wip

Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>

cmake/modules/sysdig.cmake

@@ -29,8 +29,8 @@ file(MAKE_DIRECTORY ${SYSDIG_CMAKE_WORKING_DIR})
 # default below In case you want to test against another sysdig version just pass the variable - ie., `cmake
 # -DSYSDIG_VERSION=dev ..`
 if(NOT SYSDIG_VERSION)
-  set(SYSDIG_VERSION "5c0b863ddade7a45568c0ac97d037422c9efb750")
+  set(SYSDIG_VERSION "new/next-per-cpu")
-  set(SYSDIG_CHECKSUM "SHA256=9de717b3a4b611ea6df56afee05171860167112f74bb7717b394bcc88ac843cd")
+  set(SYSDIG_CHECKSUM "SHA256=6d2b1881bc49629d448f6a08ab3e85d6cc4c74788f9ed9e13cb402a9958de303")
 endif()
 set(PROBE_VERSION "${SYSDIG_VERSION}")
 

userspace/falco/falco.cpp

@@ -30,6 +30,8 @@ limitations under the License.
 #include <sys/stat.h>
 #include <unistd.h>
 #include <getopt.h>
+#include <condition_variable>
+#include <chrono>
 
 #include <sinsp.h>
 
@@ -247,17 +249,14 @@ uint64_t do_inspect(falco_engine *engine,
 			int &result)
 {
 	uint64_t num_evts = 0;
-	int32_t rc;
-	sinsp_evt* ev;
 	StatsFileWriter writer;
-	uint64_t duration_start = 0;
 
-	sdropmgr.init(inspector,
+	// sdropmgr.init(inspector,
-		      outputs,
+	// 	      outputs,
-		      config.m_syscall_evt_drop_actions,
+	// 	      config.m_syscall_evt_drop_actions,
-		      config.m_syscall_evt_drop_rate,
+	// 	      config.m_syscall_evt_drop_rate,
-		      config.m_syscall_evt_drop_max_burst,
+	// 	      config.m_syscall_evt_drop_max_burst,
-		      config.m_syscall_evt_simulate_drops);
+	// 	      config.m_syscall_evt_simulate_drops);
 
 	if (stats_filename != "")
 	{
@@ -269,66 +268,45 @@ uint64_t do_inspect(falco_engine *engine,
 		}
 	}
 
+	uint32_t ndevs = inspector->get_open_ndevs();
+	std::vector<std::thread> threads(ndevs);
+	for(size_t i = 0; i < ndevs; i++)
+	{
+		threads.push_back(std::thread([inspector, engine, outputs, i, all_events] {
+			int32_t rc;
+			sinsp_evt *ev;
 			//
 			// Loop through the events
 			//
 			while(1)
 			{
+				rc = inspector->next_per_cpu(&ev, i);
 
-		rc = inspector->next(&ev);
+				// writer.handle();
 
-		writer.handle();
+				if(rc == SCAP_TIMEOUT)
-
-		if(g_reopen_outputs)
-		{
-			outputs->reopen_outputs();
-			g_reopen_outputs = false;
-		}
-
-		if(g_terminate)
-		{
-			falco_logger::log(LOG_INFO, "SIGINT received, exiting...\n");
-			break;
-		}
-		else if (g_restart)
-		{
-			falco_logger::log(LOG_INFO, "SIGHUP received, restarting...\n");
-			break;
-		}
-		else if(rc == SCAP_TIMEOUT)
 				{
 					continue;
 				}
 				else if(rc == SCAP_EOF)
 				{
-			break;
+					break; // todo > capire
 				}
 				else if(rc != SCAP_SUCCESS)
 				{
 					//
 					// Event read error.
-			// Notify the chisels that we're exiting, and then die with an error.
+					// Notify that we're exiting, and then die with an error.
 					//
 					cerr << "rc = " << rc << endl;
-			throw sinsp_exception(inspector->getlasterr().c_str());
+					throw sinsp_exception(inspector->getlasterr().c_str()); // TODO(leodido,fntlnz)
 				}
 
-		if (duration_start == 0)
+				// if(!sdropmgr.process_event(inspector, ev))
-		{
+				// {
-			duration_start = ev->get_ts();
+				// 	result = EXIT_FAILURE;
-		} else if(duration_to_tot_ns > 0)
+				// 	break;
-		{
+				// }
-			if(ev->get_ts() - duration_start >= duration_to_tot_ns)
-			{
-				break;
-			}
-		}
-
-		if(!sdropmgr.process_event(inspector, ev))
-		{
-			result = EXIT_FAILURE;
-			break;
-		}
 
 				if(!ev->simple_consumer_consider() && !all_events)
 				{
@@ -346,7 +324,43 @@ uint64_t do_inspect(falco_engine *engine,
 					outputs->handle_event(res->evt, res->rule, res->source, res->priority_num, res->format);
 				}
 
-		num_evts++;
+				// num_evts++;
+			}
+		}));
+	}
+	auto deadline = std::chrono::steady_clock::now() + std::chrono::nanoseconds(duration_to_tot_ns);
+
+	while(1)
+	{
+		if(std::chrono::steady_clock::now() >= deadline)
+		{
+			break;
+		}
+
+		if(g_reopen_outputs)
+		{
+			outputs->reopen_outputs();
+			g_reopen_outputs = false;
+		}
+
+		if(g_terminate)
+		{
+			falco_logger::log(LOG_INFO, "SIGINT received, exiting...\n");
+			break;
+		}
+		else if(g_restart)
+		{
+			falco_logger::log(LOG_INFO, "SIGHUP received, restarting...\n");
+			break;
+		}
+	}
+
+	for(auto &t : threads)
+	{
+		if(t.joinable())
+		{
+			t.join();
+		}
 	}
 
 	return num_evts;