sendmmsg does not have argument?

[liuzhuolong]

I was tring to monitor DNS request / response in Linux systems, below is the command I used:

$ sysdig -X -s 2000 -p "*%proc.name %evt.dir %evt.type %proc.pid  %fd.cip:%fd.cport  %fd.sip:%fd.sport %fd.l4proto\n%evt.args\n" "fd.sport = 53 and evt.rawres > 0"

Everything is fine when I send a DNS request using host or nslookup, I can see the request and response is captured by sysdig.

However if I use curl to visit a website, sometimes I cannot capture the DNS request ( response can be captured )

So I use strace to find what happened and I found that curl use the system call sendmmsg to send DNS request and Sysdig cannot capture the argument of sendmmsg

Is there any advise for me to solve this problem?

[FedeDP]

Hi!
You are right: libs are not catching sendmmsg arguments: https://github.com/falcosecurity/libs/blob/master/driver/fillers_table.c#L75

You can open an issue on libs to add support for it :)

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[nick2432]

can i work on this?

[therealbobo]

Hey @nick2432! Please checkout in https://github.com/falcosecurity/libs! The code on which relays sysdig and this feature is there! 😄