File: base.cpp

package info (click to toggle)
falcosecurity-libs 0.1.1dev%2Bgit20220316.e5c53d64-5.1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 4,732 kB
  • sloc: cpp: 55,770; ansic: 37,330; makefile: 74; sh: 13
file content (99 lines) | stat: -rw-r--r-- 2,696 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
 
#include "base.h"

#include "sinsp.h"

using namespace libsinsp::container_engine;

void docker_base::cleanup()
{
	m_docker_info_source.reset(NULL);
}

bool
docker_base::resolve_impl(sinsp_threadinfo *tinfo, const docker_lookup_request& request, bool query_os_for_missing_info)
{
	container_cache_interface *cache = &container_cache();
	if(!m_docker_info_source)
	{
		g_logger.log("docker_async: Creating docker async source",
			     sinsp_logger::SEV_DEBUG);
		uint64_t max_wait_ms = 10000;
		auto src = new docker_async_source(docker_async_source::NO_WAIT_LOOKUP, max_wait_ms, cache);
		m_docker_info_source.reset(src);
	}

	tinfo->m_container_id = request.container_id;

	sinsp_container_info::ptr_t container_info = cache->get_container(request.container_id);

	if(!container_info)
	{
		if(!query_os_for_missing_info)
		{
			auto container = sinsp_container_info();
			container.m_type = request.container_type;
			container.m_id = request.container_id;
			cache->notify_new_container(container, tinfo);
			return true;
		}

#ifdef HAS_CAPTURE
		if(cache->should_lookup(request.container_id, request.container_type))
		{
			g_logger.format(sinsp_logger::SEV_DEBUG,
					"docker_async (%s): No existing container info",
					request.container_id.c_str());

			// give docker a chance to return metadata for this container
			cache->set_lookup_status(request.container_id, request.container_type, sinsp_container_lookup_state::STARTED);
			parse_docker(request, cache);
		}
#endif
		return false;
	}

	// Returning true will prevent other container engines from
	// trying to resolve the container, so only return true if we
	// have complete metadata.
	return container_info->is_successful();
}

void docker_base::parse_docker(const docker_lookup_request& request, container_cache_interface *cache)
{
	auto cb = [cache](const docker_lookup_request& request, const sinsp_container_info& res)
	{
		g_logger.format(sinsp_logger::SEV_DEBUG,
				"docker (%s): Source callback result=%d",
				request.container_id.c_str(),
				res.m_lookup_state);

		cache->notify_new_container(res);
	};

	sinsp_container_info result;

	bool done;
	if (cache->async_allowed())
	{
		done = m_docker_info_source->lookup(request, result, cb);
	}
	else
	{
		done = m_docker_info_source->lookup_sync(request, result);
	}
	if (done)
	{
		// if a previous lookup call already found the metadata, process it now
		cb(request, result);

		if(cache->async_allowed())
		{
			// This should *never* happen, in async mode as ttl is 0 (never wait)
			g_logger.format(sinsp_logger::SEV_ERROR,
					"docker_async (%s): Unexpected immediate return from docker_info_source.lookup()",
					request.container_id.c_str());

		}
	}
}