2016-04-13 12:17:46 +00:00
|
|
|
description = "description";
|
|
|
|
short_description = "desc";
|
|
|
|
category = "Net";
|
|
|
|
|
|
|
|
args = {}
|
|
|
|
|
|
|
|
require "common"
|
|
|
|
|
|
|
|
local fields = {}
|
|
|
|
function on_init()
|
|
|
|
local mapping = {
|
|
|
|
isread = "evt.is_io_read",
|
|
|
|
buflen = "evt.buflen",
|
2016-05-09 15:33:33 +00:00
|
|
|
--proc = "proc.name",
|
|
|
|
--pid = "proc.pid",
|
|
|
|
--tid = "thread.tid",
|
|
|
|
--container = "container.name",
|
2016-04-13 12:17:46 +00:00
|
|
|
sip = "fd.sip",
|
|
|
|
sport = "fd.sport",
|
|
|
|
cip = "fd.cip",
|
|
|
|
cport = "fd.cport",
|
|
|
|
evt_type = "evt.type",
|
|
|
|
proto = "fd.l4proto",
|
|
|
|
lip = "fd.lip",
|
|
|
|
}
|
|
|
|
for k,v in pairs(mapping) do
|
|
|
|
fields[k] = chisel.request_field(v)
|
|
|
|
end
|
2016-05-09 15:33:33 +00:00
|
|
|
--key_fields = {fields.container, fields.proc, fields.pid, fields.tid, fields.proto, fields.sip, fields.sport, fields.cip, fields.cport}
|
|
|
|
key_fields = {fields.proto, fields.sip, fields.sport, fields.cip, fields.cport}
|
2016-04-13 12:17:46 +00:00
|
|
|
|
|
|
|
sysdig.set_snaplen(0)
|
2016-05-09 15:33:33 +00:00
|
|
|
chisel.set_filter("evt.is_io=true and fd.rip exists and container.name!=host")
|
2016-04-13 12:17:46 +00:00
|
|
|
return true
|
|
|
|
end
|
|
|
|
|
|
|
|
local stats = {}
|
2016-05-09 15:33:33 +00:00
|
|
|
-- localize function to save scope lookups
|
|
|
|
local table_concat = table.concat
|
|
|
|
local evt_field = evt.field
|
|
|
|
local ipairs = ipairs
|
2016-04-13 12:17:46 +00:00
|
|
|
|
|
|
|
function on_event()
|
|
|
|
-- only capture connections of servers
|
2016-05-09 15:33:33 +00:00
|
|
|
local fields = fields
|
|
|
|
local sip = evt_field(fields.sip)
|
2016-04-13 12:17:46 +00:00
|
|
|
|
2016-05-09 15:33:33 +00:00
|
|
|
if not (evt_field(fields.lip) == sip or evt_field(fields.rip) == sip) then
|
|
|
|
return true
|
2016-04-13 12:17:46 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
local t = { }
|
|
|
|
for k,v in ipairs(key_fields) do
|
2016-05-09 15:33:33 +00:00
|
|
|
t[k] = tostring(evt_field(v))
|
2016-04-13 12:17:46 +00:00
|
|
|
end
|
|
|
|
|
2016-05-09 15:33:33 +00:00
|
|
|
if evt.field(fields.isread) then
|
|
|
|
t[#t+1] = "rx"
|
|
|
|
else
|
|
|
|
t[#t+1] = "tx"
|
|
|
|
end
|
|
|
|
local key = table_concat(t, "\t")
|
2016-04-13 12:17:46 +00:00
|
|
|
|
2016-05-09 15:33:33 +00:00
|
|
|
stats[key] = (stats[key] or 0) + (evt_field(fields.buflen) or 0)
|
2016-04-13 12:17:46 +00:00
|
|
|
|
|
|
|
return true
|
|
|
|
end
|
|
|
|
|
|
|
|
function on_capture_start()
|
|
|
|
hostname = sysdig.get_machine_info().hostname
|
|
|
|
return true
|
|
|
|
end
|
|
|
|
|
|
|
|
function on_capture_end()
|
|
|
|
for k, v in pairs(stats) do
|
2016-05-09 15:33:33 +00:00
|
|
|
io.write(k, "\t", v, "\n")
|
2016-04-13 12:17:46 +00:00
|
|
|
end
|
|
|
|
end
|