libs
libs copied to clipboard
falcosecurity
fix(userspace/libsinsp): multiple fixes related to rawargs.
What type of PR is this?
/kind bug
Any specific area of the project related to this PR?
/area libsinsp
Does this PR require a change in the driver versions?
What this PR does / why we need it:
Firstly, properly refresh m_arginfo and m_customfield type and print format given current event while extracting rawarg values.
Secondly, properly support PT_FLAGS, PT_ENUMFLAGS, PT_UID and PT_GID types in rawval_to_json and rawval_to_string.
Lastly, honor PF_HEX print format for 8,16,32bits types.
Also, added a test.
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
These issues were found by @Andreagit97 while working on the syscall enter dropping (https://github.com/falcosecurity/libs/pull/2068)
Does this PR introduce a user-facing change?:
fix(userspace/libsinsp): multiple fixes related to rawargs.
Perf diff from master - unit tests
9.25% -2.50% [.] sinsp::next
0.52% +0.80% [.] sinsp_evt::get_ts
10.22% -0.74% [.] sinsp_parser::reset
4.34% +0.74% [.] next
5.16% -0.73% [.] sinsp_evt::get_type
1.24% -0.71% [.] sinsp_evt::get_param
1.55% +0.60% [.] sinsp::fetch_next_event
0.93% -0.57% [.] scap_file_test_helpers::capture_search_evt_by_num
1.19% -0.50% [.] std::_Hashtable<long, std::pair<long const, std::shared_ptr<sinsp_threadinfo> >, std::allocator<std::pair<long const, std::shared_ptr<sinsp_threadinfo> > >, std::__detail::_Select1st, std::equal_to<long>, std::hash<long>, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<false, false, true> >::find
0.72% -0.47% [.] std::_Hashtable<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libsinsp::state::dynamic_struct::field_info>, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, libsinsp::state::dynamic_struct::field_info> >, std::__detail::_Select1st, std::equal_to<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::hash<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<true, false, true> >::_M_insert_unique_node
Heap diff from master - unit tests
peak heap memory consumption: -384B
peak RSS (including heaptrack overhead): 0B
total memory leaked: 0B
Heap diff from master - scap file
peak heap memory consumption: 0B
peak RSS (including heaptrack overhead): 0B
total memory leaked: 0B
Benchmarks diff from master
Comparing gbench_data.json to /root/actions-runner/_work/libs/libs/build/gbench_data.json
Benchmark Time CPU Time Old Time New CPU Old CPU New
----------------------------------------------------------------------------------------------------------------------------------------------
BM_sinsp_split_mean +0.0991 +0.0991 155 170 155 170
BM_sinsp_split_median +0.1007 +0.1007 155 170 155 170
BM_sinsp_split_stddev -0.7647 -0.7648 3 1 3 1
BM_sinsp_split_cv -0.7859 -0.7860 0 0 0 0
BM_sinsp_concatenate_paths_relative_path_mean +0.0201 +0.0201 56 57 56 57
BM_sinsp_concatenate_paths_relative_path_median +0.0228 +0.0228 56 57 56 57
BM_sinsp_concatenate_paths_relative_path_stddev +0.2933 +0.2932 0 0 0 0
BM_sinsp_concatenate_paths_relative_path_cv +0.2678 +0.2676 0 0 0 0
BM_sinsp_concatenate_paths_empty_path_mean -0.0284 -0.0284 24 24 24 24
BM_sinsp_concatenate_paths_empty_path_median -0.0296 -0.0296 24 24 24 24
BM_sinsp_concatenate_paths_empty_path_stddev +1.8731 +1.8587 0 0 0 0
BM_sinsp_concatenate_paths_empty_path_cv +1.9572 +1.9423 0 0 0 0
BM_sinsp_concatenate_paths_absolute_path_mean +0.0131 +0.0131 56 56 56 56
BM_sinsp_concatenate_paths_absolute_path_median +0.0150 +0.0149 55 56 55 56
BM_sinsp_concatenate_paths_absolute_path_stddev -0.5197 -0.5182 0 0 0 0
BM_sinsp_concatenate_paths_absolute_path_cv -0.5259 -0.5244 0 0 0 0
BM_sinsp_split_container_image_mean -0.0133 -0.0133 398 393 398 393
BM_sinsp_split_container_image_median -0.0140 -0.0140 399 393 399 393
BM_sinsp_split_container_image_stddev -0.2666 -0.2679 4 3 4 3
BM_sinsp_split_container_image_cv -0.2567 -0.2580 0 0 0 0
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Codecov Report
Attention: Patch coverage is 79.48718% with 8 lines in your changes missing coverage. Please review.
Project coverage is 74.56%. Comparing base (
b296470) to head (d0c002f). Report is 4 commits behind head on master.
| Files with missing lines | Patch % | Lines |
|---|---|---|
| userspace/libsinsp/sinsp_filtercheck.cpp | 50.00% | 8 Missing :warning: |
Additional details and impacted files
@@ Coverage Diff @@
## master #2130 +/- ##
==========================================
+ Coverage 74.46% 74.56% +0.10%
==========================================
Files 254 254
Lines 33333 33369 +36
Branches 5733 5720 -13
==========================================
+ Hits 24820 24881 +61
+ Misses 8509 8485 -24
+ Partials 4 3 -1
| Flag | Coverage Δ | |
|---|---|---|
| libsinsp | 74.56% <79.48%> (+0.10%) |
:arrow_up: |
Flags with carried forward coverage won't be shown. Click here to find out more.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Rebased on top of latest master to make use of new cncf provided arm64 runners.
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: Andreagit97, FedeDP
The full list of commands accepted by this bot can be found here.
The pull request process is described here
- ~~OWNERS~~ [Andreagit97,FedeDP]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
