Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bring CO-RE into this project #44

Closed
3 tasks done
Tracked by #37
wunder957 opened this issue Sep 8, 2023 · 0 comments · Fixed by #57
Closed
3 tasks done
Tracked by #37

Bring CO-RE into this project #44

wunder957 opened this issue Sep 8, 2023 · 0 comments · Fixed by #57
Assignees
@wunder957
Labels
documentation Improvements or additions to documentation enhancement New feature or request
Milestone
v1.0.0

Comments

@wunder957
Copy link
Contributor

wunder957 commented Sep 8, 2023
edited
Loading

🚅Search before asking

I have searched for issues similar to this one.

🚅Description

As bcc is not a CO-RE framework of eBPF, we need to rely on other framework like libbpf, aya-rs, cilium/ebpf, which are not written in Python. On the other hand, there may be other, non-eBPF, tracing programs that run as separate processes.

🏕Solution(optional)

I think we can introduce a set of mechanisms for sub-processes as a way to achieve integration with other detectors.

Note that we have currently implemented monitor for shell command called ShMonitor and a process daemon Daemon.

🍰Detail(optional)

We still have the following to move forward:

  • Designing protocols to interact with processes(Basiclly stdout)
  • Implement a buffered subprocess monitor according to the protocol, mostly SubprocessMonitor
  • Provide integration method, mostly SubprocessTracer class

Not sure this is beneficial or could benefit from #25.

🍰Example(optional)

See draft: #44
@wunder957 wunder957 added enhancement New feature or request help wanted Extra attention is needed labels Sep 8, 2023
@wunder957 wunder957 added this to the v1.0.0 milestone Sep 8, 2023
@wunder957 wunder957 mentioned this issue Sep 13, 2023
Merged
@wunder957 wunder957 added good first issue Good for newcomers GFI:Medium Difficulty label: Medium for good first issue labels Sep 17, 2023
This was referenced Sep 19, 2023
Closed
Closed
@wunder957 wunder957 added documentation Improvements or additions to documentation and removed good first issue Good for newcomers help wanted Extra attention is needed GFI:Medium Difficulty label: Medium for good first issue labels Sep 21, 2023
@wunder957 wunder957 self-assigned this Sep 21, 2023
@wunder957 wunder957 mentioned this issue Sep 27, 2023
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wunder957 wunder957

Labels
documentation Improvements or additions to documentation enhancement New feature or request
Projects
None yet
Milestone
v1.0.0
Development

Successfully merging a pull request may close this issue.

Support SubprocessMonitor hitsz-ids/duetector
1 participant
@wunder957