feat: add thread capabilities

Ref: EXP-2878
Signed-off-by: Mauro Sardara <[email protected]>

.gitmodules

@@ -3,7 +3,7 @@
     url = https://github.com/apache/avro.git
 [submodule "modules/sysflow"]
 	path = modules/sysflow
-	url = https://github.com/sysflow-telemetry/sf-apis.git
+	url = https://github.com/cisco-eti/sf-apis.git
 [submodule "modules/filesystem"]
 	path = modules/filesystem
 	url = https://github.com/gulrak/filesystem.git

src/libs/fileeventprocessor.cpp

@@ -100,6 +100,10 @@ int FileEventProcessor::writeLinkEvent(sinsp_evt *ev, OpFlags flag) {
   m_fileEvt.procOID.hpid = proc->proc.oid.hpid;
   m_fileEvt.procOID.createTS = proc->proc.oid.createTS;
   m_fileEvt.tid = ti->m_tid;
+  m_fileEvt.tCapEffective = sinsp_utils::caps_to_string(ti->m_cap_effective);
+  m_fileEvt.tCapInheritable =
+      sinsp_utils::caps_to_string(ti->m_cap_inheritable);
+  m_fileEvt.tCapPermitted = sinsp_utils::caps_to_string(ti->m_cap_permitted);
   m_fileEvt.ret = utils::getSyscallResult(ev);
   m_fileEvt.fileOID = file1->file.oid;
   m_fileEvt.newFileOID.set_FOID(file2->file.oid);
@@ -144,6 +148,11 @@ int FileEventProcessor::writeFileEvent(sinsp_evt *ev, OpFlags flag) {
   m_fileEvt.procOID.hpid = proc->proc.oid.hpid;
   m_fileEvt.procOID.createTS = proc->proc.oid.createTS;
   m_fileEvt.tid = ti->m_tid;
+  m_fileEvt.tCapEffective = sinsp_utils::caps_to_string(ti->m_cap_effective);
+  m_fileEvt.tCapEffective = sinsp_utils::caps_to_string(ti->m_cap_effective);
+  m_fileEvt.tCapInheritable =
+      sinsp_utils::caps_to_string(ti->m_cap_inheritable);
+  m_fileEvt.tCapPermitted = sinsp_utils::caps_to_string(ti->m_cap_permitted);
   m_fileEvt.ret = utils::getSyscallResult(ev);
   m_fileEvt.fileOID = file->file.oid;
   m_fileEvt.newFileOID.set_null();

src/libs/fileflowprocessor.cpp

@@ -54,6 +54,10 @@ inline void FileFlowProcessor::populateFileFlow(
   ff->fileflow.procOID.hpid = proc->proc.oid.hpid;
   ff->fileflow.procOID.createTS = proc->proc.oid.createTS;
   ff->fileflow.tid = ti->m_tid;
+  ff->fileflow.tCapEffective = sinsp_utils::caps_to_string(ti->m_cap_effective);
+  ff->fileflow.tCapInheritable =
+      sinsp_utils::caps_to_string(ti->m_cap_inheritable);
+  ff->fileflow.tCapPermitted = sinsp_utils::caps_to_string(ti->m_cap_permitted);
   ff->fileflow.fd = fd;
   ff->fileflow.fileOID = file->file.oid;
   if (!m_cxt->isConsumerMode()) {

src/libs/networkflowprocessor.cpp

@@ -96,6 +96,10 @@ inline void NetworkFlowProcessor::populateNetFlow(NetFlowObj *nf, OpFlags flag,
   nf->netflow.procOID.hpid = proc->proc.oid.hpid;
   nf->netflow.procOID.createTS = proc->proc.oid.createTS;
   nf->netflow.tid = ti->m_tid;
+  nf->netflow.tCapEffective = sinsp_utils::caps_to_string(ti->m_cap_effective);
+  nf->netflow.tCapInheritable =
+      sinsp_utils::caps_to_string(ti->m_cap_inheritable);
+  nf->netflow.tCapPermitted = sinsp_utils::caps_to_string(ti->m_cap_permitted);
   nf->netflow.sip = fdinfo->m_sockinfo.m_ipv4info.m_fields.m_sip;
   nf->netflow.dip = fdinfo->m_sockinfo.m_ipv4info.m_fields.m_dip;
   nf->netflow.sport = fdinfo->m_sockinfo.m_ipv4info.m_fields.m_sport;

src/libs/processeventprocessor.cpp

@@ -46,6 +46,10 @@ void ProcessEventProcessor::writeCloneEvent(sinsp_evt *ev) {
   m_procEvt.procOID.hpid = proc->proc.oid.hpid;
   m_procEvt.procOID.createTS = proc->proc.oid.createTS;
   m_procEvt.tid = ti->m_tid;
+  m_procEvt.tCapEffective = sinsp_utils::caps_to_string(ti->m_cap_effective);
+  m_procEvt.tCapInheritable =
+      sinsp_utils::caps_to_string(ti->m_cap_inheritable);
+  m_procEvt.tCapPermitted = sinsp_utils::caps_to_string(ti->m_cap_permitted);
   m_procEvt.ret = utils::getSyscallResult(ev);
   m_procEvt.args.clear();
   m_writer->writeProcessEvent(&m_procEvt, &(proc->proc));
@@ -66,6 +70,10 @@ void ProcessEventProcessor::writeSetUIDEvent(sinsp_evt *ev) {
   m_procEvt.procOID.hpid = proc->proc.oid.hpid;
   m_procEvt.procOID.createTS = proc->proc.oid.createTS;
   m_procEvt.tid = ti->m_tid;
+  m_procEvt.tCapEffective = sinsp_utils::caps_to_string(ti->m_cap_effective);
+  m_procEvt.tCapInheritable =
+      sinsp_utils::caps_to_string(ti->m_cap_inheritable);
+  m_procEvt.tCapPermitted = sinsp_utils::caps_to_string(ti->m_cap_permitted);
   m_procEvt.ret = utils::getSyscallResult(ev);
   m_procEvt.args.clear();
   m_procEvt.args.push_back(m_uid);
@@ -82,6 +90,10 @@ void ProcessEventProcessor::writeExitEvent(sinsp_evt *ev) {
   m_procEvt.procOID.hpid = proc->proc.oid.hpid;
   m_procEvt.procOID.createTS = proc->proc.oid.createTS;
   m_procEvt.tid = ti->m_tid;
+  m_procEvt.tCapEffective = sinsp_utils::caps_to_string(ti->m_cap_effective);
+  m_procEvt.tCapInheritable =
+      sinsp_utils::caps_to_string(ti->m_cap_inheritable);
+  m_procEvt.tCapPermitted = sinsp_utils::caps_to_string(ti->m_cap_permitted);
   m_procEvt.ret = utils::getSyscallResult(ev);
   m_procEvt.args.clear();
   int64_t tid = -1;
@@ -119,6 +131,11 @@ void ProcessEventProcessor::writeExecEvent(sinsp_evt *ev) {
   m_procEvt.procOID.hpid = proc->proc.oid.hpid;
   m_procEvt.procOID.createTS = proc->proc.oid.createTS;
   m_procEvt.tid = ti->m_tid;
+  m_procEvt.tCapEffective = sinsp_utils::caps_to_string(ti->m_cap_effective);
+  m_procEvt.tCapInheritable =
+      sinsp_utils::caps_to_string(ti->m_cap_inheritable);
+  m_procEvt.tCapPermitted = sinsp_utils::caps_to_string(ti->m_cap_permitted);
+
   m_procEvt.ret = utils::getSyscallResult(ev);
   m_procEvt.args.clear();
   m_writer->writeProcessEvent(&m_procEvt, &(proc->proc));

src/libs/utils.cpp

@@ -20,7 +20,7 @@
 #include "utils.h"
 #include "datatypes.h"
 #include "logger.h"
-#include "sysflow/avsc_sysflow5.hh"
+#include "sysflow/avsc_sysflow6.hh"
 #include "sysflowcontext.h"
 
 static NFKey s_nfdelkey;