-
Notifications
You must be signed in to change notification settings - Fork 381
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fieldfilters: implement near zero-overhead copy-on-filter
Our previous implementation of field filters relied on creating a deep copy of the event before filtering, because otherwise clearing important fields could lead to segmentation faults due to the way we cache process information or cause filters to interfere with each other under multiple concurrent GetEventsRequests. Creating the deep copy fixed the above issues, but absolutely killed performance. This patch introduces a new implementation that lazily copies fields into a new protobuf message only when they "pass" the filter. The result is a near zero-overhead field filter implementation that actually significantly improves performance over the base case when filtering many fields. The following is output from the benchmark. Serialize is the base case with no filtering while DeepCopy roughly approximates our old implementation. The new implementation is nearly zero overhead in the worst case and performs significantly better when filtering lots of fields since we save significant cycles on JSON serialization. ❯ go test -seed 7996182721713197025 -bench=. -benchtime=20000x goos: linux goarch: amd64 pkg: github.com/cilium/tetragon/pkg/fieldfilters cpu: 12th Gen Intel(R) Core(TM) i9-12900K BenchmarkSerialize-24 20000 57269 ns/op --- BENCH: BenchmarkSerialize-24 benchmark_test.go:56: configured random event generator (seed=7996182721713197025) benchmark_test.go:56: configured random event generator (seed=7996182721713197025) BenchmarkSerialize_DeepCopy-24 20000 67012 ns/op --- BENCH: BenchmarkSerialize_DeepCopy-24 benchmark_test.go:56: configured random event generator (seed=7996182721713197025) benchmark_test.go:56: configured random event generator (seed=7996182721713197025) BenchmarkSerialize_DeepCopyProcess-24 20000 61535 ns/op --- BENCH: BenchmarkSerialize_DeepCopyProcess-24 benchmark_test.go:56: configured random event generator (seed=7996182721713197025) benchmark_test.go:56: configured random event generator (seed=7996182721713197025) BenchmarkSerialize_FieldFilters-24 20000 57372 ns/op --- BENCH: BenchmarkSerialize_FieldFilters-24 benchmark_test.go:56: configured random event generator (seed=7996182721713197025) benchmark_test.go:56: configured random event generator (seed=7996182721713197025) BenchmarkSerialize_FieldFilters_NoProcessInfo-24 20000 26625 ns/op --- BENCH: BenchmarkSerialize_FieldFilters_NoProcessInfo-24 benchmark_test.go:56: configured random event generator (seed=7996182721713197025) benchmark_test.go:56: configured random event generator (seed=7996182721713197025) BenchmarkSerialize_FieldFilters_NoProcesInfoKeepExecid-24 20000 36356 ns/op --- BENCH: BenchmarkSerialize_FieldFilters_NoProcesInfoKeepExecid-24 benchmark_test.go:56: configured random event generator (seed=7996182721713197025) benchmark_test.go:56: configured random event generator (seed=7996182721713197025) PASS ok github.com/cilium/tetragon/pkg/fieldfilters 19.345s Signed-off-by: William Findlay <[email protected]>
- Loading branch information
1 parent
08a7d91
commit 19b2000
Showing
19 changed files
with
1,006 additions
and
885 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Oops, something went wrong.