1
// SPDX-License-Identifier: Apache-2.0
2
// Copyright Authors of Tetragon
9
"github.com/cilium/tetragon/pkg/logger"
10
"github.com/cilium/tetragon/pkg/policyfilter"
11
"github.com/cilium/tetragon/pkg/sensors/program"
12
"github.com/cilium/tetragon/pkg/sensors/program/cgroup"
13
"github.com/cilium/tetragon/pkg/tracingpolicy"
15
// load rthooks for policy filter
16
_ "github.com/cilium/tetragon/pkg/policyfilter/rthooks"
20
// AllPrograms are all the loaded programs. For use with Unload().
21
AllPrograms = []*program.Program{}
22
// AllMaps are all the loaded programs. For use with Unload().
23
AllMaps = []*program.Map{}
28
// Sensors are a mechanism for dynamically loading/unloading bpf programs.
29
// Contrarily to low-level facilities like kprobes, sensors are meant to be
30
// visible to end users who can enable/disable them.
32
// Sensor control operations are done in a separate goroutine which acts as a
33
// serialization point for concurrent client requests.
35
// Sensor is a set of BPF programs and maps that are managed as a unit.
37
// Name is a human-readbale description.
39
// Progs are all the BPF programs that exist on the filesystem.
40
Progs []*program.Program
41
// Maps are all the BPF Maps that the progs use.
43
// Loaded indicates whether the sensor has been Loaded.
45
// Destroyed indicates whether the sensor had been destroyed.
47
// PreUnloadHook can optionally contain a pointer to a function to be
48
// called during sensor unloading, prior to the programs and maps being
50
PreUnloadHook SensorHook
51
// PostUnloadHook can optionally contain a pointer to a function to be
52
// called during sensor unloading, after the programs and maps being
54
PostUnloadHook SensorHook
55
// DestroyHook can optionally contain a pointer to a function to be called
56
// when removing the sensor, sensor cannot be loaded again after this hook
57
// being triggered and must be recreated.
58
DestroyHook SensorHook
61
// SensorIface is an interface for sensors.Sensor that allows implementing sensors for testing.
62
type SensorIface interface {
65
Load(bpfDir string) error
70
func (s *Sensor) GetName() string {
74
func (s *Sensor) IsLoaded() bool {
78
// SensorHook is the function signature for an optional function
79
// that can be called during sensor unloading and removing.
80
type SensorHook func() error
82
func SensorCombine(name string, sensors ...*Sensor) *Sensor {
83
progs := []*program.Program{}
84
maps := []*program.Map{}
85
for _, s := range sensors {
86
progs = append(progs, s.Progs...)
87
maps = append(maps, s.Maps...)
89
return SensorBuilder(name, progs, maps)
92
func SensorBuilder(name string, p []*program.Program, m []*program.Map) *Sensor {
100
type policyHandler interface {
101
// PolicyHandler returns a Sensor for a given policy
102
// sensors that support policyfilter can use the filterID to implement filtering.
103
// sensors that do not support policyfilter need to return an error if filterID != policyfilter.NoFilterID
104
PolicyHandler(policy tracingpolicy.TracingPolicy, filterID policyfilter.PolicyID) (SensorIface, error)
107
type probeLoader interface {
108
LoadProbe(args LoadProbeArgs) error
112
// list of registered policy handlers, see RegisterPolicyHandlerAtInit()
113
registeredPolicyHandlers = map[string]policyHandler{}
114
// list of registers loaders, see registerProbeType()
115
registeredProbeLoad = map[string]probeLoader{}
116
standardTypes = map[string]func(string, *program.Program, int) error{
117
"tracepoint": program.LoadTracepointProgram,
118
"raw_tracepoint": program.LoadRawTracepointProgram,
119
"raw_tp": program.LoadRawTracepointProgram,
120
"cgrp_socket": cgroup.LoadCgroupProgram,
121
"kprobe": program.LoadKprobeProgram,
125
// RegisterPolicyHandlerAtInit registers a handler for a tracing policy.
126
func RegisterPolicyHandlerAtInit(name string, h policyHandler) {
127
if _, exists := registeredPolicyHandlers[name]; exists {
128
panic(fmt.Sprintf("RegisterPolicyHandlerAtInit called, but %s is already registered", name))
130
registeredPolicyHandlers[name] = h
133
// RegisterProbeType registers a handler for a probe type string
135
// This function is meant to be called in an init() by sensors that
136
// need extra logic when loading a specific probe type.
137
func RegisterProbeType(probeType string, s probeLoader) {
138
logger.GetLogger().WithField("probeType", probeType).WithField("sensors", s).Debug("Registered probe type")
139
if _, exists := registeredProbeLoad[probeType]; exists {
140
panic(fmt.Sprintf("RegisterProbeType called, but %s is already registered", probeType))
142
registeredProbeLoad[probeType] = s
145
// LoadProbeArgs are the args to the LoadProbe function.
146
type LoadProbeArgs struct {
148
Load *program.Program
152
func GetMergedSensorFromParserPolicy(tp tracingpolicy.TracingPolicy) (SensorIface, error) {
153
// NB: use a filter id of 0, so no filtering will happen
154
sis, err := SensorsFromPolicy(tp, policyfilter.NoFilterID)
158
sensors := make([]*Sensor, 0, len(sis))
159
for _, si := range sis {
160
s, ok := si.(*Sensor)
162
return nil, fmt.Errorf("cannot merge sensor of type %T", si)
164
sensors = append(sensors, s)
167
return SensorCombine(tp.TpName(), sensors...), nil