Skip to content

Commit

Permalink
tetragon: Add support to reconfig cgroup rate
Browse files Browse the repository at this point in the history 
Signed-off-by: Jiri Olsa <[email protected]>
  • Loading branch information
@olsajiri
olsajiri committed Mar 7, 2024
1 parent 062c895 commit 7c42c49
Show file tree
Hide file tree
Showing 6 changed files with 93 additions and 0 deletions.
18 changes: 18 additions & 0 deletions cmd/tetragon/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,10 @@ import (
"syscall"
"time"

"github.com/cilium/ebpf"
"github.com/cilium/tetragon/api/v1/tetragon"
"github.com/cilium/tetragon/pkg/alignchecker"
"github.com/cilium/tetragon/pkg/api/tracingapi"
"github.com/cilium/tetragon/pkg/bpf"
"github.com/cilium/tetragon/pkg/btf"
"github.com/cilium/tetragon/pkg/bugtool"
Expand Down Expand Up @@ -439,6 +441,22 @@ func tetragonExecute() error {

onReconfig := func(data *config.Data) {
option.Config.DisableKprobeMulti = data.DisableKprobeMulti

rateMap := base.ExecveCgroupRate

var err error

err = rateMap.MapHandle.Update(uint32(tracingapi.CgroupRateConfigExec),
data.ExecCgroupRate, ebpf.UpdateAny)
if err != nil {
log.Infof("failed to update exec cgroup rate in map '%s' : %w", rateMap.Name, err)
}

err = rateMap.MapHandle.Update(uint32(tracingapi.CgroupRateConfigFork),
data.ForkCgroupRate, ebpf.UpdateAny)
if err != nil {
log.Infof("failed to update fork cgroup rate in map '%s' : %w", rateMap.Name, err)
}
}

cfg := config.NewConfig(option.Config.ConfigFile, 5*time.Second, onReconfig)
Expand Down
9 changes: 9 additions & 0 deletions pkg/api/tracingapi/client_kprobe.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -591,3 +591,12 @@ type EventConfig struct {
PolicyID uint32 `align:"policy_id"`
Flags uint32 `align:"flags"`
}

const CgroupRateConfigExec = 0
const CgroupRateConfigFork = 1

type CgroupRate struct {
Tokens uint64
Interval uint64
Throttle uint64
}
13 changes: 13 additions & 0 deletions pkg/config/api.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,20 @@ type Value struct {
Value string `json:"value"`
}

type CgroupRate struct {
// number of tokens
Tokens uint64 `json:"tokens,omitempty"`
// interval time (ns)
Interval uint64 `json:"interval,omitempty"`
// throttle time (ns)
Throttle uint64 `json:"throttle,omitempty"`
}

type Spec struct {
// A list of values
Values []Value `json:"values,omitempty"`

// cgroup rate data for exec,fork
ExecCgroupRate CgroupRate `json:"exec-cgroup-rate,omitempty"`
ForkCgroupRate CgroupRate `json:"fork-cgroup-rate,omitempty"`
}
19 changes: 19 additions & 0 deletions pkg/config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,14 @@ package config
import (
"strconv"
"time"

"github.com/cilium/tetragon/pkg/api/tracingapi"
)

type Data struct {
DisableKprobeMulti bool
ExecCgroupRate tracingapi.CgroupRate
ForkCgroupRate tracingapi.CgroupRate
}

type reconfigCb func(data *Data)
Expand All @@ -34,13 +38,28 @@ func (c *Handler) Stop() {
func (c *Handler) onReload(_ uint64, spec Spec) {
data := Data{}

// name/value config
for _, val := range spec.Values {
switch val.Name {
case "disable-kprobe-multi":
data.DisableKprobeMulti, _ = strconv.ParseBool(val.Value)
}
}

// exec cgroup rate data
data.ExecCgroupRate = tracingapi.CgroupRate{
Tokens: spec.ExecCgroupRate.Tokens,
Interval: spec.ExecCgroupRate.Interval,
Throttle: spec.ExecCgroupRate.Throttle,
}

// fork cgroup rate data
data.ForkCgroupRate = tracingapi.CgroupRate{
Tokens: spec.ForkCgroupRate.Tokens,
Interval: spec.ForkCgroupRate.Interval,
Throttle: spec.ForkCgroupRate.Throttle,
}

c.onReconfig(&data)
}

Expand Down
33 changes: 33 additions & 0 deletions pkg/config/config_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"os"
"testing"

"github.com/cilium/tetragon/pkg/api/tracingapi"
"github.com/stretchr/testify/assert"
)

Expand Down Expand Up @@ -44,4 +45,36 @@ values:
cfg.Stop()
})

t.Run("exec-cgroup-rate", func(t *testing.T) {
write(`
exec-cgroup-rate:
tokens: 12345
interval: 1000000000
throttle: 5000000000
`)

reconfig := func(data *Data) {
expected := tracingapi.CgroupRate{12345, 1000000000, 5000000000}

Check failure on line 57 in pkg/config/config_test.go

View workflow job for this annotation

GitHub Actions / golangci-lint 

composites: github.com/cilium/tetragon/pkg/api/tracingapi.CgroupRate struct literal uses unkeyed fields (govet)
assert.Equal(t, expected, data.ExecCgroupRate)
}

cfg := NewConfig(file.Name(), 0, reconfig)
cfg.Stop()
})
t.Run("fork-cgroup-rate", func(t *testing.T) {
write(`
fork-cgroup-rate:
tokens: 54321
interval: 3000000000
throttle: 10000000000
`)

reconfig := func(data *Data) {
expected := tracingapi.CgroupRate{54321, 3000000000, 10000000000}

Check failure on line 73 in pkg/config/config_test.go

View workflow job for this annotation

GitHub Actions / golangci-lint 

composites: github.com/cilium/tetragon/pkg/api/tracingapi.CgroupRate struct literal uses unkeyed fields (govet)
assert.Equal(t, expected, data.ForkCgroupRate)
}

cfg := NewConfig(file.Name(), 0, reconfig)
cfg.Stop()
})
}
1 change: 1 addition & 0 deletions pkg/sensors/base/base.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,7 @@ func GetDefaultMaps() []*program.Map {
ExecveStats,
ExecveJoinMapStats,
ExecveTailCallsMap,
ExecveCgroupRate,
ForkTailCallsMap,
TCPMonMap,
TetragonConfMap,
Expand Down

0 comments on commit 7c42c49

Please sign in to comment.