Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Use BPF iterator instead of procfs #336

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: Use BPF iterator instead of procfs #336

wants to merge 1 commit into from

Conversation

vadorovsky
Copy link
Member

Replace the process tracker initialization process from procfs parsing to BPF iterators, which are less erronous and result in an easier implementation.

@vadorovsky vadorovsky changed the base branch from rust-2024 to cgroup-skb-core-read March 17, 2025 08:57
@vadorovsky vadorovsky force-pushed the cgroup-skb-core-read branch from 8dad79c to 87966a5 Compare March 17, 2025 09:49
@vadorovsky vadorovsky force-pushed the bpf-iterator branch 2 times, most recently from 4e8a25d to cdf890c Compare March 17, 2025 10:51
@vadorovsky vadorovsky changed the base branch from cgroup-skb-core-read to main March 24, 2025 07:12
@vadorovsky vadorovsky force-pushed the bpf-iterator branch 3 times, most recently from 4933373 to 949f7b1 Compare March 31, 2025 06:49
@vadorovsky vadorovsky marked this pull request as ready for review March 31, 2025 07:14
Copilot
Copilot AI reviewed Mar 31, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR replaces the process tracker initialization from procfs parsing to a BPF iterator approach to improve reliability and simplify the implementation.

  • Introduces a new enum ContainerEngineKind in pulsar-core to represent container engines.
  • Removes the duplicate ContainerEngineKind from process-monitor and updates the process tree loading logic to use BPF iterator output.
  • Updates the initializer to use the new process tree loader and changes the aya dependency configuration in Cargo.toml.

Reviewed Changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
crates/pulsar-core/src/event.rs Added ContainerEngineKind enum for container engine distinction.
crates/modules/process-monitor/src/lib.rs Updated import statements by removing duplicate enum definition.
crates/bpf-filtering/src/process_tree.rs Replaced procfs parsing with reading from a BPF iterator and updated error handling for incorrect output formats.
crates/bpf-filtering/src/initializer.rs Updated process tree initialization to use the new BPF iterator loader.
Cargo.toml Updated aya dependency to a specific git revision.
Files not reviewed (1)
  • crates/modules/process-monitor/probes.bpf.c: Language not supported

@vadorovsky
feat: Use BPF iterator instead of procfs
32b28ef 
Replace the process tracker initialization process from procfs parsing
to BPF iterators, which are less erronous and result in an easier
implementation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@banditopazzo banditopazzo Awaiting requested review from banditopazzo

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@vadorovsky