From 1eb59b18ec351815ce8b5d36c607a33581c9794e Mon Sep 17 00:00:00 2001 From: Melissa Kilby Date: Sat, 24 Feb 2024 22:33:30 +0000 Subject: [PATCH 1/3] feat(libsinsp/container_info): change default / init lookup state to FAILED Signed-off-by: Melissa Kilby --- userspace/libsinsp/container_info.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/userspace/libsinsp/container_info.h b/userspace/libsinsp/container_info.h index 4f2493bfef..3f53a7dd33 100644 --- a/userspace/libsinsp/container_info.h +++ b/userspace/libsinsp/container_info.h @@ -55,7 +55,7 @@ class sinsp_container_lookup sinsp_container_lookup(short max_retry = 3, short max_delay_ms = 500): m_max_retry(max_retry), m_max_delay_ms(max_delay_ms), - m_state(state::SUCCESSFUL), + m_state(state::FAILED), m_retry(0) { assert(max_retry >= 0); @@ -132,7 +132,7 @@ class sinsp_container_lookup private: short m_max_retry; short m_max_delay_ms; - state m_state = state::SUCCESSFUL; + state m_state = state::FAILED; short m_retry; }; From b033ecc4411248ffdec39fcce922c15f7c8af7f1 Mon Sep 17 00:00:00 2001 From: Melissa Kilby Date: Mon, 11 Mar 2024 17:37:32 +0000 Subject: [PATCH 2/3] update(tests): define explicit SUCESSFUL container lookup status Signed-off-by: Melissa Kilby --- .../container_parser_cri_containerd.ut.cpp | 2 ++ .../container_engine/container_parser_cri_crio.ut.cpp | 2 ++ userspace/libsinsp/test/events_plugin.ut.cpp | 9 +++++++-- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/userspace/libsinsp/test/container_engine/container_parser_cri_containerd.ut.cpp b/userspace/libsinsp/test/container_engine/container_parser_cri_containerd.ut.cpp index 3e580347dd..2c6023b89f 100644 --- a/userspace/libsinsp/test/container_engine/container_parser_cri_containerd.ut.cpp +++ b/userspace/libsinsp/test/container_engine/container_parser_cri_containerd.ut.cpp @@ -647,6 +647,7 @@ TEST_F(sinsp_with_test_input, container_parser_cri_containerd) "blkio=/k8s.io/3ad7b26ded6d8e7b23da7d48fe889434573036c27ae5a74837233de441c3601e", "memory=/k8s.io/3ad7b26ded6d8e7b23da7d48fe889434573036c27ae5a74837233de441c3601e"}; std::string cgroupsv = test_utils::to_null_delimited(cgroups); + container.set_lookup_status(sinsp_container_lookup::state::SUCCESSFUL); std::string container_json = m_inspector.m_container_manager.container_to_json(container); add_event_advance_ts(increasing_ts(), parent_tid, PPME_SYSCALL_CLONE_20_E, 0); add_event_advance_ts(increasing_ts(), parent_tid, PPME_SYSCALL_CLONE_20_X, 20, child_tid, "bash", empty_bytebuf, (uint64_t)1, (uint64_t)1, (uint64_t)0, "", (uint64_t)0, (uint64_t)0, (uint64_t)0, (uint32_t)12088, (uint32_t)7208, (uint32_t)0, "bash", scap_const_sized_buffer{cgroupsv.data(), cgroupsv.size()}, (uint32_t)(PPM_CL_CLONE_CHILD_CLEARTID | PPM_CL_CLONE_CHILD_SETTID | PPM_CL_CLONE_NEWPID | PPM_CL_CHILD_IN_PIDNS), (uint32_t)1000, (uint32_t)1000, (uint64_t)parent_tid, (uint64_t)parent_pid); @@ -782,6 +783,7 @@ TEST_F(sinsp_with_test_input, container_parser_cri_containerd_sandbox_container) "blkio=/k8s.io/63060edc2d3aa803ab559f2393776b151f99fc5b05035b21db66b3b62246ad6a", "memory=/k8s.io/63060edc2d3aa803ab559f2393776b151f99fc5b05035b21db66b3b62246ad6a"}; std::string cgroupsv = test_utils::to_null_delimited(cgroups); + container.set_lookup_status(sinsp_container_lookup::state::SUCCESSFUL); std::string container_json = m_inspector.m_container_manager.container_to_json(container); add_event_advance_ts(increasing_ts(), parent_tid, PPME_SYSCALL_CLONE_20_E, 0); add_event_advance_ts(increasing_ts(), parent_tid, PPME_SYSCALL_CLONE_20_X, 20, child_tid, "bash", empty_bytebuf, (uint64_t)1, (uint64_t)1, (uint64_t)0, "", (uint64_t)0, (uint64_t)0, (uint64_t)0, (uint32_t)12088, (uint32_t)7208, (uint32_t)0, "bash", scap_const_sized_buffer{cgroupsv.data(), cgroupsv.size()}, (uint32_t)(PPM_CL_CLONE_CHILD_CLEARTID | PPM_CL_CLONE_CHILD_SETTID | PPM_CL_CLONE_NEWPID | PPM_CL_CHILD_IN_PIDNS), (uint32_t)1000, (uint32_t)1000, (uint64_t)parent_tid, (uint64_t)parent_pid); diff --git a/userspace/libsinsp/test/container_engine/container_parser_cri_crio.ut.cpp b/userspace/libsinsp/test/container_engine/container_parser_cri_crio.ut.cpp index d5c59896bf..f15ec4e303 100644 --- a/userspace/libsinsp/test/container_engine/container_parser_cri_crio.ut.cpp +++ b/userspace/libsinsp/test/container_engine/container_parser_cri_crio.ut.cpp @@ -643,6 +643,7 @@ TEST_F(sinsp_with_test_input, container_parser_cri_crio) "pids=/pod_123.slice/pod_123-456.slice/crio-49ecc282021562c567a8159ef424a06cdd8637efdca5953de9794eafe29adcad.scope", "misc=/pod_123.slice/pod_123-456.slice/crio-49ecc282021562c567a8159ef424a06cdd8637efdca5953de9794eafe29adcad.scope"}; std::string cgroupsv = test_utils::to_null_delimited(cgroups); + container.set_lookup_status(sinsp_container_lookup::state::SUCCESSFUL); std::string container_json = m_inspector.m_container_manager.container_to_json(container); add_event_advance_ts(increasing_ts(), parent_tid, PPME_SYSCALL_CLONE_20_E, 0); add_event_advance_ts(increasing_ts(), parent_tid, PPME_SYSCALL_CLONE_20_X, 20, child_tid, "bash", empty_bytebuf, (uint64_t)1, (uint64_t)1, (uint64_t)0, "", (uint64_t)0, (uint64_t)0, (uint64_t)0, (uint32_t)12088, (uint32_t)7208, (uint32_t)0, "bash", scap_const_sized_buffer{cgroupsv.data(), cgroupsv.size()}, (uint32_t)(PPM_CL_CLONE_CHILD_CLEARTID | PPM_CL_CLONE_CHILD_SETTID | PPM_CL_CLONE_NEWPID | PPM_CL_CHILD_IN_PIDNS), (uint32_t)1000, (uint32_t)1000, (uint64_t)parent_tid, (uint64_t)parent_pid); @@ -745,6 +746,7 @@ TEST_F(sinsp_with_test_input, container_parser_cri_crio_sandbox_container) "pids=/pod_123.slice/pod_123-456.slice/crio-1f04600dc6949359da68eee5fe7c4069706a567c07d1ef89fe3bbfdeac7a6dca.scope", "misc=/pod_123.slice/pod_123-456.slice/crio-1f04600dc6949359da68eee5fe7c4069706a567c07d1ef89fe3bbfdeac7a6dca.scope"}; std::string cgroupsv = test_utils::to_null_delimited(cgroups); + container.set_lookup_status(sinsp_container_lookup::state::SUCCESSFUL); std::string container_json = m_inspector.m_container_manager.container_to_json(container); add_event_advance_ts(increasing_ts(), parent_tid, PPME_SYSCALL_CLONE_20_E, 0); add_event_advance_ts(increasing_ts(), parent_tid, PPME_SYSCALL_CLONE_20_X, 20, child_tid, "bash", empty_bytebuf, (uint64_t)1, (uint64_t)1, (uint64_t)0, "", (uint64_t)0, (uint64_t)0, (uint64_t)0, (uint32_t)12088, (uint32_t)7208, (uint32_t)0, "bash", scap_const_sized_buffer{cgroupsv.data(), cgroupsv.size()}, (uint32_t)(PPM_CL_CLONE_CHILD_CLEARTID | PPM_CL_CLONE_CHILD_SETTID | PPM_CL_CLONE_NEWPID | PPM_CL_CHILD_IN_PIDNS), (uint32_t)1000, (uint32_t)1000, (uint64_t)parent_tid, (uint64_t)parent_pid); diff --git a/userspace/libsinsp/test/events_plugin.ut.cpp b/userspace/libsinsp/test/events_plugin.ut.cpp index fda0ecc554..06eaa36efa 100644 --- a/userspace/libsinsp/test/events_plugin.ut.cpp +++ b/userspace/libsinsp/test/events_plugin.ut.cpp @@ -131,8 +131,13 @@ TEST_F(sinsp_with_test_input, event_sources) ASSERT_FALSE(field_has_value(evt, "evt.asynctype")); // metaevents have the "syscall" event source - evt = add_event_advance_ts(increasing_ts(), 1, PPME_CONTAINER_JSON_E, 1, "{\"value\": 1}"); - ASSERT_EQ(evt->get_type(), PPME_CONTAINER_JSON_E); + std::shared_ptr container = std::make_shared(); + container->m_type = CT_CONTAINERD; + container->m_id = "3ad7b26ded6d"; + container->set_lookup_status(sinsp_container_lookup::state::SUCCESSFUL); + std::string container_json = m_inspector.m_container_manager.container_to_json(*container); + evt = add_event_advance_ts(increasing_ts(), -1, PPME_CONTAINER_JSON_2_E, 1, container_json.c_str()); + ASSERT_EQ(evt->get_type(), PPME_CONTAINER_JSON_2_E); ASSERT_EQ(evt->get_source_idx(), syscall_source_idx); ASSERT_EQ(std::string(evt->get_source_name()), syscall_source_name); ASSERT_EQ(get_field_as_string(evt, "evt.source"), syscall_source_name); From a68fce9b9c9cbaf72fcf28a21936459586df0b4f Mon Sep 17 00:00:00 2001 From: Melissa Kilby Date: Tue, 12 Mar 2024 18:25:55 +0000 Subject: [PATCH 3/3] fix(container_engine): explicitely set lookup state for all engines Signed-off-by: Melissa Kilby --- userspace/libsinsp/container_engine/bpm.cpp | 1 + userspace/libsinsp/container_engine/docker/base.cpp | 1 + userspace/libsinsp/container_engine/libvirt_lxc.cpp | 1 + userspace/libsinsp/container_engine/lxc.cpp | 1 + userspace/libsinsp/container_engine/mesos.cpp | 1 + userspace/libsinsp/container_engine/rkt.cpp | 1 + 6 files changed, 6 insertions(+) diff --git a/userspace/libsinsp/container_engine/bpm.cpp b/userspace/libsinsp/container_engine/bpm.cpp index 298954f75d..9e482d1cb7 100644 --- a/userspace/libsinsp/container_engine/bpm.cpp +++ b/userspace/libsinsp/container_engine/bpm.cpp @@ -61,6 +61,7 @@ bool bpm::resolve(sinsp_threadinfo *tinfo, bool query_os_for_missing_info) if(container_cache().should_lookup(container_info.m_id, CT_BPM)) { container_info.m_name = container_info.m_id; + container_info.set_lookup_status(sinsp_container_lookup::state::SUCCESSFUL); container_cache().add_container(std::make_shared(container_info), tinfo); container_cache().notify_new_container(container_info, tinfo); } diff --git a/userspace/libsinsp/container_engine/docker/base.cpp b/userspace/libsinsp/container_engine/docker/base.cpp index 287e91064a..b5b29a2da7 100644 --- a/userspace/libsinsp/container_engine/docker/base.cpp +++ b/userspace/libsinsp/container_engine/docker/base.cpp @@ -33,6 +33,7 @@ docker_base::resolve_impl(sinsp_threadinfo *tinfo, const docker_lookup_request& auto container = sinsp_container_info(); container.m_type = request.container_type; container.m_id = request.container_id; + container.set_lookup_status(sinsp_container_lookup::state::SUCCESSFUL); cache->notify_new_container(container, tinfo); return true; } diff --git a/userspace/libsinsp/container_engine/libvirt_lxc.cpp b/userspace/libsinsp/container_engine/libvirt_lxc.cpp index c92bbfb59e..c62db286a7 100644 --- a/userspace/libsinsp/container_engine/libvirt_lxc.cpp +++ b/userspace/libsinsp/container_engine/libvirt_lxc.cpp @@ -85,6 +85,7 @@ bool libvirt_lxc::resolve(sinsp_threadinfo *tinfo, bool query_os_for_missing_inf if(container_cache().should_lookup(container.m_id, CT_LIBVIRT_LXC)) { container.m_name = container.m_id; + container.set_lookup_status(sinsp_container_lookup::state::SUCCESSFUL); container_cache().add_container(std::make_shared(container), tinfo); container_cache().notify_new_container(container, tinfo); } diff --git a/userspace/libsinsp/container_engine/lxc.cpp b/userspace/libsinsp/container_engine/lxc.cpp index 1e1a5de461..f217b7749d 100644 --- a/userspace/libsinsp/container_engine/lxc.cpp +++ b/userspace/libsinsp/container_engine/lxc.cpp @@ -64,6 +64,7 @@ bool lxc::resolve(sinsp_threadinfo *tinfo, bool query_os_for_missing_info) if (container_cache().should_lookup(container.m_id, CT_LXC)) { container.m_name = container.m_id; + container.set_lookup_status(sinsp_container_lookup::state::SUCCESSFUL); container_cache().add_container(std::make_shared(container), tinfo); container_cache().notify_new_container(container, tinfo); } diff --git a/userspace/libsinsp/container_engine/mesos.cpp b/userspace/libsinsp/container_engine/mesos.cpp index 9154aad969..22d123fcee 100644 --- a/userspace/libsinsp/container_engine/mesos.cpp +++ b/userspace/libsinsp/container_engine/mesos.cpp @@ -62,6 +62,7 @@ bool libsinsp::container_engine::mesos::resolve(sinsp_threadinfo* tinfo, bool qu if(container_cache().should_lookup(container.m_id, CT_MESOS)) { container.m_name = container.m_id; + container.set_lookup_status(sinsp_container_lookup::state::SUCCESSFUL); container_cache().add_container(std::make_shared(container), tinfo); container_cache().notify_new_container(container, tinfo); } diff --git a/userspace/libsinsp/container_engine/rkt.cpp b/userspace/libsinsp/container_engine/rkt.cpp index a365c5f367..29556020fa 100644 --- a/userspace/libsinsp/container_engine/rkt.cpp +++ b/userspace/libsinsp/container_engine/rkt.cpp @@ -188,6 +188,7 @@ bool rkt::rkt::resolve(sinsp_threadinfo* tinfo, bool query_os_for_missing_info) if (have_rkt) { + container.set_lookup_status(sinsp_container_lookup::state::SUCCESSFUL); cache->add_container(std::make_shared(container), tinfo); cache->notify_new_container(container, tinfo); return true;