int main(int argc, char *argv[]) {

  char error[256];
  int capture = 1;
  time_t last_refresh_t;
  scap_t *h ;
  //apro la cattura live degli eventi
  
  
  read_argv(argc, argv);

  if(global_data.export_elk)
    init_connection_socket();

  if(global_data.show_help_enabled){
    print_help();
    return(1);
  }
  printf("\n\t\t INIZIO INIZIALIZZAZIONE \n");
  if( ( h = scap_open_live(error)) == NULL){
    printf("Unable to connect to open sysdig: %s\n", error);
    return(false);
    }


  //setto i filtri per gli eventi da catturare solo se la cattura è live
    scap_clear_eventmask(h);
    if(scap_set_eventmask(h, PPME_CLONE_16_X) != SCAP_SUCCESS)
      printf("[ERROR] scap call failed: old driver ?\n");
    if(scap_set_eventmask(h, PPME_PROCEXIT_E) != SCAP_SUCCESS)
      printf("[ERROR] scap call failed: old driver ?\n");
    if(scap_set_eventmask(h, PPM_SC_EXIT_GROUP) != SCAP_SUCCESS)
      printf("[ERROR] scap call failed: old driver ?\n");
    if(scap_set_eventmask(h, PPM_SC_EXIT) != SCAP_SUCCESS)
      printf("[ERROR] scap call failed: old driver ?\n");

  if(global_data.get_all_proc)
    init_add_active_proc(h);

  printf("\n\t\t FINE INIZIALIZZAZIONE \n");
  //ciclo di cattura
  last_refresh_t = time(NULL);
  while(capture)
    {	
      struct ppm_evt_hdr* ev;
      u_int16_t cpuid;
      int32_t res = scap_next(h, &ev, &cpuid);

      if(res > 0 ) {
	printf("[ERROR] %s\n", scap_getlasterr(h));
	scap_close(h);
	break;
      } else if( res == SCAP_SUCCESS ) {
	handle_event(ev,cpuid,h);
      } else if( res != -1 ) 	//timeout
	fprintf(stderr, "scap_next() returned %d\n", res);
      /*si aggiornano i dati ogni refresh_t secondi (5 default)
	(XXX numero da regolare) */
      if( (time(NULL) - last_refresh_t) > global_data.refresh_t){
        manage_data(h);
	last_refresh_t = time(NULL);
      }
    }
  //chiudo la cattura live degli eventi
  close(global_data.socket_desc);
  scap_close(h);
}
Exemple #2
0
void sinsp::init()
{
	//
	// Retrieve machine information
	//
	m_machine_info = scap_get_machine_info(m_h);
	if(m_machine_info != NULL)
	{
		m_num_cpus = m_machine_info->num_cpus;
	}
	else
	{
		ASSERT(false);
		m_num_cpus = 0;
	}

	//
	// Attach the protocol decoders
	//
#ifndef HAS_ANALYZER
	add_protodecoders();
#endif
	//
	// Allocate the cycle writer
	//
	if(m_cycle_writer)
	{
		delete m_cycle_writer;
		m_cycle_writer = NULL;
	}

	m_cycle_writer = new cycle_writer(this->is_live());

	//
	// Basic inits
	//
#ifdef GATHER_INTERNAL_STATS
	m_stats.clear();
#endif

	m_nevts = 0;
	m_tid_to_remove = -1;
	m_lastevent_ts = 0;
#ifdef HAS_FILTERING
	m_firstevent_ts = 0;
#endif
	m_fds_to_remove->clear();
	m_n_proc_lookups = 0;
	m_n_proc_lookups_duration_ns = 0;

	//
	// Return the tracers to the pool and clear the tracers list
	//
	for(auto it = m_partial_tracers_list.begin(); it != m_partial_tracers_list.end(); ++it)
	{
		m_partial_tracers_pool->push(*it);
	}
	m_partial_tracers_list.clear();

	//
	// If we're reading from file, we try to pre-parse the container events before
	// importing the thread table, so that thread table filtering will work with
	// container filters
	//
	if(m_islive == false)
	{
		uint64_t off = scap_ftell(m_h);
		scap_evt* pevent;
		uint16_t pcpuid;
		uint32_t ncnt = 0;

		//
		// Count how many container events we have
		//
		while(true)
		{
			int32_t res = scap_next(m_h, &pevent, &pcpuid);

			if(res == SCAP_SUCCESS)
			{
				if((pevent->type != PPME_CONTAINER_E) && (pevent->type != PPME_CONTAINER_JSON_E))
				{
					break;
				}
				else
				{
					ncnt++;
					continue;
				}
			}
			else
			{
				break;
			}
		}

		//
		// Rewind and consume the exact number of events
		//
		scap_fseek(m_h, off);
		for(uint32_t j = 0; j < ncnt; j++)
		{
			sinsp_evt* tevt;
			next(&tevt);
		}
	}

	if(m_islive == false || m_filter_proc_table_when_saving == true)
	{
		import_thread_table();
	}

	import_ifaddr_list();

	import_user_list();

	//
	// Scan the list to create the proper parent/child dependencies
	//
	m_thread_manager->create_child_dependencies();

	//
	// Scan the list to fix the direction of the sockets
	//
	m_thread_manager->fix_sockets_coming_from_proc();

#ifdef HAS_ANALYZER
	//
	// Notify the analyzer that we're starting
	//
	if(m_analyzer)
	{
		m_analyzer->on_capture_start();
	}
#endif

	//
	// If m_snaplen was modified, we set snaplen now
	//
	if(m_snaplen != DEFAULT_SNAPLEN)
	{
		set_snaplen(m_snaplen);
	}

#if defined(HAS_CAPTURE)
	if(m_islive)
	{
		if(scap_getpid_global(m_h, &m_sysdig_pid) != SCAP_SUCCESS)
		{
			ASSERT(false);
		}
	}
#endif
}