diff --git a/pkg/sensors/base/base.go b/pkg/sensors/base/base.go index 34afc2d48c9..451de3ea5ce 100644 --- a/pkg/sensors/base/base.go +++ b/pkg/sensors/base/base.go @@ -64,19 +64,19 @@ var ( ).SetPolicy(basePolicy) /* Event Ring map */ - TCPMonMap = program.MapBuilder("tcpmon_map", Execve) + TCPMonMap = program.MapBuilder("tcpmon_map", Execve, Exit, Fork) /* Networking and Process Monitoring maps */ - ExecveMap = program.MapBuilder("execve_map", Execve) + ExecveMap = program.MapBuilder("execve_map", Execve, Exit, Fork) ExecveTailCallsMap = program.MapBuilderPin("execve_calls", "execve_calls", Execve) - ExecveJoinMap = program.MapBuilder("tg_execve_joined_info_map", ExecveBprmCommit) + ExecveJoinMap = program.MapBuilder("tg_execve_joined_info_map", Execve, ExecveBprmCommit) /* Tetragon runtime configuration */ - TetragonConfMap = program.MapBuilder("tg_conf_map", Execve) + TetragonConfMap = program.MapBuilder("tg_conf_map", Execve, Exit, Fork) /* Internal statistics for debugging */ - ExecveStats = program.MapBuilder("execve_map_stats", Execve) - ExecveJoinMapStats = program.MapBuilder("tg_execve_joined_info_map_stats", ExecveBprmCommit) + ExecveStats = program.MapBuilder("execve_map_stats", Execve, Exit, Fork) + ExecveJoinMapStats = program.MapBuilder("tg_execve_joined_info_map_stats", Execve, ExecveBprmCommit) StatsMap = program.MapBuilder("tg_stats_map", Execve) /* Cgroup rate data, attached to execve sensor */ diff --git a/pkg/sensors/load.go b/pkg/sensors/load.go index 87bb1c7cc56..df4be310774 100644 --- a/pkg/sensors/load.go +++ b/pkg/sensors/load.go @@ -7,10 +7,8 @@ import ( "fmt" "os" "path" - "path/filepath" "strings" - "github.com/cilium/ebpf" cachedbtf "github.com/cilium/tetragon/pkg/btf" "github.com/cilium/tetragon/pkg/kernels" "github.com/cilium/tetragon/pkg/logger" @@ -93,10 +91,6 @@ func (s *Sensor) Load(bpfDir string) error { return fmt.Errorf("tetragon, aborting could not find BPF programs: %w", err) } - if err := s.loadMaps(bpfDir); err != nil { - return fmt.Errorf("tetragon, aborting could not load sensor BPF maps: %w", err) - } - for _, p := range s.Progs { if p.LoadState.IsLoaded() { l.WithField("prog", p.Name).Info("BPF prog is already loaded, incrementing reference count") @@ -209,55 +203,6 @@ func (s *Sensor) FindPrograms() error { return nil } -// loadMaps loads all the BPF maps in the sensor. -func (s *Sensor) loadMaps(bpfDir string) error { - l := logger.GetLogger() - for _, m := range s.Maps { - if m.PinState.IsLoaded() { - l.WithFields(logrus.Fields{ - "sensor": s.Name, - "map": m.Name, - }).Info("map is already loaded, incrementing reference count") - m.PinState.RefInc() - continue - } - - pinPath := filepath.Join(bpfDir, m.PinName) - - spec, err := ebpf.LoadCollectionSpec(m.Prog.Name) - if err != nil { - return fmt.Errorf("failed to open collection '%s': %w", m.Prog.Name, err) - } - mapSpec, ok := spec.Maps[m.Name] - if !ok { - return fmt.Errorf("map '%s' not found from '%s'", m.Name, m.Prog.Name) - } - - if max, ok := m.GetMaxEntries(); ok { - mapSpec.MaxEntries = max - } - - if innerMax, ok := m.GetMaxInnerEntries(); ok { - if innerMs := mapSpec.InnerMap; innerMs != nil { - mapSpec.InnerMap.MaxEntries = innerMax - } - } - - if err := m.LoadOrCreatePinnedMap(pinPath, mapSpec); err != nil { - return fmt.Errorf("failed to load map '%s' for sensor '%s': %w", m.Name, s.Name, err) - } - - l.WithFields(logrus.Fields{ - "sensor": s.Name, - "map": m.Name, - "path": pinPath, - "max": m.Entries, - }).Info("tetragon, map loaded.") - } - - return nil -} - func mergeSensors(sensors []*Sensor) *Sensor { var progs []*program.Program var maps []*program.Map diff --git a/pkg/sensors/program/loader.go b/pkg/sensors/program/loader.go index b904f2b1334..e0f06ecbddd 100644 --- a/pkg/sensors/program/loader.go +++ b/pkg/sensors/program/loader.go @@ -863,6 +863,27 @@ func doLoadProgram( } defer coll.Close() + // Pin all requested maps + for name, m := range coll.Maps { + // Is the map refferenced by program + if _, ok := refMaps[name]; !ok { + continue + } + // Is the map already pinned + if _, ok := pinnedMaps[name]; ok { + continue + } + // Do we want the map to be pinned? + pm, ok := load.PinMap[name] + if !ok { + continue + } + pinPath := filepath.Join(bpfDir, pm.PinName) + if err := m.Pin(pinPath); err != nil { + return nil, fmt.Errorf("failed to pin to %s: %w", pinPath, err) + } + } + err = installTailCalls(bpfDir, spec, coll, load) if err != nil { return nil, fmt.Errorf("installing tail calls failed: %s", err)