Hello community,
here is the log from the commit of package sysdig for openSUSE:Factory checked in at 2017-05-08 19:04:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/sysdig (Old)
and /work/SRC/openSUSE:Factory/.sysdig.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sysdig"
Mon May 8 19:04:42 2017 rev:14 rq:493440 version:0.16.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/sysdig/sysdig.changes 2017-04-03 11:06:09.402792352 +0200
+++ /work/SRC/openSUSE:Factory/.sysdig.new/sysdig.changes 2017-05-08 19:05:04.618658764 +0200
@@ -1,0 +2,15 @@
+Mon May 8 12:20:34 UTC 2017 - mpluskal@suse.com
+
+- Update to version 0.16.0:
+ * New features:
+ + support for Kernel 4.11
+ + sysdig -N is now the default option, server port decoding can be reenabled with -R
+ + Decode unshare syscall
+ * Bugfixes:
+ + Fix rkt detection for containers created before sysdig runs
+ + Fix container detection if docker itself is running inside a container
+ + Fix detection of lxc containers
+ + Fix compilation issues on RHEL5
+ + Fix memory leak on spy_users chisel
+
+-------------------------------------------------------------------
Old:
----
sysdig-0.15.1.tar.gz
New:
----
sysdig-0.16.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ sysdig.spec ++++++
--- /var/tmp/diff_new_pack.emr6xT/_old 2017-05-08 19:05:05.306561585 +0200
+++ /var/tmp/diff_new_pack.emr6xT/_new 2017-05-08 19:05:05.310561020 +0200
@@ -17,7 +17,7 @@
Name: sysdig
-Version: 0.15.1
+Version: 0.16.0
Release: 0
Summary: System-level exploration
License: GPL-2.0
++++++ sysdig-0.15.1.tar.gz -> sysdig-0.16.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/README.md new/sysdig-0.16.0/README.md
--- old/sysdig-0.15.1/README.md 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/README.md 2017-05-08 11:30:22.000000000 +0200
@@ -5,7 +5,7 @@
[![Join the chat at https://gitter.im/draios/sysdig](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/draios/sysdig?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
-#Welcome to **sysdig**!
+# Welcome to **sysdig**!
**Sysdig** is a universal system visibility tool with native support for containers:
`~$ sysdig`
@@ -15,13 +15,13 @@
Where to start?
---
-If this is your first time hearing about sysdig, we recommend you [start with the website] (http://www.sysdig.org).
+If this is your first time hearing about sysdig, we recommend you [start with the website](http://www.sysdig.org).
What does sysdig do and why should I use it?
---
**Sysdig is a simple tool for deep system visibility, with native support for containers.**
-We built sysdig to give you _easy access_ to the actual behavior of your Linux systems and containers. Honestly, the best way to understand sysdig is to [try it] (http://www.sysdig.org/install/) - its super easy! Or here's a quick video introduction to csysdig, the simple, intuitive, and fully customizable curses-based UI for sysdig: https://www.youtube.com/watch?v=UJ4wVrbP-Q8
+We built sysdig to give you _easy access_ to the actual behavior of your Linux systems and containers. Honestly, the best way to understand sysdig is to [try it](http://www.sysdig.org/install/) - its super easy! Or here's a quick video introduction to csysdig, the simple, intuitive, and fully customizable curses-based UI for sysdig: https://www.youtube.com/watch?v=UJ4wVrbP-Q8
Far too often, system-level monitoring and troubleshooting still involves logging into a machine with SSH and using a plethora of dated tools with very inconsistent interfaces. And many of these classic Linux tools breakdown completely in containerized environments. Sysdig unites your Linux toolkit into a single, consistent, easy-to-use interface. And sysdig's unique architecture allows deep inspection into containers, right out of the box, without having to instrument the containers themselves in any way.
@@ -31,15 +31,15 @@
Documentation / Support
---
-[Visit the wiki] (https://github.com/draios/sysdig/wiki) for full documentation on sysdig and its APIs.
+[Visit the wiki](https://github.com/draios/sysdig/wiki) for full documentation on sysdig and its APIs.
-For support using sysdig, please contact [the official mailing list] (https://groups.google.com/forum/#!forum/sysdig).
+For support using sysdig, please contact [the official mailing list](https://groups.google.com/forum/#!forum/sysdig).
Join the Community
---
-* Contact the [official mailing list] (https://groups.google.com/forum/#!forum/sysdig) for support and to talk with other users
-* Follow us on [Twitter] (https://twitter.com/sysdig) for the Chisel of the Week
-* This is our [blog] (https://sysdig.com/blog/). There are many like it, but this one is ours.
+* Contact the [official mailing list](https://groups.google.com/forum/#!forum/sysdig) for support and to talk with other users
+* Follow us on [Twitter](https://twitter.com/sysdig) for the Chisel of the Week
+* This is our [blog](https://sysdig.com/blog/). There are many like it, but this one is ours.
* Join our IRC channel `#sysdig` on [Freenode](http://webchat.freenode.net/?channels=sysdig)
License Terms
@@ -48,7 +48,7 @@
Contributor License Agreements
---
-###Background
+### Background
As sysdig matures and gains wider acceptance, we are formalizing the way that we accept contributions of code from the contributing community. We must now ask that contributions to sysdig be provided subject to the terms and conditions of a [Contributor License Agreement (CLA)](https://github.com/draios/sysdig/tree/dev/cla). The CLA comes in two forms, applicable to contributions by individuals, or by legal entities such as corporations and their employees. We recognize that entering into a CLA with us involves real consideration on your part, and we’ve tried to make this process as clear and simple as possible.
We’ve modeled our CLA off of industry standards, such as [the CLA used by Kubernetes](https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md). Note that this agreement is not a transfer of copyright ownership, this simply is a license agreement for contributions, intended to clarify the intellectual property license granted with contributions from any person or entity. It is for your protection as a contributor as well as the protection of sysdig; it does not change your rights to use your own contributions for any other purpose.
@@ -60,7 +60,7 @@
As always, we are grateful for your past and present contributions to sysdig.
-###What do I need to do in order to contribute code?
+### What do I need to do in order to contribute code?
**Individual contributions**: Individuals who wish to make contributions must review the [Individual Contributor License Agreement](https://github.com/draios/sysdig/blob/dev/cla/sysdig_contributor_agreement.t...) and indicate agreement by adding the following line to every GIT commit message:
sysdig-CLA-1.0-signed-off-by: Joe Smith
@@ -76,8 +76,8 @@
Sysdig Cloud
---
-Interested in a fully supported, fully distributed version of sysdig? Check out [Sysdig Cloud] (https://sysdig.com/)!
+Interested in a fully supported, fully distributed version of sysdig? Check out [Sysdig Cloud](https://sysdig.com/)!
-Open source sysdig is proudly supported by [Sysdig Inc] (https://sysdig.com/company/).
+Open source sysdig is proudly supported by [Sysdig Inc](https://sysdig.com/company/).
-Interested in what we're doing? [Sysdig is hiring] (https://sysdig.com/jobs/).
+Interested in what we're doing? [Sysdig is hiring](https://sysdig.com/jobs/).
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/driver/event_table.c new/sysdig-0.16.0/driver/event_table.c
--- old/sysdig-0.15.1/driver/event_table.c 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/driver/event_table.c 2017-05-08 11:30:22.000000000 +0200
@@ -305,5 +305,7 @@
/* PPME_NOTIFICATION_E */{"notification", EC_OTHER, EF_SKIPPARSERESET, 2, {{"id", PT_CHARBUF, PF_DEC}, {"desc", PT_CHARBUF, PF_NA}, } },
/* PPME_NOTIFICATION_X */{"NA4", EC_SYSTEM, EF_UNUSED, 0},
/* PPME_SYSCALL_EXECVE_17_E */{"execve", EC_PROCESS, EF_MODIFIES_STATE, 0},
- /* PPME_SYSCALL_EXECVE_17_X */{"execve", EC_PROCESS, EF_MODIFIES_STATE, 17, {{"res", PT_ERRNO, PF_DEC}, {"exe", PT_CHARBUF, PF_NA}, {"args", PT_BYTEBUF, PF_NA}, {"tid", PT_PID, PF_DEC}, {"pid", PT_PID, PF_DEC}, {"ptid", PT_PID, PF_DEC}, {"cwd", PT_CHARBUF, PF_NA}, {"fdlimit", PT_UINT64, PF_DEC}, {"pgft_maj", PT_UINT64, PF_DEC}, {"pgft_min", PT_UINT64, PF_DEC}, {"vm_size", PT_UINT32, PF_DEC}, {"vm_rss", PT_UINT32, PF_DEC}, {"vm_swap", PT_UINT32, PF_DEC}, {"comm", PT_CHARBUF, PF_NA}, {"cgroups", PT_BYTEBUF, PF_NA}, {"env", PT_BYTEBUF, PF_NA}, {"tty", PT_INT32, PF_DEC} } }
+ /* PPME_SYSCALL_EXECVE_17_X */{"execve", EC_PROCESS, EF_MODIFIES_STATE, 17, {{"res", PT_ERRNO, PF_DEC}, {"exe", PT_CHARBUF, PF_NA}, {"args", PT_BYTEBUF, PF_NA}, {"tid", PT_PID, PF_DEC}, {"pid", PT_PID, PF_DEC}, {"ptid", PT_PID, PF_DEC}, {"cwd", PT_CHARBUF, PF_NA}, {"fdlimit", PT_UINT64, PF_DEC}, {"pgft_maj", PT_UINT64, PF_DEC}, {"pgft_min", PT_UINT64, PF_DEC}, {"vm_size", PT_UINT32, PF_DEC}, {"vm_rss", PT_UINT32, PF_DEC}, {"vm_swap", PT_UINT32, PF_DEC}, {"comm", PT_CHARBUF, PF_NA}, {"cgroups", PT_BYTEBUF, PF_NA}, {"env", PT_BYTEBUF, PF_NA}, {"tty", PT_INT32, PF_DEC} } },
+ /* PPME_SYSCALL_UNSHARE_E */ {"unshare", EC_PROCESS, EF_NONE, 1, {{"flags", PT_FLAGS32, PF_HEX, clone_flags} } },
+ /* PPME_SYSCALL_UNSHARE_X */ {"unshare", EC_PROCESS, EF_NONE, 1, {{"res", PT_ERRNO, PF_DEC} } },
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/driver/main.c new/sysdig-0.16.0/driver/main.c
--- old/sysdig-0.15.1/driver/main.c 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/driver/main.c 2017-05-08 11:30:22.000000000 +0200
@@ -38,7 +38,12 @@
#include
#include
#include
+#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 11, 0))
#include
+#else
+#include
+#include
+#endif
#include
#include
#include
@@ -119,7 +124,9 @@
static int init_ring_buffer(struct ppm_ring_buffer_context *ring);
static void free_ring_buffer(struct ppm_ring_buffer_context *ring);
static void reset_ring_buffer(struct ppm_ring_buffer_context *ring);
+#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 4, 0))
void ppm_task_cputime_adjusted(struct task_struct *p, cputime_t *ut, cputime_t *st);
+#endif
#ifndef CONFIG_HAVE_SYSCALL_TRACEPOINTS
#error The kernel must have HAVE_SYSCALL_TRACEPOINTS in order for sysdig to be useful
@@ -624,7 +631,11 @@
task_lock(p);
#endif
if (nentries < pli.max_entries) {
+#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 11, 0))
cputime_t utime, stime;
+#else
+ u64 utime, stime;
+#endif
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0))
task_cputime_adjusted(t, &utime, &stime);
@@ -632,8 +643,13 @@
ppm_task_cputime_adjusted(t, &utime, &stime);
#endif
proclist_info->entries[nentries].pid = t->pid;
+#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 11, 0))
proclist_info->entries[nentries].utime = cputime_to_clock_t(utime);
proclist_info->entries[nentries].stime = cputime_to_clock_t(stime);
+#else
+ proclist_info->entries[nentries].utime = nsec_to_clock_t(utime);
+ proclist_info->entries[nentries].stime = nsec_to_clock_t(stime);
+#endif
}
nentries++;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/driver/ppm_cputime.c new/sysdig-0.16.0/driver/ppm_cputime.c
--- old/sysdig-0.15.1/driver/ppm_cputime.c 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/driver/ppm_cputime.c 2017-05-08 11:30:22.000000000 +0200
@@ -320,4 +320,28 @@
#endif /* (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 8, 0)) */
#endif /* (defined CONFIG_VIRT_CPU_ACCOUNTING_NATIVE) || (LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 30)) */
-#endif /* (LINUX_VERSION_CODE < KERNEL_VERSION(4, 4, 0)) */
\ No newline at end of file
+#endif /* (LINUX_VERSION_CODE < KERNEL_VERSION(4, 4, 0)) */
+
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 11, 0))
+#include
+#include
+
+/*
+ * Implementation copied from kernel/time/time.c in 4.11.0
+ */
+u64 nsec_to_clock_t(u64 x)
+{
+#if (NSEC_PER_SEC % USER_HZ) == 0
+ return div_u64(x, NSEC_PER_SEC / USER_HZ);
+#elif (USER_HZ % 512) == 0
+ return div_u64(x * USER_HZ / 512, NSEC_PER_SEC / 512);
+#else
+ /*
+ * max relative error 5.7e-8 (1.8s per year) for USER_HZ <= 1024,
+ * overflow after 64.99 years
+ * exact for HZ=60, 72, 90, 120, 144, 180, 300, 600, 900, ...
+ */
+ return div_u64(x * 9, (9ull * NSEC_PER_SEC + (USER_HZ / 2)) / USER_HZ);
+#endif
+}
+#endif /* (LINUX_VERSION_CODE < KERNEL_VERSION(4, 11, 0)) */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/driver/ppm_events.c new/sysdig-0.16.0/driver/ppm_events.c
--- old/sysdig-0.15.1/driver/ppm_events.c 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/driver/ppm_events.c 2017-05-08 11:30:22.000000000 +0200
@@ -208,6 +208,10 @@
#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 9, 0)
if (file && file->f_inode) {
if (file->f_inode->i_rdev == PPM_NULL_RDEV) {
+ // Use f_dentry for older kernel versions
+#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2,6,20)
+ if (file && file->f_dentry && file->f_dentry->d_inode) {
+ if (file->f_dentry->d_inode->i_rdev == PPM_NULL_RDEV) {
#else
if (file && file->f_path.dentry && file->f_path.dentry->d_inode) {
if (file->f_path.dentry->d_inode->i_rdev == PPM_NULL_RDEV) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/driver/ppm_events_public.h new/sysdig-0.16.0/driver/ppm_events_public.h
--- old/sysdig-0.15.1/driver/ppm_events_public.h 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/driver/ppm_events_public.h 2017-05-08 11:30:22.000000000 +0200
@@ -778,7 +778,9 @@
PPME_NOTIFICATION_X = 281,
PPME_SYSCALL_EXECVE_17_E = 282,
PPME_SYSCALL_EXECVE_17_X = 283,
- PPM_EVENT_MAX = 284
+ PPME_SYSCALL_UNSHARE_E = 284,
+ PPME_SYSCALL_UNSHARE_X = 285,
+ PPM_EVENT_MAX = 286
};
/*@}*/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/driver/ppm_fillers.c new/sysdig-0.16.0/driver/ppm_fillers.c
--- old/sysdig-0.15.1/driver/ppm_fillers.c 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/driver/ppm_fillers.c 2017-05-08 11:30:22.000000000 +0200
@@ -134,6 +134,7 @@
#endif
static int f_sys_setns_e(struct event_filler_arguments *args);
+static int f_sys_unshare_e(struct event_filler_arguments *args);
static int f_sys_flock_e(struct event_filler_arguments *args);
static int f_cpu_hotplug_e(struct event_filler_arguments *args);
static int f_sys_semop_e(struct event_filler_arguments *args);
@@ -381,7 +382,9 @@
[PPME_SYSCALL_MKDIR_2_E] = {PPM_AUTOFILL, 1, APT_REG, {{AF_ID_USEDEFAULT, 0} } },
[PPME_SYSCALL_MKDIR_2_X] = {PPM_AUTOFILL, 2, APT_REG, {{AF_ID_RETVAL}, {0} } },
[PPME_SYSCALL_RMDIR_2_E] = {f_sys_empty},
- [PPME_SYSCALL_RMDIR_2_X] = {PPM_AUTOFILL, 2, APT_REG, {{AF_ID_RETVAL}, {0} } }
+ [PPME_SYSCALL_RMDIR_2_X] = {PPM_AUTOFILL, 2, APT_REG, {{AF_ID_RETVAL}, {0} } },
+ [PPME_SYSCALL_UNSHARE_E] = {f_sys_unshare_e},
+ [PPME_SYSCALL_UNSHARE_X] = {PPM_AUTOFILL, 1, APT_REG, {{AF_ID_RETVAL} } },
};
#define merge_64(hi, lo) ((((unsigned long long)(hi)) << 32) + ((lo) & 0xffffffffUL))
@@ -1013,6 +1016,23 @@
#endif
+// probe_kernel_read() only added in kernel 2.6.26
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 26)
+long probe_kernel_read(void *dst, const void *src, size_t size)
+{
+ long ret;
+ mm_segment_t old_fs = get_fs();
+
+ set_fs(KERNEL_DS);
+ pagefault_disable();
+ ret = __copy_from_user_inatomic(dst, (__force const void __user *)src, size);
+ pagefault_enable();
+ set_fs(old_fs);
+
+ return ret ? -EFAULT : 0;
+}
+#endif
+
static int ppm_get_tty(void)
{
/* Locking of the signal structures seems too complicated across
@@ -5039,6 +5059,24 @@
flags = clone_flags_to_scap(val);
res = val_to_ring(args, flags, 0, true, 0);
if (unlikely(res != PPM_SUCCESS))
+ return res;
+
+ return add_sentinel(args);
+}
+
+static int f_sys_unshare_e(struct event_filler_arguments *args)
+{
+ unsigned long val;
+ int res;
+ u32 flags;
+
+ /*
+ * get type, parse as clone flags as it's a subset of it
+ */
+ syscall_get_arguments(current, args->regs, 0, 1, &val);
+ flags = clone_flags_to_scap(val);
+ res = val_to_ring(args, flags, 0, true, 0);
+ if (unlikely(res != PPM_SUCCESS))
return res;
return add_sentinel(args);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/driver/syscall_table.c new/sysdig-0.16.0/driver/syscall_table.c
--- old/sysdig-0.15.1/driver/syscall_table.c 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/driver/syscall_table.c 2017-05-08 11:30:22.000000000 +0200
@@ -261,6 +261,9 @@
#ifdef __NR_setns
[__NR_setns - SYSCALL_TABLE_ID0] = {UF_USED | UF_ALWAYS_DROP, PPME_SYSCALL_SETNS_E, PPME_SYSCALL_SETNS_X},
#endif
+#ifdef __NR_unshare
+ [__NR_unshare - SYSCALL_TABLE_ID0] = {UF_USED | UF_ALWAYS_DROP, PPME_SYSCALL_UNSHARE_E, PPME_SYSCALL_UNSHARE_X},
+#endif
[__NR_flock - SYSCALL_TABLE_ID0] = {UF_USED | UF_ALWAYS_DROP, PPME_SYSCALL_FLOCK_E, PPME_SYSCALL_FLOCK_X},
#ifdef __NR_semop
[__NR_semop - SYSCALL_TABLE_ID0] = {UF_USED | UF_ALWAYS_DROP, PPME_SYSCALL_SEMOP_E, PPME_SYSCALL_SEMOP_X},
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/scripts/build-probe-binaries new/sysdig-0.16.0/scripts/build-probe-binaries
--- old/sysdig-0.15.1/scripts/build-probe-binaries 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/scripts/build-probe-binaries 2017-05-08 11:30:22.000000000 +0200
@@ -526,6 +526,11 @@
do
debian_build $URL
done
+ # XXX agent/434 - We need to force a build for certain kernel versions
+ # because they are still in use by some GCE customers but the headers
+ # are no longer available from the mirror. We pass the URL but nothing
+ # needs to be downloaded because we already have it cached on the builder.
+ debian_build https://mirrors.kernel.org/debian/pool/main/l/linux/linux-headers-3.16.0-4-a...
#
# Oracle RHCK build
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/scripts/completions/bash/sysdig new/sysdig-0.16.0/scripts/completions/bash/sysdig
--- old/sysdig-0.15.1/scripts/completions/bash/sysdig 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/scripts/completions/bash/sysdig 2017-05-08 11:30:22.000000000 +0200
@@ -36,6 +36,8 @@
--progress \
-q \
--quiet \
+ -R \
+ --resolve-ports \
-S \
--summary \
-v \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/scripts/completions/zsh/_sysdig new/sysdig-0.16.0/scripts/completions/zsh/_sysdig
--- old/sysdig-0.15.1/scripts/completions/zsh/_sysdig 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/scripts/completions/zsh/_sysdig 2017-05-08 11:30:22.000000000 +0200
@@ -223,12 +223,12 @@
'(-L --list-events)'{-L,--list-events}'[List the events that the engine supports]' \
'(-l -lv --list)'{-l,--list}'[List the fields that can be used for filtering]' \
'(-l -lv --list)-lv[Verbosely list the fields that can be used for filtering]' \
- '-N[Do not convert port numbers to names]' \
'(-n --numevents)'{-n,--numevents=-}'[Stop capturing after <num> events]:Max <num> events:' \
'(-P --progress)'{-P,--progress}'[Print progress on stderr while processing trace files]' \
'(-p --print)'{-p,--print=-}'[Specify the event format (default reported with "sysdig -pp")]:Event output format:->format' \
'(-q --quiet)'{-q,--quiet}'[Do not print events on the screen]' \
'(-r --read)'{-r,--read=-}'[Read events from ]:Input file:_files -g "*.scap"' \
+ '(-R --resolve-ports)'{-R,--resolve-ports}'[Resolve port numbers to names.]' \
'(-S --summary)'{-S,--summary}'[Print the event summary when the capture ends]' \
'(-s --snaplen)'{-s,--snaplen=-}'[Capture the first <len> bytes of each I/O buffer]:Buffer length (bytes):' \
'(-t --timetype)'{-t,--timetype=-}'[Change the way event time is displayed]:Time-reporting type:(( \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/scripts/kernel-crawler.py new/sysdig-0.16.0/scripts/kernel-crawler.py
--- old/sysdig-0.15.1/scripts/kernel-crawler.py 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/scripts/kernel-crawler.py 2017-05-08 11:30:22.000000000 +0200
@@ -220,4 +220,4 @@
# Print URLs to stdout
#
for url in urls:
- print(url)
\ No newline at end of file
+ print(url)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/userspace/libscap/event_table.c new/sysdig-0.16.0/userspace/libscap/event_table.c
--- old/sysdig-0.15.1/userspace/libscap/event_table.c 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/userspace/libscap/event_table.c 2017-05-08 11:30:22.000000000 +0200
@@ -305,5 +305,7 @@
/* PPME_NOTIFICATION_E */{"notification", EC_OTHER, EF_SKIPPARSERESET, 2, {{"id", PT_CHARBUF, PF_DEC}, {"desc", PT_CHARBUF, PF_NA}, } },
/* PPME_NOTIFICATION_X */{"NA4", EC_SYSTEM, EF_UNUSED, 0},
/* PPME_SYSCALL_EXECVE_17_E */{"execve", EC_PROCESS, EF_MODIFIES_STATE, 0},
- /* PPME_SYSCALL_EXECVE_17_X */{"execve", EC_PROCESS, EF_MODIFIES_STATE, 17, {{"res", PT_ERRNO, PF_DEC}, {"exe", PT_CHARBUF, PF_NA}, {"args", PT_BYTEBUF, PF_NA}, {"tid", PT_PID, PF_DEC}, {"pid", PT_PID, PF_DEC}, {"ptid", PT_PID, PF_DEC}, {"cwd", PT_CHARBUF, PF_NA}, {"fdlimit", PT_UINT64, PF_DEC}, {"pgft_maj", PT_UINT64, PF_DEC}, {"pgft_min", PT_UINT64, PF_DEC}, {"vm_size", PT_UINT32, PF_DEC}, {"vm_rss", PT_UINT32, PF_DEC}, {"vm_swap", PT_UINT32, PF_DEC}, {"comm", PT_CHARBUF, PF_NA}, {"cgroups", PT_BYTEBUF, PF_NA}, {"env", PT_BYTEBUF, PF_NA}, {"tty", PT_INT32, PF_DEC} } }
+ /* PPME_SYSCALL_EXECVE_17_X */{"execve", EC_PROCESS, EF_MODIFIES_STATE, 17, {{"res", PT_ERRNO, PF_DEC}, {"exe", PT_CHARBUF, PF_NA}, {"args", PT_BYTEBUF, PF_NA}, {"tid", PT_PID, PF_DEC}, {"pid", PT_PID, PF_DEC}, {"ptid", PT_PID, PF_DEC}, {"cwd", PT_CHARBUF, PF_NA}, {"fdlimit", PT_UINT64, PF_DEC}, {"pgft_maj", PT_UINT64, PF_DEC}, {"pgft_min", PT_UINT64, PF_DEC}, {"vm_size", PT_UINT32, PF_DEC}, {"vm_rss", PT_UINT32, PF_DEC}, {"vm_swap", PT_UINT32, PF_DEC}, {"comm", PT_CHARBUF, PF_NA}, {"cgroups", PT_BYTEBUF, PF_NA}, {"env", PT_BYTEBUF, PF_NA}, {"tty", PT_INT32, PF_DEC} } },
+ /* PPME_SYSCALL_UNSHARE_E */ {"unshare", EC_PROCESS, EF_NONE, 1, {{"flags", PT_FLAGS32, PF_HEX, clone_flags} } },
+ /* PPME_SYSCALL_UNSHARE_X */ {"unshare", EC_PROCESS, EF_NONE, 1, {{"res", PT_ERRNO, PF_DEC} } },
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/userspace/libscap/scap.c new/sysdig-0.16.0/userspace/libscap/scap.c
--- old/sysdig-0.15.1/userspace/libscap/scap.c 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/userspace/libscap/scap.c 2017-05-08 11:30:22.000000000 +0200
@@ -109,7 +109,7 @@
// Find out how many devices we have to open, which equals to the number of CPUs
//
ndevs = sysconf(_SC_NPROCESSORS_ONLN);
- max_devs = sysconf(_SC_NPROCESSORS_CONF);
+ max_devs = sysconf(_SC_NPROCESSORS_CONF);
//
// Allocate the device descriptors.
@@ -170,7 +170,7 @@
}
else
{
- handle->m_userlist = NULL;
+ handle->m_userlist = NULL;
}
handle->m_fake_kernel_proc.tid = -1;
@@ -288,9 +288,9 @@
}
#endif // HAS_CAPTURE
-scap_t* scap_open_offline_int(const char* fname,
+scap_t* scap_open_offline_int(const char* fname,
char *error,
- proc_entry_callback proc_callback,
+ proc_entry_callback proc_callback,
void* proc_callback_context,
bool import_users,
uint64_t start_offset)
@@ -745,7 +745,7 @@
//
// Note: we might return a spurious timeout here in case the previous loop extracted valid data to parse.
- // It's ok, since this is rare and the caller will just call us again after receiving a
+ // It's ok, since this is rare and the caller will just call us again after receiving a
// SCAP_TIMEOUT.
//
return SCAP_TIMEOUT;
@@ -849,7 +849,7 @@
evt.len = 0;
evt.tid = -1;
evt.type = PPME_SYSDIGEVENT_X;
-
+
usleep(100000);
struct timeval tv;
@@ -912,7 +912,7 @@
for(j = 0; j < handle->m_ndevs; j++)
{
stats->n_evts += handle->m_devs[j].m_bufinfo->n_evts;
- stats->n_drops += handle->m_devs[j].m_bufinfo->n_drops_buffer +
+ stats->n_drops += handle->m_devs[j].m_bufinfo->n_drops_buffer +
handle->m_devs[j].m_bufinfo->n_drops_pf;
stats->n_preemptions += handle->m_devs[j].m_bufinfo->n_preemptions;
}
@@ -999,7 +999,7 @@
#if defined(HAS_CAPTURE)
static int32_t scap_set_dropping_mode(scap_t* handle, int request, uint32_t sampling_ratio)
{
- //
+ //
// Not supported for files
//
if(handle->m_mode != SCAP_MODE_LIVE)
@@ -1027,7 +1027,7 @@
__FUNCTION__, request, sampling_ratio, strerror(errno));
ASSERT(false);
return SCAP_FAILURE;
- }
+ }
}
return SCAP_SUCCESS;
@@ -1037,7 +1037,7 @@
#if defined(HAS_CAPTURE)
int32_t scap_enable_tracers_capture(scap_t* handle)
{
- //
+ //
// Not supported for files
//
if(handle->m_mode != SCAP_MODE_LIVE)
@@ -1054,7 +1054,7 @@
snprintf(handle->m_lasterr, SCAP_LASTERR_SIZE, "%s failed", __FUNCTION__);
ASSERT(false);
return SCAP_FAILURE;
- }
+ }
}
return SCAP_SUCCESS;
@@ -1347,7 +1347,7 @@
return false;
}
- memsize = sizeof(struct ppm_proclist_info) +
+ memsize = sizeof(struct ppm_proclist_info) +
sizeof(struct ppm_proc_info) * n_entries;
if(handle->m_driver_procinfo != NULL)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/userspace/libscap/scap.h new/sysdig-0.16.0/userspace/libscap/scap.h
--- old/sysdig-0.15.1/userspace/libscap/scap.h 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/userspace/libscap/scap.h 2017-05-08 11:30:22.000000000 +0200
@@ -221,7 +221,7 @@
scap_fdinfo* fdlist; ///< The fd table for this process
uint64_t clone_ts;
int32_t tty;
-
+
UT_hash_handle hh; ///< makes this structure hashable
}scap_threadinfo;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/userspace/libsinsp/chisel_api.cpp new/sysdig-0.16.0/userspace/libsinsp/chisel_api.cpp
--- old/sysdig-0.15.1/userspace/libsinsp/chisel_api.cpp 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/userspace/libsinsp/chisel_api.cpp 2017-05-08 11:30:22.000000000 +0200
@@ -1287,7 +1287,7 @@
ch->m_serveraddr.sin_port = port;
if(inet_pton(AF_INET, addr.c_str(), &ch->m_serveraddr.sin_addr) <= 0)
{
- string err = "inet_pton error occured";
+ string err = "inet_pton error occurred";
fprintf(stderr, "%s\n", err.c_str());
throw sinsp_exception("chisel error");
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/userspace/libsinsp/container.cpp new/sysdig-0.16.0/userspace/libsinsp/container.cpp
--- old/sysdig-0.15.1/userspace/libsinsp/container.cpp 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/userspace/libsinsp/container.cpp 2017-05-08 11:30:22.000000000 +0200
@@ -235,6 +235,7 @@
bool valid_id = false;
sinsp_container_info container_info;
+ string rkt_podid, rkt_appname;
// Start with cgroup based detection
for(auto it = tinfo->m_cgroups.begin(); it != tinfo->m_cgroups.end(); ++it)
{
@@ -326,8 +327,10 @@
pos = cgroup.find("/lxc/");
if(pos != string::npos)
{
+ auto id_start = pos + sizeof("/lxc/") - 1;
+ auto id_end = cgroup.find('/', id_start);
container_info.m_type = CT_LXC;
- container_info.m_id = cgroup.substr(pos + sizeof("/lxc/") - 1);
+ container_info.m_id = cgroup.substr(id_start, id_end - id_start);
valid_id = true;
break;
}
@@ -348,11 +351,36 @@
valid_id = set_mesos_task_id(&container_info, tinfo);
break;
}
+
+ //
+ // systemd rkt
+ //
+ pos = cgroup.find("machine-rkt\\x2d");
+ if(pos != string::npos)
+ {
+ string::size_type service_pos = cgroup.find("/", pos + 1);
+ if (service_pos == string::npos)
+ continue;
+
+ string::size_type appname_pos = cgroup.find("/", service_pos + 1);
+ string::size_type appname_pos2 = cgroup.find(".", appname_pos + 1);
+ if (appname_pos == string::npos || appname_pos2 == string::npos)
+ continue;
+ rkt_appname = cgroup.substr(appname_pos + 1, appname_pos2 - appname_pos - 1);
+ if (rkt_appname.substr(0, 7) == "systemd" || rkt_appname.substr(0, 8) == "/machine")
+ continue;
+ rkt_podid = cgroup.substr(pos + sizeof("machine-rkt\\x2d") - 1, 48);
+ replace_in_place(rkt_podid, "\\x2d", "-");
+ container_info.m_type = CT_RKT;
+ container_info.m_id = rkt_podid + ":" + rkt_appname;
+ container_info.m_name = rkt_appname;
+ valid_id = true;
+ break;
+ }
}
// If anything has been found, try proc root based detection
// right now used for rkt
- string rkt_podid, rkt_appname;
if(!valid_id)
{
// Try parsing from process root,
@@ -745,8 +773,7 @@
return "";
}
-bool sinsp_container_manager::parse_rkt(sinsp_container_info *container,
- const string &podid, const string &appname)
+bool sinsp_container_manager::parse_rkt(sinsp_container_info *container, const string &podid, const string &appname)
{
bool ret = false;
Json::Reader reader;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/userspace/libsinsp/dumper.cpp new/sysdig-0.16.0/userspace/libsinsp/dumper.cpp
--- old/sysdig-0.15.1/userspace/libsinsp/dumper.cpp 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/userspace/libsinsp/dumper.cpp 2017-05-08 11:30:22.000000000 +0200
@@ -99,7 +99,7 @@
scap_evt* pdevt = (evt->m_poriginal_evt)? evt->m_poriginal_evt : evt->m_pevt;
- int32_t res = scap_dump(m_inspector->m_h,
+ int32_t res = scap_dump(m_inspector->m_h,
m_dumper, pdevt, evt->m_cpuid, 0);
if(res != SCAP_SUCCESS)
@@ -118,7 +118,7 @@
int64_t written_bytes = scap_dump_get_offset(m_dumper);
if(written_bytes == -1)
{
- throw sinsp_exception("error getting offset");
+ throw sinsp_exception("error getting offset");
}
return written_bytes;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/userspace/libsinsp/dumper.h new/sysdig-0.16.0/userspace/libsinsp/dumper.h
--- old/sysdig-0.15.1/userspace/libsinsp/dumper.h 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/userspace/libsinsp/dumper.h 2017-05-08 11:30:22.000000000 +0200
@@ -21,7 +21,7 @@
class sinsp;
class sinsp_evt;
-/** @defgroup dump Dumping events to disk
+/** @defgroup dump Dumping events to disk
* Classes to perform miscellneous functionality
* @{
*/
@@ -45,8 +45,8 @@
Takes the address and the size of a preallocated memory buffer
where the data will go.
*/
- sinsp_dumper(sinsp* inspector,
- uint8_t* target_memory_buffer,
+ sinsp_dumper(sinsp* inspector,
+ uint8_t* target_memory_buffer,
uint64_t target_memory_buffer_size);
~sinsp_dumper();
@@ -65,8 +65,8 @@
\note There's no close() because the file is closed when the dumper is
destroyed.
*/
- void open(const string& filename,
- bool compress,
+ void open(const string& filename,
+ bool compress,
bool threads_from_sinsp=false);
/*!
@@ -77,7 +77,7 @@
/*!
\brief Return the current size of a tracefile.
- \return The current size of the dump file.
+ \return The current size of the dump file.
*/
uint64_t written_bytes();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/userspace/libsinsp/filterchecks.cpp new/sysdig-0.16.0/userspace/libsinsp/filterchecks.cpp
--- old/sysdig-0.15.1/userspace/libsinsp/filterchecks.cpp 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/userspace/libsinsp/filterchecks.cpp 2017-05-08 11:30:22.000000000 +0200
@@ -112,7 +112,7 @@
{
{PT_INT64, EPF_NONE, PF_ID, "fd.num", "the unique number identifying the file descriptor."},
{PT_CHARBUF, EPF_NONE, PF_DEC, "fd.type", "type of FD. Can be 'file', 'directory', 'ipv4', 'ipv6', 'unix', 'pipe', 'event', 'signalfd', 'eventpoll', 'inotify' or 'signalfd'."},
- {PT_CHARBUF, EPF_NONE, PF_DEC, "fd.typechar", "type of FD as a single character. Can be 'f' for file, 4 for IPv4 socket, 6 for IPv6 socket, 'u' for unix socket, p for pipe, 'e' for eventfd, 's' for signalfd, 'l' for eventpoll, 'i' for inotify, 'o' for uknown."},
+ {PT_CHARBUF, EPF_NONE, PF_DEC, "fd.typechar", "type of FD as a single character. Can be 'f' for file, 4 for IPv4 socket, 6 for IPv6 socket, 'u' for unix socket, p for pipe, 'e' for eventfd, 's' for signalfd, 'l' for eventpoll, 'i' for inotify, 'o' for unknown."},
{PT_CHARBUF, EPF_NONE, PF_NA, "fd.name", "FD full name. If the fd is a file, this field contains the full path. If the FD is a socket, this field contain the connection tuple."},
{PT_CHARBUF, EPF_NONE, PF_NA, "fd.directory", "If the fd is a file, the directory that contains it."},
{PT_CHARBUF, EPF_NONE, PF_NA, "fd.filename", "If the fd is a file, the filename without the path."},
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/userspace/libsinsp/k8s.h new/sysdig-0.16.0/userspace/libsinsp/k8s.h
--- old/sysdig-0.15.1/userspace/libsinsp/k8s.h 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/userspace/libsinsp/k8s.h 2017-05-08 11:30:22.000000000 +0200
@@ -128,4 +128,4 @@
sinsp_logger::SEV_WARNING);
}
#endif // HAS_CAPTURE
-}
\ No newline at end of file
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/userspace/libsinsp/k8s_api_handler.cpp new/sysdig-0.16.0/userspace/libsinsp/k8s_api_handler.cpp
--- old/sysdig-0.15.1/userspace/libsinsp/k8s_api_handler.cpp 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/userspace/libsinsp/k8s_api_handler.cpp 2017-05-08 11:30:22.000000000 +0200
@@ -101,6 +101,6 @@
}
return false;
}
-
+
#endif // HAS_CAPTURE
-
\ No newline at end of file
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/userspace/libsinsp/k8s_component.cpp new/sysdig-0.16.0/userspace/libsinsp/k8s_component.cpp
--- old/sysdig-0.15.1/userspace/libsinsp/k8s_component.cpp 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/userspace/libsinsp/k8s_component.cpp 2017-05-08 11:30:22.000000000 +0200
@@ -81,7 +81,7 @@
{ k8s_component::K8S_EVENTS, "events" }
};
-k8s_component::k8s_component(type comp_type, const std::string& name, const std::string& uid, const std::string& ns) :
+k8s_component::k8s_component(type comp_type, const std::string& name, const std::string& uid, const std::string& ns) :
m_type(comp_type), m_name(name), m_uid(uid), m_ns(ns)
{
}
@@ -440,7 +440,7 @@
//
-// pod
+// pod
//
k8s_pod_t::k8s_pod_t(const std::string& name, const std::string& uid, const std::string& ns) :
@@ -564,7 +564,7 @@
// replication controller
//
-k8s_rc_t::k8s_rc_t(const std::string& name, const std::string& uid, const std::string& ns, k8s_component::type type) :
+k8s_rc_t::k8s_rc_t(const std::string& name, const std::string& uid, const std::string& ns, k8s_component::type type) :
k8s_component(type, name, uid, ns)
{
}
@@ -591,7 +591,7 @@
//
// replica set
//
-k8s_rs_t::k8s_rs_t(const std::string& name, const std::string& uid, const std::string& ns) :
+k8s_rs_t::k8s_rs_t(const std::string& name, const std::string& uid, const std::string& ns) :
k8s_rc_t(name, uid, ns, COMPONENT_TYPE)
{
}
@@ -601,7 +601,7 @@
// service
//
-k8s_service_t::k8s_service_t(const std::string& name, const std::string& uid, const std::string& ns) :
+k8s_service_t::k8s_service_t(const std::string& name, const std::string& uid, const std::string& ns) :
k8s_component(COMPONENT_TYPE, name, uid, ns)
{
}
@@ -624,7 +624,7 @@
// daemon set
//
-k8s_daemonset_t::k8s_daemonset_t(const std::string& name, const std::string& uid, const std::string& ns) :
+k8s_daemonset_t::k8s_daemonset_t(const std::string& name, const std::string& uid, const std::string& ns) :
k8s_component(COMPONENT_TYPE, name, uid, ns)
{
}
@@ -634,7 +634,7 @@
// deployment
//
-k8s_deployment_t::k8s_deployment_t(const std::string& name, const std::string& uid, const std::string& ns) :
+k8s_deployment_t::k8s_deployment_t(const std::string& name, const std::string& uid, const std::string& ns) :
k8s_component(COMPONENT_TYPE, name, uid, ns)
{
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/userspace/libsinsp/mesos_state.cpp new/sysdig-0.16.0/userspace/libsinsp/mesos_state.cpp
--- old/sysdig-0.15.1/userspace/libsinsp/mesos_state.cpp 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/userspace/libsinsp/mesos_state.cpp 2017-05-08 11:30:22.000000000 +0200
@@ -435,7 +435,7 @@
}
else
{
- g_logger.log("An error occured adding app [" + app_id.asString() +
+ g_logger.log("An error occurred adding app [" + app_id.asString() +
"] to group [" + id + ']', sinsp_logger::SEV_ERROR);
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/userspace/libsinsp/parsers.cpp new/sysdig-0.16.0/userspace/libsinsp/parsers.cpp
--- old/sysdig-0.15.1/userspace/libsinsp/parsers.cpp 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/userspace/libsinsp/parsers.cpp 2017-05-08 11:30:22.000000000 +0200
@@ -965,7 +965,7 @@
evt->m_tinfo = NULL;
}
}
-
+
//
// Check if this is a process or a new thread
//
@@ -1582,14 +1582,16 @@
evt->m_tinfo->set_cgroups(parinfo->m_val, parinfo->m_len);
//
- // If the thread info has no container ID, or if the clone happened a long
- // time ago, recreate the container information.
+ // Resync container status after an execve, we need to do it
+ // because at container startup docker spawn a process with vpid=1
+ // outside of container cgroup and correct cgroups are
+ // assigned just before doing execve:
+ //
+ // 1. docker-runc calls fork() and created process with vpid=1
+ // 2. docker-runc changes cgroup hierarchy of it
+ // 3. vpid=1 execve to the real process the user wants to run inside the container
//
- if(evt->m_tinfo->m_container_id.empty() ||
- (evt->get_ts() - evt->m_tinfo->m_clone_ts > CLONE_STALE_TIME_NS))
- {
- m_inspector->m_container_manager.resolve_container(evt->m_tinfo, m_inspector->is_live());
- }
+ m_inspector->m_container_manager.resolve_container(evt->m_tinfo, m_inspector->is_live());
break;
default:
ASSERT(false);
@@ -1622,7 +1624,7 @@
// scap_fd_free_table(handle, tinfo);
//
- // Clear the flags for this thread, making sure to propagate the inverted
+ // Clear the flags for this thread, making sure to propagate the inverted
// and shell pipe flags
//
@@ -1905,7 +1907,7 @@
{
//
// Populate the new fdi
- //
+ //
if(flags & PPM_O_DIRECTORY)
{
fdi.m_type = SCAP_FD_DIRECTORY;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/userspace/libsinsp/sinsp.cpp new/sysdig-0.16.0/userspace/libsinsp/sinsp.cpp
--- old/sysdig-0.15.1/userspace/libsinsp/sinsp.cpp 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/userspace/libsinsp/sinsp.cpp 2017-05-08 11:30:22.000000000 +0200
@@ -97,7 +97,7 @@
m_buffer_format = sinsp_evt::PF_NORMAL;
m_isdebug_enabled = false;
m_isfatfile_enabled = false;
- m_hostname_and_port_resolution_enabled = true;
+ m_hostname_and_port_resolution_enabled = false;
m_output_time_flag = 'h';
m_max_evt_output_len = 0;
m_filesize = -1;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/userspace/libsinsp/sinsp_curl.cpp new/sysdig-0.16.0/userspace/libsinsp/sinsp_curl.cpp
--- old/sysdig-0.15.1/userspace/libsinsp/sinsp_curl.cpp 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/userspace/libsinsp/sinsp_curl.cpp 2017-05-08 11:30:22.000000000 +0200
@@ -192,7 +192,7 @@
{
size_t sz = nitems * size;
std::string buf(buffer, sz);
-
+
const std::string loc = "Location:";
const std::string nl = "\r\n";
std::string::size_type loc_pos = buf.find(loc);
@@ -307,7 +307,7 @@
check_error(curl_easy_getinfo(m_curl, CURLINFO_RESPONSE_CODE, &m_response_code));
if(m_response_code >= 400)
{
- g_logger.log("CURL HTTP error while accesing [" + m_uri.to_string(false) + "]: " +
+ g_logger.log("CURL HTTP error while accessing [" + m_uri.to_string(false) + "]: " +
std::to_string(m_response_code) + " (" + http_reason::get(m_response_code) + ')', sinsp_logger::SEV_ERROR);
return false;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/userspace/libsinsp/socket_handler.h new/sysdig-0.16.0/userspace/libsinsp/socket_handler.h
--- old/sysdig-0.15.1/userspace/libsinsp/socket_handler.h 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/userspace/libsinsp/socket_handler.h 2017-05-08 11:30:22.000000000 +0200
@@ -34,6 +34,10 @@
#include <cstring>
#include <climits>
+#ifndef SOCK_NONBLOCK
+#define SOCK_NONBLOCK 0
+#endif
+
template <typename T>
class socket_data_handler
{
@@ -904,13 +908,13 @@
#endif
if(!method)
{
- g_logger.log("Socket handler (" + m_id + "): Can't initalize SSL method\n" + ssl_errors(),
+ g_logger.log("Socket handler (" + m_id + "): Can't initialize SSL method\n" + ssl_errors(),
sinsp_logger::SEV_ERROR);
}
m_ssl_context = SSL_CTX_new(method);
if(!m_ssl_context)
{
- g_logger.log("Socket handler (" + m_id + "): Can't initalize SSL context\n" + ssl_errors(),
+ g_logger.log("Socket handler (" + m_id + "): Can't initialize SSL context\n" + ssl_errors(),
sinsp_logger::SEV_ERROR);
return;
}
@@ -1138,7 +1142,7 @@
m_connect_called = true;
if(ret < 0 && errno != EINPROGRESS)
{
- throw sinsp_exception("Error during conection attempt to " + m_url.to_string(false) +
+ throw sinsp_exception("Error during connection attempt to " + m_url.to_string(false) +
" (socket=" + std::to_string(m_socket) +
", error=" + std::to_string(errno) + "): " + strerror(errno));
}
@@ -1472,7 +1476,7 @@
{
it = m_pending_dns_reqs.erase(it);
g_logger.log("Socket handler: postponed canceling of DNS request succeeded, number of pending "
- "cancelation requests: " + std::to_string(m_pending_dns_reqs.size()),
+ "cancellation requests: " + std::to_string(m_pending_dns_reqs.size()),
sinsp_logger::SEV_TRACE);
}
else { ++it; }
@@ -1481,7 +1485,7 @@
std::size_t pending_reqs = m_pending_dns_reqs.size();
if(pending_reqs)
{
- g_logger.log("Socket handler: number of pending DNS cancelation requests is " + std::to_string(pending_reqs),
+ g_logger.log("Socket handler: number of pending DNS cancellation requests is " + std::to_string(pending_reqs),
(pending_reqs > 10) ? sinsp_logger::SEV_WARNING : sinsp_logger::SEV_TRACE);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/userspace/sysdig/chisels/spy_users.lua new/sysdig-0.16.0/userspace/sysdig/chisels/spy_users.lua
--- old/sysdig-0.15.1/userspace/sysdig/chisels/spy_users.lua 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/userspace/sysdig/chisels/spy_users.lua 2017-05-08 11:30:22.000000000 +0200
@@ -112,11 +112,6 @@
table.insert(fanames, 0, 0)
table.insert(fapids, 0, 0)
icorr = 0
- else
- for j = 0, MAX_ANCESTOR_NAVIGATION do
- fanames[j] = chisel.request_field("proc.aname[" .. j .. "]")
- fapids[j] = chisel.request_field("proc.apid[" .. j .. "]")
- end
end
if user == nil then
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/userspace/sysdig/csysdig.cpp new/sysdig-0.16.0/userspace/sysdig/csysdig.cpp
--- old/sysdig-0.15.1/userspace/sysdig/csysdig.cpp 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/userspace/sysdig/csysdig.cpp 2017-05-08 11:30:22.000000000 +0200
@@ -114,6 +114,7 @@
" views.\n"
" This will cause several of the views to contain additional\n"
" container-related columns.\n"
+" -R Resolve port numbers to names.\n"
" -r <readfile>, --read=<readfile>\n"
" Read the events from <readfile>.\n"
" --raw Print raw output on a regular terminal instead of enabling\n"
@@ -269,6 +270,7 @@
{"mesos-api", required_argument, 0, 'm'},
{"numevents", required_argument, 0, 'n' },
{"print", required_argument, 0, 'p' },
+ {"resolve-ports", no_argument, 0, 'R'},
{"readfile", required_argument, 0, 'r' },
{"raw", no_argument, 0, 0 },
{"snaplen", required_argument, 0, 's' },
@@ -295,7 +297,7 @@
// Parse the args
//
while((op = getopt_long(argc, argv,
- "d:Ehk:K:lm:Nn:p:r:s:Tv:", long_options, &long_index)) != -1)
+ "d:Ehk:K:lm:n:p:Rr:s:Tv:", long_options, &long_index)) != -1)
{
switch(op)
{
@@ -340,9 +342,6 @@
case 'm':
mesos_api = new string(optarg);
break;
- case 'N':
- inspector->set_hostname_and_port_resolution_mode(false);
- break;
case 'n':
try
{
@@ -368,6 +367,9 @@
}
break;
+ case 'R':
+ inspector->set_hostname_and_port_resolution_mode(true);
+ break;
case 'r':
infiles.push_back(optarg);
k8s_api = new string();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/userspace/sysdig/man/csysdig.8 new/sysdig-0.16.0/userspace/sysdig/man/csysdig.8
--- old/sysdig-0.15.1/userspace/sysdig/man/csysdig.8 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/userspace/sysdig/man/csysdig.8 2017-05-08 11:30:22.000000000 +0200
@@ -1,4 +1,7 @@
+.\" Automatically generated by Pandoc 1.19.2.1
+.\"
.TH "" "" "" "" ""
+.hy
.SS NAME
.PP
csysdig \- the ncurses user interface for sysdig
@@ -16,37 +19,19 @@
.IP \[bu] 2
Support for both live analysis and sysdig trace files.
Trace files can come from the same machine or from another machine.
-.PD 0
-.P
-.PD
.IP \[bu] 2
Visibility into a broad range of metrics, including CPU, memory, disk
I/O, network I/O.
-.PD 0
-.P
-.PD
.IP \[bu] 2
Ability to observe input/output activity for processes, files, network
connections and more.
-.PD 0
-.P
-.PD
.IP \[bu] 2
Ability to drill down into processes, files, network connections and
more to further explore their behavior.
-.PD 0
-.P
-.PD
.IP \[bu] 2
Full customization support.
-.PD 0
-.P
-.PD
.IP \[bu] 2
Support for sysdig\[aq]s filtering language.
-.PD 0
-.P
-.PD
.IP \[bu] 2
Container support by design.
.PP
@@ -71,26 +56,14 @@
If you run csysdig without arguments, it will display live system data,
updating every 2 seconds.
To analyze a trace file, use the \-r command line flag.
-.PD 0
-.P
-.PD
.IP "2." 3
You can switch to a different view by using the \f[I]F2\f[] key.
-.PD 0
-.P
-.PD
.IP "3." 3
You can drill down into a selection by clicking \f[I]enter\f[].
You can navigate back by typing \f[I]backspace\f[].
-.PD 0
-.P
-.PD
.IP "4." 3
You can observe input/output for the currently selected entity by typing
\f[I]F5\f[]
-.PD 0
-.P
-.PD
.IP "5." 3
You can see sysdig events for the currently selected entity by typing
\f[I]F6\f[]
@@ -311,21 +284,12 @@
.SS MOUSE USAGE
.IP \[bu] 2
Clicking on column headers lets you sort the table.
-.PD 0
-.P
-.PD
.IP \[bu] 2
Double clicking on row entries performs a drill down.
-.PD 0
-.P
-.PD
.IP \[bu] 2
Clicking on the filter string at the top of the screen (the text after
\[aq]Filter:\[aq]) lets you change the sysdig filter and customize the
view content.
-.PD 0
-.P
-.PD
.IP \[bu] 2
You can use the mouse on the entries in the menu at the bottom of the
screen to perform their respective actions.
@@ -435,12 +399,6 @@
The API servers can also be specified via the environment variable
SYSDIG_MESOS_API.
.PP
-\f[B]\-N\f[]
-.PD 0
-.P
-.PD
-Don\[aq]t convert port numbers to names.
-.PP
\f[B]\-n\f[] \f[I]num\f[], \f[B]\-\-numevents\f[]=\f[I]num\f[]
.PD 0
.P
@@ -455,6 +413,12 @@
This will cause several of the views to contain additional
container\-related columns.
.PP
+\f[B]\-R\f[], \f[B]\-\-resolve\-ports\f[]
+.PD 0
+.P
+.PD
+Resolve port numbers to names.
+.PP
\f[B]\-r\f[] \f[I]readfile\f[], \f[B]\-\-read\f[]=\f[I]readfile\f[]
.PD 0
.P
@@ -480,7 +444,7 @@
truncation of some tracers at the beginning of the capture.
This option allows preventing that.
.PP
-\f[B]\-v\f[] \f[I]view\f[]id_, \f[B]\-\-views\f[]=\f[I]view\f[]id_
+\f[B]\-v\f[] \f[I]view_id\f[], \f[B]\-\-views\f[]=\f[I]view_id\f[]
.PD 0
.P
.PD
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/userspace/sysdig/man/csysdig.md new/sysdig-0.16.0/userspace/sysdig/man/csysdig.md
--- old/sysdig-0.15.1/userspace/sysdig/man/csysdig.md 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/userspace/sysdig/man/csysdig.md 2017-05-08 11:30:22.000000000 +0200
@@ -60,7 +60,7 @@
INTERACTIVE COMMANDS
--------------------
-##Views Window##
+## Views Window ##
**Arrows, PgUP, PgDn, Home, End**
Change the selection and scroll view content, both vertically and horizontally.
@@ -110,7 +110,7 @@
**F1, h, ?**
Show the help screen.
-##Echo and sysdig Windows##
+## Echo and sysdig Windows ##
**Arrows, PgUP, PgDn, Home, End**
Scroll the page content.
@@ -136,7 +136,7 @@
**CTRL+G**
Go to line.
-##Spectrogram Window##
+## Spectrogram Window ##
**F2**
Show the view picker. This will let you switch to another view.
@@ -183,9 +183,6 @@
**-m** _url[,marathon-url]_, **--mesos-api=**_url[,marathon-url]_
Enable Mesos support by connecting to the API server specified as argument (e.g. http://admin:password@127.0.0.1:5050). Mesos url is required. Marathon url is optional, defaulting to auto-follow - if Marathon API server is not provided, csysdig will attempt to retrieve (and subsequently follow, if it migrates) the location of Marathon API server from the Mesos master. Note that, with auto-follow, csysdig will likely receive a cluster internal IP address for Marathon API server, so running csysdig with Marathon auto-follow from a node that is not part of Mesos cluster may not work. Additionally, running csysdig with Mesos support on a node that has no containers managed by Mesos is of limited use because, although cluster metadata will be collected, there will be no Mesos/Marathon filtering capability. The API servers can also be specified via the environment variable SYSDIG_MESOS_API.
-
-**-N**
- Don't convert port numbers to names.
**-n** _num_, **--numevents**=_num_
Stop capturing after _num_ events
@@ -193,6 +190,9 @@
**-pc**, **-pcontainers**_
Instruct csysdig to use a container-friendly format in its views. This will cause several of the views to contain additional container-related columns.
+**-R**, **--resolve-ports**
+ Resolve port numbers to names.
+
**-r** _readfile_, **--read**=_readfile_
Read the events from _readfile_.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/userspace/sysdig/man/sysdig.8 new/sysdig-0.16.0/userspace/sysdig/man/sysdig.8
--- old/sysdig-0.15.1/userspace/sysdig/man/sysdig.8 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/userspace/sysdig/man/sysdig.8 2017-05-08 11:30:22.000000000 +0200
@@ -1,4 +1,7 @@
+.\" Automatically generated by Pandoc 1.19.2.1
+.\"
.TH "" "" "" "" ""
+.hy
.SS NAME
.PP
sysdig \- the definitive system and process troubleshooting tool
@@ -33,41 +36,20 @@
where:
.IP \[bu] 2
evt.num is the incremental event number
-.PD 0
-.P
-.PD
.IP \[bu] 2
evt.time is the event timestamp
-.PD 0
-.P
-.PD
.IP \[bu] 2
evt.cpu is the CPU number where the event was captured
-.PD 0
-.P
-.PD
.IP \[bu] 2
proc.name is the name of the process that generated the event
-.PD 0
-.P
-.PD
.IP \[bu] 2
thread.tid id the TID that generated the event, which corresponds to the
PID for single thread processes
-.PD 0
-.P
-.PD
.IP \[bu] 2
evt.dir is the event direction, > for enter events and < for exit events
-.PD 0
-.P
-.PD
.IP \[bu] 2
evt.type is the name of the event, e.g.
\[aq]open\[aq] or \[aq]read\[aq]
-.PD 0
-.P
-.PD
.IP \[bu] 2
evt.args is the list of event arguments.
.PP
@@ -413,13 +395,7 @@
The API servers can also be specified via the environment variable
SYSDIG_MESOS_API.
.PP
-\f[B]\-N\f[]
-.PD 0
-.P
-.PD
-Don\[aq]t convert port numbers to names.
-.PP
-\f[B]\-M\f[] \f[I]num\f[]seconds_
+\f[B]\-M\f[] \f[I]num_seconds\f[]
.PD 0
.P
.PD
@@ -462,6 +438,12 @@
.PD
Read the events from \f[I]readfile\f[].
.PP
+\f[B]\-R\f[], \f[B]\-\-resolve\-ports\f[]
+.PD 0
+.P
+.PD
+Resolve port numbers to names.
+.PP
\f[B]\-S\f[], \f[B]\-\-summary\f[]
.PD 0
.P
@@ -536,7 +518,7 @@
.PD
Turn on file rotation for continuous capture, and limit the number of
files created to the specified number.
-Once the cap is reached, older files will be overwriten (ring buffer).
+Once the cap is reached, older files will be overwritten (ring buffer).
Use in conjunction with the \f[B]\-C\f[] / \f[B]\-G\f[] / \f[B]\-e\f[]
options to limit the size of each file based on number of megabytes,
seconds, and/or events (respectively).
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/userspace/sysdig/man/sysdig.md new/sysdig-0.16.0/userspace/sysdig/man/sysdig.md
--- old/sysdig-0.15.1/userspace/sysdig/man/sysdig.md 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/userspace/sysdig/man/sysdig.md 2017-05-08 11:30:22.000000000 +0200
@@ -156,9 +156,6 @@
**-m** _url[,marathon-url]_, **--mesos-api=**_url[,marathon-url]_
Enable Mesos support by connecting to the API server specified as argument (e.g. http://admin:password@127.0.0.1:5050). Mesos url is required. Marathon url is optional, defaulting to auto-follow - if Marathon API server is not provided, sysdig will attempt to retrieve (and subsequently follow, if it migrates) the location of Marathon API server from the Mesos master. Note that, with auto-follow, sysdig will likely receive a cluster internal IP address for Marathon API server, so running sysdig with Marathon auto-follow from a node that is not part of Mesos cluster may not work. Additionally, running sysdig with Mesos support on a node that has no containers managed by Mesos is of limited use because, although cluster metadata will be collected, there will be no Mesos/Marathon filtering capability. The API servers can also be specified via the environment variable SYSDIG_MESOS_API.
-**-N**
- Don't convert port numbers to names.
-
**-M** _num_seconds_
Stop collecting after reaching
@@ -176,7 +173,10 @@
**-r** _readfile_, **--read**=_readfile_
Read the events from _readfile_.
-
+
+**-R**, **--resolve-ports**
+ Resolve port numbers to names.
+
**-S**, **--summary**
print the event summary (i.e. the list of the top events) when the capture ends.
@@ -202,7 +202,7 @@
Write the captured events to _writefile_.
**-W** _num_
- Turn on file rotation for continuous capture, and limit the number of files created to the specified number. Once the cap is reached, older files will be overwriten (ring buffer). Use in conjunction with the **-C** / **-G** / **-e** options to limit the size of each file based on number of megabytes, seconds, and/or events (respectively).
+ Turn on file rotation for continuous capture, and limit the number of files created to the specified number. Once the cap is reached, older files will be overwritten (ring buffer). Use in conjunction with the **-C** / **-G** / **-e** options to limit the size of each file based on number of megabytes, seconds, and/or events (respectively).
**-x**, **--print-hex**
Print data buffers in hex.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sysdig-0.15.1/userspace/sysdig/sysdig.cpp new/sysdig-0.16.0/userspace/sysdig/sysdig.cpp
--- old/sysdig-0.15.1/userspace/sysdig/sysdig.cpp 2017-03-28 11:17:05.000000000 +0200
+++ new/sysdig-0.16.0/userspace/sysdig/sysdig.cpp 2017-05-08 11:30:22.000000000 +0200
@@ -167,7 +167,6 @@
" The API servers can also be specified via the environment variable\n"
" SYSDIG_MESOS_API.\n"
" -M Stop collecting after reached.\n"
-" -N Don't convert port numbers to names.\n"
" -n <num>, --numevents=<num>\n"
" Stop capturing after <num> events\n"
" -P, --progress Print progress on stderr while processing trace files\n"
@@ -179,6 +178,7 @@
" See the examples section below for more info.\n"
" -q, --quiet Don't print events on the screen\n"
" Useful when dumping to disk.\n"
+" -R Resolve port numbers to names.\n"
" -r <readfile>, --read=<readfile>\n"
" Read the events from <readfile>.\n"
" -S, --summary print the event summary (i.e. the list of the top events)\n"
@@ -766,6 +766,7 @@
{"progress", required_argument, 0, 'P' },
{"print", required_argument, 0, 'p' },
{"quiet", no_argument, 0, 'q' },
+ {"resolve-ports", no_argument, 0, 'R'},
{"readfile", required_argument, 0, 'r' },
{"snaplen", required_argument, 0, 's' },
{"summary", no_argument, 0, 'S' },
@@ -787,7 +788,7 @@
try
{
inspector = new sinsp();
-
+ inspector->set_hostname_and_port_resolution_mode(false);
#ifdef HAS_CHISELS
add_chisel_dirs(inspector);
@@ -801,7 +802,7 @@
"C:"
"dDEe:F"
"G:"
- "hi:jk:K:lLm:M:Nn:Pp:qr:Ss:t:Tv"
+ "hi:jk:K:lLm:M:n:Pp:qRr:Ss:t:Tv"
"W:"
"w:xXz", long_options, &long_index)) != -1)
{
@@ -971,9 +972,6 @@
goto exit;
}
break;
- case 'N':
- inspector->set_hostname_and_port_resolution_mode(false);
- break;
case 'n':
try
{
@@ -1041,6 +1039,9 @@
case 'q':
quiet = true;
break;
+ case 'R':
+ inspector->set_hostname_and_port_resolution_mode(true);
+ break;
case 'r':
infiles.push_back(optarg);
k8s_api = new string();