Add digwatch.fields() to Lua API

2025-06-27 23:27:20 +00:00 · 2016-03-01 13:49:51 -08:00 · 2016-03-01 13:49:51 -08:00 · 26fcf3415d
commit 26fcf3415d
parent 3195c8abea
4 changed files with 101 additions and 1 deletions
--- a/userspace/digwatch/CMakeLists.txt
+++ b/userspace/digwatch/CMakeLists.txt
@ -10,7 +10,7 @@ include_directories(${PROJECT_SOURCE_DIR}/../sysdig/userspace/libscap)
 include_directories(${PROJECT_SOURCE_DIR}/../sysdig/userspace/libsinsp)
 include_directories("${PROJECT_BINARY_DIR}/userspace/digwatch")

-add_executable(digwatch formats.cpp rules.cpp digwatch.cpp)
+add_executable(digwatch formats.cpp fields.cpp rules.cpp digwatch.cpp)

 target_link_libraries(digwatch sinsp)

--- a/userspace/digwatch/digwatch.cpp
+++ b/userspace/digwatch/digwatch.cpp
@ -19,6 +19,7 @@ extern "C" {
 #include <config_digwatch.h>
 #include "rules.h"
 #include "formats.h"
+#include "fields.h"
 #include "utils.h"


@ -218,6 +219,8 @@ int digwatch_init(int argc, char **argv)
 		digwatch_formats::init(inspector, ls);
 		digwatch_fields::init(inspector, ls);

+		digwatch_fields::init(inspector, ls);
+
 		rules->load_rules(rules_file);
 		inspector->set_filter(rules->get_filter());
 		inspector->open("");
--- a/userspace/digwatch/fields.cpp
+++ b/userspace/digwatch/fields.cpp
@ -0,0 +1,76 @@
+#include "fields.h"
+#include "chisel_api.h"
+#include "filterchecks.h"
+
+
+extern sinsp_filter_check_list g_filterlist;
+
+const static struct luaL_reg ll_digwatch [] =
+{
+	{"field", &digwatch_fields::field},
+	{NULL,NULL}
+};
+
+sinsp* digwatch_fields::s_inspector = NULL;
+
+std::map<string, sinsp_filter_check*> digwatch_fields::s_fieldname_map;
+
+
+void digwatch_fields::init(sinsp* inspector, lua_State *ls)
+{
+	s_inspector = inspector;
+
+	luaL_openlib(ls, "digwatch", ll_digwatch, 0);
+}
+
+int digwatch_fields::field(lua_State *ls)
+{
+
+	sinsp_filter_check* chk=NULL;
+
+	if (!lua_islightuserdata(ls, 1))
+	{
+		string err = "invalid argument passed to digwatch.field()";
+		fprintf(stderr, "%s\n", err.c_str());
+		throw sinsp_exception("digwatch.field() error");
+	}
+	sinsp_evt* evt = (sinsp_evt*)lua_topointer(ls, 1);
+
+	string fieldname = luaL_checkstring(ls, 2);
+
+	if (s_fieldname_map.count(fieldname) == 0)
+	{
+
+		chk = g_filterlist.new_filter_check_from_fldname(fieldname,
+								 s_inspector,
+								 false);
+
+		if(chk == NULL)
+		{
+			string err = "nonexistent fieldname passed to digwatch.field()" + string(fieldname);
+			fprintf(stderr, "%s\n", err.c_str());
+			throw sinsp_exception("digwatch.field() error");
+		}
+
+		chk->parse_field_name(fieldname.c_str(), true);
+		s_fieldname_map[fieldname] = chk;
+	}
+	else
+	{
+		chk = s_fieldname_map[fieldname];
+	}
+
+	uint32_t vlen;
+	uint8_t* rawval = chk->extract(evt, &vlen);
+
+	if(rawval != NULL)
+	{
+		return lua_cbacks::rawval_to_lua_stack(ls, rawval, chk->get_field_info(), vlen);
+	}
+	else
+	{
+		lua_pushnil(ls);
+		return 1;
+	}
+}
+
--- a/userspace/digwatch/fields.h
+++ b/userspace/digwatch/fields.h
@ -0,0 +1,21 @@
+#pragma once
+
+#include "sinsp.h"
+
+extern "C" {
+#include "lua.h"
+#include "lualib.h"
+#include "lauxlib.h"
+}
+
+class digwatch_fields
+{
+ public:
+	static void init(sinsp* inspector, lua_State *ls);
+
+	// value = digwatch.field(evt, fieldname)
+	static int field(lua_State *ls);
+
+	static sinsp* s_inspector;
+	static std::map<string, sinsp_filter_check*> s_fieldname_map;
+};