diff --git a/userspace/libsinsp/container_engine/docker/base.h b/userspace/libsinsp/container_engine/docker/base.h index bcfe6682c0..9ad66a22db 100644 --- a/userspace/libsinsp/container_engine/docker/base.h +++ b/userspace/libsinsp/container_engine/docker/base.h @@ -8,7 +8,7 @@ class sinsp_threadinfo; namespace libsinsp { namespace container_engine { -class docker_lookup_request; +struct docker_lookup_request; class docker_base : public container_engine_base { diff --git a/userspace/libsinsp/filter.h b/userspace/libsinsp/filter.h index 5a805f6bb9..acefd96604 100644 --- a/userspace/libsinsp/filter.h +++ b/userspace/libsinsp/filter.h @@ -18,13 +18,14 @@ limitations under the License. #pragma once -#include -#include -#include #include "filter_check_list.h" #include "gen_filter.h" #include "filter/parser.h" +#include +#include +#include + /** @defgroup filter Filtering events * Filtering infrastructure. * @{ @@ -145,10 +146,8 @@ class sinsp_filter_factory : public gen_event_filter_factory virtual ~sinsp_filter_factory(); - gen_event_filter *new_filter(); - - gen_event_filter_check *new_filtercheck(const char *fldname); - + gen_event_filter* new_filter() override; + gen_event_filter_check* new_filtercheck(const char* fldname) override; std::list get_fields() override; // Convienence method to convert a vector of @@ -162,4 +161,3 @@ class sinsp_filter_factory : public gen_event_filter_factory sinsp *m_inspector; filter_check_list &m_available_checks; }; - diff --git a/userspace/libsinsp/gen_filter.h b/userspace/libsinsp/gen_filter.h index 7e522a4e3b..9e6e98f461 100644 --- a/userspace/libsinsp/gen_filter.h +++ b/userspace/libsinsp/gen_filter.h @@ -136,21 +136,20 @@ class gen_event_filter_expression : public gen_event_filter_check // The following methods are part of the filter check interface but are irrelevant // for this class, because they are used only for the leaves of the filtering tree. // - int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering) + int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering) override { return 0; } - void add_filter_value(const char* str, uint32_t len, uint32_t i = 0 ) + void add_filter_value(const char* str, uint32_t len, uint32_t i = 0) override { return; } - void add_check(gen_event_filter_check* chk); - - bool compare(gen_event *evt); + bool compare(gen_event*) override; + bool extract(gen_event*, std::vector& values, bool sanitize_strings = true) override; - bool extract(gen_event *evt, std::vector& values, bool sanitize_strings = true); + void add_check(gen_event_filter_check* chk); // // An expression is consistent if all its checks are of the same type (or/and). diff --git a/userspace/libsinsp/logger.cpp b/userspace/libsinsp/logger.cpp index 3111159964..7814f1b4bc 100644 --- a/userspace/libsinsp/logger.cpp +++ b/userspace/libsinsp/logger.cpp @@ -152,27 +152,21 @@ void sinsp_logger::log(std::string msg, const severity sev) if(gettimeofday(&ts, nullptr) == 0) { - const std::string::size_type ts_length = sizeof("31-12 23:59:59.999999 "); - char ts_buf[ts_length]; - struct tm* ti; - struct tm time_info = {}; - #ifdef _WIN32 - ti = _gmtime32((__time32_t*)&ts.tv_sec); + tm* ti = _gmtime32((__time32_t*)&ts.tv_sec); #else + tm time_info; gmtime_r(&ts.tv_sec, &time_info); - ti = &time_info; + tm* ti = &time_info; #endif - - snprintf(ts_buf, - sizeof(ts_buf), - "%.2d-%.2d %.2d:%.2d:%.2d.%.6d ", - ti->tm_mon + 1, - ti->tm_mday, - ti->tm_hour, - ti->tm_min, - ti->tm_sec, - (int)ts.tv_usec); + char ts_buf[80]; // holds date/time string: "31-12 23:59:59.999999 " + snprintf(ts_buf, sizeof(ts_buf), "%.2d-%.2d %.2d:%.2d:%.2d.%.6d ", + ti->tm_mon + 1, + ti->tm_mday, + ti->tm_hour, + ti->tm_min, + ti->tm_sec, + (int)ts.tv_usec); ts_buf[sizeof(ts_buf) - 1] = '\0'; msg.insert(0, ts_buf); diff --git a/userspace/libsinsp/plugin_filtercheck.cpp b/userspace/libsinsp/plugin_filtercheck.cpp index 638bcd1dc3..0a291dd56a 100755 --- a/userspace/libsinsp/plugin_filtercheck.cpp +++ b/userspace/libsinsp/plugin_filtercheck.cpp @@ -16,11 +16,11 @@ limitations under the License. */ -using namespace std; - #include "plugin_filtercheck.h" #include "plugin_manager.h" +using namespace std; + sinsp_filter_check_plugin::sinsp_filter_check_plugin() { m_info.m_name = "plugin"; @@ -70,7 +70,7 @@ int32_t sinsp_filter_check_plugin::parse_field_name(const char* str, bool alloc_ val = val.substr(0, val_end); } trim(val); - + // search for the field's argument size_t arg_len = 0; size_t arg_pos = val.find_first_of('[', 0); @@ -104,7 +104,7 @@ int32_t sinsp_filter_check_plugin::parse_field_name(const char* str, bool alloc_ throw sinsp_exception(string("filter '") + string(str) + string("': ") + m_field->m_name + string(" does not allow nor require an argument but one is provided: " + m_argstr)); } - + // parse the argument content, which can either be an index or a key if(m_info.m_fields[m_field_id].m_flags & filtercheck_field_flags::EPF_ARG_INDEX) { @@ -118,7 +118,7 @@ int32_t sinsp_filter_check_plugin::parse_field_name(const char* str, bool alloc_ // update the parsed len taking into account both the name and the argument res = arg_pos + arg_len + 2; } - + if (!m_arg_present && (m_info.m_fields[m_field_id].m_flags & filtercheck_field_flags::EPF_ARG_REQUIRED)) { throw sinsp_exception(string("filter '") + string(str) + string("': ") + m_field->m_name + string(" requires an argument but none provided")); @@ -232,14 +232,14 @@ void sinsp_filter_check_plugin::extract_arg_index(const char* full_field_name) int length = m_argstr.length(); bool is_valid = true; std::string message = ""; - - // Please note that numbers starting with `0` (`01`, `02`, `0003`, ...) are not indexes. + + // Please note that numbers starting with `0` (`01`, `02`, `0003`, ...) are not indexes. if(length == 0 || (length > 1 && m_argstr[0] == '0')) { is_valid = false; message = " has an invalid index argument starting with 0: "; } - + // The index must be composed only by digits (0-9). for(int j = 0; j < length; j++) { @@ -252,8 +252,8 @@ void sinsp_filter_check_plugin::extract_arg_index(const char* full_field_name) } // If the argument is valid we can convert it with `stoul`. - // Please note that `stoul` alone is not enough, since it also consider as valid - // strings like "0123 i'm a number", converting them into '0123'. This is why in the + // Please note that `stoul` alone is not enough, since it also consider as valid + // strings like "0123 i'm a number", converting them into '0123'. This is why in the // previous step we check that every character is a digit. if(is_valid) { @@ -261,7 +261,7 @@ void sinsp_filter_check_plugin::extract_arg_index(const char* full_field_name) { m_arg_index = std::stoul(m_argstr); return; - } + } catch(...) { message = " has an invalid index argument not representable on 64 bit: "; @@ -272,7 +272,7 @@ void sinsp_filter_check_plugin::extract_arg_index(const char* full_field_name) } // extract_arg_key() extracts a valid string from the argument. If we pass -// a numeric argument, it will be converted to string. +// a numeric argument, it will be converted to string. void sinsp_filter_check_plugin::extract_arg_key() { m_arg_key = (char*)m_argstr.c_str(); diff --git a/userspace/libsinsp/sinsp_filtercheck.cpp b/userspace/libsinsp/sinsp_filtercheck.cpp index 5022258e4d..fffcbbf865 100644 --- a/userspace/libsinsp/sinsp_filtercheck.cpp +++ b/userspace/libsinsp/sinsp_filtercheck.cpp @@ -1142,7 +1142,7 @@ int32_t sinsp_filter_check::parse_field_name(const char* str, bool alloc_state, /* Here we are searching for the longest match */ if(strncmp(str, m_info.m_fields[j].m_name, fldlen) == 0) { - /* we found some info about the required field, we save it in this way + /* we found some info about the required field, we save it in this way * we don't have to loop again through the fields. */ m_field_id = j; @@ -1264,7 +1264,7 @@ bool sinsp_filter_check::flt_compare(cmpop op, ppm_param_type type, std::vector< { item.first = it.ptr; item.second = it.len; - + // note: PT_IPNET would not work with simple memcmp comparison // todo(jasondellaluce): refactor filter_value_t to actually use flt_compare instead of memcmp. if (type == PT_IPNET) @@ -1431,7 +1431,7 @@ bool sinsp_filter_check::extract(sinsp_evt *evt, OUT std::vector& values, bool sanitize_strings = true); + bool extract(gen_event*, OUT std::vector& values, bool sanitize_strings = true) override; // Alias of extract that uses the sinsp_evt type. // By default, this fills the vector with only one value, retireved by calling the single-result // extract method. // If a NULL value is returned by extract, the vector is emptied. // Subclasses are meant to either override this, or the single-valued extract method. - virtual bool extract(sinsp_evt *evt, OUT std::vector& values, bool sanitize_strings = true); + virtual bool extract(sinsp_evt*, OUT std::vector& values, bool sanitize_strings = true); // // Wrapper for extract() that implements caching to speed up multiple extractions of the same value, @@ -139,7 +136,7 @@ class sinsp_filter_check : public gen_event_filter_check // Extract the field as json from the event (by default, fall // back to the regular extract functionality) // - virtual Json::Value extract_as_js(sinsp_evt *evt, OUT uint32_t* len) + virtual Json::Value extract_as_js(sinsp_evt*, OUT uint32_t* len) { return Json::nullValue; } @@ -147,8 +144,8 @@ class sinsp_filter_check : public gen_event_filter_check // // Compare the field with the constant value obtained from parse_filter_value() // - bool compare(gen_event *evt); - virtual bool compare(sinsp_evt *evt); + bool compare(gen_event*) override; + virtual bool compare(sinsp_evt*); // // Extract the value from the event and convert it into a string @@ -172,8 +169,8 @@ class sinsp_filter_check : public gen_event_filter_check // This is a single-value version of extract for subclasses non supporting extracting // multiple values. By default, this returns NULL. // Subclasses are meant to either override this, or the multi-valued extract method. - virtual uint8_t* extract(sinsp_evt *evt, OUT uint32_t* len, bool sanitize_strings = true); - + virtual uint8_t* extract(sinsp_evt*, OUT uint32_t* len, bool sanitize_strings = true); + bool flt_compare(cmpop op, ppm_param_type type, void* operand1, uint32_t op1_len = 0, uint32_t op2_len = 0); bool flt_compare(cmpop op, ppm_param_type type, std::vector& values, uint32_t op2_len = 0); diff --git a/userspace/libsinsp/sinsp_filtercheck_container.h b/userspace/libsinsp/sinsp_filtercheck_container.h index 8edda0cb5a..e78870f42c 100644 --- a/userspace/libsinsp/sinsp_filtercheck_container.h +++ b/userspace/libsinsp/sinsp_filtercheck_container.h @@ -54,12 +54,14 @@ class sinsp_filter_check_container : public sinsp_filter_check }; sinsp_filter_check_container(); - sinsp_filter_check* allocate_new(); - uint8_t* extract(sinsp_evt *evt, OUT uint32_t* len, bool sanitize_strings = true); - const std::string &get_argstr(); + sinsp_filter_check* allocate_new() override; + int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering) override; + uint8_t* extract(sinsp_evt*, OUT uint32_t* len, bool sanitize_strings = true) override; + + const std::string& get_argstr(); + private: - int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering); int32_t extract_arg(const std::string& val, size_t basename); std::string m_tstr; diff --git a/userspace/libsinsp/sinsp_filtercheck_event.h b/userspace/libsinsp/sinsp_filtercheck_event.h index 126878e182..c8a6d14346 100644 --- a/userspace/libsinsp/sinsp_filtercheck_event.h +++ b/userspace/libsinsp/sinsp_filtercheck_event.h @@ -88,14 +88,16 @@ class sinsp_filter_check_event : public sinsp_filter_check sinsp_filter_check_event(); ~sinsp_filter_check_event(); - sinsp_filter_check* allocate_new(); - int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering); - size_t parse_filter_value(const char* str, uint32_t len, uint8_t *storage, uint32_t storage_len); + + sinsp_filter_check* allocate_new() override; + int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering) override; + size_t parse_filter_value(const char* str, uint32_t len, uint8_t* storage, uint32_t storage_len) override; + const filtercheck_field_info* get_field_info() override; + uint8_t* extract(sinsp_evt*, OUT uint32_t* len, bool sanitize_strings = true) override; + Json::Value extract_as_js(sinsp_evt*, OUT uint32_t* len) override; + bool compare(sinsp_evt*) override; + void validate_filter_value(const char* str, uint32_t len); - const filtercheck_field_info* get_field_info(); - uint8_t* extract(sinsp_evt *evt, OUT uint32_t* len, bool sanitize_strings = true); - Json::Value extract_as_js(sinsp_evt *evt, OUT uint32_t* len); - bool compare(sinsp_evt *evt); uint64_t m_u64val; int64_t m_s64val; diff --git a/userspace/libsinsp/sinsp_filtercheck_evtin.h b/userspace/libsinsp/sinsp_filtercheck_evtin.h index 94ba53e91d..192ab47b6a 100644 --- a/userspace/libsinsp/sinsp_filtercheck_evtin.h +++ b/userspace/libsinsp/sinsp_filtercheck_evtin.h @@ -58,9 +58,10 @@ class sinsp_filter_check_evtin : public sinsp_filter_check sinsp_filter_check_evtin(); ~sinsp_filter_check_evtin(); - int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering); - sinsp_filter_check* allocate_new(); - uint8_t* extract(sinsp_evt *evt, OUT uint32_t* len, bool sanitize_strings = true); + + sinsp_filter_check* allocate_new() override; + int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering) override; + uint8_t* extract(sinsp_evt*, OUT uint32_t* len, bool sanitize_strings = true) override; std::string m_argname; int32_t m_argid; diff --git a/userspace/libsinsp/sinsp_filtercheck_fd.h b/userspace/libsinsp/sinsp_filtercheck_fd.h index 61035b76c9..f1f5457e7a 100644 --- a/userspace/libsinsp/sinsp_filtercheck_fd.h +++ b/userspace/libsinsp/sinsp_filtercheck_fd.h @@ -88,16 +88,12 @@ class sinsp_filter_check_fd : public sinsp_filter_check }; sinsp_filter_check_fd(); - sinsp_filter_check* allocate_new(); - int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering); - bool extract(sinsp_evt *evt, OUT std::vector& values, bool sanitize_strings = true); - uint8_t* extract(sinsp_evt *evt, OUT uint32_t* len, bool sanitize_strings = true); - int32_t extract_arg(std::string fldname, std::string val); - bool compare_ip(sinsp_evt *evt); - bool compare_net(sinsp_evt *evt); - bool compare_port(sinsp_evt *evt); - bool compare_domain(sinsp_evt *evt); - bool compare(sinsp_evt *evt); + + sinsp_filter_check* allocate_new() override; + int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering) override; + bool extract(sinsp_evt*, OUT std::vector& values, bool sanitize_strings = true) override; + uint8_t* extract(sinsp_evt*, OUT uint32_t* len, bool sanitize_strings = true) override; + bool compare(sinsp_evt*) override; sinsp_threadinfo* m_tinfo; sinsp_fdinfo_t* m_fdinfo; @@ -111,7 +107,13 @@ class sinsp_filter_check_fd : public sinsp_filter_check uint64_t m_conv_uint64; private: + int32_t extract_arg(std::string fldname, std::string val); uint8_t* extract_from_null_fd(sinsp_evt *evt, OUT uint32_t* len, bool sanitize_strings); bool extract_fdname_from_creator(sinsp_evt *evt, OUT uint32_t* len, bool sanitize_strings, bool fd_nameraw = false); bool extract_fd(sinsp_evt *evt); + + bool compare_ip(sinsp_evt *evt); + bool compare_net(sinsp_evt *evt); + bool compare_port(sinsp_evt *evt); + bool compare_domain(sinsp_evt *evt); }; diff --git a/userspace/libsinsp/sinsp_filtercheck_fdlist.h b/userspace/libsinsp/sinsp_filtercheck_fdlist.h index 3aed6baa67..ca78eae9b4 100644 --- a/userspace/libsinsp/sinsp_filtercheck_fdlist.h +++ b/userspace/libsinsp/sinsp_filtercheck_fdlist.h @@ -34,8 +34,9 @@ class sinsp_filter_check_fdlist : public sinsp_filter_check }; sinsp_filter_check_fdlist(); - sinsp_filter_check* allocate_new(); - uint8_t* extract(sinsp_evt *evt, OUT uint32_t* len, bool sanitize_strings = true); + + sinsp_filter_check* allocate_new() override; + uint8_t* extract(sinsp_evt*, OUT uint32_t* len, bool sanitize_strings = true) override; private: std::string m_strval; diff --git a/userspace/libsinsp/sinsp_filtercheck_fspath.h b/userspace/libsinsp/sinsp_filtercheck_fspath.h index 098e9df8f6..ad3ea252db 100644 --- a/userspace/libsinsp/sinsp_filtercheck_fspath.h +++ b/userspace/libsinsp/sinsp_filtercheck_fspath.h @@ -34,8 +34,9 @@ class sinsp_filter_check_fspath : public sinsp_filter_check }; sinsp_filter_check_fspath(); - sinsp_filter_check* allocate_new(); - uint8_t* extract(sinsp_evt* evt, OUT uint32_t* len, bool sanitize_strings = true); + + sinsp_filter_check* allocate_new() override; + uint8_t* extract(sinsp_evt*, OUT uint32_t* len, bool sanitize_strings = true) override; private: typedef std::map> filtercheck_map_t; diff --git a/userspace/libsinsp/sinsp_filtercheck_gen_event.h b/userspace/libsinsp/sinsp_filtercheck_gen_event.h index 972b1b4f34..f3fb38b9c9 100644 --- a/userspace/libsinsp/sinsp_filtercheck_gen_event.h +++ b/userspace/libsinsp/sinsp_filtercheck_gen_event.h @@ -47,9 +47,10 @@ class sinsp_filter_check_gen_event : public sinsp_filter_check sinsp_filter_check_gen_event(); ~sinsp_filter_check_gen_event(); - sinsp_filter_check* allocate_new(); - uint8_t* extract(sinsp_evt *evt, OUT uint32_t* len, bool sanitize_strings = true); - Json::Value extract_as_js(sinsp_evt *evt, OUT uint32_t* len); + + sinsp_filter_check* allocate_new() override; + uint8_t* extract(sinsp_evt*, OUT uint32_t* len, bool sanitize_strings = true) override; + Json::Value extract_as_js(sinsp_evt*, OUT uint32_t* len) override; uint64_t m_u64val; uint32_t m_u32val; diff --git a/userspace/libsinsp/sinsp_filtercheck_group.h b/userspace/libsinsp/sinsp_filtercheck_group.h index 7df0c97aa5..bb3ef191e8 100644 --- a/userspace/libsinsp/sinsp_filtercheck_group.h +++ b/userspace/libsinsp/sinsp_filtercheck_group.h @@ -30,8 +30,9 @@ class sinsp_filter_check_group : public sinsp_filter_check }; sinsp_filter_check_group(); - sinsp_filter_check* allocate_new(); - uint8_t* extract(sinsp_evt *evt, OUT uint32_t* len, bool sanitize_strings = true); + + sinsp_filter_check* allocate_new() override; + uint8_t* extract(sinsp_evt*, OUT uint32_t* len, bool sanitize_strings = true) override; uint32_t m_gid; std::string m_name; diff --git a/userspace/libsinsp/sinsp_filtercheck_k8s.h b/userspace/libsinsp/sinsp_filtercheck_k8s.h index 7be146351e..542981580b 100644 --- a/userspace/libsinsp/sinsp_filtercheck_k8s.h +++ b/userspace/libsinsp/sinsp_filtercheck_k8s.h @@ -54,9 +54,10 @@ class sinsp_filter_check_k8s : public sinsp_filter_check }; sinsp_filter_check_k8s(); - sinsp_filter_check* allocate_new(); - int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering); - uint8_t* extract(sinsp_evt *evt, OUT uint32_t* len, bool sanitize_strings = true); + + sinsp_filter_check* allocate_new() override; + int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering) override; + uint8_t* extract(sinsp_evt*, OUT uint32_t* len, bool sanitize_strings = true) override; private: int32_t extract_arg(const std::string& fldname, const std::string& val); diff --git a/userspace/libsinsp/sinsp_filtercheck_mesos.h b/userspace/libsinsp/sinsp_filtercheck_mesos.h index dfee979e73..21875f7712 100644 --- a/userspace/libsinsp/sinsp_filtercheck_mesos.h +++ b/userspace/libsinsp/sinsp_filtercheck_mesos.h @@ -40,12 +40,12 @@ class sinsp_filter_check_mesos : public sinsp_filter_check }; sinsp_filter_check_mesos(); - sinsp_filter_check* allocate_new(); - int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering); - uint8_t* extract(sinsp_evt *evt, OUT uint32_t* len, bool sanitize_strings = true); -private: + sinsp_filter_check* allocate_new() override; + int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering) override; + uint8_t* extract(sinsp_evt*, OUT uint32_t* len, bool sanitize_strings = true) override; +private: int32_t extract_arg(const std::string& fldname, const std::string& val); std::string m_argname; diff --git a/userspace/libsinsp/sinsp_filtercheck_rawstring.h b/userspace/libsinsp/sinsp_filtercheck_rawstring.h index 223f01c296..2a082ac6a0 100644 --- a/userspace/libsinsp/sinsp_filtercheck_rawstring.h +++ b/userspace/libsinsp/sinsp_filtercheck_rawstring.h @@ -24,10 +24,12 @@ class rawstring_check : public sinsp_filter_check { public: rawstring_check(std::string text); - sinsp_filter_check* allocate_new(); + + sinsp_filter_check* allocate_new() override; + int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering) override; + uint8_t* extract(sinsp_evt*, OUT uint32_t* len, bool sanitize_strings = true) override; + void set_text(std::string text); - int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering); - uint8_t* extract(sinsp_evt *evt, OUT uint32_t* len, bool sanitize_strings = true); // XXX this is overkill and wasted for most of the fields. // It could be optimized by dynamically allocating the right amount diff --git a/userspace/libsinsp/sinsp_filtercheck_reference.h b/userspace/libsinsp/sinsp_filtercheck_reference.h index 81e7ff3d87..854485c942 100644 --- a/userspace/libsinsp/sinsp_filtercheck_reference.h +++ b/userspace/libsinsp/sinsp_filtercheck_reference.h @@ -30,7 +30,11 @@ class sinsp_filter_check_reference : public sinsp_filter_check }; sinsp_filter_check_reference(); - sinsp_filter_check* allocate_new(); + + sinsp_filter_check* allocate_new() override; + int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering) override; + uint8_t* extract(sinsp_evt*, OUT uint32_t* len, bool sanitize_strings = true) override; + inline void set_val(ppm_param_type type, filtercheck_field_flags flags, uint8_t* val, int32_t len, uint32_t cnt, ppm_print_format print_format) @@ -42,9 +46,9 @@ class sinsp_filter_check_reference : public sinsp_filter_check m_cnt = cnt; m_print_format = print_format; } - int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering); - uint8_t* extract(sinsp_evt *evt, OUT uint32_t* len, bool sanitize_strings = true); + char* tostring_nice(sinsp_evt* evt, uint32_t str_len, uint64_t time_delta); + using sinsp_filter_check::tojson; // to avoid warning: "... hides overloaded virtual function" Json::Value tojson(sinsp_evt* evt, uint32_t str_len, uint64_t time_delta); private: diff --git a/userspace/libsinsp/sinsp_filtercheck_syslog.h b/userspace/libsinsp/sinsp_filtercheck_syslog.h index 3ca7981c84..63cef55dfd 100644 --- a/userspace/libsinsp/sinsp_filtercheck_syslog.h +++ b/userspace/libsinsp/sinsp_filtercheck_syslog.h @@ -33,8 +33,9 @@ class sinsp_filter_check_syslog : public sinsp_filter_check }; sinsp_filter_check_syslog(); - sinsp_filter_check* allocate_new(); - uint8_t* extract(sinsp_evt *evt, OUT uint32_t* len, bool sanitize_strings = true); + + sinsp_filter_check* allocate_new() override; + uint8_t* extract(sinsp_evt*, OUT uint32_t* len, bool sanitize_strings = true) override; uint32_t m_storageu32; std::string m_name; diff --git a/userspace/libsinsp/sinsp_filtercheck_thread.h b/userspace/libsinsp/sinsp_filtercheck_thread.h index b14fed9219..809d5a8383 100644 --- a/userspace/libsinsp/sinsp_filtercheck_thread.h +++ b/userspace/libsinsp/sinsp_filtercheck_thread.h @@ -107,10 +107,11 @@ class sinsp_filter_check_thread : public sinsp_filter_check }; sinsp_filter_check_thread(); - sinsp_filter_check* allocate_new(); - int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering); - uint8_t* extract(sinsp_evt *evt, OUT uint32_t* len, bool sanitize_strings = true); - bool compare(sinsp_evt *evt); + + sinsp_filter_check* allocate_new() override; + int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering) override; + uint8_t* extract(sinsp_evt*, OUT uint32_t* len, bool sanitize_strings = true) override; + bool compare(sinsp_evt*) override; int32_t get_argid(); diff --git a/userspace/libsinsp/sinsp_filtercheck_tracer.h b/userspace/libsinsp/sinsp_filtercheck_tracer.h index f9f1347a48..db76ef0f11 100644 --- a/userspace/libsinsp/sinsp_filtercheck_tracer.h +++ b/userspace/libsinsp/sinsp_filtercheck_tracer.h @@ -49,9 +49,10 @@ class sinsp_filter_check_tracer : public sinsp_filter_check sinsp_filter_check_tracer(); ~sinsp_filter_check_tracer(); - sinsp_filter_check* allocate_new(); - int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering); - uint8_t* extract(sinsp_evt *evt, OUT uint32_t* len, bool sanitize_strings = true); + + sinsp_filter_check* allocate_new() override; + int32_t parse_field_name(const char* str, bool alloc_state, bool needed_for_filtering) override; + uint8_t* extract(sinsp_evt*, OUT uint32_t* len, bool sanitize_strings = true) override; private: int32_t extract_arg(std::string fldname, std::string val, OUT const struct ppm_param_info** parinfo); diff --git a/userspace/libsinsp/sinsp_filtercheck_user.h b/userspace/libsinsp/sinsp_filtercheck_user.h index 500c9c2861..ef395f44aa 100644 --- a/userspace/libsinsp/sinsp_filtercheck_user.h +++ b/userspace/libsinsp/sinsp_filtercheck_user.h @@ -34,8 +34,9 @@ class sinsp_filter_check_user : public sinsp_filter_check }; sinsp_filter_check_user(); - sinsp_filter_check* allocate_new(); - uint8_t* extract(sinsp_evt *evt, OUT uint32_t* len, bool sanitize_strings = true); + + sinsp_filter_check* allocate_new() override; + uint8_t* extract(sinsp_evt*, OUT uint32_t* len, bool sanitize_strings = true) override; uint32_t m_uid; std::string m_strval; diff --git a/userspace/libsinsp/sinsp_filtercheck_utils.h b/userspace/libsinsp/sinsp_filtercheck_utils.h index a3b4a36592..2f39889e49 100644 --- a/userspace/libsinsp/sinsp_filtercheck_utils.h +++ b/userspace/libsinsp/sinsp_filtercheck_utils.h @@ -29,8 +29,9 @@ class sinsp_filter_check_utils : public sinsp_filter_check }; sinsp_filter_check_utils(); - sinsp_filter_check* allocate_new(); - uint8_t* extract(sinsp_evt *evt, OUT uint32_t* len, bool sanitize_strings = true); + + sinsp_filter_check* allocate_new() override; + uint8_t* extract(sinsp_evt*, OUT uint32_t* len, bool sanitize_strings = true) override; private: uint64_t m_cnt; diff --git a/userspace/libsinsp/utils.cpp b/userspace/libsinsp/utils.cpp index 28f04584b0..36ff6e123e 100644 --- a/userspace/libsinsp/utils.cpp +++ b/userspace/libsinsp/utils.cpp @@ -1295,21 +1295,20 @@ std::string ipv6serveraddr_to_string(ipv6serverinfo* addr, bool resolve) std::string ipv6tuple_to_string(_ipv6tuple* tuple, bool resolve) { - char source_address[100]; - char destination_address[100]; - char buf[200]; - + char source_address[INET6_ADDRSTRLEN]; if(NULL == inet_ntop(AF_INET6, tuple->m_fields.m_sip.m_b, source_address, 100)) { return std::string(); } + char destination_address[INET6_ADDRSTRLEN]; if(NULL == inet_ntop(AF_INET6, tuple->m_fields.m_dip.m_b, destination_address, 100)) { return std::string(); } - snprintf(buf,200,"%s:%s->%s:%s", + char buf[200]; + snprintf(buf, sizeof(buf), "%s:%s->%s:%s", source_address, port_to_string(tuple->m_fields.m_sport, tuple->m_fields.m_l4proto, resolve).c_str(), destination_address, @@ -1547,7 +1546,7 @@ bool sinsp_utils::startswith(const std::string& s, const std::string& prefix) bool sinsp_utils::unhex(const std::vector &hex_chars, std::vector &hex_bytes) { - if(hex_chars.size() % 2 != 0 || + if(hex_chars.size() % 2 != 0 || !std::all_of(hex_chars.begin(), hex_chars.end(), [](unsigned char c){ return std::isxdigit(c); })) { return false; @@ -1563,7 +1562,7 @@ bool sinsp_utils::unhex(const std::vector &hex_chars, std::vector &h ss.str(std::string()); ss.clear(); } - + return true; } @@ -1617,7 +1616,7 @@ std::string sinsp_utils::caps_to_string(const uint64_t caps) for(size_t i = 0; i < capabilities.size(); ++i) { - uint64_t current_cap = (uint64_t)1 << i; + uint64_t current_cap = (uint64_t)1 << i; if(caps & current_cap) { res += capabilities[i];