Feature

	tracing file access in layer level

Author: YLonely

errdefs/defs.go

@@ -0,0 +1,22 @@
+package errdefs
+
+import "fmt"
+
+type errWrongFormat struct {
+	s string
+}
+
+func (e errWrongFormat) Error() string {
+	return fmt.Sprintf("%v has wrong format", e.s)
+}
+
+func NewErrWrongFormat(s string) error {
+	return errWrongFormat{s: s}
+}
+
+func IsErrWrongFormat(err error) bool {
+	if _, ok := err.(errWrongFormat); ok {
+		return true
+	}
+	return false
+}

go.mod

@@ -3,6 +3,7 @@ module github.com/YLonely/sysdig-monitor
 go 1.12
 
 require (
+	github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect
 	github.com/Microsoft/go-winio v0.4.14 // indirect
 	github.com/docker/distribution v2.7.1+incompatible // indirect
 	github.com/docker/docker v1.13.1
@@ -16,11 +17,9 @@ require (
 	github.com/opencontainers/image-spec v1.0.1 // indirect
 	github.com/sirupsen/logrus v1.4.2
 	github.com/urfave/cli v1.22.1
-	golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3 // indirect
-	golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135 // indirect
+	golang.org/x/time v0.0.0-20191024005414-555d28b269f0 // indirect
 	google.golang.org/grpc v1.25.0 // indirect
 	gotest.tools v2.2.0+incompatible // indirect
-	honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc // indirect
 )
 
 replace github.com/docker/docker v1.13.1 => github.com/docker/engine v0.0.0-20190822205725-ed20165a37b4

go.sum

@@ -1,4 +1,6 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8=
+github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/Microsoft/go-winio v0.4.14 h1:+hMXMk01us9KgxGb7ftKQt2Xpf5hH/yky+TDA+qxleU=
 github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
@@ -26,6 +28,7 @@ github.com/gin-gonic/gin v1.4.0 h1:3tMoCCfM7ppqsR0ptz/wi1impNpT7/9wQtMZ8lr1mCQ=
 github.com/gin-gonic/gin v1.4.0/go.mod h1:OW2EZn3DO8Ln9oIKOvM++LBO+5UPHJJDH72/q/3rZdM=
 github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls=
 github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -100,7 +103,10 @@ golang.org/x/sys v0.0.0-20190422165155-953cdadca894 h1:Cz4ceDQGXuKRnVBDTS23GTn/p
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b h1:ag/x1USPSsqHud38I9BAC88qdNLDHHtQ4mlgQIZPPNA=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=

server/context/context.go

@@ -9,9 +9,8 @@ import (
 	"github.com/YLonely/sysdig-monitor/server/model"
 	"github.com/YLonely/sysdig-monitor/server/router"
 	"github.com/YLonely/sysdig-monitor/sysdig"
+	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
-    "github.com/docker/docker/api/types"
-
 )
 
 // Container represents a top level controller for container
@@ -21,7 +20,7 @@ type ContainerController struct {
 	ec chan sysdig.Event
 
 	// containers use container id as key
-	containers map[string]*container
+	containers map[string]*mutexContainer
 	// container process channels
 	containerCh map[string]chan containerEvent
 
@@ -32,15 +31,17 @@ type ContainerController struct {
 	dockerCli *client.Client
 }
 
-type container struct {
-	imageConfig *types.ImageInspect
-	m           sync.RWMutex
+type mutexContainer struct {
+	m sync.RWMutex
 	*model.Container
 }
 
-func newContainer(id, name string, imageConfig *types.ImageInspect) *container {
-	c := model.NewContainer(id, name)
-	return &container{Container: c, imageConfig: imageConfig}
+func newMutexContainer(id, name string, containerJSON *types.ContainerJSON) (*mutexContainer, error) {
+	c, err := model.NewContainer(id, name, containerJSON.GraphDriver.Data)
+	if err != nil {
+		return nil, err
+	}
+	return &mutexContainer{Container: c}, nil
 }
 
 const eventBufferLen = 512
@@ -50,7 +51,7 @@ const incompleteContainerName = "incomplete"
 func NewController(ctx context.Context, serverErrorChannel chan<- error) (controller.Controller, error) {
 	r := router.NewGroupRouter("/container")
 	sysdigServer := sysdig.NewServer()
-	res := &ContainerController{containerRouter: r, ec: sysdigServer.Subscribe(), containers: map[string]*container{}, containerCh: map[string]chan containerEvent{}}
+	res := &ContainerController{containerRouter: r, ec: sysdigServer.Subscribe(), containers: map[string]*mutexContainer{}, containerCh: map[string]chan containerEvent{}}
 
 	cli, err := client.NewClientWithOpts(client.FromEnv)
 	if err != nil {
@@ -104,12 +105,16 @@ func (cc *ContainerController) start(ctx context.Context) error {
 			}
 			log.L.Debug(ce)
 			if _, exists := cc.containers[containerID]; !exists {
-				config, err := cc.imageConfig(ctx, ce.image)
+				containerJSON, err := cc.containerJSON(ctx, containerID)
+				if err != nil {
+					log.L.WithError(err).WithField("container-id", containerID).Error("cant fetch container json")
+					continue
+				}
+				container, err := newMutexContainer(ce.containerID, containerName, containerJSON)
 				if err != nil {
-					log.L.WithError(err).WithField("container-id", containerID).Error("cant fetch image config")
+					log.L.WithError(err).WithField("container-id", containerID).Error("")
 					continue
 				}
-				container := newContainer(ce.containerID, containerName, config)
 				ch := make(chan containerEvent, eventBufferLen)
 				cc.cm.Lock()
 				cc.containers[containerID] = container
@@ -136,12 +141,12 @@ func (cc *ContainerController) start(ctx context.Context) error {
 	return nil
 }
 
-func (cc *ContainerController) imageConfig(ctx context.Context, id string) (*types.ImageInspect, error) {
-	imageConfig, _, err := cc.dockerCli.ImageInspectWithRaw(ctx, id)
+func (cc *ContainerController) containerJSON(ctx context.Context, id string) (*types.ContainerJSON, error) {
+	j, err := cc.dockerCli.ContainerInspect(ctx, id)
 	if err != nil {
 		return nil, err
 	}
-	return &imageConfig, nil
+	return &j, nil
 }
 
 func convert(e sysdig.Event) containerEvent {
@@ -159,6 +164,5 @@ func convert(e sysdig.Event) containerEvent {
 	res.rawRes = e.RawRes
 	res.syscallType = e.SyscallType
 	res.virtualtid = e.ThreadVirtualID
-	res.image = e.ContainerImage
 	return res
 }

server/controller/container/container.go

@@ -23,6 +23,7 @@ type FlattenConnection struct {
 type GetContainerResponse struct {
 	*model.Container
 	ActiveConnections []FlattenConnection `json:"active_connections"`
+	AccessedLayers    []*model.LayerInfo  `json:"accessed_layers"`
 }
 
 func (cc *ContainerController) getContainer(c *gin.Context) {
@@ -40,5 +41,10 @@ func (cc *ContainerController) getContainer(c *gin.Context) {
 	for meta, conn := range container.ActiveConnections {
 		flattenConns = append(flattenConns, FlattenConnection{Connection: *conn, ConnectionMeta: meta})
 	}
-	c.JSON(200, GetContainerResponse{Container: container.Container, ActiveConnections: flattenConns})
+	flattenLayersInfo := []*model.LayerInfo{}
+	for _, layer := range container.LayersInOrder {
+		flattenLayersInfo = append(flattenLayersInfo, container.AccessedLayers[layer])
+	}
+
+	c.JSON(200, GetContainerResponse{Container: container.Container, ActiveConnections: flattenConns, AccessedLayers: flattenLayersInfo})
 }

server/controller/container/routes.go

@@ -4,10 +4,12 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"os"
 	"strconv"
 	"strings"
 	"time"
 
+	"github.com/YLonely/sysdig-monitor/errdefs"
 	"github.com/YLonely/sysdig-monitor/log"
 	"github.com/YLonely/sysdig-monitor/server/model"
 )
@@ -29,10 +31,9 @@ type containerEvent struct {
 	rawRes              int
 	syscallType         string
 	virtualtid          int
-	image               string
 }
 
-func processLoop(ctx context.Context, c *container, ch chan containerEvent) error {
+func processLoop(ctx context.Context, c *mutexContainer, ch chan containerEvent) error {
 	var e containerEvent
 	var err error
 	for {
@@ -64,8 +65,8 @@ func processLoop(ctx context.Context, c *container, ch chan containerEvent) erro
 				}
 			} else {
 				// may have some other handler?
-				if err = handleNetwork(c.Container, e); err != nil {
-					//log.L.WithField("container-id", c.ID).WithError(err).Error("network handler error")
+				if err = handleNetwork(c.Container, e); err != nil && !errdefs.IsErrWrongFormat(err) {
+					log.L.WithField("container-id", c.ID).WithError(err).Warning("network handler error")
 				}
 			}
 			c.m.Unlock()
@@ -79,10 +80,14 @@ func handleSysCall(c *model.Container, e containerEvent) error {
 	if len(syscall) <= 0 {
 		return nil
 	}
-	if _, exists := c.IndividualCalls[syscall]; !exists {
-		c.IndividualCalls[syscall] = &model.SystemCall{Name: syscall}
+	var (
+		call   *model.SystemCall
+		exists bool
+	)
+	if call, exists = c.IndividualCalls[syscall]; !exists {
+		call = &model.SystemCall{Name: syscall}
+		c.IndividualCalls[syscall] = call
 	}
-	call := c.IndividualCalls[syscall]
 	call.Calls++
 	call.TotalTime += latency
 	c.SystemCalls.TotalCalls++
@@ -106,10 +111,14 @@ func handleNetIO(c *model.Container, e containerEvent) error {
 	}
 	// if event shows that a net io begins before "connect" or "accpet",
 	// we just ignore the error sequence and add a new connection
-	if _, exists := c.ActiveConnections[meta]; !exists {
-		c.ActiveConnections[meta] = &model.Connection{Type: e.fdType}
+	var (
+		conn   *model.Connection
+		exists bool
+	)
+	if conn, exists = c.ActiveConnections[meta]; !exists {
+		conn = &model.Connection{Type: e.fdType}
+		c.ActiveConnections[meta] = conn
 	}
-	conn := c.ActiveConnections[meta]
 	if e.isIORead {
 		conn.ReadIn += int64(bufLen)
 		c.Network.TotalReadIn += int64(bufLen)
@@ -123,14 +132,25 @@ func handleNetIO(c *model.Container, e containerEvent) error {
 func handleFileIO(c *model.Container, e containerEvent) error {
 	fileName := e.fdName
 	bufLen := e.bufferLen
-	if _, exists := c.AccessedFiles[fileName]; !exists {
-		c.AccessedFiles[fileName] = &model.File{Name: fileName}
+	var (
+		file   *model.File
+		exists bool
+	)
+
+	if file, exists = c.AccessedFiles[fileName]; !exists {
+		file = &model.File{Name: fileName}
+		err := attachToLayer(c, file)
+		if err != nil {
+			return nil
+		}
+		c.AccessedFiles[fileName] = file
 	}
-	file := c.AccessedFiles[fileName]
 	if e.isIOWrite {
 		file.WriteOut += int64(bufLen)
+		file.Layer.WriteOut += int64(bufLen)
 		c.FileSystem.TotalWriteOut += int64(bufLen)
 	} else if e.isIORead {
+		file.Layer.ReadIn += int64(bufLen)
 		file.ReadIn += int64(bufLen)
 		c.FileSystem.TotalReadIn += int64(bufLen)
 	}
@@ -179,7 +199,7 @@ func connectionMeta(fdname string) (model.ConnectionMeta, error) {
 	parts := strings.Split(fdname, "->")
 	meta := model.ConnectionMeta{}
 	if len(parts) != 2 {
-		return meta, fmt.Errorf("wrong connection meta format:%v", fdname)
+		return meta, errdefs.NewErrWrongFormat(fdname)
 	}
 	source, dest := parts[0], parts[1]
 
@@ -199,15 +219,27 @@ func splitAddress(address string) (string, int, error) {
 		err             error
 	)
 	if len(address) <= 1 {
-		return "", -1, errors.New("empty address")
+		return "", -1, errdefs.NewErrWrongFormat(address)
 	}
 	for portStart = len(address) - 1; portStart >= 0 && address[portStart] != ':'; portStart-- {
 	}
 	if portStart <= 0 {
-		return "", -1, errors.New("no port address")
+		return "", -1, errdefs.NewErrWrongFormat(address)
 	}
 	if port, err = strconv.Atoi(address[portStart+1:]); err != nil {
-		return "", -1, fmt.Errorf("wrong address format:%v", address)
+		return "", -1, errdefs.NewErrWrongFormat(address)
 	}
 	return address[:portStart], port, nil
 }
+
+func attachToLayer(c *model.Container, file *model.File) error {
+	fileName := file.Name
+	for _, dir := range c.LayersInOrder {
+		if _, err := os.Stat(dir + fileName); err == nil {
+			c.AccessedLayers[dir].AccessedFiles[fileName] = file
+			file.Layer = c.AccessedLayers[dir]
+			return nil
+		}
+	}
+	return fmt.Errorf("cant find file %v in any of lower layers", fileName)
+}