Resolve conflict

bpf/events.c

@@ -8,6 +8,8 @@ Copyright (C) Kubeshark
 "kprobe/security_*" tracepoints are not used here as soon as they can not be implemented in some platforms (for example arm64 M1)
 */
 
+#ifndef EBPF_FALLBACK
+
 #include "events.h"
 
 SEC("kprobe/tcp_connect")
@@ -167,4 +169,6 @@ static __always_inline int read_addrs_ports(struct pt_regs* ctx, struct sock* sk
     }
 
     return 0;
-}
+}
+
+#endif

bpf/fd_to_address_tracepoints.c

@@ -31,10 +31,6 @@ SEC("tracepoint/syscalls/sys_enter_accept4")
 void sys_enter_accept4(struct sys_enter_accept4_ctx* ctx) {
 	__u64 id = tracer_get_current_pid_tgid();
 
-	if (!should_watch(id >> 32)) {
-		return;
-	}
-
 	struct accept_info info = {};
 
 	info.addrlen = ctx->addrlen;
@@ -57,10 +53,6 @@ SEC("tracepoint/syscalls/sys_exit_accept4")
 void sys_exit_accept4(struct sys_exit_accept4_ctx* ctx) {
 	__u64 id = tracer_get_current_pid_tgid();
 
-	if (!should_watch(id >> 32)) {
-		return;
-	}
-
 	if (ctx->ret < 0) {
 		bpf_map_delete_elem(&accept_syscall_context, &id);
 		return;
@@ -124,10 +116,6 @@ SEC("tracepoint/syscalls/sys_enter_connect")
 void sys_enter_connect(struct sys_enter_connect_ctx* ctx) {
 	__u64 id = tracer_get_current_pid_tgid();
 
-	if (!should_watch(id >> 32)) {
-		return;
-	}
-
 	struct connect_info info = {};
 
 	info.addrlen = ctx->addrlen;
@@ -151,10 +139,6 @@ SEC("tracepoint/syscalls/sys_exit_connect")
 void sys_exit_connect(struct sys_exit_connect_ctx* ctx) {
 	__u64 id = tracer_get_current_pid_tgid();
 
-	if (!should_watch(id >> 32)) {
-		return;
-	}
-
 	// Commented because of async connect which set errno to EINPROGRESS
 	//
 	// if (ctx->ret != 0) {

go.mod

@@ -19,7 +19,7 @@ require (
 	github.com/hashicorp/golang-lru/v2 v2.0.2
 	github.com/jinzhu/copier v0.4.0
 	github.com/knightsc/gapstone v0.0.0-20191231144527-6fa5afaf11a9
-	github.com/kubeshark/api v1.1.15
+	github.com/kubeshark/api v1.1.16
 	github.com/kubeshark/gopacket v1.1.30
 	github.com/kubeshark/tracerproto v1.0.3-0.20240730073449-de3a99a3719c
 	github.com/moby/moby v25.0.4+incompatible

go.sum

@@ -264,8 +264,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/kubeshark/api v1.1.15 h1:btr8X9QIdwLPQ/3peQRD8QkDmkAn3ieOjaA/3Hi1438=
-github.com/kubeshark/api v1.1.15/go.mod h1:13xpBdys1s9gozDtv29njdT3Rx3xl2ZICgdsFXwqk40=
+github.com/kubeshark/api v1.1.16 h1:E9MlBpc4zpCE2847+/myEBmug+q6zn4y1nMSUMCKYwI=
+github.com/kubeshark/api v1.1.16/go.mod h1:13xpBdys1s9gozDtv29njdT3Rx3xl2ZICgdsFXwqk40=
 github.com/kubeshark/gopacket v1.1.30 h1:Dz6eo7b6+NdVCrgiyKxlGEVTm0L6PwgbVvSomsuwIyU=
 github.com/kubeshark/gopacket v1.1.30/go.mod h1:Qo8/i/tdT74CCT7/pjO0L55Pktv5dQfj7M/Arv8MKm8=
 github.com/kubeshark/tracerproto v1.0.0/go.mod h1:+efDYkwXxwakmHRpxHVEekyXNtg/aFx0uSo/I0lGV9k=

pkg/health/health.go

@@ -94,6 +94,7 @@ func initTracerHealth() {
 	var tracerResources v1.ResourceRequirements
 	var tracerRestarts int
 	var tracerLastRestartReason string
+	var tracerLastRestartTimestamp string
 
 	currentPod, err := getCurrentPod(clientSet)
 	if err != nil {
@@ -109,16 +110,18 @@ func initTracerHealth() {
 				tracerRestarts = int(containerStatus.RestartCount)
 				if containerStatus.LastTerminationState.Terminated != nil {
 					tracerLastRestartReason = containerStatus.LastTerminationState.Terminated.Reason
+					tracerLastRestartTimestamp = containerStatus.LastTerminationState.Terminated.FinishedAt.Format(time.RFC3339)
 				}
 			}
 		}
 	}
 
 	tracerHealth = &api.HealthWorkerComponent{
-		Resources:         tracerResources,
-		Restarts:          tracerRestarts,
-		LastRestartReason: tracerLastRestartReason,
-		Timestamp:         time.Now().Format(time.RFC3339),
+		Resources:            tracerResources,
+		Restarts:             tracerRestarts,
+		LastRestartReason:    tracerLastRestartReason,
+		LastRestartTimestamp: tracerLastRestartTimestamp,
+		Timestamp:            time.Now().Format(time.RFC3339),
 	}
 }
 

tcp_kprobe_hooks.go

@@ -5,6 +5,8 @@ import (
 	"github.com/go-errors/errors"
 )
 
+var CompatibleMode = false
+
 type tcpKprobeHooks struct {
 	tcpSendmsg  link.Link
 	tcpRecvmsg  link.Link
@@ -26,19 +28,21 @@ func (s *tcpKprobeHooks) installTcpKprobeHooks(bpfObjects *tracerObjects) error
 		return errors.Wrap(err, 0)
 	}
 
-	s.tcp4Connect, err = link.Kprobe("tcp_connect", bpfObjects.TcpConnect, nil)
-	if err != nil {
-		return errors.Wrap(err, 0)
-	}
+	if !CompatibleMode {
+		s.tcp4Connect, err = link.Kprobe("tcp_connect", bpfObjects.TcpConnect, nil)
+		if err != nil {
+			return errors.Wrap(err, 0)
+		}
 
-	s.accept, err = link.Kretprobe("sys_accept4", bpfObjects.SyscallAccept4Ret, nil)
-	if err != nil {
-		return errors.Wrap(err, 0)
-	}
+		s.accept, err = link.Kretprobe("sys_accept4", bpfObjects.SyscallAccept4Ret, nil)
+		if err != nil {
+			return errors.Wrap(err, 0)
+		}
 
-	s.accept4, err = link.Kretprobe("do_accept", bpfObjects.DoAccept, nil)
-	if err != nil {
-		return errors.Wrap(err, 0)
+		s.accept4, err = link.Kretprobe("do_accept", bpfObjects.DoAccept, nil)
+		if err != nil {
+			return errors.Wrap(err, 0)
+		}
 	}
 
 	return nil

tracer.go

@@ -160,7 +160,8 @@ func (t *Tracer) Init(
 			t.bpfObjects = *objs.bpfObjs.(*tracerObjects)
 		} else if err != nil && errors.As(err, &ve) {
 			t.pktSnifDisabled = true
-			log.Warn().Msg(fmt.Sprintf("eBPF packets capture is disabled"))
+			CompatibleMode = true
+			log.Warn().Msg(fmt.Sprintf("eBPF packets capture and syscall events are disabled"))
 
 			objsNoSniff := &BpfObjectsImpl{
 				bpfObjs: &tracerNoSniffObjects{},
@@ -247,17 +248,19 @@ func (t *Tracer) Init(
 				log.Error().Err(err).Msg("System events tracer start failed")
 			}
 		}
+
 	}
 
-	syscallEventsTracer, err := newSyscallEventsTracer(t.bpfObjects.SyscallEvents, os.Getpagesize(), socket.NewSocketEvent(misc.GetSyscallEventSocketPath()))
-	if err != nil {
-		log.Error().Err(err).Msg("Syscall events tracer create failed")
-	} else {
-		if err = syscallEventsTracer.start(); err != nil {
-			log.Error().Err(err).Msg("Syscall events tracer start failed")
+	if !CompatibleMode {
+		syscallEventsTracer, err := newSyscallEventsTracer(t.bpfObjects.SyscallEvents, os.Getpagesize(), socket.NewSocketEvent(misc.GetSyscallEventSocketPath()))
+		if err != nil {
+			log.Error().Err(err).Msg("Syscall events tracer create failed")
+		} else {
+			if err = syscallEventsTracer.start(); err != nil {
+				log.Error().Err(err).Msg("Syscall events tracer start failed")
+			}
 		}
 	}
-
 	return nil
 }