fix: e2e-net-tests should use unified binary

pkg/events/derive/net_packet.go

@@ -371,7 +371,7 @@ func NetPacketHTTP() DeriveFunction {
 				dstIP,
 				srcPort,
 				dstPort,
-				&trace.PacketMetadata{
+				trace.PacketMetadata{
 					Direction: getPacketDirection(&event),
 				},
 				*proto,

tests/e2e-kernel-test.sh

@@ -61,7 +61,7 @@ info
 set -e
 make -j$(nproc) all
 set +e
-if [[ ! -x ./dist/tracee-ebpf || ! -x ./dist/tracee-rules ]]; then
+if [[ ! -x ./dist/tracee ]]; then
     error_exit "could not find tracee executables"
 fi
 
@@ -76,26 +76,16 @@ for TEST in $TESTS; do
     info
 
     rm -f $SCRIPT_TMP_DIR/build-$$
-    rm -f $SCRIPT_TMP_DIR/ebpf-$$
 
-    events=$(./dist/tracee-rules --rules $TEST --list-events)
-
-    ./dist/tracee-ebpf \
+    ./dist/tracee \
         --install-path $TRACEE_TMP_DIR \
         --cache cache-type=mem \
         --cache mem-cache-size=512 \
-        --output format:gob \
-        --output option:parse-arguments \
-        --scope container=new \
-        --events $events \
-        2>$SCRIPT_TMP_DIR/ebpf-$$ |
-        ./dist/tracee-rules \
-            --input-tracee=file:stdin \
-            --input-tracee format:gob \
-            --rules $TEST 2>&1 |
+        --output json \
+        --scope container=new 2>&1 |
         tee $SCRIPT_TMP_DIR/build-$$ 2>&1 &
 
-    # wait tracee-ebpf to be started (30 sec most)
+    # wait tracee to be started (30 sec most)
     times=0
     timedout=0
     while true; do
@@ -119,7 +109,7 @@ for TEST in $TESTS; do
         info
         info "$TEST: FAILED. ERRORS:"
         info
-        cat $SCRIPT_TMP_DIR/ebpf-$$
+        cat $SCRIPT_TMP_DIR/build-$$
 
         anyerror="${anyerror}$TEST,"
         continue
@@ -148,32 +138,28 @@ for TEST in $TESTS; do
     ## cleanup at EXIT
 
     found=0
-    cat $SCRIPT_TMP_DIR/build-$$ | grep "Signature ID: $TEST" -B2 | head -3 | grep -q "\*\*\* Detection" && found=1
+    cat $SCRIPT_TMP_DIR/build-$$ | grep "\"signatureID\":\"$TEST\"" -B2 && found=1
     info
     if [[ $found -eq 1 ]]; then
         info "$TEST: SUCCESS"
     else
         anyerror="${anyerror}$TEST,"
-        info "$TEST: FAILED, stderr from tracee-ebpf:"
-        cat $SCRIPT_TMP_DIR/ebpf-$$
+        info "$TEST: FAILED, stderr from tracee:"
+        cat $SCRIPT_TMP_DIR/build-$$
         info
     fi
     info
 
     rm -f $SCRIPT_TMP_DIR/build-$$
-    rm -f $SCRIPT_TMP_DIR/ebpf-$$
 
-    rules_pid=$(pidof tracee-rules)
-    tracee_pid=$(pidof tracee-ebpf)
+    tracee_pid=$(pidof tracee)
 
     # cleanup tracee with SIGINT
-    kill -2 $rules_pid
     kill -2 $tracee_pid
 
     sleep $TRACEE_SHUTDOWN_TIMEOUT
 
     # make sure tracee is exited with SIGKILL
-    kill -9 $rules_pid >/dev/null 2>&1
     kill -9 $tracee_pid >/dev/null 2>&1
 
     # give a little break for OS noise to reduce

tests/e2e-net-signatures/e2e-dns.go

@@ -36,6 +36,7 @@ func (sig *e2eDNS) Init(ctx detect.SignatureContext) error {
 func (sig *e2eDNS) GetMetadata() (detect.SignatureMetadata, error) {
 	return detect.SignatureMetadata{
 		ID:          "DNS",
+		EventName:   "DNS",
 		Version:     "0.1.0",
 		Name:        "Network DNS Test",
 		Description: "Network E2E Tests: DNS",

tests/e2e-net-signatures/e2e-http.go

@@ -29,6 +29,7 @@ func (sig *e2eHTTP) Init(ctx detect.SignatureContext) error {
 func (sig *e2eHTTP) GetMetadata() (detect.SignatureMetadata, error) {
 	return detect.SignatureMetadata{
 		ID:          "HTTP",
+		EventName:   "HTTP",
 		Version:     "0.1.0",
 		Name:        "Network HTTP Test",
 		Description: "Network E2E Tests: HTTP",

tests/e2e-net-signatures/e2e-icmp.go

@@ -21,6 +21,7 @@ func (sig *e2eICMP) Init(ctx detect.SignatureContext) error {
 func (sig *e2eICMP) GetMetadata() (detect.SignatureMetadata, error) {
 	return detect.SignatureMetadata{
 		ID:          "ICMP",
+		EventName:   "ICMP",
 		Version:     "0.1.0",
 		Name:        "Network ICMP Test",
 		Description: "Network E2E Tests: ICMP",

tests/e2e-net-signatures/e2e-icmpv6.go

@@ -21,6 +21,7 @@ func (sig *e2eICMPv6) Init(ctx detect.SignatureContext) error {
 func (sig *e2eICMPv6) GetMetadata() (detect.SignatureMetadata, error) {
 	return detect.SignatureMetadata{
 		ID:          "ICMPv6",
+		EventName:   "ICMPv6",
 		Version:     "0.1.0",
 		Name:        "Network ICMPv6 Test",
 		Description: "Network E2E Tests: ICMPv6",

tests/e2e-net-signatures/e2e-ipv4.go

@@ -21,6 +21,7 @@ func (sig *e2eIPv4) Init(ctx detect.SignatureContext) error {
 func (sig *e2eIPv4) GetMetadata() (detect.SignatureMetadata, error) {
 	return detect.SignatureMetadata{
 		ID:          "IPv4",
+		EventName:   "IPv4",
 		Version:     "0.1.0",
 		Name:        "Network IPv4 Test",
 		Description: "Network E2E Tests: IPv4",

tests/e2e-net-signatures/e2e-ipv6.go

@@ -21,6 +21,7 @@ func (sig *e2eIPv6) Init(ctx detect.SignatureContext) error {
 func (sig *e2eIPv6) GetMetadata() (detect.SignatureMetadata, error) {
 	return detect.SignatureMetadata{
 		ID:          "IPv6",
+		EventName:   "IPv6",
 		Version:     "0.1.0",
 		Name:        "Network IPv6 Test",
 		Description: "Network E2E Tests: IPv6",

tests/e2e-net-signatures/e2e-tcp.go

@@ -21,6 +21,7 @@ func (sig *e2eTCP) Init(ctx detect.SignatureContext) error {
 func (sig *e2eTCP) GetMetadata() (detect.SignatureMetadata, error) {
 	return detect.SignatureMetadata{
 		ID:          "TCP",
+		EventName:   "TCP",
 		Version:     "0.1.0",
 		Name:        "Network TCP Test",
 		Description: "Network E2E Tests: TCP",

tests/e2e-net-signatures/e2e-udp.go

@@ -21,6 +21,7 @@ func (sig *e2eUDP) Init(ctx detect.SignatureContext) error {
 func (sig *e2eUDP) GetMetadata() (detect.SignatureMetadata, error) {
 	return detect.SignatureMetadata{
 		ID:          "UDP",
+		EventName:   "UDP",
 		Version:     "0.1.0",
 		Name:        "Network UDP Test",
 		Description: "Network E2E Tests: UDP",

tests/e2e-net-test.sh

@@ -71,7 +71,7 @@ set -e
 make -j$(nproc) all
 make e2e-net-signatures
 set +e
-if [[ ! -x ./dist/tracee-ebpf || ! -x ./dist/tracee-rules ]]; then
+if [[ ! -x ./dist/tracee ]]; then
     error_exit "could not find tracee executables"
 fi
 
@@ -86,28 +86,17 @@ for TEST in $TESTS; do
     info
 
     rm -f $SCRIPT_TMP_DIR/build-$$
-    rm -f $SCRIPT_TMP_DIR/ebpf-$$
 
-    events=$(./dist/tracee-rules --allcaps --rules-dir ./dist/e2e-net-signatures/ --rules $TEST --list-events)
-
-    ./dist/tracee-ebpf \
+    ./dist/tracee \
         --install-path $TRACEE_TMP_DIR \
         --cache cache-type=mem \
         --cache mem-cache-size=512 \
-        --output format:json \
-        --output option:parse-arguments \
+        --output json \
         --scope comm=ping,nc,nslookup,isc-net-0000,isc-worker0000,curl \
-        --events $events \
-        2>$SCRIPT_TMP_DIR/ebpf-$$ |
-        ./dist/tracee-rules \
-            --rules-dir ./dist/e2e-net-signatures/ \
-            --input-tracee=file:stdin \
-            --input-tracee format:json \
-            --rules $TEST \
-            --allcaps 2>&1 |
+        --signatures-dir ./dist/e2e-net-signatures/ 2>&1 |
         tee $SCRIPT_TMP_DIR/build-$$ 2>&1 &
 
-    # wait tracee-ebpf to be started (30 sec most)
+    # wait tracee to be started (30 sec most)
     times=0
     timedout=0
     while true; do
@@ -126,12 +115,12 @@ for TEST in $TESTS; do
         fi
     done
 
-    # tracee-ebpf could not start for some reason, check stderr
+    # tracee could not start for some reason, check stderr
     if [[ $timedout -eq 1 ]]; then
         info
         info "$TEST: FAILED. ERRORS:"
         info
-        cat $SCRIPT_TMP_DIR/ebpf-$$
+        cat $SCRIPT_TMP_DIR/build-$$
 
         anyerror="${anyerror}$TEST,"
         continue
@@ -150,34 +139,30 @@ for TEST in $TESTS; do
     ## cleanup at EXIT
 
     found=0
-    cat $SCRIPT_TMP_DIR/build-$$ | grep "Signature ID: $TEST" -B2 | head -3 | grep -q "\*\*\* Detection" && found=1
+    cat $SCRIPT_TMP_DIR/build-$$ | grep "\"signatureID\":\"$TEST\"" -B2 && found=1
     info
     if [[ $found -eq 1 ]]; then
         info "$TEST: SUCCESS"
     else
         anyerror="${anyerror}$TEST,"
-        info "$TEST: FAILED, stderr from tracee-ebpf:"
-        cat $SCRIPT_TMP_DIR/ebpf-$$
+        info "$TEST: FAILED, stderr from tracee:"
+        cat $SCRIPT_TMP_DIR/build-$$
         info
     fi
     info
 
     rm -f $SCRIPT_TMP_DIR/build-$$
-    rm -f $SCRIPT_TMP_DIR/ebpf-$$
 
     # make sure we exit both to start them again
 
-    pid_rules=$(pidof tracee-rules)
-    pid_ebpf=$(pidof tracee-ebpf)
+    pid_tracee=$(pidof tracee)
 
-    kill -2 $pid_rules
-    kill -2 $pid_ebpf
+    kill -2 $pid_tracee
 
     sleep $TRACEE_SHUTDOWN_TIMEOUT
 
     # make sure tracee is exited with SIGKILL
-    kill -9 $pid_rules >/dev/null 2>&1
-    kill -9 $pid_ebpf >/dev/null 2>&1
+    kill -9 $pid_tracee >/dev/null 2>&1
 
     # give a little break for OS noise to reduce
     sleep 3
@@ -194,4 +179,4 @@ fi
 
 info "ALL TESTS: SUCCESS"
 
-exit 0
+exit 0