Skip to content

Commit

Permalink
invokeInitEvents: change emit to submit
Browse files Browse the repository at this point in the history
Init events should be created and submitted even if they should not be emitted.
  • Loading branch information
oshaked1 committed Apr 4, 2024
1 parent 8a7c83e commit bfd892e
Showing 1 changed file with 10 additions and 12 deletions.
22 changes: 10 additions & 12 deletions pkg/ebpf/tracee.go
Original file line number Diff line number Diff line change
Expand Up @@ -1494,7 +1494,7 @@ func (t *Tracee) getSelfLoadedPrograms(kprobesOnly bool) map[string]int {
// userland process itself, and not from the kernel. These events usually serve as informational
// events for the signatures engine/logic.
func (t *Tracee) invokeInitEvents(out chan *trace.Event) {
var emit uint64
var submit uint64

setMatchedPolicies := func(event *trace.Event, matchedPolicies uint64, pols *policy.Policies) {
event.PoliciesVersion = pols.Version()
Expand All @@ -1505,33 +1505,31 @@ func (t *Tracee) invokeInitEvents(out chan *trace.Event) {

// Initial namespace events

emit = t.eventsState[events.InitNamespaces].Emit
if emit > 0 {
submit = t.eventsState[events.InitNamespaces].Submit
if submit > 0 {
systemInfoEvent := events.InitNamespacesEvent()
setMatchedPolicies(&systemInfoEvent, emit, t.config.Policies)
setMatchedPolicies(&systemInfoEvent, submit, t.config.Policies)
out <- &systemInfoEvent
_ = t.stats.EventCount.Increment()
}

// Initial existing containers events (1 event per container)

emit = t.eventsState[events.ExistingContainer].Emit
if emit > 0 {
submit = t.eventsState[events.ExistingContainer].Submit
if submit > 0 {
existingContainerEvents := events.ExistingContainersEvents(t.containers, t.config.NoContainersEnrich)
for i := range existingContainerEvents {
event := &(existingContainerEvents[i])
setMatchedPolicies(event, emit, t.config.Policies)
setMatchedPolicies(event, submit, t.config.Policies)
out <- event
_ = t.stats.EventCount.Increment()
}
}

// Ftrace hook event

emit = t.eventsState[events.FtraceHook].Emit
if emit > 0 {
submit = t.eventsState[events.FtraceHook].Submit
if submit > 0 {
ftraceBaseEvent := events.GetFtraceBaseEvent()
setMatchedPolicies(ftraceBaseEvent, emit, t.config.Policies)
setMatchedPolicies(ftraceBaseEvent, submit, t.config.Policies)
logger.Debugw("started ftraceHook goroutine")

// TODO: Ideally, this should be inside the goroutine and be computed before each run,
Expand Down

0 comments on commit bfd892e

Please sign in to comment.