From 7c42c49ae5aa406ead293bb83fe8cddceb459a69 Mon Sep 17 00:00:00 2001 From: Jiri Olsa Date: Thu, 7 Mar 2024 10:24:14 +0000 Subject: [PATCH] tetragon: Add support to reconfig cgroup rate Signed-off-by: Jiri Olsa --- cmd/tetragon/main.go | 18 ++++++++++++++++ pkg/api/tracingapi/client_kprobe.go | 9 ++++++++ pkg/config/api.go | 13 ++++++++++++ pkg/config/config.go | 19 +++++++++++++++++ pkg/config/config_test.go | 33 +++++++++++++++++++++++++++++ pkg/sensors/base/base.go | 1 + 6 files changed, 93 insertions(+) diff --git a/cmd/tetragon/main.go b/cmd/tetragon/main.go index c000819a420..8e5d00d956b 100644 --- a/cmd/tetragon/main.go +++ b/cmd/tetragon/main.go @@ -21,8 +21,10 @@ import ( "syscall" "time" + "github.com/cilium/ebpf" "github.com/cilium/tetragon/api/v1/tetragon" "github.com/cilium/tetragon/pkg/alignchecker" + "github.com/cilium/tetragon/pkg/api/tracingapi" "github.com/cilium/tetragon/pkg/bpf" "github.com/cilium/tetragon/pkg/btf" "github.com/cilium/tetragon/pkg/bugtool" @@ -439,6 +441,22 @@ func tetragonExecute() error { onReconfig := func(data *config.Data) { option.Config.DisableKprobeMulti = data.DisableKprobeMulti + + rateMap := base.ExecveCgroupRate + + var err error + + err = rateMap.MapHandle.Update(uint32(tracingapi.CgroupRateConfigExec), + data.ExecCgroupRate, ebpf.UpdateAny) + if err != nil { + log.Infof("failed to update exec cgroup rate in map '%s' : %w", rateMap.Name, err) + } + + err = rateMap.MapHandle.Update(uint32(tracingapi.CgroupRateConfigFork), + data.ForkCgroupRate, ebpf.UpdateAny) + if err != nil { + log.Infof("failed to update fork cgroup rate in map '%s' : %w", rateMap.Name, err) + } } cfg := config.NewConfig(option.Config.ConfigFile, 5*time.Second, onReconfig) diff --git a/pkg/api/tracingapi/client_kprobe.go b/pkg/api/tracingapi/client_kprobe.go index 5651e69e464..ea003e52d48 100644 --- a/pkg/api/tracingapi/client_kprobe.go +++ b/pkg/api/tracingapi/client_kprobe.go @@ -591,3 +591,12 @@ type EventConfig struct { PolicyID uint32 `align:"policy_id"` Flags uint32 `align:"flags"` } + +const CgroupRateConfigExec = 0 +const CgroupRateConfigFork = 1 + +type CgroupRate struct { + Tokens uint64 + Interval uint64 + Throttle uint64 +} diff --git a/pkg/config/api.go b/pkg/config/api.go index 736fe9d38ef..7e41a0f6303 100644 --- a/pkg/config/api.go +++ b/pkg/config/api.go @@ -10,7 +10,20 @@ type Value struct { Value string `json:"value"` } +type CgroupRate struct { + // number of tokens + Tokens uint64 `json:"tokens,omitempty"` + // interval time (ns) + Interval uint64 `json:"interval,omitempty"` + // throttle time (ns) + Throttle uint64 `json:"throttle,omitempty"` +} + type Spec struct { // A list of values Values []Value `json:"values,omitempty"` + + // cgroup rate data for exec,fork + ExecCgroupRate CgroupRate `json:"exec-cgroup-rate,omitempty"` + ForkCgroupRate CgroupRate `json:"fork-cgroup-rate,omitempty"` } diff --git a/pkg/config/config.go b/pkg/config/config.go index 5886188ad0d..28fa357cf20 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -6,10 +6,14 @@ package config import ( "strconv" "time" + + "github.com/cilium/tetragon/pkg/api/tracingapi" ) type Data struct { DisableKprobeMulti bool + ExecCgroupRate tracingapi.CgroupRate + ForkCgroupRate tracingapi.CgroupRate } type reconfigCb func(data *Data) @@ -34,6 +38,7 @@ func (c *Handler) Stop() { func (c *Handler) onReload(_ uint64, spec Spec) { data := Data{} + // name/value config for _, val := range spec.Values { switch val.Name { case "disable-kprobe-multi": @@ -41,6 +46,20 @@ func (c *Handler) onReload(_ uint64, spec Spec) { } } + // exec cgroup rate data + data.ExecCgroupRate = tracingapi.CgroupRate{ + Tokens: spec.ExecCgroupRate.Tokens, + Interval: spec.ExecCgroupRate.Interval, + Throttle: spec.ExecCgroupRate.Throttle, + } + + // fork cgroup rate data + data.ForkCgroupRate = tracingapi.CgroupRate{ + Tokens: spec.ForkCgroupRate.Tokens, + Interval: spec.ForkCgroupRate.Interval, + Throttle: spec.ForkCgroupRate.Throttle, + } + c.onReconfig(&data) } diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go index 60a2fd84bbb..5809bdd6d79 100644 --- a/pkg/config/config_test.go +++ b/pkg/config/config_test.go @@ -7,6 +7,7 @@ import ( "os" "testing" + "github.com/cilium/tetragon/pkg/api/tracingapi" "github.com/stretchr/testify/assert" ) @@ -44,4 +45,36 @@ values: cfg.Stop() }) + t.Run("exec-cgroup-rate", func(t *testing.T) { + write(` +exec-cgroup-rate: + tokens: 12345 + interval: 1000000000 + throttle: 5000000000 +`) + + reconfig := func(data *Data) { + expected := tracingapi.CgroupRate{12345, 1000000000, 5000000000} + assert.Equal(t, expected, data.ExecCgroupRate) + } + + cfg := NewConfig(file.Name(), 0, reconfig) + cfg.Stop() + }) + t.Run("fork-cgroup-rate", func(t *testing.T) { + write(` +fork-cgroup-rate: + tokens: 54321 + interval: 3000000000 + throttle: 10000000000 +`) + + reconfig := func(data *Data) { + expected := tracingapi.CgroupRate{54321, 3000000000, 10000000000} + assert.Equal(t, expected, data.ForkCgroupRate) + } + + cfg := NewConfig(file.Name(), 0, reconfig) + cfg.Stop() + }) } diff --git a/pkg/sensors/base/base.go b/pkg/sensors/base/base.go index d379ac4755c..6ab7c520e46 100644 --- a/pkg/sensors/base/base.go +++ b/pkg/sensors/base/base.go @@ -121,6 +121,7 @@ func GetDefaultMaps() []*program.Map { ExecveStats, ExecveJoinMapStats, ExecveTailCallsMap, + ExecveCgroupRate, ForkTailCallsMap, TCPMonMap, TetragonConfMap,