chore(output): Remove group ID from output (#231)

mozillazg · Jan 18, 2025 · 3f1dab8 · 3f1dab8
1 parent 3f9ca04
commit 3f1dab8
Show file tree

Hide file tree

Showing 20 changed files with 38 additions and 71 deletions.
diff --git a/bpf/bpf_arm64_bpfel.go b/bpf/bpf_arm64_bpfel.go
diff --git a/bpf/bpf_arm64_bpfel.o b/bpf/bpf_arm64_bpfel.o
diff --git a/bpf/bpf_legacy_arm64_bpfel.o b/bpf/bpf_legacy_arm64_bpfel.o
diff --git a/bpf/bpf_legacy_x86_bpfel.o b/bpf/bpf_legacy_x86_bpfel.o
diff --git a/bpf/bpf_no_tracing_arm64_bpfel.o b/bpf/bpf_no_tracing_arm64_bpfel.o
diff --git a/bpf/bpf_no_tracing_x86_bpfel.o b/bpf/bpf_no_tracing_x86_bpfel.o
diff --git a/bpf/bpf_x86_bpfel.go b/bpf/bpf_x86_bpfel.go
diff --git a/bpf/bpf_x86_bpfel.o b/bpf/bpf_x86_bpfel.o
diff --git a/bpf/process.h b/bpf/process.h
@@ -22,7 +22,6 @@ struct process_meta_t {
     u32 netns_id;
     u32 tid;
     u32 uid;
-    u32 gid;
     char tname[TASK_COMM_LEN];
     char cgroup_name[MAX_CGROUP_NAME_LEN];
 };
@@ -252,14 +251,7 @@ static __always_inline void fill_process_meta(struct task_struct *task, struct p
     BPF_CORE_READ_INTO(&meta->netns_id, task, nsproxy, net_ns, ns.inum);
     BPF_CORE_READ_INTO(&meta->pid, task, tgid);
     BPF_CORE_READ_INTO(&meta->ppid, task, real_parent, tgid);
-
-    //    u64 uid_gid = bpf_get_current_uid_gid();
-    //    meta->uid = uid_gid & 0xFFFFFFFF;
-    //    meta->gid = uid_gid >> 32;
-    BPF_CORE_READ_INTO(&meta->uid, task, cred, uid);
-    BPF_CORE_READ_INTO(&meta->gid, task, cred, gid);
-
-    //    debug_log("uid %lld, gid %lld\n", meta->uid, meta->gid);
+    BPF_CORE_READ_INTO(&meta->uid, task, cred, uid.val);
 
     const char *cname = BPF_CORE_READ(task, cgroups, subsys[0], cgroup, kn, name);
     int size = bpf_core_read_str(&meta->cgroup_name, sizeof(meta->cgroup_name), cname);
@@ -379,7 +371,6 @@ static __always_inline void clone_process_meta(struct process_meta_t *origin, st
     target->netns_id = origin->netns_id;
     target->pidns_id = origin->pidns_id;
     target->uid = origin->uid;
-    target->gid = origin->gid;
     __builtin_memcpy(&target->cgroup_name, &origin->cgroup_name, sizeof(origin->cgroup_name));
 }
 

diff --git a/internal/event/net.go b/internal/event/net.go
@@ -31,7 +31,6 @@ type Packet struct {
 	Pid       int
 	Tid       int
 	Uid       int
-	Gid       int
 	TName     string
 	MntNs     int
 	NetNs     int
@@ -56,15 +55,14 @@ func ParsePacketEvent(deviceCache *metadata.DeviceCache, event bpf.BpfPacketEven
 	p.Pid = int(event.Meta.Process.Pid)
 	p.Tid = int(event.Meta.Process.Tid)
 	p.Uid = int(event.Meta.Process.Uid)
-	p.Gid = int(event.Meta.Process.Gid)
 	p.TName = utils.GoString(event.Meta.Process.Tname[:])
 	p.MntNs = int(event.Meta.Process.MntnsId)
 	p.NetNs = int(event.Meta.Process.NetnsId)
 	p.CgroupName = utils.GoString(event.Meta.Process.CgroupName[:])
 	p.Device, _ = deviceCache.GetByIfindex(int(event.Meta.Ifindex), event.Meta.Process.NetnsId)
 
-	log.Infof("new packet event, thread: %s.%d, pid: %d, uid: %d, gid: %d, mntns: %d, netns: %d, cgroupName: %s",
-		p.TName, p.Tid, p.Pid, p.Uid, p.Gid, p.MntNs, p.NetNs, p.CgroupName)
+	log.Infof("new packet event, thread: %s.%d, pid: %d, uid: %d, mntns: %d, netns: %d, cgroupName: %s",
+		p.TName, p.Tid, p.Pid, p.Uid, p.MntNs, p.NetNs, p.CgroupName)
 
 	p.L3Protocol = event.Meta.L3Protocol
 	p.FirstLayer = firstLayerType(event.Meta.FirstLayer)

diff --git a/internal/event/process.go b/internal/event/process.go
@@ -47,8 +47,7 @@ func FromPacketOptions(opts pcapgo.NgPacketOptions) (types.ProcessExec, types.Pa
 	pctx := &types.PacketContext{
 		Process: types.Process{
 			ProcessBase: types.ProcessBase{
-				UserId:  -1,
-				GroupId: -1,
+				UserId: -1,
 			},
 		},
 	}
@@ -58,7 +57,6 @@ func FromPacketOptions(opts pcapgo.NgPacketOptions) (types.ProcessExec, types.Pa
 	p.Pid = pctx.Pid
 	p.Tid = pctx.Tid
 	p.Uid = pctx.UserId
-	p.Gid = pctx.GroupId
 	p.TName = pctx.TName
 	p.Filename = pctx.Cmd
 	p.FilenameTruncated = pctx.CmdTruncated

diff --git a/internal/metadata/process.go b/internal/metadata/process.go
@@ -93,19 +93,13 @@ func (c *ProcessCache) fillRunningProcesses(ctx context.Context) error {
 			}
 			args, _ := p.CmdlineSlice()
 			uid := -1
-			gid := -1
 			if uids, _ := p.Uids(); len(uids) > 0 {
 				uid = int(uids[0])
 			}
-			if gids, _ := p.Gids(); len(gids) > 0 {
-				gid = int(gids[0])
-			}
-
 			e := types.ProcessExec{
 				PPid:              ppid,
 				Pid:               int(p.Pid),
 				Uid:               uid,
-				Gid:               gid,
 				Filename:          filename,
 				FilenameTruncated: false,
 				Args:              args,
@@ -203,7 +197,6 @@ func (c *ProcessCache) AddItemWithContext(exec types.ProcessExec, rawCtx types.P
 				Tid:           0,
 				TName:         "",
 				UserId:        exec.Uid,
-				GroupId:       exec.Gid,
 				Args:          exec.Args,
 				ArgsTruncated: exec.ArgsTruncated,
 			},
@@ -255,7 +248,6 @@ func (c *ProcessCache) getProcessBase(pid int) types.ProcessBase {
 		Tid:           0,
 		TName:         "",
 		UserId:        -1,
-		GroupId:       -1,
 		Args:          args,
 		ArgsTruncated: false,
 	}

diff --git a/internal/parser/pcapng.go b/internal/parser/pcapng.go
@@ -57,7 +57,6 @@ func (p *PcapNGParser) Parse() (*event.Packet, error) {
 	e.Pid = exec.Pid
 	e.Tid = exec.Tid
 	e.Uid = exec.Uid
-	e.Gid = exec.Gid
 	e.TName = exec.TName
 	p.pcache.AddItemWithContext(exec, ctx)
 

diff --git a/internal/types/context.go b/internal/types/context.go
@@ -30,8 +30,6 @@ func (c *PacketContext) FromPacketComments(comments []string) {
 				c.TName = value
 			case "UserId":
 				c.UserId, _ = strconv.Atoi(value)
-			case "GroupId":
-				c.GroupId, _ = strconv.Atoi(value)
 			case "ParentPID":
 				c.Parent.Pid, _ = strconv.Atoi(value)
 			case "Command", "Cmd", "ParentCommand", "ParentCmd":

diff --git a/internal/types/process.go b/internal/types/process.go
@@ -12,7 +12,6 @@ type ProcessBase struct {
 	Tid          int
 	TName        string
 	UserId       int
-	GroupId      int
 
 	Args          []string
 	ArgsTruncated bool
@@ -39,7 +38,6 @@ type ProcessExec struct {
 	TName string
 
 	Uid int
-	Gid int
 
 	Filename          string
 	FilenameTruncated bool

diff --git a/internal/writer/pcapng.go b/internal/writer/pcapng.go
@@ -51,9 +51,6 @@ func (w *PcapNGWriter) Write(e *event.Packet) error {
 	if p.UserId == 0 && e.Uid != 0 {
 		p.UserId = e.Uid
 	}
-	if p.GroupId == 0 && e.Gid != 0 {
-		p.GroupId = e.Gid
-	}
 
 	opts := pcapgo.NgPacketOptions{}
 	if w.enhancedContext.ProcessContext() && p.Pid > 0 {
@@ -70,8 +67,7 @@ func (w *PcapNGWriter) Write(e *event.Packet) error {
 		}
 		if w.enhancedContext.UserContext() && p.UserId >= 0 {
 			opts.Comments = append(opts.Comments,
-				fmt.Sprintf("UserId: %d\nGroupId: %d",
-					p.UserId, p.GroupId),
+				fmt.Sprintf("UserId: %d", p.UserId),
 			)
 		}
 		if w.enhancedContext.ParentProcContext() && p.Parent.Pid > 0 {

diff --git a/internal/writer/stdout.go b/internal/writer/stdout.go
@@ -64,9 +64,6 @@ func (w *StdoutWriter) Write(e *event.Packet) error {
 	if p.UserId == 0 && e.Uid != 0 {
 		p.UserId = e.Uid
 	}
-	if p.GroupId == 0 && e.Gid != 0 {
-		p.GroupId = e.Gid
-	}
 
 	processInfo := ""
 	threadInfo := ""
@@ -85,7 +82,7 @@ func (w *StdoutWriter) Write(e *event.Packet) error {
 			threadInfo = fmt.Sprintf("Thread (tid %d, name %s)", p.Tid, p.TName)
 		}
 		if w.enhancedContext.UserContext() && p.UserId >= 0 {
-			userInfo = fmt.Sprintf("User (uid %d, gid %d)", p.UserId, p.GroupId)
+			userInfo = fmt.Sprintf("User (uid %d)", p.UserId)
 		}
 		if w.enhancedContext.ParentProcContext() && p.Parent.Pid > 0 {
 			parentProcInfo = fmt.Sprintf("ParentProc (pid %d, cmd %s, args %s)",

diff --git a/testdata/format/curl-user.pcapng b/testdata/format/curl-user.pcapng
diff --git a/testdata/format/curl-user.pcapng.-v.out.txt b/testdata/format/curl-user.pcapng.-v.out.txt
@@ -1,25 +1,25 @@
-14:40:20.276349 ens33 Out IP (tos 0x0, ttl 64, id 54926, offset 0, flags [DF], proto TCP (6), length 60)
-    10.0.2.15.43950 > 139.178.84.217.443: Flags [S], cksum 0xecc8, seq 2716706921, win 64240, options [mss 1460,sackOK,TS val 3379641114 ecr 0,nop,wscale 7], length 0
-    Process (pid 23592, cmd /usr/bin/curl, args curl https://kernel.org)
-    User (uid 1000, gid 1000)
-    ParentProc (pid 6007, cmd /usr/bin/bash, args -bash)
-14:40:20.780518 ens33 In IP (tos 0x0, ttl 128, id 7878, offset 0, flags [none], proto TCP (6), length 44)
-    139.178.84.217.443 > 10.0.2.15.43950: Flags [S.], cksum 0x65a7, seq 676670157, ack 2716706922, win 64240, options [mss 1460], length 0
-    Process (pid 23592, cmd /usr/bin/curl, args curl https://kernel.org)
-    User (uid 1000, gid 1000)
-    ParentProc (pid 6007, cmd /usr/bin/bash, args -bash)
-14:40:20.780771 ens33 Out IP (tos 0x0, ttl 64, id 54927, offset 0, flags [DF], proto TCP (6), length 40)
-    10.0.2.15.43950 > 139.178.84.217.443: Flags [.], cksum 0xecb4, seq 2716706922, ack 676670158, win 64240, length 0
-    Process (pid 23592, cmd /usr/bin/curl, args curl https://kernel.org)
-    User (uid 1000, gid 1000)
-    ParentProc (pid 6007, cmd /usr/bin/bash, args -bash)
-14:40:20.790480 ens33 In IP (tos 0x0, ttl 128, id 7880, offset 0, flags [none], proto TCP (6), length 40)
-    139.178.84.217.443 > 10.0.2.15.43950: Flags [.], cksum 0x7b5f, seq 676670158, ack 2716707439, win 64240, length 0
-    Process (pid 23592, cmd /usr/bin/curl, args curl https://kernel.org)
-    User (uid 1000, gid 1000)
-    ParentProc (pid 6007, cmd /usr/bin/bash, args -bash)
-14:40:20.790422 ens33 Out IP (tos 0x0, ttl 64, id 54928, offset 0, flags [DF], proto TCP (6), length 557)
-    10.0.2.15.43950 > 139.178.84.217.443: Flags [P.], cksum 0xeeb9, seq 2716706922:2716707439, ack 676670158, win 64240, length 517
-    Process (pid 23592, cmd /usr/bin/curl, args curl https://kernel.org)
-    User (uid 1000, gid 1000)
-    ParentProc (pid 6007, cmd /usr/bin/bash, args -bash)
+12:37:40.051539 ens33 Out IP (tos 0x0, ttl 64, id 48697, offset 0, flags [DF], proto TCP (6), length 60)
+    10.0.2.15.42906 > 139.178.84.217.443: Flags [S], cksum 0xecc8, seq 940329637, win 64240, options [mss 1460,sackOK,TS val 3421262256 ecr 0,nop,wscale 7], length 0
+    Process (pid 99722, cmd /usr/bin/curl, args curl https://kernel.org)
+    User (uid 1000)
+    ParentProc (pid 18840, cmd /usr/bin/bash, args -bash)
+12:37:40.561047 ens33 In IP (tos 0x0, ttl 128, id 6570, offset 0, flags [none], proto TCP (6), length 44)
+    139.178.84.217.443 > 10.0.2.15.42906: Flags [S.], cksum 0xefbd, seq 525694320, ack 940329638, win 64240, options [mss 1460], length 0
+    Process (pid 99722, cmd /usr/bin/curl, args curl https://kernel.org)
+    User (uid 1000)
+    ParentProc (pid 18840, cmd /usr/bin/bash, args -bash)
+12:37:40.562003 ens33 Out IP (tos 0x0, ttl 64, id 48698, offset 0, flags [DF], proto TCP (6), length 40)
+    10.0.2.15.42906 > 139.178.84.217.443: Flags [.], cksum 0xecb4, seq 940329638, ack 525694321, win 64240, length 0
+    Process (pid 99722, cmd /usr/bin/curl, args curl https://kernel.org)
+    User (uid 1000)
+    ParentProc (pid 18840, cmd /usr/bin/bash, args -bash)
+12:37:40.575411 ens33 In IP (tos 0x0, ttl 128, id 6572, offset 0, flags [none], proto TCP (6), length 40)
+    139.178.84.217.443 > 10.0.2.15.42906: Flags [.], cksum 0x576, seq 525694321, ack 940330155, win 64240, length 0
+    Process (pid 99722, cmd /usr/bin/curl, args curl https://kernel.org)
+    User (uid 1000)
+    ParentProc (pid 18840, cmd /usr/bin/bash, args -bash)
+12:37:40.574770 ens33 Out IP (tos 0x0, ttl 64, id 48699, offset 0, flags [DF], proto TCP (6), length 557)
+    10.0.2.15.42906 > 139.178.84.217.443: Flags [P.], cksum 0xeeb9, seq 940329638:940330155, ack 525694321, win 64240, length 517
+    Process (pid 99722, cmd /usr/bin/curl, args curl https://kernel.org)
+    User (uid 1000)
+    ParentProc (pid 18840, cmd /usr/bin/bash, args -bash)
diff --git a/testdata/format/curl-user.pcapng.out.txt b/testdata/format/curl-user.pcapng.out.txt
@@ -1,5 +1,5 @@
-14:40:20.276349 ens33 curl.23592 Out IP 10.0.2.15.43950 > 139.178.84.217.443: Flags [S], seq 2716706921, win 64240, options [mss 1460,sackOK,TS val 3379641114 ecr 0,nop,wscale 7], length 0, ParentProc [bash.6007]
-14:40:20.780518 ens33 curl.23592 In IP 139.178.84.217.443 > 10.0.2.15.43950: Flags [S.], seq 676670157, ack 2716706922, win 64240, options [mss 1460], length 0, ParentProc [bash.6007]
-14:40:20.780771 ens33 curl.23592 Out IP 10.0.2.15.43950 > 139.178.84.217.443: Flags [.], seq 2716706922, ack 676670158, win 64240, length 0, ParentProc [bash.6007]
-14:40:20.790480 ens33 curl.23592 In IP 139.178.84.217.443 > 10.0.2.15.43950: Flags [.], seq 676670158, ack 2716707439, win 64240, length 0, ParentProc [bash.6007]
-14:40:20.790422 ens33 curl.23592 Out IP 10.0.2.15.43950 > 139.178.84.217.443: Flags [P.], seq 2716706922:2716707439, ack 676670158, win 64240, length 517, ParentProc [bash.6007]
+12:37:40.051539 ens33 curl.99722 Out IP 10.0.2.15.42906 > 139.178.84.217.443: Flags [S], seq 940329637, win 64240, options [mss 1460,sackOK,TS val 3421262256 ecr 0,nop,wscale 7], length 0, ParentProc [bash.18840]
+12:37:40.561047 ens33 curl.99722 In IP 139.178.84.217.443 > 10.0.2.15.42906: Flags [S.], seq 525694320, ack 940329638, win 64240, options [mss 1460], length 0, ParentProc [bash.18840]
+12:37:40.562003 ens33 curl.99722 Out IP 10.0.2.15.42906 > 139.178.84.217.443: Flags [.], seq 940329638, ack 525694321, win 64240, length 0, ParentProc [bash.18840]
+12:37:40.575411 ens33 curl.99722 In IP 139.178.84.217.443 > 10.0.2.15.42906: Flags [.], seq 525694321, ack 940330155, win 64240, length 0, ParentProc [bash.18840]
+12:37:40.574770 ens33 curl.99722 Out IP 10.0.2.15.42906 > 139.178.84.217.443: Flags [P.], seq 940329638:940330155, ack 525694321, win 64240, length 517, ParentProc [bash.18840]