Skip to content

Commit

Permalink
tetragon: Add cgroup rate support for kprobe
Browse files Browse the repository at this point in the history 
Signed-off-by: Jiri Olsa <[email protected]>
  • Loading branch information
@olsajiri
olsajiri committed Jul 29, 2024
1 parent 4cacfa2 commit 71717b1
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 4 deletions.
11 changes: 11 additions & 0 deletions bpf/process/bpf_generic_kprobe.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
#include "generic_calls.h"
#include "pfilter.h"
#include "policy_filter.h"
#include "bpf_rate.h"

char _license[] __attribute__((section("license"), used)) = "Dual BSD/GPL";

Expand Down Expand Up @@ -112,6 +113,16 @@ static struct generic_maps maps = {
__attribute__((section((MAIN)), used)) int
generic_kprobe_event(struct pt_regs *ctx)
{
__u64 ktime = ktime_get_ns();
struct task_struct *task;
struct msg_k8s kube;

task = (struct task_struct *)get_current_task();
__event_get_cgroup_info(task, &kube);

if (!cgroup_rate(ctx, &kube, ktime))
return 0;

return generic_start_process_filter(ctx, &maps);
}

Expand Down
7 changes: 5 additions & 2 deletions pkg/sensors/base/base.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ import (
)

const (
cgroupRateMaxEntries = 32768 // this value could be fine tuned
CgroupRateMaxEntries = 32768 // this value could be fine tuned
)

var (
Expand Down Expand Up @@ -80,6 +80,8 @@ var (
CgroupRateMap = program.MapBuilder("cgroup_rate_map", Execve, Exit, Fork, CgroupRmdir)
CgroupRateOptionsMap = program.MapBuilder("cgroup_rate_options_map", Execve)

HasCgroupRate bool

sensor = sensors.Sensor{
Name: "__base__",
}
Expand Down Expand Up @@ -178,5 +180,6 @@ func ConfigCgroupRate(opts *option.CgroupRate) {
return
}

CgroupRateMap.SetMaxEntries(cgroupRateMaxEntries)
HasCgroupRate = true
CgroupRateMap.SetMaxEntries(CgroupRateMaxEntries)
}
17 changes: 17 additions & 0 deletions pkg/sensors/tracing/generickprobe.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ import (
"github.com/cilium/tetragon/pkg/policyfilter"
"github.com/cilium/tetragon/pkg/selectors"
"github.com/cilium/tetragon/pkg/sensors"
"github.com/cilium/tetragon/pkg/sensors/base"
"github.com/cilium/tetragon/pkg/sensors/program"
lru "github.com/hashicorp/golang-lru/v2"
"github.com/sirupsen/logrus"
Expand Down Expand Up @@ -381,6 +382,14 @@ func createMultiKprobeSensor(sensorPath, policyName string, multiIDs []idtable.E
}
maps = append(maps, overrideTasksMap)

if base.HasCgroupRate {
cgroupRateMap := program.MapBuilder("cgroup_rate_map", load)
cgroupRateOptionsMap := program.MapBuilder("cgroup_rate_options_map", load)

cgroupRateMap.SetMaxEntries(base.CgroupRateMaxEntries)
maps = append(maps, cgroupRateMap, cgroupRateOptionsMap)
}

if len(multiRetIDs) != 0 {
loadret := program.Builder(
path.Join(option.Config.HubbleLib, loadProgRetName),
Expand Down Expand Up @@ -976,6 +985,14 @@ func createKprobeSensorFromEntry(kprobeEntry *genericKprobe, sensorPath string,
}
maps = append(maps, overrideTasksMap)

if base.HasCgroupRate {
cgroupRateMap := program.MapBuilder("cgroup_rate_map", load)
cgroupRateOptionsMap := program.MapBuilder("cgroup_rate_options_map", load)

cgroupRateMap.SetMaxEntries(base.CgroupRateMaxEntries)
maps = append(maps, cgroupRateMap, cgroupRateOptionsMap)
}

if kprobeEntry.loadArgs.retprobe {
pinRetProg := sensors.PathJoin(pinPath, fmt.Sprintf("%s_ret_prog", kprobeEntry.funcName))
loadret := program.Builder(
Expand Down
4 changes: 2 additions & 2 deletions pkg/sensors/tracing/kprobe_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4281,7 +4281,7 @@ func TestLoadKprobeSensor(t *testing.T) {
sensorMaps = append(sensorMaps, tus.SensorMap{Name: "execve_map", Progs: []uint{4, 5, 6, 7, 9}})

// generic_kprobe_process_event*,generic_kprobe_output,generic_retkprobe_output
sensorMaps = append(sensorMaps, tus.SensorMap{Name: "tcpmon_map", Progs: []uint{1, 2, 6, 10}})
sensorMaps = append(sensorMaps, tus.SensorMap{Name: "tcpmon_map", Progs: []uint{0, 1, 2, 6, 10}})

// generic_kprobe_process_event*,generic_kprobe_actions,retkprobe
sensorMaps = append(sensorMaps, tus.SensorMap{Name: "socktrack_map", Progs: []uint{1, 2, 5, 7, 9}})
Expand All @@ -4290,7 +4290,7 @@ func TestLoadKprobeSensor(t *testing.T) {
sensorMaps = append(sensorMaps, tus.SensorMap{Name: "execve_map", Progs: []uint{4, 7}})

// generic_kprobe_output,generic_retkprobe_output
sensorMaps = append(sensorMaps, tus.SensorMap{Name: "tcpmon_map", Progs: []uint{6, 10}})
sensorMaps = append(sensorMaps, tus.SensorMap{Name: "tcpmon_map", Progs: []uint{0, 6, 10}})
}

readHook := `
Expand Down

0 comments on commit 71717b1

Please sign in to comment.