_repositories() - -load("@px//bazel:pl_workspace.bzl", "pl_model_files") - -pl_model_files() - -# Setup the environment for the open-source python API. -# load("@rules_python//python:pip.bzl", "pip_parse") - -# pip_parse( -# name = "vizier_api_python_deps", -# requirements_lock = "//src/api/python:requirements.txt", -# ) - -# load("@vizier_api_python_deps//:requirements.bzl", "install_deps") - -# install_deps() - -# Setup thrift: used for building Stirling tracing targets. -load("@px//bazel:thrift.bzl", "thrift_deps") - -thrift_deps(scala_version = scala_version) - -# twitter_scrooge will use incompatible versions of @scrooge_jars and @thrift_jars. -# These bind statements ensure that the correct versions of finagle libthrift are used -# so that compilation is successful. See https://github.com/bazelbuild/rules_scala/issues/592 -# and https://github.com/bazelbuild/rules_scala/pull/847 for more details. -bind( - name = "io_bazel_rules_scala/dependency/thrift/scrooge_core", - actual = "@px//src/stirling/source_connectors/socket_tracer/testing/containers/thriftmux:scrooge_jars", -) - -bind( - name = "io_bazel_rules_scala/dependency/thrift/libthrift", - actual = "@px//src/stirling/source_connectors/socket_tracer/testing/containers/thriftmux:thrift_jars", -) - -# gazelle:repo bazel_gazelle - -load("@px//:go_deps.bzl", "pl_go_dependencies") - -# gazelle:repository_macro go_deps.bzl%pl_go_dependencies -#pl_go_dependencies() diff --git a/probe/bazel/BUILD.bazel b/probe/bazel/BUILD.bazel deleted file mode 100644 index f096aaf6c..000000000 --- a/probe/bazel/BUILD.bazel +++ /dev/null @@ -1,62 +0,0 @@ -# Copyright 2018- The Pixie Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 - -package(default_visibility = ["//visibility:public"]) - -config_setting( - name = "disable_tcmalloc", - values = {"define": "tcmalloc=disabled"}, -) - -config_setting( - name = "debug_tcmalloc", - values = {"define": "tcmalloc=debug"}, -) - -config_setting( - name = "coverage_enabled", - values = {"define": "PL_COVERAGE=true"}, -) - -config_setting( - name = "clang_build", - flag_values = { - "@bazel_tools//tools/cpp:compiler": "clang", - }, -) - -config_setting( - name = "gcc_build", - flag_values = { - "@bazel_tools//tools/cpp:compiler": "gcc", - }, -) - -config_setting( - name = "use_libcpp", - values = {"define": "use_libcpp=1"}, -) - -config_setting( - name = "debug_build", - values = {"compilation_mode": "dbg"}, -) - -config_setting( - name = "stamped", - values = {"stamp": "true"}, -) - diff --git a/probe/bazel/external/llvm.BUILD b/probe/bazel/external/llvm.BUILD deleted file mode 100644 index 9974be018..000000000 --- a/probe/bazel/external/llvm.BUILD +++ /dev/null @@ -1,123 +0,0 @@ -# Copyright 2018- The Pixie Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 - -load("@rules_cc//cc:defs.bzl", "cc_library") - -licenses(["notice"]) - -cc_library( - name = "llvm", - # do not sort. - srcs = [ - "lib/libclang.a", - "lib/libclangIndex.a", - "lib/libclangCodeGen.a", - "lib/libclangFrontend.a", - "lib/libclangSerialization.a", - "lib/libclangDriver.a", - "lib/libclangParse.a", - "lib/libclangSema.a", - "lib/libclangAnalysis.a", - "lib/libclangEdit.a", - "lib/libclangAST.a", - "lib/libclangLex.a", - "lib/libclangBasic.a", - "lib/libclangFormat.a", - "lib/libclangToolingCore.a", - "lib/libclangToolingInclusions.a", - "lib/libclangRewrite.a", - "lib/libLLVMBPFDisassembler.a", - "lib/libLLVMBPFAsmParser.a", - "lib/libLLVMCoroutines.a", - "lib/libLLVMCoverage.a", - "lib/libLLVMLTO.a", - "lib/libLLVMX86CodeGen.a", - "lib/libLLVMCFGuard.a", - "lib/libLLVMX86Desc.a", - "lib/libLLVMX86Info.a", - "lib/libLLVMMCDisassembler.a", - "lib/libLLVMBitstreamReader.a", - "lib/libclangASTMatchers.a", - "lib/libLLVMRemarks.a", - "lib/libLLVMGlobalISel.a", - "lib/libLLVMPasses.a", - "lib/libPolly.a", - "lib/libPollyISL.a", - "lib/libLLVMipo.a", - "lib/libLLVMAggressiveInstCombine.a", - "lib/libLLVMVectorize.a", - "lib/libLLVMInstrumentation.a", - "lib/libLLVMOption.a", - "lib/libLLVMObjCARCOpts.a", - "lib/libLLVMMCJIT.a", - "lib/libLLVMOrcJIT.a", - "lib/libLLVMExecutionEngine.a", - "lib/libLLVMRuntimeDyld.a", - "lib/libLLVMLinker.a", - "lib/libLLVMIRReader.a", - "lib/libLLVMAsmParser.a", - "lib/libLLVMDebugInfoDWARF.a", - "lib/libLLVMBPFCodeGen.a", - "lib/libLLVMSelectionDAG.a", - "lib/libLLVMBPFDesc.a", - "lib/libLLVMBPFInfo.a", - "lib/libLLVMAsmPrinter.a", - "lib/libLLVMX86AsmParser.a", - "lib/libLLVMDebugInfoCodeView.a", - "lib/libLLVMDebugInfoMSF.a", - "lib/libLLVMCodeGen.a", - "lib/libLLVMTarget.a", - "lib/libLLVMScalarOpts.a", - "lib/libLLVMInstCombine.a", - "lib/libLLVMTransformUtils.a", - "lib/libLLVMBitWriter.a", - "lib/libLLVMAnalysis.a", - "lib/libLLVMProfileData.a", - "lib/libLLVMObject.a", - "lib/libLLVMTextAPI.a", - "lib/libLLVMMCParser.a", - "lib/libLLVMMC.a", - "lib/libLLVMBitReader.a", - "lib/libLLVMCore.a", - "lib/libLLVMBinaryFormat.a", - "lib/libLLVMFrontendOpenMP.a", - "lib/libLLVMSupport.a", - "lib/libLLVMDemangle.a", - "lib/libLLVMX86Disassembler.a", - "lib/libLLVMJITLink.a", - "lib/libLLVMOrcTargetProcess.a", - "lib/libLLVMOrcShared.a", - # WARNING HACK: This adds a stub so that we don't have to include all of - # clang-tidy with the LLVM build. We don't need to use clang-tidy since we don't - # do any auto cleanup/formatting during our compile process. If this ever changes, - # this stub will need to be removed. - # Refer to: https://reviews.llvm.org/D55415 - "@px//third_party:clang_tidy_stub", - ], - hdrs = glob([ - "include/**/*.h", - "include/**/*.def", - "include/**/*.inc", - ]), - includes = ["include"], - linkopts = [ - # Terminal info for llvm - "-ltinfo", - ], - linkstatic = 1, - visibility = ["//visibility:public"], - alwayslink = 1, -) diff --git a/probe/bazel/get_workspace_status.sh b/probe/bazel/get_workspace_status.sh deleted file mode 100755 index 68195cba2..000000000 --- a/probe/bazel/get_workspace_status.sh +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/bash - -# Copyright 2018- The Pixie Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 - -# This file was inspired by: -# https://github.com/envoyproxy/envoy/blob/master/bazel/get_workspace_status - -# This script will be run bazel when building process starts to -# generate key-value information that represents the status of the -# workspace. The output should be like -# -# KEY1 VALUE1 -# KEY2 VALUE2 -# -# If the script exits with non-zero code, it's considered as a failure -# and the output will be discarded. - -# If this VERSION file exists then it must have been placed here by a -# distribution doing a non-git, source build. -# Distributions would be expected to echo the commit/tag as BUILD_SCM_REVISION. -if [[ -f "VERSION" && -f "GIT_COMMIT" ]]; -then - echo "STABLE_BUILD_SCM_REVISION $(cat GIT_COMMIT)" - echo "STABLE_BUILD_TAG $(cat VERSION)" - echo "STABLE_BUILD_NUMBER ${BUILD_NUMBER}" - echo "STABLE_BUILD_SCM_STATUS Distribution" - - exit 0 -fi - -# The code below presents an implementation that works for git repository. -git_rev=$(git rev-parse HEAD) -if [[ $? != 0 ]]; -then - exit 1 -fi -echo "STABLE_BUILD_SCM_REVISION ${git_rev}" - - -# Check whether there are any uncommitted changes. -git diff-index --quiet HEAD -- -if [[ $? == 0 ]]; -then - tree_status="Clean" -else - tree_status="Modified" -fi - -echo "STABLE_BUILD_SCM_STATUS ${tree_status}" - -# Use 0.0.0-dev for all dev build versions. We don't have a version number that is -# shared accross all our binaries which makes it hard to semantically version. -echo "BUILD_TAG 0.0.0-dev" -echo "STABLE_BUILD_TAG 0.0.0-dev" -echo "STABLE_BUILD_NUMBER 0" - -echo "BUILD_TAG 0.0.0-dev" -echo "BUILD_NUMBER 0" diff --git a/probe/bazel/kindling_probes.bzl b/probe/bazel/kindling_probes.bzl deleted file mode 100644 index 6569fcc34..000000000 --- a/probe/bazel/kindling_probes.bzl +++ /dev/null @@ -1,9 +0,0 @@ -load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_file") - -def kindling_probes(): - http_file( - name = "kindling_falcolib_probe_tar_gz", - urls = ["https://k8s-bpf-probes-public.oss-cn-hangzhou.aliyuncs.com/kindling-falcolib-probe.tar.gz"], - sha256 = "fc6b44cfa36ad7cb1c532a07c0e5a761b289d696a33299af7293878003db74ac", - downloaded_file_path = "kindling-falcolib-probe.tar.gz", - ) diff --git a/probe/cmake/modules/agent-libs-repo/CMakeLists.txt b/probe/cmake/modules/agent-libs-repo/CMakeLists.txt new file mode 100644 index 000000000..16078df2b --- /dev/null +++ b/probe/cmake/modules/agent-libs-repo/CMakeLists.txt @@ -0,0 +1,15 @@ +cmake_minimum_required(VERSION 3.5.1) + +project(. NONE) + +include(ExternalProject) +message(STATUS "Driver version: ${AGENT_LIBS_VERSION}") + +ExternalProject_Add( + agent-libs + URL "https://github.com/Kindling-project/agent-libs/archive/${AGENT_LIBS_VERSION}.tar.gz" + URL_HASH "${AGENT_LIBS_CHECKSUM}" + CONFIGURE_COMMAND "" + BUILD_COMMAND "" + INSTALL_COMMAND "" + TEST_COMMAND "") \ No newline at end of file diff --git a/probe/cmake/modules/agent-libs.cmake b/probe/cmake/modules/agent-libs.cmake new file mode 100644 index 000000000..27f3e8163 --- /dev/null +++ b/probe/cmake/modules/agent-libs.cmake @@ -0,0 +1,75 @@ +# +# Copyright (C) 2013-2021 Draios Inc dba Sysdig. +# +# This file is part of sysdig . +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set(AGENT_LIBS_CMAKE_SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules/agent-libs-repo") +set(AGENT_LIBS_CMAKE_WORKING_DIR "${CMAKE_BINARY_DIR}/agent-libs-repo") + +add_definitions(-DHAS_CAPTURE) +add_definitions(-DMINIMAL_BUILD) + +file(MAKE_DIRECTORY ${AGENT_LIBS_CMAKE_WORKING_DIR}) + +if(AGENT_LIBS_SOURCE_DIR) + set(AGENT_LIBS_VERSION "local") + message(STATUS "Using local falcosecurity/libs in '${AGENT_LIBS_SOURCE_DIR}'") +else() + # The falcosecurity/libs git reference (branch name, commit hash, or tag) To update falcosecurity/libs version for the next release, change the + # default below In case you want to test against another falcosecurity/libs version just pass the variable - ie., `cmake + # -DAGENT_LIBS_VERSION=dev ..` + if(NOT AGENT_LIBS_VERSION) + set(AGENT_LIBS_VERSION "972312900297c01d8d52657d333e36eb8710c23c") + set(AGENT_LIBS_CHECKSUM "SHA256=1b8740c1de91abe36169ea2c6850265c9c86a18f6b6d9bcfd9a4c8e7330e78a9") + endif() + + # cd /path/to/build && cmake /path/to/source + execute_process(COMMAND "${CMAKE_COMMAND}" -DAGENT_LIBS_VERSION=${AGENT_LIBS_VERSION} -DAGENT_LIBS_CHECKSUM=${AGENT_LIBS_CHECKSUM} + ${AGENT_LIBS_CMAKE_SOURCE_DIR} WORKING_DIRECTORY ${AGENT_LIBS_CMAKE_WORKING_DIR}) + + # todo(leodido, fntlnz) > use the following one when CMake version will be >= 3.13 + + # execute_process(COMMAND "${CMAKE_COMMAND}" -B ${AGENT_LIBS_CMAKE_WORKING_DIR} WORKING_DIRECTORY + # "${AGENT_LIBS_CMAKE_SOURCE_DIR}") + + execute_process(COMMAND "${CMAKE_COMMAND}" --build . WORKING_DIRECTORY "${AGENT_LIBS_CMAKE_WORKING_DIR}") + set(AGENT_LIBS_SOURCE_DIR "${AGENT_LIBS_CMAKE_WORKING_DIR}/agent-libs-prefix/src/agent-libs") +endif() + +set(DRIVER_VERSION "${AGENT_LIBS_VERSION}") + +if(NOT LIBSCAP_DIR) + set(LIBSCAP_DIR "${AGENT_LIBS_SOURCE_DIR}") +endif() +set(LIBSINSP_DIR "${AGENT_LIBS_SOURCE_DIR}") + +set(CREATE_TEST_TARGETS OFF CACHE BOOL "") +set(BUILD_LIBSCAP_EXAMPLES OFF CACHE BOOL "") +set(BUILD_LIBSINSP_EXAMPLES OFF CACHE BOOL "") + +list(APPEND CMAKE_MODULE_PATH "${LIBSCAP_DIR}/cmake/modules") +list(APPEND CMAKE_MODULE_PATH "${LIBSINSP_DIR}/cmake/modules") + +include(CheckSymbolExists) +check_symbol_exists(strlcpy "string.h" HAVE_STRLCPY) +if(HAVE_STRLCPY) + message(STATUS "Existing strlcpy found, will *not* use local definition by setting -DHAVE_STRLCPY.") + add_definitions(-DHAVE_STRLCPY) +else() + message(STATUS "No strlcpy found, will use local definition") +endif() + +include(libscap) +include(libsinsp) \ No newline at end of file diff --git a/probe/coding_conventions.md b/probe/coding_conventions.md deleted file mode 100644 index bdb5850ba..000000000 --- a/probe/coding_conventions.md +++ /dev/null @@ -1,278 +0,0 @@ -0 Introduction ------- - -Sysdig strives for a consistent high quality code base and uses the conventions -below. If you are going to commit code that doesn't follow them, then you put the -work on us. :-(. - -If you use vim or emacs, you can put a custom configuration file in the base -directory of sysdig in order to follow the conventions. - -Also, note that the conventions in this file apply **strictly to the userspace** part -of sysdig. For the kernel code, you should refer to -https://www.kernel.org/doc/html/latest/process/coding-style.html -and always run checkpatch.pl from the kernel tree before submitting pull requests. - -Thanks for your attention and time. - -1 Curly Braces ------- - -Every curly brace ("{" and "}") should go on its own line. - -Example: - - if(a == 0) - { - b = 1; - } - -2 If and for statements ------- - -Every `if` and `for` statement should have the curly braces. - -Example: - - if(a == 0) - { - b = 1; - } - -and not - - if(a == 0) - b = 1; - -3 Whitespace usage ------- - -Spaces are used in the following way: - - int32_t foo(int32_t a, int32_t b) - { - for(j = 0; j < 10; j++) - { - foo(a, b); - } - } - -Note that: - - * in a function declaration, there is no space between the function name and the "(". - * in a function declaration, there is no space between the "(" and the first parameter. - * in a statement (e.g `for`, `while`...), there is no space between the "for" and the "(". - * in a statement (e.g `for`), there is no space between the "(" and the variable name. - * in a function call, there is no space between the function name and the "(". - * in a function call, there is no space between the "(" and the first parameter. - * "," and ";" work like in English: there should be a space after them. - -4 Primitive types ------- - -For portability reasons, please use the standard C99 types instead of the native C types -like `int` and `long`. C99 types types will be available in all the user level sysdig -source files: - -Example: - - int32_t foo; - -5 Commenting Style ------- - -Comments should be in the C++ style so we can use `/* */` to quickly remove -portions of code during development. - -Example: - - // this is a comment - -6 Commenting Content ------- - -Code comments work in the following 2-level way: - - * A three-line comment should document what the code does and give higher level explanations. - * A one line comment should detail single code lines or explain specific actions. - -Example: - - // - // Swap two variables - // - int a = 1, b = 2, t; - - // make a copy of a - t = a; - - // perform the swap - a = b; - b = t; - -7 Class variables ------- - -In order to know whether a variable belongs to a `class` or a `function` we start member variables with "`m_`". - -Example: - - public int32_t m_counter; - -8 Global variables ------- - -Similarly, in order to know whether the variable is global or not, we start -globals with "`g_`". - -Example: - - int g_nplugins; - -9 Capitalization ------- - -The naming convention is camel-cased "Unix" style, i.e. always lower case. Words are separated by underscores. - -Example: - - int32_t g_global_bean_counter; - - int32_t count_beans(); - -and not, - - int32_t GlobalBeanCounter; - -10 Packed Structures -------- -Packed structures should use the GCC and MSVC-style supported `pragma`: - - #pragma pack(push,1) - struct frame_control - { - struct fields.... - }; - #pragma pack(pop) - -11 OS-specific macros -------- - -There's an online wiki which enumerates the different macros for compilers, operating systems, and architectures. -It's available at [http://sourceforge.net/p/predef/wiki/Home/](http://sourceforge.net/p/predef/wiki/Home/). Generally speaking we use the operating system page: [http://sourceforge.net/p/predef/wiki/OperatingSystems/](http://sourceforge.net/p/predef/wiki/OperatingSystems/). - -12 64-bit constants -------- - -Put an "LL" at the end of your 64 bit constants. Without the LL, on some platforms the compiler tries to interpret the constant on the right hand side -as a long integer instead of a long long and in some platform this generate an error at building time. - -Example: - - x=0X00FF00000000000LL - -13 Class Declaration -------- - -Class declarations follow the following sequence - - 1. contructors and desctuctor - 1. public functions - 1. public data - 1. private functions - 1. private data - 1. friend declarations - -Example: - - class foo - { - public: - foo(); - ~foo(); - - int32_t lonli(); - int32_t m_val; - - private: - int32_t temustra(); - int32_t m_val2; - }; - -14 Struct guidelines -------- - -We think hiding the presence of a pointer makes the code unnecessarily -ambiguous and more difficult. - -Seeing a * in a variable declaration immediately identifies a pointer, which -is easier to mentally keep track of! - -Also we think that defining the struct as a typedef makes forward declarations -clunky and find using the C++ style when declaring our structs makes our -lives easier. - - // - // Us human parsers find this confusing. - // - typedef struct _my_struct - { - u_int16 m_field; - } my_struct, - *p_my_struct; - - // - // This is easier! - // - struct my_struct { - u_int16 m_field; - }; - - -15 Temporary variables -------- - -Since "j" is used less frequently in english prose than "a" or "i", we find -that these variables (in hierarchical order) are great for counters: j, k, l, -m, n. - -Example: - - int32_t j,k; - for(j = 0; j < 10; j++) - { - for(k = 0; k < 10; k++) - { - int32_t foo = j + k; - } - } - -as opposed to: - - int32_t i,counter; - for(i = 0; i < 10; i++) - { - for(counter = 0; counter < 10; counter++) - { - int32_t foo = i + counter; - } - } - -16 Error management -------- - -Error management inside libscap is done through return values, since the scap -library is written in C. -Error management in the rest of the sysdig user level code base is done through -exceptions. We know there's a lot of debate between return values and -exceptions. We decided to pick the latter, so please stick with that. - -## You Made It! - -Phew! That's it. Thanks! - -If we've left anything in the open, feel free to contact us and we'll be happy -to get back to you. Also, you can look at the existing code and see how it's -done. - -Have a good one! diff --git a/probe/docker/BUILD.bazel b/probe/docker/BUILD.bazel deleted file mode 100644 index 916e736b2..000000000 --- a/probe/docker/BUILD.bazel +++ /dev/null @@ -1,11 +0,0 @@ -filegroup( - name = "scripts", - srcs = ["docker-entrypoint.sh","kindling-probe-loader","gdb_print.sh","post_start.sh"], - visibility = ["//visibility:public"], -) - -filegroup( - name = "localdriver", - srcs = ["kindling-falcolib-probe.tar.gz"], - visibility = ["//visibility:public"], -) diff --git a/probe/docker/Dockerfile b/probe/docker/Dockerfile deleted file mode 100644 index fed0f3c9f..000000000 --- a/probe/docker/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -FROM centos:7 -RUN yum install -y gdb -ENV HCMINE_HOST_ROOT /host - -COPY lib/* /lib64/ -RUN ldconfig - -COPY kindling-probe-loader /usr/bin/kindling-probe-loader -RUN chmod +x /usr/bin/kindling-probe-loader -COPY docker-entrypoint.sh / -RUN chmod +x /docker-entrypoint.sh -COPY gdb_print.sh /usr/bin/gdb_print.sh -COPY probe/* /opt/.kindling/ - -COPY kindling-probe /usr/bin/ - -ENTRYPOINT ["/docker-entrypoint.sh"] - -CMD ["/usr/bin/kindling-probe"] \ No newline at end of file diff --git a/probe/docker/docker-entrypoint.sh b/probe/docker/docker-entrypoint.sh deleted file mode 100644 index 9018a4bec..000000000 --- a/probe/docker/docker-entrypoint.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - -/pl/kindling-probe-loader - -if [ -f "/opt/probe.o" ]; then - export SYSDIG_BPF_PROBE="/opt/probe.o" -fi - -exec /pl/kindling_probe "$@" diff --git a/probe/docker/gdb_print.sh b/probe/docker/gdb_print.sh deleted file mode 100755 index 4907abdd6..000000000 --- a/probe/docker/gdb_print.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh - -binname=$1 -corefile=$2 - -(gdb $binname $corefile > ./$corefile.log 2>&1) < +#include + +static sinsp *inspector = nullptr; + +int cnt = 0; +map m_events; +map m_categories; +int16_t event_filters[1024][16]; + +void init_sub_label() +{ + for(auto e : kindling_to_sysdig) + { + m_events[e.event_name] = e.event_type; + } + for(auto c : category_map) + { + m_categories[c.cateogry_name] = c.category_value; + } + for(int i = 0; i < 1024; i++) + { + for(int j = 0; j < 16; j++) + { + event_filters[i][j] = 0; + } + } +} + +void sub_event(char *eventName, char *category) +{ + cout << "sub event name:" << eventName << " && category:" << category << endl; + auto it_type = m_events.find(eventName); + if(it_type != m_events.end()) + { + if(category == nullptr || category[0] == '\0') + { + for(int j = 0; j < 16; j++) + { + event_filters[it_type->second][j] = 1; + } + } + else + { + auto it_category = m_categories.find(category); + if(it_category != m_categories.end()) + { + event_filters[it_type->second][it_category->second] = 1; + } + } + } +} + +void init_probe() +{ + bool bpf = false; + string bpf_probe; + inspector = new sinsp(); + init_sub_label(); + string output_format; + output_format = "*%evt.num %evt.outputtime %evt.cpu %container.name (%container.id) %proc.name (%thread.tid:%thread.vtid) %evt.dir %evt.type %evt.info"; + try + { + inspector = new sinsp(); + inspector->set_hostname_and_port_resolution_mode(false); + inspector->set_snaplen(80); + + inspector->suppress_events_comm("containerd"); + inspector->suppress_events_comm("dockerd"); + inspector->suppress_events_comm("containerd-shim"); + inspector->suppress_events_comm("kindling-collector"); + inspector->suppress_events_comm("sshd"); + sinsp_evt_formatter formatter(inspector, output_format); + const char *probe = scap_get_bpf_probe_from_env(); + if(probe) + { + bpf = true; + bpf_probe = probe; + } + + bool open_success = true; + + try + { + inspector->open(""); + inspector->clear_eventmask(); + inspector->set_eventmask(PPME_SYSCALL_WRITEV_X); + inspector->set_eventmask(PPME_SYSCALL_WRITEV_X - 1); + inspector->set_eventmask(PPME_SYSCALL_WRITE_X); + inspector->set_eventmask(PPME_SYSCALL_WRITE_E); + inspector->set_eventmask(PPME_SYSCALL_READ_X); + inspector->set_eventmask(PPME_SYSCALL_READ_E); + } + catch(const sinsp_exception &e) + { + open_success = false; + cout << "open failed" << endl; + } + + // + // Starting the live capture failed, try to load the driver with + // modprobe. + // + if(!open_success) + { + if(bpf) + { + if(bpf_probe.empty()) + { + fprintf(stderr, "Unable to locate the BPF probe\n"); + } + } + + inspector->open(""); + } + } + catch(const exception &e) + { + fprintf(stderr, "kindling probe init err: %s", e.what()); + } +} + +int getEvent(void **pp_kindling_event) +{ + int32_t res; + sinsp_evt *ev; + res = inspector->next(&ev); + if(res == SCAP_TIMEOUT) + { + return -1; + } + else if(res != SCAP_SUCCESS) + { + return -1; + } + if(!inspector->is_debug_enabled() && + ev->get_category() & EC_INTERNAL) + { + return -1; + } + auto threadInfo = ev->get_thread_info(); + if(threadInfo == nullptr) + { + return -1; + } + + auto category = ev->get_category(); + if(category & EC_IO_BASE) + { + auto pres = ev->get_param_value_raw("res"); + if(pres && *(int64_t *)pres->m_val <= 0) + { + return -1; + } + } + + uint16_t kindling_category = get_kindling_category(ev); + uint16_t ev_type = ev->get_type(); + if(event_filters[ev_type][kindling_category] == 0) + { + return -1; + } + + kindling_event_t_for_go *p_kindling_event; + if(nullptr == *pp_kindling_event) + { + *pp_kindling_event = (kindling_event_t_for_go *)malloc(sizeof(kindling_event_t_for_go)); + p_kindling_event = (kindling_event_t_for_go *)*pp_kindling_event; + + p_kindling_event->name = (char *)malloc(sizeof(char) * 1024); + p_kindling_event->context.tinfo.comm = (char *)malloc(sizeof(char) * 256); + p_kindling_event->context.tinfo.containerId = (char *)malloc(sizeof(char) * 256); + p_kindling_event->context.fdInfo.filename = (char *)malloc(sizeof(char) * 1024); + p_kindling_event->context.fdInfo.directory = (char *)malloc(sizeof(char) * 1024); + + for(int i = 0; i < 8; i++) + { + p_kindling_event->userAttributes[i].key = (char *)malloc(sizeof(char) * 128); + p_kindling_event->userAttributes[i].value = (char *)malloc(sizeof(char) * 1024); + } + } + p_kindling_event = (kindling_event_t_for_go *)*pp_kindling_event; + + sinsp_fdinfo_t *fdInfo = ev->get_fd_info(); + p_kindling_event->timestamp = ev->get_ts(); + p_kindling_event->category = kindling_category; + p_kindling_event->context.tinfo.pid = threadInfo->m_pid; + p_kindling_event->context.tinfo.tid = threadInfo->m_tid; + p_kindling_event->context.tinfo.uid = threadInfo->m_uid; + p_kindling_event->context.tinfo.gid = threadInfo->m_gid; + p_kindling_event->context.fdInfo.num = ev->get_fd_num(); + if(nullptr != fdInfo) + { + p_kindling_event->context.fdInfo.fdType = fdInfo->m_type; + + switch(fdInfo->m_type) + { + case SCAP_FD_FILE: + case SCAP_FD_FILE_V2: + { + + string name = fdInfo->m_name; + size_t pos = name.rfind('/'); + if(pos != string::npos) + { + if(pos < name.size() - 1) + { + string fileName = name.substr(pos + 1, string::npos); + memcpy(p_kindling_event->context.fdInfo.filename, fileName.data(), fileName.length()); + if(pos != 0) + { + + name.resize(pos); + + strcpy(p_kindling_event->context.fdInfo.directory, (char *)name.data()); + } + else + { + strcpy(p_kindling_event->context.fdInfo.directory, "/"); + } + } + } + break; + } + case SCAP_FD_IPV4_SOCK: + case SCAP_FD_IPV4_SERVSOCK: + p_kindling_event->context.fdInfo.protocol = get_protocol(fdInfo->get_l4proto()); + p_kindling_event->context.fdInfo.role = fdInfo->is_role_server(); + p_kindling_event->context.fdInfo.sip = fdInfo->m_sockinfo.m_ipv4info.m_fields.m_sip; + p_kindling_event->context.fdInfo.dip = fdInfo->m_sockinfo.m_ipv4info.m_fields.m_dip; + p_kindling_event->context.fdInfo.sport = fdInfo->m_sockinfo.m_ipv4info.m_fields.m_sport; + p_kindling_event->context.fdInfo.dport = fdInfo->m_sockinfo.m_ipv4info.m_fields.m_dport; + break; + case SCAP_FD_UNIX_SOCK: + p_kindling_event->context.fdInfo.source = fdInfo->m_sockinfo.m_unixinfo.m_fields.m_source; + p_kindling_event->context.fdInfo.destination = fdInfo->m_sockinfo.m_unixinfo.m_fields.m_dest; + break; + default: + break; + } + } + + uint16_t userAttNumber = 0; + switch(ev->get_type()) + { + case PPME_TCP_RCV_ESTABLISHED_E: + case PPME_TCP_CLOSE_E: + { + auto pTuple = ev->get_param_value_raw("tuple"); + userAttNumber = setTuple(p_kindling_event, pTuple, userAttNumber); + + auto pRtt = ev->get_param_value_raw("srtt"); + if(pRtt != NULL) + { + strcpy(p_kindling_event->userAttributes[userAttNumber].key, "rtt"); + memcpy(p_kindling_event->userAttributes[userAttNumber].value, pRtt->m_val, pRtt->m_len); + p_kindling_event->userAttributes[userAttNumber].valueType = UINT32; + p_kindling_event->userAttributes[userAttNumber].len = pRtt->m_len; + userAttNumber++; + } + break; + } + case PPME_TCP_CONNECT_X: + { + auto pTuple = ev->get_param_value_raw("tuple"); + userAttNumber = setTuple(p_kindling_event, pTuple, userAttNumber); + auto pRetVal = ev->get_param_value_raw("retval"); + if(pRetVal != NULL) + { + strcpy(p_kindling_event->userAttributes[userAttNumber].key, "retval"); + memcpy(p_kindling_event->userAttributes[userAttNumber].value, pRetVal->m_val, pRetVal->m_len); + p_kindling_event->userAttributes[userAttNumber].valueType = UINT64; + p_kindling_event->userAttributes[userAttNumber].len = pRetVal->m_len; + userAttNumber++; + } + break; + } + case PPME_TCP_DROP_E: + case PPME_TCP_RETRANCESMIT_SKB_E: + case PPME_TCP_SET_STATE_E: + { + auto pTuple = ev->get_param_value_raw("tuple"); + userAttNumber = setTuple(p_kindling_event, pTuple, userAttNumber); + auto old_state = ev->get_param_value_raw("old_state"); + if(old_state != NULL) + { + strcpy(p_kindling_event->userAttributes[userAttNumber].key, "old_state"); + memcpy(p_kindling_event->userAttributes[userAttNumber].value, old_state->m_val, old_state->m_len); + p_kindling_event->userAttributes[userAttNumber].len = old_state->m_len; + p_kindling_event->userAttributes[userAttNumber].valueType = INT32; + userAttNumber++; + } + auto new_state = ev->get_param_value_raw("new_state"); + if(new_state != NULL) + { + strcpy(p_kindling_event->userAttributes[userAttNumber].key, "new_state"); + memcpy(p_kindling_event->userAttributes[userAttNumber].value, new_state->m_val, new_state->m_len); + p_kindling_event->userAttributes[userAttNumber].valueType = INT32; + p_kindling_event->userAttributes[userAttNumber].len = new_state->m_len; + userAttNumber++; + } + break; + } + case PPME_TCP_SEND_RESET_E: + case PPME_TCP_RECEIVE_RESET_E: + { + auto pTuple = ev->get_param_value_raw("tuple"); + userAttNumber = setTuple(p_kindling_event, pTuple, userAttNumber); + break; + } + default: + { + uint16_t paramsNumber = ev->get_num_params(); + if(paramsNumber > 8) + { + paramsNumber = 8; + } + for(auto i = 0; i < paramsNumber; i++) + { + + strcpy(p_kindling_event->userAttributes[userAttNumber].key, (char *)ev->get_param_name(i)); + memcpy(p_kindling_event->userAttributes[userAttNumber].value, ev->get_param(i)->m_val, + ev->get_param(i)->m_len); + p_kindling_event->userAttributes[userAttNumber].len = ev->get_param(i)->m_len; + p_kindling_event->userAttributes[userAttNumber].valueType = get_type(ev->get_param_info(i)->type); + userAttNumber++; + } + } + } + p_kindling_event->paramsNumber = userAttNumber; + strcpy(p_kindling_event->name, (char *)ev->get_name()); + strcpy(p_kindling_event->context.tinfo.comm, (char *)threadInfo->m_comm.data()); + strcpy(p_kindling_event->context.tinfo.containerId, (char *)threadInfo->m_container_id.data()); + return 1; +} + +int setTuple(kindling_event_t_for_go *p_kindling_event, const sinsp_evt_param *pTuple, int userAttNumber) +{ + if(NULL != pTuple) + { + auto tuple = pTuple->m_val; + if(tuple[0] == PPM_AF_INET) + { + if(pTuple->m_len == 1 + 4 + 2 + 4 + 2) + { + + strcpy(p_kindling_event->userAttributes[userAttNumber].key, "sip"); + memcpy(p_kindling_event->userAttributes[userAttNumber].value, tuple + 1, 4); + p_kindling_event->userAttributes[userAttNumber].valueType = UINT32; + p_kindling_event->userAttributes[userAttNumber].len = 4; + userAttNumber++; + + strcpy(p_kindling_event->userAttributes[userAttNumber].key, "sport"); + memcpy(p_kindling_event->userAttributes[userAttNumber].value, tuple + 5, 2); + p_kindling_event->userAttributes[userAttNumber].valueType = UINT16; + p_kindling_event->userAttributes[userAttNumber].len = 2; + userAttNumber++; + + strcpy(p_kindling_event->userAttributes[userAttNumber].key, "dip"); + memcpy(p_kindling_event->userAttributes[userAttNumber].value, tuple + 7, 4); + p_kindling_event->userAttributes[userAttNumber].valueType = UINT32; + p_kindling_event->userAttributes[userAttNumber].len = 4; + userAttNumber++; + + strcpy(p_kindling_event->userAttributes[userAttNumber].key, "dport"); + memcpy(p_kindling_event->userAttributes[userAttNumber].value, tuple + 11, 2); + p_kindling_event->userAttributes[userAttNumber].valueType = UINT16; + p_kindling_event->userAttributes[userAttNumber].len = 2; + userAttNumber++; + } + } + } + return userAttNumber; +} + +uint16_t get_protocol(scap_l4_proto proto) +{ + switch(proto) + { + case SCAP_L4_TCP: + return TCP; + case SCAP_L4_UDP: + return UDP; + case SCAP_L4_ICMP: + return ICMP; + case SCAP_L4_RAW: + return RAW; + default: + return UNKNOWN; + } +} + +uint16_t get_type(ppm_param_type type) +{ + switch(type) + { + case PT_INT8: + return INT8; + case PT_INT16: + return INT16; + case PT_INT32: + return INT32; + case PT_INT64: + case PT_FD: + case PT_PID: + case PT_ERRNO: + return INT64; + case PT_FLAGS8: + case PT_UINT8: + case PT_SIGTYPE: + return UINT8; + case PT_FLAGS16: + case PT_UINT16: + case PT_SYSCALLID: + return UINT16; + case PT_UINT32: + case PT_FLAGS32: + case PT_MODE: + case PT_UID: + case PT_GID: + case PT_BOOL: + case PT_SIGSET: + return UINT32; + case PT_UINT64: + case PT_RELTIME: + case PT_ABSTIME: + return UINT64; + case PT_CHARBUF: + case PT_FSPATH: + return CHARBUF; + case PT_BYTEBUF: + return BYTEBUF; + case PT_DOUBLE: + return DOUBLE; + case PT_SOCKADDR: + case PT_SOCKTUPLE: + case PT_FDLIST: + default: + return BYTEBUF; + } +} + +uint16_t get_kindling_category(sinsp_evt *sEvt) +{ + sinsp_evt::category cat; + sEvt->get_category(&cat); + switch(cat.m_category) + { + case EC_OTHER: + return CAT_OTHER; + case EC_FILE: + return CAT_FILE; + case EC_NET: + return CAT_NET; + case EC_IPC: + return CAT_IPC; + case EC_MEMORY: + return CAT_MEMORY; + case EC_PROCESS: + return CAT_PROCESS; + case EC_SLEEP: + return CAT_SLEEP; + case EC_SYSTEM: + return CAT_SYSTEM; + case EC_SIGNAL: + return CAT_SIGNAL; + case EC_USER: + return CAT_USER; + case EC_TIME: + return CAT_TIME; + case EC_IO_READ: + case EC_IO_WRITE: + case EC_IO_OTHER: + { + switch(cat.m_subcategory) + { + case sinsp_evt::SC_FILE: + return CAT_FILE; + case sinsp_evt::SC_NET: + return CAT_NET; + case sinsp_evt::SC_IPC: + return CAT_IPC; + default: + return CAT_OTHER; + } + } + default: + return CAT_OTHER; + } +} diff --git a/probe/src/cgo/kindling.h b/probe/src/cgo/kindling.h new file mode 100644 index 000000000..cb31c6628 --- /dev/null +++ b/probe/src/cgo/kindling.h @@ -0,0 +1,404 @@ +// +// Created by jundi zhou on 2022/6/1. +// +#pragma once +#ifndef SYSDIG_KINDLING_H +#define SYSDIG_KINDLING_H +#include "sinsp.h" + +void init_probe(); +int getEvent(void **kindlingEvent); +uint16_t get_kindling_category(sinsp_evt *sEvt); +void init_sub_label(); +void sub_event(char* eventName, char* category); +uint16_t get_protocol(scap_l4_proto proto); +uint16_t get_type(ppm_param_type type); +struct event { + string event_name; + ppm_event_type event_type; +}; +struct kindling_event_t_for_go{ + uint64_t timestamp; + char *name; + uint32_t category; + uint16_t paramsNumber; + struct KeyValue { + char *key; + char* value; + uint32_t len; + uint32_t valueType; + }userAttributes[8]; + struct event_context { + struct thread_info { + uint32_t pid; + uint32_t tid; + uint32_t uid; + uint32_t gid; + char *comm; + char *containerId; + }tinfo; + struct fd_info { + int32_t num; + uint32_t fdType; + char *filename; + char *directory; + uint32_t protocol; + uint8_t role; + uint32_t sip; + uint32_t dip; + uint32_t sport; + uint32_t dport; + uint64_t source; + uint64_t destination; + }fdInfo; + }context; +}; + +int setTuple(kindling_event_t_for_go* kevt, const sinsp_evt_param *pTuple, int userAttNumber); + +enum Category { + CAT_NONE = 0, + CAT_OTHER = 1, // No specific category + CAT_FILE = 2, // File operations or File I/O + CAT_NET = 3, // Network operations or network I/O + CAT_IPC = 4, // IPC operations or IPC I/O + CAT_WAIT = 5, // + CAT_SIGNAL = 6, // Signal-related operations (signal) + CAT_SLEEP = 7, // nanosleep + CAT_TIME = 8, // Time-related event (e.g. gettimeofday)) + CAT_PROCESS = 9, // Process-related event (e.g. fork, clone, + CAT_SCHEDULER = 10, // Scheduler event (context switch) + CAT_MEMORY = 11, // Memory-related operations (e.g. brk, mmap, unmap) + CAT_USER = 12, // User-related operations (e.g. getuid, setgid) + CAT_SYSTEM = 13, // System-related operations (e.g. reboot) + Category_MAX = 14 +}; +const static event kindling_to_sysdig[PPM_EVENT_MAX] = { + {"syscall_enter-open", PPME_SYSCALL_OPEN_E}, + {"syscall_exit-open", PPME_SYSCALL_OPEN_X}, + {"syscall_enter-close", PPME_SYSCALL_CLOSE_E}, + {"syscall_exit-close", PPME_SYSCALL_CLOSE_X}, + {"syscall_enter-read", PPME_SYSCALL_READ_E}, + {"syscall_exit-read", PPME_SYSCALL_READ_X}, + {"syscall_enter-write", PPME_SYSCALL_WRITE_E}, + {"syscall_exit-write", PPME_SYSCALL_WRITE_X}, + {"syscall_enter-brk", PPME_SYSCALL_BRK_4_E}, + {"syscall_exit-brk", PPME_SYSCALL_BRK_4_X}, + {"syscall_enter-execve", PPME_SYSCALL_EXECVE_19_E}, + {"syscall_exit-execve", PPME_SYSCALL_EXECVE_19_X}, + {"syscall_enter-clone", PPME_SYSCALL_CLONE_20_E}, + {"syscall_exit-clone", PPME_SYSCALL_CLONE_20_X}, + {"syscall_enter-socket", PPME_SOCKET_SOCKET_E}, + {"syscall_exit-socket", PPME_SOCKET_SOCKET_X}, + {"syscall_enter-bind", PPME_SOCKET_BIND_E}, + {"syscall_exit-bind", PPME_SOCKET_BIND_X}, + {"syscall_enter-connect", PPME_SOCKET_CONNECT_E}, + {"syscall_exit-connect", PPME_SOCKET_CONNECT_X}, + {"syscall_enter-listen", PPME_SOCKET_LISTEN_E}, + {"syscall_exit-listen", PPME_SOCKET_LISTEN_X}, + {"syscall_enter-accept", PPME_SOCKET_ACCEPT_5_E}, + {"syscall_exit-accept", PPME_SOCKET_ACCEPT_5_X}, + {"syscall_enter-accept4", PPME_SOCKET_ACCEPT4_5_E}, + {"syscall_exit-accept4", PPME_SOCKET_ACCEPT4_5_X}, + {"syscall_enter-sendto", PPME_SOCKET_SENDTO_E}, + {"syscall_exit-sendto", PPME_SOCKET_SENDTO_X}, + {"syscall_enter-recvfrom", PPME_SOCKET_RECVFROM_E}, + {"syscall_exit-recvfrom", PPME_SOCKET_RECVFROM_X}, + {"syscall_enter-shutdown", PPME_SOCKET_SHUTDOWN_E}, + {"syscall_exit-shutdown", PPME_SOCKET_SHUTDOWN_X}, + {"syscall_enter-getsockname", PPME_SOCKET_GETSOCKNAME_E}, + {"syscall_exit-getsockname", PPME_SOCKET_GETSOCKNAME_X}, + {"syscall_enter-getpeername", PPME_SOCKET_GETPEERNAME_E}, + {"syscall_exit-getpeername", PPME_SOCKET_GETPEERNAME_X}, + {"syscall_enter-socketpair", PPME_SOCKET_SOCKETPAIR_E}, + {"syscall_exit-socketpair", PPME_SOCKET_SOCKETPAIR_X}, + {"syscall_enter-setsockopt", PPME_SOCKET_SETSOCKOPT_E}, + {"syscall_exit-setsockopt", PPME_SOCKET_SETSOCKOPT_X}, + {"syscall_enter-getsockopt", PPME_SOCKET_GETSOCKOPT_E}, + {"syscall_exit-getsockopt", PPME_SOCKET_GETSOCKOPT_X}, + {"syscall_enter-sendmsg", PPME_SOCKET_SENDMSG_E}, + {"syscall_exit-sendmsg", PPME_SOCKET_SENDMSG_X}, + {"syscall_enter-sendmmsg", PPME_SOCKET_SENDMMSG_E}, + {"syscall_exit-sendmmsg", PPME_SOCKET_SENDMMSG_X}, + {"syscall_enter-recvmsg", PPME_SOCKET_RECVMSG_E}, + {"syscall_exit-recvmsg", PPME_SOCKET_RECVMSG_X}, + {"syscall_enter-recvmmsg", PPME_SOCKET_RECVMMSG_E}, + {"syscall_exit-recvmmsg", PPME_SOCKET_RECVMMSG_X}, + {"syscall_enter-sendfile", PPME_SYSCALL_SENDFILE_E}, + {"syscall_exit-sendfile", PPME_SYSCALL_SENDFILE_X}, + {"syscall_enter-creat", PPME_SYSCALL_CREAT_E}, + {"syscall_exit-creat", PPME_SYSCALL_CREAT_X}, + {"syscall_enter-pipe", PPME_SYSCALL_PIPE_E}, + {"syscall_exit-pipe", PPME_SYSCALL_PIPE_X}, + {"syscall_enter-pipe2", PPME_SYSCALL_PIPE_E}, + {"syscall_exit-pipe2", PPME_SYSCALL_PIPE_X}, + {"syscall_enter-eventfd", PPME_SYSCALL_EVENTFD_E}, + {"syscall_exit-eventfd", PPME_SYSCALL_EVENTFD_X}, + {"syscall_enter-eventfd2", PPME_SYSCALL_EVENTFD_E}, + {"syscall_exit-eventfd2", PPME_SYSCALL_EVENTFD_X}, + {"syscall_enter-futex", PPME_SYSCALL_FUTEX_E}, + {"syscall_exit-futex", PPME_SYSCALL_FUTEX_X}, + {"syscall_enter-stat", PPME_SYSCALL_STAT_E}, + {"syscall_exit-stat", PPME_SYSCALL_STAT_X}, + {"syscall_enter-lstat", PPME_SYSCALL_LSTAT_E}, + {"syscall_exit-lstat", PPME_SYSCALL_LSTAT_X}, + {"syscall_enter-fstat", PPME_SYSCALL_FSTAT_E}, + {"syscall_exit-fstat", PPME_SYSCALL_FSTAT_X}, + {"syscall_enter-stat64", PPME_SYSCALL_STAT64_E}, + {"syscall_exit-stat64", PPME_SYSCALL_STAT64_X}, + {"syscall_enter-lstat64", PPME_SYSCALL_LSTAT64_E}, + {"syscall_exit-lstat64", PPME_SYSCALL_LSTAT64_X}, + {"syscall_enter-fstat64", PPME_SYSCALL_FSTAT64_E}, + {"syscall_exit-fstat64", PPME_SYSCALL_FSTAT64_X}, + {"syscall_enter-epoll_wait", PPME_SYSCALL_EPOLLWAIT_E}, + {"syscall_exit-epoll_wait", PPME_SYSCALL_EPOLLWAIT_X}, + {"syscall_enter-poll", PPME_SYSCALL_POLL_E}, + {"syscall_exit-poll", PPME_SYSCALL_POLL_X}, + {"syscall_enter-ppoll", PPME_SYSCALL_PPOLL_E}, + {"syscall_exit-ppoll", PPME_SYSCALL_PPOLL_X}, + {"syscall_enter-select", PPME_SYSCALL_SELECT_E}, + {"syscall_exit-select", PPME_SYSCALL_SELECT_X}, + {"syscall_enter-lseek", PPME_SYSCALL_LSEEK_E}, + {"syscall_exit-lseek", PPME_SYSCALL_LSEEK_X}, + {"syscall_enter-llseek", PPME_SYSCALL_LLSEEK_E}, + {"syscall_exit-llseek", PPME_SYSCALL_LLSEEK_X}, + {"syscall_enter-getcwd", PPME_SYSCALL_GETCWD_E}, + {"syscall_exit-getcwd", PPME_SYSCALL_GETCWD_X}, + {"syscall_enter-chdir", PPME_SYSCALL_CHDIR_E}, + {"syscall_exit-chdir", PPME_SYSCALL_CHDIR_X}, + {"syscall_enter-fchdir", PPME_SYSCALL_FCHDIR_E}, + {"syscall_exit-fchdir", PPME_SYSCALL_FCHDIR_X}, + {"syscall_enter-mkdir", PPME_SYSCALL_MKDIR_2_E}, + {"syscall_exit-mkdir", PPME_SYSCALL_MKDIR_2_X}, + {"syscall_enter-mkdirat", PPME_SYSCALL_MKDIRAT_E}, + {"syscall_exit-mkdirat", PPME_SYSCALL_MKDIRAT_X}, + {"syscall_enter-rmdir", PPME_SYSCALL_RMDIR_2_E}, + {"syscall_exit-rmdir", PPME_SYSCALL_RMDIR_2_X}, + {"syscall_enter-unlink", PPME_SYSCALL_UNLINK_2_E}, + {"syscall_exit-unlink", PPME_SYSCALL_UNLINK_2_X}, + {"syscall_enter-unlinkat", PPME_SYSCALL_UNLINKAT_2_E}, + {"syscall_exit-unlinkat", PPME_SYSCALL_UNLINKAT_2_X}, + {"syscall_enter-openat", PPME_SYSCALL_OPENAT_2_E}, + {"syscall_exit-openat", PPME_SYSCALL_OPENAT_2_X}, + {"syscall_enter-link", PPME_SYSCALL_LINK_2_E}, + {"syscall_exit-link", PPME_SYSCALL_LINK_2_X}, + {"syscall_enter-linkat", PPME_SYSCALL_LINKAT_2_E}, + {"syscall_exit-linkat", PPME_SYSCALL_LINKAT_2_X}, + {"syscall_enter-pread", PPME_SYSCALL_PREAD_E}, + {"syscall_exit-pread", PPME_SYSCALL_PREAD_X}, + {"syscall_enter-pwrite", PPME_SYSCALL_PWRITE_E}, + {"syscall_exit-pwrite", PPME_SYSCALL_PWRITE_X}, + {"syscall_enter-readv", PPME_SYSCALL_READV_E}, + {"syscall_exit-readv", PPME_SYSCALL_READV_X}, + {"syscall_enter-writev", PPME_SYSCALL_WRITEV_E}, + {"syscall_exit-writev", PPME_SYSCALL_WRITEV_X}, + {"syscall_enter-preadv", PPME_SYSCALL_PREADV_E}, + {"syscall_exit-preadv", PPME_SYSCALL_PREADV_X}, + {"syscall_enter-pwritev", PPME_SYSCALL_PWRITEV_E}, + {"syscall_exit-pwritev", PPME_SYSCALL_PWRITEV_X}, + {"syscall_enter-dup", PPME_SYSCALL_DUP_E}, + {"syscall_exit-dup", PPME_SYSCALL_DUP_X}, + {"syscall_enter-dup2", PPME_SYSCALL_DUP_E}, + {"syscall_exit-dup2", PPME_SYSCALL_DUP_X}, + {"syscall_enter-dup3", PPME_SYSCALL_DUP_E}, + {"syscall_exit-dup3", PPME_SYSCALL_DUP_X}, + {"syscall_enter-signalfd", PPME_SYSCALL_SIGNALFD_E}, + {"syscall_exit-signalfd", PPME_SYSCALL_SIGNALFD_X}, + {"syscall_enter-signalfd4", PPME_SYSCALL_SIGNALFD_E}, + {"syscall_exit-signalfd4", PPME_SYSCALL_SIGNALFD_X}, + {"syscall_enter-kill", PPME_SYSCALL_KILL_E}, + {"syscall_exit-kill", PPME_SYSCALL_KILL_X}, + {"syscall_enter-tkill", PPME_SYSCALL_TKILL_E}, + {"syscall_exit-tkill", PPME_SYSCALL_TKILL_X}, + {"syscall_enter-tgkill", PPME_SYSCALL_TGKILL_E}, + {"syscall_exit-tgkill", PPME_SYSCALL_TGKILL_X}, + {"syscall_enter-nanosleep", PPME_SYSCALL_NANOSLEEP_E}, + {"syscall_exit-nanosleep", PPME_SYSCALL_NANOSLEEP_X}, + {"syscall_enter-timerfd_create", PPME_SYSCALL_TIMERFD_CREATE_E}, + {"syscall_exit-timerfd_create", PPME_SYSCALL_TIMERFD_CREATE_X}, + {"syscall_enter-inotify_init", PPME_SYSCALL_INOTIFY_INIT_E}, + {"syscall_exit-inotify_init", PPME_SYSCALL_INOTIFY_INIT_X}, + {"syscall_enter-inotify_init1", PPME_SYSCALL_INOTIFY_INIT_E}, + {"syscall_exit-inotify_init1", PPME_SYSCALL_INOTIFY_INIT_X}, + {"syscall_enter-getrlimit", PPME_SYSCALL_GETRLIMIT_E}, + {"syscall_exit-getrlimit", PPME_SYSCALL_GETRLIMIT_X}, + {"syscall_enter-setrlimit", PPME_SYSCALL_SETRLIMIT_E}, + {"syscall_exit-setrlimit", PPME_SYSCALL_SETRLIMIT_X}, + {"syscall_enter-prlimit", PPME_SYSCALL_PRLIMIT_E}, + {"syscall_exit-prlimit", PPME_SYSCALL_PRLIMIT_X}, + {"syscall_enter-fcntl", PPME_SYSCALL_FCNTL_E}, + {"syscall_exit-fcntl", PPME_SYSCALL_FCNTL_X}, + {"syscall_enter-ioctl", PPME_SYSCALL_IOCTL_3_E}, + {"syscall_exit-ioctl", PPME_SYSCALL_IOCTL_3_X}, + {"syscall_enter-mmap", PPME_SYSCALL_MMAP_E}, + {"syscall_exit-mmap", PPME_SYSCALL_MMAP_X}, + {"syscall_enter-mmap2", PPME_SYSCALL_MMAP2_E}, + {"syscall_exit-mmap2", PPME_SYSCALL_MMAP2_X}, + {"syscall_enter-munmap", PPME_SYSCALL_MUNMAP_E}, + {"syscall_exit-munmap", PPME_SYSCALL_MUNMAP_X}, + {"syscall_enter-splice", PPME_SYSCALL_SPLICE_E}, + {"syscall_exit-splice", PPME_SYSCALL_SPLICE_X}, + {"syscall_enter-ptrace", PPME_SYSCALL_PTRACE_E}, + {"syscall_exit-ptrace", PPME_SYSCALL_PTRACE_X}, + {"syscall_enter-rename", PPME_SYSCALL_RENAME_E}, + {"syscall_exit-rename", PPME_SYSCALL_RENAME_X}, + {"syscall_enter-renameat", PPME_SYSCALL_RENAMEAT_E}, + {"syscall_exit-renameat", PPME_SYSCALL_RENAMEAT_X}, + {"syscall_enter-symlink", PPME_SYSCALL_SYMLINK_E}, + {"syscall_exit-symlink", PPME_SYSCALL_SYMLINK_X}, + {"syscall_enter-symlinkat", PPME_SYSCALL_SYMLINKAT_E}, + {"syscall_exit-symlinkat", PPME_SYSCALL_SYMLINKAT_X}, + {"syscall_enter-fork", PPME_SYSCALL_FORK_20_E}, + {"syscall_exit-fork", PPME_SYSCALL_FORK_20_X}, + {"syscall_enter-vfork", PPME_SYSCALL_VFORK_20_E}, + {"syscall_exit-vfork", PPME_SYSCALL_VFORK_20_X}, + {"syscall_enter-quotactl", PPME_SYSCALL_QUOTACTL_E}, + {"syscall_exit-quotactl", PPME_SYSCALL_QUOTACTL_X}, + {"syscall_enter-setresuid", PPME_SYSCALL_SETRESUID_E}, + {"syscall_exit-setresuid", PPME_SYSCALL_SETRESUID_X}, + {"syscall_enter-setresgid", PPME_SYSCALL_SETRESGID_E}, + {"syscall_exit-setresgid", PPME_SYSCALL_SETRESGID_X}, + {"syscall_enter-setuid", PPME_SYSCALL_SETUID_E}, + {"syscall_exit-setuid", PPME_SYSCALL_SETUID_X}, + {"syscall_enter-setgid", PPME_SYSCALL_SETGID_E}, + {"syscall_exit-setgid", PPME_SYSCALL_SETGID_X}, + {"syscall_enter-getuid", PPME_SYSCALL_GETUID_E}, + {"syscall_exit-getuid", PPME_SYSCALL_GETUID_X}, + {"syscall_enter-geteuid", PPME_SYSCALL_GETEUID_E}, + {"syscall_exit-geteuid", PPME_SYSCALL_GETEUID_X}, + {"syscall_enter-getgid", PPME_SYSCALL_GETGID_E}, + {"syscall_exit-getgid", PPME_SYSCALL_GETGID_X}, + {"syscall_enter-getegid", PPME_SYSCALL_GETEGID_E}, + {"syscall_exit-getegid", PPME_SYSCALL_GETEGID_X}, + {"syscall_enter-getresuid", PPME_SYSCALL_GETRESUID_E}, + {"syscall_exit-getresuid", PPME_SYSCALL_GETRESUID_X}, + {"syscall_enter-getresgid", PPME_SYSCALL_GETRESGID_E}, + {"syscall_exit-getresgid", PPME_SYSCALL_GETRESGID_X}, + {"syscall_enter-getdents", PPME_SYSCALL_GETDENTS_E}, + {"syscall_exit-getdents", PPME_SYSCALL_GETDENTS_X}, + {"syscall_enter-getdents64", PPME_SYSCALL_GETDENTS64_E}, + {"syscall_exit-getdents64", PPME_SYSCALL_GETDENTS64_X}, + {"syscall_enter-setns", PPME_SYSCALL_SETNS_E}, + {"syscall_exit-setns", PPME_SYSCALL_SETNS_X}, + {"syscall_enter-flock", PPME_SYSCALL_FLOCK_E}, + {"syscall_exit-flock", PPME_SYSCALL_FLOCK_X}, + {"syscall_enter-semop", PPME_SYSCALL_SEMOP_E}, + {"syscall_exit-semop", PPME_SYSCALL_SEMOP_X}, + {"syscall_enter-semctl", PPME_SYSCALL_SEMCTL_E}, + {"syscall_exit-semctl", PPME_SYSCALL_SEMCTL_X}, + {"syscall_enter-mount", PPME_SYSCALL_MOUNT_E}, + {"syscall_exit-mount", PPME_SYSCALL_MOUNT_X}, + {"syscall_enter-umount", PPME_SYSCALL_UMOUNT_E}, + {"syscall_exit-umount", PPME_SYSCALL_UMOUNT_X}, + {"syscall_enter-semget", PPME_SYSCALL_SEMGET_E}, + {"syscall_exit-semget", PPME_SYSCALL_SEMGET_X}, + {"syscall_enter-access", PPME_SYSCALL_ACCESS_E}, + {"syscall_exit-access", PPME_SYSCALL_ACCESS_X}, + {"syscall_enter-chroot", PPME_SYSCALL_CHROOT_E}, + {"syscall_exit-chroot", PPME_SYSCALL_CHROOT_X}, + {"syscall_enter-setsid", PPME_SYSCALL_SETSID_E}, + {"syscall_exit-setsid", PPME_SYSCALL_SETSID_X}, + {"syscall_enter-setpgid", PPME_SYSCALL_SETPGID_E}, + {"syscall_exit-setpgid", PPME_SYSCALL_SETPGID_X}, + {"syscall_enter-unshare", PPME_SYSCALL_UNSHARE_E}, + {"syscall_exit-unshare", PPME_SYSCALL_UNSHARE_X}, + {"syscall_enter-bpf", PPME_SYSCALL_BPF_E}, + {"syscall_exit-bpf", PPME_SYSCALL_BPF_X}, + {"syscall_enter-seccomp", PPME_SYSCALL_SECCOMP_E}, + {"syscall_exit-seccomp", PPME_SYSCALL_SECCOMP_X}, + {"syscall_enter-fchmodat", PPME_SYSCALL_FCHMODAT_E}, + {"syscall_exit-fchmodat", PPME_SYSCALL_FCHMODAT_X}, + {"syscall_enter-chmod", PPME_SYSCALL_CHMOD_E}, + {"syscall_exit-chmod", PPME_SYSCALL_CHMOD_X}, + {"syscall_enter-fchmod", PPME_SYSCALL_FCHMOD_E}, + {"syscall_exit-fchmod", PPME_SYSCALL_FCHMOD_X}, + {"tracepoint-sched_switch", PPME_SCHEDSWITCH_6_E}, + {"tracepoint-signaldeliver", PPME_SIGNALDELIVER_E}, + {"tracepoint-signaldeliver", PPME_SIGNALDELIVER_X}, + {"syscall_enter-alarm", PPME_GENERIC_E}, + {"syscall_exit-alarm", PPME_GENERIC_X}, + {"syscall_enter-epoll_create", PPME_GENERIC_E}, + {"syscall_exit-epoll_create", PPME_GENERIC_X}, + {"syscall_enter-epoll_ctl", PPME_GENERIC_E}, + {"syscall_exit-epoll_ctl", PPME_GENERIC_X}, + {"syscall_enter-lchown", PPME_GENERIC_E}, + {"syscall_exit-lchown", PPME_GENERIC_X}, + {"syscall_enter-old_select", PPME_GENERIC_E}, + {"syscall_exit-old_select", PPME_GENERIC_X}, + {"syscall_enter-pause", PPME_GENERIC_E}, + {"syscall_exit-pause", PPME_GENERIC_X}, + {"syscall_enter-process_vm_readv", PPME_GENERIC_E}, + {"syscall_exit-process_vm_readv", PPME_GENERIC_X}, + {"syscall_enter-process_vm_writev", PPME_GENERIC_E}, + {"syscall_exit-process_vm_writev", PPME_GENERIC_X}, + {"syscall_enter-pselect6", PPME_GENERIC_E}, + {"syscall_exit-pselect6", PPME_GENERIC_X}, + {"syscall_enter-sched_getparam", PPME_GENERIC_E}, + {"syscall_exit-sched_getparam", PPME_GENERIC_X}, + {"syscall_enter-sched_setparam", PPME_GENERIC_E}, + {"syscall_exit-sched_setparam", PPME_GENERIC_X}, + {"syscall_enter-syslog", PPME_GENERIC_E}, + {"syscall_exit-syslog", PPME_GENERIC_X}, + {"syscall_enter-uselib", PPME_GENERIC_E}, + {"syscall_exit-uselib", PPME_GENERIC_X}, + {"syscall_enter-utime", PPME_GENERIC_E}, + {"syscall_exit-utime", PPME_GENERIC_X}, + {"tracepoint-ingress", PPME_NETIF_RECEIVE_SKB_E}, + {"tracepoint-egress", PPME_NET_DEV_XMIT_E}, + {"kprobe-tcp_close", PPME_TCP_CLOSE_E}, + {"kprobe-tcp_rcv_established", PPME_TCP_RCV_ESTABLISHED_E}, + {"kprobe-tcp_drop", PPME_TCP_DROP_E}, + {"kprobe-tcp_retransmit_skb", PPME_TCP_RETRANCESMIT_SKB_E}, + {"kretprobe-tcp_connect", PPME_TCP_CONNECT_X}, + {"kprobe-tcp_set_state", PPME_TCP_SET_STATE_E}, + {"tracepoint-tcp_send_reset", PPME_TCP_SEND_RESET_E}, + {"tracepoint-tcp_receive_reset", PPME_TCP_RECEIVE_RESET_E}, +}; + +struct event_category { + string cateogry_name; + Category category_value; +}; + +const static event_category category_map[Category_MAX+1] = { + {"other", CAT_OTHER}, + {"file", CAT_FILE}, + {"net", CAT_NET}, + {"ipc", CAT_IPC}, + {"wait", CAT_WAIT}, + {"signal", CAT_SIGNAL}, + {"sleep", CAT_SLEEP}, + {"time", CAT_TIME}, + {"process", CAT_PROCESS}, + {"scheduler", CAT_SCHEDULER}, + {"memory", CAT_MEMORY}, + {"user", CAT_USER}, + {"system", CAT_SYSTEM}, +}; + +enum L4Proto { + UNKNOWN = 0, + TCP = 1, + UDP = 2, + ICMP = 3, + RAW = 4 +}; + +enum ValueType { + NONE = 0, + INT8 = 1, // 1 byte + INT16 = 2, // 2 bytes + INT32 = 3, // 4 bytes + INT64 = 4, // 8 bytes + UINT8 = 5, // 1 byte + UINT16 = 6, // 2 bytes + UINT32 = 7, // 4 bytes + UINT64 = 8, // 8 bytes + CHARBUF = 9, // bytes, NULL terminated + BYTEBUF = 10, // bytes + FLOAT = 11, // 4 bytes + DOUBLE = 12, // 8 bytes + BOOL = 13 // 4 bytes +}; + +#endif //SYSDIG_KINDLING_H diff --git a/probe/src/probe/BUILD.bazel b/probe/src/probe/BUILD.bazel deleted file mode 100644 index ef063f520..000000000 --- a/probe/src/probe/BUILD.bazel +++ /dev/null @@ -1,97 +0,0 @@ -load("@px//bazel:pl_build_system.bzl", "pl_cc_binary") -load("@px//bazel:proto_compile.bzl", "pl_cc_proto_library", "pl_go_proto_library", "pl_proto_library") - -package(default_visibility = ["//src:__subpackages__"]) - -pl_proto_library( - name = "hcmine_pl_proto", - srcs = ["hcmine.proto"], - visibility = ["//src:__subpackages__"], -) - -pl_cc_proto_library( - name = "hcmine_pl_cc_proto", - proto = ":hcmine_pl_proto", - visibility = ["//src:__subpackages__"], -) - -pl_cc_binary( - name = "kindling_probe", - srcs = glob( - ["*.cpp","*.cc","*.h"], - exclude = [ - "**/*_test.cc", - "*_main.cc", - ], - ), - copts = ["-Ibazel-out/k8-fastbuild/bin/third_party/agent-libs_build/include/userspace/libscap", "-Ibazel-out/k8-fastbuild/bin/third_party/agent-libs_build/include/userspace/libsinsp/third-party/jsoncpp", "-Ibazel-out/k8-fastbuild/bin/third_party/agent-libs_build/include/userspace/libsinsp", "-Wno-unused-parameter","-Wno-unused-variable","-Wno-mismatched-tags"], - deps = [ - "//src/probe/converter:cc_library", - "//src/probe/publisher:cc_library", - "//src/probe/utils:cc_library", - "@com_github_jupp0r_prometheus_cpp//pull", - "@px//src/common/metrics:cc_library", - "@px//src/common/signal:cc_library", - "@px//:px_headers", - "@px//src/stirling:cc_library", - "@px//src/stirling/utils:cc_library", - #"@px//src/stirling:cc_library", - "//third_party:agent-libs_build", - "//third_party:zmq_build", - ], -) - -load("@io_bazel_rules_docker//container:container.bzl", "container_image") -container_image( - name = "kindling_probe_image", - base = "@px//:pl_cc_bpf_image", - directory = "/pl", - files = [ - "@kindling_falcolib_probe_tar_gz//file:file", - "//docker:scripts", - ":kindling_probe", - ], - cmd = ["/pl/docker-entrypoint.sh"], - visibility = ["//visibility:public"], -) - -container_image( - name = "kindling_probe_image_localdriver", - base = "@px//:pl_cc_bpf_image", - directory = "/pl", - files = [ - "//docker:scripts", - "//docker:localdriver", - ":kindling_probe", - ], - cmd = ["/pl/docker-entrypoint.sh"], - visibility = ["//visibility:public"], -) - -load("@io_bazel_rules_docker//cc:image.bzl", "cc_image") -cc_image( - name = "kindling_probe_image_old", - base = "@px//:pl_cc_bpf_image", - binary = ":kindling_probe", -) - -load("@io_bazel_rules_docker//container:container.bzl", "container_push") -container_push( - name = "push_image", - format = "Docker", - image = ":kindling_probe_image", - # ATTENTION!! Modify this if you want to change docker registry. - registry = "docker.io", - repository = "kindlingproject/kindling-probe", - tag = "latest", -) - -container_push( - name = "push_image_localdriver", - format = "Docker", - image = ":kindling_probe_image_localdriver", - # ATTENTION!! Modify this if you want to change docker registry. - registry = "docker.io", - repository = "kindlingproject/kindling-probe", - tag = "latest", -) diff --git a/probe/src/probe/catch_sig.cpp b/probe/src/probe/catch_sig.cpp deleted file mode 100644 index 131af5c11..000000000 --- a/probe/src/probe/catch_sig.cpp +++ /dev/null @@ -1,78 +0,0 @@ -// -// Created by root on 2021/7/19. -// - -#include "src/probe/catch_sig.h" - -#include -#include -#include -#include -#include -#include -#include - - -static size_t get_executable_path( char* processdir,char* processname, size_t len) -{ - char* path_end; - if(readlink("/host/proc/self/exe", processdir,len) <=0) - return -1; - printf("process dir: %s\n",processdir); - fflush(stdout); - path_end = strrchr(processdir, '/'); - printf("process end: %s\n",path_end); - fflush(stdout); - if(path_end == NULL) - return -1; - ++path_end; - strcpy(processname, path_end); - printf("path end: %s, processname: %s\n", path_end, processname); - fflush(stdout); - *path_end = '\0'; - return (size_t)(path_end - processdir); -} - -static void print_core(int signum, siginfo_t *info, void *secret, struct sigaction *oldact) { - printf("crash signum:%d si_code:%d\n", signum, info->si_code); - fflush(stdout); - char cmd[50]; - sprintf(cmd, "gcore %u", getpid()); - system(cmd); - char path[PATH_MAX]; - char processname[1024]; - printf("get pid file.\n"); - fflush(stdout); - get_executable_path(path, processname, sizeof(path)); - // TODO!!!! - sprintf(cmd, "./pl/gdb_print.sh ./pl/%s ./core.%u", processname, getpid()); - system(cmd); - oldact->sa_sigaction(signum, info, secret); -} - -static struct sigaction oldabrtact; -static void abrtsigaction(int signum, siginfo_t *info, void *secret) { - print_core(signum, info, secret, &oldabrtact); -} - -static struct sigaction oldsegvact; -static void segvsigaction(int signum, siginfo_t *info, void *secret) { - print_core(signum, info, secret, &oldsegvact); -} - -static struct sigaction oldstopact; -static void stopsigaction(int signum, siginfo_t *info, void *secret) { - print_core(signum, info, secret, &oldstopact); -} - -void sigsetup(void) { - struct sigaction act; - memset(&act, 0, sizeof act); - act.sa_flags = SA_ONSTACK | SA_SIGINFO ; - act.sa_sigaction = segvsigaction; - sigaction(SIGSEGV, &act, &oldsegvact); - act.sa_sigaction = abrtsigaction; - sigaction(SIGABRT, &act, &oldabrtact); - act.sa_sigaction = stopsigaction; - sigaction(SIGSTOP, &act, &oldstopact); -} diff --git a/probe/src/probe/catch_sig.h b/probe/src/probe/catch_sig.h deleted file mode 100644 index dc97ee802..000000000 --- a/probe/src/probe/catch_sig.h +++ /dev/null @@ -1,8 +0,0 @@ -#ifndef KINDLING_PROBE_CATCH_SIG_H -#define KINDLING_PROBE_CATCH_SIG_H - - -void sigsetup(void); - - -#endif //KINDLING_PROBE_CATCH_SIG_H diff --git a/probe/src/probe/converter/BUILD.bazel b/probe/src/probe/converter/BUILD.bazel deleted file mode 100644 index 69fc2fce8..000000000 --- a/probe/src/probe/converter/BUILD.bazel +++ /dev/null @@ -1,38 +0,0 @@ -load("@px//bazel:proto_compile.bzl", "pl_cc_proto_library", "pl_go_proto_library", "pl_proto_library") -load("@px//bazel:pl_build_system.bzl", "pl_cc_library") - -package(default_visibility = ["//src:__subpackages__"]) - -pl_proto_library( - name = "kindling_pl_proto", - srcs = ["kindling_event.proto"], - visibility = ["//src:__subpackages__"], -) - -pl_cc_proto_library( - name = "kindling_event_pl_cc_proto", - proto = ":kindling_pl_proto", - visibility = ["//src:__subpackages__"], -) - -pl_cc_library( - name = "cc_library", - srcs = glob( - [ - "*.h", - "*.cc", - "*.cpp", - ], - exclude = [ - "**/*_test.cc", - "**/*_benchmark.cc", - ], - ), - copts = ["-Ibazel-out/k8-fastbuild/bin/third_party/agent-libs_build/include/userspace/libscap", "-Ibazel-out/k8-fastbuild/bin/third_party/agent-libs_build/include/userspace/libsinsp/third-party/jsoncpp", "-Ibazel-out/k8-fastbuild/bin/third_party/agent-libs_build/include/userspace/libsinsp", "-Wno-unused-parameter", "-Wno-unused-variable", "-Wno-sign-compare","-Wno-unused-private-field","-Wno-mismatched-tags"], - hdrs = glob(["*.h"]), - deps = [ - ":kindling_event_pl_cc_proto", - "//third_party:agent-libs_build", - "@px//:px_headers", - ], -) diff --git a/probe/src/probe/converter/converter.cpp b/probe/src/probe/converter/converter.cpp deleted file mode 100644 index b413c7b10..000000000 --- a/probe/src/probe/converter/converter.cpp +++ /dev/null @@ -1,37 +0,0 @@ -#include "converter.h" -#include - -converter::converter() { - m_kindlingEventList = new kindling::KindlingEventList(); -} - -converter::converter(uint64_t batch_size, uint64_t max_size) : batch_size(batch_size), max_size(max_size) { - m_kindlingEventList = new kindling::KindlingEventList(); -} - -converter::~converter() { - delete m_kindlingEventList; -} - -void converter::convert(void *evt) {} - -bool converter::judge_max_size() { - return m_kindlingEventList->kindling_event_list_size() >= max_size; -} - -kindling::KindlingEventList *converter::get_kindlingEventList() { - return m_kindlingEventList; -} - -kindling::KindlingEventList * converter::swap_list(kindling::KindlingEventList *list) { - std::swap(m_kindlingEventList, list); - return list; -} - -bool converter::judge_batch_size() { - return m_kindlingEventList->kindling_event_list_size() >= batch_size; -} - -uint64_t converter::current_list_size() { - return m_kindlingEventList->kindling_event_list_size(); -} diff --git a/probe/src/probe/converter/converter.h b/probe/src/probe/converter/converter.h deleted file mode 100644 index 75155fc07..000000000 --- a/probe/src/probe/converter/converter.h +++ /dev/null @@ -1,24 +0,0 @@ -#ifndef KINDLING_PROBE_CONVERTER_H -#define KINDLING_PROBE_CONVERTER_H -#include -#include "src/probe/converter/kindling_event.pb.h" -#include - -class converter { -public: - converter(); - converter(uint64_t batch_size, uint64_t max_size); - virtual ~converter(); - // source evt -> kindling evt - virtual void convert(void * evt); - bool judge_batch_size(); - bool judge_max_size(); - uint64_t current_list_size(); - kindling::KindlingEventList* swap_list(kindling::KindlingEventList *); - kindling::KindlingEventList* get_kindlingEventList(); -private: - kindling::KindlingEventList *m_kindlingEventList; - uint64_t batch_size; - uint64_t max_size; -}; -#endif //KINDLING_PROBE_CONVERTER_H diff --git a/probe/src/probe/converter/kindling_event.proto b/probe/src/probe/converter/kindling_event.proto deleted file mode 100644 index 351a6e420..000000000 --- a/probe/src/probe/converter/kindling_event.proto +++ /dev/null @@ -1,159 +0,0 @@ -syntax = "proto3"; - -package kindling; -option go_package = "events/kindling"; -message KindlingEventList { - repeated KindlingEvent kindling_event_list = 1; -} -message KindlingEvent { - Source source = 1; - // Timestamp in nanoseconds at which the event were collected. - uint64 timestamp = 2; - // Name of Kindling Event - string name = 3; - // Category of Kindling Event, enum - Category category = 4; - // Native attributes of hook point, including arguments or return value. - Property Native_attributes = 5; - // User-defined Attributions of Kindling Event, now including latency for syscall. - repeated KeyValue user_attributes = 6; - // Context includes Thread information and Fd information. - Context ctx = 7; -} - -enum Source { - SOURCE_UNKNOWN = 0; - SYSCALL_ENTER = 1; - SYSCALL_EXIT = 2; - TRACEPOINT = 3; - KRPOBE = 4; - KRETPROBE = 5; - UPROBE = 6; - URETPROBE = 7; -} -enum Category { - CAT_NONE = 0; - CAT_OTHER = 1; // No specific category - CAT_FILE = 2; // File operations or File I/O - CAT_NET = 3; // Network operations or network I/O - CAT_IPC = 4; // IPC operations or IPC I/O - CAT_WAIT = 5; // - CAT_SIGNAL = 6; // Signal-related operations (signal) - CAT_SLEEP = 7; // nanosleep - CAT_TIME = 8; // Time-related event (e.g. gettimeofday) - CAT_PROCESS = 9; // Process-related event (e.g. fork, clone, - CAT_SCHEDULER = 10; // Scheduler event (context switch) - CAT_MEMORY = 11; // Memory-related operations (e.g. brk, mmap, unmap) - CAT_USER = 12; // User-related operations (e.g. getuid, setgid) - CAT_SYSTEM = 13; // System-related operations (e.g. reboot) -} - -message Property { - // If type of syscall_enter, kprobe, uprobe, tracepoint - repeated KeyValue args = 1; - // If type of syscall_exit, kretprobe, uretprobe - repeated KeyValue ret = 2; -} - -message KeyValue { - // Arguments' Name or Attributions' Name. - string key = 1; - // Type of Value. - ValueType value_type = 2; - // Value of Key in bytes, should be converted according to ValueType. - bytes value = 3; -} -enum ValueType { - NONE = 0; - INT8 = 1; // 1 byte - INT16 = 2; // 2 bytes - INT32 = 3; // 4 bytes - INT64 = 4; // 8 bytes - UINT8 = 5; // 1 byte - UINT16 = 6; // 2 bytes - UINT32 = 7; // 4 bytes - UINT64 = 8; // 8 bytes - CHARBUF = 9; // bytes, NULL terminated - BYTEBUF = 10; // bytes - FLOAT = 11; // 4 bytes - DOUBLE = 12; // 8 bytes - BOOL = 13; // 4 bytes -} -message Context { - // Thread information corresponding to Kindling Event, optional. - Thread thread_info = 1; - // Fd information corresponding to Kindling Event, optional. - Fd fd_info = 2; -} - -message Thread { - // Process id of thread. - uint32 pid = 1; - // Thread/task id of thread. - uint32 tid = 2; - // User id of thread - uint32 uid = 3; - // Group id of thread - uint32 gid = 4; - // Command of thread. - string comm = 5; - // ContainerId of thread - string container_id = 6; - // ContainerName of thread - string container_name = 7; -} - -message Fd { - // FD number. - int32 num = 1; - // Type of FD in enum. - FDType type_fd = 2; - - // if FD is type of file - string filename = 3; - string directory = 4; - - // if FD is type of ipv4 or ipv6 - L4Proto protocol = 5; - // repeated for ipv6, client_ip[0] for ipv4 - bool role = 6; - repeated uint32 sip = 7; - repeated uint32 dip = 8; - uint32 sport = 9; - uint32 dport = 10; - - // if FD is type of unix_sock - // Source socket endpoint - uint64 source = 11; - // Destination socket endpoint - uint64 destination = 12; -} - -// File Descriptor type -enum FDType { - FD_UNKNOWN = 0; - FD_FILE = 1; - FD_DIRECTORY = 2; - FD_IPV4_SOCK = 3; - FD_IPV6_SOCK = 4; - FD_IPV4_SERVSOCK = 5; - FD_IPV6_SERVSOCK = 6; - FD_FIFO = 7; - FD_UNIX_SOCK = 8; - FD_EVENT = 9; - FD_UNSUPPORTED = 10; // TODO - FD_SIGNALFD = 11; - FD_EVENTPOLL = 12; - FD_INOTIFY = 13; - FD_TIMERFD = 14; - FD_NETLINK = 15; - FD_FILE_V2 = 16; -} - -enum L4Proto { - UNKNOWN = 0; - TCP = 1; - UDP = 2; - ICMP = 3; - RAW = 4; -} \ No newline at end of file diff --git a/probe/src/probe/converter/sysdig_converter.cpp b/probe/src/probe/converter/sysdig_converter.cpp deleted file mode 100644 index df67e4255..000000000 --- a/probe/src/probe/converter/sysdig_converter.cpp +++ /dev/null @@ -1,378 +0,0 @@ -#include "src/probe/converter/sysdig_converter.h" -#include -#include - -using namespace std; -using namespace kindling; - - -sysdig_converter::sysdig_converter(sinsp *inspector) : converter(100, INT_MAX), m_inspector(inspector) {} - -sysdig_converter::sysdig_converter(sinsp *inspector, int batch_size, int max_size) : converter(batch_size, max_size), m_inspector(inspector) {} - -sysdig_converter::~sysdig_converter() {} - -void sysdig_converter::convert(void *evt) { - auto kevt = get_kindlingEventList()->add_kindling_event_list(); - sinsp_evt *sevt = (sinsp_evt *) evt; - - init_kindling_event(kevt, sevt); - add_native_attributes(kevt, sevt); - add_user_attributes(kevt, sevt); - add_fdinfo(kevt, sevt); - add_threadinfo(kevt, sevt); -} - -// set source, name, timestamp, category according to list -int sysdig_converter::init_kindling_event(kindling::KindlingEvent *kevt, sinsp_evt *sevt) { - kevt->set_source(get_kindling_source(sevt->get_type())); - kevt->set_name(get_kindling_name(sevt)); - kevt->set_category(get_kindling_category(sevt)); - kevt->set_timestamp(sevt->get_ts()); - return 0; -} - -int sysdig_converter::add_native_attributes(kindling::KindlingEvent *kevt, sinsp_evt *sevt) { - // TODO - return 0; -} - - -int sysdig_converter::add_user_attributes(kindling::KindlingEvent *kevt, sinsp_evt *sevt) { - auto s_tinfo = sevt->get_thread_info(); - if (!s_tinfo) { - return -1; - } - - if (kevt->source() == SYSCALL_EXIT) { - // set latency - auto latency_attr = kevt->add_user_attributes(); - auto latency = s_tinfo->m_latency; - latency_attr->set_key("latency"); - latency_attr->set_value_type(UINT64); - latency_attr->set_value(&latency, 8); - } - // set params - switch (sevt->get_type()) { - case PPME_TCP_RCV_ESTABLISHED_E: - case PPME_TCP_CLOSE_E: { - auto pTuple = sevt->get_param_value_raw("tuple"); - setTuple(kevt, pTuple); - - auto pRtt = sevt->get_param_value_raw("srtt"); - if (pRtt != NULL) { - auto attr = kevt->add_user_attributes(); - attr->set_key("rtt"); - attr->set_value(pRtt->m_val, pRtt->m_len); - attr->set_value_type(UINT32); - } - break; - } - case PPME_TCP_CONNECT_X: { - auto pTuple = sevt->get_param_value_raw("tuple"); - setTuple(kevt, pTuple); - auto pRetVal = sevt->get_param_value_raw("retval"); - if (pRetVal != NULL) { - auto attr = kevt->add_user_attributes(); - attr->set_key("retval"); - attr->set_value(pRetVal->m_val, pRetVal->m_len); - attr->set_value_type(UINT64); - } - break; - } - case PPME_TCP_DROP_E: - case PPME_TCP_RETRANCESMIT_SKB_E: - case PPME_TCP_SET_STATE_E: { - auto pTuple = sevt->get_param_value_raw("tuple"); - setTuple(kevt, pTuple); - auto old_state = sevt->get_param_value_raw("old_state"); - if (old_state != NULL) { - auto attr = kevt->add_user_attributes(); - attr->set_key("old_state"); - attr->set_value(old_state->m_val, old_state->m_len); - attr->set_value_type(INT32); - } - auto new_state = sevt->get_param_value_raw("new_state"); - if (new_state != NULL) { - auto attr = kevt->add_user_attributes(); - attr->set_key("new_state"); - attr->set_value(new_state->m_val, new_state->m_len); - attr->set_value_type(INT32); - } - break; - } - case PPME_TCP_SEND_RESET_E: - case PPME_TCP_RECEIVE_RESET_E: { - auto pTuple = sevt->get_param_value_raw("tuple"); - setTuple(kevt, pTuple); - break; - } - default: - for (auto i = 0; i < sevt->get_num_params(); i++) { - auto attr = kevt->add_user_attributes(); - attr->set_key(sevt->get_param_name(i)); - attr->set_value(sevt->get_param(i)->m_val, sevt->get_param(i)->m_len); - attr->set_value_type(get_type(sevt->get_param_info(i)->type)); - } - } - return 0; -} - -int sysdig_converter::add_fdinfo(kindling::KindlingEvent *kevt, sinsp_evt *sevt) { - auto s_fdinfo = sevt->get_fd_info(); - if (!s_fdinfo) { - return -1; - } - auto k_fdinfo = kevt->mutable_ctx()->mutable_fd_info(); - k_fdinfo->set_num(sevt->get_fd_num()); - // set type one-one relation - k_fdinfo->set_type_fd(FDType(s_fdinfo->m_type)); - switch (s_fdinfo->m_type) { - case SCAP_FD_FILE: - case SCAP_FD_FILE_V2: { - string name = s_fdinfo->m_name; - size_t pos = name.rfind('/'); - if (pos != string::npos) { - if (pos < name.size() - 1) { - k_fdinfo->set_filename(name.substr(pos + 1, string::npos)); - if (pos != 0) { - name.resize(pos); - k_fdinfo->set_directory(name); - } else { - k_fdinfo->set_directory("/"); - } - } - } - break; - } - case SCAP_FD_IPV4_SOCK: - case SCAP_FD_IPV4_SERVSOCK: - k_fdinfo->set_protocol(get_protocol(s_fdinfo->get_l4proto())); - k_fdinfo->set_role(s_fdinfo->is_role_server()); - k_fdinfo->add_sip(s_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_sip); - k_fdinfo->add_dip(s_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_dip); - k_fdinfo->set_sport(s_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_sport); - k_fdinfo->set_dport(s_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_dport); - break; - case SCAP_FD_UNIX_SOCK: - k_fdinfo->set_source(s_fdinfo->m_sockinfo.m_unixinfo.m_fields.m_source); - k_fdinfo->set_destination(s_fdinfo->m_sockinfo.m_unixinfo.m_fields.m_dest); - break; - default: - break; - } - return 0; -} - -int sysdig_converter::add_threadinfo(kindling::KindlingEvent *kevt, sinsp_evt *sevt) { - auto s_tinfo = sevt->get_thread_info(); - if (!s_tinfo) { - return -1; - } - auto k_tinfo = kevt->mutable_ctx()->mutable_thread_info(); - k_tinfo->set_pid(s_tinfo->m_pid); - k_tinfo->set_tid(s_tinfo->m_tid); - k_tinfo->set_uid(s_tinfo->m_uid); - k_tinfo->set_gid(s_tinfo->m_gid); - k_tinfo->set_comm(s_tinfo->m_comm); - k_tinfo->set_container_id(s_tinfo->m_container_id); - return 0; -} - -Source sysdig_converter::get_kindling_source(uint16_t etype) { - if (PPME_IS_ENTER(etype)) { - switch (etype) { - case PPME_PROCEXIT_E: - case PPME_SCHEDSWITCH_6_E: - case PPME_SYSDIGEVENT_E: - case PPME_CONTAINER_E: - case PPME_PROCINFO_E: - case PPME_SCHEDSWITCH_1_E: - case PPME_DROP_E: - case PPME_PROCEXIT_1_E: - case PPME_CPU_HOTPLUG_E: - case PPME_K8S_E: - case PPME_TRACER_E: - case PPME_MESOS_E: - case PPME_CONTAINER_JSON_E: - case PPME_NOTIFICATION_E: - case PPME_INFRASTRUCTURE_EVENT_E: - case PPME_PAGE_FAULT_E: - return SOURCE_UNKNOWN; - case PPME_TCP_RCV_ESTABLISHED_E: - case PPME_TCP_CLOSE_E: - case PPME_TCP_DROP_E: - case PPME_TCP_RETRANCESMIT_SKB_E: - case PPME_TCP_SET_STATE_E: - return KRPOBE; - case PPME_TCP_SEND_RESET_E: - case PPME_TCP_RECEIVE_RESET_E: - return TRACEPOINT; - default: - return SYSCALL_ENTER; - } - } else { - switch (etype) { - case PPME_CONTAINER_X: - case PPME_PROCINFO_X: - case PPME_SCHEDSWITCH_1_X: - case PPME_DROP_X: - case PPME_CPU_HOTPLUG_X: - case PPME_K8S_X: - case PPME_TRACER_X: - case PPME_MESOS_X: - case PPME_CONTAINER_JSON_X: - case PPME_NOTIFICATION_X: - case PPME_INFRASTRUCTURE_EVENT_X: - case PPME_PAGE_FAULT_X: - return SOURCE_UNKNOWN; - case PPME_TCP_CONNECT_X: - return KRETPROBE; - default: - return SYSCALL_EXIT; - } - } -} - -Category sysdig_converter::get_kindling_category(sinsp_evt *sEvt) { - sinsp_evt::category cat; - sEvt->get_category(&cat); - switch (cat.m_category) { - case EC_OTHER: - return CAT_OTHER; - case EC_FILE: - return CAT_FILE; - case EC_NET: - return CAT_NET; - case EC_IPC: - return CAT_IPC; - case EC_MEMORY: - return CAT_MEMORY; - case EC_PROCESS: - return CAT_PROCESS; - case EC_SLEEP: - return CAT_SLEEP; - case EC_SYSTEM: - return CAT_SYSTEM; - case EC_SIGNAL: - return CAT_SIGNAL; - case EC_USER: - return CAT_USER; - case EC_TIME: - return CAT_TIME; - case EC_IO_READ: - case EC_IO_WRITE: - case EC_IO_OTHER: { - switch (cat.m_subcategory) { - case sinsp_evt::SC_FILE: - return CAT_FILE; - case sinsp_evt::SC_NET: - return CAT_NET; - case sinsp_evt::SC_IPC: - return CAT_IPC; - default: - return CAT_OTHER; - } - } - default: - return CAT_OTHER; - } -} - -L4Proto sysdig_converter::get_protocol(scap_l4_proto proto) { - switch (proto) { - case SCAP_L4_TCP: - return TCP; - case SCAP_L4_UDP: - return UDP; - case SCAP_L4_ICMP: - return ICMP; - case SCAP_L4_RAW: - return RAW; - default: - return UNKNOWN; - } -} - -ValueType sysdig_converter::get_type(ppm_param_type type) { - switch (type) { - case PT_INT8: - return INT8; - case PT_INT16: - return INT16; - case PT_INT32: - return INT32; - case PT_INT64: - case PT_FD: - case PT_PID: - case PT_ERRNO: - return INT64; - case PT_FLAGS8: - case PT_UINT8: - case PT_SIGTYPE: - return UINT8; - case PT_FLAGS16: - case PT_UINT16: - case PT_SYSCALLID: - return UINT16; - case PT_UINT32: - case PT_FLAGS32: - case PT_MODE: - case PT_UID: - case PT_GID: - case PT_BOOL: - case PT_SIGSET: - return UINT32; - case PT_UINT64: - case PT_RELTIME: - case PT_ABSTIME: - return UINT64; - case PT_CHARBUF: - case PT_FSPATH: - return CHARBUF; - case PT_BYTEBUF: - return BYTEBUF; - case PT_DOUBLE: - return DOUBLE; - case PT_SOCKADDR: - case PT_SOCKTUPLE: - case PT_FDLIST: - default: - return BYTEBUF; - } -} - -string sysdig_converter::get_kindling_name(sinsp_evt *pEvt) { - // TODO - return pEvt->get_name(); -} - -int sysdig_converter::setTuple(kindling::KindlingEvent* kevt, const sinsp_evt_param *pTuple) { - if (NULL != pTuple) { - auto tuple = pTuple->m_val; - if (tuple[0] == PPM_AF_INET) { - if (pTuple->m_len == 1 + 4 + 2 + 4 + 2) { - auto sip = kevt->add_user_attributes(); - sip->set_key("sip"); - sip->set_value(tuple+1, 4); - sip->set_value_type(UINT32); - - auto sport = kevt->add_user_attributes(); - sport->set_key("sport"); - sport->set_value(tuple+5, 2); - sport->set_value_type(UINT16); - - auto dip = kevt->add_user_attributes(); - dip->set_key("dip"); - dip->set_value(tuple+7, 4); - dip->set_value_type(UINT32); - - auto dport = kevt->add_user_attributes(); - dport->set_key("dport"); - dport->set_value(tuple+11, 2); - dport->set_value_type(UINT16); - } - } - } - return 0; -} diff --git a/probe/src/probe/converter/sysdig_converter.h b/probe/src/probe/converter/sysdig_converter.h deleted file mode 100644 index b4961556c..000000000 --- a/probe/src/probe/converter/sysdig_converter.h +++ /dev/null @@ -1,32 +0,0 @@ -#ifndef KINDLING_PROBE_SYSDIG_CONVERTER_H -#define KINDLING_PROBE_SYSDIG_CONVERTER_H -#include "sinsp.h" -#include "src/probe/converter/converter.h" -using namespace kindling; - -class sysdig_converter : public converter -{ -public: - void convert(void *evt); - sysdig_converter(sinsp *inspector); - sysdig_converter(sinsp *inspector, int batch_size, int max_size); - ~sysdig_converter(); - Category get_kindling_category(sinsp_evt *pEvt); - Source get_kindling_source(uint16_t etype); - L4Proto get_protocol(scap_l4_proto proto); - ValueType get_type(ppm_param_type type); - string get_kindling_name(sinsp_evt *pEvt); -private: - // set source, name, timestamp, category according to list - int init_kindling_event(kindling::KindlingEvent* kevt, sinsp_evt *sevt); - int add_native_attributes(kindling::KindlingEvent* kevt, sinsp_evt *sevt); - int add_user_attributes(kindling::KindlingEvent* kevt, sinsp_evt *sevt); - int add_fdinfo(kindling::KindlingEvent* kevt, sinsp_evt *sevt); - int add_threadinfo(kindling::KindlingEvent* kevt, sinsp_evt *sevt); - - sinsp *m_inspector; - - int setTuple(kindling::KindlingEvent* kevt, const sinsp_evt_param *pParam); -}; - -#endif //KINDLING_PROBE_SYSDIG_CONVERTER_H diff --git a/probe/src/probe/main.cpp b/probe/src/probe/main.cpp deleted file mode 100644 index 15d60c732..000000000 --- a/probe/src/probe/main.cpp +++ /dev/null @@ -1,179 +0,0 @@ -#include -#include -#include -#include "sinsp.h" -#include "src/probe/utils/termination_handler.h" -#include -#include -#include "src/probe/converter/sysdig_converter.h" -#include "src/probe/publisher/publisher.h" -#include "src/probe/converter/kindling_event.pb.h" -#include "driver/driver_config.h" -#include "src/common/base/base.h" -#include "src/probe/catch_sig.h" - - -DEFINE_int32(sysdig_snaplen, 80, "The len of one sysdig event"); -DEFINE_int32(list_batch_size, 100, "The batch size of convert/send list"); -DEFINE_int32(list_max_size, INT_MAX, "The max size of convert/send list"); -DEFINE_bool(sysdig_output, false, "If true, sysdig will print events log"); -DEFINE_int32(sysdig_filter_out_pid_event, -1, "When sysdig_output is true, sysdig will print the exact process's events"); -DEFINE_bool(sysdig_bpf, true, "If true, sysdig will use eBPF mode"); - -#define KINDLING_PROBE_VERSION "v0.1-2021-1221" -void do_inspect(sinsp *inspector, sinsp_evt_formatter *formatter, int pid, publisher* pub) { - int32_t res; - sinsp_evt *ev; - string line; - converter *sysdigConverter = new sysdig_converter(inspector, FLAGS_list_batch_size, FLAGS_list_max_size); - while (true) { - res = inspector->next(&ev); - if (res == SCAP_TIMEOUT) { - continue; - } else if (res != SCAP_SUCCESS) { - cerr << "res = " << res << endl; - break; - } - if (!inspector->is_debug_enabled() && - ev->get_category() & EC_INTERNAL) { - continue; - } - auto threadInfo = ev->get_thread_info(); - if (threadInfo == nullptr) { - continue; - } - // filter out kindling-probe itself and 0 - if (threadInfo->m_ptid == (__int64_t) pid || threadInfo->m_pid == (__int64_t) pid || threadInfo->m_pid == 0) { - continue; - } - - // filter out io-related events that do not contain message - auto category = ev->get_category(); - if (category & EC_IO_BASE) { - auto pres = ev->get_param_value_raw("res"); - if (pres && *(int64_t *) pres->m_val <= 0) { - continue; - } - } - - pub->consume_sysdig_event(ev, threadInfo->m_pid, sysdigConverter); - if (FLAGS_sysdig_output && (FLAGS_sysdig_filter_out_pid_event == -1 || FLAGS_sysdig_filter_out_pid_event == threadInfo->m_pid)) { - if (formatter->tostring(ev, &line)) { - cout<< line << endl; - } - } - } -} - -void get_capture_statistics(sinsp* inspector) { - LOG(INFO) << "thread for sysdig statistics start"; - scap_stats s; - while(1) { - inspector->get_capture_stats(&s); - LOG(INFO) << "seen by driver: " << s.n_evts; - if(s.n_drops != 0){ - LOG(INFO) << "Number of dropped events: " << s.n_drops; - } - if(s.n_drops_buffer != 0){ - LOG(INFO) << "Number of dropped events caused by full buffer: " << s.n_drops_buffer; - } - if(s.n_drops_pf != 0){ - LOG(INFO) << "Number of dropped events caused by invalid memory access: " << s.n_drops_pf; - } - if(s.n_drops_bug != 0){ - LOG(INFO) << "Number of dropped events caused by an invalid condition in the kernel instrumentation: " << s.n_drops_bug; - } - if(s.n_preemptions != 0){ - LOG(INFO) << "Number of preemptions: " << s.n_preemptions; - } - if(s.n_suppressed != 0){ - LOG(INFO) << "Number of events skipped due to the tid being in a set of suppressed tids: " << s.n_suppressed; - } - if(s.n_tids_suppressed != 0){ - LOG(INFO) << "Number of threads currently being suppressed: " << s.n_tids_suppressed; - } - sleep(10); - } -} - -int main(int argc, char** argv) { - px::EnvironmentGuard env_guard(&argc, argv); - - int pid = getpid(); - sinsp *inspector = nullptr; - bool bpf = false; - string bpf_probe; - string output_format; - output_format = "*%evt.num %evt.outputtime %evt.cpu %container.name (%container.id) %proc.name (%thread.tid:%thread.vtid) %evt.dir %evt.type %evt.info"; - - LOG(INFO) << "Start kindling probe..."; - LOG(INFO) << "KINDLING_PROBE_VERSION: " << KINDLING_PROBE_VERSION; - TerminationHandler::InstallSignalHandlers(); - try { - inspector = new sinsp(); - inspector->set_hostname_and_port_resolution_mode(false); - sinsp_evt_formatter formatter(inspector, output_format); - inspector->set_snaplen(FLAGS_sysdig_snaplen); - - inspector->suppress_events_comm("containerd"); - inspector->suppress_events_comm("dockerd"); - inspector->suppress_events_comm("containerd-shim"); - inspector->suppress_events_comm("kindling-collector"); - inspector->suppress_events_comm("sshd"); - - const char *probe = scap_get_bpf_probe_from_env(); - if (probe) { - bpf = true; - bpf_probe = probe; - } - - bool open_success = true; - - try { - inspector->open(""); - inspector->clear_eventmask(); - } - catch (const sinsp_exception &e) { - open_success = false; - } - - // - // Starting the live capture failed, try to load the driver with - // modprobe. - // - if (!open_success) { - if (bpf) { - if (bpf_probe.empty()) { - fprintf(stderr, "Unable to locate the BPF probe\n"); - } - } else { - if (system("modprobe " PROBE_NAME " > /dev/null 2> /dev/null")) { - fprintf(stderr, "Unable to load the driver\n"); - } - } - - inspector->open(""); - } - thread catch_signal(sigsetup); - thread stat(get_capture_statistics, inspector); - publisher *pub = new publisher(inspector); - - TerminationHandler::set_sinsp(inspector); - thread inspect(do_inspect, inspector, &formatter, pid, pub); - pub->start(); - - inspector->close(); - } - catch (const exception &e) { - fprintf(stderr, "kindling probe init err: %s", e.what()); - return 1; - } - delete inspector; - return 0; -} - - - - - - diff --git a/probe/src/probe/publisher/BUILD.bazel b/probe/src/probe/publisher/BUILD.bazel deleted file mode 100644 index 51f543527..000000000 --- a/probe/src/probe/publisher/BUILD.bazel +++ /dev/null @@ -1,43 +0,0 @@ -load("@px//bazel:proto_compile.bzl", "pl_cc_proto_library", "pl_go_proto_library", "pl_proto_library") -load("@px//bazel:pl_build_system.bzl", "pl_cc_library") - -package(default_visibility = ["//src:__subpackages__"]) - -pl_proto_library( - name = "subscribe_pl_proto", - srcs = ["subscribe.proto"], - visibility = ["//src:__subpackages__"], -) - -pl_cc_proto_library( - name = "subscribe_pl_cc_proto", - proto = ":subscribe_pl_proto", - visibility = ["//src:__subpackages__"], -) - - -pl_cc_library( - name = "cc_library", - srcs = glob( - [ - "*.h", - "*.cc", - "*.cpp", - ], - exclude = [ - "**/*_test.cc", - "**/*_benchmark.cc", - ], - ), - hdrs = glob(["*.h"]), - copts = ["-Ibazel-out/k8-fastbuild/bin/third_party/agent-libs_build/include/userspace/libscap", "-Ibazel-out/k8-fastbuild/bin/third_party/agent-libs_build/include/userspace/libsinsp/third-party/jsoncpp", "-Ibazel-out/k8-fastbuild/bin/third_party/agent-libs_build/include/userspace/libsinsp", "-Wno-unused-parameter","-Wno-ignored-qualifiers","-Wno-mismatched-tags","-Wno-unused-variable"], - deps = [ - ":subscribe_pl_cc_proto", - "//src/probe/converter:cc_library", - "//src/probe/utils:cc_library", - "@px//:px_headers", - "@px//src/stirling:cc_library", - "//third_party:agent-libs_build", - "//third_party:zmq_build", - ], -) diff --git a/probe/src/probe/publisher/defination.h b/probe/src/probe/publisher/defination.h deleted file mode 100644 index ddfd8664c..000000000 --- a/probe/src/probe/publisher/defination.h +++ /dev/null @@ -1,316 +0,0 @@ -// -// Created by 散养鸡 on 2021/12/30. -// - -#ifndef KINDLING_PROBE_DEFINATION_H -#define KINDLING_PROBE_DEFINATION_H - -#include - -struct event { - string event_name; - ppm_event_type event_type; -}; -const static event kindling_to_sysdig[PPM_EVENT_MAX] = { - {"syscall_enter-open", PPME_SYSCALL_OPEN_E}, - {"syscall_exit-open", PPME_SYSCALL_OPEN_X}, - {"syscall_enter-close", PPME_SYSCALL_CLOSE_E}, - {"syscall_exit-close", PPME_SYSCALL_CLOSE_X}, - {"syscall_enter-read", PPME_SYSCALL_READ_E}, - {"syscall_exit-read", PPME_SYSCALL_READ_X}, - {"syscall_enter-write", PPME_SYSCALL_WRITE_E}, - {"syscall_exit-write", PPME_SYSCALL_WRITE_X}, - {"syscall_enter-brk", PPME_SYSCALL_BRK_4_E}, - {"syscall_exit-brk", PPME_SYSCALL_BRK_4_X}, - {"syscall_enter-execve", PPME_SYSCALL_EXECVE_19_E}, - {"syscall_exit-execve", PPME_SYSCALL_EXECVE_19_X}, - {"syscall_enter-clone", PPME_SYSCALL_CLONE_20_E}, - {"syscall_exit-clone", PPME_SYSCALL_CLONE_20_X}, - {"syscall_enter-socket", PPME_SOCKET_SOCKET_E}, - {"syscall_exit-socket", PPME_SOCKET_SOCKET_X}, - {"syscall_enter-bind", PPME_SOCKET_BIND_E}, - {"syscall_exit-bind", PPME_SOCKET_BIND_X}, - {"syscall_enter-connect", PPME_SOCKET_CONNECT_E}, - {"syscall_exit-connect", PPME_SOCKET_CONNECT_X}, - {"syscall_enter-listen", PPME_SOCKET_LISTEN_E}, - {"syscall_exit-listen", PPME_SOCKET_LISTEN_X}, - {"syscall_enter-accept", PPME_SOCKET_ACCEPT_5_E}, - {"syscall_exit-accept", PPME_SOCKET_ACCEPT_5_X}, - {"syscall_enter-accept4", PPME_SOCKET_ACCEPT4_5_E}, - {"syscall_exit-accept4", PPME_SOCKET_ACCEPT4_5_X}, - {"syscall_enter-sendto", PPME_SOCKET_SENDTO_E}, - {"syscall_exit-sendto", PPME_SOCKET_SENDTO_X}, - {"syscall_enter-recvfrom", PPME_SOCKET_RECVFROM_E}, - {"syscall_exit-recvfrom", PPME_SOCKET_RECVFROM_X}, - {"syscall_enter-shutdown", PPME_SOCKET_SHUTDOWN_E}, - {"syscall_exit-shutdown", PPME_SOCKET_SHUTDOWN_X}, - {"syscall_enter-getsockname", PPME_SOCKET_GETSOCKNAME_E}, - {"syscall_exit-getsockname", PPME_SOCKET_GETSOCKNAME_X}, - {"syscall_enter-getpeername", PPME_SOCKET_GETPEERNAME_E}, - {"syscall_exit-getpeername", PPME_SOCKET_GETPEERNAME_X}, - {"syscall_enter-socketpair", PPME_SOCKET_SOCKETPAIR_E}, - {"syscall_exit-socketpair", PPME_SOCKET_SOCKETPAIR_X}, - {"syscall_enter-setsockopt", PPME_SOCKET_SETSOCKOPT_E}, - {"syscall_exit-setsockopt", PPME_SOCKET_SETSOCKOPT_X}, - {"syscall_enter-getsockopt", PPME_SOCKET_GETSOCKOPT_E}, - {"syscall_exit-getsockopt", PPME_SOCKET_GETSOCKOPT_X}, - {"syscall_enter-sendmsg", PPME_SOCKET_SENDMSG_E}, - {"syscall_exit-sendmsg", PPME_SOCKET_SENDMSG_X}, - {"syscall_enter-sendmmsg", PPME_SOCKET_SENDMMSG_E}, - {"syscall_exit-sendmmsg", PPME_SOCKET_SENDMMSG_X}, - {"syscall_enter-recvmsg", PPME_SOCKET_RECVMSG_E}, - {"syscall_exit-recvmsg", PPME_SOCKET_RECVMSG_X}, - {"syscall_enter-recvmmsg", PPME_SOCKET_RECVMMSG_E}, - {"syscall_exit-recvmmsg", PPME_SOCKET_RECVMMSG_X}, - {"syscall_enter-sendfile", PPME_SYSCALL_SENDFILE_E}, - {"syscall_exit-sendfile", PPME_SYSCALL_SENDFILE_X}, - {"syscall_enter-creat", PPME_SYSCALL_CREAT_E}, - {"syscall_exit-creat", PPME_SYSCALL_CREAT_X}, - {"syscall_enter-pipe", PPME_SYSCALL_PIPE_E}, - {"syscall_exit-pipe", PPME_SYSCALL_PIPE_X}, - {"syscall_enter-pipe2", PPME_SYSCALL_PIPE_E}, - {"syscall_exit-pipe2", PPME_SYSCALL_PIPE_X}, - {"syscall_enter-eventfd", PPME_SYSCALL_EVENTFD_E}, - {"syscall_exit-eventfd", PPME_SYSCALL_EVENTFD_X}, - {"syscall_enter-eventfd2", PPME_SYSCALL_EVENTFD_E}, - {"syscall_exit-eventfd2", PPME_SYSCALL_EVENTFD_X}, - {"syscall_enter-futex", PPME_SYSCALL_FUTEX_E}, - {"syscall_exit-futex", PPME_SYSCALL_FUTEX_X}, - {"syscall_enter-stat", PPME_SYSCALL_STAT_E}, - {"syscall_exit-stat", PPME_SYSCALL_STAT_X}, - {"syscall_enter-lstat", PPME_SYSCALL_LSTAT_E}, - {"syscall_exit-lstat", PPME_SYSCALL_LSTAT_X}, - {"syscall_enter-fstat", PPME_SYSCALL_FSTAT_E}, - {"syscall_exit-fstat", PPME_SYSCALL_FSTAT_X}, - {"syscall_enter-stat64", PPME_SYSCALL_STAT64_E}, - {"syscall_exit-stat64", PPME_SYSCALL_STAT64_X}, - {"syscall_enter-lstat64", PPME_SYSCALL_LSTAT64_E}, - {"syscall_exit-lstat64", PPME_SYSCALL_LSTAT64_X}, - {"syscall_enter-fstat64", PPME_SYSCALL_FSTAT64_E}, - {"syscall_exit-fstat64", PPME_SYSCALL_FSTAT64_X}, - {"syscall_enter-epoll_wait", PPME_SYSCALL_EPOLLWAIT_E}, - {"syscall_exit-epoll_wait", PPME_SYSCALL_EPOLLWAIT_X}, - {"syscall_enter-poll", PPME_SYSCALL_POLL_E}, - {"syscall_exit-poll", PPME_SYSCALL_POLL_X}, - {"syscall_enter-ppoll", PPME_SYSCALL_PPOLL_E}, - {"syscall_exit-ppoll", PPME_SYSCALL_PPOLL_X}, - {"syscall_enter-select", PPME_SYSCALL_SELECT_E}, - {"syscall_exit-select", PPME_SYSCALL_SELECT_X}, - {"syscall_enter-lseek", PPME_SYSCALL_LSEEK_E}, - {"syscall_exit-lseek", PPME_SYSCALL_LSEEK_X}, - {"syscall_enter-llseek", PPME_SYSCALL_LLSEEK_E}, - {"syscall_exit-llseek", PPME_SYSCALL_LLSEEK_X}, - {"syscall_enter-getcwd", PPME_SYSCALL_GETCWD_E}, - {"syscall_exit-getcwd", PPME_SYSCALL_GETCWD_X}, - {"syscall_enter-chdir", PPME_SYSCALL_CHDIR_E}, - {"syscall_exit-chdir", PPME_SYSCALL_CHDIR_X}, - {"syscall_enter-fchdir", PPME_SYSCALL_FCHDIR_E}, - {"syscall_exit-fchdir", PPME_SYSCALL_FCHDIR_X}, - {"syscall_enter-mkdir", PPME_SYSCALL_MKDIR_2_E}, - {"syscall_exit-mkdir", PPME_SYSCALL_MKDIR_2_X}, - {"syscall_enter-mkdirat", PPME_SYSCALL_MKDIRAT_E}, - {"syscall_exit-mkdirat", PPME_SYSCALL_MKDIRAT_X}, - {"syscall_enter-rmdir", PPME_SYSCALL_RMDIR_2_E}, - {"syscall_exit-rmdir", PPME_SYSCALL_RMDIR_2_X}, - {"syscall_enter-unlink", PPME_SYSCALL_UNLINK_2_E}, - {"syscall_exit-unlink", PPME_SYSCALL_UNLINK_2_X}, - {"syscall_enter-unlinkat", PPME_SYSCALL_UNLINKAT_2_E}, - {"syscall_exit-unlinkat", PPME_SYSCALL_UNLINKAT_2_X}, - {"syscall_enter-openat", PPME_SYSCALL_OPENAT_2_E}, - {"syscall_exit-openat", PPME_SYSCALL_OPENAT_2_X}, - {"syscall_enter-link", PPME_SYSCALL_LINK_2_E}, - {"syscall_exit-link", PPME_SYSCALL_LINK_2_X}, - {"syscall_enter-linkat", PPME_SYSCALL_LINKAT_2_E}, - {"syscall_exit-linkat", PPME_SYSCALL_LINKAT_2_X}, - {"syscall_enter-pread", PPME_SYSCALL_PREAD_E}, - {"syscall_exit-pread", PPME_SYSCALL_PREAD_X}, - {"syscall_enter-pwrite", PPME_SYSCALL_PWRITE_E}, - {"syscall_exit-pwrite", PPME_SYSCALL_PWRITE_X}, - {"syscall_enter-readv", PPME_SYSCALL_READV_E}, - {"syscall_exit-readv", PPME_SYSCALL_READV_X}, - {"syscall_enter-writev", PPME_SYSCALL_WRITEV_E}, - {"syscall_exit-writev", PPME_SYSCALL_WRITEV_X}, - {"syscall_enter-preadv", PPME_SYSCALL_PREADV_E}, - {"syscall_exit-preadv", PPME_SYSCALL_PREADV_X}, - {"syscall_enter-pwritev", PPME_SYSCALL_PWRITEV_E}, - {"syscall_exit-pwritev", PPME_SYSCALL_PWRITEV_X}, - {"syscall_enter-dup", PPME_SYSCALL_DUP_E}, - {"syscall_exit-dup", PPME_SYSCALL_DUP_X}, - {"syscall_enter-dup2", PPME_SYSCALL_DUP_E}, - {"syscall_exit-dup2", PPME_SYSCALL_DUP_X}, - {"syscall_enter-dup3", PPME_SYSCALL_DUP_E}, - {"syscall_exit-dup3", PPME_SYSCALL_DUP_X}, - {"syscall_enter-signalfd", PPME_SYSCALL_SIGNALFD_E}, - {"syscall_exit-signalfd", PPME_SYSCALL_SIGNALFD_X}, - {"syscall_enter-signalfd4", PPME_SYSCALL_SIGNALFD_E}, - {"syscall_exit-signalfd4", PPME_SYSCALL_SIGNALFD_X}, - {"syscall_enter-kill", PPME_SYSCALL_KILL_E}, - {"syscall_exit-kill", PPME_SYSCALL_KILL_X}, - {"syscall_enter-tkill", PPME_SYSCALL_TKILL_E}, - {"syscall_exit-tkill", PPME_SYSCALL_TKILL_X}, - {"syscall_enter-tgkill", PPME_SYSCALL_TGKILL_E}, - {"syscall_exit-tgkill", PPME_SYSCALL_TGKILL_X}, - {"syscall_enter-nanosleep", PPME_SYSCALL_NANOSLEEP_E}, - {"syscall_exit-nanosleep", PPME_SYSCALL_NANOSLEEP_X}, - {"syscall_enter-timerfd_create", PPME_SYSCALL_TIMERFD_CREATE_E}, - {"syscall_exit-timerfd_create", PPME_SYSCALL_TIMERFD_CREATE_X}, - {"syscall_enter-inotify_init", PPME_SYSCALL_INOTIFY_INIT_E}, - {"syscall_exit-inotify_init", PPME_SYSCALL_INOTIFY_INIT_X}, - {"syscall_enter-inotify_init1", PPME_SYSCALL_INOTIFY_INIT_E}, - {"syscall_exit-inotify_init1", PPME_SYSCALL_INOTIFY_INIT_X}, - {"syscall_enter-getrlimit", PPME_SYSCALL_GETRLIMIT_E}, - {"syscall_exit-getrlimit", PPME_SYSCALL_GETRLIMIT_X}, - {"syscall_enter-setrlimit", PPME_SYSCALL_SETRLIMIT_E}, - {"syscall_exit-setrlimit", PPME_SYSCALL_SETRLIMIT_X}, - {"syscall_enter-prlimit", PPME_SYSCALL_PRLIMIT_E}, - {"syscall_exit-prlimit", PPME_SYSCALL_PRLIMIT_X}, - {"syscall_enter-fcntl", PPME_SYSCALL_FCNTL_E}, - {"syscall_exit-fcntl", PPME_SYSCALL_FCNTL_X}, - {"syscall_enter-ioctl", PPME_SYSCALL_IOCTL_3_E}, - {"syscall_exit-ioctl", PPME_SYSCALL_IOCTL_3_X}, - {"syscall_enter-mmap", PPME_SYSCALL_MMAP_E}, - {"syscall_exit-mmap", PPME_SYSCALL_MMAP_X}, - {"syscall_enter-mmap2", PPME_SYSCALL_MMAP2_E}, - {"syscall_exit-mmap2", PPME_SYSCALL_MMAP2_X}, - {"syscall_enter-munmap", PPME_SYSCALL_MUNMAP_E}, - {"syscall_exit-munmap", PPME_SYSCALL_MUNMAP_X}, - {"syscall_enter-splice", PPME_SYSCALL_SPLICE_E}, - {"syscall_exit-splice", PPME_SYSCALL_SPLICE_X}, - {"syscall_enter-ptrace", PPME_SYSCALL_PTRACE_E}, - {"syscall_exit-ptrace", PPME_SYSCALL_PTRACE_X}, - {"syscall_enter-rename", PPME_SYSCALL_RENAME_E}, - {"syscall_exit-rename", PPME_SYSCALL_RENAME_X}, - {"syscall_enter-renameat", PPME_SYSCALL_RENAMEAT_E}, - {"syscall_exit-renameat", PPME_SYSCALL_RENAMEAT_X}, - {"syscall_enter-symlink", PPME_SYSCALL_SYMLINK_E}, - {"syscall_exit-symlink", PPME_SYSCALL_SYMLINK_X}, - {"syscall_enter-symlinkat", PPME_SYSCALL_SYMLINKAT_E}, - {"syscall_exit-symlinkat", PPME_SYSCALL_SYMLINKAT_X}, - {"syscall_enter-fork", PPME_SYSCALL_FORK_20_E}, - {"syscall_exit-fork", PPME_SYSCALL_FORK_20_X}, - {"syscall_enter-vfork", PPME_SYSCALL_VFORK_20_E}, - {"syscall_exit-vfork", PPME_SYSCALL_VFORK_20_X}, - {"syscall_enter-quotactl", PPME_SYSCALL_QUOTACTL_E}, - {"syscall_exit-quotactl", PPME_SYSCALL_QUOTACTL_X}, - {"syscall_enter-setresuid", PPME_SYSCALL_SETRESUID_E}, - {"syscall_exit-setresuid", PPME_SYSCALL_SETRESUID_X}, - {"syscall_enter-setresgid", PPME_SYSCALL_SETRESGID_E}, - {"syscall_exit-setresgid", PPME_SYSCALL_SETRESGID_X}, - {"syscall_enter-setuid", PPME_SYSCALL_SETUID_E}, - {"syscall_exit-setuid", PPME_SYSCALL_SETUID_X}, - {"syscall_enter-setgid", PPME_SYSCALL_SETGID_E}, - {"syscall_exit-setgid", PPME_SYSCALL_SETGID_X}, - {"syscall_enter-getuid", PPME_SYSCALL_GETUID_E}, - {"syscall_exit-getuid", PPME_SYSCALL_GETUID_X}, - {"syscall_enter-geteuid", PPME_SYSCALL_GETEUID_E}, - {"syscall_exit-geteuid", PPME_SYSCALL_GETEUID_X}, - {"syscall_enter-getgid", PPME_SYSCALL_GETGID_E}, - {"syscall_exit-getgid", PPME_SYSCALL_GETGID_X}, - {"syscall_enter-getegid", PPME_SYSCALL_GETEGID_E}, - {"syscall_exit-getegid", PPME_SYSCALL_GETEGID_X}, - {"syscall_enter-getresuid", PPME_SYSCALL_GETRESUID_E}, - {"syscall_exit-getresuid", PPME_SYSCALL_GETRESUID_X}, - {"syscall_enter-getresgid", PPME_SYSCALL_GETRESGID_E}, - {"syscall_exit-getresgid", PPME_SYSCALL_GETRESGID_X}, - {"syscall_enter-getdents", PPME_SYSCALL_GETDENTS_E}, - {"syscall_exit-getdents", PPME_SYSCALL_GETDENTS_X}, - {"syscall_enter-getdents64", PPME_SYSCALL_GETDENTS64_E}, - {"syscall_exit-getdents64", PPME_SYSCALL_GETDENTS64_X}, - {"syscall_enter-setns", PPME_SYSCALL_SETNS_E}, - {"syscall_exit-setns", PPME_SYSCALL_SETNS_X}, - {"syscall_enter-flock", PPME_SYSCALL_FLOCK_E}, - {"syscall_exit-flock", PPME_SYSCALL_FLOCK_X}, - {"syscall_enter-semop", PPME_SYSCALL_SEMOP_E}, - {"syscall_exit-semop", PPME_SYSCALL_SEMOP_X}, - {"syscall_enter-semctl", PPME_SYSCALL_SEMCTL_E}, - {"syscall_exit-semctl", PPME_SYSCALL_SEMCTL_X}, - {"syscall_enter-mount", PPME_SYSCALL_MOUNT_E}, - {"syscall_exit-mount", PPME_SYSCALL_MOUNT_X}, - {"syscall_enter-umount", PPME_SYSCALL_UMOUNT_E}, - {"syscall_exit-umount", PPME_SYSCALL_UMOUNT_X}, - {"syscall_enter-semget", PPME_SYSCALL_SEMGET_E}, - {"syscall_exit-semget", PPME_SYSCALL_SEMGET_X}, - {"syscall_enter-access", PPME_SYSCALL_ACCESS_E}, - {"syscall_exit-access", PPME_SYSCALL_ACCESS_X}, - {"syscall_enter-chroot", PPME_SYSCALL_CHROOT_E}, - {"syscall_exit-chroot", PPME_SYSCALL_CHROOT_X}, - {"syscall_enter-setsid", PPME_SYSCALL_SETSID_E}, - {"syscall_exit-setsid", PPME_SYSCALL_SETSID_X}, - {"syscall_enter-setpgid", PPME_SYSCALL_SETPGID_E}, - {"syscall_exit-setpgid", PPME_SYSCALL_SETPGID_X}, - {"syscall_enter-unshare", PPME_SYSCALL_UNSHARE_E}, - {"syscall_exit-unshare", PPME_SYSCALL_UNSHARE_X}, - {"syscall_enter-bpf", PPME_SYSCALL_BPF_E}, - {"syscall_exit-bpf", PPME_SYSCALL_BPF_X}, - {"syscall_enter-seccomp", PPME_SYSCALL_SECCOMP_E}, - {"syscall_exit-seccomp", PPME_SYSCALL_SECCOMP_X}, - {"syscall_enter-fchmodat", PPME_SYSCALL_FCHMODAT_E}, - {"syscall_exit-fchmodat", PPME_SYSCALL_FCHMODAT_X}, - {"syscall_enter-chmod", PPME_SYSCALL_CHMOD_E}, - {"syscall_exit-chmod", PPME_SYSCALL_CHMOD_X}, - {"syscall_enter-fchmod", PPME_SYSCALL_FCHMOD_E}, - {"syscall_exit-fchmod", PPME_SYSCALL_FCHMOD_X}, - {"tracepoint-sched_switch", PPME_SCHEDSWITCH_6_E}, - {"tracepoint-signaldeliver", PPME_SIGNALDELIVER_E}, - {"tracepoint-signaldeliver", PPME_SIGNALDELIVER_X}, - {"syscall_enter-alarm", PPME_GENERIC_E}, - {"syscall_exit-alarm", PPME_GENERIC_X}, - {"syscall_enter-epoll_create", PPME_GENERIC_E}, - {"syscall_exit-epoll_create", PPME_GENERIC_X}, - {"syscall_enter-epoll_ctl", PPME_GENERIC_E}, - {"syscall_exit-epoll_ctl", PPME_GENERIC_X}, - {"syscall_enter-lchown", PPME_GENERIC_E}, - {"syscall_exit-lchown", PPME_GENERIC_X}, - {"syscall_enter-old_select", PPME_GENERIC_E}, - {"syscall_exit-old_select", PPME_GENERIC_X}, - {"syscall_enter-pause", PPME_GENERIC_E}, - {"syscall_exit-pause", PPME_GENERIC_X}, - {"syscall_enter-process_vm_readv", PPME_GENERIC_E}, - {"syscall_exit-process_vm_readv", PPME_GENERIC_X}, - {"syscall_enter-process_vm_writev", PPME_GENERIC_E}, - {"syscall_exit-process_vm_writev", PPME_GENERIC_X}, - {"syscall_enter-pselect6", PPME_GENERIC_E}, - {"syscall_exit-pselect6", PPME_GENERIC_X}, - {"syscall_enter-sched_getparam", PPME_GENERIC_E}, - {"syscall_exit-sched_getparam", PPME_GENERIC_X}, - {"syscall_enter-sched_setparam", PPME_GENERIC_E}, - {"syscall_exit-sched_setparam", PPME_GENERIC_X}, - {"syscall_enter-syslog", PPME_GENERIC_E}, - {"syscall_exit-syslog", PPME_GENERIC_X}, - {"syscall_enter-uselib", PPME_GENERIC_E}, - {"syscall_exit-uselib", PPME_GENERIC_X}, - {"syscall_enter-utime", PPME_GENERIC_E}, - {"syscall_exit-utime", PPME_GENERIC_X}, - {"tracepoint-ingress", PPME_NETIF_RECEIVE_SKB_E}, - {"tracepoint-egress", PPME_NET_DEV_XMIT_E}, - {"kprobe-tcp_close", PPME_TCP_CLOSE_E}, - {"kprobe-tcp_rcv_established", PPME_TCP_RCV_ESTABLISHED_E}, - {"kprobe-tcp_drop", PPME_TCP_DROP_E}, - {"kprobe-tcp_retransmit_skb", PPME_TCP_RETRANCESMIT_SKB_E}, - {"kretprobe-tcp_connect", PPME_TCP_CONNECT_X}, - {"kprobe-tcp_set_state", PPME_TCP_SET_STATE_E}, - {"tracepoint-tcp_send_reset", PPME_TCP_SEND_RESET_E}, - {"tracepoint-tcp_receive_reset", PPME_TCP_RECEIVE_RESET_E}, -}; - -struct event_category { - string cateogry_name; - Category category_value; -}; -const static event_category category_map[Category_MAX+1] = { - {"other", CAT_OTHER}, - {"file", CAT_FILE}, - {"net", CAT_NET}, - {"ipc", CAT_IPC}, - {"wait", CAT_WAIT}, - {"signal", CAT_SIGNAL}, - {"sleep", CAT_SLEEP}, - {"time", CAT_TIME}, - {"process", CAT_PROCESS}, - {"scheduler", CAT_SCHEDULER}, - {"memory", CAT_MEMORY}, - {"user", CAT_USER}, - {"system", CAT_SYSTEM}, -}; - -#endif //KINDLING_PROBE_DEFINATION_H \ No newline at end of file diff --git a/probe/src/probe/publisher/publisher.cpp b/probe/src/probe/publisher/publisher.cpp deleted file mode 100644 index dbb264553..000000000 --- a/probe/src/probe/publisher/publisher.cpp +++ /dev/null @@ -1,237 +0,0 @@ -#include "src/probe/publisher/publisher.h" -#include -#include -#include -#include -#include -#include -#include "tuples.h" -#include -#include "src/probe/publisher/defination.h" -#include "src/probe/converter/sysdig_converter.h" - -using namespace std; -using namespace kindling; - -publisher::publisher(sinsp *inspector) { - m_socket = NULL; - m_selector = new selector(inspector); - m_inspector = inspector; - m_bind_address = new shared_unordered_map; - m_client_event_map = new shared_unordered_map>; -} - -publisher::~publisher() { - delete m_selector; - delete m_bind_address; - delete m_client_event_map; -} - -void publisher::consume_sysdig_event(sinsp_evt *evt, int pid, converter *sysdigConverter) { - if (!m_socket) { - return; - } - - // filter out pid in filter_pid - for (int i : filter_pid) { - if (i == pid) { - return; - } - } - // convert sysdig event to kindling event - if (m_selector->select(evt->get_type(), ((sysdig_converter *) sysdigConverter)->get_kindling_category(evt))) { - auto it = m_kindlingEventLists.find(sysdigConverter); - KindlingEventList* kindlingEventList; - if (it == m_kindlingEventLists.end()) { - kindlingEventList = new KindlingEventList(); - m_kindlingEventLists[sysdigConverter] = kindlingEventList; - m_ready[kindlingEventList] = false; - } else { - kindlingEventList = it->second; - } - - if (sysdigConverter->judge_max_size()) { - // check if the send list has sent - if (m_ready[kindlingEventList]) { - // drop event - return; - } - swap_list(sysdigConverter, kindlingEventList); - } - - sysdigConverter->convert(evt); - // if send list was sent - if (sysdigConverter->judge_batch_size() && !m_ready[kindlingEventList]) { - swap_list(sysdigConverter, kindlingEventList); - } - } -} - -Socket publisher::init_zeromq_rep_server() { - void *context = zmq_ctx_new(); - void *socket = zmq_socket(context, ZMQ_REP); - zmq_bind(socket, "ipc:///home/kindling/0"); - return socket; -} - -Socket publisher::init_zeromq_push_server() { - void *context = zmq_ctx_new(); - void *socket = zmq_socket(context, ZMQ_PUSH); - return socket; -} - -int publisher::start() { - Socket socket = init_zeromq_rep_server(); - auto sub_server = thread(bind(&publisher::subscribe_server, this, socket)); - auto send_server = thread(bind(&publisher::send_server, this)); - sub_server.join(); - send_server.join(); - return 0; -} - -void publisher::send_server(publisher *mpublisher) { - LOG(INFO) << "Thread sender start"; - uint64_t total= 0; - uint64_t msg_total_size = 0; - while (true) { - usleep(100000); - for (auto list : mpublisher->m_kindlingEventLists) { - auto pKindlingEventList = list.second; - // flag == false - if (!mpublisher->m_ready[pKindlingEventList]) { - continue; - } - if (pKindlingEventList->kindling_event_list_size() > 0) { - string msg; - pKindlingEventList->SerializeToString(&msg); - int num = pKindlingEventList->kindling_event_list_size(); - total = total + num; - LOG(INFO) << "Send " << num << " kindling events, sending size: " << setprecision(2) << - msg.length() / 1024.0 <<" KB. Total count of kindling events: " << total; -// cout << pKindlingEventList->Utf8DebugString(); - zmq_send(mpublisher->m_socket, msg.data(), msg.size(), ZMQ_DONTWAIT); - pKindlingEventList->clear_kindling_event_list(); - } - mpublisher->m_ready[pKindlingEventList] = false; - } - } -} - -void publisher::subscribe_server(publisher *mpublisher, Socket subscribe_socket) { - LOG(INFO) << "Subcribe server start"; - while (true) { - char result[1000]; - memset(result, 0, 1000); - zmq_recv(subscribe_socket, result, 1000, 0); - string reason; - mpublisher->subscribe(result, reason); - zmq_send(subscribe_socket, reason.data(), 7, 0); - } -} - -void publisher::subscribe(string sub_event, string &reason) { - SubEvent subEvent; - void *socket; - - subEvent.ParseFromString(sub_event); - LOG(INFO) << "subscribe info: " << subEvent.Utf8DebugString(); - string address = subEvent.address().data(); - - // filter out subscriber - pid_mutex_.lock(); - filter_pid.push_back(((int) subEvent.pid())); - pid_mutex_.unlock(); - - // subscribe - auto ad_index = m_bind_address->find((char *) address.data()); - // if exists, delete first - if (ad_index != m_bind_address->end()) { - // TODO - } - // new socket and bind - socket = init_zeromq_push_server(); - int rc = zmq_bind(socket, address.c_str()); - if (rc != 0) { - reason = "sub address error"; - return; - } - // set selectors - m_selector->parse(subEvent.labels()); - - // bind - m_socket = socket; - m_bind_address->insert((char *) address.data(), socket); -} - -void publisher::swap_list(converter *cvt, KindlingEventList* kindlingEventList) { - kindlingEventList = cvt->swap_list(kindlingEventList); - m_kindlingEventLists[cvt] = kindlingEventList; - m_ready[kindlingEventList] = true; -} - -selector::selector(sinsp *inspector) { - m_labels = new map* >; - for (auto e : kindling_to_sysdig) { - m_events[e.event_name] = e.event_type; - } - for (auto c : category_map) { - m_categories[c.cateogry_name] = c.category_value; - } - m_inspector = inspector; -} - -bool selector::select(uint16_t type, Category category) { - auto it = m_labels->find(static_cast(type)); - if (it != m_labels->end()) { - if (it->second->size() == 0) { - return true; - } - for (auto c : *it->second) { - if (c == category) { - return true; - } - } - } - return false; -} -Category selector::get_category(string category) { - auto it = m_categories.find(category); - if (it != m_categories.end()) { - return it->second; - } else { - return CAT_NONE; - } -} - -void selector::parse(const google::protobuf::RepeatedPtrField<::kindling::Label> &labels) { - for (auto label : labels) { - auto it = m_events.find(label.name()); - if (it != m_events.end()) { - auto v = m_labels->find(it->second); - auto c = get_category(label.category()); - if (label.category() != "" && c == CAT_NONE) { - LOG(INFO) << "Subscribe: Kindling event category err: " << label.category(); - continue; - } - if (v != m_labels->end()) { - v->second->push_back(c); - } else { - auto categories = new vector; - if (c != CAT_NONE) { - categories->push_back(c); - } - m_labels->insert(pair *> (it->second, categories)); - } - LOG(INFO) << "Subscribe info: type: " << it->second << " category: " << (label.category() != "" ? label.category() : "none"); - } else { - LOG(INFO) << "Subscribe: Kindling event name err: " << label.name(); - } - } - // notify kernel, set eventmask - for (auto it : *m_labels) { - m_inspector->set_eventmask(it.first); - if (!PPME_IS_ENTER(it.first)) { - m_inspector->set_eventmask(it.first - 1); - } - } -} diff --git a/probe/src/probe/publisher/publisher.h b/probe/src/probe/publisher/publisher.h deleted file mode 100644 index 73291d32e..000000000 --- a/probe/src/probe/publisher/publisher.h +++ /dev/null @@ -1,75 +0,0 @@ -#ifndef KINDLING_PROBE_PUBLISHER_H -#define KINDLING_PROBE_PUBLISHER_H -#include -#include "src/probe/converter/kindling_event.pb.h" -#include "src/probe/publisher/subscribe.pb.h" -#include "src/probe/converter/converter.h" -#include "src/probe/utils/shared_unordered_map.h" -#include "sinsp.h" - -#include -#include -#include - -using namespace std; -using namespace kindling; -typedef void * Socket; - -class selector { -public: - selector(sinsp *inspector); - bool select(uint16_t type, Category category); - void parse(const google::protobuf::RepeatedPtrField<::kindling::Label> &field); - -private: - map*> *m_labels; - map m_events; - map m_categories; - Category get_category(string category); - sinsp *m_inspector; -}; - -// publish kindling event -class publisher { -public: - publisher(sinsp *); - ~publisher(); - // return list, add for converter or clear for send - vector get_kindlingEventLists(converter *cvter); - - void consume_sysdig_event(sinsp_evt *evt, int pid, converter *sysdigConverter); - // run [thread] send, [thread] subscribe - int start(); -private: - Socket init_zeromq_rep_server(); - Socket init_zeromq_push_server(); - // send threads: different content-keys correspond to sender thread. - static void send_server(publisher *); - // subscribe thread: accept subscribe request from clients - static void subscribe_server(publisher *, Socket); - - void subscribe(string sub_event, string &reason); - void unsubscribe(string sub_event); - - void swap_list(converter *cvt, KindlingEventList* kindlingEventList); - - // single sender - Socket m_socket; - map m_kindlingEventLists; - map m_ready; - - shared_unordered_map *m_bind_address; - - // multi sender - // vector for multi event source, e.g. [0] for sysdig, [1] for pixie - shared_unordered_map> *m_client_event_map; - // selectors - selector *m_selector; - - - sinsp *m_inspector; - std::mutex pid_mutex_; - vector filter_pid; -}; - -#endif //KINDLING_PROBE_PUBLISHER_H diff --git a/probe/src/probe/publisher/subscribe.proto b/probe/src/probe/publisher/subscribe.proto deleted file mode 100644 index c72805b77..000000000 --- a/probe/src/probe/publisher/subscribe.proto +++ /dev/null @@ -1,14 +0,0 @@ -syntax = "proto3"; -package kindling; -option go_package = "model/subscribe"; - -message SubEvent { - bytes address = 1; - uint32 pid = 2; - repeated Label labels = 4; -} - -message Label { - string category = 1; - string name = 2; -} \ No newline at end of file diff --git a/probe/src/probe/standalone/BUILD.bazel b/probe/src/probe/standalone/BUILD.bazel deleted file mode 100644 index 942833851..000000000 --- a/probe/src/probe/standalone/BUILD.bazel +++ /dev/null @@ -1,56 +0,0 @@ -load("@px//bazel:pl_build_system.bzl", "pl_cc_binary") -load("@io_bazel_rules_docker//cc:image.bzl", "cc_image") - - -pl_cc_binary( - name = "stirling_standalone", - srcs = glob( - ["*.cc"], - exclude = [ - "**/*_test.cc", - "*_main.cc", - ], - ), - copts = ["-Ibazel-out/k8-fastbuild/bin/third_party/agent-libs_build/include/userspace/libscap", "-Ibazel-out/k8-fastbuild/bin/third_party/agent-libs_build/include/userspace/libsinsp/third-party/jsoncpp", "-Ibazel-out/k8-fastbuild/bin/third_party/agent-libs_build/include/userspace/libsinsp", "-Wno-unused-parameter","-Wno-unused-variable","-Wno-mismatched-tags"], - deps = [ - "//src/probe/utils:cc_library", - "@px//src/common/signal:cc_library", - "//third_party:agent-libs_build", - "@px//src/stirling:cc_library", - "@com_github_jupp0r_prometheus_cpp//pull", - "@px//src/common/metrics:cc_library", - "@px//:px_headers", - ], -) - -load("@io_bazel_rules_docker//container:container.bzl", "container_image") -container_image( - # name = "kp_cc_base_image", - name = "stirling_standalone_image", - base = "@px//:pl_cc_bpf_image", - directory = "/pl", - files = [ - "@kindling_falcolib_probe_tar_gz//file:file", - "//docker:scripts", - ":qianlu", - ], - cmd = ["/pl/docker-entrypoint.sh"], - visibility = ["//visibility:public"], -) - -load("@io_bazel_rules_docker//cc:image.bzl", "cc_image") -cc_image( - name = "qianlu_standalone_image_old", - base = ":kp_cc_base_image", - binary = ":stirling_standalone", -) - -load("@io_bazel_rules_docker//container:container.bzl", "container_push") -container_push( - name = "push_image", - format = "Docker", - image = ":stirling_standalone_image", - registry = "docker.io", - repository = "kindlingproject/kindling-probe", - tag = "stirling-standalone", -) diff --git a/probe/src/probe/standalone/README.md b/probe/src/probe/standalone/README.md deleted file mode 100644 index 5d9bc0485..000000000 --- a/probe/src/probe/standalone/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# Stirling Standalone - diff --git a/probe/src/probe/standalone/standalone.cc b/probe/src/probe/standalone/standalone.cc deleted file mode 100644 index f6dd86c60..000000000 --- a/probe/src/probe/standalone/standalone.cc +++ /dev/null @@ -1,133 +0,0 @@ -#include -#include -#include -#include -#include -#include "src/probe/utils/termination_handler.h" - -px::Status consume_uprobe_data(uint64_t table_id, px::types::TabletID tablet_id, - std::unique_ptr record_batch) { - - std::cout << "[stirling][grpc] table_id:" << table_id << " tablet_id:" << tablet_id << std::endl; - - if (record_batch->empty() || record_batch->at(0)->Size() == 0) { - std::cout << "[stirling][grpc] record_batch is empty. table_id:" << table_id << std::endl; - return px::Status::OK(); - } - - std::cout << "[stirling][grpc] record_batch cols is " << record_batch->size() << " samples:" << record_batch->at(0)->Size() << std::endl; -// -// auto it = m_kindlingEventLists.find(uprobe_converter_); -// KindlingEventList* kindlingEventList; -// if (it == m_kindlingEventLists.end()) { -// kindlingEventList = new KindlingEventList(); -// m_kindlingEventLists[uprobe_converter_] = kindlingEventList; -// } else { -// kindlingEventList = it->second; -// } - if (record_batch->size() != 20) { - std::cout << "[stirling] size not match" << " table_id:" << table_id << " tablet_id:" << tablet_id << std::endl; - return px::Status::OK(); - } - int ids = 0; - for (const auto& col : *record_batch) { - auto received_type = col->data_type(); - std::cout << "ids:" << ids ++ << " types:" << px::types::ToString(received_type) << std::endl; - } - - auto batch_size = record_batch->at(0)->Size(); - for (size_t i = 0; i < batch_size; ++ i ) { - std::cout << "[stirling][grpc] begin to process record " << i << " ... " << std::endl; - int64_t ts = record_batch->at(px::stirling::kHTTPTimeIdx)->Get(i).val; - std::cout << "ts:" << ts << " idx:" << px::stirling::kHTTPTimeIdx << std::endl; - int32_t pid = record_batch->at(px::stirling::kHTTPUPIDIdx)->Get(i).High64(); - std::cout << "pid:" << pid << " idx:" << px::stirling::kHTTPUPIDIdx << std::endl; - std::string remote_addr = record_batch->at(px::stirling::kHTTPRemoteAddrIdx)->Get(i); - std::cout << "remote_addr:" << remote_addr << " idx:" << px::stirling::kHTTPRemoteAddrIdx << std::endl; - int64_t remote_port = record_batch->at(px::stirling::kHTTPRemotePortIdx)->Get(i).val; - std::cout << "remote_port:" << remote_port << " idx:" << px::stirling::kHTTPRemotePortIdx << std::endl; - int64_t trace_role = record_batch->at(px::stirling::kHTTPTraceRoleIdx)->Get(i).val; - std::cout << "trace_role:" << trace_role << " idx:" << px::stirling::kHTTPTraceRoleIdx << std::endl; - int64_t major_version = record_batch->at(px::stirling::kHTTPMajorVersionIdx)->Get(i).val; - std::cout << "major_version:" << major_version << " idx:" << px::stirling::kHTTPMajorVersionIdx << std::endl; - int64_t minor_version = record_batch->at(px::stirling::kHTTPMinorVersionIdx)->Get(i).val; - std::cout << "minor_version:" << minor_version << " idx:" << px::stirling::kHTTPMinorVersionIdx << std::endl; - int64_t content_type = record_batch->at(px::stirling::kHTTPContentTypeIdx)->Get(i).val; - std::cout << "content_type:" << content_type << " idx:" << px::stirling::kHTTPContentTypeIdx << std::endl; - std::string req_headers = record_batch->at(px::stirling::kHTTPReqHeadersIdx)->Get(i); - std::cout << "req_headers:" << req_headers << " idx:" << px::stirling::kHTTPReqHeadersIdx << std::endl; - std::string req_method = record_batch->at(px::stirling::kHTTPReqMethodIdx)->Get(i); - std::cout << "req_method:" << req_method << " idx:" << px::stirling::kHTTPReqMethodIdx << std::endl; - std::string req_path = record_batch->at(px::stirling::kHTTPReqPathIdx)->Get(i); - std::cout << "req_path:" << req_path << std::endl; - std::string req_body = record_batch->at(px::stirling::kHTTPReqBodyIdx)->Get(i); - std::cout << "req_body:" << req_body << std::endl; - int64_t req_body_size = record_batch->at(px::stirling::kHTTPReqBodySizeIdx)->Get(i).val; - std::cout << "req_body_size:" << req_body_size << std::endl; - std::string resp_headers = record_batch->at(px::stirling::kHTTPRespHeadersIdx)->Get(i); - std::cout << "resp_headers:" << resp_headers << std::endl; - int64_t resp_status = record_batch->at(px::stirling::kHTTPRespStatusIdx)->Get(i).val; - std::cout << "resp_status:" << resp_status << std::endl; - std::string resp_body = record_batch->at(px::stirling::kHTTPRespBodyIdx)->Get(i); - std::cout << "resp_body:" << resp_body << std::endl; - int64_t resp_body_size = record_batch->at(px::stirling::kHTTPRespBodySizeIdx)->Get(i).val; - std::cout << "resp_body_size:" << resp_body_size << std::endl; - int64_t latency = record_batch->at(px::stirling::kHTTPLatencyIdx)->Get(i).val; - std::cout << "latency:" << latency << std::endl; - - std::cout << "[stirling][grpc] ts:" << ts << " pid:" << pid << " remote_addr:" << remote_addr << " remote_port:" << remote_port << " trace_role:" << trace_role << std::endl; - -// struct grpc_event_t gevt; -// gevt.timestamp = ts; -// gevt.pid = pid; -// gevt.remote_addr = remote_addr; -// gevt.remote_port = remote_port; -// gevt.trace_role = trace_role; -// gevt.req_headers = req_headers; -// gevt.req_method = req_method; -// gevt.req_path = req_path; -// gevt.req_body = req_body; -// gevt.req_body_size = req_body_size; -// gevt.resp_status = resp_status; -// gevt.resp_body = resp_body; -// gevt.resp_body_size = resp_body_size; -// gevt.latency = latency; - -// auto tinfo = m_inspector->get_thread_ref(pid, true, true, true); -// if (tinfo) { -// gevt.container_id = tinfo->m_container_id; -// std::cout << "[stirling] find container_id for pid:" << pid << " container_id:" << gevt.container_id << std::endl; -// } else { -// std::cout << "[stirling] cannot find container_id for pid:" << pid << std::endl; -// } - -// event_mutex_.lock(); -// KindlingEvent *kindlingEvent = kindlingEventList->add_kindling_event_list(); -// uprobe_converter_->convert(kindlingEvent, &gevt); -// event_mutex_.unlock(); - } - return px::Status::OK(); -} - -int main(int argc, char** argv) { - px::EnvironmentGuard env_guard(&argc, argv); - - TerminationHandler::InstallSignalHandlers(); - - // init bcc & stirling - auto stirling = px::stirling::Stirling::Create(px::stirling::CreateSourceRegistry(px::stirling::GetSourceNamesForGroup(px::stirling::SourceConnectorGroup::kTracers)) - .ConsumeValueOrDie()); - TerminationHandler::set_stirling(stirling.get()); - std::cout << "hello, stirling!" << std::endl; - stirling->RegisterDataPushCallback(consume_uprobe_data); - std::cout << "register data push callback done." << std::endl; - auto status = stirling->RunAsThread(); - std::cout << status.ok() << "begin to run core" << std::endl; - - while (true) { - sleep(100); - } - - stirling->Stop(); - return 0; -} diff --git a/probe/src/probe/utils/BUILD.bazel b/probe/src/probe/utils/BUILD.bazel deleted file mode 100644 index c462718c6..000000000 --- a/probe/src/probe/utils/BUILD.bazel +++ /dev/null @@ -1,24 +0,0 @@ -load("@px//bazel:pl_build_system.bzl", "pl_cc_library") - -package(default_visibility = ["//visibility:public"]) - -pl_cc_library( - name = "cc_library", - srcs = glob( - [ - "*.h", - "*.cc", - ], - exclude = [ - "**/*_test.cc", - "**/*_benchmark.cc", - ], - ), - hdrs = ["shared_unordered_map.h"], - copts = ["-Ibazel-out/k8-fastbuild/bin/third_party/agent-libs_build/include/userspace/libscap", "-Ibazel-out/k8-fastbuild/bin/third_party/agent-libs_build/include/userspace/libsinsp/third-party/jsoncpp", "-Ibazel-out/k8-fastbuild/bin/third_party/agent-libs_build/include/userspace/libsinsp", "-Wno-mismatched-tags"], - deps = [ - "@px//src/common/signal:cc_library", - "@px//:px_headers", - "//third_party:agent-libs_build", - ], -) diff --git a/probe/src/probe/utils/shared_unordered_map.h b/probe/src/probe/utils/shared_unordered_map.h deleted file mode 100644 index acee25bc6..000000000 --- a/probe/src/probe/utils/shared_unordered_map.h +++ /dev/null @@ -1,135 +0,0 @@ -#ifndef SHAREDUNORDERMAP_H -#define SHAREDUNORDERMAP_H - -#include -#include -#include - -template -class shared_unordered_map { -public: - typedef typename std::unordered_map::iterator iterator_; - - shared_unordered_map(); - - ~shared_unordered_map(); - - int size(); - - bool empty(); - - void erase(iterator_); - - void erase(T key); - - iterator_ begin(); - - iterator_ end(); - - iterator_ find(T key); - - void insert(T key, U value); - - typename std::unordered_map *rangeStart(); - - void rangeEnd(); - -private: - std::condition_variable cond_; - std::mutex mutex_; - std::unordered_map *unordered_map1; - std::unordered_map *unordered_map2; - -}; - -template -shared_unordered_map::shared_unordered_map() { - unordered_map1 = new std::unordered_map(); -} - -template -shared_unordered_map::~shared_unordered_map() = default; - -template -int shared_unordered_map::size() { - std::unique_lock mlock(mutex_); - int size = unordered_map1->size(); - mlock.unlock(); - return size; -} - -template -bool shared_unordered_map::empty() { - return this->size() == 0; -} - -template -void shared_unordered_map::erase(iterator_ index) { - std::unique_lock mlock(mutex_); - while (unordered_map1->empty()) { - cond_.wait(mlock); - } - unordered_map1->erase(index); -} - -template -typename std::unordered_map::iterator shared_unordered_map::begin() { - std::unique_lock mlock(mutex_); - iterator_ index = unordered_map1->begin(); - mlock.unlock(); - return index; -} - -template -typename std::unordered_map::iterator shared_unordered_map::end() { - std::unique_lock mlock(mutex_); - iterator_ index = unordered_map1->end(); - mlock.unlock(); - return index; -} - -template -void shared_unordered_map::insert(T key, U value) { - std::unique_lock mlock(mutex_); - unordered_map1->insert({key, value}); - mlock.unlock(); - cond_.notify_one(); -} - -template -typename std::unordered_map::iterator shared_unordered_map::find(T key) { - std::unique_lock mlock(mutex_); - typename std::unordered_map::iterator index = unordered_map1->find(key); - mlock.unlock(); - return index; -} - -template -void shared_unordered_map::rangeEnd() { - delete unordered_map2; -} - -template -typename std::unordered_map *shared_unordered_map::rangeStart() { - unordered_map2 = new std::unordered_map(); - std::unique_lock mlock(mutex_); - iterator_ index = unordered_map1->begin(); - while (index != unordered_map1->end()) { - unordered_map2->insert({index->first, index->second}); - index++; - } - mlock.unlock(); - return unordered_map2; -} - -template -void shared_unordered_map::erase(T key) { - std::unique_lock mlock(mutex_); - while (unordered_map1->empty()) { - cond_.wait(mlock); - } - unordered_map1->erase(key); -} - - -#endif //SHAREDUNORDERMAP_H diff --git a/probe/src/probe/utils/termination_handler.h b/probe/src/probe/utils/termination_handler.h deleted file mode 100644 index 0956e5918..000000000 --- a/probe/src/probe/utils/termination_handler.h +++ /dev/null @@ -1,46 +0,0 @@ -// -// Created by 千陆 on 2022/1/6. -// - -#ifndef KINDLING_PROBE_KINDLING_MANAGER_H -#define KINDLING_PROBE_KINDLING_MANAGER_H - -#include -#include -#include -#include "sinsp.h" -#include - -class TerminationHandler { -public: - static constexpr auto kSignals = px::MakeArray(SIGINT, SIGQUIT, SIGTERM, SIGHUP); - - static void InstallSignalHandlers() { - for (size_t i = 0; i < kSignals.size(); ++i) { - signal(kSignals[i], TerminationHandler::OnTerminate); - } - } - - static void set_stirling(px::stirling::Stirling* stirling_) { m_stirling_ = stirling_; } - static void set_sinsp(sinsp* sinsp_) { m_sinsp_ = sinsp_; } - - static void OnTerminate(int signum) { - if (m_sinsp_ != nullptr) { - LOG(INFO) << "Trying to gracefully stop sinsp"; - m_sinsp_->close(); - } - if (m_stirling_ != nullptr) { - LOG(INFO) << "Trying to gracefully stop stirling"; - m_stirling_->Stop(); - } - exit(signum); - } - -private: - inline static px::stirling::Stirling* m_stirling_ = nullptr; - inline static sinsp* m_sinsp_ = nullptr; -}; - - - -#endif //KINDLING_PROBE_KINDLING_MANAGER_H diff --git a/probe/third_party/BUILD.bazel b/probe/third_party/BUILD.bazel deleted file mode 100644 index ec3f36a6f..000000000 --- a/probe/third_party/BUILD.bazel +++ /dev/null @@ -1,71 +0,0 @@ -load("@rules_cc//cc:defs.bzl", "cc_library") -load("@rules_foreign_cc//foreign_cc:defs.bzl", "cmake", "configure_make", "make") - -package(default_visibility = ["//visibility:public"]) - - -configure_make( - name = "zmq_build", - autogen = True, - configure_in_place = True, - args = ["-j$(nproc)","-l$(nproc)"], - lib_source = "@lib_zmq//:all", - out_static_libs = ["libzmq.a"], -) - -cmake( - name = "agent-libs_build", - tags = ["requires-network","--sandbox_default_allow_network"], - cache_entries = { - "BUILD_LIBSCAP_EXAMPLES": "OFF", - "MINIMAL_BUILD": "ON", - "CREATE_TEST_TARGETS": "OFF", - "BUILD_LIBSINSP_EXAMPLES": "ON", - "CMAKE_C_COMPILER": "/usr/bin/gcc-10", - "CMAKE_CXX_COMPILER": "/usr/bin/g++-10", - "BUILD_DRIVER": "OFF", - "CMAKE_TOOLCHAIN_FILE" : "", - }, - lib_source = "@agent-libs//:all", - postfix_script = "cp ./libsinsp/libsinsp.a $INSTALLDIR/lib/libsinsp.a && cp ./tbb-prefix/src/tbb/build/lib_release/libtbb.a $INSTALLDIR/lib/libtbb.a && cp ./tbb-prefix/src/tbb/build/lib_release/libtbbmalloc.a $INSTALLDIR/lib/libtbbmalloc.a && cp ./libscap/libscap.a $INSTALLDIR/lib/libscap.a && mkdir $INSTALLDIR/include/userspace \ - && mkdir $INSTALLDIR/include/userspace/async \ - && mkdir $INSTALLDIR/include/userspace/common \ - && mkdir $INSTALLDIR/include/userspace/libscap \ - && mkdir $INSTALLDIR/include/userspace/libsinsp \ - && cp $EXT_BUILD_ROOT/external/agent-libs/userspace/async/*.h $INSTALLDIR/include/userspace/async \ - && cp $EXT_BUILD_ROOT/external/agent-libs/userspace/common/*.h $INSTALLDIR/include/userspace/common \ - && cp $EXT_BUILD_ROOT/external/agent-libs/userspace/libscap/*.h $INSTALLDIR/include/userspace/libscap \ - && cp $EXT_BUILD_ROOT/external/agent-libs/userspace/libsinsp/*.h $INSTALLDIR/include/userspace/libsinsp \ - && mkdir $INSTALLDIR/include/userspace/libsinsp/container_engine \ - && cp $EXT_BUILD_ROOT/external/agent-libs/userspace/libsinsp/container_engine/*.h $INSTALLDIR/include/userspace/libsinsp/container_engine \ - && mkdir $INSTALLDIR/include/userspace/libsinsp/container_engine/docker \ - && cp $EXT_BUILD_ROOT/external/agent-libs/userspace/libsinsp/container_engine/docker/*.h $INSTALLDIR/include/userspace/libsinsp/container_engine/docker \ - && mkdir $INSTALLDIR/include/userspace/libsinsp/include \ - && cp $EXT_BUILD_ROOT/external/agent-libs/userspace/libsinsp/include/*.h $INSTALLDIR/include/userspace/libsinsp/include \ - && mkdir $INSTALLDIR/include/userspace/libsinsp/third-party \ - && cp $EXT_BUILD_ROOT/external/agent-libs/userspace/libsinsp/third-party/*.h $INSTALLDIR/include/userspace/libsinsp/third-party \ - && mkdir $INSTALLDIR/include/userspace/libsinsp/third-party/jsoncpp \ - && mkdir $INSTALLDIR/include/userspace/libsinsp/third-party/jsoncpp/json \ - && cp $EXT_BUILD_ROOT/external/agent-libs/userspace/libsinsp/third-party/jsoncpp/json/*.h $INSTALLDIR/include/userspace/libsinsp/third-party/jsoncpp/json \ - && mkdir $INSTALLDIR/include/userspace/libscap/compat \ - && cp $EXT_BUILD_ROOT/external/agent-libs/userspace/libscap/compat/*.h $INSTALLDIR/include/userspace/libscap/compat \ - && mkdir $INSTALLDIR/include/common \ - && cp $EXT_BUILD_ROOT/external/agent-libs/common/*.h $INSTALLDIR/include/common \ - && mkdir $INSTALLDIR/include/tbb \ - && cp ./tbb-prefix/src/tbb/include/tbb/*.h $INSTALLDIR/include/tbb \ - && mkdir $INSTALLDIR/include/tbb/compat \ - && cp ./tbb-prefix/src/tbb/include/tbb/compat/*.h $INSTALLDIR/include/tbb/compat \ - && mkdir $INSTALLDIR/include/tbb/internal \ - && cp ./tbb-prefix/src/tbb/include/tbb/internal/*.h $INSTALLDIR/include/tbb/internal \ - && mkdir $INSTALLDIR/include/tbb/machine \ - && cp ./tbb-prefix/src/tbb/include/tbb/machine/*.h $INSTALLDIR/include/tbb/machine \ - && mkdir $INSTALLDIR/include/driver \ - && mkdir $INSTALLDIR/include/driver/bpf \ - && cp $EXT_BUILD_ROOT/external/agent-libs/driver/*.h $INSTALLDIR/include/driver \ - && cp $EXT_BUILD_ROOT/external/agent-libs/driver/bpf/*.h $INSTALLDIR/include/driver/bpf \ - ", - out_static_libs = ["libsinsp.a", "libscap.a", "libtbb.a", "libtbbmalloc.a"], -) - - -