fix: various fixes

Signed-off-by: Roberto Scolaro <[email protected]>

Author: therealbobo

userspace/chisel/chisel.cpp

@@ -251,7 +251,7 @@ void chiselinfo::set_callback_precise_interval(uint64_t interval)
 ///////////////////////////////////////////////////////////////////////////////
 // chisel implementation
 ///////////////////////////////////////////////////////////////////////////////
-sinsp_chisel::sinsp_chisel(sinsp* inspector, std::string filename, bool is_file)
+sinsp_chisel::sinsp_chisel(sinsp* inspector, std::string filename, std::shared_ptr<sinsp_filter_check_list> filter_list, bool is_file)
 {
 	m_inspector = inspector;
 	m_ls = NULL;
@@ -261,6 +261,7 @@ sinsp_chisel::sinsp_chisel(sinsp* inspector, std::string filename, bool is_file)
 	m_lua_last_interval_sample_time = 0;
 	m_lua_last_interval_ts = 0;
 	m_udp_socket = 0;
+	m_filter_check_list = std::move(filter_list);
 
 	load(filename, is_file);
 }

userspace/chisel/chisel.h

@@ -135,7 +135,7 @@ class chiselinfo
 class sinsp_chisel
 {
 public:
-	sinsp_chisel(sinsp* inspector, std::string filename, bool is_file = true);
+    sinsp_chisel(sinsp* inspector, std::string filename, std::shared_ptr<sinsp_filter_check_list> filter_list, bool is_file = true);
 	~sinsp_chisel();
 
 	static void add_lua_package_path(lua_State* ls, const std::string& path);

userspace/chisel/chisel_api.cpp

@@ -1152,7 +1152,7 @@ int lua_cbacks::get_container_table(lua_State *ls)
 	// Go through the list
 	//
 	if(ctable != nullptr) {
-		auto fld_id = ctable->get_field<std::string>("container_id");
+		auto fld_id = ctable->get_field<std::string>("id");
 		auto fld_name = ctable->get_field<std::string>("name");
 		auto fld_image = ctable->get_field<std::string>("image");
 		auto fld_type = ctable->get_field<int>("type");
@@ -1178,6 +1178,9 @@ int lua_cbacks::get_container_table(lua_State *ls)
 			lua_pushliteral(ls, "type");
 			switch (type)
 			{
+			case container_type::CT_HOST:
+				lua_pushstring(ls, "");
+				break;
 			case container_type::CT_DOCKER:
 				lua_pushstring(ls, "docker");
 				break;

userspace/sinspui/cursescomponents.cpp

@@ -129,7 +129,12 @@ const char* spy_text_renderer::process_event_spy(sinsp_evt* evt, int64_t* len)
 	//
 	// Get and validate the length
 	//
-	const sinsp_evt_param* parinfo = evt->get_param(0);
+	const sinsp_evt_param* parinfo;
+    try {
+        parinfo = evt->get_param(0);
+    } catch (...) {
+        return NULL;
+    }
 	ASSERT(parinfo->m_len == sizeof(int64_t));
 	*len = *(int64_t*)parinfo->m_val;
 	if(*len <= 0)

userspace/sysdig/CMakeLists.txt

@@ -45,12 +45,16 @@ else()
 endif()
 
 list(APPEND SOURCE_FILES
+    filterchecks/sinsp_filtercheck_syslog.cpp
+    utils/sinsp_syslog.cpp
 	utils/sinsp_opener.cpp
 	utils/plugin_utils.cpp
 	utils/supported_events.cpp
 	utils/supported_fields.cpp)
 
 list(APPEND SOURCE_FILES_CSYSDIG
+    filterchecks/sinsp_filtercheck_syslog.cpp
+    utils/sinsp_syslog.cpp
 	utils/sinsp_opener.cpp
 	utils/plugin_utils.cpp
 	utils/supported_events.cpp

userspace/sysdig/csysdig.cpp

@@ -44,6 +44,7 @@ limitations under the License.
 #include "utils/plugin_utils.h"
 #include "utils/sinsp_opener.h"
 #include "utils/supported_fields.h"
+#include "filterchecks/sinsp_filtercheck_syslog.h"
 
 #ifdef _WIN32
 #include "win32/getopt.h"
@@ -258,7 +259,8 @@ static void print_views(chisel_view_manager* view_manager)
 captureinfo do_inspect(sinsp* inspector,
 					   uint64_t cnt,
 					   sinsp_cursesui* ui,
-					   const chisel_table::output_type& output_type)
+					   const chisel_table::output_type& output_type,
+                       std::shared_ptr<sinsp_syslog_decoder> syslog_decoder)
 {
 	captureinfo retval;
 	int32_t res;
@@ -279,7 +281,9 @@ captureinfo do_inspect(sinsp* inspector,
 			break;
 		}
 
+        syslog_decoder->reset();
 		res = inspector->next(&ev);
+        syslog_decoder->parse(ev);
 
 		if(res == SCAP_TIMEOUT || res == SCAP_FILTERED_EVENT)
 		{
@@ -352,6 +356,7 @@ sysdig_init_res csysdig_init(int argc, char **argv)
 	int32_t json_last_row = 0;
 	int32_t sorting_col = -1;
 	bool list_views = false;
+    std::shared_ptr<sinsp_syslog_decoder> syslog_decoder = std::make_shared<sinsp_syslog_decoder>();
 
 #ifndef _WIN32
 	chisel_table::output_type output_type = chisel_table::OT_CURSES;
@@ -643,6 +648,7 @@ sysdig_init_res csysdig_init(int argc, char **argv)
 
 		// TODO(therealbobo): add plugins filterchecks
 		filter_list = std::make_shared<sinsp_filter_check_list>();
+        filter_list->add_filter_check(std::make_unique<sinsp_filter_check_syslog>(syslog_decoder));
 		plugins.init_loaded_plugins(inspector, filter_list.get());
 
 		for (auto plugin : inspector->m_plugin_manager->plugins())
@@ -895,10 +901,7 @@ sysdig_init_res csysdig_init(int argc, char **argv)
 			//
 			// Start the capture loop
 			//
-			cinfo = do_inspect(inspector,
-				cnt,
-				&ui,
-				output_type);
+            cinfo = do_inspect(inspector, cnt, &ui, output_type, syslog_decoder);
 
 			if(output_type == chisel_table::OT_JSON)
 			{

userspace/sysdig/sysdig.cpp

@@ -48,6 +48,8 @@ limitations under the License.
 #include <chisel/chisel_fields_info.h>
 #endif
 
+#include "filterchecks/sinsp_filtercheck_syslog.h"
+
 #include "utils/sinsp_opener.h"
 #include "utils/plugin_utils.h"
 #include "utils/supported_events.h"
@@ -696,19 +698,15 @@ std::vector<std::string> split_nextrun_args(std::string na)
 //
 // Event processing loop
 //
-captureinfo do_inspect(sinsp* inspector,
-	sinsp_cycledumper* dumper,
-	uint64_t cnt,
-	uint64_t duration_to_tot_ns,
-	bool quiet,
-	bool json,
-	bool do_flush,
-	bool reset_colors,
-	bool print_progress,
-	std::unique_ptr<sinsp_filter> display_filter,
-	std::vector<summary_table_entry> &summary_table,
-	sinsp_evt_formatter* syscall_evt_formatter,
-	sinsp_evt_formatter* plugin_evt_formatter)
+captureinfo do_inspect(sinsp *inspector, sinsp_cycledumper *dumper,
+                       uint64_t cnt, uint64_t duration_to_tot_ns, bool quiet,
+                       bool json, bool do_flush, bool reset_colors,
+                       bool print_progress,
+                       std::unique_ptr<sinsp_filter> display_filter,
+                       std::vector<summary_table_entry> &summary_table,
+                       sinsp_evt_formatter *syscall_evt_formatter,
+                       sinsp_evt_formatter *plugin_evt_formatter,
+                       std::shared_ptr<sinsp_syslog_decoder> syslog_decoder)
 {
 	captureinfo retval;
 	int32_t res;
@@ -745,7 +743,10 @@ captureinfo do_inspect(sinsp* inspector,
 			handle_end_of_file(inspector, print_progress, reset_colors, formatter);
 			break;
 		}
+        syslog_decoder->reset();
 		res = inspector->next(&ev);
+        syslog_decoder->parse(ev);
+
 		if(dumper && ev && res != SCAP_EOF)
 		{
 			dumper->dump(ev);
@@ -825,9 +826,9 @@ captureinfo do_inspect(sinsp* inspector,
 #ifdef HAS_CHISELS
 		if(!g_chisels.empty())
 		{
-			for(std::vector<sinsp_chisel*>::iterator it = g_chisels.begin(); it != g_chisels.end(); ++it)
+			for(const auto& chisel : g_chisels)
 			{
-				if((*it)->run(ev) == false)
+				if(chisel->run(ev) == false)
 				{
 					continue;
 				}
@@ -1008,6 +1009,7 @@ sysdig_init_res sysdig_init(int argc, char **argv)
 	std::shared_ptr<sinsp_filter_factory> filter_factory;
 	color_term_out color_flag = COLOR;
 	bool user_defined_format = false;
+    std::shared_ptr<sinsp_syslog_decoder> syslog_decoder = std::make_shared<sinsp_syslog_decoder>();
 
 	// These variables are for the cycle_writer engine
 	int duration_seconds = 0;
@@ -1085,6 +1087,7 @@ sysdig_init_res sysdig_init(int argc, char **argv)
 		inspector->set_hostname_and_port_resolution_mode(false);
 
 		filter_list.reset(new sinsp_filter_check_list());
+        filter_list->add_filter_check(std::make_unique<sinsp_filter_check_syslog>(syslog_decoder));
 		filter_factory.reset(new sinsp_filter_factory(inspector.get(), *filter_list.get()));
 
 #ifdef HAS_CHISELS
@@ -1148,6 +1151,7 @@ sysdig_init_res sysdig_init(int argc, char **argv)
 
 					// TODO(therealbobo): add plugins filterchecks
 					auto filter_list = std::make_shared<sinsp_filter_check_list>();
+                    filter_list->add_filter_check(std::make_unique<sinsp_filter_check_syslog>(syslog_decoder));
 
 					for (auto plugin : inspector->m_plugin_manager->plugins())
 					{
@@ -1158,7 +1162,7 @@ sysdig_init_res sysdig_init(int argc, char **argv)
 						}
 					}
 					auto tmp_filter_factory = std::make_shared<sinsp_filter_factory>(inspector.get(), *filter_list.get());
-					sinsp_chisel* ch = new sinsp_chisel(inspector.get(), chisel);
+					sinsp_chisel* ch = new sinsp_chisel(inspector.get(), chisel, filter_list);
 					parse_chisel_args(ch, tmp_filter_factory, optind, argc, argv, &n_filterargs);
 					g_chisels.push_back(ch);
 				}
@@ -1701,6 +1705,7 @@ sysdig_init_res sysdig_init(int argc, char **argv)
 		for (auto &ch : g_chisels)
 		{
 			auto filter_list = std::make_shared<sinsp_filter_check_list>();
+            filter_list->add_filter_check(std::make_unique<sinsp_filter_check_syslog>(syslog_decoder));
 
 			for (auto plugin : inspector->m_plugin_manager->plugins())
 			{
@@ -1905,19 +1910,14 @@ sysdig_init_res sysdig_init(int argc, char **argv)
 			// from messing up the output and possibly the shell line after program termination.
 			disable_tty_echo();
 #endif
-			cinfo = do_inspect(inspector.get(),
-				dumper.get(),
-				cnt,
-				uint64_t(duration_to_tot*ONE_SECOND_IN_NS),
-				quiet,
-				jflag,
-				unbuf_flag,
-				reset_colors,
-				opener.options.print_progress,
-				std::move(display_filter),
-				summary_table,
-				&syscall_evt_formatter,
-				&plugin_evt_formatter);
+                        cinfo = do_inspect(
+                            inspector.get(), dumper.get(), cnt,
+                            uint64_t(duration_to_tot * ONE_SECOND_IN_NS), quiet,
+                            jflag, unbuf_flag, reset_colors,
+                            opener.options.print_progress,
+                            std::move(display_filter), summary_table,
+                            &syscall_evt_formatter, &plugin_evt_formatter,
+                            syslog_decoder);
 
 			duration = ((double)clock()) / CLOCKS_PER_SEC - duration;