Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(ebpf): optimize sendmsg/recvmsg kprobes #3766

Merged
merged 1 commit into from
Dec 18, 2023
Merged

feat(ebpf): optimize sendmsg/recvmsg kprobes #3766

merged 1 commit into from
Dec 18, 2023

Conversation

NDStrahilevitz
Copy link
Collaborator

1. Explain what the PR does

9f90b1d feat(ebpf): optimize sendmsg/recvmsg kprobes

Move the socket validation section in these eBPF programs from the map
updating functions to the initial stage of the eBPF program.   
This is better because it is much quicker to validate the socket, than
initally checking `should_trace` and doing `init_program_data`.
It is also consistent with another networking kprobe of the packet logic
`trace_sock_alloc_file`.
    
Old version benchmark:
PROGRAM: security_socket_recvmsg (runtime: 569255060 ns, amount: 90974 times, average: 6257 ns)
PROGRAM: security_socket_sendmsg (runtime: 603516073 ns, amount: 109182 times, average: 5527 ns)
    
New version benchmark:
PROGRAM: security_socket_recvmsg (runtime: 613052965 ns, amount: 134066 times, average: 4572 ns)
PROGRAM: security_socket_sendmsg (runtime: 652289846 ns, amount: 161178 times, average: 4047 ns)

2. Explain how to test it

Validate e2e network tests, they should work the same.

@NDStrahilevitz
feat(ebpf): optimize sendmsg/recvmsg kprobes
9f90b1d 
Move the socket validation section in these eBPF programs from the map
updating functions to the initial stage of the eBPF program.
This is better because it is much quicker to validate the socket, than
initally checking `should_trace` and doing `init_program_data`.
It is also consistent with another networking kprobe of the packet logic
`trace_sock_alloc_file`.

Old version benchmark:
PROGRAM: security_socket_recvmsg (runtime: 569255060 ns, amount: 90974 times, average: 6257 ns)
PROGRAM: security_socket_sendmsg (runtime: 603516073 ns, amount: 109182 times, average: 5527 ns)

New version benchmark:
PROGRAM: security_socket_recvmsg (runtime: 613052965 ns, amount: 134066 times, average: 4572 ns)
PROGRAM: security_socket_sendmsg (runtime: 652289846 ns, amount: 161178 times, average: 4047 ns)
@NDStrahilevitz NDStrahilevitz self-assigned this Dec 17, 2023
rafaeldtinoco
rafaeldtinoco approved these changes Dec 18, 2023
View reviewed changes
Copy link
Contributor

@rafaeldtinoco rafaeldtinoco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks!

@rafaeldtinoco rafaeldtinoco merged commit 3c67c70 into aquasecurity:main Dec 18, 2023
31 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rafaeldtinoco rafaeldtinoco rafaeldtinoco approved these changes

Assignees

@NDStrahilevitz NDStrahilevitz

Labels
area/ebpf area/performance
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@NDStrahilevitz @rafaeldtinoco