Pushes container info into lua tables for visualization

2026-05-05 19:15:03 +00:00 · 2019-04-24 12:11:28 +02:00 · 2019-04-24 12:11:28 +02:00 · 2d4488eb24
commit 2d4488eb24
parent 91da97436c
5 changed files with 48 additions and 36 deletions
--- a/include/Flow.h
+++ b/include/Flow.h
@ -178,7 +178,7 @@ class Flow : public GenericHashEntry {

  //  tcpFlags = tp->th_flags, tcpSeqNum = ntohl(tp->th_seq), tcpAckNum = ntohl(tp->th_ack), tcpWin = ntohs(tp->th_win);
  char* intoaV4(unsigned int addr, char* buf, u_short bufLen);
-  void processLua(lua_State* vm, ProcessInfo *proc, bool client);
+  void processLua(lua_State* vm, const ProcessInfo * const proc, const ContainerInfo * const cont, bool client);
  void processJson(bool is_src, json_object *my_object, ProcessInfo *proc);
  void allocDPIMemory();
  bool checkTor(char *hostname);
@ -498,7 +498,7 @@ class Flow : public GenericHashEntry {
 #ifdef HAVE_EBPF
  void setProcessInfo(eBPFevent *event, bool client_process);
 #endif
-  void setProcessInfo(const ProcessInfo * const pi, const ContainerInfo * const ci, bool client_process);
+  void setProcessInfo(const Parsed_eBPF * const ebpf, bool client_process);
 };

 #endif /* _FLOW_H_ */
--- a/include/ntop_typedefs.h
+++ b/include/ntop_typedefs.h
@ -219,6 +219,7 @@ typedef struct zmq_flow_core {
 typedef struct zmq_flow_ebpf {
  ProcessInfo process_info;
  ContainerInfo container_info;
+  bool process_info_set, container_info_set;
 } Parsed_eBPF;

 /* Handle vendor-proprietary applications.
--- a/src/Flow.cpp
+++ b/src/Flow.cpp
@ -1552,42 +1552,47 @@ void Flow::processJson(bool is_src,

 /* *************************************** */

-void Flow::processLua(lua_State* vm, ProcessInfo *proc, bool client) {
+void Flow::processLua(lua_State* vm, const ProcessInfo * const proc, const ContainerInfo * const cont, bool client) {
 #ifndef WIN32
-  Host *src = get_cli_host(), *dst = get_srv_host();
  struct passwd *pwd;
  
-  if((src == NULL) || (dst == NULL) || (proc->pid == 0)) return;
+  if(proc && proc->pid > 0) {
+    lua_newtable(vm);

-  lua_newtable(vm);
+    lua_push_uint64_table_entry(vm, "pid", proc->pid);
+    lua_push_uint64_table_entry(vm, "father_pid", proc->father_pid);
+    lua_push_str_table_entry(vm, "name", proc->process_name);
+    lua_push_str_table_entry(vm, "father_name", proc->father_process_name);
+    lua_push_uint64_table_entry(vm, "uid", proc->uid);
+    lua_push_uint64_table_entry(vm, "gid", proc->gid);
+    lua_push_uint64_table_entry(vm, "father_uid", proc->father_uid);
+    lua_push_uint64_table_entry(vm, "father_gid", proc->father_gid);

-  lua_push_uint64_table_entry(vm, "pid", proc->pid);
-  lua_push_uint64_table_entry(vm, "father_pid", proc->father_pid);
-  lua_push_str_table_entry(vm, "name", proc->process_name);
-  lua_push_str_table_entry(vm, "father_name", proc->father_process_name);
-  lua_push_uint64_table_entry(vm, "uid", proc->uid);
-  lua_push_uint64_table_entry(vm, "gid", proc->gid);
-  lua_push_uint64_table_entry(vm, "father_uid", proc->father_uid);
-  lua_push_uint64_table_entry(vm, "father_gid", proc->father_gid);
+    /* TODO: improve code efficiency */
+    pwd = getpwuid(proc->uid);
+    lua_push_str_table_entry(vm, "user_name", pwd ? pwd->pw_name : "");

-  /* TODO: improve code efficiency */
-  pwd = getpwuid(proc->uid);
-  lua_push_str_table_entry(vm, "user_name", pwd ? pwd->pw_name : "");
+    pwd = getpwuid(proc->father_uid);
+    lua_push_str_table_entry(vm, "father_user_name", pwd ? pwd->pw_name : "");

-  pwd = getpwuid(proc->father_uid);
-  lua_push_str_table_entry(vm, "father_user_name", pwd ? pwd->pw_name : "");
-
-#if 0
-  lua_push_uint64_table_entry(vm, "actual_memory", proc->actual_memory);
-  lua_push_uint64_table_entry(vm, "peak_memory", proc->peak_memory);
-  lua_push_float_table_entry(vm, "average_cpu_load", proc->average_cpu_load);
-  lua_push_float_table_entry(vm, "percentage_iowait_time", proc->percentage_iowait_time);
-  lua_push_uint64_table_entry(vm, "num_vm_page_faults", proc->num_vm_page_faults);
-#endif
-  lua_pushstring(vm, client ? "client_process" : "server_process");
-  lua_insert(vm, -2);
-  lua_settable(vm, -3);
+    lua_pushstring(vm, client ? "client_process" : "server_process");
+    lua_insert(vm, -2);
+    lua_settable(vm, -3);
 #endif
+  }
+
+  if(cont) {
+    lua_newtable(vm);
+
+    if(cont->id)       lua_push_str_table_entry(vm, "id", cont->id);
+    if(cont->k8s.name) lua_push_str_table_entry(vm, "k8s.name", cont->k8s.name);
+    if(cont->k8s.pod)  lua_push_str_table_entry(vm, "k8s.pod", cont->k8s.pod);
+    if(cont->k8s.ns)   lua_push_str_table_entry(vm, "k8s.ns", cont->k8s.ns);
+
+    lua_pushstring(vm, client ? "client_container" : "server_container");
+    lua_insert(vm, -2);
+    lua_settable(vm, -3);
+  }
 }

 /* *************************************** */
@ -1839,8 +1844,8 @@ void Flow::lua(lua_State* vm, AddressTree * ptree,

    lua_push_str_table_entry(vm, "moreinfo.json", get_json_info());

-    if(client_proc) processLua(vm, client_proc, true);
-    if(server_proc) processLua(vm, server_proc, false);
+    if(client_proc) processLua(vm, client_proc, client_cont, true);
+    if(server_proc) processLua(vm, server_proc, server_cont, false);

    // overall throughput stats
    lua_push_float_table_entry(vm,  "top_throughput_bps",   top_bytes_thpt);
@ -3679,7 +3684,9 @@ void Flow::setProcessInfo(eBPFevent *event, bool client_process) {

 /* ***************************************************** */

-void Flow::setProcessInfo(const ProcessInfo * const pi, const ContainerInfo * const ci, bool client_process) {
+void Flow::setProcessInfo(const Parsed_eBPF * const ebpf, bool client_process) {
+  const ProcessInfo *pi = ebpf && ebpf->process_info_set ? &ebpf->process_info : NULL;
+  const ContainerInfo *ci = ebpf && ebpf->container_info_set ? &ebpf->container_info : NULL;
  ProcessInfo   **process_info   = client_process ? &client_proc : &server_proc;
  ContainerInfo **container_info = client_process ? &client_cont : &server_cont;

--- a/src/NetworkInterface.cpp
+++ b/src/NetworkInterface.cpp
@ -1207,7 +1207,7 @@ void NetworkInterface::processFlow(Parsed_Flow *zflow, bool zmq_flow) {
    flow->setFlowApplLatency(zflow->core.tcp.applLatencyMsec);

  /* Update process and container info */
-  flow->setProcessInfo(&zflow->ebpf.process_info, &zflow->ebpf.container_info,
+  flow->setProcessInfo(&zflow->ebpf,
 		       src2dst_direction /* FIX: direction also depends on the type of event. */);


--- a/src/ZMQParserInterface.cpp
+++ b/src/ZMQParserInterface.cpp
@ -526,6 +526,7 @@ bool ZMQParserInterface::parseNProbeMiniField(Parsed_Flow * const flow, const ch
    if(json_object_object_get_ex(jvalue, "USER_ID", &obj))      flow->ebpf.process_info.uid = (u_int32_t)json_object_get_int64(obj);
    if(json_object_object_get_ex(jvalue, "GROUP_ID", &obj))     flow->ebpf.process_info.gid = (u_int32_t)json_object_get_int64(obj);
    if(json_object_object_get_ex(jvalue, "PROCESS_PATH", &obj)) flow->ebpf.process_info.process_name = (char*)json_object_get_string(obj);
+    if(!flow->ebpf.process_info_set) flow->ebpf.process_info_set = true;
    ret = true;

    // ntop->getTrace()->traceEvent(TRACE_NORMAL, "Process [pid: %u][uid: %u][gid: %u][path: %s]",
@ -536,6 +537,7 @@ bool ZMQParserInterface::parseNProbeMiniField(Parsed_Flow * const flow, const ch
    if(json_object_object_get_ex(jvalue, "USER_ID", &obj))      flow->ebpf.process_info.father_uid = (u_int32_t)json_object_get_int64(obj);
    if(json_object_object_get_ex(jvalue, "GROUP_ID", &obj))     flow->ebpf.process_info.father_gid = (u_int32_t)json_object_get_int64(obj);
    if(json_object_object_get_ex(jvalue, "PROCESS_PATH", &obj)) flow->ebpf.process_info.father_process_name = (char*)json_object_get_string(obj);
+    if(!flow->ebpf.process_info_set) flow->ebpf.process_info_set = true;
    ret = true;

    // ntop->getTrace()->traceEvent(TRACE_NORMAL, "Father Process [pid: %u][uid: %u][gid: %u][path: %s]",
@ -547,9 +549,11 @@ bool ZMQParserInterface::parseNProbeMiniField(Parsed_Flow * const flow, const ch

    if(json_object_object_get_ex(jvalue, "KUBE", &obj)) {
      if(json_object_object_get_ex(obj, "NAME", &obj2)) flow->ebpf.container_info.k8s.name = (char*)json_object_get_string(obj2);
-      if(json_object_object_get_ex(obj, "POD", &obj2))  flow->ebpf.container_info.k8s.pod = (char*)json_object_get_string(obj2);
-      if(json_object_object_get_ex(obj, "NS", &obj2))   flow->ebpf.container_info.k8s.ns = (char*)json_object_get_string(obj2);
+      if(json_object_object_get_ex(obj, "POD", &obj2))  flow->ebpf.container_info.k8s.pod  = (char*)json_object_get_string(obj2);
+      if(json_object_object_get_ex(obj, "NS", &obj2))   flow->ebpf.container_info.k8s.ns   = (char*)json_object_get_string(obj2);
    }
+
+    if(!flow->ebpf.container_info_set) flow->ebpf.container_info_set = true;
    ret = true;

    // ntop->getTrace()->traceEvent(TRACE_NORMAL, "Container [id: %s] K8S [name: %s][pod: %s][ns: %s]",