From c5b3d582c41bd84dd5c79ae0a1df3aaf8857b603 Mon Sep 17 00:00:00 2001 From: chriskaliX Date: Sun, 25 Feb 2024 22:43:01 +0800 Subject: [PATCH] edriver-rust: patch --- .gitignore | 1 + plugins/edriver-rust/src/bpf/common/edriver.h | 2 +- plugins/edriver-rust/src/events/execve.rs | 2 -- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 0b62aa47..d0f4cedf 100644 --- a/.gitignore +++ b/.gitignore @@ -57,3 +57,4 @@ Cargo.lock ncp-rst plugins/edriver/test/dist/2.txt target/ +plugins/edriver-rust/src/bpf/hades.skel.rs diff --git a/plugins/edriver-rust/src/bpf/common/edriver.h b/plugins/edriver-rust/src/bpf/common/edriver.h index 7dfb32c1..8ee28a8f 100644 --- a/plugins/edriver-rust/src/bpf/common/edriver.h +++ b/plugins/edriver-rust/src/bpf/common/edriver.h @@ -77,8 +77,8 @@ int rtp__process_exec(struct bpf_raw_tracepoint_args *ctx) SBT((&c), &proc_i->sinfo_v6, sizeof(struct hds_socket_info_v6)); else if (proc_i->family == AF_INET) SBT((&c), &proc_i->sinfo, sizeof(struct hds_socket_info)); + /* process tree */ SBT_CHAR((&c), &proc_i->pidtree); - return report_event(&c); } diff --git a/plugins/edriver-rust/src/events/execve.rs b/plugins/edriver-rust/src/events/execve.rs index a241473d..3a6404eb 100644 --- a/plugins/edriver-rust/src/events/execve.rs +++ b/plugins/edriver-rust/src/events/execve.rs @@ -46,7 +46,6 @@ impl Event for Execve { m.insert("sport".to_string(), sinfo.local_port); m.insert("dip".to_string(), sinfo.remote_addr); m.insert("dport".to_string(), sinfo.remote_port); - m.insert("pidtree".to_string(), parse_str(data, &mut idx)?); /* extra information */ m.insert("pod_name".to_string(), trans.ns_cache.get(pns, pid)); @@ -59,7 +58,6 @@ impl Event for Execve { m.insert("socket_argv".to_string(), trans.argv_cache.get(socket_pid)); } m.insert("exe_hash".to_string(), trans.hash_cache.get(exe)); - /* cache fresh */ trans.argv_cache.put(pid, argv);