Skip to content

Commit

Permalink
Add filtercheck fd.connected
Browse files Browse the repository at this point in the history 
Add support for the filtercheck fd.connected, that returns true
for connected sockets.
  • Loading branch information
@mattpag
mattpag committed Jan 26, 2018
1 parent 2c99bba commit 74c47ad
Show file tree
Hide file tree
Showing 5 changed files with 48 additions and 1 deletion.
11 changes: 11 additions & 0 deletions userspace/libsinsp/fdinfo.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,11 @@ class SINSP_PUBLIC sinsp_fdinfo
return (m_flags & (FLAGS_ROLE_CLIENT | FLAGS_ROLE_SERVER)) == 0;
}

inline bool is_socket_connected()
{
return (m_flags & FLAGS_SOCKET_CONNECTED) == FLAGS_SOCKET_CONNECTED;
}

scap_fd_type m_type; ///< The fd type, e.g. file, directory, IPv4 socket...
uint32_t m_openflags; ///< If this FD is a file, the flags that were used when opening it. See the PPM_O_* definitions in driver/ppm_events_public.h.

Expand Down Expand Up @@ -327,6 +332,7 @@ VISIBILITY_PRIVATE
FLAGS_IN_BASELINE_R = (1 << 10),
FLAGS_IN_BASELINE_RW = (1 << 11),
FLAGS_IN_BASELINE_OTHER = (1 << 12),
FLAGS_SOCKET_CONNECTED = (1 << 13),
};

void add_filename(const char* fullpath);
Expand Down Expand Up @@ -408,6 +414,11 @@ VISIBILITY_PRIVATE
return (m_flags & FLAGS_IN_BASELINE_OTHER) == FLAGS_IN_BASELINE_OTHER;
}

inline void set_socket_connected()
{
m_flags |= FLAGS_SOCKET_CONNECTED;
}

T* m_usrstate;
uint32_t m_flags;
uint64_t m_ino;
Expand Down
13 changes: 13 additions & 0 deletions userspace/libsinsp/filterchecks.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,7 @@ const filtercheck_field_info sinsp_filter_check_fd_fields[] =
{PT_IPV4NET, EPF_NONE, PF_NA, "fd.snet", "server IP network."},
{PT_IPV4NET, EPF_NONE, PF_NA, "fd.lnet", "local IP network."},
{PT_IPV4NET, EPF_NONE, PF_NA, "fd.rnet", "remote IP network."},
{PT_BOOL, EPF_NONE, PF_NA, "fd.connected", "for TCP/UDP FDs, 'true' if the socket is connected."},

};

Expand Down Expand Up @@ -1037,6 +1038,18 @@ uint8_t* sinsp_filter_check_fd::extract(sinsp_evt *evt, OUT uint32_t* len, bool
RETURN_EXTRACT_STRING(m_tstr);
}
break;
case TYPE_IS_CONNECTED:
{
if(m_fdinfo == NULL)
{
return NULL;
}

m_tbool = m_fdinfo->is_socket_connected();

return (uint8_t*)&m_tbool;
}
break;
default:
ASSERT(false);
}
Expand Down
3 changes: 2 additions & 1 deletion userspace/libsinsp/filterchecks.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -280,7 +280,8 @@ class sinsp_filter_check_fd : public sinsp_filter_check
TYPE_CNET = 28,
TYPE_SNET = 29,
TYPE_LNET = 30,
TYPE_RNET = 31
TYPE_RNET = 31,
TYPE_IS_CONNECTED = 32,
};

enum fd_type
Expand Down
10 changes: 10 additions & 0 deletions userspace/libsinsp/parsers.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2378,6 +2378,11 @@ void sinsp_parser::parse_connect_exit(sinsp_evt *evt)
//
evt->m_fdinfo->set_role_client();

//
// Mark this fd as a connected socket
//
evt->m_fdinfo->set_socket_connected();

//
// Call the protocol decoder callbacks associated to this event
//
Expand Down Expand Up @@ -2506,6 +2511,11 @@ void sinsp_parser::parse_accept_exit(sinsp_evt *evt)
//
fdi.set_role_server();

//
// Mark this fd as a connected socket
//
fdi.set_socket_connected();

//
// Add the entry to the table
//
Expand Down
12 changes: 12 additions & 0 deletions userspace/libsinsp/threadinfo.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -222,6 +222,10 @@ void sinsp_threadinfo::add_fd_from_scap(scap_fdinfo *fdi, OUT sinsp_fdinfo_t *re
newfdi->m_sockinfo.m_ipv4info.m_fields.m_sport = fdi->info.ipv4info.sport;
newfdi->m_sockinfo.m_ipv4info.m_fields.m_dport = fdi->info.ipv4info.dport;
newfdi->m_sockinfo.m_ipv4info.m_fields.m_l4proto = fdi->info.ipv4info.l4proto;
if(fdi->info.ipv4info.l4proto == SCAP_L4_TCP)
{
newfdi->m_flags |= sinsp_fdinfo_t::FLAGS_SOCKET_CONNECTED;
}
if(m_inspector->m_network_interfaces)
{
m_inspector->m_network_interfaces->update_fd(newfdi);
Expand Down Expand Up @@ -255,6 +259,10 @@ void sinsp_threadinfo::add_fd_from_scap(scap_fdinfo *fdi, OUT sinsp_fdinfo_t *re
newfdi->m_sockinfo.m_ipv4info.m_fields.m_sport = fdi->info.ipv6info.sport;
newfdi->m_sockinfo.m_ipv4info.m_fields.m_dport = fdi->info.ipv6info.dport;
newfdi->m_sockinfo.m_ipv4info.m_fields.m_l4proto = fdi->info.ipv6info.l4proto;
if(fdi->info.ipv6info.l4proto == SCAP_L4_TCP)
{
newfdi->m_flags |= sinsp_fdinfo_t::FLAGS_SOCKET_CONNECTED;
}
if(m_inspector->m_network_interfaces)
{
m_inspector->m_network_interfaces->update_fd(newfdi);
Expand All @@ -268,6 +276,10 @@ void sinsp_threadinfo::add_fd_from_scap(scap_fdinfo *fdi, OUT sinsp_fdinfo_t *re
newfdi->m_sockinfo.m_ipv6info.m_fields.m_sport = fdi->info.ipv6info.sport;
newfdi->m_sockinfo.m_ipv6info.m_fields.m_dport = fdi->info.ipv6info.dport;
newfdi->m_sockinfo.m_ipv6info.m_fields.m_l4proto = fdi->info.ipv6info.l4proto;
if(fdi->info.ipv6info.l4proto == SCAP_L4_TCP)
{
newfdi->m_flags |= sinsp_fdinfo_t::FLAGS_SOCKET_CONNECTED;
}
newfdi->m_name = ipv6tuple_to_string(&newfdi->m_sockinfo.m_ipv6info, m_inspector->m_hostname_and_port_resolution_enabled);
}
break;
Expand Down

0 comments on commit 74c47ad

Please sign in to comment.