Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Process tracker refactor #5

Merged
merged 18 commits into from
Jun 28, 2022
Merged

Process tracker refactor #5

merged 18 commits into from
Jun 28, 2022

Conversation

MatteoNardi
Copy link
Contributor

Fix process tracker missing processes by:

  • keeping track of PID 0
  • consider processes alive up to EXIT_THRESHOLD (5ms) after they exited
  • handle events out of order (exec before fork)

This branch also include two major refactors:

  • refactor Program to takes advantage of aya::Bpf being Send
  • refactor initialization procedure

In the on_tcp_set_state hook, don't override the event PID with the one
originating the connection. Instead, set it to the original_pid field.
Sometimes we get events out of order, like a an exec or exit before
its fork. This change will save the pending changes in a dictionary and
apply them once the fork event arrives.
Replace the `ALLOW_PRINTK` define with a global variable which can
contain multiple levels.
0 - no logging
1 - only errors
2 - debug messages

The code is optimized away at load time.
@MatteoNardi MatteoNardi merged commit 807dd65 into main Jun 28, 2022
@banditopazzo banditopazzo deleted the process-tracker-refactor branch July 5, 2022 15:09
MatteoNardi added a commit that referenced this pull request Jul 12, 2022
The probe tutorial wasn't updated after the the aya refactor
in PR #5
@MatteoNardi MatteoNardi mentioned this pull request Jul 12, 2022
MatteoNardi added a commit that referenced this pull request Jul 12, 2022
The probe tutorial wasn't updated after the the aya refactor
in PR #5
MatteoNardi added a commit that referenced this pull request Jul 12, 2022
The probe tutorial wasn't updated after the the aya refactor
in PR #5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants