Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Emit cgroup events from process-monitor #174

Merged
merged 5 commits into from
Apr 24, 2023
Merged

Emit cgroup events from process-monitor #174

merged 5 commits into from
Apr 24, 2023

Conversation

MatteoNardi
Copy link
Contributor

@MatteoNardi MatteoNardi commented Apr 21, 2023
edited

Added cgroup integration inside process-monitor.
I've decided to split work on #13 in two PRs, this is the simplest one, while in the next one I'll work on filtering.

tracepoint event generated
cgroup_mkdir Payload::CgroupCreated
cgroup_rmdir Payload::CgroupDeleted
cgroup_attach_task Payload::CgroupAttach

I've successfully tested it on x86_64 (5.5 and 5.19) and aarch64 (6.0)

I have

  • run cargo fmt;
  • run cargo clippy;
  • run cargo testand all tests pass;
  • linked to the originating issue (if applicable).

@MatteoNardi
fix(ebpf): wrap payload enum to match Rust alignment
14c3d4f 
To match the size/alignment of Rust `repr(C)` enums, we replaced:

```
u64 timestamp;
u32 pid;
u32 event_type;
union {...};
```

With:

```
u64 timestamp;
u32 pid;
struct {
  u32 event_type;
  union {...};
};
```

The old code caused problems when the union contained a u64.
This is the layout of the two snippets:

```
Snippet 1, no wrapping struct:
________ ____ ____ ________
^timestamp    ^event_type
         ^pid      ^union

Snippet 2, wrapping struct (. are padding bytes):
________ ____ .... ____ .... ________
^timestamp         ^event_type
         ^pid                ^union
```
@MatteoNardi
new(process-monitor): add cgroup_mkdir probe
c7791e4
@MatteoNardi
new(process-monitor): add cgroup_rmdir probe
5d43823
@MatteoNardi
new(process-monitor): add cgroup_attach_task probe
45eee8e
@MatteoNardi MatteoNardi changed the title WIP cgroup integration Emit cgroup events from process-monitor Apr 24, 2023
@MatteoNardi MatteoNardi marked this pull request as ready for review April 24, 2023 10:12
@MatteoNardi MatteoNardi merged commit 502a014 into main Apr 24, 2023
12 of 17 checks passed
@banditopazzo banditopazzo deleted the cgroup_events branch June 6, 2023 08:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@banditopazzo banditopazzo banditopazzo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@MatteoNardi @banditopazzo