99 lines
2.2 KiB
Lua
99 lines
2.2 KiB
Lua
description = "description";
|
|
short_description = "desc";
|
|
category = "Net";
|
|
|
|
args = {}
|
|
|
|
require "common"
|
|
|
|
local fields = {}
|
|
function on_init()
|
|
local mapping = {
|
|
isread = "evt.is_io_read",
|
|
buflen = "evt.buflen",
|
|
proc = "proc.name",
|
|
pid = "proc.pid",
|
|
tid = "thread.tid",
|
|
container = "container.name",
|
|
sip = "fd.sip",
|
|
sport = "fd.sport",
|
|
cip = "fd.cip",
|
|
cport = "fd.cport",
|
|
evt_type = "evt.type",
|
|
proto = "fd.l4proto",
|
|
lip = "fd.lip",
|
|
}
|
|
for k,v in pairs(mapping) do
|
|
fields[k] = chisel.request_field(v)
|
|
end
|
|
key_fields = {fields.container, fields.proc, fields.pid, fields.tid, fields.proto, fields.sip, fields.sport, fields.cip, fields.cport}
|
|
|
|
sysdig.set_snaplen(0)
|
|
chisel.set_filter("evt.is_io=true and (fd.type=ipv4 or fd.type=ipv6) and fd.rip exists and fd.lip exists and container.name!=host")
|
|
return true
|
|
end
|
|
|
|
local stats = {}
|
|
|
|
local DEBUG = false
|
|
|
|
function on_event()
|
|
-- only capture connections of servers
|
|
local sip = evt.field(fields.sip)
|
|
if not (evt.field(fields.lip) == sip or evt.field(fields.rip) == sip) then
|
|
return true
|
|
end
|
|
|
|
local dir
|
|
if evt.field(fields.isread) then
|
|
dir = "rx"
|
|
else
|
|
dir = "tx"
|
|
end
|
|
|
|
if DEBUG then
|
|
function to_s(v)
|
|
return (evt.field(v) or "nil").." "
|
|
end
|
|
io.write("DEBUG: ",
|
|
to_s(fields.container),
|
|
to_s(fields.proc),
|
|
to_s(fields.pid),
|
|
to_s(fields.tid),
|
|
to_s(fields.proto),
|
|
to_s(fields.sip),
|
|
to_s(fields.sport),
|
|
to_s(fields.cip),
|
|
to_s(fields.cport),
|
|
to_s(fields.lip),
|
|
dir, "\n")
|
|
end
|
|
|
|
local t = { }
|
|
for k,v in ipairs(key_fields) do
|
|
t[#t+1] = tostring(evt.field(v))
|
|
end
|
|
|
|
t[#t+1] = dir
|
|
local key = table.concat(t, "\t")
|
|
|
|
stats[key] = (stats[key] or 0) + (evt.field(fields.buflen) or 0)
|
|
|
|
return true
|
|
end
|
|
|
|
function string.starts(string, prefix)
|
|
return string.sub(string, 1, string.len(start)) == prefix
|
|
end
|
|
|
|
function on_capture_start()
|
|
hostname = sysdig.get_machine_info().hostname
|
|
return true
|
|
end
|
|
|
|
function on_capture_end()
|
|
for k, v in pairs(stats) do
|
|
io.write(hostname, "\t", k, "\t", v, "\n")
|
|
end
|
|
end
|