Lists #1283
Merged
Lists #1283
Commits on Aug 17, 2023
-
tetragon: Refactor createGenericKprobeSensor function
Curve out addKprobe which adds single kprobe, so we can pass specific name to it following changes and support symbols lists. The number of in/out arguments for addKprobe function is too big so I added in and out structs to carry it. There's no functional change intended, just preparation for following changes. Signed-off-by: Jiri Olsa <[email protected]>
-
tetragon: Add ListSpec to the schema
Adding support to define lists in the schema, like: spec: lists: - name: "syscalls" type: "syscalls" values: - "sys_dup" - "sys_dup2" They will be used in generic kprobes. The type can be: syscalls generated_syscalls generated_ftrace The implementation is in following patches. Signed-off-by: Jiri Olsa <[email protected]> -
tetragon: Generate changes for list schema bits
Result of 'make generate && make codegen'. Signed-off-by: Jiri Olsa <[email protected]>
-
tetragon: Add support to validate lists
Adding support to validate lists for generic kprobes. The specific type validation checks comes with type implementations in following changes. Signed-off-by: Jiri Olsa <[email protected]>
-
tetragon: Add support for syscall lists
Adding support for syscall lists, like: spec: lists: - name: "syscalls" type: "syscalls" values: - "sys_dup" - "sys_dup2" kprobes: - call: "list:syscalls" The prevalidation adds the arch specific syscall prefix. Signed-off-by: Jiri Olsa <[email protected]> -
tetragon: Add support for generated syscall lists
Adding support to generated syscall list, like: spec: lists: - name: "all-syscalls" type: "generated-syscalls" kprobes: - call: "list:all-syscalls" selectors: - matchBinaries: - operator: "In" values: - "/usr/bin/kill" that hooks to all syscalls and trace them for kill binary. Signed-off-by: Jiri Olsa <[email protected]> -
tetragon: Add support for generated ftrace lists
Adding support for generated ftrace list in tracing policy. The list is based on ftrace available_filter_functions file and filtered out for regex pattern specified in pattern value, like: spec: lists: - name: "ksys" type: "generated_ftrace" pattern: "^ksys_*" kprobes: - call: "list:ksys" selectors: - matchBinaries: - operator: "In" values: - "/usr/bin/kill" Signed-off-by: Jiri Olsa <[email protected]> -
tetragon: Add support to use list in generic kprobes
Adding support to use list in generic kprobe specs. It's now possible to specify list in 'call' value, like: kprobes: - call: "list:ksys" That makes all previous changelog examples working. Signed-off-by: Jiri Olsa <[email protected]>
-
tetra: Add all-syscalls-list tracingpolicy generate sub command
Adding new all-syscalls-list sub command that allows to generate tracing policy with all available syscalls, like: # ./tetra tracingpolicy generate all-syscalls-list apiVersion: cilium.io/v1alpha1 kind: TracingPolicy metadata: name: "syscalls" spec: lists: - name: "syscalls" type: "syscalls" values: - "sys_shutdown" - "sys_kexec_file_load" - "sys_io_uring_enter" - "sys_pkey_alloc" - "sys_clone3" - "sys_munlock" - "sys_lookup_dcookie" - "sys_eventfd2" - "sys_finit_module" - "sys_pwrite64" - "sys_semget" ... - "sys_mkdirat" - "sys_sync_file_range" - "sys_preadv" - "sys_syncfs" - "sys_link" - "sys_timer_delete" - "sys_unlinkat" kprobes: - call: "list:syscalls" syscall: true Signed-off-by: Jiri Olsa <[email protected]> -
tetra: Add avail-list tracingpolicy generate sub command
Adding new avail-list sub command that allows to generate tracing policy with generated functions list. The list is based on ftrace available_filter_functions file and filtered out for regex pattern given in -r/--regex option, like: # ./tetra tracingpolicy generate avail-list -r ^ksys_ apiVersion: cilium.io/v1alpha1 kind: TracingPolicy metadata: name: "ftrace" spec: lists: - name: "ftrace" values: - "ksys_dup3" - "ksys_fadvise64_64" - "ksys_fallocate" - "ksys_fchown" - "ksys_ioperm" - "ksys_lseek" - "ksys_mmap_pgoff" - "ksys_msgctl.constprop.0" - "ksys_msgget" - "ksys_msgrcv" - "ksys_msgsnd" - "ksys_pread64" - "ksys_pwrite64" - "ksys_read" - "ksys_readahead" - "ksys_semctl.constprop.0" - "ksys_semget" - "ksys_semtimedop" - "ksys_setsid" - "ksys_shmctl.constprop.0" - "ksys_shmdt" - "ksys_shmget" - "ksys_sync" - "ksys_sync_file_range" - "ksys_sync_helper" - "ksys_unshare" - "ksys_write" kprobes: - call: "list:ftrace" Note it's possible to get all available functions generated, but it's not advisable to run such policy ;-) Signed-off-by: Jiri Olsa <[email protected]> -
tetragon: Add syscall list tracing policy example
Adding syscall list tracing policy example. Signed-off-by: Jiri Olsa <[email protected]>
-
tetragon: Add syscall generated list tracing policy example
Adding syscall generated list tracing policy example. Signed-off-by: Jiri Olsa <[email protected]>
-
tetragon: Add ftrace generated list tracing policy example
Adding ftrace generated list tracing policy example. Signed-off-by: Jiri Olsa <[email protected]>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.