From e44f7dfc0e8ee90ddcef1d915111d420917b9ae0 Mon Sep 17 00:00:00 2001
From: John Fastabend <john.fastabend@gmail.com>
Date: Fri, 14 Jun 2024 19:24:19 -0700
Subject: [PATCH] tetragon: debug printer to show cgroup to namespace map

Its sometimes useful when debugging policy statements to be able to
dump the cgroup IDs to their namespace human readable names. This
helps ensure (a) the policy maps are correctly updated and (b) if
we are debugging kernel we can map cgroups to kubernetes names.

Signed-off-by: John Fastabend <john.fastabend@gmail.com>
---
 cmd/tetra/dump/dump.go                 | 25 +++++++++++++++++++++++++
 cmd/tetra/policyfilter/policyfilter.go | 17 +++++++++++++++++
 2 files changed, 42 insertions(+)

diff --git a/cmd/tetra/dump/dump.go b/cmd/tetra/dump/dump.go
index 94382e3082c..587f65ef897 100644
--- a/cmd/tetra/dump/dump.go
+++ b/cmd/tetra/dump/dump.go
@@ -128,3 +128,28 @@ func PolicyfilterState(fname string) {
 		fmt.Printf("%d: %s\n", polId, strings.Join(ids, ","))
 	}
 }
+
+func NamespaceState(fname string) error {
+	m, err := ebpf.LoadPinnedMap(fname, &ebpf.LoadPinOptions{
+		ReadOnly: true,
+	})
+	if err != nil {
+		logger.GetLogger().WithError(err).WithField("file", fname).Warn("Could not open process tree map")
+		return err
+	}
+
+	defer m.Close()
+
+	var (
+		key uint64
+		val uint64
+	)
+
+	fmt.Printf("cgroupId: stableId\n")
+	iter := m.Iterate()
+	for iter.Next(&key, &val) {
+		fmt.Printf("%d: %d\n", key, val)
+	}
+
+	return nil
+}
diff --git a/cmd/tetra/policyfilter/policyfilter.go b/cmd/tetra/policyfilter/policyfilter.go
index b94045b8704..34ad4e11c61 100644
--- a/cmd/tetra/policyfilter/policyfilter.go
+++ b/cmd/tetra/policyfilter/policyfilter.go
@@ -28,11 +28,28 @@ func New() *cobra.Command {
 		dumpCmd(),
 		addCommand(),
 		cgroupGetIDCommand(),
+		dumpDebugCmd(),
 	)
 
 	return ret
 }
 
+func dumpDebugCmd() *cobra.Command {
+	mapFname := filepath.Join(defaults.DefaultMapRoot, defaults.DefaultMapPrefix, policyfilter.CgrpNsMapName)
+	ret := &cobra.Command{
+		Use:   "dumpcgrp",
+		Short: "dump cgroup ID to namespace state",
+		Args:  cobra.ExactArgs(0),
+		Run: func(_ *cobra.Command, _ []string) {
+			dump.NamespaceState(mapFname)
+		},
+	}
+
+	flags := ret.Flags()
+	flags.StringVar(&mapFname, "map-fname", mapFname, "policyfilter map filename")
+	return ret
+}
+
 func cgroupGetIDCommand() *cobra.Command {
 	mapFname := filepath.Join(defaults.DefaultMapRoot, defaults.DefaultMapPrefix, policyfilter.MapName)
 	ret := &cobra.Command{