Fix http evaluation by map #635
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Afek Berger <[email protected]>
Signed-off-by: Afek Berger <[email protected]>
Signed-off-by: Afek Berger <[email protected]>
Signed-off-by: Afek Berger <[email protected]>
Signed-off-by: Afek Berger <[email protected]>
…by-map Signed-off-by: Afek Berger <[email protected]>
|
Summary:
|
matthyx
added a commit
that referenced
this pull request
Dec 18, 2025
* added interfaces for rule manager refactor Signed-off-by: Afek Berger <[email protected]> * added structure Signed-off-by: Afek Berger <[email protected]> * added profile validator Signed-off-by: Afek Berger <[email protected]> * added v1 Signed-off-by: Afek Berger <[email protected]> * added profile validators Signed-off-by: Afek Berger <[email protected]> * go mod tidy Signed-off-by: Amit Schendel <[email protected]> * Adding base helpers pkg Signed-off-by: Amit Schendel <[email protected]> * added rule failure creator and changed rule_manager logic Signed-off-by: Afek Berger <[email protected]> * Adding lib Signed-off-by: Amit Schendel <[email protected]> * Caching programs Signed-off-by: Amit Schendel <[email protected]> * integrate new rule manager Signed-off-by: Afek Berger <[email protected]> * Resolving conflicts Signed-off-by: Amit Schendel <[email protected]> * Adding crd Signed-off-by: Amit Schendel <[email protected]> * Dev/rre (#594) * go mod tidy Signed-off-by: Amit Schendel <[email protected]> * Adding base helpers pkg Signed-off-by: Amit Schendel <[email protected]> * Adding lib Signed-off-by: Amit Schendel <[email protected]> * Caching programs Signed-off-by: Amit Schendel <[email protected]> * Resolving conflicts Signed-off-by: Amit Schendel <[email protected]> * Adding crd Signed-off-by: Amit Schendel <[email protected]> --------- Signed-off-by: Amit Schendel <[email protected]> Signed-off-by: Amit Schendel <[email protected]> * organized imports Signed-off-by: Afek Berger <[email protected]> * added watcher & tests Signed-off-by: Afek Berger <[email protected]> * added watcher and integration with binding Signed-off-by: Afek Berger <[email protected]> * Changing types Signed-off-by: Amit Schendel <[email protected]> * Defining types Signed-off-by: Amit Schendel <[email protected]> * Fixing code Signed-off-by: Amit Schendel <[email protected]> * merged Signed-off-by: Afek Berger <[email protected]> * fixed container name Signed-off-by: Afek Berger <[email protected]> * separated mock Signed-off-by: Afek Berger <[email protected]> * fixed watcher & create event with check struct Signed-off-by: Afek Berger <[email protected]> * Changing event Signed-off-by: Amit Schendel <[email protected]> * Updating code Signed-off-by: Amit Schendel <[email protected]> * modify cel arguments & events check struct Signed-off-by: Afek Berger <[email protected]> * Adding some code Signed-off-by: Amit Schendel <[email protected]> * Adding opt Signed-off-by: Amit Schendel <[email protected]> * Adding fixed code Signed-off-by: Amit Schendel <[email protected]> * Fixing nested event check Signed-off-by: Amit Schendel <[email protected]> * Updating struct to support list of rules Signed-off-by: Amit Schendel <[email protected]> * updated rule struct Signed-off-by: Afek Berger <[email protected]> * removed logs and fixed nil Signed-off-by: Afek Berger <[email protected]> * set process tree correctly Signed-off-by: Afek Berger <[email protected]> * added ap library Signed-off-by: Afek Berger <[email protected]> * added exec libraries Signed-off-by: Afek Berger <[email protected]> * added open library functions Signed-off-by: Afek Berger <[email protected]> * added ap syscall & capability libs Signed-off-by: Afek Berger <[email protected]> * added network functions Signed-off-by: Afek Berger <[email protected]> * added network functions Signed-off-by: Afek Berger <[email protected]> * implement interface Signed-off-by: Afek Berger <[email protected]> * Doing some cleanups Signed-off-by: Amit Schendel <[email protected]> * Changing event serialize interface Signed-off-by: Amit Schendel <[email protected]> * Adding extra check for deprecated field Signed-off-by: Amit Schendel <[email protected]> * Adding api server helper Signed-off-by: Amit Schendel <[email protected]> * Adding validation for event type Signed-off-by: Amit Schendel <[email protected]> * added profile metadata Signed-off-by: Afek Berger <[email protected]> * added cache for cel profile checks libraries Signed-off-by: Afek Berger <[email protected]> * added cache config Signed-off-by: Afek Berger <[email protected]> * reorganized cel libraries structure Signed-off-by: Afek Berger <[email protected]> * added parse lib and moved k8s lib Signed-off-by: Afek Berger <[email protected]> * added net library Signed-off-by: Afek Berger <[email protected]> * added network helper functions Signed-off-by: Afek Berger <[email protected]> * removed cache for k8s and parse functions Signed-off-by: Afek Berger <[email protected]> * added support for rule policy Signed-off-by: Afek Berger <[email protected]> * set wlid details Signed-off-by: Afek Berger <[email protected]> * added strings model Signed-off-by: Afek Berger <[email protected]> * removed profile validator & fixed rule policy logic Signed-off-by: Afek Berger <[email protected]> * hash unique id Signed-off-by: Afek Berger <[email protected]> * added mock & fixed rule cooldown Signed-off-by: Afek Berger <[email protected]> * remove log Signed-off-by: Afek Berger <[email protected]> * added process lib and get container by name Signed-off-by: Afek Berger <[email protected]> * added process lib Signed-off-by: Afek Berger <[email protected]> * fixed rules Signed-off-by: Afek Berger <[email protected]> * Updating chart Signed-off-by: Amit Schendel <[email protected]> * Adding rules Signed-off-by: Amit Schendel <[email protected]> * Removing old interface Signed-off-by: Amit Schendel <[email protected]> * fixed rule cooldown Signed-off-by: Afek Berger <[email protected]> * added logs and reduced cachee Signed-off-by: Afek Berger <[email protected]> * fixed get container by name Signed-off-by: Afek Berger <[email protected]> * bump rules Signed-off-by: Afek Berger <[email protected]> * Feature/cpu (#602) * Fixing serialize Signed-off-by: Amit Schendel <[email protected]> * go mod tidy Signed-off-by: Amit Schendel <[email protected]> * Updating rulles Signed-off-by: Amit Schendel <[email protected]> * Adding new rules Signed-off-by: Amit Schendel <[email protected]> --------- Signed-off-by: Amit Schendel <[email protected]> Signed-off-by: Amit Schendel <[email protected]> * added rule adapters Signed-off-by: Afek Berger <[email protected]> * added tomap to rule adapters and event as cel Signed-off-by: Afek Berger <[email protected]> * update rules Signed-off-by: Afek Berger <[email protected]> * fixed config Signed-off-by: Afek Berger <[email protected]> * remove comments Signed-off-by: Afek Berger <[email protected]> * added third party tracers initialzation Signed-off-by: Afek Berger <[email protected]> * use ResultCallBack Signed-off-by: Afek Berger <[email protected]> * fixed tests Signed-off-by: Afek Berger <[email protected]> * rule adapters as argument Signed-off-by: Afek Berger <[email protected]> * fixed deadlock bug Signed-off-by: Afek Berger <[email protected]> * initialize cel from outside Signed-off-by: Afek Berger <[email protected]> * set http rule alert Signed-off-by: Afek Berger <[email protected]> * Feature/cel efficiency (#623) * added efficency Signed-off-by: Afek Berger <[email protected]> * drop reflect Signed-off-by: Afek Berger <[email protected]> * more efficieny maps Signed-off-by: Afek Berger <[email protected]> --------- Signed-off-by: Afek Berger <[email protected]> * added a comment regarding 3rd party tracers Signed-off-by: Afek Berger <[email protected]> * Perf enhancements (#624) * Adding New methods Signed-off-by: Amit Schendel <[email protected]> * Adding perf enhancments Signed-off-by: Amit Schendel <[email protected]> --------- Signed-off-by: Amit Schendel <[email protected]> * Adding metrics and cooldown check (#628) * Adding metrics and cooldown check Signed-off-by: Amit Schendel <[email protected]> * Moving rule cooldown check to be before rule evaluation Signed-off-by: Amit Schendel <[email protected]> * Revert Signed-off-by: Amit Schendel <[email protected]> --------- Signed-off-by: Amit Schendel <[email protected]> * CEL evaluate native types with xcel (#621) * CEL evaluate native types with xcel Signed-off-by: Matthias Bertschy <[email protected]> * CEL evaluate native types with xcel Signed-off-by: Matthias Bertschy <[email protected]> * Adding new rules Signed-off-by: Amit Schendel <[email protected]> * Removing logs Signed-off-by: Amit Schendel <[email protected]> --------- Signed-off-by: Matthias Bertschy <[email protected]> Signed-off-by: Amit Schendel <[email protected]> Co-authored-by: Amit Schendel <[email protected]> * Updating rule struct with AgentVersionRequirement Signed-off-by: Amit Schendel <[email protected]> * Adding semver for rules (#631) Signed-off-by: Amit Schendel <[email protected]> * added extra to rule failure (#632) Signed-off-by: Afek Berger <[email protected]> * ignore rulebinding configurable (#629) Signed-off-by: Afek Berger <[email protected]> * http evaluation by map (#633) * http evaluation by map Signed-off-by: Afek Berger <[email protected]> * added event type Signed-off-by: Afek Berger <[email protected]> * return err instead of logs Signed-off-by: Afek Berger <[email protected]> --------- Signed-off-by: Afek Berger <[email protected]> * Adding option to register custom types (#634) Signed-off-by: Amit Schendel <[email protected]> * Fix http evaluation by map (#635) * http evaluation by map Signed-off-by: Afek Berger <[email protected]> * added event type Signed-off-by: Afek Berger <[email protected]> * return err instead of logs Signed-off-by: Afek Berger <[email protected]> * support ToMap for http Signed-off-by: Afek Berger <[email protected]> * unique id & message for http Signed-off-by: Afek Berger <[email protected]> --------- Signed-off-by: Afek Berger <[email protected]> * added error log on enrichment Signed-off-by: Afek Berger <[email protected]> * added rule policy test Signed-off-by: Afek Berger <[email protected]> * added event type Signed-off-by: Afek Berger <[email protected]> * Removing log Signed-off-by: Amit Schendel <[email protected]> * Fix custom type registration Signed-off-by: Amit Schendel <[email protected]> * Bumping to go 1.25 Signed-off-by: Amit Schendel <[email protected]> * added container receivers Signed-off-by: Afek Berger <[email protected]> * updated rule names Signed-off-by: Afek Berger <[email protected]> * Fixing Identifiers of http Signed-off-by: Amit Schendel <[email protected]> * add RuleManagerMock Signed-off-by: Matthias Bertschy <[email protected]> * Adding http profile checks Signed-off-by: Amit Schendel <[email protected]> * Adding host check for http Signed-off-by: Amit Schendel <[email protected]> * refactor: update tracer configuration to use typed config parameters Signed-off-by: Matthias Bertschy <[email protected]> * add nil check for config.Exporters.HTTPExporterConfig Signed-off-by: Matthias Bertschy <[email protected]> * don't start nodeprofilemanager without an http exported config Signed-off-by: Matthias Bertschy <[email protected]> * Switch to image-based gadgets (#650) * bump inspektor gadget Signed-off-by: Matthias Bertschy <[email protected]> * cleaning up code Signed-off-by: Matthias Bertschy <[email protected]> * add open tracer Signed-off-by: Matthias Bertschy <[email protected]> * wip add other tracers Signed-off-by: Matthias Bertschy <[email protected]> * add CEL accessors Signed-off-by: Matthias Bertschy <[email protected]> * Fixing dns tracer (#653) Signed-off-by: Amit Schendel <[email protected]> * bump ig to v0.45.0 Signed-off-by: Matthias Bertschy <[email protected]> * fix sbom_manager with sqlite import Signed-off-by: Matthias Bertschy <[email protected]> * refactor interfaces and CEL accessors Signed-off-by: Matthias Bertschy <[email protected]> * Adding initial eBPF refactor Signed-off-by: Amit Schendel <[email protected]> * add Makefile target for tracers.tar Signed-off-by: Matthias Bertschy <[email protected]> * enable our tracers Signed-off-by: Matthias Bertschy <[email protected]> * Adding http eBPF image based Signed-off-by: Amit Schendel <[email protected]> * Adding randmox refactor Signed-off-by: Amit Schendel <[email protected]> * plug http and randomx tracers Signed-off-by: Matthias Bertschy <[email protected]> * Adding network gadget Signed-off-by: Amit Schendel <[email protected]> * Adding network tracer to Makefile Signed-off-by: Amit Schendel <[email protected]> * use network tracer instead of trace_tcp Signed-off-by: Matthias Bertschy <[email protected]> * removing GetPort in favor of GetDstPort Signed-off-by: Matthias Bertschy <[email protected]> * enable paths option in dns and exec tracers Signed-off-by: Matthias Bertschy <[email protected]> * add missing datasource accessors Signed-off-by: Matthias Bertschy <[email protected]> * remove full path from open events Signed-off-by: Matthias Bertschy <[email protected]> * Switching map type to LRU Signed-off-by: Amit Schendel <[email protected]> * Fixing make file Signed-off-by: Amit Schendel <[email protected]> * Adding new rules Signed-off-by: Amit Schendel <[email protected]> * Fixing CI Signed-off-by: Amit Schendel <[email protected]> * Fixing make file Signed-off-by: Amit Schendel <[email protected]> * Update socket enricher initialization to set parameters for cwd and exepath Signed-off-by: Matthias Bertschy <[email protected]> * enable io-uring tracer Signed-off-by: Matthias Bertschy <[email protected]> * check for nils in datasource, add logs for unimplemented Signed-off-by: Matthias Bertschy <[email protected]> * enable procfs tracer Signed-off-by: Matthias Bertschy <[email protected]> * add debug logs for events Signed-off-by: Matthias Bertschy <[email protected]> * remove EverythingEvent for strict interface safety Signed-off-by: Matthias Bertschy <[email protected]> * add missing bindings Signed-off-by: Matthias Bertschy <[email protected]> * Commenting out json format Signed-off-by: Amit Schendel <[email protected]> * Fixing potential panic Signed-off-by: Amit Schendel <[email protected]> * Fixing nil deref Signed-off-by: Amit Schendel <[email protected]> * Fixing comm access Signed-off-by: Amit Schendel <[email protected]> * Adding dns proto Signed-off-by: Amit Schendel <[email protected]> * Removing proto Signed-off-by: Amit Schendel <[email protected]> * Adding protocol translation Signed-off-by: Amit Schendel <[email protected]> * Adding more fixes Signed-off-by: Amit Schendel <[email protected]> * Removing ip raw translation Signed-off-by: Amit Schendel <[email protected]> * Removing the bpf_htonl call to maintain the network byte order Signed-off-by: Amit Schendel <[email protected]> * Removing bpf_htonl Signed-off-by: Amit Schendel <[email protected]> * handle exit events, replicate datasource changes to struct event Signed-off-by: Matthias Bertschy <[email protected]> * Switching to CamelCase Signed-off-by: Amit Schendel <[email protected]> * Removing enum of event types Signed-off-by: Amit Schendel <[email protected]> * trigger one callback call for each syscall in event Signed-off-by: Matthias Bertschy <[email protected]> * Adding annotations for struct event Signed-off-by: Amit Schendel <[email protected]> * use IG patch for wrong container attribution of events Signed-off-by: Matthias Bertschy <[email protected]> * update rules Signed-off-by: Matthias Bertschy <[email protected]> * update rules Signed-off-by: Matthias Bertschy <[email protected]> * use IG patch for wrong container attribution of events Signed-off-by: Matthias Bertschy <[email protected]> * Adding some logs Signed-off-by: Amit Schendel <[email protected]> * Fixing buffer Signed-off-by: Amit Schendel <[email protected]> * Adding some fixes Signed-off-by: Amit Schendel <[email protected]> * Fixing http Signed-off-by: Amit Schendel <[email protected]> * Pushing some debug loogs Signed-off-by: Amit Schendel <[email protected]> * complain when containerID is empty Signed-off-by: Matthias Bertschy <[email protected]> * fix http event enrichment Signed-off-by: Matthias Bertschy <[email protected]> * Fixing types Signed-off-by: Amit Schendel <[email protected]> * Adding upper layer event types Signed-off-by: Amit Schendel <[email protected]> * Doing some fixes in field access of fork events Signed-off-by: Amit Schendel <[email protected]> * Fixing pid Signed-off-by: Amit Schendel <[email protected]> * comment out missing fields in syscall events Signed-off-by: Matthias Bertschy <[email protected]> * enabling again all rules Signed-off-by: Matthias Bertschy <[email protected]> * Removing old eBPF infra Signed-off-by: Amit Schendel <[email protected]> * use container name as comm for syscall events Signed-off-by: Matthias Bertschy <[email protected]> * Switching to uint32_t Signed-off-by: Amit Schendel <[email protected]> * add info log for syscall fields override Signed-off-by: Matthias Bertschy <[email protected]> * getting rid of GetCommFromEvent Signed-off-by: Matthias Bertschy <[email protected]> * add log for syscall reporting Signed-off-by: Matthias Bertschy <[email protected]> * add log for syscall reporting Signed-off-by: Matthias Bertschy <[email protected]> * Adding gadgets Signed-off-by: Amit Schendel <[email protected]> * add log for syscall reporting Signed-off-by: Matthias Bertschy <[email protected]> * disambiguate child and parent pid for fork events Signed-off-by: Matthias Bertschy <[email protected]> * do not fail test if PrintAppLogs finds no pod Signed-off-by: Matthias Bertschy <[email protected]> * fix syscall callbacks by using new events Signed-off-by: Matthias Bertschy <[email protected]> * adding logs for processtree test Signed-off-by: Matthias Bertschy <[email protected]> * Removing event from stdout and http logs Signed-off-by: Amit Schendel <[email protected]> * Adding tracers Signed-off-by: Amit Schendel <[email protected]> * Adding new rules Signed-off-by: Amit Schendel <[email protected]> * Adding new exit fields Signed-off-by: Amit Schendel <[email protected]> * add log for exec event Signed-off-by: Matthias Bertschy <[email protected]> * Adding some types Signed-off-by: Amit Schendel <[email protected]> * Adding buffer for container eol notifications Signed-off-by: Amit Schendel <[email protected]> * Fixing config test Signed-off-by: Amit Schendel <[email protected]> * print logs of process-tree pod after test 24 Signed-off-by: Matthias Bertschy <[email protected]> * increase waiting time for alerts Signed-off-by: Matthias Bertschy <[email protected]> * increase map-fetch-interval for syscall tracer Signed-off-by: Matthias Bertschy <[email protected]> * refactor: update process event handling and clean up unused methods Signed-off-by: Matthias Bertschy <[email protected]> * try to avoid race in AlertManagerExporter Signed-off-by: Matthias Bertschy <[email protected]> * Fixing mntnsid Signed-off-by: Amit Schendel <[email protected]> * Fixing args extraction Signed-off-by: Amit Schendel <[email protected]> * Adding small fixes for process tree Signed-off-by: Amit Schendel <[email protected]> * Adding check for empty comm Signed-off-by: Amit Schendel <[email protected]> * add log to AddEventDirect Signed-off-by: Matthias Bertschy <[email protected]> * print bogus events Signed-off-by: Matthias Bertschy <[email protected]> * Fixing timestamp of ebpf Signed-off-by: Amit Schendel <[email protected]> * add process tree logs Signed-off-by: Matthias Bertschy <[email protected]> * deep copy data before creating a DatasourceEvent Signed-off-by: Matthias Bertschy <[email protected]> * Adding fields Signed-off-by: Amit Schendel <[email protected]> * wip add missing getPID for call stack Signed-off-by: Matthias Bertschy <[email protected]> * add missing getPID for call stack Signed-off-by: Matthias Bertschy <[email protected]> * fixing some of the TODOs Signed-off-by: Matthias Bertschy <[email protected]> * fixing more TODOs Signed-off-by: Matthias Bertschy <[email protected]> * add fields test for syscall tracer Signed-off-by: Matthias Bertschy <[email protected]> * add nil check for config.Exporters.HTTPExporterConfig Signed-off-by: Matthias Bertschy <[email protected]> * disable syscall_test.go Signed-off-by: Matthias Bertschy <[email protected]> * add all field tests Signed-off-by: Matthias Bertschy <[email protected]> * fix CI Signed-off-by: Matthias Bertschy <[email protected]> * disable collect-kstack in capabilities tracer Signed-off-by: Matthias Bertschy <[email protected]> * disable wasm operator Signed-off-by: Matthias Bertschy <[email protected]> * use go based DnsOperator for resolution Signed-off-by: Matthias Bertschy <[email protected]> * use greentea GC Signed-off-by: Matthias Bertschy <[email protected]> * use improved DeepCopy for event data Signed-off-by: Matthias Bertschy <[email protected]> * remove Basic-Test from actions Signed-off-by: Matthias Bertschy <[email protected]> * use "reuse records of readers" PR from Michael Signed-off-by: Matthias Bertschy <[email protected]> * don't start nodeprofilemanager without an http exported config Signed-off-by: Matthias Bertschy <[email protected]> * cache field accessors for DatasourceEvent Signed-off-by: Matthias Bertschy <[email protected]> * use IG with disabled kallsyms.NewKAllSyms() loading Signed-off-by: Matthias Bertschy <[email protected]> * wip use sync.Pool for datasource.Data Signed-off-by: Matthias Bertschy <[email protected]> * wip do not pool Syscall events (until bug fixed) Signed-off-by: Matthias Bertschy <[email protected]> * Fixing iouring verifer compatability Signed-off-by: Amit Schendel <[email protected]> * use a sync.Pool per event type Signed-off-by: Matthias Bertschy <[email protected]> * fix third-party tracer initialization Signed-off-by: Matthias Bertschy <[email protected]> * refactor HTTP event handling to include external IP address Signed-off-by: Matthias Bertschy <[email protected]> * add ToMap evaluation for http events Signed-off-by: Matthias Bertschy <[email protected]> * refactor DNS operator to use simple.New and simplify initialization Signed-off-by: Matthias Bertschy <[email protected]> * add event handling for dropped events Signed-off-by: Matthias Bertschy <[email protected]> * fix test by using NewDnsOperator Signed-off-by: Matthias Bertschy <[email protected]> * remove unused OtherIp field and related methods from HTTP event handling Signed-off-by: Matthias Bertschy <[email protected]> * add MountNsID field and accessor methods to DatasourceEvent and StructEvent Signed-off-by: Matthias Bertschy <[email protected]> * update build command in Makefile to use TMPDIR environment variable Signed-off-by: Matthias Bertschy <[email protected]> * add OtherIp field and accessor methods to DatasourceEvent and StructEvent Signed-off-by: Matthias Bertschy <[email protected]> * fix IP header parsing in ssh and network gadgets and adapt accessors Signed-off-by: Matthias Bertschy <[email protected]> * add exec operator to handle execution tracing data Signed-off-by: Matthias Bertschy <[email protected]> * Fixing ssh Signed-off-by: Amit Schendel <[email protected]> * use unreleased open gadget, add full path handling in open events Signed-off-by: Matthias Bertschy <[email protected]> * Adding eBPF support for src and dst for http Signed-off-by: Amit Schendel <[email protected]> * add full path tracing support to OpenTracer and DatasourceEvent Signed-off-by: Matthias Bertschy <[email protected]> * add destination and source fields handling to DNS and HTTP gadget Signed-off-by: Matthias Bertschy <[email protected]> * use recompiled gadgets with ptid Signed-off-by: Matthias Bertschy <[email protected]> * refactor: remove unused IP handling and improve full path tracing in HTTP and datasource events Signed-off-by: Matthias Bertschy <[email protected]> * revert to trace_dns:v0.45.0 to avoid bad CO-RE relocation error Signed-off-by: Matthias Bertschy <[email protected]> * refactor: change TID retrieval methods to use Uint32 for reading ebpf u32 Signed-off-by: Matthias Bertschy <[email protected]> * Changing alert type to http when setting http details Signed-off-by: Amit Schendel <[email protected]> * Changing http ips Signed-off-by: Amit Schendel <[email protected]> * Fixing GetOtherIp Signed-off-by: Amit Schendel <[email protected]> * Adding direction aware src/dst Signed-off-by: Amit Schendel <[email protected]> * add AP checksum to runtime alert arguments Signed-off-by: Matthias Bertschy <[email protected]> * Removing unused map Signed-off-by: Amit Schendel <[email protected]> * Adding response body fix Signed-off-by: Amit Schendel <[email protected]> * revert Signed-off-by: Amit Schendel <[email protected]> * Adding some fixes Signed-off-by: Amit Schendel <[email protected]> * feature: implement alert bulking for HTTP exporter (#660) * feat: implement alert bulking for HTTP exporter - Add AlertBulkManager to batch alerts per container - Implement ProcessTree merging for comprehensive context - Add configurable size and time-based flush triggers - Integrate with container lifecycle for immediate flush on termination - Add comprehensive unit tests with full coverage - Update documentation with implementation details Bulking reduces HTTP overhead by batching up to 50 alerts or 10 seconds of alerts per container while maintaining temporal ordering. * Added component tests for testing bulk delivery Signed-off-by: Ben <[email protected]> * Implementing a send queue and simplifying process tree merging Signed-off-by: Ben <[email protected]> * improving docs Signed-off-by: Ben <[email protected]> * removing unused file Signed-off-by: Ben <[email protected]> * FIxing unit tests Signed-off-by: Ben <[email protected]> * Moving the defaults to the config package Signed-off-by: Ben <[email protected]> * Fix unit test Signed-off-by: Ben <[email protected]> * Fixing disjoined process trees Signed-off-by: Ben <[email protected]> --------- Signed-off-by: Ben <[email protected]> Signed-off-by: Ben Hirschberg <[email protected]> * fixing merge error Signed-off-by: Ben <[email protected]> * Adding support for state passing Signed-off-by: Amit Schendel <[email protected]> * Making bpf tracer less noisy Signed-off-by: Amit Schendel <[email protected]> * refactor: merge Arguments map for baseRuntimeAlert in event handlers Signed-off-by: Matthias Bertschy <[email protected]> * Respect runtime detection when unregistering (#665) Add ruleBindingsInitialized to ContainerWatcher to track whether any rule binding notifications have been processed. When runtime detection is enabled, only unregister containers after rule bindings have been initialized and the pod is not in ruleManagedPods. Update tests to exercise these cases. Signed-off-by: Matthias Bertschy <[email protected]> * processtree: return typed errors and use strconv for cache key Signed-off-by: Matthias Bertschy <[email protected]> * update docs * add missing errors.go Signed-off-by: Matthias Bertschy <[email protected]> * containerized_env: reparent children of container init process to shim Signed-off-by: Matthias Bertschy <[email protected]> * Adding some fixes Signed-off-by: Amit Schendel <[email protected]> * Adding fixes for process tree Signed-off-by: Amit Schendel <[email protected]> * refactor: replace kskubemanager with operators.DataOperator in tracer implementations Signed-off-by: Matthias Bertschy <[email protected]> * Handling cases of container restarts Signed-off-by: Amit Schendel <[email protected]> * Fix pre-running container indicator Signed-off-by: Amit Schendel <[email protected]> * Renaming field Signed-off-by: Amit Schendel <[email protected]> * Fixing logic Signed-off-by: Amit Schendel <[email protected]> * debug: enhance logging for mountnsmap presence and file descriptor Signed-off-by: Matthias Bertschy <[email protected]> * debug: enhance error logging for container tracing to aid diagnosis Signed-off-by: Matthias Bertschy <[email protected]> * debug: add probe map creation for diagnosing map clone/FD failures Signed-off-by: Matthias Bertschy <[email protected]> * ci: update component tests to use Ubuntu 22.04 Signed-off-by: Matthias Bertschy <[email protected]> * debug: remove unnecessary logging for ignored exec events Signed-off-by: Matthias Bertschy <[email protected]> * Sending containerProfile even if no data in some cases Signed-off-by: Amit Schendel <[email protected]> * Adding rev shell Signed-off-by: Amit Schendel <[email protected]> * Trying ulimit Signed-off-by: Amit Schendel <[email protected]> * Adding ulimit Signed-off-by: Amit Schendel <[email protected]> * Trying things Signed-off-by: Amit Schendel <[email protected]> * Removing Signed-off-by: Amit Schendel <[email protected]> * Trying to fix core Signed-off-by: Amit Schendel <[email protected]> * revert Signed-off-by: Amit Schendel <[email protected]> * deps: update ig fork Signed-off-by: Matthias Bertschy <[email protected]> * Test 16 fix Signed-off-by: Amit Schendel <[email protected]> * Test 16 Signed-off-by: Amit Schendel <[email protected]> * Test 16 Signed-off-by: Amit Schendel <[email protected]> * Increase time Signed-off-by: Amit Schendel <[email protected]> --------- Signed-off-by: Matthias Bertschy <[email protected]> Signed-off-by: Amit Schendel <[email protected]> Signed-off-by: Ben Hirschberg <[email protected]> Signed-off-by: Ben <[email protected]> Co-authored-by: Amit Schendel <[email protected]> Co-authored-by: Amit Schendel <[email protected]> Co-authored-by: Ben Hirschberg <[email protected]> Co-authored-by: Ben <[email protected]> --------- Signed-off-by: Afek Berger <[email protected]> Signed-off-by: Amit Schendel <[email protected]> Signed-off-by: Amit Schendel <[email protected]> Signed-off-by: Matthias Bertschy <[email protected]> Signed-off-by: Ben Hirschberg <[email protected]> Signed-off-by: Ben <[email protected]> Co-authored-by: Amit Schendel <[email protected]> Co-authored-by: Amit Schendel <[email protected]> Co-authored-by: Matthias Bertschy <[email protected]> Co-authored-by: Ben Hirschberg <[email protected]> Co-authored-by: Ben <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview