ppm_cmp_operator sinsp_filter::next_comparison_operator()
{
int32_t start;
//
// Skip spaces
//
if(isblank(m_fltstr[m_scanpos]))
{
next();
}
//
// Mark the beginning of the word
//
start = m_scanpos;
if(compare_no_consume("="))
{
m_scanpos += 1;
return CO_EQ;
}
else if(compare_no_consume("!="))
{
m_scanpos += 2;
return CO_NE;
}
else if(compare_no_consume("<="))
{
m_scanpos += 2;
return CO_LE;
}
else if(compare_no_consume("<"))
{
m_scanpos += 1;
return CO_LT;
}
else if(compare_no_consume(">="))
{
m_scanpos += 2;
return CO_GE;
}
else if(compare_no_consume(">"))
{
m_scanpos += 1;
return CO_GT;
}
else if(compare_no_consume("contains"))
{
m_scanpos += 8;
return CO_CONTAINS;
}
else
{
throw sinsp_exception("filter error: unrecognized comparison operator after " + m_fltstr.substr(0, start));
}
}
captureinfo do_inspect(sinsp* inspector,
uint64_t cnt,
sinsp_cursesui* ui)
{
captureinfo retval;
int32_t res;
sinsp_evt* ev;
//
// Loop through the events
//
while(1)
{
if(retval.m_nevts == cnt || g_terminate)
{
//
// End of capture, either because the user stopped it, or because
// we reached the event count specified with -n.
//
break;
}
res = inspector->next(&ev);
if(res == SCAP_TIMEOUT)
{
continue;
}
else if(res != SCAP_EOF && res != SCAP_SUCCESS)
{
//
// Event read error.
// Notify the chisels that we're exiting, and then die with an error.
//
if(inspector->is_live())
{
throw sinsp_exception(inspector->getlasterr());
}
else
{
ui->set_truncated_input(true);
res = SCAP_EOF;
continue;
}
}
if(ui->process_event(ev, res) == true)
{
return retval;
}
retval.m_nevts++;
}
return retval;
}
void sinsp_chisel::do_end_of_sample()
{
#ifdef HAS_LUA_CHISELS
lua_getglobal(m_ls, "on_end_of_sample");
if(lua_pcall(m_ls, 0, 1, 0) != 0)
{
throw sinsp_exception(m_filename + " chisel error: calling on_end_of_sample() failed:" + lua_tostring(m_ls, -1));
}
int oeres = lua_toboolean(m_ls, -1);
lua_pop(m_ls, 1);
if(oeres == false)
{
throw sinsp_exception("execution terminated by the " + m_filename + " chisel");
}
#endif // HAS_LUA_CHISELS
}
int lua_parser_cbacks::bool_op(lua_State *ls)
{
lua_parser* parser = (lua_parser*)lua_topointer(ls, -2);
try {
const char* opstr = luaL_checkstring(ls, -1);
boolop op = string_to_boolop(opstr);
if (!parser->m_have_rel_expr)
{
if (op == BO_NOT) {
op = (boolop)((uint32_t)parser->m_last_boolop | op);
}
else
{
string err = "filter.bool_op() called without having called rel_expr() ";
throw sinsp_exception(err);
}
}
if (parser->m_last_boolop != BO_NONE)
{
if (op == BO_NOT) {
op = (boolop)((uint32_t)parser->m_last_boolop | op);
}
else
{
string err = "filter.bool_op() called twice in a row";
throw sinsp_exception(err);
}
}
parser->m_last_boolop = op;
}
catch (exception &e)
{
lua_pushstring(ls, e.what());
lua_error(ls);
}
return 0;
}
void sinsp_tracerparser::set_storage_size(uint32_t newsize)
{
m_storage = (char*)realloc(m_storage, newsize);
if(m_storage == NULL)
{
throw sinsp_exception("memory allocation error in sinsp_tracerparser::process_event_data.");
}
m_storage_size = newsize;
}
mesos_framework::task_map& mesos_state_t::get_tasks(const std::string& framework_uid)
{
for(auto& framework : m_frameworks)
{
if(framework.get_uid() == framework_uid)
{
return framework.get_tasks();
}
}
throw sinsp_exception("Framework not found: " + framework_uid);
}
int lua_cbacks::set_output_format(lua_State *ls)
{
lua_getglobal(ls, "sichisel");
sinsp_chisel* ch = (sinsp_chisel*)lua_touserdata(ls, -1);
lua_pop(ls, 1);
ASSERT(ch);
ASSERT(ch->m_lua_cinfo);
if(ch->m_inspector->get_buffer_format() != sinsp_evt::PF_NORMAL)
{
//
// This means that the user has forced the format on the command line.
// We give that priority and we do nothing.
//
return 0;
}
const char* fmt = lua_tostring(ls, 1);
if(string(fmt) == "normal")
{
ch->m_inspector->set_buffer_format(sinsp_evt::PF_NORMAL);
}
else if(string(fmt) == "json")
{
ch->m_inspector->set_buffer_format(sinsp_evt::PF_JSON);
}
else if(string(fmt) == "simple")
{
ch->m_inspector->set_buffer_format(sinsp_evt::PF_SIMPLE);
}
else if(string(fmt) == "hex")
{
ch->m_inspector->set_buffer_format(sinsp_evt::PF_HEX);
}
else if(string(fmt) == "hexascii")
{
ch->m_inspector->set_buffer_format(sinsp_evt::PF_HEXASCII);
}
else if(string(fmt) == "ascii")
{
ch->m_inspector->set_buffer_format(sinsp_evt::PF_EOLS);
}
else
{
string err = "invalid set_output_format value in chisel " + ch->m_filename;
fprintf(stderr, "%s\n", err.c_str());
throw sinsp_exception("chisel error");
}
return 0;
}
void sinsp_chisel::do_timeout(sinsp_evt* evt)
{
if(m_lua_cinfo->m_callback_interval != 0)
{
uint64_t ts = evt->get_ts();
uint64_t sample_time = ts - ts % m_lua_cinfo->m_callback_interval;
if(sample_time != m_lua_last_interval_sample_time)
{
int64_t delta = 0;
if(m_lua_last_interval_ts != 0)
{
delta = ts - m_lua_last_interval_ts;
ASSERT(delta > 0);
}
lua_getglobal(m_ls, "on_interval");
lua_pushnumber(m_ls, (double)(ts / 1000000000));
lua_pushnumber(m_ls, (double)(ts % 1000000000));
lua_pushnumber(m_ls, (double)delta);
if(lua_pcall(m_ls, 3, 1, 0) != 0)
{
throw sinsp_exception(m_filename + " chisel error: calling on_interval() failed:" + lua_tostring(m_ls, -1));
}
int oeres = lua_toboolean(m_ls, -1);
lua_pop(m_ls, 1);
if(oeres == false)
{
throw sinsp_exception("execution terminated by the " + m_filename + " chisel");
}
m_lua_last_interval_sample_time = sample_time;
m_lua_last_interval_ts = ts;
}
}
}
void sinsp_dumper::open(const string& filename, bool compress)
{
if(m_inspector->m_h == NULL)
{
throw sinsp_exception("can't start event dump, inspector not opened yet");
}
if(compress)
{
m_dumper = scap_dump_open(m_inspector->m_h, filename.c_str(), SCAP_COMPRESSION_GZIP);
}
else
{
m_dumper = scap_dump_open(m_inspector->m_h, filename.c_str(), SCAP_COMPRESSION_NONE);
}
if(m_dumper == NULL)
{
throw sinsp_exception(scap_getlasterr(m_inspector->m_h));
}
}
void sinsp::autodump_start(const string& dump_filename, bool compress)
{
if(NULL == m_h)
{
throw sinsp_exception("inspector not opened yet");
}
if(compress)
{
m_dumper = scap_dump_open(m_h, dump_filename.c_str(), SCAP_COMPRESSION_GZIP);
}
else
{
m_dumper = scap_dump_open(m_h, dump_filename.c_str(), SCAP_COMPRESSION_NONE);
}
if(NULL == m_dumper)
{
throw sinsp_exception(scap_getlasterr(m_h));
}
}
void sinsp::open(string filename)
{
char error[SCAP_LASTERR_SIZE];
m_islive = false;
if(filename == "")
{
open();
return;
}
m_input_filename = filename;
g_logger.log("starting offline capture");
//
// Reset the thread manager
//
m_thread_manager->clear();
//
// Start the capture
//
scap_open_args oargs;
oargs.fname = filename.c_str();
oargs.proc_callback = NULL;
oargs.proc_callback_context = NULL;
oargs.import_users = m_import_users;
m_h = scap_open(oargs, error);
if(m_h == NULL)
{
throw sinsp_exception(error);
}
//
// gianluca: This might need to be replaced with
// a portable stat(), since I'm afraid that on S3
// (that we'll use in the backend) the seek will
// read the entire file anyway
//
FILE* fp = fopen(filename.c_str(), "rb");
if(fp)
{
fseek(fp, 0L, SEEK_END);
m_filesize = ftell(fp);
fclose(fp);
}
init();
}
std::string marathon_component::get_name(type t)
{
component_map::const_iterator it = list.find(t);
if(it != list.end())
{
return it->second;
}
std::ostringstream os;
os << "Unknown component type " << static_cast<int>(t);
throw sinsp_exception(os.str().c_str());
}
bool flt_compare_buffer(cmpop op, char* operand1, char* operand2, uint32_t op1_len, uint32_t op2_len)
{
switch(op)
{
case CO_EQ:
return op1_len == op2_len && (memcmp(operand1, operand2, op1_len) == 0);
case CO_NE:
return op1_len != op2_len || (memcmp(operand1, operand2, op1_len) != 0);
case CO_CONTAINS:
return (memmem(operand1, op1_len, operand2, op2_len) != NULL);
case CO_ICONTAINS:
throw sinsp_exception("'icontains' not supported for buffer filters");
case CO_LT:
throw sinsp_exception("'<' not supported for buffer filters");
case CO_LE:
throw sinsp_exception("'<=' not supported for buffer filters");
case CO_GT:
throw sinsp_exception("'>' not supported for buffer filters");
case CO_GE:
throw sinsp_exception("'>=' not supported for buffer filters");
default:
ASSERT(false);
throw sinsp_exception("invalid filter operator " + std::to_string((long long) op));
return false;
}
}
int32_t sinsp_filter_check_event::extract_arg(string fldname, string val, OUT const struct ppm_param_info** parinfo)
{
uint32_t parsed_len = 0;
//
// 'arg' and 'resarg' are handled in a custom way
//
if(val[fldname.size()] == '[')
{
if(parinfo != NULL)
{
throw sinsp_exception("evt.arg fields must be expressed explicitly");
}
parsed_len = val.find(']');
string numstr = val.substr(fldname.size() + 1, parsed_len - fldname.size() - 1);
m_argid = sinsp_numparser::parsed32(numstr);
parsed_len++;
}
else if(val[fldname.size()] == '.')
{
const struct ppm_param_info* pi =
sinsp_utils::find_longest_matching_evt_param(val.substr(fldname.size() + 1));
m_argname = pi->name;
parsed_len = fldname.size() + strlen(pi->name) + 1;
m_argid = -1;
if(parinfo != NULL)
{
*parinfo = pi;
}
}
else
{
throw sinsp_exception("filter syntax error: " + val);
}
return parsed_len;
}
void sinsp::autodump_stop()
{
if(NULL == m_h)
{
throw sinsp_exception("inspector not opened yet");
}
if(m_dumper != NULL)
{
scap_dump_close(m_dumper);
m_dumper = NULL;
}
}
bool mesos_state_t::parse_groups(const std::string& json)
{
Json::Value root;
Json::Reader reader;
if(reader.parse(json, root, false))
{
return handle_groups(root, add_group(root, 0));
}
else
{
throw sinsp_exception("Invalid JSON (Marathon groups parsing failed).");
}
}
bool mesos_state_t::parse_groups(std::string&& json, const std::string& framework_id)
{
Json::Value root;
Json::Reader reader;
if(reader.parse(json, root, false) && !root["id"].isNull())
{
return parse_groups(std::move(root), framework_id);
}
else
{
throw sinsp_exception("Marathon groups parsing failed (Invalid JSON).");
}
}
void sinsp_container_manager::dump_containers(scap_dumper_t* dumper)
{
for(unordered_map<string, sinsp_container_info>::const_iterator it = m_containers.begin(); it != m_containers.end(); ++it)
{
if(container_to_sinsp_event(container_to_json(it->second), &m_inspector->m_meta_evt))
{
int32_t res = scap_dump(m_inspector->m_h, dumper, m_inspector->m_meta_evt.m_pevt, m_inspector->m_meta_evt.m_cpuid, 0);
if(res != SCAP_SUCCESS)
{
throw sinsp_exception(scap_getlasterr(m_inspector->m_h));
}
}
}
}
bool marathon_group::remove(const std::string& id)
{
if(id == get_id())
{
throw sinsp_exception("Invalid access - group can not remove itself.");
}
if(ptr_t group = get_parent(id))
{
return group->remove_group(id);
}
return false;
}
void mesos_state_t::parse_apps(std::string&& json, const std::string& framework_id)
{
Json::Value root;
Json::Reader reader;
if(reader.parse(json, root, false))
{
parse_apps(std::move(root), framework_id);
}
else
{
g_logger.log(json, sinsp_logger::SEV_DEBUG);
throw sinsp_exception("Invalid JSON (Marathon apps parsing failed).");
}
}
static int get_num(lua_State *ls)
{
lua_getglobal(ls, "sievt");
sinsp_evt* evt = (sinsp_evt*)lua_touserdata(ls, -1);
lua_pop(ls, 1);
if(evt == NULL)
{
throw sinsp_exception("invalid call to evt.get_num()");
}
lua_pushnumber(ls, (double)evt->get_num());
return 1;
}
bool flt_compare_ipv4net(cmpop op, uint64_t operand1, ipv4net* operand2)
{
switch(op)
{
case CO_EQ:
{
return ((operand1 & operand2->m_netmask) == (operand2->m_ip & operand2->m_netmask));
}
case CO_NE:
return ((operand1 & operand2->m_netmask) != (operand2->m_ip && operand2->m_netmask));
default:
throw sinsp_exception("comparison operator not supported for ipv4 networks");
}
}
mesos_framework::task_ptr_t mesos_state_t::get_task(const std::string& uid)
{
for(auto& framework : get_frameworks())
{
for(auto& task : framework.get_tasks())
{
if(task.first == uid)
{
return task.second;
}
}
}
throw sinsp_exception("Task not found: " + uid);
}
int lua_cbacks::request_field(lua_State *ls)
{
lua_getglobal(ls, "sichisel");
sinsp_chisel* ch = (sinsp_chisel*)lua_touserdata(ls, -1);
lua_pop(ls, 1);
sinsp* inspector = ch->m_inspector;
const char* fld = lua_tostring(ls, 1);
if(fld == NULL)
{
string err = "chisel requesting nil field";
fprintf(stderr, "%s\n", err.c_str());
throw sinsp_exception("chisel error");
}
sinsp_filter_check* chk = g_filterlist.new_filter_check_from_fldname(fld,
inspector,
false);
if(chk == NULL)
{
string err = "chisel requesting nonexistent field " + string(fld);
fprintf(stderr, "%s\n", err.c_str());
throw sinsp_exception("chisel error");
}
chk->parse_field_name(fld, true);
lua_pushlightuserdata(ls, chk);
ch->m_allocated_fltchecks.push_back(chk);
return 1;
}
marathon_component::type marathon_component::get_type(const std::string& name)
{
if(name == "group")
{
return MARATHON_GROUP;
}
else if(name == "app")
{
return MARATHON_APP;
}
std::ostringstream os;
os << "Unknown component name " << name;
throw sinsp_exception(os.str().c_str());
}
bool flt_compare_string(ppm_cmp_operator op, char* operand1, char* operand2)
{
switch(op)
{
case CO_EQ:
return (strcmp(operand1, operand2) == 0);
case CO_NE:
return (strcmp(operand1, operand2) != 0);
case CO_CONTAINS:
return (strstr(operand1, operand2) != NULL);
case CO_LT:
throw sinsp_exception("'<' not supported for string filters");
case CO_LE:
throw sinsp_exception("'<=' not supported for string filters");
case CO_GT:
throw sinsp_exception("'>' not supported for string filters");
case CO_GE:
throw sinsp_exception("'>=' not supported for string filters");
default:
ASSERT(false);
throw sinsp_exception("invalid filter operator " + std::to_string((long long) op));
return false;
}
}
int lua_cbacks::get_num(lua_State *ls)
{
lua_getglobal(ls, "sievt");
sinsp_evt* evt = (sinsp_evt*)lua_touserdata(ls, -1);
lua_pop(ls, 1);
if(evt == NULL)
{
string err = "invalid call to evt.get_num()";
fprintf(stderr, "%s\n", err.c_str());
throw sinsp_exception("chisel error");
}
lua_pushnumber(ls, (double)evt->get_num());
return 1;
}
int32_t sinsp_filter_check_thread::parse_field_name(const char* str)
{
string val(str);
if(string(val, 0, sizeof("arg") - 1) == "arg")
{
//
// 'arg' is handled in a custom way
//
throw sinsp_exception("filter error: proc.arg filter not implemented yet");
}
else
{
return sinsp_filter_check::parse_field_name(str);
}
}
void mesos::parse_state(const std::string& json)
{
Json::Value root;
Json::Reader reader;
if(reader.parse(json, root, false))
{
//g_logger.log(root.toStyledString(), sinsp_logger::SEV_DEBUG);
determine_node_type(root);
handle_frameworks(root);
handle_slaves(root);
}
else
{
throw sinsp_exception("Invalid JSON (parsing Mesos state failed).");
}
}
void sinsp::open(uint32_t timeout_ms)
{
char error[SCAP_LASTERR_SIZE];
g_logger.log("starting live capture");
m_islive = true;
m_h = scap_open_live(error);
if(m_h == NULL)
{
throw sinsp_exception(error);
}
init();
}
