bool sinsp_filter_check_fd::compare(sinsp_evt *evt)
{
//
// A couple of fields are filter only and therefore get a special treatment
//
if(m_field_id == TYPE_IP)
{
return compare_ip(evt);
}
else if(m_field_id == TYPE_PORT)
{
return compare_port(evt);
}
//
// Standard extract-based fields
//
uint32_t len;
uint8_t* extracted_val = extract(evt, &len);
if(extracted_val == NULL)
{
return false;
}
return flt_compare(m_cmpop,
m_info.m_fields[m_field_id].m_type,
extracted_val,
&m_val_storage[0]);
}
bool operator()(const sinsp_sample_row& src, const sinsp_sample_row& dst)
{
cmpop op;
if(m_ascending)
{
op = CO_LT;
}
else
{
op = CO_GT;
}
if(src.m_values[m_colid].m_cnt > 1 ||
dst.m_values[m_colid].m_cnt > 1)
{
return flt_compare_avg(op, m_type,
src.m_values[m_colid].m_val,
dst.m_values[m_colid].m_val,
src.m_values[m_colid].m_len,
dst.m_values[m_colid].m_len,
src.m_values[m_colid].m_cnt,
dst.m_values[m_colid].m_cnt);
}
else
{
return flt_compare(op, m_type,
src.m_values[m_colid].m_val,
dst.m_values[m_colid].m_val,
src.m_values[m_colid].m_len,
dst.m_values[m_colid].m_len);
}
}
bool sinsp_filter_check_event::compare(sinsp_evt *evt)
{
bool res;
m_is_compare = true;
if(m_field_id == TYPE_ARGRAW)
{
uint32_t len;
uint8_t* extracted_val = extract(evt, &len);
if(extracted_val == NULL)
{
return false;
}
ASSERT(m_arginfo != NULL);
res = flt_compare(m_cmpop,
m_arginfo->type,
extracted_val,
&m_val_storage[0]);
}
else
{
res = sinsp_filter_check::compare(evt);
}
m_is_compare = false;
return res;
}
bool sinsp_filter_check::compare(sinsp_evt *evt)
{
uint32_t len;
uint8_t* extracted_val;
//
// Modify event buffer format, so to extract all data as is
// and then restore the right format.
//
m_inspector->set_buffer_format((sinsp_evt::param_fmt)
(m_inspector->get_buffer_format() | sinsp_evt::PF_ASIS));
extracted_val = extract(evt, &len);
m_inspector->set_buffer_format((sinsp_evt::param_fmt)
(m_inspector->get_buffer_format() & ~sinsp_evt::PF_ASIS));
if(extracted_val == NULL)
{
return false;
}
return flt_compare(m_cmpop,
m_info.m_fields[m_field_id].m_type,
extracted_val,
&m_val_storage[0]);
}
bool sinsp_filter_check_fd::compare_ip(sinsp_evt *evt)
{
if(!extract_fd(evt))
{
return false;
}
if(m_fdinfo != NULL)
{
scap_fd_type evt_type = m_fdinfo->m_type;
if(evt_type == SCAP_FD_IPV4_SOCK)
{
if(m_cmpop == CO_EQ)
{
if(flt_compare(m_cmpop, PT_IPV4ADDR, &m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_sip, &m_val_storage[0]) ||
flt_compare(m_cmpop, PT_IPV4ADDR, &m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_dip, &m_val_storage[0]))
{
return true;
}
}
else if(m_cmpop == CO_NE)
{
if(flt_compare(m_cmpop, PT_IPV4ADDR, &m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_sip, &m_val_storage[0]) &&
flt_compare(m_cmpop, PT_IPV4ADDR, &m_fdinfo->m_sockinfo.m_ipv4info.m_fields.m_dip, &m_val_storage[0]))
{
return true;
}
}
else
{
throw sinsp_exception("filter error: IP filter only supports '=' and '!=' operators");
}
}
else if(evt_type == SCAP_FD_IPV4_SERVSOCK)
{
if(m_fdinfo->m_sockinfo.m_ipv4serverinfo.m_ip == *(uint32_t*)&m_val_storage[0])
{
return true;
}
}
}
return false;
}
bool sinsp_filter_check::compare(sinsp_evt *evt)
{
uint32_t len;
uint8_t* extracted_val = extract(evt, &len);
if(extracted_val == NULL)
{
return false;
}
return flt_compare(m_cmpop,
m_info.m_fields[m_field_id].m_type,
extracted_val,
&m_val_storage[0]);
}
bool sinsp_filter_check::compare(sinsp_evt *evt)
{
uint32_t evt_val_len=0;
bool sanitize_strings = false;
uint8_t* extracted_val = extract(evt, &evt_val_len, sanitize_strings);
if(extracted_val == NULL)
{
return false;
}
return flt_compare(m_cmpop,
m_info.m_fields[m_field_id].m_type,
extracted_val,
evt_val_len,
m_val_storage_len);
}
