@@ -1686,13 +1686,64 @@ void sinsp_parser::parse_socket_exit(sinsp_evt *evt)
1686
1686
1687
1687
void sinsp_parser::parse_bind_exit (sinsp_evt *evt)
1688
1688
{
1689
+ sinsp_evt_param *parinfo;
1690
+ int64_t retval;
1689
1691
const char *parstr;
1692
+ uint8_t *packed_data;
1693
+ uint8_t family;
1690
1694
1691
1695
if (evt->m_fdinfo == NULL )
1692
1696
{
1693
1697
return ;
1694
1698
}
1695
1699
1700
+ parinfo = evt->get_param (0 );
1701
+ ASSERT (parinfo->m_len == sizeof (uint64_t ));
1702
+ retval = *(int64_t *)parinfo->m_val ;
1703
+
1704
+ if (retval < 0 )
1705
+ {
1706
+ return ;
1707
+ }
1708
+
1709
+ parinfo = evt->get_param (1 );
1710
+ if (parinfo->m_len == 0 )
1711
+ {
1712
+ //
1713
+ // No address, there's nothing we can really do with this.
1714
+ // This happens for socket types that we don't support, so we have the assertion
1715
+ // to make sure that this is not a type of socket that we support.
1716
+ //
1717
+ ASSERT (!(evt->m_fdinfo ->is_unix_socket () || evt->m_fdinfo ->is_ipv4_socket ()));
1718
+ return ;
1719
+ }
1720
+
1721
+ packed_data = (uint8_t *)parinfo->m_val ;
1722
+
1723
+ family = *packed_data;
1724
+
1725
+ //
1726
+ // Update the FD info with this tuple, assume that if port > 0, means that
1727
+ // the socket is used for listening
1728
+ //
1729
+ if (family == PPM_AF_INET)
1730
+ {
1731
+ uint16_t port = *(uint16_t *)(packed_data + 5 );
1732
+ if (port > 0 )
1733
+ {
1734
+ evt->m_fdinfo ->m_type = SCAP_FD_IPV4_SERVSOCK;
1735
+ evt->m_fdinfo ->m_sockinfo .m_ipv4serverinfo .m_port = port;
1736
+ }
1737
+ }
1738
+ else if (family == PPM_AF_INET6)
1739
+ {
1740
+ uint16_t port = *(uint16_t *)(packed_data + 17 );
1741
+ if (port > 0 )
1742
+ {
1743
+ evt->m_fdinfo ->m_type = SCAP_FD_IPV6_SERVSOCK;
1744
+ evt->m_fdinfo ->m_sockinfo .m_ipv6serverinfo .m_port = port;
1745
+ }
1746
+ }
1696
1747
//
1697
1748
// Update the name of this socket
1698
1749
//
0 commit comments