Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(extensions) probes: create probe group, events: start work #3223

Merged
merged 5 commits into from
Jun 14, 2023
Merged

(extensions) probes: create probe group, events: start work #3223

merged 5 commits into from
Jun 14, 2023

Conversation

rafaeldtinoco
Copy link
Contributor

@rafaeldtinoco rafaeldtinoco commented Jun 11, 2023
edited
Loading

This is the initial work of the Tracee Extensions, I'm preparing the baseline for #3170 (the multiple eBPF objects), which is a needed step for #2991 (API server) and the extensions:

Each extension will consist of:

1. Map Group    - eBPF maps used by this extension
2. Probe Group  - eBPF probes used by this extension
3. Functions    - tracee hooks callbacks
4. Event Group  - events declared by this extension
5. Signature(s) - signatures declared by this extension

Logic and packages will change. This is Work in Progress.

commit 736137d (HEAD -> extensions-probe-group, rafaeldtinoco/extensions-probe-group, myowntracee)
Author: Rafael David Tinoco rafaeldtinoco@gmail.com
Date: Mon Jun 12 04:53:14 2023

events: tailcall dependencies should be instanced and thread safe

related: #3170

commit ef78144
Author: Rafael David Tinoco rafaeldtinoco@gmail.com
Date: Mon Jun 12 02:02:42 2023

events: probes are event dependencies already

... make it so, then.

related: #3170

commit 7d588e9
Author: Rafael David Tinoco rafaeldtinoco@gmail.com
Date: Mon Jun 5 19:16:49 2023

probes: create probe group

- refactors probes
- creates probe group
- makes sure probe group is thread safe

related: #3170

@rafaeldtinoco rafaeldtinoco changed the title probes: create probe group (extensions) probes: create probe group Jun 11, 2023
@rafaeldtinoco rafaeldtinoco force-pushed the extensions-probe-group branch 2 times, most recently from 3512a82 to 736137d Compare June 12, 2023 04:55
@rafaeldtinoco rafaeldtinoco linked an issue Jun 12, 2023 that may be closed by this pull request
Tracee multiple eBPF objects support (per enabled/filtered event). #3170
Open
@rafaeldtinoco rafaeldtinoco changed the title (extensions) probes: create probe group (extensions) probes: create probe group, events: start work Jun 12, 2023
@rafaeldtinoco rafaeldtinoco marked this pull request as ready for review June 12, 2023 05:03
@NDStrahilevitz NDStrahilevitz self-requested a review June 12, 2023 14:52
NDStrahilevitz
NDStrahilevitz reviewed Jun 12, 2023
View reviewed changes
pkg/ebpf/probes/probe_group.go Outdated Show resolved Hide resolved
pkg/ebpf/tracee.go Outdated Show resolved Hide resolved
pkg/events/events.go Outdated Show resolved Hide resolved
@rafaeldtinoco
probes: create probe group
dc3c275 
- refactors probes
- creates probe group
- makes sure probe group is thread safe

related: #3170
@rafaeldtinoco
events: probes are event dependencies already
4f93312 
... make it so, then.

related: #3170
@rafaeldtinoco
events: tailcall dependencies should be instanced and thread safe
d312e13 
related: #3170
NDStrahilevitz
NDStrahilevitz approved these changes Jun 12, 2023
View reviewed changes
Copy link
Collaborator

@NDStrahilevitz NDStrahilevitz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1ing and it's your call if you want to make the following changes before merging.

pkg/events/events.go Outdated Show resolved Hide resolved
pkg/events/events.go Outdated Show resolved Hide resolved
@rafaeldtinoco
Copy link
Contributor Author

+1ing and it's your call if you want to make the following changes before merging.

You had good and valid points. I did the changes and pushed, I'll consider you're still +1 as there are no other changes. Will merge if tests pass after the current bug fix release.

Thanks for reviewing this!

@rafaeldtinoco rafaeldtinoco force-pushed the extensions-probe-group branch 2 times, most recently from 15f6d5c to 47a3c75 Compare June 13, 2023 03:51
josedonizetti
josedonizetti approved these changes Jun 13, 2023
View reviewed changes
Copy link
Collaborator

@josedonizetti josedonizetti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some typos only @rafaeldtinoco, LGMT otherwise.

pkg/ebpf/probes/cgroup.go Outdated Show resolved Hide resolved
pkg/ebpf/probes/uprobe.go Outdated Show resolved Hide resolved
pkg/ebpf/probes/trace.go Outdated Show resolved Hide resolved
@rafaeldtinoco
probes: chore renamings and comment changes
4cba594
@rafaeldtinoco
events: tailcalls: simplify creation with single function
2cc1020 
- change argument ordering for readability
- keep a single creation function
@rafaeldtinoco rafaeldtinoco merged commit e777197 into aquasecurity:main Jun 14, 2023
25 checks passed
@rafaeldtinoco rafaeldtinoco deleted the extensions-probe-group branch June 14, 2023 05:21
@yanivagman
Copy link
Collaborator

Forgot to write that I want to review this before merging...
Will try to go over it today

yanivagman
yanivagman reviewed Jun 14, 2023
View reviewed changes
pkg/ebpf/probes/probe_group.go Show resolved Hide resolved
pkg/ebpf/probes/probe_group.go Show resolved Hide resolved
pkg/ebpf/tracee.go Show resolved Hide resolved
pkg/ebpf/tracee.go Show resolved Hide resolved
pkg/events/events.go Show resolved Hide resolved
pkg/events/events.go Show resolved Hide resolved
pkg/events/events.go Show resolved Hide resolved
@rafaeldtinoco
Copy link
Contributor Author

Forgot to write that I want to review this before merging...

Thanks for reviewing, no matter the timing. I'll provide a chore PR with adjustments.

@rafaeldtinoco
Copy link
Contributor Author

Including observations in the next PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yanivagman yanivagman yanivagman left review comments

@josedonizetti josedonizetti josedonizetti approved these changes

@NDStrahilevitz NDStrahilevitz NDStrahilevitz approved these changes

Assignees

@rafaeldtinoco rafaeldtinoco

Labels
area/ebpf area/events area/extensions area/testing backport/v0.17.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Tracee multiple eBPF objects support (per enabled/filtered event).
4 participants
@rafaeldtinoco @yanivagman @josedonizetti @NDStrahilevitz