Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tracee-ebpf: remove events pipeline #1018

Merged
merged 4 commits into from
Sep 22, 2021
Merged

tracee-ebpf: remove events pipeline #1018

merged 4 commits into from
Sep 22, 2021

Conversation

yanivagman
Copy link
Collaborator

@yanivagman yanivagman commented Sep 20, 2021
edited

This PR removes the events pipeline that was created before tracee-rules existed.
The idea behind the pipeline was to create plugins between the different stages, and to improve performance, but neither is achieved by it today. As the amount of work done by each stage of the pipeline is very small, the channel communication time becomes more dominant, and the performance is degraded. With the pipeline, it takes ~75us (on my env) for an event to cross all of its stages (decode, process, emit). Without it, it now takes ~5us to perform the same logic.
Although it is more than x10 faster, this will not show a great improvement as the current bottleneck is the perf buffer polling as described in aquasecurity/libbpfgo#80

rafaeldtinoco
rafaeldtinoco reviewed Sep 22, 2021
View reviewed changes
Copy link
Contributor

@rafaeldtinoco rafaeldtinoco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ill give another look tomorrow...

tracee-ebpf/tracee/events.go Outdated Show resolved Hide resolved
tracee-ebpf/tracee/events.go Outdated Show resolved Hide resolved
tracee-ebpf/tracee/events.go Outdated Show resolved Hide resolved
tracee-ebpf/tracee/events.go Show resolved Hide resolved
tracee-ebpf/tracee/events.go Show resolved Hide resolved
rafaeldtinoco
rafaeldtinoco approved these changes Sep 22, 2021
View reviewed changes
Copy link
Contributor

@rafaeldtinoco rafaeldtinoco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the changes. LGTMN.

@yanivagman yanivagman merged commit 91dc323 into aquasecurity:main Sep 22, 2021
@yanivagman yanivagman deleted the remove_events_pipeline branch September 22, 2021 21:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rafaeldtinoco rafaeldtinoco rafaeldtinoco approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@yanivagman @rafaeldtinoco