Exe name missing in Exe field #106
Description
Indicate project
libsysflow
Describe the bug
The exe name is sometimes not reported
To reproduce
Steps to reproduce the behavior:
- Build and run sf-collector example
- Compile and run code example reported below
Expected behavior
The exe name should be reported. In the example, Exe is expected to show /usr/bin/sh.
Environment:
- OS: Ubuntu 20.04.4 LTS
- kernel: 5.4.0-128-generic
- SysFlow version: v0.5.1 (from master branch)
- Configurations: eBPF driver
Code example
#define _GNU_SOURCE
#include <sys/syscall.h>
#include <linux/fs.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdio.h>
#include <errno.h>
int main(){
const char* pathname = "/usr/bin/sh";
const char* argv[] = { NULL };
const char* envp[] = { NULL };
int rc = syscall( SYS_execve, pathname, argv, envp);
printf("errno: %d\n", errno);
}sf-collector example log
****************************************************************
Header: Exporter , IP , File name
Process: PID 15200 Creation Time, 1688463614759252239, Exe /usr/bin/bash, Exe Args , User Name vagrant, Group Name vagrant, TTY 1
Proc Evt: TID 15200, OpFlags 1, Ret 0
****************************************************************
****************************************************************
Header: Exporter , IP , File name
Process: PID 15200 Creation Time, 1688463614759252239, Exe /home/vagrant/syscall-testers-master/execve_no_args, Exe Args , User Name vagrant, Group Name vagrant, TTY 1
Proc Evt: TID 15200, OpFlags 2, Ret 0
****************************************************************
****************************************************************
Header: Exporter , IP , File name
Process: PID 15200 Creation Time, 1688463614759252239, Exe /home/vagrant/syscall-testers-master/execve_no_args, Exe Args , User Name vagrant, Group Name vagrant, TTY 1
File: Type 102, Path /etc/ld.so.cache
File Flow: TID 15200, OpFlags: 9344, OpenFlags 4097, FD 3
****************************************************************
****************************************************************
Header: Exporter , IP , File name
Process: PID 15200 Creation Time, 1688463614759252239, Exe /home/vagrant/syscall-testers-master/execve_no_args, Exe Args , User Name vagrant, Group Name vagrant, TTY 1
File: Type 102, Path /lib/x86_64-linux-gnu/libc.so.6
File Flow: TID 15200, OpFlags: 9600, OpenFlags 4097, FD 3
****************************************************************
****************************************************************
Header: Exporter , IP , File name
Process: PID 15200 Creation Time, 1688463614759252239, Exe , Exe Args , User Name vagrant, Group Name vagrant, TTY 1
Proc Evt: TID 15200, OpFlags 2, Ret 0
****************************************************************
****************************************************************
Header: Exporter , IP , File name
Process: PID 15200 Creation Time, 1688463614759252239, Exe , Exe Args , User Name vagrant, Group Name vagrant, TTY 1
File: Type 102, Path /etc/ld.so.cache
File Flow: TID 15200, OpFlags: 9344, OpenFlags 4097, FD 3
****************************************************************
****************************************************************
Header: Exporter , IP , File name
Process: PID 15200 Creation Time, 1688463614759252239, Exe , Exe Args , User Name vagrant, Group Name vagrant, TTY 1
File: Type 102, Path /lib/x86_64-linux-gnu/libc.so.6
File Flow: TID 15200, OpFlags: 9600, OpenFlags 4097, FD 3
****************************************************************
****************************************************************
Header: Exporter , IP , File name
Process: PID 15200 Creation Time, 1688463614759252239, Exe , Exe Args , User Name vagrant, Group Name vagrant, TTY 1
File: Type 102, Path /dev/tty
File Flow: TID 15200, OpFlags: 1152, OpenFlags 3, FD 3
****************************************************************