Skip to content

Commit

Permalink
chore(userspace/libsinsp): add EPF_FORMAT_SUGGESTED filtercheck_fie…
Browse files Browse the repository at this point in the history
…ld flag.

Signed-off-by: Federico Di Pierro <[email protected]>

Co-authored-by: Jason Dellaluce <[email protected]>
  • Loading branch information
FedeDP and jasondellaluce committed Oct 21, 2024
1 parent a34cbdc commit 0195b54
Show file tree
Hide file tree
Showing 4 changed files with 22 additions and 11 deletions.
6 changes: 6 additions & 0 deletions userspace/libsinsp/filter_field.h
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ enum filtercheck_field_flags {
1 << 13, ///< data pointers extracted by this field may change across subsequent
///< extractions (even of other fields), which makes them unsafe to be used
///< with filter caching or field-to-field comparisons
EPF_FORMAT_SUGGESTED = 1 << 14, ///< this field is suggested to be used as output field
};

/**
Expand Down Expand Up @@ -105,6 +106,11 @@ struct filtercheck_field_info {
// through a memory buffer copy (e.g. with a FTR_STORAGE transformer)
//
inline bool is_ptr_unstable() const { return m_flags & EPF_NO_PTR_STABILITY; }

//
// Returns true if this field is a suggested as output
//
inline bool is_format_suggested() const { return m_flags & EPF_FORMAT_SUGGESTED; }
};

/**
Expand Down
4 changes: 3 additions & 1 deletion userspace/libsinsp/plugin.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -521,7 +521,9 @@ bool sinsp_plugin::resolve_dylib_symbols(std::string& errstr) {
}

if(jvoutput.asBool()) {
m_output_fields.emplace("%" + fname);
tf.m_flags = (filtercheck_field_flags)((int)tf.m_flags |
(int)filtercheck_field_flags::
EPF_FORMAT_SUGGESTED);
}
}

Expand Down
15 changes: 9 additions & 6 deletions userspace/libsinsp/plugin.h
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,6 @@ class sinsp_plugin {
m_scap_source_plugin(),
m_fields_info(),
m_fields(),
m_output_fields(),
m_extract_event_sources(),
m_extract_event_codes(),
m_parse_event_sources(),
Expand Down Expand Up @@ -174,12 +173,17 @@ class sinsp_plugin {
std::vector<open_param> list_open_params() const;

/** Field Extraction **/
inline const std::unordered_set<std::string>& append_outputs_fields(std::string& source) const {
static std::unordered_set<std::string> empty_set;
inline std::unordered_set<std::string> suggested_output_formats(
const std::string& source) const {
std::unordered_set<std::string> output_fields;
if(m_extract_event_sources.find(source) != m_extract_event_sources.end()) {
return m_output_fields;
for(const auto& field : m_fields) {
if(field.is_format_suggested()) {
output_fields.emplace("%" + field.m_name);
}
}
}
return empty_set;
return output_fields;
}

inline const std::unordered_set<std::string>& extract_event_sources() const {
Expand Down Expand Up @@ -245,7 +249,6 @@ class sinsp_plugin {
/** Field Extraction **/
filter_check_info m_fields_info;
std::vector<filtercheck_field_info> m_fields;
std::unordered_set<std::string> m_output_fields;
std::unordered_set<std::string> m_extract_event_sources;
libsinsp::events::set<ppm_event_code> m_extract_event_codes;

Expand Down
8 changes: 4 additions & 4 deletions userspace/libsinsp/test/plugins.ut.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -190,13 +190,13 @@ TEST_F(sinsp_with_test_input, plugin_syscall_extract) {
// its value should be present in the output.
std::string output_fmt;
bool first = true;
for(const auto& output_field : pl->append_outputs_fields(syscall_source_name)) {
for(const auto& fmt : pl->suggested_output_formats(syscall_source_name)) {
if(!first) {
output_fmt += " ";
} else {
first = false;
}
output_fmt += output_field;
output_fmt += fmt;
}
auto formatter = sinsp_evt_formatter(&m_inspector, output_fmt, pl_flist);
std::string output;
Expand Down Expand Up @@ -381,13 +381,13 @@ TEST_F(sinsp_with_test_input, plugin_custom_source) {
// its value should be present in the output.
std::string output_fmt;
bool first = true;
for(const auto& output_field : ext_pl->append_outputs_fields(evt_source)) {
for(const auto& fmt : ext_pl->suggested_output_formats(evt_source)) {
if(!first) {
output_fmt += " ";
} else {
first = false;
}
output_fmt += output_field;
output_fmt += fmt;
}
auto formatter = sinsp_evt_formatter(&m_inspector, output_fmt, filterlist);
std::string output;
Expand Down

0 comments on commit 0195b54

Please sign in to comment.