-
Notifications
You must be signed in to change notification settings - Fork 323
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tetragon: fixup generic tracepoint sensor create #568
Conversation
Signed-off-by: dechengyuan <dechengyuan@tencent.com>
could you please be more specific what's failing, best with crd example and description of expected behavior? would be great to have automated test for that if possible, thanks |
@Y-dc I see that golanglint-ci is used https://github.com/cilium/tetragon/blob/main/.golangci.yml I suggest to enable all linters which covers bugs section https://golangci-lint.run/usage/linters/ |
@olsajiri I added some logs before and after the loops. // createGenericTracepointSensor will create a sensor that can be loaded based on a generic tracepoint configuration
func createGenericTracepointSensor(name string, confs []GenericTracepointConf) (*sensors.Sensor, error) {
tracepoints := make([]*genericTracepoint, 0, len(confs))
// ----------add log
js,_ := json.Marshal(genericTracepointTable.arr)
fmt.Println("before creating genericTracepointTable: ",string(js))
js,_ = json.Marshal(confs)
fmt.Println("before creating confs: ",string(js))
// -------------
for _, conf := range confs {
tp, err := createGenericTracepoint(name, &conf)
if err != nil {
return nil, err
}
// ------------add log
js,_ = json.Marshal(tp.Spec)
fmt.Println("creating TracepointSpec:",string(js))
tracepoints = append(tracepoints, tp)
// --------------------
}
// ------------add log
js,_ = json.Marshal(genericTracepointTable.arr)
fmt.Println("after creating genericTracepointTable: ",string(js))
// --------------------
//......
} add tracingpolicy: apiVersion: cilium.io/v1alpha1
kind: TracingPolicy
metadata:
name: http
spec:
tracepoints:
- args:
- index: 5
returnCopy: false
type: fd
- index: 6
returnCopy: false
sizeArgIndex: 8
type: char_buf
- index: 7
returnCopy: false
type: size_t
event: sys_enter_write
selectors:
- matchArgs:
- index: 6
operator: Prefix
values:
- HTTP
subsystem: syscalls
- args:
- index: 5
returnCopy: false
type: fd
- index: 6
returnCopy: false
sizeArgIndex: 8
type: char_buf
- index: 7
returnCopy: false
type: size_t
event: sys_enter_read
selectors:
- {}
subsystem: syscalls then output:
as you can see, after loops, we got [{"Info":{"Subsys":"syscalls","Event":"sys_enter_write","Format":{"Name":"sys_enter_write","ID":640,"Fields":[{"FieldStr":"unsigned short common_type","Field":null,"Offset":0,"Size":2,"IsSigned":false},{"FieldStr":"unsigned char common_flags","Field":null,"Offset":2,"Size":1,"IsSigned":false},{"FieldStr":"unsigned char common_preempt_count","Field":null,"Offset":3,"Size":1,"IsSigned":false},{"FieldStr":"int common_pid","Field":null,"Offset":4,"Size":4,"IsSigned":true},{"FieldStr":"int __syscall_nr","Field":null,"Offset":8,"Size":4,"IsSigned":true},{"FieldStr":"unsigned int fd","Field":null,"Offset":16,"Size":8,"IsSigned":false},{"FieldStr":"const char * buf","Field":null,"Offset":24,"Size":8,"IsSigned":false},{"FieldStr":"size_t count","Field":null,"Offset":32,"Size":8,"IsSigned":false}]}},"Spec":{"subsystem":"syscalls","event":"sys_enter_read","args":[{"index":5,"type":"fd","sizeArgIndex":0,"returnCopy":false},{"index":6,"type":"char_buf","sizeArgIndex":8,"returnCopy":false},{"index":7,"type":"size_t","sizeArgIndex":0,"returnCopy":false}],"selectors":[{"matchPIDs":null,"matchArgs":null,"matchActions":null,"matchReturnArgs":null,"matchBinaries":null,"matchNamespaces":null,"matchNamespaceChanges":null,"matchCapabilities":null,"matchCapabilityChanges":null}]}},{"Info":{"Subsys":"syscalls","Event":"sys_enter_read","Format":{"Name":"sys_enter_read","ID":642,"Fields":[{"FieldStr":"unsigned short common_type","Field":null,"Offset":0,"Size":2,"IsSigned":false},{"FieldStr":"unsigned char common_flags","Field":null,"Offset":2,"Size":1,"IsSigned":false},{"FieldStr":"unsigned char common_preempt_count","Field":null,"Offset":3,"Size":1,"IsSigned":false},{"FieldStr":"int common_pid","Field":null,"Offset":4,"Size":4,"IsSigned":true},{"FieldStr":"int __syscall_nr","Field":null,"Offset":8,"Size":4,"IsSigned":true},{"FieldStr":"unsigned int fd","Field":null,"Offset":16,"Size":8,"IsSigned":false},{"FieldStr":"char * buf","Field":null,"Offset":24,"Size":8,"IsSigned":false},{"FieldStr":"size_t count","Field":null,"Offset":32,"Size":8,"IsSigned":false}]}},"Spec":{"subsystem":"syscalls","event":"sys_enter_read","args":[{"index":5,"type":"fd","sizeArgIndex":0,"returnCopy":false},{"index":6,"type":"char_buf","sizeArgIndex":8,"returnCopy":false},{"index":7,"type":"size_t","sizeArgIndex":0,"returnCopy":false}],"selectors":[{"matchPIDs":null,"matchArgs":null,"matchActions":null,"matchReturnArgs":null,"matchBinaries":null,"matchNamespaces":null,"matchNamespaceChanges":null,"matchCapabilities":null,"matchCapabilityChanges":null}]}}] the |
@anjmao i think that is better! |
Linters |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice catch, thanks!
Enabling the linter also makes sense to me!
tracepoint sensor creation not as expected.
![image](https://user-images.githubusercontent.com/39187264/204755088-b2258b92-fa39-448e-9133-b93dd2646388.png)
source code
use
&conf
cause allgenericTracepoint.Spec
as same as the last element ingenericTracepointTable
, should use&confs[i]
instead.fix #569
Signed-off-by: dechengyuan dechengyuan@tencent.com