fix argument parse and assign in ProcessCache

alibaba · Feb 26, 2025 · 4a206d3 · 4a206d3
1 parent 58b1ee7
commit 4a206d3
Show file tree

Hide file tree

Showing 30 changed files with 481 additions and 337 deletions.
diff --git a/core/common/ProcParser.cpp b/core/common/ProcParser.cpp
@@ -77,44 +77,33 @@ std::string ProcParser::ReadPIDLink(uint32_t pid, const std::string& filename) c
     return netStr;
 }
 
-std::string ProcParser::ReadPIDFile(uint32_t pid, const std::string& filename, const std::string& delimiter) const {
+std::string ProcParser::ReadPIDFile(uint32_t pid, const std::string& filename) const {
     std::filesystem::path fpath = mProcPath / std::to_string(pid) / filename;
     std::ifstream ifs(fpath);
     if (!ifs) {
         return "";
     }
-    std::string line;
-    size_t fileSize = ifs.tellg();
-    std::string res;
-    res.reserve(fileSize << 1);
-    while (std::getline(ifs, line)) {
-        if (delimiter == "") {
-            res += line;
-        } else {
-            res += delimiter + line;
+    try {
+        std::string res((std::istreambuf_iterator<char>(ifs)), std::istreambuf_iterator<char>());
+        if (!res.empty() && res[res.size() - 1] == 0) {
+            res.pop_back();
         }
+        return res;
+    } catch (const std::ios_base::failure& e) {
     }
-    // Strip out extra null character at the end of the string.
-    if (!res.empty() && res[res.size() - 1] == 0) {
-        res.pop_back();
-    }
-    // Replace all nulls with spaces. Sometimes the command line has
-    // null to separate arguments and others it has spaces. We just make them all spaces
-    // and leave it to upstream code to tokenize properly.
-    std::replace(res.begin(), res.end(), static_cast<char>(0), ' ');
-    return res;
+    return "";
 }
 
 std::string ProcParser::GetPIDCmdline(uint32_t pid) const {
-    return ReadPIDFile(pid, "cmdline", "");
+    return ReadPIDFile(pid, "cmdline");
 }
 
 std::string ProcParser::GetPIDComm(uint32_t pid) const {
-    return ReadPIDFile(pid, "comm", "");
+    return ReadPIDFile(pid, "comm");
 }
 
 std::string ProcParser::GetPIDEnviron(uint32_t pid) const {
-    return ReadPIDFile(pid, "environ", "");
+    return ReadPIDFile(pid, "environ");
 }
 
 std::tuple<std::string, int> ProcParser::ProcsContainerIdOffset(const std::string& subdir) const {
@@ -183,7 +172,7 @@ std::tuple<std::string, int> ProcParser::ProcsFindDockerId(const std::string& cg
 }
 
 std::string ProcParser::GetPIDDockerId(uint32_t pid) const {
-    std::string cgroups = ReadPIDFile(pid, "cgroup", "\n");
+    std::string cgroups = ReadPIDFile(pid, "cgroup");
     auto [dockerId, offset] = ProcsFindDockerId(cgroups);
     LOG_DEBUG(sLogger, ("[GetPIDDockerId] failed, pid:", pid)("containerid", dockerId));
     return dockerId;
@@ -402,7 +391,7 @@ int ProcParser::FillStatus(uint32_t pid, Status& status) const {
 
 int ProcParser::FillLoginUid(uint32_t pid, Status& status) const {
     try {
-        std::string loginUid = ReadPIDFile(pid, "loginuid", "");
+        std::string loginUid = ReadPIDFile(pid, "loginuid");
         status.loginUid = loginUid;
     } catch (std::runtime_error& error) {
         return -1;

diff --git a/core/common/ProcParser.h b/core/common/ProcParser.h
@@ -24,7 +24,7 @@
 
 namespace logtail {
 
-// TODO use bpf...
+// TODO use definations in bpf_process_event_type.h
 #define DOCKER_ID_LENGTH 128
 
 enum class ApiEventFlag : uint32_t {
@@ -121,7 +121,7 @@ class ProcParser {
     std::filesystem::path ProcPidPath(uint32_t pid, const std::string& subpath) const;
     int FillStatus(uint32_t pid, Status& status) const;
     int FillLoginUid(uint32_t pid, Status& status) const;
-    std::string ReadPIDFile(uint32_t pid, const std::string& filename, const std::string& delimiter) const;
+    std::string ReadPIDFile(uint32_t pid, const std::string& filename) const;
     std::string ReadPIDLink(uint32_t pid, const std::string& filename) const;
     std::tuple<std::string, int> ProcsFindDockerId(const std::string& cgroups) const;
     std::vector<std::string> split(const std::string& str, char delimiter) const;

diff --git a/core/common/StringTools.h b/core/common/StringTools.h
@@ -16,12 +16,14 @@
 
 #pragma once
 #include <algorithm>
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wunused-local-typedefs"
+#include <boost/lexical_cast.hpp>
+#pragma GCC diagnostic pop
+#include <boost/regex.hpp>
 #include <string>
 #include <vector>
 
-#include "boost/lexical_cast.hpp"
-#include "boost/regex.hpp"
-
 #include "models/StringView.h"
 
 namespace logtail {
@@ -153,4 +155,99 @@ void RemoveFilePathTrailingSlash(std::string& path);
 int fnmatch(const char* pattern, const char* dirPath, int flag);
 #endif
 
+// trim from start (returns a new string_view)
+static inline std::string_view Ltrim(std::string_view s, const std::string_view blank = " \t\n\r\f\v") {
+    s.remove_prefix(std::min(s.find_first_not_of(blank), s.size()));
+    return s;
+}
+
+// trim from end (returns a new string_view)
+static inline std::string_view Rtrim(std::string_view s, const std::string_view blank = " \t\n\r\f\v") {
+    s.remove_suffix(std::min(s.size() - s.find_last_not_of(blank) - 1, s.size()));
+    return s;
+}
+
+// trim from both ends (returns a new string_view)
+static inline std::string_view Trim(std::string_view s) {
+    return Ltrim(Rtrim(s));
+}
+
+class StringViewSplitterIterator {
+public:
+    using iterator_category = std::forward_iterator_tag;
+    using value_type = std::string_view;
+    using difference_type = std::ptrdiff_t;
+    using pointer = value_type*;
+    using reference = value_type&;
+
+    StringViewSplitterIterator() = default;
+
+    StringViewSplitterIterator(std::string_view str, std::string_view delimiter)
+        : mStr(str), mDelimiter(delimiter), mPos(0) {
+        findNext();
+    }
+
+    value_type operator*() { return mField; }
+
+    pointer operator->() { return &mField; }
+
+    StringViewSplitterIterator& operator++() {
+        findNext();
+        return *this;
+    }
+
+    StringViewSplitterIterator operator++(int) {
+        StringViewSplitterIterator tmp = *this;
+        ++(*this);
+        return tmp;
+    }
+
+    friend bool operator==(const StringViewSplitterIterator& a, const StringViewSplitterIterator& b) {
+        return a.mPos == b.mPos;
+    }
+
+    friend bool operator!=(const StringViewSplitterIterator& a, const StringViewSplitterIterator& b) {
+        return !(a == b);
+    }
+
+private:
+    void findNext() {
+        if (mPos == std::string_view::npos) {
+            mField = {};
+            return;
+        }
+
+        auto end = mStr.find(mDelimiter, mPos);
+        if (end == std::string_view::npos) {
+            mField = mStr.substr(mPos);
+            mPos = std::string_view::npos;
+        } else {
+            mField = mStr.substr(mPos, end - mPos);
+            mPos = end + mDelimiter.size();
+        }
+    }
+
+    std::string_view mStr;
+    std::string_view mDelimiter;
+    std::string_view mField;
+    size_t mPos = std::string_view::npos;
+};
+
+class StringViewSplitter {
+public:
+    using value_type = std::string_view;
+    using iterator = StringViewSplitterIterator;
+
+    StringViewSplitter(std::string_view str, std::string_view delimiter) : mStr(str), mDelimiter(delimiter) {}
+
+    iterator begin() const { return iterator(mStr, mDelimiter); }
+
+    iterator end() const { return iterator(); }
+
+private:
+    std::string_view mStr;
+    std::string_view mDelimiter;
+};
+
+
 } // namespace logtail
diff --git a/core/ebpf/driver/EbpfDriver.cpp b/core/ebpf/driver/EbpfDriver.cpp
@@ -13,7 +13,10 @@
 // limitations under the License.
 
 
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wunused-function"
 #include <coolbpf/security.skel.h>
+#pragma GCC diagnostic pop
 
 #include "ebpf/include/export.h"
 

diff --git a/core/ebpf/driver/FileFilter.cpp b/core/ebpf/driver/FileFilter.cpp
@@ -17,7 +17,10 @@ extern "C" {
 #include <coolbpf/coolbpf.h>
 };
 
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wunused-function"
 #include <coolbpf/security.skel.h>
+#pragma GCC diagnostic pop
 #include <unistd.h>
 
 #include <string>

diff --git a/core/ebpf/driver/FileFilter.h b/core/ebpf/driver/FileFilter.h
@@ -17,7 +17,10 @@
 extern "C" {
 #include <bpf/libbpf.h>
 #include <coolbpf/coolbpf.h>
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wunused-function"
 #include <coolbpf/security.skel.h>
+#pragma GCC diagnostic pop
 };
 
 #include <unistd.h>

diff --git a/core/ebpf/driver/eBPFWrapper.h b/core/ebpf/driver/eBPFWrapper.h
@@ -15,7 +15,6 @@
 #pragma once
 
 extern "C" {
-
 #include <bpf/libbpf.h>
 #include <coolbpf/coolbpf.h>
 };

diff --git a/core/ebpf/eBPFServer.cpp b/core/ebpf/eBPFServer.cpp
@@ -192,7 +192,8 @@ void eBPFServer::Init() {
     mSourceManager = std::make_shared<SourceManager>();
     mSourceManager->Init();
 
-    mBaseManager = std::make_shared<ProcessCacheManager>(mSourceManager, mHostName, mHostPathPrefix, mDataEventQueue);
+    mProcessCacheManager
+        = std::make_shared<ProcessCacheManager>(mSourceManager, mHostName, mHostPathPrefix, mDataEventQueue);
     // ebpf config
     auto configJson = AppConfig::GetInstance()->GetConfig();
     mAdminConfig.LoadEbpfConfig(configJson);
@@ -279,8 +280,8 @@ bool eBPFServer::StartPluginInternal(const std::string& pipeline_name,
 
     if (type != PluginType::NETWORK_OBSERVE) {
         LOG_INFO(sLogger, ("hostname", mHostName)("mHostPathPrefix", mHostPathPrefix));
-        auto res = mBaseManager->Init();
-        LOG_INFO(sLogger, ("basemanager init ", res));
+        auto res = mProcessCacheManager->Init();
+        LOG_INFO(sLogger, ("ProcessCacheManager init ", res));
     }
 
     // init self monitor
@@ -296,10 +297,11 @@ bool eBPFServer::StartPluginInternal(const std::string& pipeline_name,
     switch (type) {
         case PluginType::PROCESS_SECURITY: {
             if (!pluginMgr) {
-                pluginMgr = ProcessSecurityManager::Create(mBaseManager, mSourceManager, mDataEventQueue, mScheduler);
+                pluginMgr
+                    = ProcessSecurityManager::Create(mProcessCacheManager, mSourceManager, mDataEventQueue, mScheduler);
                 UpdatePluginManager(type, pluginMgr);
             } else {
-                pluginMgr->UpdateBaseManager(mBaseManager);
+                pluginMgr->UpdateProcessCacheManager(mProcessCacheManager);
             }
             pluginMgr->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index);
             ret = (pluginMgr->Init(options) == 0);
@@ -308,10 +310,11 @@ bool eBPFServer::StartPluginInternal(const std::string& pipeline_name,
 
         case PluginType::NETWORK_OBSERVE: {
             if (!pluginMgr) {
-                pluginMgr = NetworkObserverManager::Create(mBaseManager, mSourceManager, mDataEventQueue, mScheduler);
+                pluginMgr
+                    = NetworkObserverManager::Create(mProcessCacheManager, mSourceManager, mDataEventQueue, mScheduler);
                 UpdatePluginManager(type, pluginMgr);
             } else {
-                pluginMgr->UpdateBaseManager(mBaseManager);
+                pluginMgr->UpdateProcessCacheManager(mProcessCacheManager);
             }
             NetworkObserveConfig nconfig;
             // TODO @qianlu.kk register k8s metadata callback for metric ??
@@ -324,10 +327,11 @@ bool eBPFServer::StartPluginInternal(const std::string& pipeline_name,
 
         case PluginType::NETWORK_SECURITY: {
             if (!pluginMgr) {
-                pluginMgr = NetworkSecurityManager::Create(mBaseManager, mSourceManager, mDataEventQueue, mScheduler);
+                pluginMgr
+                    = NetworkSecurityManager::Create(mProcessCacheManager, mSourceManager, mDataEventQueue, mScheduler);
                 UpdatePluginManager(type, pluginMgr);
             } else {
-                pluginMgr->UpdateBaseManager(mBaseManager);
+                pluginMgr->UpdateProcessCacheManager(mProcessCacheManager);
             }
 
             pluginMgr->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index);
@@ -337,10 +341,11 @@ bool eBPFServer::StartPluginInternal(const std::string& pipeline_name,
 
         case PluginType::FILE_SECURITY: {
             if (!pluginMgr) {
-                pluginMgr = FileSecurityManager::Create(mBaseManager, mSourceManager, mDataEventQueue, mScheduler);
+                pluginMgr
+                    = FileSecurityManager::Create(mProcessCacheManager, mSourceManager, mDataEventQueue, mScheduler);
                 UpdatePluginManager(type, pluginMgr);
             } else {
-                pluginMgr->UpdateBaseManager(mBaseManager);
+                pluginMgr->UpdateProcessCacheManager(mProcessCacheManager);
             }
             pluginMgr->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index);
             ret = (pluginMgr->Init(options) == 0);
@@ -379,7 +384,7 @@ bool eBPFServer::EnablePlugin(const std::string& pipeline_name,
     return StartPluginInternal(pipeline_name, plugin_index, type, ctx, options, mgr);
 }
 
-bool eBPFServer::CheckIfNeedStopBaseManager() const {
+bool eBPFServer::CheckIfNeedStopProcessCacheManager() const {
     std::lock_guard<std::mutex> lk(mMtx);
     auto nsMgr = mPlugins[static_cast<int>(PluginType::NETWORK_SECURITY)];
     auto psMgr = mPlugins[static_cast<int>(PluginType::PROCESS_SECURITY)];
@@ -412,13 +417,13 @@ bool eBPFServer::DisablePlugin(const std::string& pipeline_name, PluginType type
         pluginManager->UpdateContext(nullptr, -1, -1);
         int ret = pluginManager->Destroy();
         if (ret == 0) {
-            pluginManager->UpdateBaseManager(nullptr);
+            pluginManager->UpdateProcessCacheManager(nullptr);
             LOG_DEBUG(sLogger, ("stop plugin for", magic_enum::enum_name(type))("pipeline", pipeline_name));
             if (type == PluginType::NETWORK_SECURITY || type == PluginType::PROCESS_SECURITY
                 || type == PluginType::FILE_SECURITY) {
-                // check if we need stop basemanager
-                if (CheckIfNeedStopBaseManager()) {
-                    mBaseManager->Stop();
+                // check if we need stop ProcessCacheManager
+                if (CheckIfNeedStopProcessCacheManager()) {
+                    mProcessCacheManager->Stop();
                 }
             }
         } else {

diff --git a/core/ebpf/eBPFServer.h b/core/ebpf/eBPFServer.h
@@ -91,7 +91,7 @@ class eBPFServer : public InputRunner {
 
     std::string GetAllProjects();
 
-    bool CheckIfNeedStopBaseManager() const;
+    bool CheckIfNeedStopProcessCacheManager() const;
 
     void PollPerfBuffers();
     void HandlerEvents();
@@ -135,7 +135,7 @@ class eBPFServer : public InputRunner {
     CounterPtr mSuspendPluginTotal;
 
     // hold some managers ...
-    std::shared_ptr<ProcessCacheManager> mBaseManager;
+    std::shared_ptr<ProcessCacheManager> mProcessCacheManager;
 
     std::shared_ptr<Timer> mScheduler;
 

diff --git a/core/ebpf/plugin/AbstractManager.cpp b/core/ebpf/plugin/AbstractManager.cpp
@@ -27,11 +27,14 @@ const std::string AbstractManager::sEventTypeKey = "event_type";
 const std::string AbstractManager::sKprobeValue = "kprobe";
 
 
-AbstractManager::AbstractManager(std::shared_ptr<ProcessCacheManager> bm,
+AbstractManager::AbstractManager(std::shared_ptr<ProcessCacheManager> processCacheMgr,
                                  std::shared_ptr<SourceManager> sourceManager,
                                  moodycamel::BlockingConcurrentQueue<std::shared_ptr<CommonEvent>>& queue,
                                  std::shared_ptr<Timer> scheduler)
-    : mBaseManager(bm), mSourceManager(sourceManager), mCommonEventQueue(queue), mScheduler(scheduler) {
+    : mProcessCacheManager(processCacheMgr),
+      mSourceManager(sourceManager),
+      mCommonEventQueue(queue),
+      mScheduler(scheduler) {
     mTimeDiff = GetTimeDiffFromMonotonic();
 }