From 570bef6a7675976a936c19931aa1d5050ee06a94 Mon Sep 17 00:00:00 2001 From: sanyangji Date: Mon, 13 Feb 2023 17:49:46 +0800 Subject: [PATCH 1/6] support ipv6 for kindling event Signed-off-by: sanyangji --- .../component/receiver/cgoreceiver/cgo_func.h | 4 ++-- .../receiver/cgoreceiver/cgoreceiver.go | 8 +++++-- probe/src/cgo/kindling.cpp | 24 ++++++++++++++++--- probe/src/cgo/kindling.h | 4 ++-- 4 files changed, 31 insertions(+), 9 deletions(-) diff --git a/collector/pkg/component/receiver/cgoreceiver/cgo_func.h b/collector/pkg/component/receiver/cgoreceiver/cgo_func.h index ab3be155a..19a7077c3 100644 --- a/collector/pkg/component/receiver/cgoreceiver/cgo_func.h +++ b/collector/pkg/component/receiver/cgoreceiver/cgo_func.h @@ -59,8 +59,8 @@ struct kindling_event_t_for_go{ char *directory; uint32_t protocol; uint8_t role; - uint32_t sip; - uint32_t dip; + uint32_t sip[4]; + uint32_t dip[4]; uint32_t sport; uint32_t dport; diff --git a/collector/pkg/component/receiver/cgoreceiver/cgoreceiver.go b/collector/pkg/component/receiver/cgoreceiver/cgoreceiver.go index b99bbdd73..a446f42bf 100644 --- a/collector/pkg/component/receiver/cgoreceiver/cgoreceiver.go +++ b/collector/pkg/component/receiver/cgoreceiver/cgoreceiver.go @@ -135,8 +135,12 @@ func convertEvent(cgoEvent *CKindlingEventForGo) *model.KindlingEvent { ev.Ctx.FdInfo.Filename = C.GoString(cgoEvent.context.fdInfo.filename) ev.Ctx.FdInfo.Directory = C.GoString(cgoEvent.context.fdInfo.directory) ev.Ctx.FdInfo.Role = If(cgoEvent.context.fdInfo.role != 0, true, false).(bool) - ev.Ctx.FdInfo.Sip = []uint32{uint32(cgoEvent.context.fdInfo.sip)} - ev.Ctx.FdInfo.Dip = []uint32{uint32(cgoEvent.context.fdInfo.dip)} + ev.Ctx.FdInfo.Sip = make([]uint32, 4) + ev.Ctx.FdInfo.Dip = make([]uint32, 4) + for i := 0; i < 4; i++ { + ev.Ctx.FdInfo.Sip[i] = uint32(cgoEvent.context.fdInfo.sip[i]) + ev.Ctx.FdInfo.Dip[i] = uint32(cgoEvent.context.fdInfo.dip[i]) + } ev.Ctx.FdInfo.Sport = uint32(cgoEvent.context.fdInfo.sport) ev.Ctx.FdInfo.Dport = uint32(cgoEvent.context.fdInfo.dport) ev.Ctx.FdInfo.Source = uint64(cgoEvent.context.fdInfo.source) diff --git a/probe/src/cgo/kindling.cpp b/probe/src/cgo/kindling.cpp index dbf6ef9d4..9112739bd 100644 --- a/probe/src/cgo/kindling.cpp +++ b/probe/src/cgo/kindling.cpp @@ -296,14 +296,32 @@ int getEvent(void** pp_kindling_event) { break; } case SCAP_FD_IPV4_SOCK: - case SCAP_FD_IPV4_SERVSOCK: p_kindling_event->context.fdInfo.protocol = get_protocol(fdInfo->get_l4proto()); p_kindling_event->context.fdInfo.role = fdInfo->is_role_server(); - p_kindling_event->context.fdInfo.sip = fdInfo->m_sockinfo.m_ipv4info.m_fields.m_sip; - p_kindling_event->context.fdInfo.dip = fdInfo->m_sockinfo.m_ipv4info.m_fields.m_dip; + p_kindling_event->context.fdInfo.sip[0] = fdInfo->m_sockinfo.m_ipv4info.m_fields.m_sip; + p_kindling_event->context.fdInfo.dip[0] = fdInfo->m_sockinfo.m_ipv4info.m_fields.m_dip; p_kindling_event->context.fdInfo.sport = fdInfo->m_sockinfo.m_ipv4info.m_fields.m_sport; p_kindling_event->context.fdInfo.dport = fdInfo->m_sockinfo.m_ipv4info.m_fields.m_dport; break; + case SCAP_FD_IPV4_SERVSOCK: + p_kindling_event->context.fdInfo.protocol = get_protocol(fdInfo->get_l4proto()); + p_kindling_event->context.fdInfo.role = fdInfo->is_role_server(); + p_kindling_event->context.fdInfo.dip[0] = fdInfo->m_sockinfo.m_ipv4serverinfo.m_ip; + p_kindling_event->context.fdInfo.dport = fdInfo->m_sockinfo.m_ipv4serverinfo.m_port; + break; + case SCAP_FD_IPV6_SOCK: + p_kindling_event->context.fdInfo.protocol = get_protocol(fdInfo->get_l4proto()); + p_kindling_event->context.fdInfo.role = fdInfo->is_role_server(); + memcpy(p_kindling_event->context.fdInfo.sip, fdInfo->m_sockinfo.m_ipv6info.m_fields.m_sip.m_b, sizeof(fdInfo->m_sockinfo.m_ipv6info.m_fields.m_sip.m_b)); + memcpy(p_kindling_event->context.fdInfo.dip, fdInfo->m_sockinfo.m_ipv6info.m_fields.m_dip.m_b, sizeof(fdInfo->m_sockinfo.m_ipv6info.m_fields.m_dip.m_b)); + p_kindling_event->context.fdInfo.sport = fdInfo->m_sockinfo.m_ipv6info.m_fields.m_sport; + p_kindling_event->context.fdInfo.dport = fdInfo->m_sockinfo.m_ipv6info.m_fields.m_dport; + break; + case SCAP_FD_IPV6_SERVSOCK: + p_kindling_event->context.fdInfo.role = fdInfo->is_role_server(); + memcpy(p_kindling_event->context.fdInfo.dip, fdInfo->m_sockinfo.m_ipv6serverinfo.m_ip.m_b, sizeof(fdInfo->m_sockinfo.m_ipv6serverinfo.m_ip.m_b)); + p_kindling_event->context.fdInfo.dport = fdInfo->m_sockinfo.m_ipv6serverinfo.m_port; + break; case SCAP_FD_UNIX_SOCK: p_kindling_event->context.fdInfo.source = fdInfo->m_sockinfo.m_unixinfo.m_fields.m_source; p_kindling_event->context.fdInfo.destination = diff --git a/probe/src/cgo/kindling.h b/probe/src/cgo/kindling.h index 6ca4fec37..353cce0c3 100644 --- a/probe/src/cgo/kindling.h +++ b/probe/src/cgo/kindling.h @@ -90,8 +90,8 @@ struct kindling_event_t_for_go { char* directory; uint32_t protocol; uint8_t role; - uint32_t sip; - uint32_t dip; + uint32_t sip[4]; + uint32_t dip[4]; uint32_t sport; uint32_t dport; uint64_t source; From 8dbe1730340256c1d668da546bad262b0d242a51 Mon Sep 17 00:00:00 2001 From: sanyangji Date: Mon, 13 Feb 2023 16:50:05 +0800 Subject: [PATCH 2/6] remove useless file Signed-off-by: sanyangji --- probe/src/cgo/defination.h | 307 ------------------------------------- 1 file changed, 307 deletions(-) delete mode 100644 probe/src/cgo/defination.h diff --git a/probe/src/cgo/defination.h b/probe/src/cgo/defination.h deleted file mode 100644 index c354c1c44..000000000 --- a/probe/src/cgo/defination.h +++ /dev/null @@ -1,307 +0,0 @@ -// -// Created by 散养鸡 on 2021/12/30. -// - -#ifndef KINDLING_PROBE_DEFINATION_H -#define KINDLING_PROBE_DEFINATION_H - -#include - -struct event { - string event_name; - ppm_event_type event_type; -}; -const static event kindling_to_sysdig[PPM_EVENT_MAX] = { - {"syscall_enter-open", PPME_SYSCALL_OPEN_E}, - {"syscall_exit-open", PPME_SYSCALL_OPEN_X}, - {"syscall_enter-close", PPME_SYSCALL_CLOSE_E}, - {"syscall_exit-close", PPME_SYSCALL_CLOSE_X}, - {"syscall_enter-read", PPME_SYSCALL_READ_E}, - {"syscall_exit-read", PPME_SYSCALL_READ_X}, - {"syscall_enter-write", PPME_SYSCALL_WRITE_E}, - {"syscall_exit-write", PPME_SYSCALL_WRITE_X}, - {"syscall_enter-brk", PPME_SYSCALL_BRK_4_E}, - {"syscall_exit-brk", PPME_SYSCALL_BRK_4_X}, - {"syscall_enter-execve", PPME_SYSCALL_EXECVE_19_E}, - {"syscall_exit-execve", PPME_SYSCALL_EXECVE_19_X}, - {"syscall_enter-clone", PPME_SYSCALL_CLONE_20_E}, - {"syscall_exit-clone", PPME_SYSCALL_CLONE_20_X}, - {"syscall_enter-socket", PPME_SOCKET_SOCKET_E}, - {"syscall_exit-socket", PPME_SOCKET_SOCKET_X}, - {"syscall_enter-bind", PPME_SOCKET_BIND_E}, - {"syscall_exit-bind", PPME_SOCKET_BIND_X}, - {"syscall_enter-connect", PPME_SOCKET_CONNECT_E}, - {"syscall_exit-connect", PPME_SOCKET_CONNECT_X}, - {"syscall_enter-listen", PPME_SOCKET_LISTEN_E}, - {"syscall_exit-listen", PPME_SOCKET_LISTEN_X}, - {"syscall_enter-accept", PPME_SOCKET_ACCEPT_5_E}, - {"syscall_exit-accept", PPME_SOCKET_ACCEPT_5_X}, - {"syscall_enter-accept4", PPME_SOCKET_ACCEPT4_5_E}, - {"syscall_exit-accept4", PPME_SOCKET_ACCEPT4_5_X}, - {"syscall_enter-sendto", PPME_SOCKET_SENDTO_E}, - {"syscall_exit-sendto", PPME_SOCKET_SENDTO_X}, - {"syscall_enter-recvfrom", PPME_SOCKET_RECVFROM_E}, - {"syscall_exit-recvfrom", PPME_SOCKET_RECVFROM_X}, - {"syscall_enter-shutdown", PPME_SOCKET_SHUTDOWN_E}, - {"syscall_exit-shutdown", PPME_SOCKET_SHUTDOWN_X}, - {"syscall_enter-getsockname", PPME_SOCKET_GETSOCKNAME_E}, - {"syscall_exit-getsockname", PPME_SOCKET_GETSOCKNAME_X}, - {"syscall_enter-getpeername", PPME_SOCKET_GETPEERNAME_E}, - {"syscall_exit-getpeername", PPME_SOCKET_GETPEERNAME_X}, - {"syscall_enter-socketpair", PPME_SOCKET_SOCKETPAIR_E}, - {"syscall_exit-socketpair", PPME_SOCKET_SOCKETPAIR_X}, - {"syscall_enter-setsockopt", PPME_SOCKET_SETSOCKOPT_E}, - {"syscall_exit-setsockopt", PPME_SOCKET_SETSOCKOPT_X}, - {"syscall_enter-getsockopt", PPME_SOCKET_GETSOCKOPT_E}, - {"syscall_exit-getsockopt", PPME_SOCKET_GETSOCKOPT_X}, - {"syscall_enter-sendmsg", PPME_SOCKET_SENDMSG_E}, - {"syscall_exit-sendmsg", PPME_SOCKET_SENDMSG_X}, - {"syscall_enter-sendmmsg", PPME_SOCKET_SENDMMSG_E}, - {"syscall_exit-sendmmsg", PPME_SOCKET_SENDMMSG_X}, - {"syscall_enter-recvmsg", PPME_SOCKET_RECVMSG_E}, - {"syscall_exit-recvmsg", PPME_SOCKET_RECVMSG_X}, - {"syscall_enter-recvmmsg", PPME_SOCKET_RECVMMSG_E}, - {"syscall_exit-recvmmsg", PPME_SOCKET_RECVMMSG_X}, - {"syscall_enter-sendfile", PPME_SYSCALL_SENDFILE_E}, - {"syscall_exit-sendfile", PPME_SYSCALL_SENDFILE_X}, - {"syscall_enter-creat", PPME_SYSCALL_CREAT_E}, - {"syscall_exit-creat", PPME_SYSCALL_CREAT_X}, - {"syscall_enter-pipe", PPME_SYSCALL_PIPE_E}, - {"syscall_exit-pipe", PPME_SYSCALL_PIPE_X}, - {"syscall_enter-pipe2", PPME_SYSCALL_PIPE_E}, - {"syscall_exit-pipe2", PPME_SYSCALL_PIPE_X}, - {"syscall_enter-eventfd", PPME_SYSCALL_EVENTFD_E}, - {"syscall_exit-eventfd", PPME_SYSCALL_EVENTFD_X}, - {"syscall_enter-eventfd2", PPME_SYSCALL_EVENTFD_E}, - {"syscall_exit-eventfd2", PPME_SYSCALL_EVENTFD_X}, - {"syscall_enter-futex", PPME_SYSCALL_FUTEX_E}, - {"syscall_exit-futex", PPME_SYSCALL_FUTEX_X}, - {"syscall_enter-stat", PPME_SYSCALL_STAT_E}, - {"syscall_exit-stat", PPME_SYSCALL_STAT_X}, - {"syscall_enter-lstat", PPME_SYSCALL_LSTAT_E}, - {"syscall_exit-lstat", PPME_SYSCALL_LSTAT_X}, - {"syscall_enter-fstat", PPME_SYSCALL_FSTAT_E}, - {"syscall_exit-fstat", PPME_SYSCALL_FSTAT_X}, - {"syscall_enter-stat64", PPME_SYSCALL_STAT64_E}, - {"syscall_exit-stat64", PPME_SYSCALL_STAT64_X}, - {"syscall_enter-lstat64", PPME_SYSCALL_LSTAT64_E}, - {"syscall_exit-lstat64", PPME_SYSCALL_LSTAT64_X}, - {"syscall_enter-fstat64", PPME_SYSCALL_FSTAT64_E}, - {"syscall_exit-fstat64", PPME_SYSCALL_FSTAT64_X}, - {"syscall_enter-epoll_wait", PPME_SYSCALL_EPOLLWAIT_E}, - {"syscall_exit-epoll_wait", PPME_SYSCALL_EPOLLWAIT_X}, - {"syscall_enter-poll", PPME_SYSCALL_POLL_E}, - {"syscall_exit-poll", PPME_SYSCALL_POLL_X}, - {"syscall_enter-ppoll", PPME_SYSCALL_PPOLL_E}, - {"syscall_exit-ppoll", PPME_SYSCALL_PPOLL_X}, - {"syscall_enter-select", PPME_SYSCALL_SELECT_E}, - {"syscall_exit-select", PPME_SYSCALL_SELECT_X}, - {"syscall_enter-lseek", PPME_SYSCALL_LSEEK_E}, - {"syscall_exit-lseek", PPME_SYSCALL_LSEEK_X}, - {"syscall_enter-llseek", PPME_SYSCALL_LLSEEK_E}, - {"syscall_exit-llseek", PPME_SYSCALL_LLSEEK_X}, - {"syscall_enter-getcwd", PPME_SYSCALL_GETCWD_E}, - {"syscall_exit-getcwd", PPME_SYSCALL_GETCWD_X}, - {"syscall_enter-chdir", PPME_SYSCALL_CHDIR_E}, - {"syscall_exit-chdir", PPME_SYSCALL_CHDIR_X}, - {"syscall_enter-fchdir", PPME_SYSCALL_FCHDIR_E}, - {"syscall_exit-fchdir", PPME_SYSCALL_FCHDIR_X}, - {"syscall_enter-mkdir", PPME_SYSCALL_MKDIR_2_E}, - {"syscall_exit-mkdir", PPME_SYSCALL_MKDIR_2_X}, - {"syscall_enter-mkdirat", PPME_SYSCALL_MKDIRAT_E}, - {"syscall_exit-mkdirat", PPME_SYSCALL_MKDIRAT_X}, - {"syscall_enter-rmdir", PPME_SYSCALL_RMDIR_2_E}, - {"syscall_exit-rmdir", PPME_SYSCALL_RMDIR_2_X}, - {"syscall_enter-unlink", PPME_SYSCALL_UNLINK_2_E}, - {"syscall_exit-unlink", PPME_SYSCALL_UNLINK_2_X}, - {"syscall_enter-unlinkat", PPME_SYSCALL_UNLINKAT_2_E}, - {"syscall_exit-unlinkat", PPME_SYSCALL_UNLINKAT_2_X}, - {"syscall_enter-openat", PPME_SYSCALL_OPENAT_2_E}, - {"syscall_exit-openat", PPME_SYSCALL_OPENAT_2_X}, - {"syscall_enter-link", PPME_SYSCALL_LINK_2_E}, - {"syscall_exit-link", PPME_SYSCALL_LINK_2_X}, - {"syscall_enter-linkat", PPME_SYSCALL_LINKAT_2_E}, - {"syscall_exit-linkat", PPME_SYSCALL_LINKAT_2_X}, - {"syscall_enter-pread", PPME_SYSCALL_PREAD_E}, - {"syscall_exit-pread", PPME_SYSCALL_PREAD_X}, - {"syscall_enter-pwrite", PPME_SYSCALL_PWRITE_E}, - {"syscall_exit-pwrite", PPME_SYSCALL_PWRITE_X}, - {"syscall_enter-readv", PPME_SYSCALL_READV_E}, - {"syscall_exit-readv", PPME_SYSCALL_READV_X}, - {"syscall_enter-writev", PPME_SYSCALL_WRITEV_E}, - {"syscall_exit-writev", PPME_SYSCALL_WRITEV_X}, - {"syscall_enter-preadv", PPME_SYSCALL_PREADV_E}, - {"syscall_exit-preadv", PPME_SYSCALL_PREADV_X}, - {"syscall_enter-pwritev", PPME_SYSCALL_PWRITEV_E}, - {"syscall_exit-pwritev", PPME_SYSCALL_PWRITEV_X}, - {"syscall_enter-dup", PPME_SYSCALL_DUP_E}, - {"syscall_exit-dup", PPME_SYSCALL_DUP_X}, - {"syscall_enter-dup2", PPME_SYSCALL_DUP_E}, - {"syscall_exit-dup2", PPME_SYSCALL_DUP_X}, - {"syscall_enter-dup3", PPME_SYSCALL_DUP_E}, - {"syscall_exit-dup3", PPME_SYSCALL_DUP_X}, - {"syscall_enter-signalfd", PPME_SYSCALL_SIGNALFD_E}, - {"syscall_exit-signalfd", PPME_SYSCALL_SIGNALFD_X}, - {"syscall_enter-signalfd4", PPME_SYSCALL_SIGNALFD_E}, - {"syscall_exit-signalfd4", PPME_SYSCALL_SIGNALFD_X}, - {"syscall_enter-kill", PPME_SYSCALL_KILL_E}, - {"syscall_exit-kill", PPME_SYSCALL_KILL_X}, - {"syscall_enter-tkill", PPME_SYSCALL_TKILL_E}, - {"syscall_exit-tkill", PPME_SYSCALL_TKILL_X}, - {"syscall_enter-tgkill", PPME_SYSCALL_TGKILL_E}, - {"syscall_exit-tgkill", PPME_SYSCALL_TGKILL_X}, - {"syscall_enter-nanosleep", PPME_SYSCALL_NANOSLEEP_E}, - {"syscall_exit-nanosleep", PPME_SYSCALL_NANOSLEEP_X}, - {"syscall_enter-timerfd_create", PPME_SYSCALL_TIMERFD_CREATE_E}, - {"syscall_exit-timerfd_create", PPME_SYSCALL_TIMERFD_CREATE_X}, - {"syscall_enter-inotify_init", PPME_SYSCALL_INOTIFY_INIT_E}, - {"syscall_exit-inotify_init", PPME_SYSCALL_INOTIFY_INIT_X}, - {"syscall_enter-inotify_init1", PPME_SYSCALL_INOTIFY_INIT_E}, - {"syscall_exit-inotify_init1", PPME_SYSCALL_INOTIFY_INIT_X}, - {"syscall_enter-getrlimit", PPME_SYSCALL_GETRLIMIT_E}, - {"syscall_exit-getrlimit", PPME_SYSCALL_GETRLIMIT_X}, - {"syscall_enter-setrlimit", PPME_SYSCALL_SETRLIMIT_E}, - {"syscall_exit-setrlimit", PPME_SYSCALL_SETRLIMIT_X}, - {"syscall_enter-prlimit", PPME_SYSCALL_PRLIMIT_E}, - {"syscall_exit-prlimit", PPME_SYSCALL_PRLIMIT_X}, - {"syscall_enter-fcntl", PPME_SYSCALL_FCNTL_E}, - {"syscall_exit-fcntl", PPME_SYSCALL_FCNTL_X}, - {"syscall_enter-ioctl", PPME_SYSCALL_IOCTL_3_E}, - {"syscall_exit-ioctl", PPME_SYSCALL_IOCTL_3_X}, - {"syscall_enter-mmap", PPME_SYSCALL_MMAP_E}, - {"syscall_exit-mmap", PPME_SYSCALL_MMAP_X}, - {"syscall_enter-mmap2", PPME_SYSCALL_MMAP2_E}, - {"syscall_exit-mmap2", PPME_SYSCALL_MMAP2_X}, - {"syscall_enter-munmap", PPME_SYSCALL_MUNMAP_E}, - {"syscall_exit-munmap", PPME_SYSCALL_MUNMAP_X}, - {"syscall_enter-splice", PPME_SYSCALL_SPLICE_E}, - {"syscall_exit-splice", PPME_SYSCALL_SPLICE_X}, - {"syscall_enter-ptrace", PPME_SYSCALL_PTRACE_E}, - {"syscall_exit-ptrace", PPME_SYSCALL_PTRACE_X}, - {"syscall_enter-rename", PPME_SYSCALL_RENAME_E}, - {"syscall_exit-rename", PPME_SYSCALL_RENAME_X}, - {"syscall_enter-renameat", PPME_SYSCALL_RENAMEAT_E}, - {"syscall_exit-renameat", PPME_SYSCALL_RENAMEAT_X}, - {"syscall_enter-symlink", PPME_SYSCALL_SYMLINK_E}, - {"syscall_exit-symlink", PPME_SYSCALL_SYMLINK_X}, - {"syscall_enter-symlinkat", PPME_SYSCALL_SYMLINKAT_E}, - {"syscall_exit-symlinkat", PPME_SYSCALL_SYMLINKAT_X}, - {"syscall_enter-fork", PPME_SYSCALL_FORK_20_E}, - {"syscall_exit-fork", PPME_SYSCALL_FORK_20_X}, - {"syscall_enter-vfork", PPME_SYSCALL_VFORK_20_E}, - {"syscall_exit-vfork", PPME_SYSCALL_VFORK_20_X}, - {"syscall_enter-quotactl", PPME_SYSCALL_QUOTACTL_E}, - {"syscall_exit-quotactl", PPME_SYSCALL_QUOTACTL_X}, - {"syscall_enter-setresuid", PPME_SYSCALL_SETRESUID_E}, - {"syscall_exit-setresuid", PPME_SYSCALL_SETRESUID_X}, - {"syscall_enter-setresgid", PPME_SYSCALL_SETRESGID_E}, - {"syscall_exit-setresgid", PPME_SYSCALL_SETRESGID_X}, - {"syscall_enter-setuid", PPME_SYSCALL_SETUID_E}, - {"syscall_exit-setuid", PPME_SYSCALL_SETUID_X}, - {"syscall_enter-setgid", PPME_SYSCALL_SETGID_E}, - {"syscall_exit-setgid", PPME_SYSCALL_SETGID_X}, - {"syscall_enter-getuid", PPME_SYSCALL_GETUID_E}, - {"syscall_exit-getuid", PPME_SYSCALL_GETUID_X}, - {"syscall_enter-geteuid", PPME_SYSCALL_GETEUID_E}, - {"syscall_exit-geteuid", PPME_SYSCALL_GETEUID_X}, - {"syscall_enter-getgid", PPME_SYSCALL_GETGID_E}, - {"syscall_exit-getgid", PPME_SYSCALL_GETGID_X}, - {"syscall_enter-getegid", PPME_SYSCALL_GETEGID_E}, - {"syscall_exit-getegid", PPME_SYSCALL_GETEGID_X}, - {"syscall_enter-getresuid", PPME_SYSCALL_GETRESUID_E}, - {"syscall_exit-getresuid", PPME_SYSCALL_GETRESUID_X}, - {"syscall_enter-getresgid", PPME_SYSCALL_GETRESGID_E}, - {"syscall_exit-getresgid", PPME_SYSCALL_GETRESGID_X}, - {"syscall_enter-getdents", PPME_SYSCALL_GETDENTS_E}, - {"syscall_exit-getdents", PPME_SYSCALL_GETDENTS_X}, - {"syscall_enter-getdents64", PPME_SYSCALL_GETDENTS64_E}, - {"syscall_exit-getdents64", PPME_SYSCALL_GETDENTS64_X}, - {"syscall_enter-setns", PPME_SYSCALL_SETNS_E}, - {"syscall_exit-setns", PPME_SYSCALL_SETNS_X}, - {"syscall_enter-flock", PPME_SYSCALL_FLOCK_E}, - {"syscall_exit-flock", PPME_SYSCALL_FLOCK_X}, - {"syscall_enter-semop", PPME_SYSCALL_SEMOP_E}, - {"syscall_exit-semop", PPME_SYSCALL_SEMOP_X}, - {"syscall_enter-semctl", PPME_SYSCALL_SEMCTL_E}, - {"syscall_exit-semctl", PPME_SYSCALL_SEMCTL_X}, - {"syscall_enter-mount", PPME_SYSCALL_MOUNT_E}, - {"syscall_exit-mount", PPME_SYSCALL_MOUNT_X}, - {"syscall_enter-umount", PPME_SYSCALL_UMOUNT_E}, - {"syscall_exit-umount", PPME_SYSCALL_UMOUNT_X}, - {"syscall_enter-semget", PPME_SYSCALL_SEMGET_E}, - {"syscall_exit-semget", PPME_SYSCALL_SEMGET_X}, - {"syscall_enter-access", PPME_SYSCALL_ACCESS_E}, - {"syscall_exit-access", PPME_SYSCALL_ACCESS_X}, - {"syscall_enter-chroot", PPME_SYSCALL_CHROOT_E}, - {"syscall_exit-chroot", PPME_SYSCALL_CHROOT_X}, - {"syscall_enter-setsid", PPME_SYSCALL_SETSID_E}, - {"syscall_exit-setsid", PPME_SYSCALL_SETSID_X}, - {"syscall_enter-setpgid", PPME_SYSCALL_SETPGID_E}, - {"syscall_exit-setpgid", PPME_SYSCALL_SETPGID_X}, - {"syscall_enter-unshare", PPME_SYSCALL_UNSHARE_E}, - {"syscall_exit-unshare", PPME_SYSCALL_UNSHARE_X}, - {"syscall_enter-bpf", PPME_SYSCALL_BPF_E}, - {"syscall_exit-bpf", PPME_SYSCALL_BPF_X}, - {"syscall_enter-seccomp", PPME_SYSCALL_SECCOMP_E}, - {"syscall_exit-seccomp", PPME_SYSCALL_SECCOMP_X}, - {"syscall_enter-fchmodat", PPME_SYSCALL_FCHMODAT_E}, - {"syscall_exit-fchmodat", PPME_SYSCALL_FCHMODAT_X}, - {"syscall_enter-chmod", PPME_SYSCALL_CHMOD_E}, - {"syscall_exit-chmod", PPME_SYSCALL_CHMOD_X}, - {"syscall_enter-fchmod", PPME_SYSCALL_FCHMOD_E}, - {"syscall_exit-fchmod", PPME_SYSCALL_FCHMOD_X}, - {"tracepoint-sched_switch", PPME_SCHEDSWITCH_6_E}, - {"tracepoint-signaldeliver", PPME_SIGNALDELIVER_E}, - {"tracepoint-signaldeliver", PPME_SIGNALDELIVER_X}, - {"syscall_enter-alarm", PPME_GENERIC_E}, - {"syscall_exit-alarm", PPME_GENERIC_X}, - {"syscall_enter-epoll_create", PPME_GENERIC_E}, - {"syscall_exit-epoll_create", PPME_GENERIC_X}, - {"syscall_enter-epoll_ctl", PPME_GENERIC_E}, - {"syscall_exit-epoll_ctl", PPME_GENERIC_X}, - {"syscall_enter-lchown", PPME_GENERIC_E}, - {"syscall_exit-lchown", PPME_GENERIC_X}, - {"syscall_enter-old_select", PPME_GENERIC_E}, - {"syscall_exit-old_select", PPME_GENERIC_X}, - {"syscall_enter-pause", PPME_GENERIC_E}, - {"syscall_exit-pause", PPME_GENERIC_X}, - {"syscall_enter-process_vm_readv", PPME_GENERIC_E}, - {"syscall_exit-process_vm_readv", PPME_GENERIC_X}, - {"syscall_enter-process_vm_writev", PPME_GENERIC_E}, - {"syscall_exit-process_vm_writev", PPME_GENERIC_X}, - {"syscall_enter-pselect6", PPME_GENERIC_E}, - {"syscall_exit-pselect6", PPME_GENERIC_X}, - {"syscall_enter-sched_getparam", PPME_GENERIC_E}, - {"syscall_exit-sched_getparam", PPME_GENERIC_X}, - {"syscall_enter-sched_setparam", PPME_GENERIC_E}, - {"syscall_exit-sched_setparam", PPME_GENERIC_X}, - {"syscall_enter-syslog", PPME_GENERIC_E}, - {"syscall_exit-syslog", PPME_GENERIC_X}, - {"syscall_enter-uselib", PPME_GENERIC_E}, - {"syscall_exit-uselib", PPME_GENERIC_X}, - {"syscall_enter-utime", PPME_GENERIC_E}, - {"syscall_exit-utime", PPME_GENERIC_X}, - {"tracepoint-ingress", PPME_NETIF_RECEIVE_SKB_E}, - {"tracepoint-egress", PPME_NET_DEV_XMIT_E}, - {"tracepoint-sched_process_exit", PPME_PROCEXIT_1_E}, - {"kprobe-tcp_close", PPME_TCP_CLOSE_E}, - {"kprobe-tcp_rcv_established", PPME_TCP_RCV_ESTABLISHED_E}, - {"kprobe-tcp_drop", PPME_TCP_DROP_E}, - {"kprobe-tcp_retransmit_skb", PPME_TCP_RETRANCESMIT_SKB_E}, -}; - -struct event_category { - string cateogry_name; - Category category_value; -}; -const static event_category category_map[Category_MAX + 1] = { - {"other", CAT_OTHER}, {"file", CAT_FILE}, - {"net", CAT_NET}, {"ipc", CAT_IPC}, - {"wait", CAT_WAIT}, {"signal", CAT_SIGNAL}, - {"sleep", CAT_SLEEP}, {"time", CAT_TIME}, - {"process", CAT_PROCESS}, {"scheduler", CAT_SCHEDULER}, - {"memory", CAT_MEMORY}, {"user", CAT_USER}, - {"system", CAT_SYSTEM}, -}; - -#endif // KINDLING_PROBE_DEFINATION_H \ No newline at end of file From 970ae27f32d6cc2a1792474dcc883a22b44b6934 Mon Sep 17 00:00:00 2001 From: sanyangji Date: Thu, 23 Mar 2023 15:23:55 +0800 Subject: [PATCH 3/6] run go fmt Signed-off-by: sanyangji --- .../pkg/component/receiver/cgoreceiver/cgoreceiver.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/collector/pkg/component/receiver/cgoreceiver/cgoreceiver.go b/collector/pkg/component/receiver/cgoreceiver/cgoreceiver.go index a446f42bf..a8ca8f686 100644 --- a/collector/pkg/component/receiver/cgoreceiver/cgoreceiver.go +++ b/collector/pkg/component/receiver/cgoreceiver/cgoreceiver.go @@ -137,10 +137,10 @@ func convertEvent(cgoEvent *CKindlingEventForGo) *model.KindlingEvent { ev.Ctx.FdInfo.Role = If(cgoEvent.context.fdInfo.role != 0, true, false).(bool) ev.Ctx.FdInfo.Sip = make([]uint32, 4) ev.Ctx.FdInfo.Dip = make([]uint32, 4) - for i := 0; i < 4; i++ { - ev.Ctx.FdInfo.Sip[i] = uint32(cgoEvent.context.fdInfo.sip[i]) - ev.Ctx.FdInfo.Dip[i] = uint32(cgoEvent.context.fdInfo.dip[i]) - } + for i := 0; i < 4; i++ { + ev.Ctx.FdInfo.Sip[i] = uint32(cgoEvent.context.fdInfo.sip[i]) + ev.Ctx.FdInfo.Dip[i] = uint32(cgoEvent.context.fdInfo.dip[i]) + } ev.Ctx.FdInfo.Sport = uint32(cgoEvent.context.fdInfo.sport) ev.Ctx.FdInfo.Dport = uint32(cgoEvent.context.fdInfo.dport) ev.Ctx.FdInfo.Source = uint64(cgoEvent.context.fdInfo.source) From b2eb6ec14006d921869051cf5c7cf6d0091c9c11 Mon Sep 17 00:00:00 2001 From: sanyangji Date: Thu, 23 Mar 2023 15:26:39 +0800 Subject: [PATCH 4/6] update CHANGELOG.md Signed-off-by: sanyangji --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b13bb12bb..a5bf8a8da 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ ## v0.7.1 - 2023-03-01 ### New features +- Add bind support to get the listening ip and port of a server. ([#493](https://github.com/KindlingProject/kindling/pull/493)) - Support trace-profiling sampling to reduce data output. One trace is sampled every five seconds for each endpoint by default. ([#446](https://github.com/KindlingProject/kindling/pull/446)[#462](https://github.com/KindlingProject/kindling/pull/462)) ### Enhancements From e9ce59e3129521b60dcb2f12a809796b07a80bed Mon Sep 17 00:00:00 2001 From: sanyangji Date: Mon, 27 Mar 2023 15:28:49 +0800 Subject: [PATCH 5/6] update CHANGELOG.md Signed-off-by: sanyangji --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e13cc5913..7ce37cb3e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ ## Unreleased ### Enhancements +- Add bind support to get the listening ip and port of a server. ([#493](https://github.com/KindlingProject/kindling/pull/493)) - Add an option `enable_fetch_replicaset` to control whether to fetch ReplicaSet metadata. The default value is false which aims to release pressure on Kubernetes API server. ([#492](https://github.com/KindlingProject/kindling/pull/492)) ### Bug fixes @@ -12,7 +13,6 @@ ## v0.7.1 - 2023-03-01 ### New features -- Add bind support to get the listening ip and port of a server. ([#493](https://github.com/KindlingProject/kindling/pull/493)) - Support trace-profiling sampling to reduce data output. One trace is sampled every five seconds for each endpoint by default. ([#446](https://github.com/KindlingProject/kindling/pull/446)[#462](https://github.com/KindlingProject/kindling/pull/462)) ### Enhancements From 2a1910ce401eed1aa5abf7159d7537333d52075f Mon Sep 17 00:00:00 2001 From: sanyangji Date: Mon, 27 Mar 2023 18:10:33 +0800 Subject: [PATCH 6/6] add l4proto for IPV6_SERVSOCK Signed-off-by: sanyangji --- probe/src/cgo/kindling.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/probe/src/cgo/kindling.cpp b/probe/src/cgo/kindling.cpp index 417ad81a4..6890f97f5 100644 --- a/probe/src/cgo/kindling.cpp +++ b/probe/src/cgo/kindling.cpp @@ -318,6 +318,7 @@ int getEvent(void** pp_kindling_event) { p_kindling_event->context.fdInfo.dport = fdInfo->m_sockinfo.m_ipv6info.m_fields.m_dport; break; case SCAP_FD_IPV6_SERVSOCK: + p_kindling_event->context.fdInfo.protocol = get_protocol(fdInfo->get_l4proto()); p_kindling_event->context.fdInfo.role = fdInfo->is_role_server(); memcpy(p_kindling_event->context.fdInfo.dip, fdInfo->m_sockinfo.m_ipv6serverinfo.m_ip.m_b, sizeof(fdInfo->m_sockinfo.m_ipv6serverinfo.m_ip.m_b)); p_kindling_event->context.fdInfo.dport = fdInfo->m_sockinfo.m_ipv6serverinfo.m_port;