cleanup(libscap): Allow retries after encountering SCAP_EOF #1809

geraldcombs · 2024-04-23T02:07:03Z

Call gzclearerr if gzread returns fewer bytes than expected. This lets us "tail" a file being written by another process.

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind feature

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area API-version

/area build

/area CI

/area driver-kmod

/area driver-bpf

/area driver-modern-bpf

/area libscap-engine-bpf

/area libscap-engine-gvisor

/area libscap-engine-kmod

/area libscap-engine-modern-bpf

/area libscap-engine-nodriver

/area libscap-engine-noop

/area libscap-engine-source-plugin

/area libscap-engine-savefile

/area libscap

/area libpman

/area libsinsp

/area tests

/area proposals

Does this PR require a change in the driver versions?

/version driver-API-version-major

/version driver-API-version-minor

/version driver-API-version-patch

/version driver-SCHEMA-version-major

/version driver-SCHEMA-version-minor

/version driver-SCHEMA-version-patch

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

NONE

FedeDP · 2024-04-23T06:51:37Z

userspace/libscap/engine/savefile/scap_reader_gzfile.c

-    return gzread(((reader_handle_t*)r->handle)->m_file, buf, len);
+    int readsize = gzread(((reader_handle_t*)r->handle)->m_file, buf, len);
+
+    if (readsize < (int)len)


Can't all of this be handled by the client program?

I don't think so, at least with the current API. I'm trying to use sinsp::open_savefile() + sinsp::next() to read events from a file which is simultaneously being written by another process. The problem is that EOF handling in zlib is sticky; it changes its internal state when it reaches the end of input which in turn causes subsequent sinsp::next() calls to fail with SCAP_EOF even after more data has been written to the file.

The gzread documentation recommends using gzclearerr in this case. I don't think I can do so from the client side because we don't appear expose the gzFile handle.

Thanks for the clarification, LGTM!

FedeDP · 2024-04-23T08:08:30Z

/milestone TBD

Call gzclearerr if gzread returns fewer bytes than expected. This lets us "tail" a file being written by another process. Signed-off-by: Gerald Combs <gerald@wireshark.org>

jasondellaluce

/approve

/milestone 0.17.0

poiana · 2024-04-24T04:11:46Z

LGTM label has been added.

Git tree hash: a3841cf57628ac62d83d8928fb0fe41122b1cfcb

jasondellaluce · 2024-04-24T04:11:59Z

/milestone TBD

FedeDP

/approve

poiana · 2024-04-24T06:48:12Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: FedeDP, geraldcombs, jasondellaluce

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [FedeDP,jasondellaluce]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

FedeDP · 2024-04-24T06:48:30Z

/milestone 0.17.0

poiana added release-note-none kind/cleanup dco-signoff: yes area/libscap-engine-savefile labels Apr 23, 2024

poiana requested review from hbrueckner and leogr April 23, 2024 02:07

poiana added the size/S label Apr 23, 2024

FedeDP reviewed Apr 23, 2024

View reviewed changes

poiana added this to the TBD milestone Apr 23, 2024

cleanup(libscap): Allow retries after encountering SCAP_EOF

7fef03e

Call gzclearerr if gzread returns fewer bytes than expected. This lets us "tail" a file being written by another process. Signed-off-by: Gerald Combs <gerald@wireshark.org>

geraldcombs force-pushed the gzread-eof branch from afc9426 to 7fef03e Compare April 23, 2024 16:38

jasondellaluce approved these changes Apr 24, 2024

View reviewed changes

poiana assigned jasondellaluce Apr 24, 2024

poiana modified the milestones: TBD, 0.17.0 Apr 24, 2024

poiana added the lgtm label Apr 24, 2024

poiana added the approved label Apr 24, 2024

poiana modified the milestones: 0.17.0, TBD Apr 24, 2024

FedeDP approved these changes Apr 24, 2024

View reviewed changes

poiana assigned FedeDP Apr 24, 2024

poiana modified the milestones: TBD, 0.17.0 Apr 24, 2024

poiana merged commit 13d73bf into falcosecurity:master Apr 24, 2024
39 of 40 checks passed

Andreagit97 removed this from the 0.17.0 milestone May 2, 2024

Andreagit97 added this to the 0.16.0 milestone May 2, 2024

Andreagit97 mentioned this pull request May 2, 2024

sync release 0.16.x #1822

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

cleanup(libscap): Allow retries after encountering SCAP_EOF #1809

cleanup(libscap): Allow retries after encountering SCAP_EOF #1809

geraldcombs commented Apr 23, 2024

FedeDP Apr 23, 2024

geraldcombs Apr 23, 2024

FedeDP Apr 24, 2024

FedeDP commented Apr 23, 2024

jasondellaluce left a comment

poiana commented Apr 24, 2024

jasondellaluce commented Apr 24, 2024

FedeDP left a comment

poiana commented Apr 24, 2024

FedeDP commented Apr 24, 2024

cleanup(libscap): Allow retries after encountering SCAP_EOF #1809

cleanup(libscap): Allow retries after encountering SCAP_EOF #1809

Conversation

geraldcombs commented Apr 23, 2024

FedeDP Apr 23, 2024

Choose a reason for hiding this comment

geraldcombs Apr 23, 2024

Choose a reason for hiding this comment

FedeDP Apr 24, 2024

Choose a reason for hiding this comment

FedeDP commented Apr 23, 2024

jasondellaluce left a comment

Choose a reason for hiding this comment

poiana commented Apr 24, 2024

jasondellaluce commented Apr 24, 2024

FedeDP left a comment

Choose a reason for hiding this comment

poiana commented Apr 24, 2024

FedeDP commented Apr 24, 2024