diff --git a/cmd/tetra/dump/dump.go b/cmd/tetra/dump/dump.go index 587f65ef897..4d3c467468e 100644 --- a/cmd/tetra/dump/dump.go +++ b/cmd/tetra/dump/dump.go @@ -35,7 +35,7 @@ func New() *cobra.Command { } func execveMapCmd() *cobra.Command { - mapFname := filepath.Join(defaults.DefaultMapRoot, defaults.DefaultMapPrefix, base.ExecveMap.Name) + mapFname := filepath.Join(defaults.DefaultMapRoot, defaults.DefaultMapPrefix, base.GetExecveMap().Name) ret := &cobra.Command{ Use: "execve", Short: "dump execve map", diff --git a/cmd/tetragon/main.go b/cmd/tetragon/main.go index 4a76692a37a..3c98420bd54 100644 --- a/cmd/tetragon/main.go +++ b/cmd/tetragon/main.go @@ -484,8 +484,8 @@ func tetragonExecute() error { initialSensor.Unload() }() - cgrouprate.NewCgroupRate(ctx, pm, base.CgroupRateMap, &option.Config.CgroupRate) - cgrouprate.Config(base.CgroupRateOptionsMap) + cgrouprate.NewCgroupRate(ctx, pm, base.GetCgroupRateMap(), &option.Config.CgroupRate) + cgrouprate.Config(base.GetCgroupRateOptionsMap()) // now that the base sensor was loaded, we can start the sensor manager close(sensorMgWait) diff --git a/pkg/observer/observertesthelper/observer_test_helper.go b/pkg/observer/observertesthelper/observer_test_helper.go index f97ef7b7369..7a1f2dd7aac 100644 --- a/pkg/observer/observertesthelper/observer_test_helper.go +++ b/pkg/observer/observertesthelper/observer_test_helper.go @@ -224,7 +224,7 @@ func getDefaultObserver(tb testing.TB, ctx context.Context, initialSensor *senso return nil, err } - cgrouprate.Config(base.CgroupRateOptionsMap) + cgrouprate.Config(base.GetCgroupRateOptionsMap()) exportFname, err := testutils.GetExportFilename(tb) if err != nil { @@ -413,7 +413,7 @@ func loadExporter(tb testing.TB, ctx context.Context, obs *observer.Observer, op obs.RemoveListener(processManager) }) - cgrouprate.NewCgroupRate(ctx, processManager, base.CgroupRateMap, &option.Config.CgroupRate) + cgrouprate.NewCgroupRate(ctx, processManager, base.GetCgroupRateMap(), &option.Config.CgroupRate) return nil } diff --git a/pkg/sensors/base/base.go b/pkg/sensors/base/base.go index 34afc2d48c9..a1d58c97b6f 100644 --- a/pkg/sensors/base/base.go +++ b/pkg/sensors/base/base.go @@ -23,7 +23,44 @@ const ( var ( basePolicy = "__base__" - Execve = program.Builder( + execveMap *program.Map + execveStats *program.Map + cgroupRateMap *program.Map + cgroupRateOptionsMap *program.Map + tetragonConfMap *program.Map + + sensor = sensors.Sensor{} + sensorTest = sensors.Sensor{} + + sensorInit sync.Once + sensorTestInit sync.Once +) + +func GetExecveMap() *program.Map { + return execveMap +} + +func GetExecveMapStats() *program.Map { + return execveStats +} + +func GetTetragonConfMap() *program.Map { + return tetragonConfMap +} + +func GetCgroupRateMap() *program.Map { + return cgroupRateMap +} + +func GetCgroupRateOptionsMap() *program.Map { + return cgroupRateOptionsMap +} + +func createInitialSensor(cgroupRate bool) sensors.Sensor { + var progs []*program.Program + var maps []*program.Map + + execve := program.Builder( config.ExecObj(), "sched/sched_process_exec", "tracepoint/sys_execve", @@ -31,7 +68,7 @@ var ( "execve", ).SetPolicy(basePolicy) - ExecveBprmCommit = program.Builder( + execveBprmCommit := program.Builder( "bpf_execve_bprm_commit_creds.o", "security_bprm_committing_creds", "kprobe/security_bprm_committing_creds", @@ -39,7 +76,7 @@ var ( "kprobe", ).SetPolicy(basePolicy) - Exit = program.Builder( + exit := program.Builder( "bpf_exit.o", "acct_process", "kprobe/acct_process", @@ -47,7 +84,7 @@ var ( "kprobe", ).SetPolicy(basePolicy) - Fork = program.Builder( + fork := program.Builder( "bpf_fork.o", "wake_up_new_task", "kprobe/wake_up_new_task", @@ -55,52 +92,64 @@ var ( "kprobe", ).SetPolicy(basePolicy) - CgroupRmdir = program.Builder( - "bpf_cgroup.o", - "cgroup/cgroup_rmdir", - "raw_tracepoint/cgroup_rmdir", - "tg_cgroup_rmdir", - "raw_tracepoint", - ).SetPolicy(basePolicy) + setupExitProgram(exit) + + progs = append(progs, exit, fork, execve, execveBprmCommit) - /* Event Ring map */ - TCPMonMap = program.MapBuilder("tcpmon_map", Execve) - /* Networking and Process Monitoring maps */ - ExecveMap = program.MapBuilder("execve_map", Execve) - ExecveTailCallsMap = program.MapBuilderPin("execve_calls", "execve_calls", Execve) + if cgroupRate { + cgroupRmdir := program.Builder( + "bpf_cgroup.o", + "cgroup/cgroup_rmdir", + "raw_tracepoint/cgroup_rmdir", + "tg_cgroup_rmdir", + "raw_tracepoint", + ).SetPolicy(basePolicy) - ExecveJoinMap = program.MapBuilder("tg_execve_joined_info_map", ExecveBprmCommit) + progs = append(progs, cgroupRmdir) - /* Tetragon runtime configuration */ - TetragonConfMap = program.MapBuilder("tg_conf_map", Execve) + cgroupRateMap = program.MapBuilder("cgroup_rate_map", execve, exit, fork, cgroupRmdir) + cgroupRateOptionsMap = program.MapBuilder("cgroup_rate_options_map", execve) - /* Internal statistics for debugging */ - ExecveStats = program.MapBuilder("execve_map_stats", Execve) - ExecveJoinMapStats = program.MapBuilder("tg_execve_joined_info_map_stats", ExecveBprmCommit) - StatsMap = program.MapBuilder("tg_stats_map", Execve) + maps = append(maps, cgroupRateMap, cgroupRateOptionsMap) + } - /* Cgroup rate data, attached to execve sensor */ - CgroupRateMap = program.MapBuilder("cgroup_rate_map", Execve, Exit, Fork, CgroupRmdir) - CgroupRateOptionsMap = program.MapBuilder("cgroup_rate_options_map", Execve) + tcpMonMap := program.MapBuilder("tcpmon_map", exit, fork, execve) + maps = append(maps, tcpMonMap) - MatchBinariesSetMap = program.MapBuilder(mbset.MapName, Execve) + matchBinariesSetMap := program.MapBuilder(mbset.MapName, execve) + maps = append(maps, matchBinariesSetMap) - sensor = sensors.Sensor{ - Name: basePolicy, - } - sensorInit sync.Once + execveMap = program.MapBuilder("execve_map", execve) + maps = append(maps, execveMap) - sensorTest = sensors.Sensor{ - Name: basePolicy, - } - sensorTestInit sync.Once -) + execveTailCallsMap := program.MapBuilderPin("execve_calls", "execve_calls", execve) + maps = append(maps, execveTailCallsMap) + + execve.SetTailCall("tracepoint", execveTailCallsMap) -func setupPrograms() { - // execve program tail calls details - Execve.SetTailCall("tracepoint", ExecveTailCallsMap) + execveJoinMap := program.MapBuilder("tg_execve_joined_info_map", execveBprmCommit) + maps = append(maps, execveJoinMap) - // exit program function + tetragonConfMap = program.MapBuilder("tg_conf_map", execve) + maps = append(maps, tetragonConfMap) + + execveStats = program.MapBuilder("execve_map_stats", execve) + maps = append(maps, execveStats) + + execveJoinMapStats := program.MapBuilder("tg_execve_joined_info_map_stats", execveBprmCommit) + maps = append(maps, execveJoinMapStats) + + statsMap := program.MapBuilder("tg_stats_map", execve) + maps = append(maps, statsMap) + + return sensors.Sensor{ + Progs: progs, + Maps: maps, + Name: basePolicy, + } +} + +func setupExitProgram(exit *program.Program) { ks, err := ksyms.KernelSymbols() if err == nil { has_acct_process := ks.IsAvailable("acct_process") @@ -108,77 +157,29 @@ func setupPrograms() { /* Preffer acct_process over disassociate_ctty */ if has_acct_process { - Exit.Attach = "acct_process" - Exit.Label = "kprobe/acct_process" + exit.Attach = "acct_process" + exit.Label = "kprobe/acct_process" } else if has_disassociate_ctty { - Exit.Attach = "disassociate_ctty" - Exit.Label = "kprobe/disassociate_ctty" + exit.Attach = "disassociate_ctty" + exit.Label = "kprobe/disassociate_ctty" } else { log.Fatal("Failed to detect exit probe symbol.") } } - logger.GetLogger().Infof("Exit probe on %s", Exit.Attach) -} - -func GetExecveMap() *program.Map { - return ExecveMap -} - -func GetExecveMapStats() *program.Map { - return ExecveStats -} - -func GetTetragonConfMap() *program.Map { - return TetragonConfMap -} - -func GetDefaultPrograms(cgroupRate bool) []*program.Program { - progs := []*program.Program{ - Exit, - Fork, - Execve, - ExecveBprmCommit, - } - if cgroupRate { - progs = append(progs, CgroupRmdir) - } - return progs -} - -func GetDefaultMaps(cgroupRate bool) []*program.Map { - maps := []*program.Map{ - ExecveMap, - ExecveJoinMap, - ExecveStats, - ExecveJoinMapStats, - ExecveTailCallsMap, - TCPMonMap, - TetragonConfMap, - StatsMap, - MatchBinariesSetMap, - } - if cgroupRate { - maps = append(maps, CgroupRateMap, CgroupRateOptionsMap) - } - return maps - + logger.GetLogger().Infof("Exit probe on %s", exit.Attach) } // GetInitialSensor returns the base sensor func GetInitialSensor() *sensors.Sensor { sensorInit.Do(func() { - setupPrograms() - sensor.Progs = GetDefaultPrograms(option.CgroupRateEnabled()) - sensor.Maps = GetDefaultMaps(option.CgroupRateEnabled()) + sensor = createInitialSensor(option.CgroupRateEnabled()) }) return &sensor } func GetInitialSensorTest() *sensors.Sensor { sensorTestInit.Do(func() { - setupPrograms() - sensorTest.Progs = GetDefaultPrograms(true) - sensorTest.Maps = GetDefaultMaps(true) + sensorTest = createInitialSensor(true) }) return &sensorTest } @@ -188,5 +189,5 @@ func ConfigCgroupRate(opts *option.CgroupRate) { return } - CgroupRateMap.SetMaxEntries(cgroupRateMaxEntries) + cgroupRateMap.SetMaxEntries(cgroupRateMaxEntries) } diff --git a/pkg/sensors/tracing/kprobe_test.go b/pkg/sensors/tracing/kprobe_test.go index 3b9542de014..5c25b9121c3 100644 --- a/pkg/sensors/tracing/kprobe_test.go +++ b/pkg/sensors/tracing/kprobe_test.go @@ -6159,7 +6159,7 @@ func TestLinuxBinprmExtractPath(t *testing.T) { // Test module loading/unloading on Ubuntu func TestTraceKernelModule(t *testing.T) { - _, err := ftrace.ReadAvailFuncs("find_module_sections") + _, err := ftrace.ReadAvailFuncs("^find_module_sections$") if err != nil { t.Skip("Skipping test: could not find find_module_sections") } @@ -6592,7 +6592,7 @@ func trigger(t *testing.T) { } func TestKprobeArgs(t *testing.T) { - _, err := ftrace.ReadAvailFuncs("bpf_fentry_test1") + _, err := ftrace.ReadAvailFuncs("^bpf_fentry_test1$") if err != nil { t.Skip("Skipping test: could not find bpf_fentry_test1") }