int main(int argc, char *argv[]) { char error[256]; int capture = 1; time_t last_refresh_t; scap_t *h ; //apro la cattura live degli eventi read_argv(argc, argv); if(global_data.export_elk) init_connection_socket(); if(global_data.show_help_enabled){ print_help(); return(1); } printf("\n\t\t INIZIO INIZIALIZZAZIONE \n"); if( ( h = scap_open_live(error)) == NULL){ printf("Unable to connect to open sysdig: %s\n", error); return(false); } //setto i filtri per gli eventi da catturare solo se la cattura รจ live scap_clear_eventmask(h); if(scap_set_eventmask(h, PPME_CLONE_16_X) != SCAP_SUCCESS) printf("[ERROR] scap call failed: old driver ?\n"); if(scap_set_eventmask(h, PPME_PROCEXIT_E) != SCAP_SUCCESS) printf("[ERROR] scap call failed: old driver ?\n"); if(scap_set_eventmask(h, PPM_SC_EXIT_GROUP) != SCAP_SUCCESS) printf("[ERROR] scap call failed: old driver ?\n"); if(scap_set_eventmask(h, PPM_SC_EXIT) != SCAP_SUCCESS) printf("[ERROR] scap call failed: old driver ?\n"); if(global_data.get_all_proc) init_add_active_proc(h); printf("\n\t\t FINE INIZIALIZZAZIONE \n"); //ciclo di cattura last_refresh_t = time(NULL); while(capture) { struct ppm_evt_hdr* ev; u_int16_t cpuid; int32_t res = scap_next(h, &ev, &cpuid); if(res > 0 ) { printf("[ERROR] %s\n", scap_getlasterr(h)); scap_close(h); break; } else if( res == SCAP_SUCCESS ) { handle_event(ev,cpuid,h); } else if( res != -1 ) //timeout fprintf(stderr, "scap_next() returned %d\n", res); /*si aggiornano i dati ogni refresh_t secondi (5 default) (XXX numero da regolare) */ if( (time(NULL) - last_refresh_t) > global_data.refresh_t){ manage_data(h); last_refresh_t = time(NULL); } } //chiudo la cattura live degli eventi close(global_data.socket_desc); scap_close(h); }
void sinsp::init() { // // Retrieve machine information // m_machine_info = scap_get_machine_info(m_h); if(m_machine_info != NULL) { m_num_cpus = m_machine_info->num_cpus; } else { ASSERT(false); m_num_cpus = 0; } // // Attach the protocol decoders // #ifndef HAS_ANALYZER add_protodecoders(); #endif // // Allocate the cycle writer // if(m_cycle_writer) { delete m_cycle_writer; m_cycle_writer = NULL; } m_cycle_writer = new cycle_writer(this->is_live()); // // Basic inits // #ifdef GATHER_INTERNAL_STATS m_stats.clear(); #endif m_nevts = 0; m_tid_to_remove = -1; m_lastevent_ts = 0; #ifdef HAS_FILTERING m_firstevent_ts = 0; #endif m_fds_to_remove->clear(); m_n_proc_lookups = 0; m_n_proc_lookups_duration_ns = 0; // // Return the tracers to the pool and clear the tracers list // for(auto it = m_partial_tracers_list.begin(); it != m_partial_tracers_list.end(); ++it) { m_partial_tracers_pool->push(*it); } m_partial_tracers_list.clear(); // // If we're reading from file, we try to pre-parse the container events before // importing the thread table, so that thread table filtering will work with // container filters // if(m_islive == false) { uint64_t off = scap_ftell(m_h); scap_evt* pevent; uint16_t pcpuid; uint32_t ncnt = 0; // // Count how many container events we have // while(true) { int32_t res = scap_next(m_h, &pevent, &pcpuid); if(res == SCAP_SUCCESS) { if((pevent->type != PPME_CONTAINER_E) && (pevent->type != PPME_CONTAINER_JSON_E)) { break; } else { ncnt++; continue; } } else { break; } } // // Rewind and consume the exact number of events // scap_fseek(m_h, off); for(uint32_t j = 0; j < ncnt; j++) { sinsp_evt* tevt; next(&tevt); } } if(m_islive == false || m_filter_proc_table_when_saving == true) { import_thread_table(); } import_ifaddr_list(); import_user_list(); // // Scan the list to create the proper parent/child dependencies // m_thread_manager->create_child_dependencies(); // // Scan the list to fix the direction of the sockets // m_thread_manager->fix_sockets_coming_from_proc(); #ifdef HAS_ANALYZER // // Notify the analyzer that we're starting // if(m_analyzer) { m_analyzer->on_capture_start(); } #endif // // If m_snaplen was modified, we set snaplen now // if(m_snaplen != DEFAULT_SNAPLEN) { set_snaplen(m_snaplen); } #if defined(HAS_CAPTURE) if(m_islive) { if(scap_getpid_global(m_h, &m_sysdig_pid) != SCAP_SUCCESS) { ASSERT(false); } } #endif }