Skip to content

Commit

Permalink
Add support to dump processLRU
Browse files Browse the repository at this point in the history 
This patch adds support to print the contents of processLRU. This may be useful during debugging.

Example:

$ sudo ./tetra dump processlru
process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6MTow" pid:{} uid:{} binary:"<kernel>" flags:"procFS" start_time:{seconds:1710835735 nanos:594078504} auid:{} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MTow" tid:{}} color:"inUse" refcnt:{value:4} refcntOps:"{process++:1}|{parent++:3}"
process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6MTg5MTAwMDAwMDA6NTY0" pid:{value:564} uid:{} cwd:"/" binary:"/usr/bin/containerd" flags:"procFS auid rootcwd" start_time:{seconds:1710835754 nanos:504077933} auid:{value:4294967295} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjcwMDAwMDAwOjE=" tid:{value:564}} color:"inUse" refcnt:{value:1} refcntOps:"{process++:1}"
process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6MzE1MDAwMDAwMDoyMTU=" pid:{value:215} uid:{} cwd:"/" binary:"/usr/bin/udevadm" flags:"procFS auid rootcwd" start_time:{seconds:1710835738 nanos:744077948} auid:{value:4294967295} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjcwMDAwMDAwOjE=" tid:{value:215}} color:"inUse" refcnt:{value:1} refcntOps:"{process++:1}"
process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6NDA5NDAwMDAwMDA6MTE1Mw==" pid:{value:1153} uid:{} cwd:"/" binary:"/usr/sbin/agetty" arguments:"-o \"-p -- \\u\" --noclear - linux" flags:"procFS auid rootcwd" start_time:{seconds:1710835776 nanos:534077952} auid:{value:4294967295} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjcwMDAwMDAwOjE=" tid:{value:1153}} color:"inUse" refcnt:{value:1} refcntOps:"{process++:1}"
process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6NDEwMzAwMDAwMDA6MTE2MA==" pid:{value:1160} uid:{} cwd:"/" binary:"/usr/lib/systemd/systemd-logind" flags:"procFS auid rootcwd" start_time:{seconds:1710835776 nanos:624077943} auid:{value:4294967295} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjcwMDAwMDAwOjE=" tid:{value:1160}} color:"inUse" refcnt:{value:1} refcntOps:"{process++:1}"
[...]

We also provide "--skip-zero-refcnt" command line argument to print only the entries with refcnt not equals to zero.

$ sudo ./tetra dump processlru --skip-zero-refcnt
process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6MTUzMDAwMDAwMDoxNDI=" pid:{value:142} uid:{} binary:"[kworker/3:1H-kblockd]" flags:"procFS" start_time:{seconds:1710835737 nanos:124077925} auid:{value:4294967295} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjcwMDAwMDAwOjI=" tid:{value:142}} color:"inUse" refcnt:{value:1} refcntOps:"{process++:1}"
process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjY0NTQ5MjAwMDAwMDAwOjM5OTAzNg==" pid:{value:399036} uid:{} binary:"[kworker/4:1-rcu_gp]" flags:"procFS" start_time:{seconds:1711100284 nanos:794077928} auid:{value:4294967295} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjcwMDAwMDAwOjI=" tid:{value:399036}} color:"inUse" refcnt:{value:1} refcntOps:"{process++:1}"
process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6MzgwMDAwMDAwOjQ=" pid:{value:4} uid:{} binary:"[rcu_par_gp]" flags:"procFS" start_time:{seconds:1710835735 nanos:974077916} auid:{value:4294967295} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjcwMDAwMDAwOjI=" tid:{value:4}} color:"inUse" refcnt:{value:1} refcntOps:"{process++:1}"
process:{exec_id:"YXBhcGFnLXVidW50dS1kZXY6MzgwMDAwMDAwOjQw" pid:{value:40} uid:{} binary:"[ksoftirqd/4]" flags:"procFS" start_time:{seconds:1710835735 nanos:974077932} auid:{value:4294967295} parent_exec_id:"YXBhcGFnLXVidW50dS1kZXY6MjcwMDAwMDAwOjI=" tid:{value:40}} color:"inUse" refcnt:{value:1} refcntOps:"{process++:1}"
[...]

Signed-off-by: Anastasios Papagiannis <[email protected]>
  • Loading branch information
@tpapagian
tpapagian committed Mar 22, 2024
1 parent 67bdc67 commit ceb385b
Show file tree
Hide file tree
Showing 17 changed files with 1,141 additions and 276 deletions.
52 changes: 52 additions & 0 deletions api/v1/README.md
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

499 changes: 371 additions & 128 deletions api/v1/tetragon/sensors.pb.go
View file

Large diffs are not rendered by default.

48 changes: 48 additions & 0 deletions api/v1/tetragon/sensors.pb.json.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

19 changes: 19 additions & 0 deletions api/v1/tetragon/sensors.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,9 @@

syntax = "proto3";

import "google/protobuf/timestamp.proto";
import "google/protobuf/wrappers.proto";

package tetragon;

import "tetragon/tetragon.proto";
Expand Down Expand Up @@ -118,6 +121,20 @@ message GetVersionResponse{
string version = 1;
}

message ProcessInternal {
Process process = 1;
string color = 2;
google.protobuf.UInt32Value refcnt = 3;
string refcntOps = 4;
}

message DumpProcessLRURequest {
bool skipZeroRefCnt = 1;
}
message DumpProcessLRUResponse {
repeated ProcessInternal processes = 1;
}

service FineGuidanceSensors {
rpc GetEvents(GetEventsRequest) returns (stream GetEventsResponse) {}
rpc GetHealth(GetHealthStatusRequest) returns (GetHealthStatusResponse) {}
Expand All @@ -138,4 +155,6 @@ service FineGuidanceSensors {
rpc GetVersion(GetVersionRequest) returns (GetVersionResponse) {}

rpc RuntimeHook(RuntimeHookRequest) returns (RuntimeHookResponse) {}

rpc DumpProcessLRU(DumpProcessLRURequest) returns (DumpProcessLRUResponse) {}
}
37 changes: 37 additions & 0 deletions api/v1/tetragon/sensors_grpc.pb.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

29 changes: 29 additions & 0 deletions cmd/tetra/dump/dump.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,15 @@
package dump

import (
"context"
"fmt"
"path/filepath"
"strconv"
"strings"

"github.com/cilium/ebpf"
"github.com/cilium/tetragon/api/v1/tetragon"
"github.com/cilium/tetragon/cmd/tetra/common"
"github.com/cilium/tetragon/pkg/defaults"
"github.com/cilium/tetragon/pkg/logger"
"github.com/cilium/tetragon/pkg/policyfilter"
Expand All @@ -29,6 +32,7 @@ func New() *cobra.Command {
ret.AddCommand(
execveMapCmd(),
policyfilterCmd(),
dumpProcessLRU(),
)

return ret
Expand Down Expand Up @@ -101,6 +105,31 @@ func dumpExecveMap(fname string) {
}
}

func dumpProcessLRU() *cobra.Command {
skipZeroRefCnt := false
ret := &cobra.Command{
Use: "processlru",
Short: "dump processLRU cache",
Args: cobra.ExactArgs(0),
Run: func(_ *cobra.Command, _ []string) {
common.CliRun(func(ctx context.Context, cli tetragon.FineGuidanceSensorsClient) {
req := tetragon.DumpProcessLRURequest{
SkipZeroRefCnt: skipZeroRefCnt,
}
res, _ := cli.DumpProcessLRU(ctx, &req)
for _, p := range res.Processes {
fmt.Println(p)
}
})
},
}

flags := ret.Flags()
flags.BoolVar(&skipZeroRefCnt, "skip-zero-refcnt", skipZeroRefCnt, "skip entries with zero refcnt")

return ret
}

func PolicyfilterState(fname string) {
m, err := policyfilter.OpenMap(fname)
if err != nil {
Expand Down
4 changes: 4 additions & 0 deletions cmd/tetra/getevents/io_reader_client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,3 +132,7 @@ func (i *ioReaderClient) Recv() (*tetragon.GetEventsResponse, error) {
func (i *ioReaderClient) RuntimeHook(_ context.Context, _ *tetragon.RuntimeHookRequest, _ ...grpc.CallOption) (*tetragon.RuntimeHookResponse, error) {
panic("stub")
}

func (i *ioReaderClient) DumpProcessLRU(_ context.Context, _ *tetragon.DumpProcessLRURequest, _ ...grpc.CallOption) (*tetragon.DumpProcessLRUResponse, error) {
panic("stub")
}
28 changes: 28 additions & 0 deletions docs/content/en/docs/reference/grpc-api.md
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit ceb385b

Please sign in to comment.