O_CREAT flag missing in File Flow OpenFlags #108
Description
Indicate project
libsysflow
Describe the bug
File Flows OpenFlags sometimes do not report O_CREAT (64) flag
To reproduce
Steps to reproduce the behavior:
- Build and run sf-collector example
- create a file
- copy the file to a new file using
cp
Expected behavior
OpenFlags should report O_CREAT flag usage. In the example, OpenFlags is expected to be > 64.
Environment:
- OS: Ubuntu 20.04.4 LTS
- kernel: 5.4.0-128-generic
- SysFlow version: v0.5.1 (from master branch)
- Configurations: eBPF driver
strace of cp execution
stat("newfile", 0x7fff362a3020) = -1 ENOENT (No such file or directory)
stat("testfile", {st_mode=S_IFREG|0664, st_size=0, ...}) = 0
newfstatat(AT_FDCWD, "newfile", 0x7fff362a2db0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "testfile", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0664, st_size=0, ...}) = 0
openat(AT_FDCWD, "newfile", O_WRONLY|O_CREAT|O_EXCL, 0664) = 4
fstat(4, {st_mode=S_IFREG|0664, st_size=0, ...}) = 0
fadvise64(3, 0, 0, POSIX_FADV_SEQUENTIAL) = 0
mmap(NULL, 139264, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff6fdc3a000
read(3, "", 131072) = 0
close(4) = 0
close(3) = 0
sf-collector example log
****************************************************************
Header: Exporter , IP , File name
Process: PID 18755 Creation Time, 1688466601525995515, Exe /usr/bin/cp, Exe Args testfile newfile, User Name vagrant, Group Name vagrant, TTY 1
File: Type 102, Path /home/vagrant/newfile
File Flow: TID 18755, OpFlags: 1152, OpenFlags 38, FD 4
****************************************************************