Skip to content

Commit

Permalink
pkg/sensors: test kernel memory stat with disabling/enabling policy
Browse files Browse the repository at this point in the history
This adds a high level tests making sure that the kernel memory bytes
stat is working and that disabling/enabling a policy should do what
expected with regard to kernel memory usage.

Signed-off-by: Mahe Tardy <[email protected]>
  • Loading branch information
mtardy committed Oct 24, 2024
1 parent 431a3fe commit 5d390cb
Showing 1 changed file with 80 additions and 26 deletions.
106 changes: 80 additions & 26 deletions pkg/sensors/tracing/generickprobe_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,15 @@ import (
"testing"
"time"

"github.com/cilium/tetragon/api/v1/tetragon"
"github.com/cilium/tetragon/pkg/bpf"
"github.com/cilium/tetragon/pkg/idtable"
"github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1"
"github.com/cilium/tetragon/pkg/sensors"
"github.com/cilium/tetragon/pkg/sensors/base"
tus "github.com/cilium/tetragon/pkg/testutils/sensors"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

Expand Down Expand Up @@ -114,10 +116,29 @@ func Test_SensorDestroyHook(t *testing.T) {
}
}

// Test_Kprobe_DisableEnablePolicy tests that disabling and enabling a tracing
const (
tcpConnectPolicyName = "test"
tcpConnectPolicyNamespace = ""
)

var tcpConnectPolicy = v1alpha1.TracingPolicy{
ObjectMeta: v1.ObjectMeta{
Name: tcpConnectPolicyName,
},
Spec: v1alpha1.TracingPolicySpec{
KProbes: []v1alpha1.KProbeSpec{
{
Call: "tcp_connect",
Syscall: false,
},
},
},
}

// Test_DisableEnablePolicy_Kprobe tests that disabling and enabling a tracing
// policy containing a kprobe works. This is following a regression:
// https://github.com/cilium/tetragon/issues/1489
func Test_Kprobe_DisableEnablePolicy(t *testing.T) {
func Test_DisableEnablePolicy_Kprobe(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel()

Expand All @@ -131,47 +152,80 @@ func Test_Kprobe_DisableEnablePolicy(t *testing.T) {
}
})

const policyName = "test"
const policyNamespace = ""
policy := v1alpha1.TracingPolicy{
ObjectMeta: v1.ObjectMeta{
Name: policyName,
},
Spec: v1alpha1.TracingPolicySpec{
KProbes: []v1alpha1.KProbeSpec{
{
Call: "tcp_connect",
Syscall: false,
},
},
},
}

t.Run("sensor", func(t *testing.T) {
err = mgr.AddTracingPolicy(ctx, &policy)
err = mgr.AddTracingPolicy(ctx, &tcpConnectPolicy)
assert.NoError(t, err)
t.Cleanup(func() {
err = mgr.DeleteTracingPolicy(ctx, policyName, policyNamespace)
err = mgr.DeleteTracingPolicy(ctx, tcpConnectPolicyName, tcpConnectPolicyNamespace)
assert.NoError(t, err)
})

err = mgr.DisableSensor(ctx, policyName)
err = mgr.DisableSensor(ctx, tcpConnectPolicyName)
assert.NoError(t, err)
err = mgr.EnableSensor(ctx, policyName)
err = mgr.EnableSensor(ctx, tcpConnectPolicyName)
assert.NoError(t, err)
})

t.Run("tracing-policy", func(t *testing.T) {
err = mgr.AddTracingPolicy(ctx, &policy)
err = mgr.AddTracingPolicy(ctx, &tcpConnectPolicy)
assert.NoError(t, err)
t.Cleanup(func() {
err = mgr.DeleteTracingPolicy(ctx, policyName, policy.Namespace)
err = mgr.DeleteTracingPolicy(ctx, tcpConnectPolicyName, tcpConnectPolicyNamespace)
assert.NoError(t, err)
})

err = mgr.DisableTracingPolicy(ctx, policyName, policyNamespace)
err = mgr.DisableTracingPolicy(ctx, tcpConnectPolicyName, tcpConnectPolicyNamespace)
assert.NoError(t, err)
err = mgr.EnableTracingPolicy(ctx, policyName, policyNamespace)
err = mgr.EnableTracingPolicy(ctx, tcpConnectPolicyName, tcpConnectPolicyNamespace)
assert.NoError(t, err)
})
}

// Test_DisableEnablePolicy_KernelMemoryBytes first check that disabling and
// enabling a policy works and then verifies that the kernel memory bytes for a
// loaded policy is non-zero, and that for a disabled policy it's zero.
func Test_DisableEnablePolicy_KernelMemoryBytes(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel()

tus.LoadSensor(t, base.GetInitialSensor())
path := bpf.MapPrefixPath()
mgr, err := sensors.StartSensorManager(path, nil)
require.NoError(t, err)
t.Cleanup(func() {
if err := mgr.StopSensorManager(ctx); err != nil {
t.Fatal("failed to stop sensor manager")
}
})

err = mgr.AddTracingPolicy(ctx, &tcpConnectPolicy)
require.NoError(t, err)
t.Cleanup(func() {
err = mgr.DeleteTracingPolicy(ctx, tcpConnectPolicyName, tcpConnectPolicyNamespace)
assert.NoError(t, err)
})

list, err := mgr.ListTracingPolicies(ctx)
require.NoError(t, err)
require.Len(t, list.Policies, 1)
assert.Equal(t, tetragon.TracingPolicyState_TP_STATE_ENABLED, list.Policies[0].State)
assert.NotZero(t, list.Policies[0].KernelMemoryBytes)

err = mgr.DisableTracingPolicy(ctx, tcpConnectPolicyName, tcpConnectPolicyNamespace)
require.NoError(t, err)

list, err = mgr.ListTracingPolicies(ctx)
require.NoError(t, err)
require.Len(t, list.Policies, 1)
assert.Equal(t, tetragon.TracingPolicyState_TP_STATE_DISABLED, list.Policies[0].State)
assert.Zero(t, list.Policies[0].KernelMemoryBytes)

err = mgr.EnableTracingPolicy(ctx, tcpConnectPolicyName, tcpConnectPolicyNamespace)
require.NoError(t, err)

list, err = mgr.ListTracingPolicies(ctx)
require.NoError(t, err)
require.Len(t, list.Policies, 1)
assert.Equal(t, tetragon.TracingPolicyState_TP_STATE_ENABLED, list.Policies[0].State)
assert.NotZero(t, list.Policies[0].KernelMemoryBytes)
}

0 comments on commit 5d390cb

Please sign in to comment.