cilium · olsajiri · Aug 16, 2024 · Aug 16, 2024
@@ -35,7 +35,7 @@ func New() *cobra.Command {
 }
 
 func execveMapCmd() *cobra.Command {
-	mapFname := filepath.Join(defaults.DefaultMapRoot, defaults.DefaultMapPrefix, base.ExecveMap.Name)
+	mapFname := filepath.Join(defaults.DefaultMapRoot, defaults.DefaultMapPrefix, base.GetExecveMap().Name)
 	ret := &cobra.Command{
 		Use:   "execve",
 		Short: "dump execve map",

@@ -484,8 +484,8 @@ func tetragonExecute() error {
 		initialSensor.Unload()
 	}()
 
-	cgrouprate.NewCgroupRate(ctx, pm, base.CgroupRateMap, &option.Config.CgroupRate)
-	cgrouprate.Config(base.CgroupRateOptionsMap)
+	cgrouprate.NewCgroupRate(ctx, pm, base.GetCgroupRateMap(), &option.Config.CgroupRate)
+	cgrouprate.Config(base.GetCgroupRateOptionsMap())
 
 	// now that the base sensor was loaded, we can start the sensor manager
 	close(sensorMgWait)

@@ -224,7 +224,7 @@ func getDefaultObserver(tb testing.TB, ctx context.Context, initialSensor *senso
 		return nil, err
 	}
 
-	cgrouprate.Config(base.CgroupRateOptionsMap)
+	cgrouprate.Config(base.GetCgroupRateOptionsMap())
 
 	exportFname, err := testutils.GetExportFilename(tb)
 	if err != nil {
@@ -413,7 +413,7 @@ func loadExporter(tb testing.TB, ctx context.Context, obs *observer.Observer, op
 		obs.RemoveListener(processManager)
 	})
 
-	cgrouprate.NewCgroupRate(ctx, processManager, base.CgroupRateMap, &option.Config.CgroupRate)
+	cgrouprate.NewCgroupRate(ctx, processManager, base.GetCgroupRateMap(), &option.Config.CgroupRate)
 	return nil
 }
 

@@ -23,162 +23,163 @@ const (
 var (
 	basePolicy = "__base__"
 
-	Execve = program.Builder(
+	execveMap            *program.Map
+	execveStats          *program.Map
+	cgroupRateMap        *program.Map
+	cgroupRateOptionsMap *program.Map
+	tetragonConfMap      *program.Map
+
+	sensor     = sensors.Sensor{}
+	sensorTest = sensors.Sensor{}
+
+	sensorInit     sync.Once
+	sensorTestInit sync.Once
+)
+
+func GetExecveMap() *program.Map {
+	return execveMap
+}
+
+func GetExecveMapStats() *program.Map {
+	return execveStats
+}
+
+func GetTetragonConfMap() *program.Map {
+	return tetragonConfMap
+}
+
+func GetCgroupRateMap() *program.Map {
+	return cgroupRateMap
+}
+
+func GetCgroupRateOptionsMap() *program.Map {
+	return cgroupRateOptionsMap
+}
+
+func createInitialSensor(cgroupRate bool) sensors.Sensor {
+	var progs []*program.Program
+	var maps []*program.Map
+
+	execve := program.Builder(
 		config.ExecObj(),
 		"sched/sched_process_exec",
 		"tracepoint/sys_execve",
 		"event_execve",
 		"execve",
 	).SetPolicy(basePolicy)
 
-	ExecveBprmCommit = program.Builder(
+	execveBprmCommit := program.Builder(
 		"bpf_execve_bprm_commit_creds.o",
 		"security_bprm_committing_creds",
 		"kprobe/security_bprm_committing_creds",
 		"tg_kp_bprm_committing_creds",
 		"kprobe",
 	).SetPolicy(basePolicy)
 
-	Exit = program.Builder(
+	exit := program.Builder(
 		"bpf_exit.o",
 		"acct_process",
 		"kprobe/acct_process",
 		"event_exit",
 		"kprobe",
 	).SetPolicy(basePolicy)
 
-	Fork = program.Builder(
+	fork := program.Builder(
 		"bpf_fork.o",
 		"wake_up_new_task",
 		"kprobe/wake_up_new_task",
 		"kprobe_pid_clear",
 		"kprobe",
 	).SetPolicy(basePolicy)
 
-	CgroupRmdir = program.Builder(
-		"bpf_cgroup.o",
-		"cgroup/cgroup_rmdir",
-		"raw_tracepoint/cgroup_rmdir",
-		"tg_cgroup_rmdir",
-		"raw_tracepoint",
-	).SetPolicy(basePolicy)
+	setupExitProgram(exit)
+
+	progs = append(progs, exit, fork, execve, execveBprmCommit)
 
-	/* Event Ring map */
-	TCPMonMap = program.MapBuilder("tcpmon_map", Execve)
-	/* Networking and Process Monitoring maps */
-	ExecveMap          = program.MapBuilder("execve_map", Execve)
-	ExecveTailCallsMap = program.MapBuilderPin("execve_calls", "execve_calls", Execve)
+	if cgroupRate {
+		cgroupRmdir := program.Builder(
+			"bpf_cgroup.o",
+			"cgroup/cgroup_rmdir",
+			"raw_tracepoint/cgroup_rmdir",
+			"tg_cgroup_rmdir",
+			"raw_tracepoint",
+		).SetPolicy(basePolicy)
 
-	ExecveJoinMap = program.MapBuilder("tg_execve_joined_info_map", ExecveBprmCommit)
+		progs = append(progs, cgroupRmdir)
 
-	/* Tetragon runtime configuration */
-	TetragonConfMap = program.MapBuilder("tg_conf_map", Execve)
+		cgroupRateMap = program.MapBuilder("cgroup_rate_map", execve, exit, fork, cgroupRmdir)
+		cgroupRateOptionsMap = program.MapBuilder("cgroup_rate_options_map", execve)
 
-	/* Internal statistics for debugging */
-	ExecveStats        = program.MapBuilder("execve_map_stats", Execve)
-	ExecveJoinMapStats = program.MapBuilder("tg_execve_joined_info_map_stats", ExecveBprmCommit)
-	StatsMap           = program.MapBuilder("tg_stats_map", Execve)
+		maps = append(maps, cgroupRateMap, cgroupRateOptionsMap)
+	}
 
-	/* Cgroup rate data, attached to execve sensor */
-	CgroupRateMap        = program.MapBuilder("cgroup_rate_map", Execve, Exit, Fork, CgroupRmdir)
-	CgroupRateOptionsMap = program.MapBuilder("cgroup_rate_options_map", Execve)
+	tcpMonMap := program.MapBuilder("tcpmon_map", exit, fork, execve)
+	maps = append(maps, tcpMonMap)
 
-	MatchBinariesSetMap = program.MapBuilder(mbset.MapName, Execve)
+	matchBinariesSetMap := program.MapBuilder(mbset.MapName, execve)
+	maps = append(maps, matchBinariesSetMap)
 
-	sensor = sensors.Sensor{
-		Name: basePolicy,
-	}
-	sensorInit sync.Once
+	execveMap = program.MapBuilder("execve_map", execve)
+	maps = append(maps, execveMap)
 
-	sensorTest = sensors.Sensor{
-		Name: basePolicy,
-	}
-	sensorTestInit sync.Once
-)
+	execveTailCallsMap := program.MapBuilderPin("execve_calls", "execve_calls", execve)
+	maps = append(maps, execveTailCallsMap)
+
+	execve.SetTailCall("tracepoint", execveTailCallsMap)
 
-func setupPrograms() {
-	// execve program tail calls details
-	Execve.SetTailCall("tracepoint", ExecveTailCallsMap)
+	execveJoinMap := program.MapBuilder("tg_execve_joined_info_map", execveBprmCommit)
+	maps = append(maps, execveJoinMap)
 
-	// exit program function
+	tetragonConfMap = program.MapBuilder("tg_conf_map", execve)
+	maps = append(maps, tetragonConfMap)
+
+	execveStats = program.MapBuilder("execve_map_stats", execve)
+	maps = append(maps, execveStats)
+
+	execveJoinMapStats := program.MapBuilder("tg_execve_joined_info_map_stats", execveBprmCommit)
+	maps = append(maps, execveJoinMapStats)
+
+	statsMap := program.MapBuilder("tg_stats_map", execve)
+	maps = append(maps, statsMap)
+
+	return sensors.Sensor{
+		Progs: progs,
+		Maps:  maps,
+		Name:  basePolicy,
+	}
+}
+
+func setupExitProgram(exit *program.Program) {
 	ks, err := ksyms.KernelSymbols()
 	if err == nil {
 		has_acct_process := ks.IsAvailable("acct_process")
 		has_disassociate_ctty := ks.IsAvailable("disassociate_ctty")
 
 		/* Preffer acct_process over disassociate_ctty */
 		if has_acct_process {
-			Exit.Attach = "acct_process"
-			Exit.Label = "kprobe/acct_process"
+			exit.Attach = "acct_process"
+			exit.Label = "kprobe/acct_process"
 		} else if has_disassociate_ctty {
-			Exit.Attach = "disassociate_ctty"
-			Exit.Label = "kprobe/disassociate_ctty"
+			exit.Attach = "disassociate_ctty"
+			exit.Label = "kprobe/disassociate_ctty"
 		} else {
 			log.Fatal("Failed to detect exit probe symbol.")
 		}
 	}
-	logger.GetLogger().Infof("Exit probe on %s", Exit.Attach)
-}
-
-func GetExecveMap() *program.Map {
-	return ExecveMap
-}
-
-func GetExecveMapStats() *program.Map {
-	return ExecveStats
-}
-
-func GetTetragonConfMap() *program.Map {
-	return TetragonConfMap
-}
-
-func GetDefaultPrograms(cgroupRate bool) []*program.Program {
-	progs := []*program.Program{
-		Exit,
-		Fork,
-		Execve,
-		ExecveBprmCommit,
-	}
-	if cgroupRate {
-		progs = append(progs, CgroupRmdir)
-	}
-	return progs
-}
-
-func GetDefaultMaps(cgroupRate bool) []*program.Map {
-	maps := []*program.Map{
-		ExecveMap,
-		ExecveJoinMap,
-		ExecveStats,
-		ExecveJoinMapStats,
-		ExecveTailCallsMap,
-		TCPMonMap,
-		TetragonConfMap,
-		StatsMap,
-		MatchBinariesSetMap,
-	}
-	if cgroupRate {
-		maps = append(maps, CgroupRateMap, CgroupRateOptionsMap)
-	}
-	return maps
-
+	logger.GetLogger().Infof("Exit probe on %s", exit.Attach)
 }
 
 // GetInitialSensor returns the base sensor
 func GetInitialSensor() *sensors.Sensor {
 	sensorInit.Do(func() {
-		setupPrograms()
-		sensor.Progs = GetDefaultPrograms(option.CgroupRateEnabled())
-		sensor.Maps = GetDefaultMaps(option.CgroupRateEnabled())
+		sensor = createInitialSensor(option.CgroupRateEnabled())
 	})
 	return &sensor
 }
 
 func GetInitialSensorTest() *sensors.Sensor {
 	sensorTestInit.Do(func() {
-		setupPrograms()
-		sensorTest.Progs = GetDefaultPrograms(true)
-		sensorTest.Maps = GetDefaultMaps(true)
+		sensorTest = createInitialSensor(true)
 	})
 	return &sensorTest
 }
@@ -188,5 +189,5 @@ func ConfigCgroupRate(opts *option.CgroupRate) {
 		return
 	}
 
-	CgroupRateMap.SetMaxEntries(cgroupRateMaxEntries)
+	cgroupRateMap.SetMaxEntries(cgroupRateMaxEntries)
 }
@@ -6159,7 +6159,7 @@ func TestLinuxBinprmExtractPath(t *testing.T) {
 
 // Test module loading/unloading on Ubuntu
 func TestTraceKernelModule(t *testing.T) {
-	_, err := ftrace.ReadAvailFuncs("find_module_sections")
+	_, err := ftrace.ReadAvailFuncs("^find_module_sections$")
 	if err != nil {
 		t.Skip("Skipping test: could not find find_module_sections")
 	}
@@ -6592,7 +6592,7 @@ func trigger(t *testing.T) {
 }
 
 func TestKprobeArgs(t *testing.T) {
-	_, err := ftrace.ReadAvailFuncs("bpf_fentry_test1")
+	_, err := ftrace.ReadAvailFuncs("^bpf_fentry_test1$")
 	if err != nil {
 		t.Skip("Skipping test: could not find bpf_fentry_test1")
 	}