-
Notifications
You must be signed in to change notification settings - Fork 348
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Backports/v1.0/1762 #1763
Merged
Merged
Backports/v1.0/1762 #1763
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
willfindlay
added
the
release-note/bug
This PR fixes an issue in a previous release of Tetragon.
label
Nov 16, 2023
Signed-off-by: William Findlay <will@isovalent.com>
[upstream commit b9c2f08] These don't work the same as our other filter types, so having everything under the filters package doesn't really make sense. Split field filters out into their own package. Signed-off-by: William Findlay <will@isovalent.com>
[upstream commit 9150906] Signed-off-by: William Findlay <will@isovalent.com>
[upstream commit f4b30e6] Signed-off-by: William Findlay <will@isovalent.com>
[upstream commit 08a7d91] We had a bug in our implementatation for fixing up snake_case names in field filter definitions when field filters were defined on multiple lines. Fix the issue by using a decoder instead of trying to unmarshal the entire string. Signed-off-by: William Findlay <will@isovalent.com>
[upstream commit 19b2000] Our previous implementation of field filters relied on creating a deep copy of the event before filtering, because otherwise clearing important fields could lead to segmentation faults due to the way we cache process information or cause filters to interfere with each other under multiple concurrent GetEventsRequests. Creating the deep copy fixed the above issues, but absolutely killed performance. This patch introduces a new implementation that lazily copies fields into a new protobuf message only when they "pass" the filter. The result is a near zero-overhead field filter implementation that actually significantly improves performance over the base case when filtering many fields. The following is output from the benchmark. Serialize is the base case with no filtering while DeepCopy roughly approximates our old implementation. The new implementation is nearly zero overhead in the worst case and performs significantly better when filtering lots of fields since we save significant cycles on JSON serialization. ❯ go test -seed 7996182721713197025 -bench=. -benchtime=20000x goos: linux goarch: amd64 pkg: github.com/cilium/tetragon/pkg/fieldfilters cpu: 12th Gen Intel(R) Core(TM) i9-12900K BenchmarkSerialize-24 20000 57269 ns/op --- BENCH: BenchmarkSerialize-24 benchmark_test.go:56: configured random event generator (seed=7996182721713197025) benchmark_test.go:56: configured random event generator (seed=7996182721713197025) BenchmarkSerialize_DeepCopy-24 20000 67012 ns/op --- BENCH: BenchmarkSerialize_DeepCopy-24 benchmark_test.go:56: configured random event generator (seed=7996182721713197025) benchmark_test.go:56: configured random event generator (seed=7996182721713197025) BenchmarkSerialize_DeepCopyProcess-24 20000 61535 ns/op --- BENCH: BenchmarkSerialize_DeepCopyProcess-24 benchmark_test.go:56: configured random event generator (seed=7996182721713197025) benchmark_test.go:56: configured random event generator (seed=7996182721713197025) BenchmarkSerialize_FieldFilters-24 20000 57372 ns/op --- BENCH: BenchmarkSerialize_FieldFilters-24 benchmark_test.go:56: configured random event generator (seed=7996182721713197025) benchmark_test.go:56: configured random event generator (seed=7996182721713197025) BenchmarkSerialize_FieldFilters_NoProcessInfo-24 20000 26625 ns/op --- BENCH: BenchmarkSerialize_FieldFilters_NoProcessInfo-24 benchmark_test.go:56: configured random event generator (seed=7996182721713197025) benchmark_test.go:56: configured random event generator (seed=7996182721713197025) BenchmarkSerialize_FieldFilters_NoProcesInfoKeepExecid-24 20000 36356 ns/op --- BENCH: BenchmarkSerialize_FieldFilters_NoProcesInfoKeepExecid-24 benchmark_test.go:56: configured random event generator (seed=7996182721713197025) benchmark_test.go:56: configured random event generator (seed=7996182721713197025) PASS ok github.com/cilium/tetragon/pkg/fieldfilters 19.345s Signed-off-by: William Findlay <will@isovalent.com>
willfindlay
force-pushed
the
backports/v1.0/1762
branch
from
November 16, 2023 21:56
b3ed43c
to
bd2788c
Compare
willfindlay
requested review from
kevsecurity
and removed request for
a team
November 16, 2023 22:04
jrfastab
approved these changes
Nov 16, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport of #1762