Merge pull request #11 from draios/digwatch_fields

Digwatch fields

userspace/digwatch/CMakeLists.txt

@@ -10,7 +10,7 @@ include_directories(${PROJECT_SOURCE_DIR}/../sysdig/userspace/libscap)
 include_directories(${PROJECT_SOURCE_DIR}/../sysdig/userspace/libsinsp)
 include_directories("${PROJECT_BINARY_DIR}/userspace/digwatch")
 
-add_executable(digwatch formats.cpp rules.cpp digwatch.cpp)
+add_executable(digwatch formats.cpp fields.cpp rules.cpp digwatch.cpp)
 
 target_link_libraries(digwatch sinsp)
 

userspace/digwatch/digwatch.cpp

@@ -19,6 +19,7 @@ extern "C" {
 #include <config_digwatch.h>
 #include "rules.h"
 #include "formats.h"
+#include "fields.h"
 #include "utils.h"
 
 
@@ -52,7 +53,6 @@ string lua_on_event = "on_event";
 //
 void do_inspect(sinsp* inspector,
 		digwatch_rules* rules,
-		digwatch_formats* formats,
 		lua_State* ls)
 {
 	int32_t res;
@@ -119,7 +119,6 @@ int digwatch_init(int argc, char **argv)
 	int result = EXIT_SUCCESS;
 	sinsp* inspector = NULL;
 	digwatch_rules* rules = NULL;
-	digwatch_formats* formats = NULL;
 	int op;
 	sinsp_evt::param_fmt event_buffer_format = sinsp_evt::PF_NORMAL;
 	int long_index = 0;
@@ -216,7 +215,11 @@ int digwatch_init(int argc, char **argv)
 		luaL_openlibs(ls);
 
 		rules = new digwatch_rules(inspector, ls, lua_main_filename, lua_dir);
-		formats = new digwatch_formats(inspector, ls);
+
+		digwatch_formats::init(inspector, ls);
+		digwatch_fields::init(inspector, ls);
+
+		digwatch_fields::init(inspector, ls);
 
 		rules->load_rules(rules_file);
 		inspector->set_filter(rules->get_filter());
@@ -224,7 +227,6 @@ int digwatch_init(int argc, char **argv)
 
 		do_inspect(inspector,
 			   rules,
-			   formats,
 			   ls);
 
 		inspector->close();

userspace/digwatch/fields.cpp

@@ -0,0 +1,76 @@
+#include "fields.h"
+#include "chisel_api.h"
+#include "filterchecks.h"
+
+
+extern sinsp_filter_check_list g_filterlist;
+
+const static struct luaL_reg ll_digwatch [] =
+{
+	{"field", &digwatch_fields::field},
+	{NULL,NULL}
+};
+
+sinsp* digwatch_fields::s_inspector = NULL;
+
+std::map<string, sinsp_filter_check*> digwatch_fields::s_fieldname_map;
+
+
+void digwatch_fields::init(sinsp* inspector, lua_State *ls)
+{
+	s_inspector = inspector;
+
+	luaL_openlib(ls, "digwatch", ll_digwatch, 0);
+}
+
+int digwatch_fields::field(lua_State *ls)
+{
+
+	sinsp_filter_check* chk=NULL;
+
+	if (!lua_islightuserdata(ls, 1))
+	{
+		string err = "invalid argument passed to digwatch.field()";
+		fprintf(stderr, "%s\n", err.c_str());
+		throw sinsp_exception("digwatch.field() error");
+	}
+	sinsp_evt* evt = (sinsp_evt*)lua_topointer(ls, 1);
+
+	string fieldname = luaL_checkstring(ls, 2);
+
+	if (s_fieldname_map.count(fieldname) == 0)
+	{
+
+		chk = g_filterlist.new_filter_check_from_fldname(fieldname,
+								 s_inspector,
+								 false);
+
+		if(chk == NULL)
+		{
+			string err = "nonexistent fieldname passed to digwatch.field()" + string(fieldname);
+			fprintf(stderr, "%s\n", err.c_str());
+			throw sinsp_exception("digwatch.field() error");
+		}
+
+		chk->parse_field_name(fieldname.c_str(), true);
+		s_fieldname_map[fieldname] = chk;
+	}
+	else
+	{
+		chk = s_fieldname_map[fieldname];
+	}
+
+	uint32_t vlen;
+	uint8_t* rawval = chk->extract(evt, &vlen);
+
+	if(rawval != NULL)
+	{
+		return lua_cbacks::rawval_to_lua_stack(ls, rawval, chk->get_field_info(), vlen);
+	}
+	else
+	{
+		lua_pushnil(ls);
+		return 1;
+	}
+}
+

userspace/digwatch/fields.h

@@ -0,0 +1,21 @@
+#pragma once
+
+#include "sinsp.h"
+
+extern "C" {
+#include "lua.h"
+#include "lualib.h"
+#include "lauxlib.h"
+}
+
+class digwatch_fields
+{
+ public:
+	static void init(sinsp* inspector, lua_State *ls);
+
+	// value = digwatch.field(evt, fieldname)
+	static int field(lua_State *ls);
+
+	static sinsp* s_inspector;
+	static std::map<string, sinsp_filter_check*> s_fieldname_map;
+};

userspace/digwatch/formats.cpp

@@ -1,12 +1,7 @@
 #include "formats.h"
 
-extern "C" {
-#include "lua.h"
-#include "lualib.h"
-#include "lauxlib.h"
-}
 
-sinsp* g_inspector;
+sinsp* digwatch_formats::s_inspector = NULL;
 
 const static struct luaL_reg ll_digwatch [] =
 {
@@ -15,13 +10,11 @@ const static struct luaL_reg ll_digwatch [] =
 	{NULL,NULL}
 };
 
-digwatch_formats::digwatch_formats(sinsp* inspector, lua_State *ls)
+void digwatch_formats::init(sinsp* inspector, lua_State *ls)
 {
-	g_inspector = inspector;
+	s_inspector = inspector;
 
-	m_ls = ls;
+	luaL_openlib(ls, "digwatch", ll_digwatch, 0);
-
-	luaL_openlib(m_ls, "digwatch", ll_digwatch, 0);
 }
 
 int digwatch_formats::formatter(lua_State *ls)
@@ -30,7 +23,7 @@ int digwatch_formats::formatter(lua_State *ls)
 	sinsp_evt_formatter* formatter;
 	try
 	{
-		formatter = new sinsp_evt_formatter(g_inspector, format);
+		formatter = new sinsp_evt_formatter(s_inspector, format);
 	}
 	catch(sinsp_exception& e)
 	{

userspace/digwatch/formats.h

@@ -1,14 +1,19 @@
 #pragma once
 
 #include "sinsp.h"
-#include "lua_parser.h"
+
+extern "C" {
+#include "lua.h"
+#include "lualib.h"
+#include "lauxlib.h"
+}
 
 class sinsp_evt_formatter;
 
 class digwatch_formats
 {
  public:
-	digwatch_formats(sinsp* inspector, lua_State *ls);
+	static void init(sinsp* inspector, lua_State *ls);
 
 	// formatter = digwatch.formatter(format_string)
 	static int formatter(lua_State *ls);
@@ -16,6 +21,8 @@ class digwatch_formats
 	// formatted_string = digwatch.format_event(evt, formatter)
 	static int format_event(lua_State *ls);
 
+	static sinsp* s_inspector;
+
  private:
 	lua_State* m_ls;
 };