feat(user): Add support for filtering traffic by multiple PIDs via --…

…pid flag (#115)
mozillazg · Aug 24, 2024 · b4685a5 · b4685a5
1 parent 01f0890
commit b4685a5
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 7 deletions.
diff --git a/cmd/capture.go b/cmd/capture.go
@@ -41,7 +41,7 @@ func capture(ctx context.Context, stop context.CancelFunc, opts Options) error {
 		if err != nil {
 			return err
 		}
-		opts.pid = uint(subProcessLoaderPid)
+		opts.pids = []uint{uint(subProcessLoaderPid)}
 		opts.followForks = true
 	}
 
@@ -167,9 +167,11 @@ func getCurrentConnects(ctx context.Context, pcache *metadata.ProcessCache, opts
 	var pids []int
 	var filterPid bool
 
-	if opts.pid != 0 {
+	if len(opts.pids) > 0 {
 		filterPid = true
-		pids = append(pids, int(opts.pid))
+		for _, pid := range opts.pids {
+			pids = append(pids, int(pid))
+		}
 	}
 	if opts.comm != "" {
 		filterPid = true

diff --git a/cmd/ebpf.go b/cmd/ebpf.go
@@ -28,7 +28,7 @@ func attachHooks(btfSpec *btftype.Spec, currentConns []metadata.Connection, opts
 		return nil, err
 	}
 	bpfopts := &bpf.Options{}
-	bpfopts = bpfopts.WithPids([]uint{opts.pid}).
+	bpfopts = bpfopts.WithPids(opts.pids).
 		WithComm(opts.comm).
 		WithFollowFork(opts.followForks).
 		WithPidNsIds(opts.pidnsIds).
@@ -67,7 +67,8 @@ func attachHooks(btfSpec *btftype.Spec, currentConns []metadata.Connection, opts
 	for _, iface := range devices {
 		if err := bf.AttachTcHooks(iface.Ifindex, opts.DirectionOut(), opts.DirectionIn()); err != nil {
 			// TODO: use errors.Is(xxx) or ==
-			if strings.Contains(err.Error(), "netlink receive: no such file or directory") {
+			if strings.Contains(err.Error(), "netlink receive: no such file or directory") ||
+				strings.Contains(err.Error(), "netlink receive: no such device") {
 				log.Warnf("skip interface %s due to %s", iface.Name, err)
 				continue
 			}

diff --git a/cmd/options.go b/cmd/options.go
@@ -15,7 +15,7 @@ const (
 
 type Options struct {
 	ifaces         []string
-	pid            uint
+	pids           []uint
 	comm           string
 	followForks    bool
 	writeFilePath  string

diff --git a/cmd/root.go b/cmd/root.go
@@ -53,7 +53,7 @@ func init() {
 		"Read packets from file (which was created with the -w option). e.g. ptcpdump.pcapng")
 	rootCmd.Flags().StringSliceVarP(&opts.ifaces, "interface", "i", []string{"lo"},
 		"Interfaces to capture")
-	rootCmd.Flags().UintVar(&opts.pid, "pid", 0, "Filter by process ID (only TCP and UDP packets are supported)")
+	rootCmd.Flags().UintSliceVar(&opts.pids, "pid", nil, "Filter by process IDs (only TCP and UDP packets are supported)")
 	rootCmd.Flags().StringVar(&opts.comm, "pname", "", "Filter by process name (only TCP and UDP packets are supported)")
 	rootCmd.Flags().BoolVarP(&opts.followForks, "follow-forks", "f", false,
 		"Trace child processes as they are created by currently traced processes when filter by process")