diff --git a/userland/examples/pfcount.c b/userland/examples/pfcount.c index 74cb2c549..99eed8997 100644 --- a/userland/examples/pfcount.c +++ b/userland/examples/pfcount.c @@ -47,8 +47,6 @@ #include "pfutils.c" -#include "pfring_mod_sysdig.h" - #include "third-party/sort.c" #include "third-party/node.c" #include "third-party/ahocorasick.c" @@ -71,7 +69,7 @@ pcap_dumper_t *dumper = NULL; u_int string_id = 1; char *out_pcap_file = NULL; FILE *match_dumper = NULL; -u_int8_t do_close_dump = 0, is_sysdig = 0, chunk_mode = 0, check_ts = 0; +u_int8_t do_close_dump = 0, chunk_mode = 0, check_ts = 0; u_int8_t check_seq_ip = 0, asymm_rss = 0, burst_mode = 0, rss_q_0_only = 0; int num_packets = 0; time_t last_ts = 0; @@ -549,16 +547,6 @@ void print_packet(const struct pfring_pkthdr *h, const u_char *p, u_int8_t dump_ s / 3600, (s % 3600) / 60, s % 60, usec, nsec); - if(is_sysdig) { - struct sysdig_event_header *ev = (struct sysdig_event_header*)p; - - snprintf(&dump_str[strlen(dump_str)], sizeof(dump_str)-strlen(dump_str), "[cpu_id=%u][tid=%lu][%u|%s]", - h->extended_hdr.if_index, (long unsigned int)ev->thread_id, - ev->event_type, sysdig_event2name(ev->event_type)); - printf("%s\n", dump_str); - return; - } - if(use_extended_pkt_header) { char bigbuf[4096], pbuf[64];; u_int len; @@ -782,7 +770,6 @@ void printHelp(void) { printf("-b CPU pergentage priority (0-99)\n"); printf("-a Active packet wait\n"); printf("-N Read packets and exit\n"); - printf("-q Force printing packets as sysdig events with -v\n"); printf("-m Long packet header (with PF_RING extensions)\n"); printf("-r Rehash RSS packets\n"); printf("-c Cluster ID (kernel clustering)\n"); @@ -1093,7 +1080,7 @@ int main(int argc, char* argv[]) { startTime.tv_sec = 0; thiszone = gmt_to_local(0); - while((c = getopt(argc,argv,"Bhi:Ic:C:Fd:H:Jl:Lv:ae:n:w:o:p:P:qb:rg:u:mtsSx:f:z:N:MQ:RTUK:0")) != '?') { + while((c = getopt(argc,argv,"Bhi:Ic:C:Fd:H:Jl:Lv:ae:n:w:o:p:P:b:rg:u:mtsSx:f:z:N:MQ:RTUK:0")) != '?') { if((c == 255) || (c == -1)) break; switch(c) { @@ -1149,7 +1136,6 @@ int main(int argc, char* argv[]) { break; case 'i': device = strdup(optarg); - if(strcmp(device, "sysdig:") == 0) is_sysdig = 1; break; case 'I': json_info = 1; @@ -1185,9 +1171,6 @@ int main(int argc, char* argv[]) { case 'P': rule_priority = atoi(optarg); break; - case 'q': - is_sysdig = 1; - break; case 'Q': cluster_queue_id = atoi(optarg); break; @@ -1411,19 +1394,16 @@ int main(int argc, char* argv[]) { } if (!quiet) { - if(is_sysdig) { - printf("Capturing from sysdig\n"); - } else { - int ifindex = -1; - u_char mac_address[6] = { 0 }; - rc = pfring_get_bound_device_address(pd, mac_address); - pfring_get_bound_device_ifindex(pd, &ifindex); - printf("Capturing from %s [mac: %s][if_index: %d][speed: %uMb/s]\n", - device, rc == 0 ? etheraddr_string(mac_address, buf) : "unknown", - ifindex, pfring_get_interface_speed(pd)); - printf("# Device RX channels: %d\n", pfring_get_num_rx_channels(pd)); - printf("# Polling threads: %d\n", num_threads); - } + int ifindex = -1; + u_char mac_address[6] = { 0 }; + + rc = pfring_get_bound_device_address(pd, mac_address); + pfring_get_bound_device_ifindex(pd, &ifindex); + printf("Capturing from %s [mac: %s][if_index: %d][speed: %uMb/s]\n", + device, rc == 0 ? etheraddr_string(mac_address, buf) : "unknown", + ifindex, pfring_get_interface_speed(pd)); + printf("# Device RX channels: %d\n", pfring_get_num_rx_channels(pd)); + printf("# Polling threads: %d\n", num_threads); } sample_filtering_rules(); diff --git a/userland/examples_zc/zbalance.c b/userland/examples_zc/zbalance.c index d3ef01bc6..892423288 100644 --- a/userland/examples_zc/zbalance.c +++ b/userland/examples_zc/zbalance.c @@ -38,7 +38,6 @@ #include "pfring.h" #include "pfring_zc.h" -#include "pfring_mod_sysdig.h" #include "zutils.c" @@ -170,7 +169,7 @@ void printHelp(void) { printf("-c Cluster id\n"); printf("-m Hashing modes:\n" " 0 - No hash: Round-Robin (default)\n" - " 1 - IP hash or TID (thread id) in case of '-i sysdig'\n" + " 1 - IP hash\n" " 2 - Fan-out\n"); printf("-r Balancer thread core affinity\n"); printf("-g Consumer threads core affinity mask\n"); @@ -222,16 +221,6 @@ int64_t rr_distribution_func(pfring_zc_pkt_buff *pkt_handle, pfring_zc_queue *in /* *************************************** */ -int64_t sysdig_distribution_func(pfring_zc_pkt_buff *pkt_handle, pfring_zc_queue *in_queue, void *user) { - /* NOTE: pkt_handle->hash contains the CPU id */ - struct sysdig_event_header *ev = (struct sysdig_event_header*)pfring_zc_pkt_buff_data(pkt_handle, in_queue); - long num_out_queues = (long) user; - - return(ev->thread_id % num_out_queues); -} - -/* *************************************** */ - int main(int argc, char* argv[]) { char *device = NULL, *dev, c; long i; @@ -362,10 +351,7 @@ int main(int argc, char* argv[]) { if (hash_mode < 2) { /* balancer */ pfring_zc_distribution_func func; - if(strcmp(device, "sysdig") == 0) - func = (hash_mode == 0) ? rr_distribution_func : sysdig_distribution_func; - else - func = (hash_mode == 0) ? rr_distribution_func : NULL /* built-in IP-based */; + func = (hash_mode == 0) ? rr_distribution_func : NULL /* built-in IP-based */; zw = pfring_zc_run_balancer( inzq, diff --git a/userland/examples_zc/zbalance_DC_ipc.c b/userland/examples_zc/zbalance_DC_ipc.c index b75ac6dca..4658a6598 100644 --- a/userland/examples_zc/zbalance_DC_ipc.c +++ b/userland/examples_zc/zbalance_DC_ipc.c @@ -38,7 +38,6 @@ #include "pfring.h" #include "pfring_zc.h" -#include "pfring_mod_sysdig.h" #include "zutils.c" diff --git a/userland/examples_zc/zcount_ipc.c b/userland/examples_zc/zcount_ipc.c index d9b68d726..176d84870 100644 --- a/userland/examples_zc/zcount_ipc.c +++ b/userland/examples_zc/zcount_ipc.c @@ -38,7 +38,6 @@ #include "pfring.h" #include "pfring_zc.h" -#include "pfring_mod_sysdig.h" #include "zutils.c" @@ -178,22 +177,13 @@ void *packet_consumer_thread(void *_id) { if (unlikely(g->verbose)) { u_char *pkt_data = pfring_zc_pkt_buff_data(buffer, zq); - + int i; + if (buffer->ts.tv_nsec) printf("[%u.%u] ", buffer->ts.tv_sec, buffer->ts.tv_nsec); - - if(g->dump_as_sysdig_event) { - struct sysdig_event_header *ev = (struct sysdig_event_header*)pkt_data; - - printf("[cpu_id=%u][tid=%lu][%u|%s]", - buffer->hash, ev->thread_id, - ev->event_type, sysdig_event2name(ev->event_type)); - } else { - int i; - - for(i = 0; i < buffer->len; i++) - printf("%02X ", pkt_data[i]); - } + + for(i = 0; i < buffer->len; i++) + printf("%02X ", pkt_data[i]); printf("\n"); } diff --git a/userland/examples_zc/zfilter_mt_ipc.c b/userland/examples_zc/zfilter_mt_ipc.c index 3f2c60803..df610359e 100644 --- a/userland/examples_zc/zfilter_mt_ipc.c +++ b/userland/examples_zc/zfilter_mt_ipc.c @@ -38,7 +38,7 @@ #include "pfring.h" #include "pfring_zc.h" -#include "pfring_mod_sysdig.h" + #include "zutils.c" diff --git a/userland/examples_zc/zreplicator.c b/userland/examples_zc/zreplicator.c index 2bad69021..3f5755bf6 100644 --- a/userland/examples_zc/zreplicator.c +++ b/userland/examples_zc/zreplicator.c @@ -38,7 +38,7 @@ #include "pfring.h" #include "pfring_zc.h" -#include "pfring_mod_sysdig.h" + #include "zutils.c" diff --git a/userland/lib/Makefile.in b/userland/lib/Makefile.in index c6388f5a9..56b13a9db 100644 --- a/userland/lib/Makefile.in +++ b/userland/lib/Makefile.in @@ -65,7 +65,7 @@ NBPF_OBJS = `$(AR) t ${NBPF_LIB} | grep -F .o | tr '\n' ' '` # Object files # OBJS_MIN = pfring.o pfring_mod.o pfring_utils.o pfring_mod_stack.o pfring_hw_filtering.o pfring_runtime_manager.o \ - pfring_hw_timestamp.o pfring_mod_sysdig.o pfring_mod_pcap.o pfring_device.o ${PF_RING_ZC_OBJS} \ + pfring_hw_timestamp.o pfring_mod_pcap.o pfring_device.o ${PF_RING_ZC_OBJS} \ ${AF_XDP_OBJS} ${FIBERBLAZE_OBJS} ${NT_OBJS} ${MLX_OBJS} ${NPCAP_OBJS} OBJS = ${OBJS_MIN} ${PF_RING_FT_OBJS} diff --git a/userland/lib/pfring.c b/userland/lib/pfring.c index bd5c4024d..d2c71e208 100644 --- a/userland/lib/pfring.c +++ b/userland/lib/pfring.c @@ -32,7 +32,6 @@ #include "pfring_mod.h" #include "pfring_mod_stack.h" -#include "pfring_mod_sysdig.h" #include "pfring_mod_pcap.h" #ifndef DLT_EN10MB @@ -86,11 +85,6 @@ static pfring_module_info pfring_module_list[] = { .open = pfring_mod_stack_open, .findalldevs = NULL }, - { - .name = "sysdig", - .open = pfring_mod_sysdig_open, - .findalldevs = NULL - }, { .name = "pcap", .open = pfring_mod_pcap_open, diff --git a/userland/lib/pfring_mod_sysdig.c b/userland/lib/pfring_mod_sysdig.c deleted file mode 100644 index 5d64186ed..000000000 --- a/userland/lib/pfring_mod_sysdig.c +++ /dev/null @@ -1,625 +0,0 @@ -/* - * - * (C) 2014-23 - ntop - * - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU Lessed General Public License as published by - * the Free Software Foundation; either version 2.1 of the License, or - * (at your option) any later version. - * - * - */ - -#include "pfring.h" -#include "pfring_mod.h" -#include "pfring_mod_sysdig.h" - -#include -#include -#include - -/* **************************************************** */ - -static const struct sysdig_event_info sysdig_events[SYSDIG_EVENT_MAX] = { - /* SYSDIG_GENERIC_E */ { SYSDIG_ENTER, "syscall", 2, { { "ID", SYSDIG_TYPE_SYSCALLID, SYSDIG_PRINT_FORMAT_DEC}, { "nativeID", SYSDIG_TYPE_UINT16, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_GENERIC_X */ { SYSDIG_EXIT, "syscall", 1, { { "ID", SYSDIG_TYPE_SYSCALLID, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_OPEN_E */ { SYSDIG_ENTER, "open", 0}, - /* SYSDIG_SYSCALL_OPEN_X */ { SYSDIG_EXIT, "open", 4, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "name", SYSDIG_TYPE_FSPATH, SYSDIG_PRINT_FORMAT_NA}, { "flags", SYSDIG_TYPE_FLAGS32, SYSDIG_PRINT_FORMAT_HEX }, { "mode", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_HEX} } }, - /* SYSDIG_SYSCALL_CLOSE_E */ { SYSDIG_ENTER, "close", 1, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_CLOSE_X */ { SYSDIG_EXIT, "close", 1, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_READ_E */ { SYSDIG_ENTER, "read", 2, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "size", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_READ_X */ { SYSDIG_EXIT, "read", 2, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "data", SYSDIG_TYPE_BYTEBUF, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SYSCALL_WRITE_E */ { SYSDIG_ENTER, "write", 2, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "size", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_WRITE_X */ { SYSDIG_EXIT, "write", 2, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "data", SYSDIG_TYPE_BYTEBUF, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SYSCALL_BRK_1_E */ { SYSDIG_ENTER, "brk", 1, { { "size", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_BRK_1_X */ { SYSDIG_EXIT, "brk", 1, { { "res", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_HEX} } }, - /* SYSDIG_SYSCALL_EXECVE_8_E */ { SYSDIG_ENTER, "execve", 0}, - /* SYSDIG_SYSCALL_EXECVE_8_X */ { SYSDIG_EXIT, "execve", 8, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "exe", SYSDIG_TYPE_CHARBUF, SYSDIG_PRINT_FORMAT_NA}, { "args", SYSDIG_TYPE_BYTEBUF, SYSDIG_PRINT_FORMAT_NA}, { "tid", SYSDIG_TYPE_PID, SYSDIG_PRINT_FORMAT_DEC}, { "pid", SYSDIG_TYPE_PID, SYSDIG_PRINT_FORMAT_DEC}, { "ptid", SYSDIG_TYPE_PID, SYSDIG_PRINT_FORMAT_DEC}, { "cwd", SYSDIG_TYPE_CHARBUF, SYSDIG_PRINT_FORMAT_NA}, { "fdlimit", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_CLONE_11_E */ { SYSDIG_ENTER, "clone", 0}, - /* SYSDIG_CLONE_11_X */ { SYSDIG_EXIT, "clone", 11, { { "res", SYSDIG_TYPE_PID, SYSDIG_PRINT_FORMAT_DEC}, { "exe", SYSDIG_TYPE_CHARBUF, SYSDIG_PRINT_FORMAT_NA}, { "args", SYSDIG_TYPE_BYTEBUF, SYSDIG_PRINT_FORMAT_NA}, { "tid", SYSDIG_TYPE_PID, SYSDIG_PRINT_FORMAT_DEC}, { "pid", SYSDIG_TYPE_PID, SYSDIG_PRINT_FORMAT_DEC}, { "ptid", SYSDIG_TYPE_PID, SYSDIG_PRINT_FORMAT_DEC}, { "cwd", SYSDIG_TYPE_CHARBUF, SYSDIG_PRINT_FORMAT_NA}, { "fdlimit", SYSDIG_TYPE_INT64, SYSDIG_PRINT_FORMAT_DEC}, { "flags", SYSDIG_TYPE_FLAGS32, SYSDIG_PRINT_FORMAT_HEX}, { "uid", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "gid", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_PROCEXIT_E */ { SYSDIG_ENTER, "procexit", 0}, - /* SYSDIG_NA1 */ { SYSDIG_ENTER, "NA1", 0}, - /* SYSDIG_SOCKET_SOCKET_E */ { SYSDIG_ENTER, "socket", 3, { { "domain", SYSDIG_TYPE_FLAGS32, SYSDIG_PRINT_FORMAT_DEC }, { "type", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "proto", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SOCKET_SOCKET_X */ { SYSDIG_EXIT, "socket", 1, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SOCKET_BIND_E */ { SYSDIG_ENTER, "bind", 1, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SOCKET_BIND_X */ { SYSDIG_EXIT, "bind", 2, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "addr", SYSDIG_TYPE_SOCKADDR, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SOCKET_CONNECT_E */ { SYSDIG_ENTER, "connect", 1, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SOCKET_CONNECT_X */ { SYSDIG_EXIT, "connect", 2, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "tuple", SYSDIG_TYPE_SOCKTUPLE, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SOCKET_LISTEN_E */ { SYSDIG_ENTER, "listen", 2, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "backlog", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SOCKET_LISTEN_X */ { SYSDIG_EXIT, "listen", 1, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SOCKET_ACCESYSDIG_TYPE_E */ { SYSDIG_ENTER, "accept", 0}, - /* SYSDIG_SOCKET_ACCESYSDIG_TYPE_X */ { SYSDIG_EXIT, "accept", 3, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "tuple", SYSDIG_TYPE_SOCKTUPLE, SYSDIG_PRINT_FORMAT_NA}, { "queuepct", SYSDIG_TYPE_UINT8, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_SEND_E */ { SYSDIG_ENTER, "send", 2, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "size", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_SEND_X */ { SYSDIG_EXIT, "send", 2, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "data", SYSDIG_TYPE_BYTEBUF, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SOCKET_SENDTO_E */ { SYSDIG_ENTER, "sendto", 3, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "size", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "tuple", SYSDIG_TYPE_SOCKTUPLE, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SOCKET_SENDTO_X */ { SYSDIG_EXIT, "sendto", 2, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "data", SYSDIG_TYPE_BYTEBUF, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SOCKET_RECV_E */ { SYSDIG_ENTER, "recv", 2, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "size", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SOCKET_RECV_X */ { SYSDIG_EXIT, "recv", 2, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "data", SYSDIG_TYPE_BYTEBUF, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SOCKET_RECVFROM_E */ { SYSDIG_ENTER, "recvfrom", 2, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "size", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SOCKET_RECVFROM_X */ { SYSDIG_EXIT, "recvfrom", 3, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "data", SYSDIG_TYPE_BYTEBUF, SYSDIG_PRINT_FORMAT_NA}, { "tuple", SYSDIG_TYPE_SOCKTUPLE, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SOCKET_SHUTDOWN_E */ { SYSDIG_ENTER, "shutdown", 2, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "how", SYSDIG_TYPE_FLAGS8, SYSDIG_PRINT_FORMAT_HEX} } }, - /* SYSDIG_SOCKET_SHUTDOWN_X */ { SYSDIG_EXIT, "shutdown", 1, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SOCKET_GETSOCKNAME_E */ { SYSDIG_ENTER, "getsockname", 0}, - /* SYSDIG_SOCKET_GETSOCKNAME_X */ { SYSDIG_EXIT, "getsockname", 0}, - /* SYSDIG_SOCKET_GETPEERNAME_E */ { SYSDIG_ENTER, "getpeername", 0}, - /* SYSDIG_SOCKET_GETPEERNAME_X */ { SYSDIG_EXIT, "getpeername", 0}, - /* SYSDIG_SOCKET_SOCKETPAIR_E */ { SYSDIG_ENTER, "socketpair", 3, { { "domain", SYSDIG_TYPE_FLAGS32, SYSDIG_PRINT_FORMAT_DEC}, { "type", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "proto", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SOCKET_SOECKETPAIR_X */ { SYSDIG_EXIT, "socketpair", 5, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "fd1", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "fd2", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "source", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_HEX}, { "peer", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_HEX} } }, - /* SYSDIG_SOCKET_SETSOCKOSYSDIG_TYPE_E */ { SYSDIG_ENTER, "setsockopt", 0}, - /* SYSDIG_SOCKET_SETSOCKOSYSDIG_TYPE_X */ { SYSDIG_EXIT, "setsockopt", 0}, - /* SYSDIG_SOCKET_GETSOCKOSYSDIG_TYPE_E */ { SYSDIG_ENTER, "getsockopt", 0}, - /* SYSDIG_SOCKET_GETSOCKOSYSDIG_TYPE_X */ { SYSDIG_EXIT, "getsockopt", 0}, - /* SYSDIG_SOCKET_SENDMSG_E */ { SYSDIG_ENTER, "sendmsg", 3, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "size", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "tuple", SYSDIG_TYPE_SOCKTUPLE, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SOCKET_SENDMSG_X */ { SYSDIG_EXIT, "sendmsg", 2, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "data", SYSDIG_TYPE_BYTEBUF, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SOCKET_SENDMMSG_E */ { SYSDIG_ENTER, "sendmmsg", 0}, - /* SYSDIG_SOCKET_SENDMMSG_X */ { SYSDIG_EXIT, "sendmmsg", 0}, - /* SYSDIG_SOCKET_RECVMSG_E */ { SYSDIG_ENTER, "recvmsg", 1, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SOCKET_RECVMSG_X */ { SYSDIG_EXIT, "recvmsg", 4, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "size", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "data", SYSDIG_TYPE_BYTEBUF, SYSDIG_PRINT_FORMAT_NA}, { "tuple", SYSDIG_TYPE_SOCKTUPLE, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SOCKET_RECVMMSG_E */ { SYSDIG_ENTER, "recvmmsg", 0}, - /* SYSDIG_SOCKET_RECVMMSG_X */ { SYSDIG_EXIT, "recvmmsg", 0}, - /* SYSDIG_SOCKET_ACCEPT4_E */ { SYSDIG_ENTER, "accept", 1, { { "flags", SYSDIG_TYPE_INT32, SYSDIG_PRINT_FORMAT_HEX} } }, - /* SYSDIG_SOCKET_ACCEPT4_X */ { SYSDIG_EXIT, "accept", 3, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "tuple", SYSDIG_TYPE_SOCKTUPLE, SYSDIG_PRINT_FORMAT_NA}, { "queuepct", SYSDIG_TYPE_UINT8, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_CREAT_E */ { SYSDIG_ENTER, "creat", 0}, - /* SYSDIG_SYSCALL_CREAT_X */ { SYSDIG_EXIT, "creat", 3, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "name", SYSDIG_TYPE_FSPATH, SYSDIG_PRINT_FORMAT_NA}, { "mode", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_HEX} } }, - /* SYSDIG_SOCKET_PIPE_E */ { SYSDIG_ENTER, "pipe", 0}, - /* SYSDIG_SOCKET_PIPE_X */ { SYSDIG_EXIT, "pipe", 4, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "fd1", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "fd2", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "ino", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_EVENTFD_E */ { SYSDIG_ENTER, "eventfd", 2, { { "initval", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_DEC}, { "flags", SYSDIG_TYPE_FLAGS32, SYSDIG_PRINT_FORMAT_HEX} } }, - /* SYSDIG_SYSCALL_EVENTFD_X */ { SYSDIG_EXIT, "eventfd", 1, { { "res", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_FUTEX_E */ { SYSDIG_ENTER, "futex", 3, { { "addr", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_HEX}, { "op", SYSDIG_TYPE_FLAGS16, SYSDIG_PRINT_FORMAT_HEX}, { "val", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_FUTEX_X */ { SYSDIG_EXIT, "futex", 1, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_STAT_E */ { SYSDIG_ENTER, "stat", 0}, - /* SYSDIG_SYSCALL_STAT_X */ { SYSDIG_EXIT, "stat", 2, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "path", SYSDIG_TYPE_FSPATH, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SYSCALL_LSTAT_E */ { SYSDIG_ENTER, "lstat", 0}, - /* SYSDIG_SYSCALL_LSTAT_X */ { SYSDIG_EXIT, "lstat", 2, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "path", SYSDIG_TYPE_FSPATH, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SYSCALL_FSTAT_E */ { SYSDIG_ENTER, "fstat", 1, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SYSCALL_FSTAT_X */ { SYSDIG_EXIT, "fstat", 1, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_STAT64_E */ { SYSDIG_ENTER, "stat64", 0}, - /* SYSDIG_SYSCALL_STAT64_X */ { SYSDIG_EXIT, "stat64", 2, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "path", SYSDIG_TYPE_FSPATH, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SYSCALL_LSTAT64_E */ { SYSDIG_ENTER, "lstat64", 0}, - /* SYSDIG_SYSCALL_LSTAT64_X */ { SYSDIG_EXIT, "lstat64", 2, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "path", SYSDIG_TYPE_FSPATH, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SYSCALL_FSTAT64_E */ { SYSDIG_ENTER, "fstat64", 1, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SYSCALL_FSTAT64_X */ { SYSDIG_EXIT, "fstat64", 1, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_EPOLLWAIT_E */ { SYSDIG_ENTER, "epoll_wait", 1, { { "maxevents", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_EPOLLWAIT_X */ { SYSDIG_EXIT, "epoll_wait", 1, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_POLL_E */ { SYSDIG_ENTER, "poll", 2, { { "fds", SYSDIG_TYPE_FDLIST, SYSDIG_PRINT_FORMAT_DEC}, { "timeout", SYSDIG_TYPE_INT64, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_POLL_X */ { SYSDIG_EXIT, "poll", 2, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "fds", SYSDIG_TYPE_FDLIST, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_SELECT_E */ { SYSDIG_ENTER, "select", 0}, - /* SYSDIG_SYSCALL_SELECT_X */ { SYSDIG_EXIT, "select", 1, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_NEWSELECT_E */ { SYSDIG_ENTER, "select", 0}, - /* SYSDIG_SYSCALL_NEWSELECT_X */ { SYSDIG_EXIT, "select", 1, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_LSEEK_E */ { SYSDIG_ENTER, "lseek", 3, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "offset", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_DEC}, { "whence", SYSDIG_TYPE_FLAGS8, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_LSEEK_X */ { SYSDIG_EXIT, "lseek", 1, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_LLSEEK_E */ { SYSDIG_ENTER, "llseek", 3, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "offset", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_DEC}, { "whence", SYSDIG_TYPE_FLAGS8, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_LLSEEK_X */ { SYSDIG_EXIT, "llseek", 1, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_IOCTL_E */ { SYSDIG_ENTER, "ioctl", 2, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "request", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_HEX} } }, - /* SYSDIG_SYSCALL_IOCTL_X */ { SYSDIG_EXIT, "ioctl", 1, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_GETCWD_E */ { SYSDIG_ENTER, "getcwd", 0}, - /* Note: path is SYSDIG_TYPE_CHARBUF and not SYSDIG_TYPE_FSPATH because we assume it's abosulte and will never need resolution */ - /* SYSDIG_SYSCALL_GETCWD_X */ { SYSDIG_EXIT, "getcwd", 2, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "path", SYSDIG_TYPE_CHARBUF, SYSDIG_PRINT_FORMAT_NA} } }, - /* Note: path is SYSDIG_TYPE_CHARBUF and not SYSDIG_TYPE_FSPATH because we don't want it to be resolved, since the event handler already changes it */ - /* SYSDIG_SYSCALL_CHDIR_E */ { SYSDIG_ENTER, "chdir", 0}, - /* SYSDIG_SYSCALL_CHDIR_X */ { SYSDIG_EXIT, "chdir", 2, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "path", SYSDIG_TYPE_CHARBUF, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SYSCALL_FCHDIR_E */ { SYSDIG_ENTER, "fchdir", 1, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SYSCALL_FCHDIR_X */ { SYSDIG_EXIT, "fchdir", 1, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_MKDIR_E */ { SYSDIG_ENTER, "mkdir", 2, { { "path", SYSDIG_TYPE_FSPATH, SYSDIG_PRINT_FORMAT_NA}, { "mode", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_HEX} } }, - /* SYSDIG_SYSCALL_MKDIR_X */ { SYSDIG_EXIT, "mkdir", 1, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_RMDIR_E */ { SYSDIG_ENTER, "rmdir", 1, { { "path", SYSDIG_TYPE_FSPATH, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SYSCALL_RMDIR_X */ { SYSDIG_EXIT, "rmdir", 1, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_OPENAT_E */ { SYSDIG_ENTER, "openat", 4, { { "dirfd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "name", SYSDIG_TYPE_CHARBUF, SYSDIG_PRINT_FORMAT_NA}, { "flags", SYSDIG_TYPE_FLAGS32, SYSDIG_PRINT_FORMAT_HEX}, { "mode", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_HEX} } }, - /* SYSDIG_SYSCALL_OPENAT_X */ { SYSDIG_EXIT, "openat", 1, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_LINK_E */ { SYSDIG_ENTER, "link", 2, { { "oldpath", SYSDIG_TYPE_FSPATH, SYSDIG_PRINT_FORMAT_NA}, { "newpath", SYSDIG_TYPE_FSPATH, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SYSCALL_LINK_X */ { SYSDIG_EXIT, "link", 1, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_LINKAT_E */ { SYSDIG_ENTER, "linkat", 4, { { "olddir", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "oldpath", SYSDIG_TYPE_CHARBUF, SYSDIG_PRINT_FORMAT_NA}, { "newdir", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "newpath", SYSDIG_TYPE_CHARBUF, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SYSCALL_LINKAT_X */ { SYSDIG_EXIT, "linkat", 1, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_UNLINK_E */ { SYSDIG_ENTER, "unlink", 1, { { "path", SYSDIG_TYPE_FSPATH, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SYSCALL_UNLINK_X */ { SYSDIG_EXIT, "unlink", 1, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_UNLINKAT_E */ { SYSDIG_ENTER, "unlinkat", 2, { { "dirfd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "name", SYSDIG_TYPE_CHARBUF, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SYSCALL_UNLINKAT_X */ { SYSDIG_EXIT, "unlinkat", 1, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_PREAD_E */ { SYSDIG_ENTER, "pread", 3, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "size", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "pos", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_PREAD_X */ { SYSDIG_EXIT, "pread", 2, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "data", SYSDIG_TYPE_BYTEBUF, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SYSCALL_PWRITE_E */ { SYSDIG_ENTER, "pwrite", 3, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "size", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "pos", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_PWRITE_X */ { SYSDIG_EXIT, "pwrite", 2, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "data", SYSDIG_TYPE_BYTEBUF, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SYSCALL_READV_E */ { SYSDIG_ENTER, "readv", 1, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_READV_X */ { SYSDIG_EXIT, "readv", 3, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "size", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "data", SYSDIG_TYPE_BYTEBUF, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SYSCALL_WRITEV_E */ { SYSDIG_ENTER, "writev", 2, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "size", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_WRITEV_X */ { SYSDIG_EXIT, "writev", 2, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "data", SYSDIG_TYPE_BYTEBUF, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SYSCALL_PREADV_E */ { SYSDIG_ENTER, "preadv", 2, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "pos", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_PREADV_X */ { SYSDIG_EXIT, "preadv", 3, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "size", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "data", SYSDIG_TYPE_BYTEBUF, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SYSCALL_PWRITEV_E */ { SYSDIG_ENTER, "pwritev", 3, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "size", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "pos", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_PWRITEV_X */ { SYSDIG_EXIT, "pwritev", 2, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "data", SYSDIG_TYPE_BYTEBUF, SYSDIG_PRINT_FORMAT_NA} } }, - /* SYSDIG_SYSCALL_DUP_E */ { SYSDIG_ENTER, "dup", 1, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_DUP_X */ { SYSDIG_EXIT, "dup", 1, { { "res", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_SIGNALFD_E */ { SYSDIG_ENTER, "signalfd", 3, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "mask", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_HEX}, { "flags", SYSDIG_TYPE_FLAGS8, SYSDIG_PRINT_FORMAT_HEX} } }, - /* SYSDIG_SYSCALL_SIGNALFD_X */ { SYSDIG_EXIT, "signalfd", 1, { { "res", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_KILL_E */ { SYSDIG_ENTER, "kill", 2, { { "pid", SYSDIG_TYPE_PID, SYSDIG_PRINT_FORMAT_DEC}, { "sig", SYSDIG_TYPE_SIGTYPE, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_KILL_X */ { SYSDIG_EXIT, "kill", 1, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_TKILL_E */ { SYSDIG_ENTER, "tkill", 2, { { "tid", SYSDIG_TYPE_PID, SYSDIG_PRINT_FORMAT_DEC}, { "sig", SYSDIG_TYPE_SIGTYPE, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_TKILL_X */ { SYSDIG_EXIT, "tkill", 1, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_TGKILL_E */ { SYSDIG_ENTER, "tgkill", 3, { { "pid", SYSDIG_TYPE_PID, SYSDIG_PRINT_FORMAT_DEC}, { "tid", SYSDIG_TYPE_PID, SYSDIG_PRINT_FORMAT_DEC}, { "sig", SYSDIG_TYPE_SIGTYPE, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_TGKILL_X */ { SYSDIG_EXIT, "tgkill", 1, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_NANOSLEEP_E */ { SYSDIG_ENTER, "nanosleep", 1, { { "interval", SYSDIG_TYPE_RELTIME, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_NANOSLEEP_X */ { SYSDIG_EXIT, "nanosleep", 1, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_TIMERFD_CREATE_E */ { SYSDIG_ENTER, "timerfd_create", 2, { { "clockid", SYSDIG_TYPE_UINT8, SYSDIG_PRINT_FORMAT_DEC}, { "flags", SYSDIG_TYPE_FLAGS8, SYSDIG_PRINT_FORMAT_HEX} } }, - /* SYSDIG_SYSCALL_TIMERFD_CREATE_X */ { SYSDIG_EXIT, "timerfd_create", 1, { { "res", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_INOTIFY_INIT_E */ { SYSDIG_ENTER, "inotify_init", 1, { { "flags", SYSDIG_TYPE_FLAGS8, SYSDIG_PRINT_FORMAT_HEX} } }, - /* SYSDIG_SYSCALL_INOTIFY_INIT_X */ { SYSDIG_EXIT, "inotify_init", 1, { { "res", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_GETRLIMIT_E */ { SYSDIG_ENTER, "getrlimit", 1, { { "resource", SYSDIG_TYPE_FLAGS8, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_GETRLIMIT_X */ { SYSDIG_EXIT, "getrlimit", 3, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "cur", SYSDIG_TYPE_INT64, SYSDIG_PRINT_FORMAT_DEC}, { "max", SYSDIG_TYPE_INT64, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_SETRLIMIT_E */ { SYSDIG_ENTER, "setrlimit", 1, { { "resource", SYSDIG_TYPE_FLAGS8, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_SETRLIMIT_X */ { SYSDIG_EXIT, "setrlimit", 3, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "cur", SYSDIG_TYPE_INT64, SYSDIG_PRINT_FORMAT_DEC}, { "max", SYSDIG_TYPE_INT64, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_PRLIMIT_E */ { SYSDIG_ENTER, "prlimit", 2, { { "pid", SYSDIG_TYPE_PID, SYSDIG_PRINT_FORMAT_DEC}, { "resource", SYSDIG_TYPE_FLAGS8, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_PRLIMIT_X */ { SYSDIG_EXIT, "prlimit", 5, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "newcur", SYSDIG_TYPE_INT64, SYSDIG_PRINT_FORMAT_DEC}, { "newmax", SYSDIG_TYPE_INT64, SYSDIG_PRINT_FORMAT_DEC}, { "oldcur", SYSDIG_TYPE_INT64, SYSDIG_PRINT_FORMAT_DEC}, { "oldmax", SYSDIG_TYPE_INT64, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SCHEDSWITCH_1_E */ { SYSDIG_ENTER, "switch", 1, { { "next", SYSDIG_TYPE_PID, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SCHEDSWITCH_1_X */ { SYSDIG_EXIT, "NA2", 0}, - /* SYSDIG_DROP_E */ { SYSDIG_ENTER, "drop", 1, { { "ratio", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_DROP_X */ { SYSDIG_EXIT, "drop", 1, { { "ratio", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_FCNTL_E */ { SYSDIG_ENTER, "fcntl", 2, { { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "cmd", SYSDIG_TYPE_FLAGS8, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_FCNTL_X */ { SYSDIG_EXIT, "fcntl", 1, { { "res", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SCHEDSWITCH_6_E */ { SYSDIG_ENTER, "switch", 6, { { "next", SYSDIG_TYPE_PID, SYSDIG_PRINT_FORMAT_DEC}, { "pgft_maj", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_DEC}, { "pgft_min", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_DEC}, { "vm_size", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "vm_rss", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "vm_swap", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SCHEDSWITCH_6_X */ { SYSDIG_EXIT, "NA2", 0}, - /* SYSDIG_SYSCALL_EXECVE_13_E */ { SYSDIG_ENTER, "execve", 0}, - /* SYSDIG_SYSCALL_EXECVE_13_X */ { SYSDIG_EXIT, "execve", 13, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "exe", SYSDIG_TYPE_CHARBUF, SYSDIG_PRINT_FORMAT_NA}, { "args", SYSDIG_TYPE_BYTEBUF, SYSDIG_PRINT_FORMAT_NA}, { "tid", SYSDIG_TYPE_PID, SYSDIG_PRINT_FORMAT_DEC}, { "pid", SYSDIG_TYPE_PID, SYSDIG_PRINT_FORMAT_DEC}, { "ptid", SYSDIG_TYPE_PID, SYSDIG_PRINT_FORMAT_DEC}, { "cwd", SYSDIG_TYPE_CHARBUF, SYSDIG_PRINT_FORMAT_NA}, { "fdlimit", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_DEC}, { "pgft_maj", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_DEC}, { "pgft_min", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_DEC}, { "vm_size", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "vm_rss", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "vm_swap", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_CLONE_16_E */ { SYSDIG_ENTER, "clone", 0}, - /* SYSDIG_CLONE_16_X */ { SYSDIG_EXIT, "clone", 16, { { "res", SYSDIG_TYPE_PID, SYSDIG_PRINT_FORMAT_DEC}, { "exe", SYSDIG_TYPE_CHARBUF, SYSDIG_PRINT_FORMAT_NA}, { "args", SYSDIG_TYPE_BYTEBUF, SYSDIG_PRINT_FORMAT_NA}, { "tid", SYSDIG_TYPE_PID, SYSDIG_PRINT_FORMAT_DEC}, { "pid", SYSDIG_TYPE_PID, SYSDIG_PRINT_FORMAT_DEC}, { "ptid", SYSDIG_TYPE_PID, SYSDIG_PRINT_FORMAT_DEC}, { "cwd", SYSDIG_TYPE_CHARBUF, SYSDIG_PRINT_FORMAT_NA}, { "fdlimit", SYSDIG_TYPE_INT64, SYSDIG_PRINT_FORMAT_DEC}, { "pgft_maj", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_DEC}, { "pgft_min", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_DEC}, { "vm_size", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "vm_rss", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "vm_swap", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "flags", SYSDIG_TYPE_FLAGS32, SYSDIG_PRINT_FORMAT_HEX}, { "uid", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "gid", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_BRK_4_E */ { SYSDIG_ENTER, "brk", 1, { { "addr", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_HEX} } }, - /* SYSDIG_SYSCALL_BRK_4_X */ { SYSDIG_EXIT, "brk", 4, { { "res", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_HEX}, { "vm_size", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "vm_rss", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "vm_swap", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_MMAP_E */ { SYSDIG_ENTER, "mmap", 6, { { "addr", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_HEX}, { "length", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_DEC}, { "prot", SYSDIG_TYPE_FLAGS32, SYSDIG_PRINT_FORMAT_HEX}, { "flags", SYSDIG_TYPE_FLAGS32, SYSDIG_PRINT_FORMAT_HEX}, { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "offset", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_MMAP_X */ { SYSDIG_EXIT, "mmap", 4, { { "res", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_HEX}, { "vm_size", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "vm_rss", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "vm_swap", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_MMAP2_E */ { SYSDIG_ENTER, "mmap2", 6, { { "addr", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_HEX}, { "length", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_DEC}, { "prot", SYSDIG_TYPE_FLAGS32, SYSDIG_PRINT_FORMAT_HEX}, { "flags", SYSDIG_TYPE_FLAGS32, SYSDIG_PRINT_FORMAT_HEX}, { "fd", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "pgoffset", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_MMAP2_X */ { SYSDIG_EXIT, "mmap2", 4, { { "res", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_HEX}, { "vm_size", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "vm_rss", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "vm_swap", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_MUNMAP_E */ { SYSDIG_ENTER, "munmap", 2, { { "addr", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_HEX}, { "length", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_MUNMAP_X */ { SYSDIG_EXIT, "munmap", 4, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}, { "vm_size", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "vm_rss", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC}, { "vm_swap", SYSDIG_TYPE_UINT32, SYSDIG_PRINT_FORMAT_DEC} } }, - /* SYSDIG_SYSCALL_SPLICE_E */ { SYSDIG_ENTER, "splice", 4, { { "fd_in", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "fd_out", SYSDIG_TYPE_FD, SYSDIG_PRINT_FORMAT_DEC}, { "size", SYSDIG_TYPE_UINT64, SYSDIG_PRINT_FORMAT_DEC}, { "flags", SYSDIG_TYPE_FLAGS32, SYSDIG_PRINT_FORMAT_HEX} } }, - /* SYSDIG_SYSCALL_SPLICE_X */ { SYSDIG_EXIT, "splice", 1, { { "res", SYSDIG_TYPE_ERRNO, SYSDIG_PRINT_FORMAT_DEC}} } -}; - -/* **************************************************** */ - -int pfring_mod_sysdig_open(pfring *ring) { - u_int8_t device_id = 0; - pfring_sysdig *sysdig = NULL; - - ring->close = pfring_mod_sysdig_close; - ring->recv = pfring_mod_sysdig_recv; - ring->poll = pfring_mod_sysdig_poll; - ring->enable_ring = pfring_mod_sysdig_enable_ring; - ring->set_poll_watermark = pfring_mod_sysdig_set_poll_watermark; - ring->set_socket_mode = pfring_mod_sysdig_set_socket_mode; - ring->stats = pfring_mod_sysdig_stats; - ring->get_bound_device_ifindex = pfring_mod_sysdig_get_bound_device_ifindex; - ring->set_bpf_filter = pfring_mod_sysdig_set_bpf_filter; - ring->remove_bpf_filter = pfring_mod_sysdig_remove_bpf_filter; - - ring->priv_data = malloc(sizeof(pfring_sysdig)); - - if(ring->priv_data == NULL) - goto sysdig_ret_error; - - memset(ring->priv_data, 0, sizeof(pfring_sysdig)); - sysdig = (pfring_sysdig*)ring->priv_data; - - sysdig->num_devices = sysconf(_SC_NPROCESSORS_ONLN); /* # devices = # CPUs */ - - if(sysdig->num_devices > SYSDIG_MAX_NUM_DEVICES) { - fprintf(stderr, "Internal error: too many devices %u\n", sysdig->num_devices); - return(-1); - } - - sysdig->bytes_watermark = SYSDIG_DEFAULT_DATA_AVAIL; - if(ring->caplen > MAX_CAPLEN) ring->caplen = MAX_CAPLEN; - ring->poll_duration = DEFAULT_POLL_DURATION; - - for(device_id = 0; device_id < sysdig->num_devices; device_id++) { - char device_name[48]; - - snprintf(device_name, sizeof(device_name), "/dev/sysdig%u", device_id); - - if((sysdig->devices[device_id].fd = open((char *)device_name, O_RDWR | O_SYNC)) < 0) { - fprintf(stderr, "Error opening %s\n", device_name); - goto sysdig_open_error; - } - - /* Prevent capture until the ring is enabled */ - if(ioctl(sysdig->devices[device_id].fd, SYSDIG_IOCTL_DISABLE_DROPPING_MODE)) - return(-1); - - if(ioctl(sysdig->devices[device_id].fd, SYSDIG_IOCTL_DISABLE_CAPTURE)) - return(-1); - - if((sysdig->devices[device_id].ring_mmap = - (char*)mmap(0, SYSDIG_RING_LEN, - PROT_READ, MAP_SHARED, - sysdig->devices[device_id].fd, 0)) == MAP_FAILED) { - fprintf(stderr, "Unable to mmap ring for %s\n", device_name); - goto sysdig_open_error; - } - - sysdig->devices[device_id].ring_info = - (struct sysdig_ring_info*)mmap(0, sizeof(struct sysdig_ring_info), - PROT_READ | PROT_WRITE, - MAP_SHARED, - sysdig->devices[device_id].fd, 0); - if(sysdig->devices[device_id].ring_info == MAP_FAILED) { - fprintf(stderr, "Unable to mmap info ring for %s\n", device_name); - goto sysdig_open_error; - } - - } - return(0); /* Everything looks good so far */ - - sysdig_open_error: - pfring_mod_sysdig_close(ring); - - sysdig_ret_error: - return(-1); -} - -/* **************************************************** */ - -void pfring_mod_sysdig_close(pfring *ring) { - pfring_sysdig *sysdig; - u_int8_t device_id = 0; - - if(ring->priv_data == NULL) - return; - - sysdig = (pfring_sysdig *)ring->priv_data; - - for(device_id = 0; device_id < sysdig->num_devices; device_id++) { - if(sysdig->devices[device_id].ring_info) - munmap(sysdig->devices[device_id].ring_info, sizeof(struct sysdig_ring_info)); - - if(sysdig->devices[device_id].ring_mmap) - munmap(sysdig->devices[device_id].ring_mmap, SYSDIG_RING_LEN); - - if(sysdig->devices[device_id].fd) - close(sysdig->devices[device_id].fd); - } -} - -/* **************************************************** */ - -static u_int32_t pfring_sysdig_get_data_available(pfring_sysdig_device *dev) { - u_int32_t rc, head = dev->ring_info->head, tail = dev->ring_info->tail; - - if(tail > head) /* Ring wrap */ - rc = RING_BUF_SIZE - tail + head; - else - rc = head - tail; - - // printf("%s() : %u\n", __FUNCTION__, rc); - return(rc); -} - -/* **************************************************** */ - -static void sysdig_get_first_event(pfring_sysdig *sysdig, - pfring_sysdig_device *dev, - struct sysdig_event_header **ev) { - u_int32_t next_tail = dev->ring_info->tail + dev->last_evt_read_len; - - /* Check if we have a packet already read but not taken into account */ - if(dev->last_evt_read_len > 0) { - if(next_tail >= RING_BUF_SIZE) - next_tail = next_tail - RING_BUF_SIZE; /* Start over (ring wrap) */ - - /* Event consumed: update tail */ - dev->ring_info->tail = next_tail; - } - - if(pfring_sysdig_get_data_available(dev) < sysdig->bytes_watermark /* Too little data */) - *ev = NULL, dev->last_evt_read_len = 0; - else { - // printf("%u ", dev->ring_info->tail); - *ev = (struct sysdig_event_header*)(dev->ring_mmap + next_tail); - dev->last_evt_read_len = (*ev)->event_len; - - // printf("%u(%u) ", dev->ring_info->tail, (*ev)->event_type); - } -} - -/* **************************************************** */ - -int pfring_mod_sysdig_recv(pfring *ring, u_char** buffer, u_int buffer_len, - struct pfring_pkthdr *hdr, u_int8_t wait_for_incoming_packet) { - - u_int8_t device_id, ret_device_id = 0; - pfring_sysdig *sysdig; - struct sysdig_event_header *ret_event = NULL; - - if(ring->priv_data == NULL) - return(-1); - - sysdig = (pfring_sysdig *)ring->priv_data; - - if(ring->reentrant) - pfring_rwlock_wrlock(&ring->rx_lock); - - check_and_poll: - if(ring->break_recv_loop) - goto exit; /* retval = 0 */ - - __sync_synchronize(); - - for(device_id = 0; device_id < sysdig->num_devices; device_id++) { - struct sysdig_event_header *this_event; - - sysdig_get_first_event(sysdig, &sysdig->devices[device_id], &this_event); - - if(this_event) { - if(ret_event == NULL) - ret_event = this_event, ret_device_id = device_id; - else { - if(this_event->ts < ret_event->ts) { - /* This event is older than the previous one hence I need - to push pack the ret_event */ - - sysdig->devices[ret_device_id].last_evt_read_len = 0; - ret_event = this_event, ret_device_id = device_id; - } else { - sysdig->devices[device_id].last_evt_read_len = 0; /* Ignore this event */ - } - } - } - } - - if(ret_event == NULL) { - /* No event returned */ - - if(wait_for_incoming_packet) { - usleep(BUFFER_EMPTY_WAIT_TIME_MS * 1000); - goto check_and_poll; - } - } else { - if(buffer_len > 0) { - /* one copy */ - u_int len = ret_event->event_len; - - if(len > ring->caplen) len = ring->caplen; - if(len > buffer_len) len = buffer_len; - - memcpy(*buffer, ret_event, len); - hdr->caplen = len, hdr->len = ret_event->event_len; - } else { - /* zero copy */ - *buffer = (u_char*)ret_event; - hdr->caplen = hdr->len = ret_event->event_len; - } - - hdr->extended_hdr.timestamp_ns = ret_event->ts; - hdr->extended_hdr.pkt_hash = hdr->extended_hdr.if_index = ret_device_id; /* CPU id */ - - /* - The two statements below are kinda a waste of time as timestamp_ns - is more than enough - */ - hdr->ts.tv_sec = hdr->extended_hdr.timestamp_ns / 1000000000, - hdr->ts.tv_usec = (hdr->extended_hdr.timestamp_ns / 1000) % 1000000; - } - - exit: - if(ring->reentrant) - pfring_rwlock_unlock(&ring->rx_lock); - - return(ret_event ? 1 : 0); -} - -/* **************************************************** */ - -int pfring_mod_sysdig_enable_ring(pfring *ring) { - u_int32_t device_id; - pfring_sysdig *sysdig; - u_char *buffer; - struct pfring_pkthdr hdr; - - if(ring->priv_data == NULL) - return(-1); - - sysdig = (pfring_sysdig *)ring->priv_data; - - /* Flush any pending event */ - while(pfring_mod_sysdig_recv(ring, &buffer, 0, &hdr, 0) == 1) - ; - - /* Enable the ring */ - for(device_id = 0; device_id < sysdig->num_devices; device_id++) { - if(ioctl(sysdig->devices[device_id].fd, SYSDIG_IOCTL_ENABLE_CAPTURE)) - return(-1); - } - - return(0); -} - -/* **************************************************** */ - -int pfring_mod_sysdig_poll(pfring *ring, u_int wait_duration) { - pfring_sysdig *sysdig; - u_int8_t device_id; - - if(ring->priv_data == NULL) - return(-1); - - sysdig = (pfring_sysdig *)ring->priv_data; - - while(1) { - for(device_id = 0; device_id < sysdig->num_devices; device_id++) { - if(pfring_sysdig_get_data_available(&sysdig->devices[device_id]) >= sysdig->bytes_watermark) - return(1); - } - - /* No data found */ - if(wait_duration == 0) return(0); - - usleep(BUFFER_EMPTY_WAIT_TIME_MS * 1000); - wait_duration--; - } - - return(1); /* Not reached */ -} - -/* ******************************* */ - -int pfring_mod_sysdig_set_socket_mode(pfring *ring, socket_mode mode) { - return((mode == recv_only_mode) ? 0 : -1); -} - -/* ******************************* */ - -int pfring_mod_sysdig_set_poll_watermark(pfring *ring, u_int16_t watermark) { - pfring_sysdig *sysdig = NULL; - - if(ring->priv_data == NULL) - return(-1); - - sysdig = (pfring_sysdig*)ring->priv_data; - sysdig->bytes_watermark = (watermark <= 1) ? 1 /* Force to return at each event */: (watermark * 8192); - - return(0); -} - -/* ******************************* */ - -int pfring_mod_sysdig_stats(pfring *ring, pfring_stat *stats) { - u_int8_t device_id; - pfring_sysdig *sysdig = NULL; - - if(ring->priv_data == NULL) - return(-1); - else - sysdig = (pfring_sysdig*)ring->priv_data; - - stats->recv = 0, stats->drop = 0; - - for(device_id = 0; device_id < sysdig->num_devices; device_id++) { - stats->recv += sysdig->devices[device_id].ring_info->n_evts, - stats->drop += - sysdig->devices[device_id].ring_info->n_drops_buffer + - sysdig->devices[device_id].ring_info->n_drops_pf; - } - - return(0); -} - -/* **************************************************** */ - -int pfring_mod_sysdig_get_bound_device_ifindex(pfring *ring, int *if_index) { - *if_index = 0; /* Dummy index */ - - return(0); -} - -/* **************************************************** */ - -/* - This is a simple filter that will be extended in future version of the code. - The currently accepted syntax is "evt.type=X or evt.type=Y ..." that is a subset - of the syntax supported by the sysdig command -*/ -int pfring_mod_sysdig_set_bpf_filter(pfring *ring, const char *filter_buffer) { - u_int32_t device_id; - pfring_sysdig *sysdig; - char *filter, *item, *where; - - if(ring->priv_data == NULL) - return(-1); - - sysdig = (pfring_sysdig *)ring->priv_data; - - /* Remove old filter, if any */ - if(pfring_mod_sysdig_remove_bpf_filter(ring) < 0) return(-1); - - if((filter = strdup(filter_buffer)) == NULL) return(-2); - - item = strtok_r(filter, " ", &where); - - while(item != NULL) { - if(strncmp(item, "evt.type=", 9) == 0) { - int j; - - item = &item[9]; - - for(j=0; jnum_devices; device_id++) { - if(ioctl(sysdig->devices[device_id].fd, SYSDIG_IOCTL_MASK_SET_EVENT, j)) { - free(filter); - return(-1); - } - } - } - } - } else if(strcmp(item, "or") == 0) { - /* "or" term: to skip */ - } else { - printf("WARNING: ignoring sysdig filter item '%s'\n", item); - } - - item = strtok_r(NULL, " ", &where); - } - - free(filter); - return(0); -} - -/* **************************************************** */ - -int pfring_mod_sysdig_remove_bpf_filter(pfring *ring) { - u_int32_t device_id; - pfring_sysdig *sysdig; - - if(ring->priv_data == NULL) - return(-1); - - sysdig = (pfring_sysdig *)ring->priv_data; - - for(device_id = 0; device_id < sysdig->num_devices; device_id++) { - if(ioctl(sysdig->devices[device_id].fd, SYSDIG_IOCTL_MASK_ZERO_EVENTS)) { - return(-1); - } - } - - return(0); -} - -/* ****************************************************** */ - -char* sysdig_event2name(enum sysdig_event_type event_type) { - static char event_buf[SYSDIG_MAX_NAME_LEN+4]; - - snprintf(event_buf, sizeof(event_buf), "%c %s", - (sysdig_events[event_type].mode == SYSDIG_ENTER) ? '<' : '>', - sysdig_events[event_type].name); - - return(event_buf); -}; - -/* ****************************************************** */ - -const struct sysdig_event_info* sysdig_event2info(enum sysdig_event_type event_type) { - return(&sysdig_events[event_type]); -} diff --git a/userland/lib/pfring_mod_sysdig.h b/userland/lib/pfring_mod_sysdig.h deleted file mode 100644 index 7792924c3..000000000 --- a/userland/lib/pfring_mod_sysdig.h +++ /dev/null @@ -1,323 +0,0 @@ -/* - * - * (C) 2014-23 - ntop - * - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU Lesses General Public License as published by - * the Free Software Foundation; either version 2.1 of the License, or - * (at your option) any later version. - * - * - */ - -#ifndef _PFRING_MOD_SYSDIG_H_ -#define _PFRING_MOD_SYSDIG_H_ - -#define RING_BUF_SIZE 1024 * 8192 -#define SYSDIG_RING_LEN RING_BUF_SIZE * 2 -#define SYSDIG_DEFAULT_DATA_AVAIL 100000 -#define BUFFER_EMPTY_WAIT_TIME_MS 30 - -#define SYSDIG_MAX_NUM_DEVICES 64 - -#define SYSDIG_MAX_NAME_LEN 32 -#define SYSDIG_MAX_EVENT_PARAMS 16 /* Max number of parameters an event can have */ - - -/* From sysdig's ppm_events_public.h */ -#define SYSDIG_IOCTL_MAGIC 's' -#define SYSDIG_IOCTL_DISABLE_CAPTURE _IO(SYSDIG_IOCTL_MAGIC, 0) -#define SYSDIG_IOCTL_ENABLE_CAPTURE _IO(SYSDIG_IOCTL_MAGIC, 1) -#define SYSDIG_IOCTL_DISABLE_DROPPING_MODE _IO(SYSDIG_IOCTL_MAGIC, 2) -#define SYSDIG_IOCTL_ENABLE_DROPPING_MODE _IO(SYSDIG_IOCTL_MAGIC, 3) -#define SYSDIG_IOCTL_SET_SNAPLEN _IO(SYSDIG_IOCTL_MAGIC, 4) -#define SYSDIG_IOCTL_MASK_ZERO_EVENTS _IO(SYSDIG_IOCTL_MAGIC, 5) -#define SYSDIG_IOCTL_MASK_SET_EVENT _IO(SYSDIG_IOCTL_MAGIC, 6) -#define SYSDIG_IOCTL_MASK_UNSET_EVENT _IO(SYSDIG_IOCTL_MAGIC, 7) - -/* From sysdig's ppm_event_type in ppm_events_public.h */ -enum sysdig_event_type { - SYSDIG_GENERIC_E = 0, - SYSDIG_GENERIC_X = 1, - SYSDIG_SYSCALL_OPEN_E = 2, - SYSDIG_SYSCALL_OPEN_X = 3, - SYSDIG_SYSCALL_CLOSE_E = 4, - SYSDIG_SYSCALL_CLOSE_X = 5, - SYSDIG_SYSCALL_READ_E = 6, - SYSDIG_SYSCALL_READ_X = 7, - SYSDIG_SYSCALL_WRITE_E = 8, - SYSDIG_SYSCALL_WRITE_X = 9, - SYSDIG_SYSCALL_BRK_1_E = 10, - SYSDIG_SYSCALL_BRK_1_X = 11, - SYSDIG_SYSCALL_EXECVE_8_E = 12, - SYSDIG_SYSCALL_EXECVE_8_X = 13, - SYSDIG_CLONE_11_E = 14, - SYSDIG_CLONE_11_X = 15, - SYSDIG_PROCEXIT_E = 16, - SYSDIG_PROCEXIT_X = 17, /* This should never be called */ - SYSDIG_SOCKET_SOCKET_E = 18, - SYSDIG_SOCKET_SOCKET_X = 19, - SYSDIG_SOCKET_BIND_E = 20, - SYSDIG_SOCKET_BIND_X = 21, - SYSDIG_SOCKET_CONNECT_E = 22, - SYSDIG_SOCKET_CONNECT_X = 23, - SYSDIG_SOCKET_LISTEN_E = 24, - SYSDIG_SOCKET_LISTEN_X = 25, - SYSDIG_SOCKET_ACCEPT_E = 26, - SYSDIG_SOCKET_ACCEPT_X = 27, - SYSDIG_SOCKET_SEND_E = 28, - SYSDIG_SOCKET_SEND_X = 29, - SYSDIG_SOCKET_SENDTO_E = 30, - SYSDIG_SOCKET_SENDTO_X = 31, - SYSDIG_SOCKET_RECV_E = 32, - SYSDIG_SOCKET_RECV_X = 33, - SYSDIG_SOCKET_RECVFROM_E = 34, - SYSDIG_SOCKET_RECVFROM_X = 35, - SYSDIG_SOCKET_SHUTDOWN_E = 36, - SYSDIG_SOCKET_SHUTDOWN_X = 37, - SYSDIG_SOCKET_GETSOCKNAME_E = 38, - SYSDIG_SOCKET_GETSOCKNAME_X = 39, - SYSDIG_SOCKET_GETPEERNAME_E = 40, - SYSDIG_SOCKET_GETPEERNAME_X = 41, - SYSDIG_SOCKET_SOCKETPAIR_E = 42, - SYSDIG_SOCKET_SOCKETPAIR_X = 43, - SYSDIG_SOCKET_SETSOCKOPT_E = 44, - SYSDIG_SOCKET_SETSOCKOPT_X = 45, - SYSDIG_SOCKET_GETSOCKOPT_E = 46, - SYSDIG_SOCKET_GETSOCKOPT_X = 47, - SYSDIG_SOCKET_SENDMSG_E = 48, - SYSDIG_SOCKET_SENDMSG_X = 49, - SYSDIG_SOCKET_SENDMMSG_E = 50, - SYSDIG_SOCKET_SENDMMSG_X = 51, - SYSDIG_SOCKET_RECVMSG_E = 52, - SYSDIG_SOCKET_RECVMSG_X = 53, - SYSDIG_SOCKET_RECVMMSG_E = 54, - SYSDIG_SOCKET_RECVMMSG_X = 55, - SYSDIG_SOCKET_ACCEPT4_E = 56, - SYSDIG_SOCKET_ACCEPT4_X = 57, - SYSDIG_SYSCALL_CREAT_E = 58, - SYSDIG_SYSCALL_CREAT_X = 59, - SYSDIG_SYSCALL_PIPE_E = 60, - SYSDIG_SYSCALL_PIPE_X = 61, - SYSDIG_SYSCALL_EVENTFD_E = 62, - SYSDIG_SYSCALL_EVENTFD_X = 63, - SYSDIG_SYSCALL_FUTEX_E = 64, - SYSDIG_SYSCALL_FUTEX_X = 65, - SYSDIG_SYSCALL_STAT_E = 66, - SYSDIG_SYSCALL_STAT_X = 67, - SYSDIG_SYSCALL_LSTAT_E = 68, - SYSDIG_SYSCALL_LSTAT_X = 69, - SYSDIG_SYSCALL_FSTAT_E = 70, - SYSDIG_SYSCALL_FSTAT_X = 71, - SYSDIG_SYSCALL_STAT64_E = 72, - SYSDIG_SYSCALL_STAT64_X = 73, - SYSDIG_SYSCALL_LSTAT64_E = 74, - SYSDIG_SYSCALL_LSTAT64_X = 75, - SYSDIG_SYSCALL_FSTAT64_E = 76, - SYSDIG_SYSCALL_FSTAT64_X = 77, - SYSDIG_SYSCALL_EPOLLWAIT_E = 78, - SYSDIG_SYSCALL_EPOLLWAIT_X = 79, - SYSDIG_SYSCALL_POLL_E = 80, - SYSDIG_SYSCALL_POLL_X = 81, - SYSDIG_SYSCALL_SELECT_E = 82, - SYSDIG_SYSCALL_SELECT_X = 83, - SYSDIG_SYSCALL_NEWSELECT_E = 84, - SYSDIG_SYSCALL_NEWSELECT_X = 85, - SYSDIG_SYSCALL_LSEEK_E = 86, - SYSDIG_SYSCALL_LSEEK_X = 87, - SYSDIG_SYSCALL_LLSEEK_E = 88, - SYSDIG_SYSCALL_LLSEEK_X = 89, - SYSDIG_SYSCALL_IOCTL_E = 90, - SYSDIG_SYSCALL_IOCTL_X = 91, - SYSDIG_SYSCALL_GETCWD_E = 92, - SYSDIG_SYSCALL_GETCWD_X = 93, - SYSDIG_SYSCALL_CHDIR_E = 94, - SYSDIG_SYSCALL_CHDIR_X = 95, - SYSDIG_SYSCALL_FCHDIR_E = 96, - SYSDIG_SYSCALL_FCHDIR_X = 97, - SYSDIG_SYSCALL_MKDIR_E = 98, - SYSDIG_SYSCALL_MKDIR_X = 99, - SYSDIG_SYSCALL_RMDIR_E = 100, - SYSDIG_SYSCALL_RMDIR_X = 101, - SYSDIG_SYSCALL_OPENAT_E = 102, - SYSDIG_SYSCALL_OPENAT_X = 103, - SYSDIG_SYSCALL_LINK_E = 104, - SYSDIG_SYSCALL_LINK_X = 105, - SYSDIG_SYSCALL_LINKAT_E = 106, - SYSDIG_SYSCALL_LINKAT_X = 107, - SYSDIG_SYSCALL_UNLINK_E = 108, - SYSDIG_SYSCALL_UNLINK_X = 109, - SYSDIG_SYSCALL_UNLINKAT_E = 110, - SYSDIG_SYSCALL_UNLINKAT_X = 111, - SYSDIG_SYSCALL_PREAD_E = 112, - SYSDIG_SYSCALL_PREAD_X = 113, - SYSDIG_SYSCALL_PWRITE_E = 114, - SYSDIG_SYSCALL_PWRITE_X = 115, - SYSDIG_SYSCALL_READV_E = 116, - SYSDIG_SYSCALL_READV_X = 117, - SYSDIG_SYSCALL_WRITEV_E = 118, - SYSDIG_SYSCALL_WRITEV_X = 119, - SYSDIG_SYSCALL_PREADV_E = 120, - SYSDIG_SYSCALL_PREADV_X = 121, - SYSDIG_SYSCALL_PWRITEV_E = 122, - SYSDIG_SYSCALL_PWRITEV_X = 123, - SYSDIG_SYSCALL_DUP_E = 124, - SYSDIG_SYSCALL_DUP_X = 125, - SYSDIG_SYSCALL_SIGNALFD_E = 126, - SYSDIG_SYSCALL_SIGNALFD_X = 127, - SYSDIG_SYSCALL_KILL_E = 128, - SYSDIG_SYSCALL_KILL_X = 129, - SYSDIG_SYSCALL_TKILL_E = 130, - SYSDIG_SYSCALL_TKILL_X = 131, - SYSDIG_SYSCALL_TGKILL_E = 132, - SYSDIG_SYSCALL_TGKILL_X = 133, - SYSDIG_SYSCALL_NANOSLEEP_E = 134, - SYSDIG_SYSCALL_NANOSLEEP_X = 135, - SYSDIG_SYSCALL_TIMERFD_CREATE_E = 136, - SYSDIG_SYSCALL_TIMERFD_CREATE_X = 137, - SYSDIG_SYSCALL_INOTIFY_INIT_E = 138, - SYSDIG_SYSCALL_INOTIFY_INIT_X = 139, - SYSDIG_SYSCALL_GETRLIMIT_E = 140, - SYSDIG_SYSCALL_GETRLIMIT_X = 141, - SYSDIG_SYSCALL_SETRLIMIT_E = 142, - SYSDIG_SYSCALL_SETRLIMIT_X = 143, - SYSDIG_SYSCALL_PRLIMIT_E = 144, - SYSDIG_SYSCALL_PRLIMIT_X = 145, - SYSDIG_SCHEDSWITCH_1_E = 146, - SYSDIG_SCHEDSWITCH_1_X = 147, /* This should never be called */ - SYSDIG_DROP_E = 148, /* For internal use */ - SYSDIG_DROP_X = 149, /* For internal use */ - SYSDIG_SYSCALL_FCNTL_E = 150, /* For internal use */ - SYSDIG_SYSCALL_FCNTL_X = 151, /* For internal use */ - SYSDIG_SCHEDSWITCH_6_E = 152, - SYSDIG_SCHEDSWITCH_6_X = 153, /* This should never be called */ - SYSDIG_SYSCALL_EXECVE_13_E = 154, - SYSDIG_SYSCALL_EXECVE_13_X = 155, - SYSDIG_CLONE_16_E = 156, - SYSDIG_CLONE_16_X = 157, - SYSDIG_SYSCALL_BRK_4_E = 158, - SYSDIG_SYSCALL_BRK_4_X = 159, - SYSDIG_SYSCALL_MMAP_E = 160, - SYSDIG_SYSCALL_MMAP_X = 161, - SYSDIG_SYSCALL_MMAP2_E = 162, - SYSDIG_SYSCALL_MMAP2_X = 163, - SYSDIG_SYSCALL_MUNMAP_E = 164, - SYSDIG_SYSCALL_MUNMAP_X = 165, - SYSDIG_SYSCALL_SPLICE_E = 166, - SYSDIG_SYSCALL_SPLICE_X = 167, - SYSDIG_EVENT_MAX = 168 -}; - -enum sysdig_param_type { - SYSDIG_TYPE_NONE = 0, - SYSDIG_TYPE_INT8 = 1, - SYSDIG_TYPE_INT16 = 2, - SYSDIG_TYPE_INT32 = 3, - SYSDIG_TYPE_INT64 = 4, - SYSDIG_TYPE_UINT8 = 5, - SYSDIG_TYPE_UINT16 = 6, - SYSDIG_TYPE_UINT32 = 7, - SYSDIG_TYPE_UINT64 = 8, - SYSDIG_TYPE_CHARBUF = 9, /* A printable buffer of bytes, NULL terminated */ - SYSDIG_TYPE_BYTEBUF = 10, /* A raw buffer of bytes not suitable for printing */ - SYSDIG_TYPE_ERRNO = 11, /* this is an INT64, but will be interpreted as an error code */ - SYSDIG_TYPE_SOCKADDR = 12, /* A sockaddr structure, 1byte family + data */ - SYSDIG_TYPE_SOCKTUPLE = 13, /* A sockaddr tuple,1byte family + 12byte data + 12byte data */ - SYSDIG_TYPE_FD = 14, /* An fd, 64bit */ - SYSDIG_TYPE_PID = 15, /* A pid/tid, 64bit */ - SYSDIG_TYPE_FDLIST = 16, /* A list of fds, 16bit count + count * (64bit fd + 16bit flags) */ - SYSDIG_TYPE_FSPATH = 17, /* A string containing a relative or absolute file system path, null terminated */ - SYSDIG_TYPE_SYSCALLID = 18, /* A 16bit system call ID. Can be used as a key for the g_syscall_info_table table. */ - SYSDIG_TYPE_SIGTYPE = 19, /* An 8bit signal number */ - SYSDIG_TYPE_RELTIME = 20, /* A relative time. Seconds * 10^9 + nanoseconds. 64bit. */ - SYSDIG_TYPE_ABSTIME = 21, /* An absolute time interval. Seconds from epoch * 10^9 + nanoseconds. 64bit. */ - SYSDIG_TYPE_PORT = 22, /* A TCP/UDP prt. 2 bytes. */ - SYSDIG_TYPE_L4PROTO = 23, /* A 1 byte IP protocol type. */ - SYSDIG_TYPE_SOCKFAMILY = 24, /* A 1 byte socket family. */ - SYSDIG_TYPE_BOOL = 25, /* A boolean value, 4 bytes. */ - SYSDIG_TYPE_IPV4ADDR = 26, /* A 4 byte raw IPv4 address. */ - SYSDIG_TYPE_DYN = 27, /* Type can vary depending on the context. Used for filter fields like evt.rawarg. */ - SYSDIG_TYPE_FLAGS8 = 28, /* this is an UINT8, but will be interpreted as 8 bit flags. */ - SYSDIG_TYPE_FLAGS16 = 29, /* this is an UINT16, but will be interpreted as 16 bit flags. */ - SYSDIG_TYPE_FLAGS32 = 30, /* this is an UINT32, but will be interpreted as 32 bit flags. */ -}; - -enum sysdig_print_format { - SYSDIG_PRINT_FORMAT_NA = 0, - SYSDIG_PRINT_FORMAT_DEC = 1, /* decimal */ - SYSDIG_PRINT_FORMAT_HEX = 2, /* hexadecima */ - SYSDIG_PRINT_FORMAT_10_PADDED_DEC = 3, /* decimal padded to 10 digits, useful to print the fractional part of a ns timestamp */ -}; - -enum sysdig_syscall_mode { - SYSDIG_ENTER = 0, - SYSDIG_EXIT = 1, -}; - -struct sysdig_param_info { - char name[SYSDIG_MAX_NAME_LEN]; /**< Paramter name, e.g. 'size'. */ - enum sysdig_param_type type; /**< Paramter type, e.g. 'u_int16', 'string'... */ - enum sysdig_print_format fmt; /**< If this is a numeric parameter, this flag specifies if it should be rendered as decimal or hex. */ -}; - -struct sysdig_event_info { - enum sysdig_syscall_mode mode; /**< Event mode (enter or exit). */ - char name[SYSDIG_MAX_NAME_LEN]; /**< Name. */ - u_int32_t nparams; /**< Number of parameter in the params array. */ - struct sysdig_param_info params[SYSDIG_MAX_EVENT_PARAMS]; /**< parameters descriptions. */ -}; - -struct sysdig_ring_info { - volatile u_int32_t head; - volatile u_int32_t tail; - volatile u_int64_t n_evts; /* Total number of events that were received by the driver. */ - volatile u_int64_t n_drops_buffer; /* Number of dropped events (buffer full). */ - volatile u_int64_t n_drops_pf; /* Number of dropped events (page faults). */ - volatile u_int64_t n_preemptions; /* Number of preemptions. */ - volatile u_int64_t n_context_switches; /* Number of received context switch events. */ -}; - -typedef struct { - int fd; - char *ring_mmap; - struct sysdig_ring_info *ring_info; - - u_int32_t last_evt_read_len; -} pfring_sysdig_device; - -typedef struct { - u_int8_t num_devices; - u_int32_t bytes_watermark; - pfring_sysdig_device devices[SYSDIG_MAX_NUM_DEVICES]; -} pfring_sysdig; - -#pragma pack(push, 1) -struct sysdig_event_header { - u_int64_t ts; /* timestamp, in nanoseconds from epoch */ - u_int64_t thread_id; /* the thread that generated this event */ - u_int32_t event_len; /* the event len, including the header */ - u_int16_t event_type; /* the event type */ -}; -#pragma pack(pop) - - -int pfring_mod_sysdig_open(pfring *ring); -void pfring_mod_sysdig_close(pfring *ring); -int pfring_mod_sysdig_stats(pfring *ring, pfring_stat *stats); -int pfring_mod_sysdig_recv(pfring *ring, u_char** buffer, u_int buffer_len, - struct pfring_pkthdr *hdr, u_int8_t wait_for_incoming_packet); -int pfring_mod_sysdig_poll(pfring *ring, u_int wait_duration); -int pfring_mod_sysdig_enable_ring(pfring *ring); -int pfring_mod_sysdig_set_socket_mode(pfring *ring, socket_mode mode); -int pfring_mod_sysdig_set_poll_watermark(pfring *ring, u_int16_t watermark); -int pfring_mod_sysdig_stats(pfring *ring, pfring_stat *stats); -int pfring_mod_sysdig_get_bound_device_ifindex(pfring *ring, int *if_index); -int pfring_mod_sysdig_set_bpf_filter(pfring *ring, const char *filter_buffer); -int pfring_mod_sysdig_remove_bpf_filter(pfring *ring); - -/* Public functions */ -char* sysdig_event2name(enum sysdig_event_type event_type); -const struct sysdig_event_info* sysdig_event2info(enum sysdig_event_type event_type); - -#endif /* _PFRING_MOD_SYSDIG_H_ */ diff --git a/userland/lib/pfring_utils.c b/userland/lib/pfring_utils.c index e3b1a7a67..75be6fd0d 100644 --- a/userland/lib/pfring_utils.c +++ b/userland/lib/pfring_utils.c @@ -12,7 +12,6 @@ */ #include "pfring.h" -#include "pfring_mod_sysdig.h" #include "pfring_utils.h" #include /* dlXXXX (e.g. dlopen()) */