eventcache

package

v1.1.0 Latest Latest Go to latest Published: Apr 29, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cilium/tetragon

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func HandleGenericEvent(internal *process.ProcessInternal, ev notify.Event, tid *uint32) error
func HandleGenericInternal(ev notify.Event, pid uint32, tid *uint32, timestamp uint64) (*process.ProcessInternal, error)
func NewCacheCollector() prometheus.Collector
type Cache
- func (ec *Cache) Add(internal *process.ProcessInternal, e notify.Event, t uint64, s uint64, ...)
- func (ec *Cache) Needed(proc *tetragon.Process) bool
type CacheObj

Constants ¶

View Source

const (
	// Event information was completed without cache retries
	NO_EV_CACHE = iota
	// Cache retries was triggered in order to complete event information
	FROM_EV_CACHE
)

View Source

const (
	// garbage collection retries
	CacheStrikes = 15
	// garbage collection run interval
	EventRetryTimer = time.Second * 2
)

Variables ¶

View Source

var (
	ErrFailedToGetPodInfo     = errors.New("failed to get pod info from event cache")
	ErrFailedToGetProcessInfo = errors.New("failed to get process info from event cache")
	ErrFailedToGetParentInfo  = errors.New("failed to get parent info from event cache")
)

Functions ¶

func HandleGenericEvent ¶

func HandleGenericEvent(internal *process.ProcessInternal, ev notify.Event, tid *uint32) error

Generic Event handler without any extra msg specific details or debugging so we only need to wait for the internal link to the process context to resolve PodInfo. This happens when the msg populates the internal state but that event is not fully populated yet.

func HandleGenericInternal ¶

func HandleGenericInternal(ev notify.Event, pid uint32, tid *uint32, timestamp uint64) (*process.ProcessInternal, error)

Generic internal lookup happens when events are received out of order and this event was handled before an exec event so it wasn't able to populate the process info yet.

func NewCacheCollector ¶ added in v1.1.0

func NewCacheCollector() prometheus.Collector

Types ¶

type Cache ¶

type Cache struct {
	// contains filtered or unexported fields
}

func Get ¶

func Get() *Cache

func New ¶

func New(s *server.Server) *Cache

func NewWithTimer ¶

func NewWithTimer(s *server.Server, dur time.Duration) *Cache

func (*Cache) Add ¶

func (ec *Cache) Add(internal *process.ProcessInternal,
	e notify.Event,
	t uint64,
	s uint64,
	msg notify.Message)

func (*Cache) Needed ¶

func (ec *Cache) Needed(proc *tetragon.Process) bool

We handle two race conditions here one where the event races with a Tetragon execve event and the other -- much more common -- where we race with K8s watcher case 1 (execve race):

Its possible to receive this Tetragon event before the process event cache
has been populated with a Tetragon execve event. In this case we need to
cache the event until the process cache is populated.

case 2 (k8s watcher race):

Its possible to receive an event before the k8s watcher receives the
podInfo event and populates the local cache. If we expect podInfo,
indicated by having a nonZero dockerID we cache the event until the
podInfo arrives.

type CacheObj ¶

type CacheObj struct {
	// contains filtered or unexported fields
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL