Use unix helper

castai · Dec 10, 2024 · 738aad9 · 738aad9
1 parent 29371a1
commit 738aad9
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 9 deletions.
diff --git a/pkg/ebpftracer/decoder/decoder.go b/pkg/ebpftracer/decoder/decoder.go
@@ -20,6 +20,7 @@ import (
 	"github.com/castai/kvisor/pkg/net/packet"
 	"github.com/google/gopacket"
 	"github.com/google/gopacket/layers"
+	"golang.org/x/sys/unix"
 )
 
 type Decoder struct {
@@ -602,11 +603,7 @@ func (decoder *Decoder) ReadProtoDNS() (*types.ProtoDNS, error) {
 // ProcessNameString converts raw process name to readable string.
 // Since it's a C-like string it can contain NUL byte.
 func ProcessNameString(raw []byte) string {
-	nulByteIndex := bytes.IndexByte(raw[:], 0)
-	if nulByteIndex == -1 {
-		return string(raw)
-	}
-	return string(raw[:nulByteIndex])
+	return unix.ByteSliceToString(raw)
 }
 
 func ToProtoDNS(details *packet.PacketDetails, dnsPacketParser *layers.DNS) *castpb.DNS {

diff --git a/pkg/ebpftracer/tracer_playground_test.go b/pkg/ebpftracer/tracer_playground_test.go
@@ -272,9 +272,10 @@ func getInitializedMountNamespacePIDStore(procHandler *proc.Proc) *types.PIDsPer
 }
 
 var ingoredProcesses = map[string]struct{}{
-	"sshd":    {},
-	"coredns": {},
-	"kubelet": {},
+	"sshd":     {},
+	"coredns":  {},
+	"kubelet":  {},
+	"iptables": {},
 }
 
 func printEvent(tr *ebpftracer.Tracer, e *types.Event) {
@@ -285,11 +286,13 @@ func printEvent(tr *ebpftracer.Tracer, e *types.Event) {
 	}
 
 	fmt.Printf(
-		"ts=%d  event=%s cgroup=%d pid=%d proc=%s ",
+		"ts=%d  event=%s cgroup=%d host_pid=%d pid=%d ppid=%d proc=%s ",
 		e.Context.Ts,
 		eventName,
 		e.Context.CgroupID,
 		e.Context.HostPid,
+		e.Context.Pid,
+		e.Context.Ppid,
 		procName,
 	)
 
@@ -336,6 +339,13 @@ func printEvent(tr *ebpftracer.Tracer, e *types.Event) {
 			fmt.Printf(" answer=%s", answer.String())
 		}
 		fmt.Printf("\n")
+	case events.SchedProcessExec:
+		args, ok := e.Args.(types.SchedProcessExecArgs)
+		if !ok {
+			panic("not args")
+		}
+		fmt.Printf("file=%s args=%v", args.Filepath, args.Argv)
+	case events.SchedProcessFork, events.SchedProcessExit:
 	default:
 		fmt.Printf("args=%+v", e.Args)
 	}