Skip to content

Exe full path missing in Exe field #107

New issue
New issue
Open
Open
Exe full path missing in Exe field#107
Labels
bugSomething isn't working
@dcarolloz

Description

@dcarolloz
dcarolloz
opened on Jul 4, 2023

Indicate project
libsysflow

Describe the bug
The exe full path is sometimes not reported

To reproduce
Steps to reproduce the behavior:

  1. Build and run sf-collector example
  2. Compile and run code example reported below

Expected behavior
The exe full path should be reported. In the example, Exe is expected to show /usr/bin/echo.

Environment:

  • OS: Ubuntu 20.04.4 LTS
  • kernel: 5.4.0-128-generic
  • SysFlow version: v0.5.1 (from master branch)
  • Configurations: eBPF driver

Code example

#define _GNU_SOURCE
#include <sys/syscall.h>
#include <linux/fs.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdio.h>
#include <errno.h>

int main(){
    const char* pathname = "/usr/bin/echo";
    const char* argv[] = { "echo", "arg1", "arg2", "arg3", "arg4", "arg5", NULL };
    const char* envp[] = { NULL };
    int rc = syscall( SYS_execve, pathname, argv, envp);
    printf("errno: %d\n", errno);
}

sf-collector example log

****************************************************************
Header: Exporter , IP , File name 
Process: PID 13246 Creation Time, 1688476758875589088, Exe /usr/bin/bash, Exe Args , User Name vagrant, Group Name vagrant, TTY 1
Proc Evt: TID 13246, OpFlags 1, Ret 23207
****************************************************************
****************************************************************
Header: Exporter , IP , File name 
Process: PID 23207 Creation Time, 1688476762777075981, Exe /usr/bin/bash, Exe Args , User Name vagrant, Group Name vagrant, TTY 1
Proc Evt: TID 23207, OpFlags 1, Ret 0
****************************************************************
****************************************************************
Header: Exporter , IP , File name 
Process: PID 23207 Creation Time, 1688476762777075981, Exe /home/vagrant/syscall-testers-master/execve, Exe Args , User Name vagrant, Group Name vagrant, TTY 1
Proc Evt: TID 23207, OpFlags 2, Ret 0
****************************************************************
****************************************************************
Header: Exporter , IP , File name 
Process: PID 23207 Creation Time, 1688476762777075981, Exe /home/vagrant/syscall-testers-master/execve, Exe Args , User Name vagrant, Group Name vagrant, TTY 1
File: Type 102, Path /etc/ld.so.cache
File Flow: TID 23207, OpFlags: 9344, OpenFlags 4097, FD 3
****************************************************************
****************************************************************
Header: Exporter , IP , File name 
Process: PID 23207 Creation Time, 1688476762777075981, Exe /home/vagrant/syscall-testers-master/execve, Exe Args , User Name vagrant, Group Name vagrant, TTY 1
File: Type 102, Path /lib/x86_64-linux-gnu/libc.so.6
File Flow: TID 23207, OpFlags: 9600, OpenFlags 4097, FD 3
****************************************************************
****************************************************************
Header: Exporter , IP , File name 
Process: PID 23207 Creation Time, 1688476762777075981, Exe echo, Exe Args arg1 arg2 arg3 arg4 arg5, User Name vagrant, Group Name vagrant, TTY 1
Proc Evt: TID 23207, OpFlags 2, Ret 0
****************************************************************
****************************************************************
Header: Exporter , IP , File name 
Process: PID 23207 Creation Time, 1688476762777075981, Exe echo, Exe Args arg1 arg2 arg3 arg4 arg5, User Name vagrant, Group Name vagrant, TTY 1
File: Type 102, Path /etc/ld.so.cache
File Flow: TID 23207, OpFlags: 9344, OpenFlags 4097, FD 3
****************************************************************
****************************************************************
Header: Exporter , IP , File name 
Process: PID 23207 Creation Time, 1688476762777075981, Exe echo, Exe Args arg1 arg2 arg3 arg4 arg5, User Name vagrant, Group Name vagrant, TTY 1
File: Type 102, Path /lib/x86_64-linux-gnu/libc.so.6
File Flow: TID 23207, OpFlags: 9600, OpenFlags 4097, FD 3
****************************************************************
****************************************************************
Header: Exporter , IP , File name 
Process: PID 23207 Creation Time, 1688476762777075981, Exe echo, Exe Args arg1 arg2 arg3 arg4 arg5, User Name vagrant, Group Name vagrant, TTY 1
File: Type 102, Path /dev/pts/1
File Flow: TID 23207, OpFlags: 1536, OpenFlags 0, FD 1
****************************************************************
****************************************************************
Header: Exporter , IP , File name 
Process: PID 23207 Creation Time, 1688476762777075981, Exe echo, Exe Args arg1 arg2 arg3 arg4 arg5, User Name vagrant, Group Name vagrant, TTY 1
File: Type 102, Path /dev/pts/1
File Flow: TID 23207, OpFlags: 1024, OpenFlags 0, FD 2
****************************************************************
****************************************************************
Header: Exporter , IP , File name 
Process: PID 23207 Creation Time, 1688476762777075981, Exe echo, Exe Args arg1 arg2 arg3 arg4 arg5, User Name vagrant, Group Name vagrant, TTY 1
Proc Evt: TID 23207, OpFlags 4, Ret 0
****************************************************************

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions