diff --git a/collector/lib/CollectorConfig.cpp b/collector/lib/CollectorConfig.cpp index fe8dd7cfc8c..78ffac2c395 100644 --- a/collector/lib/CollectorConfig.cpp +++ b/collector/lib/CollectorConfig.cpp @@ -58,6 +58,8 @@ BoolEnvVar use_podman_ce("ROX_COLLECTOR_CE_USE_PODMAN", false); BoolEnvVar enable_introspection("ROX_COLLECTOR_INTROSPECTION_ENABLE", false); +BoolEnvVar track_send_recv("ROX_COLLECTOR_TRACK_SEND_RECV", false); + } // namespace constexpr bool CollectorConfig::kTurnOffScrape; @@ -87,9 +89,16 @@ void CollectorConfig::InitCollectorConfig(CollectorArgs* args) { use_docker_ce_ = use_docker_ce.value(); use_podman_ce_ = use_podman_ce.value(); enable_introspection_ = enable_introspection.value(); + track_send_recv_ = track_send_recv.value(); for (const auto& syscall : kSyscalls) { - syscalls_.push_back(syscall); + syscalls_.emplace_back(syscall); + } + + if (track_send_recv_) { + for (const auto& syscall : kSendRecvSyscalls) { + syscalls_.emplace_back(syscall); + } } // Get hostname @@ -395,7 +404,8 @@ std::ostream& operator<<(std::ostream& os, const CollectorConfig& c) { << ", set_import_users:" << c.ImportUsers() << ", collect_connection_status:" << c.CollectConnectionStatus() << ", enable_detailed_metrics:" << c.EnableDetailedMetrics() - << ", enable_external_ips:" << c.EnableExternalIPs(); + << ", enable_external_ips:" << c.EnableExternalIPs() + << ", track_send_recv:" << c.TrackingSendRecv(); } // Returns size of ring buffers to be allocated. diff --git a/collector/lib/CollectorConfig.h b/collector/lib/CollectorConfig.h index 55de8fad636..d18dbcc4071 100644 --- a/collector/lib/CollectorConfig.h +++ b/collector/lib/CollectorConfig.h @@ -34,10 +34,6 @@ class CollectorConfig { "getsockopt", "procexit", "procinfo", - "recvmmsg", - "recvmsg", - "sendmmsg", - "sendmsg", "setresgid", "setresuid", "setgid", @@ -49,6 +45,12 @@ class CollectorConfig { #endif "vfork", }; + static constexpr const char* kSendRecvSyscalls[] = { + "sendmsg", + "sendmmsg", + "recvmsg", + "recvmmsg", + }; static const UnorderedSet kIgnoredL4ProtoPortPairs; static constexpr bool kEnableProcessesListeningOnPorts = true; @@ -84,6 +86,7 @@ class CollectorConfig { bool UseDockerCe() const { return use_docker_ce_; } bool UsePodmanCe() const { return use_podman_ce_; } bool IsIntrospectionEnabled() const { return enable_introspection_; } + bool TrackingSendRecv() const { return track_send_recv_; } const std::vector& GetConnectionStatsQuantiles() const { return connection_stats_quantiles_; } double GetConnectionStatsError() const { return connection_stats_error_; } unsigned int GetConnectionStatsWindow() const { return connection_stats_window_; } @@ -122,6 +125,7 @@ class CollectorConfig { bool use_docker_ce_; bool use_podman_ce_; bool enable_introspection_; + bool track_send_recv_; std::vector connection_stats_quantiles_; double connection_stats_error_; unsigned int connection_stats_window_; diff --git a/collector/lib/NetworkSignalHandler.cpp b/collector/lib/NetworkSignalHandler.cpp index c3a67e84f53..f910d0143a3 100644 --- a/collector/lib/NetworkSignalHandler.cpp +++ b/collector/lib/NetworkSignalHandler.cpp @@ -1,5 +1,6 @@ #include "NetworkSignalHandler.h" +#include #include #include @@ -35,7 +36,7 @@ EventMap modifiers = { } // namespace NetworkSignalHandler::NetworkSignalHandler(sinsp* inspector, std::shared_ptr conn_tracker, system_inspector::Stats* stats) - : event_extractor_(std::make_unique()), conn_tracker_(std::move(conn_tracker)), stats_(stats), collect_connection_status_(true) { + : event_extractor_(std::make_unique()), conn_tracker_(std::move(conn_tracker)), stats_(stats), collect_connection_status_(true), track_send_recv_(false) { event_extractor_->Init(inspector); } @@ -139,7 +140,10 @@ SignalHandler::Result NetworkSignalHandler::HandleSignal(sinsp_evt* evt) { } std::vector NetworkSignalHandler::GetRelevantEvents() { - return {"close<", "shutdown<", "connect<", "accept<", "getsockopt<", "recvmsg<", "sendmsg<", "recvmsg>", "sendmsg>"}; + if (track_send_recv_) { + return {"close<", "shutdown<", "connect<", "accept<", "getsockopt<", "recvmsg<", "sendmsg<", "recvmsg>", "sendmsg>"}; + } + return {"close<", "shutdown<", "connect<", "accept<", "getsockopt<"}; } bool NetworkSignalHandler::Stop() { diff --git a/collector/lib/NetworkSignalHandler.h b/collector/lib/NetworkSignalHandler.h index 79c77b36825..a6fbba00853 100644 --- a/collector/lib/NetworkSignalHandler.h +++ b/collector/lib/NetworkSignalHandler.h @@ -29,6 +29,7 @@ class NetworkSignalHandler final : public SignalHandler { bool Stop() override; void SetCollectConnectionStatus(bool collect_connection_status) { collect_connection_status_ = collect_connection_status; } + void SetTrackSendRecv(bool track_send_recv) { track_send_recv_ = track_send_recv; } private: std::optional GetConnection(sinsp_evt* evt); @@ -38,6 +39,7 @@ class NetworkSignalHandler final : public SignalHandler { system_inspector::Stats* stats_; bool collect_connection_status_; + bool track_send_recv_; }; } // namespace collector diff --git a/collector/lib/system-inspector/Service.cpp b/collector/lib/system-inspector/Service.cpp index cd2c4ef6b2b..1671dca94e4 100644 --- a/collector/lib/system-inspector/Service.cpp +++ b/collector/lib/system-inspector/Service.cpp @@ -51,6 +51,7 @@ void Service::Init(const CollectorConfig& config, std::shared_ptr(inspector_.get(), conn_tracker, &userspace_stats_); network_signal_handler_->SetCollectConnectionStatus(config.CollectConnectionStatus()); + network_signal_handler_->SetTrackSendRecv(config.TrackingSendRecv()); AddSignalHandler(std::move(network_signal_handler_)); }