From 48eaac7c532509bb34dd246e75e0b1f9207400f8 Mon Sep 17 00:00:00 2001 From: Jiri Olsa Date: Mon, 15 Jan 2024 09:39:48 +0000 Subject: [PATCH 01/14] tetragon: Rename argPrinters type to argPrinter Renaming argPrinters type to argPrinter which makes more sense to me. Signed-off-by: Jiri Olsa --- pkg/sensors/tracing/generickprobe.go | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/pkg/sensors/tracing/generickprobe.go b/pkg/sensors/tracing/generickprobe.go index eff1bd61e29..5ae086b5776 100644 --- a/pkg/sensors/tracing/generickprobe.go +++ b/pkg/sensors/tracing/generickprobe.go @@ -88,7 +88,7 @@ type kprobeLoadArgs struct { config *api.EventConfig } -type argPrinters struct { +type argPrinter struct { ty int index int maxData bool @@ -103,8 +103,8 @@ type pendingEventKey struct { // internal genericKprobe info type genericKprobe struct { loadArgs kprobeLoadArgs - argSigPrinters []argPrinters - argReturnPrinters []argPrinters + argSigPrinters []argPrinter + argReturnPrinters []argPrinter funcName string // for kprobes that have a retprobe, we maintain the enter events in @@ -645,8 +645,8 @@ func createGenericKprobeSensor( // it to the genericKprobeTable. The caller should make sure that this entry is // properly removed on kprobe removal. func addKprobe(funcName string, f *v1alpha1.KProbeSpec, in *addKprobeIn) (id idtable.EntryID, err error) { - var argSigPrinters []argPrinters - var argReturnPrinters []argPrinters + var argSigPrinters []argPrinter + var argReturnPrinters []argPrinter var setRetprobe bool var argRetprobe *v1alpha1.KProbeArg var argsBTFSet [api.MaxArgsSupported]bool @@ -718,7 +718,7 @@ func addKprobe(funcName string, f *v1alpha1.KProbeSpec, in *addKprobeIn) (id idt config.ArgM[a.Index] = uint32(argMValue) argsBTFSet[a.Index] = true - argP := argPrinters{index: j, ty: argType, maxData: a.MaxData, label: a.Label} + argP := argPrinter{index: j, ty: argType, maxData: a.MaxData, label: a.Label} argSigPrinters = append(argSigPrinters, argP) } @@ -744,7 +744,7 @@ func addKprobe(funcName string, f *v1alpha1.KProbeSpec, in *addKprobeIn) (id idt } config.ArgReturn = int32(argType) argsBTFSet[api.ReturnArgIndex] = true - argP := argPrinters{index: api.ReturnArgIndex, ty: argType} + argP := argPrinter{index: api.ReturnArgIndex, ty: argType} argReturnPrinters = append(argReturnPrinters, argP) } else { config.ArgReturn = int32(0) @@ -757,7 +757,7 @@ func addKprobe(funcName string, f *v1alpha1.KProbeSpec, in *addKprobeIn) (id idt argType := gt.GenericTypeFromString(argRetprobe.Type) config.ArgReturnCopy = int32(argType) - argP := argPrinters{index: int(argRetprobe.Index), ty: argType, label: argRetprobe.Label} + argP := argPrinter{index: int(argRetprobe.Index), ty: argType, label: argRetprobe.Label} argReturnPrinters = append(argReturnPrinters, argP) } else { config.ArgReturnCopy = int32(0) @@ -1219,7 +1219,7 @@ func handleMsgGenericKprobe(m *api.MsgGenericKprobe, gk *genericKprobe, r *bytes returnEvent := m.Common.Flags&processapi.MSG_COMMON_FLAG_RETURN != 0 var ktimeEnter uint64 - var printers []argPrinters + var printers []argPrinter if returnEvent { // if this a return event, also read the ktime of the enter event err := binary.Read(r, binary.LittleEndian, &ktimeEnter) From 6b5db4d714fefafbb830d2bd722b233bfffba14d Mon Sep 17 00:00:00 2001 From: Jiri Olsa Date: Mon, 15 Jan 2024 10:53:47 +0000 Subject: [PATCH 02/14] tetragon: Move argument helpers code to args.go Moving argument helpers code to args.go to structure the code better, because it will be used from uprobe code in following changes. Signed-off-by: Jiri Olsa --- pkg/sensors/tracing/args.go | 62 ++++++++++++++++++++++++ pkg/sensors/tracing/generickprobe.go | 40 --------------- pkg/sensors/tracing/generictracepoint.go | 12 ----- 3 files changed, 62 insertions(+), 52 deletions(-) create mode 100644 pkg/sensors/tracing/args.go diff --git a/pkg/sensors/tracing/args.go b/pkg/sensors/tracing/args.go new file mode 100644 index 00000000000..09bcce55a9b --- /dev/null +++ b/pkg/sensors/tracing/args.go @@ -0,0 +1,62 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright Authors of Tetragon + +package tracing + +import ( + "fmt" + + "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" +) + +type argPrinter struct { + ty int + index int + maxData bool + label string +} + +const ( + argReturnCopyBit = 1 << 4 + argMaxDataBit = 1 << 5 +) + +func argReturnCopy(meta int) bool { + return meta&argReturnCopyBit != 0 +} + +// meta value format: +// bits +// +// 0-3 : SizeArgIndex +// 4 : ReturnCopy +// 5 : MaxData +func getMetaValue(arg *v1alpha1.KProbeArg) (int, error) { + var meta int + + if arg.SizeArgIndex > 0 { + if arg.SizeArgIndex > 15 { + return 0, fmt.Errorf("invalid SizeArgIndex value (>15): %v", arg.SizeArgIndex) + } + meta = int(arg.SizeArgIndex) + } + if arg.ReturnCopy { + meta = meta | argReturnCopyBit + } + if arg.MaxData { + meta = meta | argMaxDataBit + } + return meta, nil +} + +// getTracepointMetaArg is a temporary helper to find meta values while tracepoint +// converts into new CRD and config formats. +func getTracepointMetaValue(arg *v1alpha1.KProbeArg) int { + if arg.SizeArgIndex > 0 { + return int(arg.SizeArgIndex) + } + if arg.ReturnCopy { + return -1 + } + return 0 +} diff --git a/pkg/sensors/tracing/generickprobe.go b/pkg/sensors/tracing/generickprobe.go index 5ae086b5776..a4b484a4bac 100644 --- a/pkg/sensors/tracing/generickprobe.go +++ b/pkg/sensors/tracing/generickprobe.go @@ -88,13 +88,6 @@ type kprobeLoadArgs struct { config *api.EventConfig } -type argPrinter struct { - ty int - index int - maxData bool - label string -} - type pendingEventKey struct { eventId uint64 ktimeEnter uint64 @@ -170,39 +163,6 @@ var ( MaxFilterIntArgs = 8 ) -const ( - argReturnCopyBit = 1 << 4 - argMaxDataBit = 1 << 5 -) - -func argReturnCopy(meta int) bool { - return meta&argReturnCopyBit != 0 -} - -// meta value format: -// bits -// -// 0-3 : SizeArgIndex -// 4 : ReturnCopy -// 5 : MaxData -func getMetaValue(arg *v1alpha1.KProbeArg) (int, error) { - var meta int - - if arg.SizeArgIndex > 0 { - if arg.SizeArgIndex > 15 { - return 0, fmt.Errorf("invalid SizeArgIndex value (>15): %v", arg.SizeArgIndex) - } - meta = int(arg.SizeArgIndex) - } - if arg.ReturnCopy { - meta = meta | argReturnCopyBit - } - if arg.MaxData { - meta = meta | argMaxDataBit - } - return meta, nil -} - func multiKprobePinPath(sensorPath string) string { return sensors.PathJoin(sensorPath, "multi_kprobe") } diff --git a/pkg/sensors/tracing/generictracepoint.go b/pkg/sensors/tracing/generictracepoint.go index aa1df0dbb93..77b759d80c9 100644 --- a/pkg/sensors/tracing/generictracepoint.go +++ b/pkg/sensors/tracing/generictracepoint.go @@ -149,18 +149,6 @@ func (t *tracepointTable) getTracepoint(idx int) (*genericTracepoint, error) { return nil, fmt.Errorf("tracepoint table: invalid id:%d (len=%d)", idx, len(t.arr)) } -// getTracepointMetaArg is a temporary helper to find meta values while tracepoint -// converts into new CRD and config formats. -func getTracepointMetaValue(arg *v1alpha1.KProbeArg) int { - if arg.SizeArgIndex > 0 { - return int(arg.SizeArgIndex) - } - if arg.ReturnCopy { - return -1 - } - return 0 -} - func (out *genericTracepointArg) String() string { return fmt.Sprintf("genericTracepointArg{CtxOffset: %d format: %+v}", out.CtxOffset, out.format) } From 3c6e81e8213195bfedb74c3797ca9260b7a8dd7d Mon Sep 17 00:00:00 2001 From: Jiri Olsa Date: Sun, 21 Jan 2024 07:48:36 +0000 Subject: [PATCH 03/14] tetragon: Move argument processing code to args.go Moving argument processing code to args.go structure the code better, because it will be used also from uprobe code. Moving it together with two other helper functions. Signed-off-by: Jiri Olsa --- pkg/sensors/tracing/args.go | 412 +++++++++++++++++++++++++++ pkg/sensors/tracing/generickprobe.go | 403 +------------------------- 2 files changed, 418 insertions(+), 397 deletions(-) diff --git a/pkg/sensors/tracing/args.go b/pkg/sensors/tracing/args.go index 09bcce55a9b..62e86d3f37e 100644 --- a/pkg/sensors/tracing/args.go +++ b/pkg/sensors/tracing/args.go @@ -4,9 +4,21 @@ package tracing import ( + "bytes" + "encoding/binary" + "errors" "fmt" + "io" + "github.com/cilium/tetragon/pkg/api/dataapi" + "github.com/cilium/tetragon/pkg/api/tracingapi" + api "github.com/cilium/tetragon/pkg/api/tracingapi" + gt "github.com/cilium/tetragon/pkg/generictypes" "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" + "github.com/cilium/tetragon/pkg/logger" + "github.com/cilium/tetragon/pkg/observer" + "github.com/cilium/tetragon/pkg/reader/network" + "github.com/cilium/tetragon/pkg/strutils" ) type argPrinter struct { @@ -60,3 +72,403 @@ func getTracepointMetaValue(arg *v1alpha1.KProbeArg) int { } return 0 } + +func getArg(r *bytes.Reader, a argPrinter) tracingapi.MsgGenericKprobeArg { + var err error + + switch a.ty { + case gt.GenericIntType, gt.GenericS32Type: + var output int32 + var arg api.MsgGenericKprobeArgInt + + err := binary.Read(r, binary.LittleEndian, &output) + if err != nil { + logger.GetLogger().WithError(err).Warnf("Int type error") + } + + arg.Index = uint64(a.index) + arg.Value = output + arg.Label = a.label + return arg + case gt.GenericFileType, gt.GenericFdType, gt.GenericKiocb: + var arg api.MsgGenericKprobeArgFile + var flags uint32 + var b int32 + + /* Eat file descriptor its not used in userland */ + if a.ty == gt.GenericFdType { + binary.Read(r, binary.LittleEndian, &b) + } + + arg.Index = uint64(a.index) + arg.Value, err = parseString(r) + if err != nil { + if errors.Is(err, errParseStringSize) { + // If no size then path walk was not possible and file was + // either a mount point or not a "file" at all which can + // happen if running without any filters and kernel opens an + // anonymous inode. For this lets just report its on "/" all + // though pid filtering will mostly catch this. + arg.Value = "/" + } else { + logger.GetLogger().WithError(err).Warn("error parsing arg type file") + } + } + + // read the first byte that keeps the flags + err := binary.Read(r, binary.LittleEndian, &flags) + if err != nil { + flags = 0 + } + + arg.Flags = flags + arg.Label = a.label + return arg + case gt.GenericPathType: + var arg api.MsgGenericKprobeArgPath + var flags uint32 + + arg.Index = uint64(a.index) + arg.Value, err = parseString(r) + if err != nil { + if errors.Is(err, errParseStringSize) { + arg.Value = "/" + } else { + logger.GetLogger().WithError(err).Warn("error parsing arg type path") + } + } + + // read the first byte that keeps the flags + err := binary.Read(r, binary.LittleEndian, &flags) + if err != nil { + flags = 0 + } + + arg.Flags = flags + arg.Label = a.label + return arg + case gt.GenericFilenameType, gt.GenericStringType: + var arg api.MsgGenericKprobeArgString + + arg.Index = uint64(a.index) + arg.Value, err = parseString(r) + if err != nil { + logger.GetLogger().WithError(err).Warn("error parsing arg type string") + } + + arg.Label = a.label + return arg + case gt.GenericCredType: + var cred api.MsgGenericCred + var arg api.MsgGenericKprobeArgCred + + err := binary.Read(r, binary.LittleEndian, &cred) + if err != nil { + logger.GetLogger().WithError(err).Warnf("cred type err") + } + + arg.Index = uint64(a.index) + arg.Uid = cred.Uid + arg.Gid = cred.Gid + arg.Suid = cred.Suid + arg.Sgid = cred.Sgid + arg.Euid = cred.Euid + arg.Egid = cred.Egid + arg.FSuid = cred.FSuid + arg.FSgid = cred.FSgid + arg.SecureBits = cred.SecureBits + arg.Cap.Permitted = cred.Cap.Permitted + arg.Cap.Effective = cred.Cap.Effective + arg.Cap.Inheritable = cred.Cap.Inheritable + arg.UserNs.Level = cred.UserNs.Level + arg.UserNs.Uid = cred.UserNs.Uid + arg.UserNs.Gid = cred.UserNs.Gid + arg.UserNs.NsInum = cred.UserNs.NsInum + arg.Label = a.label + return arg + case gt.GenericCharBuffer, gt.GenericCharIovec, gt.GenericIovIter: + if arg, err := ReadArgBytes(r, a.index, a.maxData); err == nil { + arg.Label = a.label + return *arg + } else { + logger.GetLogger().WithError(err).Warnf("failed to read bytes argument") + } + case gt.GenericSkbType: + var skb api.MsgGenericKprobeSkb + var arg api.MsgGenericKprobeArgSkb + + err := binary.Read(r, binary.LittleEndian, &skb) + if err != nil { + logger.GetLogger().WithError(err).Warnf("skb type err") + } + + arg.Index = uint64(a.index) + arg.Hash = skb.Hash + arg.Len = skb.Len + arg.Priority = skb.Priority + arg.Mark = skb.Mark + arg.Family = skb.Tuple.Family + arg.Saddr = network.GetIP(skb.Tuple.Saddr, skb.Tuple.Family).String() + arg.Daddr = network.GetIP(skb.Tuple.Daddr, skb.Tuple.Family).String() + arg.Sport = uint32(skb.Tuple.Sport) + arg.Dport = uint32(skb.Tuple.Dport) + arg.Proto = uint32(skb.Tuple.Protocol) + arg.SecPathLen = skb.SecPathLen + arg.SecPathOLen = skb.SecPathOLen + arg.Label = a.label + return arg + case gt.GenericSockType: + var sock api.MsgGenericKprobeSock + var arg api.MsgGenericKprobeArgSock + + err := binary.Read(r, binary.LittleEndian, &sock) + if err != nil { + logger.GetLogger().WithError(err).Warnf("sock type err") + } + + arg.Index = uint64(a.index) + arg.Family = sock.Tuple.Family + arg.State = sock.State + arg.Type = sock.Type + arg.Protocol = sock.Tuple.Protocol + arg.Mark = sock.Mark + arg.Priority = sock.Priority + arg.Saddr = network.GetIP(sock.Tuple.Saddr, sock.Tuple.Family).String() + arg.Daddr = network.GetIP(sock.Tuple.Daddr, sock.Tuple.Family).String() + arg.Sport = uint32(sock.Tuple.Sport) + arg.Dport = uint32(sock.Tuple.Dport) + arg.Sockaddr = sock.Sockaddr + arg.Label = a.label + return arg + case gt.GenericSizeType, gt.GenericU64Type: + var output uint64 + var arg api.MsgGenericKprobeArgSize + + err := binary.Read(r, binary.LittleEndian, &output) + if err != nil { + logger.GetLogger().WithError(err).Warnf("Size type err") + } + + arg.Index = uint64(a.index) + arg.Value = output + arg.Label = a.label + return arg + case gt.GenericNopType: + // do nothing + case gt.GenericBpfAttr: + var output api.MsgGenericKprobeBpfAttr + var arg api.MsgGenericKprobeArgBpfAttr + + err := binary.Read(r, binary.LittleEndian, &output) + if err != nil { + logger.GetLogger().WithError(err).Warnf("bpf_attr type error") + } + arg.ProgType = output.ProgType + arg.InsnCnt = output.InsnCnt + length := bytes.IndexByte(output.ProgName[:], 0) // trim tailing null bytes + arg.ProgName = string(output.ProgName[:length]) + arg.Label = a.label + return arg + case gt.GenericPerfEvent: + var output api.MsgGenericKprobePerfEvent + var arg api.MsgGenericKprobeArgPerfEvent + + err := binary.Read(r, binary.LittleEndian, &output) + if err != nil { + logger.GetLogger().WithError(err).Warnf("perf_event type error") + } + length := bytes.IndexByte(output.KprobeFunc[:], 0) // trim tailing null bytes + arg.KprobeFunc = string(output.KprobeFunc[:length]) + arg.Type = output.Type + arg.Config = output.Config + arg.ProbeOffset = output.ProbeOffset + arg.Label = a.label + return arg + case gt.GenericBpfMap: + var output api.MsgGenericKprobeBpfMap + var arg api.MsgGenericKprobeArgBpfMap + + err := binary.Read(r, binary.LittleEndian, &output) + if err != nil { + logger.GetLogger().WithError(err).Warnf("bpf_map type error") + } + + arg.MapType = output.MapType + arg.KeySize = output.KeySize + arg.ValueSize = output.ValueSize + arg.MaxEntries = output.MaxEntries + length := bytes.IndexByte(output.MapName[:], 0) // trim tailing null bytes + arg.MapName = string(output.MapName[:length]) + arg.Label = a.label + return arg + case gt.GenericU32Type: + var output uint32 + var arg api.MsgGenericKprobeArgUInt + + err := binary.Read(r, binary.LittleEndian, &output) + if err != nil { + logger.GetLogger().WithError(err).Warnf("UInt type error") + } + + arg.Index = uint64(a.index) + arg.Value = output + arg.Label = a.label + return arg + case gt.GenericUserNamespace: + var output api.MsgGenericUserNamespace + var arg api.MsgGenericKprobeArgUserNamespace + + err := binary.Read(r, binary.LittleEndian, &output) + if err != nil { + logger.GetLogger().WithError(err).Warnf("user_namespace type error") + } + arg.Level = output.Level + arg.Uid = output.Uid + arg.Gid = output.Gid + arg.NsInum = output.NsInum + arg.Label = a.label + return arg + case gt.GenericCapability: + var output api.MsgGenericKprobeCapability + var arg api.MsgGenericKprobeArgCapability + + err := binary.Read(r, binary.LittleEndian, &output) + if err != nil { + logger.GetLogger().WithError(err).Warnf("capability type error") + } + arg.Value = output.Value + arg.Label = a.label + return arg + case gt.GenericLoadModule: + var output api.MsgGenericLoadModule + var arg api.MsgGenericKprobeArgLoadModule + + err := binary.Read(r, binary.LittleEndian, &output) + if err != nil { + logger.GetLogger().WithError(err).Warnf("load_module type error") + } else if output.Name[0] != 0x00 { + i := bytes.IndexByte(output.Name[:api.MODULE_NAME_LEN], 0) + if i == -1 { + i = api.MODULE_NAME_LEN + } + arg.Name = string(output.Name[:i]) + arg.SigOk = output.SigOk + arg.Taints = output.Taints + } + arg.Label = a.label + return arg + case gt.GenericKernelModule: + var output api.MsgGenericLoadModule + var arg api.MsgGenericKprobeArgKernelModule + + err := binary.Read(r, binary.LittleEndian, &output) + if err != nil { + logger.GetLogger().WithError(err).Warnf("kernel module type error") + } else if output.Name[0] != 0x00 { + i := bytes.IndexByte(output.Name[:api.MODULE_NAME_LEN], 0) + if i == -1 { + i = api.MODULE_NAME_LEN + } + arg.Name = string(output.Name[:i]) + arg.Taints = output.Taints + } + arg.Label = a.label + return arg + default: + logger.GetLogger().WithError(err).WithField("event-type", a.ty).Warnf("Unknown event type") + } + + return nil +} + +// parseString parses strings encoded from BPF copy_strings in the form: +// *---------*---------* +// | 4 bytes | N bytes | +// | size | string | +// *---------*---------* +func parseString(r io.Reader) (string, error) { + var size int32 + err := binary.Read(r, binary.LittleEndian, &size) + if err != nil { + return "", fmt.Errorf("%w: %s", errParseStringSize, err) + } + + if size < 0 { + return "", errors.New("string size is negative") + } + + // limit the size of the string to avoid huge memory allocation and OOM kill in case of issue + if size > maxStringSize { + return "", fmt.Errorf("string size too large: %d, max size is %d", size, maxStringSize) + } + stringBuffer := make([]byte, size) + err = binary.Read(r, binary.LittleEndian, &stringBuffer) + if err != nil { + return "", fmt.Errorf("error parsing string from binary with size %d: %s", size, err) + } + + // remove the trailing '\0' from the C string + if len(stringBuffer) > 0 && stringBuffer[len(stringBuffer)-1] == '\x00' { + stringBuffer = stringBuffer[:len(stringBuffer)-1] + } + + return strutils.UTF8FromBPFBytes(stringBuffer), nil +} + +func ReadArgBytes(r *bytes.Reader, index int, hasMaxData bool) (*api.MsgGenericKprobeArgBytes, error) { + var bytes, bytes_rd, hasDataEvents int32 + var arg api.MsgGenericKprobeArgBytes + + if hasMaxData { + /* First int32 indicates if data events are used (1) or not (0). */ + if err := binary.Read(r, binary.LittleEndian, &hasDataEvents); err != nil { + return nil, fmt.Errorf("failed to read original size for buffer argument: %w", err) + } + if hasDataEvents != 0 { + var desc dataapi.DataEventDesc + + if err := binary.Read(r, binary.LittleEndian, &desc); err != nil { + return nil, err + } + data, err := observer.DataGet(desc) + if err != nil { + return nil, err + } + arg.Index = uint64(index) + arg.OrigSize = uint64(len(data) + int(desc.Leftover)) + arg.Value = data + return &arg, nil + } + } + + if err := binary.Read(r, binary.LittleEndian, &bytes); err != nil { + return nil, fmt.Errorf("failed to read original size for buffer argument: %w", err) + } + + arg.Index = uint64(index) + if bytes == CharBufSavedForRetprobe { + return &arg, nil + } + // bpf-side returned an error + if bytes < 0 { + // NB: once we extended arguments to also pass errors, we can change + // this. + arg.Value = []byte(kprobeCharBufErrorToString(bytes)) + return &arg, nil + } + arg.OrigSize = uint64(bytes) + if err := binary.Read(r, binary.LittleEndian, &bytes_rd); err != nil { + return nil, fmt.Errorf("failed to read size for buffer argument: %w", err) + } + + if bytes_rd > 0 { + arg.Value = make([]byte, bytes_rd) + if err := binary.Read(r, binary.LittleEndian, &arg.Value); err != nil { + return nil, fmt.Errorf("failed to read buffer (size: %d): %w", bytes_rd, err) + } + } + + // NB: there are cases (e.g., read()) where it is valid to have an + // empty (zero-length) buffer. + return &arg, nil +} diff --git a/pkg/sensors/tracing/generickprobe.go b/pkg/sensors/tracing/generickprobe.go index a4b484a4bac..ff1ac2add53 100644 --- a/pkg/sensors/tracing/generickprobe.go +++ b/pkg/sensors/tracing/generickprobe.go @@ -9,14 +9,12 @@ import ( "encoding/binary" "errors" "fmt" - "io" "net" "net/http" "path" "strings" "github.com/cilium/ebpf" - "github.com/cilium/tetragon/pkg/api/dataapi" "github.com/cilium/tetragon/pkg/api/ops" "github.com/cilium/tetragon/pkg/api/processapi" api "github.com/cilium/tetragon/pkg/api/tracingapi" @@ -34,11 +32,9 @@ import ( "github.com/cilium/tetragon/pkg/observer" "github.com/cilium/tetragon/pkg/option" "github.com/cilium/tetragon/pkg/policyfilter" - "github.com/cilium/tetragon/pkg/reader/network" "github.com/cilium/tetragon/pkg/selectors" "github.com/cilium/tetragon/pkg/sensors" "github.com/cilium/tetragon/pkg/sensors/program" - "github.com/cilium/tetragon/pkg/strutils" lru "github.com/hashicorp/golang-lru/v2" "github.com/sirupsen/logrus" @@ -1012,99 +1008,6 @@ var errParseStringSize = errors.New("error parsing string size from binary") // this is from bpf/process/types/basic.h 'MAX_STRING' const maxStringSize = 1024 -// parseString parses strings encoded from BPF copy_strings in the form: -// *---------*---------* -// | 4 bytes | N bytes | -// | size | string | -// *---------*---------* -func parseString(r io.Reader) (string, error) { - var size int32 - err := binary.Read(r, binary.LittleEndian, &size) - if err != nil { - return "", fmt.Errorf("%w: %s", errParseStringSize, err) - } - - if size < 0 { - return "", errors.New("string size is negative") - } - - // limit the size of the string to avoid huge memory allocation and OOM kill in case of issue - if size > maxStringSize { - return "", fmt.Errorf("string size too large: %d, max size is %d", size, maxStringSize) - } - stringBuffer := make([]byte, size) - err = binary.Read(r, binary.LittleEndian, &stringBuffer) - if err != nil { - return "", fmt.Errorf("error parsing string from binary with size %d: %s", size, err) - } - - // remove the trailing '\0' from the C string - if len(stringBuffer) > 0 && stringBuffer[len(stringBuffer)-1] == '\x00' { - stringBuffer = stringBuffer[:len(stringBuffer)-1] - } - - return strutils.UTF8FromBPFBytes(stringBuffer), nil -} - -func ReadArgBytes(r *bytes.Reader, index int, hasMaxData bool) (*api.MsgGenericKprobeArgBytes, error) { - var bytes, bytes_rd, hasDataEvents int32 - var arg api.MsgGenericKprobeArgBytes - - if hasMaxData { - /* First int32 indicates if data events are used (1) or not (0). */ - if err := binary.Read(r, binary.LittleEndian, &hasDataEvents); err != nil { - return nil, fmt.Errorf("failed to read original size for buffer argument: %w", err) - } - if hasDataEvents != 0 { - var desc dataapi.DataEventDesc - - if err := binary.Read(r, binary.LittleEndian, &desc); err != nil { - return nil, err - } - data, err := observer.DataGet(desc) - if err != nil { - return nil, err - } - arg.Index = uint64(index) - arg.OrigSize = uint64(len(data) + int(desc.Leftover)) - arg.Value = data - return &arg, nil - } - } - - if err := binary.Read(r, binary.LittleEndian, &bytes); err != nil { - return nil, fmt.Errorf("failed to read original size for buffer argument: %w", err) - } - - arg.Index = uint64(index) - if bytes == CharBufSavedForRetprobe { - return &arg, nil - } - // bpf-side returned an error - if bytes < 0 { - // NB: once we extended arguments to also pass errors, we can change - // this. - arg.Value = []byte(kprobeCharBufErrorToString(bytes)) - return &arg, nil - } - arg.OrigSize = uint64(bytes) - if err := binary.Read(r, binary.LittleEndian, &bytes_rd); err != nil { - return nil, fmt.Errorf("failed to read size for buffer argument: %w", err) - } - - if bytes_rd > 0 { - arg.Value = make([]byte, bytes_rd) - if err := binary.Read(r, binary.LittleEndian, &arg.Value); err != nil { - return nil, fmt.Errorf("failed to read buffer (size: %d): %w", bytes_rd, err) - } - } - - // NB: there are cases (e.g., read()) where it is valid to have an - // empty (zero-length) buffer. - return &arg, nil - -} - func getUrl(url string) { // We fire and forget URLs, and we don't care if they hit or not. http.Get(url) @@ -1222,308 +1125,14 @@ func handleMsgGenericKprobe(m *api.MsgGenericKprobe, gk *genericKprobe, r *bytes } } + // Get argument objects for specific printers/types for _, a := range printers { - switch a.ty { - case gt.GenericIntType, gt.GenericS32Type: - var output int32 - var arg api.MsgGenericKprobeArgInt - - err := binary.Read(r, binary.LittleEndian, &output) - if err != nil { - logger.GetLogger().WithError(err).Warnf("Int type error") - } - - arg.Index = uint64(a.index) - arg.Value = output - arg.Label = a.label - unix.Args = append(unix.Args, arg) - case gt.GenericFileType, gt.GenericFdType, gt.GenericKiocb: - var arg api.MsgGenericKprobeArgFile - var flags uint32 - var b int32 - - /* Eat file descriptor its not used in userland */ - if a.ty == gt.GenericFdType { - binary.Read(r, binary.LittleEndian, &b) - } - - arg.Index = uint64(a.index) - arg.Value, err = parseString(r) - if err != nil { - if errors.Is(err, errParseStringSize) { - // If no size then path walk was not possible and file was - // either a mount point or not a "file" at all which can - // happen if running without any filters and kernel opens an - // anonymous inode. For this lets just report its on "/" all - // though pid filtering will mostly catch this. - arg.Value = "/" - } else { - logger.GetLogger().WithError(err).Warn("error parsing arg type file") - } - } - - // read the first byte that keeps the flags - err := binary.Read(r, binary.LittleEndian, &flags) - if err != nil { - flags = 0 - } - - arg.Flags = flags - arg.Label = a.label - unix.Args = append(unix.Args, arg) - case gt.GenericPathType: - var arg api.MsgGenericKprobeArgPath - var flags uint32 - - arg.Index = uint64(a.index) - arg.Value, err = parseString(r) - if err != nil { - if errors.Is(err, errParseStringSize) { - arg.Value = "/" - } else { - logger.GetLogger().WithError(err).Warn("error parsing arg type path") - } - } - - // read the first byte that keeps the flags - err := binary.Read(r, binary.LittleEndian, &flags) - if err != nil { - flags = 0 - } - - arg.Flags = flags - arg.Label = a.label - unix.Args = append(unix.Args, arg) - case gt.GenericFilenameType, gt.GenericStringType: - var arg api.MsgGenericKprobeArgString - - arg.Index = uint64(a.index) - arg.Value, err = parseString(r) - if err != nil { - logger.GetLogger().WithError(err).Warn("error parsing arg type string") - } - - arg.Label = a.label - unix.Args = append(unix.Args, arg) - case gt.GenericCredType: - var cred api.MsgGenericCred - var arg api.MsgGenericKprobeArgCred - - err := binary.Read(r, binary.LittleEndian, &cred) - if err != nil { - logger.GetLogger().WithError(err).Warnf("cred type err") - } - - arg.Index = uint64(a.index) - arg.Uid = cred.Uid - arg.Gid = cred.Gid - arg.Suid = cred.Suid - arg.Sgid = cred.Sgid - arg.Euid = cred.Euid - arg.Egid = cred.Egid - arg.FSuid = cred.FSuid - arg.FSgid = cred.FSgid - arg.SecureBits = cred.SecureBits - arg.Cap.Permitted = cred.Cap.Permitted - arg.Cap.Effective = cred.Cap.Effective - arg.Cap.Inheritable = cred.Cap.Inheritable - arg.UserNs.Level = cred.UserNs.Level - arg.UserNs.Uid = cred.UserNs.Uid - arg.UserNs.Gid = cred.UserNs.Gid - arg.UserNs.NsInum = cred.UserNs.NsInum - arg.Label = a.label - unix.Args = append(unix.Args, arg) - case gt.GenericCharBuffer, gt.GenericCharIovec, gt.GenericIovIter: - if arg, err := ReadArgBytes(r, a.index, a.maxData); err == nil { - arg.Label = a.label - unix.Args = append(unix.Args, *arg) - } else { - logger.GetLogger().WithError(err).Warnf("failed to read bytes argument") - } - case gt.GenericSkbType: - var skb api.MsgGenericKprobeSkb - var arg api.MsgGenericKprobeArgSkb - - err := binary.Read(r, binary.LittleEndian, &skb) - if err != nil { - logger.GetLogger().WithError(err).Warnf("skb type err") - } - - arg.Index = uint64(a.index) - arg.Hash = skb.Hash - arg.Len = skb.Len - arg.Priority = skb.Priority - arg.Mark = skb.Mark - arg.Family = skb.Tuple.Family - arg.Saddr = network.GetIP(skb.Tuple.Saddr, skb.Tuple.Family).String() - arg.Daddr = network.GetIP(skb.Tuple.Daddr, skb.Tuple.Family).String() - arg.Sport = uint32(skb.Tuple.Sport) - arg.Dport = uint32(skb.Tuple.Dport) - arg.Proto = uint32(skb.Tuple.Protocol) - arg.SecPathLen = skb.SecPathLen - arg.SecPathOLen = skb.SecPathOLen - arg.Label = a.label - unix.Args = append(unix.Args, arg) - case gt.GenericSockType: - var sock api.MsgGenericKprobeSock - var arg api.MsgGenericKprobeArgSock - - err := binary.Read(r, binary.LittleEndian, &sock) - if err != nil { - logger.GetLogger().WithError(err).Warnf("sock type err") - } - - arg.Index = uint64(a.index) - arg.Family = sock.Tuple.Family - arg.State = sock.State - arg.Type = sock.Type - arg.Protocol = sock.Tuple.Protocol - arg.Mark = sock.Mark - arg.Priority = sock.Priority - arg.Saddr = network.GetIP(sock.Tuple.Saddr, sock.Tuple.Family).String() - arg.Daddr = network.GetIP(sock.Tuple.Daddr, sock.Tuple.Family).String() - arg.Sport = uint32(sock.Tuple.Sport) - arg.Dport = uint32(sock.Tuple.Dport) - arg.Sockaddr = sock.Sockaddr - arg.Label = a.label - unix.Args = append(unix.Args, arg) - case gt.GenericSizeType, gt.GenericU64Type: - var output uint64 - var arg api.MsgGenericKprobeArgSize - - err := binary.Read(r, binary.LittleEndian, &output) - if err != nil { - logger.GetLogger().WithError(err).Warnf("Size type error sizeof %d", m.Common.Size) - } - - arg.Index = uint64(a.index) - arg.Value = output - arg.Label = a.label - unix.Args = append(unix.Args, arg) - case gt.GenericNopType: - // do nothing - case gt.GenericBpfAttr: - var output api.MsgGenericKprobeBpfAttr - var arg api.MsgGenericKprobeArgBpfAttr - - err := binary.Read(r, binary.LittleEndian, &output) - if err != nil { - logger.GetLogger().WithError(err).Warnf("bpf_attr type error") - } - arg.ProgType = output.ProgType - arg.InsnCnt = output.InsnCnt - length := bytes.IndexByte(output.ProgName[:], 0) // trim tailing null bytes - arg.ProgName = string(output.ProgName[:length]) - arg.Label = a.label - unix.Args = append(unix.Args, arg) - case gt.GenericPerfEvent: - var output api.MsgGenericKprobePerfEvent - var arg api.MsgGenericKprobeArgPerfEvent - - err := binary.Read(r, binary.LittleEndian, &output) - if err != nil { - logger.GetLogger().WithError(err).Warnf("perf_event type error") - } - length := bytes.IndexByte(output.KprobeFunc[:], 0) // trim tailing null bytes - arg.KprobeFunc = string(output.KprobeFunc[:length]) - arg.Type = output.Type - arg.Config = output.Config - arg.ProbeOffset = output.ProbeOffset - arg.Label = a.label - unix.Args = append(unix.Args, arg) - case gt.GenericBpfMap: - var output api.MsgGenericKprobeBpfMap - var arg api.MsgGenericKprobeArgBpfMap - - err := binary.Read(r, binary.LittleEndian, &output) - if err != nil { - logger.GetLogger().WithError(err).Warnf("bpf_map type error") - } - - arg.MapType = output.MapType - arg.KeySize = output.KeySize - arg.ValueSize = output.ValueSize - arg.MaxEntries = output.MaxEntries - length := bytes.IndexByte(output.MapName[:], 0) // trim tailing null bytes - arg.MapName = string(output.MapName[:length]) - arg.Label = a.label - unix.Args = append(unix.Args, arg) - case gt.GenericU32Type: - var output uint32 - var arg api.MsgGenericKprobeArgUInt - - err := binary.Read(r, binary.LittleEndian, &output) - if err != nil { - logger.GetLogger().WithError(err).Warnf("UInt type error") - } - - arg.Index = uint64(a.index) - arg.Value = output - arg.Label = a.label - unix.Args = append(unix.Args, arg) - case gt.GenericUserNamespace: - var output api.MsgGenericUserNamespace - var arg api.MsgGenericKprobeArgUserNamespace - - err := binary.Read(r, binary.LittleEndian, &output) - if err != nil { - logger.GetLogger().WithError(err).Warnf("user_namespace type error") - } - arg.Level = output.Level - arg.Uid = output.Uid - arg.Gid = output.Gid - arg.NsInum = output.NsInum - arg.Label = a.label - unix.Args = append(unix.Args, arg) - case gt.GenericCapability: - var output api.MsgGenericKprobeCapability - var arg api.MsgGenericKprobeArgCapability - - err := binary.Read(r, binary.LittleEndian, &output) - if err != nil { - logger.GetLogger().WithError(err).Warnf("capability type error") - } - arg.Value = output.Value - arg.Label = a.label - unix.Args = append(unix.Args, arg) - case gt.GenericLoadModule: - var output api.MsgGenericLoadModule - var arg api.MsgGenericKprobeArgLoadModule - - err := binary.Read(r, binary.LittleEndian, &output) - if err != nil { - logger.GetLogger().WithError(err).Warnf("load_module type error") - } else if output.Name[0] != 0x00 { - i := bytes.IndexByte(output.Name[:api.MODULE_NAME_LEN], 0) - if i == -1 { - i = api.MODULE_NAME_LEN - } - arg.Name = string(output.Name[:i]) - arg.SigOk = output.SigOk - arg.Taints = output.Taints - } - arg.Label = a.label - unix.Args = append(unix.Args, arg) - case gt.GenericKernelModule: - var output api.MsgGenericLoadModule - var arg api.MsgGenericKprobeArgKernelModule - - err := binary.Read(r, binary.LittleEndian, &output) - if err != nil { - logger.GetLogger().WithError(err).Warnf("kernel module type error") - } else if output.Name[0] != 0x00 { - i := bytes.IndexByte(output.Name[:api.MODULE_NAME_LEN], 0) - if i == -1 { - i = api.MODULE_NAME_LEN - } - arg.Name = string(output.Name[:i]) - arg.Taints = output.Taints - } - arg.Label = a.label - unix.Args = append(unix.Args, arg) - default: - logger.GetLogger().WithError(err).WithField("event-type", a.ty).Warnf("Unknown event type") + arg := getArg(r, a) + // nop or unknown type (already logged) + if arg == nil { + continue } + unix.Args = append(unix.Args, arg) } // Cache return value on merge and run return filters below before From 22bbae4e2a66e969c24c7564823f5377b2a8bb29 Mon Sep 17 00:00:00 2001 From: Jiri Olsa Date: Sun, 21 Jan 2024 08:06:57 +0000 Subject: [PATCH 04/14] tetragon: Move argument grpc code to getKprobeArgument Moving argument grpc code to getKprobeArgument function, so it can be used from uprobe code in following changes. Signed-off-by: Jiri Olsa --- pkg/grpc/tracing/tracing.go | 345 ++++++++++++++++++------------------ 1 file changed, 175 insertions(+), 170 deletions(-) diff --git a/pkg/grpc/tracing/tracing.go b/pkg/grpc/tracing/tracing.go index 5778fb36a94..a47aeaf13b1 100644 --- a/pkg/grpc/tracing/tracing.go +++ b/pkg/grpc/tracing/tracing.go @@ -67,6 +67,180 @@ func kprobeAction(act uint64) tetragon.KprobeAction { } } +func getKprobeArgument(arg tracingapi.MsgGenericKprobeArg) *tetragon.KprobeArgument { + a := &tetragon.KprobeArgument{} + switch e := arg.(type) { + case api.MsgGenericKprobeArgInt: + a.Arg = &tetragon.KprobeArgument_IntArg{IntArg: e.Value} + a.Label = e.Label + case api.MsgGenericKprobeArgUInt: + a.Arg = &tetragon.KprobeArgument_UintArg{UintArg: e.Value} + a.Label = e.Label + case api.MsgGenericKprobeArgSize: + a.Arg = &tetragon.KprobeArgument_SizeArg{SizeArg: e.Value} + a.Label = e.Label + case api.MsgGenericKprobeArgString: + a.Arg = &tetragon.KprobeArgument_StringArg{StringArg: e.Value} + a.Label = e.Label + case api.MsgGenericKprobeArgSock: + sockArg := &tetragon.KprobeSock{ + Cookie: e.Sockaddr, + Family: network.InetFamily(e.Family), + State: network.TcpState(e.State), + Type: network.InetType(e.Type), + Protocol: network.InetProtocol(e.Protocol), + Mark: e.Mark, + Priority: e.Priority, + Saddr: e.Saddr, + Daddr: e.Daddr, + Sport: e.Sport, + Dport: e.Dport, + } + a.Arg = &tetragon.KprobeArgument_SockArg{SockArg: sockArg} + a.Label = e.Label + case api.MsgGenericKprobeArgSkb: + skbArg := &tetragon.KprobeSkb{ + Hash: e.Hash, + Len: e.Len, + Priority: e.Priority, + Mark: e.Mark, + Saddr: e.Saddr, + Daddr: e.Daddr, + Sport: e.Sport, + Dport: e.Dport, + Proto: e.Proto, + Protocol: network.InetProtocol(uint16(e.Proto)), + SecPathLen: e.SecPathLen, + SecPathOlen: e.SecPathOLen, + Family: network.InetFamily(e.Family), + } + a.Arg = &tetragon.KprobeArgument_SkbArg{SkbArg: skbArg} + a.Label = e.Label + case api.MsgGenericKprobeArgCred: + credArg := &tetragon.ProcessCredentials{ + Uid: &wrapperspb.UInt32Value{Value: e.Uid}, + Gid: &wrapperspb.UInt32Value{Value: e.Gid}, + Euid: &wrapperspb.UInt32Value{Value: e.Euid}, + Egid: &wrapperspb.UInt32Value{Value: e.Egid}, + Suid: &wrapperspb.UInt32Value{Value: e.Suid}, + Sgid: &wrapperspb.UInt32Value{Value: e.Sgid}, + Fsuid: &wrapperspb.UInt32Value{Value: e.FSuid}, + Fsgid: &wrapperspb.UInt32Value{Value: e.FSgid}, + Securebits: caps.GetSecureBitsTypes(e.SecureBits), + } + credArg.Caps = &tetragon.Capabilities{ + Permitted: caps.GetCapabilitiesTypes(e.Cap.Permitted), + Effective: caps.GetCapabilitiesTypes(e.Cap.Effective), + Inheritable: caps.GetCapabilitiesTypes(e.Cap.Inheritable), + } + credArg.UserNs = &tetragon.UserNamespace{ + Level: &wrapperspb.Int32Value{Value: e.UserNs.Level}, + Uid: &wrapperspb.UInt32Value{Value: e.UserNs.Uid}, + Gid: &wrapperspb.UInt32Value{Value: e.UserNs.Gid}, + Ns: &tetragon.Namespace{ + Inum: e.UserNs.NsInum, + }, + } + if e.UserNs.Level == 0 { + credArg.UserNs.Ns.IsHost = true + } + a.Arg = &tetragon.KprobeArgument_ProcessCredentialsArg{ProcessCredentialsArg: credArg} + a.Label = e.Label + case api.MsgGenericKprobeArgBytes: + if e.OrigSize > uint64(len(e.Value)) { + a.Arg = &tetragon.KprobeArgument_TruncatedBytesArg{ + TruncatedBytesArg: &tetragon.KprobeTruncatedBytes{ + OrigSize: e.OrigSize, + BytesArg: e.Value, + }, + } + } else { + a.Arg = &tetragon.KprobeArgument_BytesArg{BytesArg: e.Value} + } + a.Label = e.Label + case api.MsgGenericKprobeArgFile: + fileArg := &tetragon.KprobeFile{ + Path: e.Value, + Flags: path.FilePathFlagsToStr(e.Flags), + } + a.Arg = &tetragon.KprobeArgument_FileArg{FileArg: fileArg} + a.Label = e.Label + case api.MsgGenericKprobeArgPath: + pathArg := &tetragon.KprobePath{ + Path: e.Value, + Flags: path.FilePathFlagsToStr(e.Flags), + } + a.Arg = &tetragon.KprobeArgument_PathArg{PathArg: pathArg} + a.Label = e.Label + case api.MsgGenericKprobeArgBpfAttr: + bpfAttrArg := &tetragon.KprobeBpfAttr{ + ProgType: bpf.GetProgType(e.ProgType), + InsnCnt: e.InsnCnt, + ProgName: e.ProgName, + } + a.Arg = &tetragon.KprobeArgument_BpfAttrArg{BpfAttrArg: bpfAttrArg} + a.Label = e.Label + case api.MsgGenericKprobeArgPerfEvent: + perfEventArg := &tetragon.KprobePerfEvent{ + KprobeFunc: e.KprobeFunc, + Type: bpf.GetPerfEventType(e.Type), + Config: e.Config, + ProbeOffset: e.ProbeOffset, + } + a.Arg = &tetragon.KprobeArgument_PerfEventArg{PerfEventArg: perfEventArg} + a.Label = e.Label + case api.MsgGenericKprobeArgBpfMap: + bpfMapArg := &tetragon.KprobeBpfMap{ + MapType: bpf.GetBpfMapType(e.MapType), + KeySize: e.KeySize, + ValueSize: e.ValueSize, + MaxEntries: e.MaxEntries, + MapName: e.MapName, + } + a.Arg = &tetragon.KprobeArgument_BpfMapArg{BpfMapArg: bpfMapArg} + a.Label = e.Label + case api.MsgGenericKprobeArgUserNamespace: + nsArg := &tetragon.UserNamespace{ + Level: &wrapperspb.Int32Value{Value: e.Level}, + Uid: &wrapperspb.UInt32Value{Value: e.Uid}, + Gid: &wrapperspb.UInt32Value{Value: e.Gid}, + Ns: &tetragon.Namespace{ + Inum: e.NsInum, + }, + } + if e.Level == 0 { + nsArg.Ns.IsHost = true + } + a.Arg = &tetragon.KprobeArgument_UserNsArg{UserNsArg: nsArg} + a.Label = e.Label + case api.MsgGenericKprobeArgCapability: + cArg := &tetragon.KprobeCapability{ + Value: &wrapperspb.Int32Value{Value: e.Value}, + } + cArg.Name, _ = caps.GetCapability(e.Value) + a.Arg = &tetragon.KprobeArgument_CapabilityArg{CapabilityArg: cArg} + a.Label = e.Label + case api.MsgGenericKprobeArgLoadModule: + mArg := &tetragon.KernelModule{ + Name: e.Name, + SignatureOk: &wrapperspb.BoolValue{Value: e.SigOk != 0}, + Tainted: kernel.GetTaintedBitsTypes(e.Taints), + } + a.Arg = &tetragon.KprobeArgument_ModuleArg{ModuleArg: mArg} + a.Label = e.Label + case api.MsgGenericKprobeArgKernelModule: + mArg := &tetragon.KernelModule{ + Name: e.Name, + Tainted: kernel.GetTaintedBitsTypes(e.Taints), + } + a.Arg = &tetragon.KprobeArgument_ModuleArg{ModuleArg: mArg} + a.Label = e.Label + default: + logger.GetLogger().WithField("arg", e).Warnf("unexpected type: %T", e) + } + return a +} + func GetProcessKprobe(event *MsgGenericKprobeUnix) *tetragon.ProcessKprobe { var tetragonParent, tetragonProcess *tetragon.Process var tetragonArgs []*tetragon.KprobeArgument @@ -89,176 +263,7 @@ func GetProcessKprobe(event *MsgGenericKprobeUnix) *tetragon.ProcessKprobe { } for _, arg := range event.Args { - a := &tetragon.KprobeArgument{} - switch e := arg.(type) { - case api.MsgGenericKprobeArgInt: - a.Arg = &tetragon.KprobeArgument_IntArg{IntArg: e.Value} - a.Label = e.Label - case api.MsgGenericKprobeArgUInt: - a.Arg = &tetragon.KprobeArgument_UintArg{UintArg: e.Value} - a.Label = e.Label - case api.MsgGenericKprobeArgSize: - a.Arg = &tetragon.KprobeArgument_SizeArg{SizeArg: e.Value} - a.Label = e.Label - case api.MsgGenericKprobeArgString: - a.Arg = &tetragon.KprobeArgument_StringArg{StringArg: e.Value} - a.Label = e.Label - case api.MsgGenericKprobeArgSock: - sockArg := &tetragon.KprobeSock{ - Cookie: e.Sockaddr, - Family: network.InetFamily(e.Family), - State: network.TcpState(e.State), - Type: network.InetType(e.Type), - Protocol: network.InetProtocol(e.Protocol), - Mark: e.Mark, - Priority: e.Priority, - Saddr: e.Saddr, - Daddr: e.Daddr, - Sport: e.Sport, - Dport: e.Dport, - } - a.Arg = &tetragon.KprobeArgument_SockArg{SockArg: sockArg} - a.Label = e.Label - case api.MsgGenericKprobeArgSkb: - skbArg := &tetragon.KprobeSkb{ - Hash: e.Hash, - Len: e.Len, - Priority: e.Priority, - Mark: e.Mark, - Saddr: e.Saddr, - Daddr: e.Daddr, - Sport: e.Sport, - Dport: e.Dport, - Proto: e.Proto, - Protocol: network.InetProtocol(uint16(e.Proto)), - SecPathLen: e.SecPathLen, - SecPathOlen: e.SecPathOLen, - Family: network.InetFamily(e.Family), - } - a.Arg = &tetragon.KprobeArgument_SkbArg{SkbArg: skbArg} - a.Label = e.Label - case api.MsgGenericKprobeArgCred: - credArg := &tetragon.ProcessCredentials{ - Uid: &wrapperspb.UInt32Value{Value: e.Uid}, - Gid: &wrapperspb.UInt32Value{Value: e.Gid}, - Euid: &wrapperspb.UInt32Value{Value: e.Euid}, - Egid: &wrapperspb.UInt32Value{Value: e.Egid}, - Suid: &wrapperspb.UInt32Value{Value: e.Suid}, - Sgid: &wrapperspb.UInt32Value{Value: e.Sgid}, - Fsuid: &wrapperspb.UInt32Value{Value: e.FSuid}, - Fsgid: &wrapperspb.UInt32Value{Value: e.FSgid}, - Securebits: caps.GetSecureBitsTypes(e.SecureBits), - } - credArg.Caps = &tetragon.Capabilities{ - Permitted: caps.GetCapabilitiesTypes(e.Cap.Permitted), - Effective: caps.GetCapabilitiesTypes(e.Cap.Effective), - Inheritable: caps.GetCapabilitiesTypes(e.Cap.Inheritable), - } - credArg.UserNs = &tetragon.UserNamespace{ - Level: &wrapperspb.Int32Value{Value: e.UserNs.Level}, - Uid: &wrapperspb.UInt32Value{Value: e.UserNs.Uid}, - Gid: &wrapperspb.UInt32Value{Value: e.UserNs.Gid}, - Ns: &tetragon.Namespace{ - Inum: e.UserNs.NsInum, - }, - } - if e.UserNs.Level == 0 { - credArg.UserNs.Ns.IsHost = true - } - a.Arg = &tetragon.KprobeArgument_ProcessCredentialsArg{ProcessCredentialsArg: credArg} - a.Label = e.Label - case api.MsgGenericKprobeArgBytes: - if e.OrigSize > uint64(len(e.Value)) { - a.Arg = &tetragon.KprobeArgument_TruncatedBytesArg{ - TruncatedBytesArg: &tetragon.KprobeTruncatedBytes{ - OrigSize: e.OrigSize, - BytesArg: e.Value, - }, - } - } else { - a.Arg = &tetragon.KprobeArgument_BytesArg{BytesArg: e.Value} - } - a.Label = e.Label - case api.MsgGenericKprobeArgFile: - fileArg := &tetragon.KprobeFile{ - Path: e.Value, - Flags: path.FilePathFlagsToStr(e.Flags), - } - a.Arg = &tetragon.KprobeArgument_FileArg{FileArg: fileArg} - a.Label = e.Label - case api.MsgGenericKprobeArgPath: - pathArg := &tetragon.KprobePath{ - Path: e.Value, - Flags: path.FilePathFlagsToStr(e.Flags), - } - a.Arg = &tetragon.KprobeArgument_PathArg{PathArg: pathArg} - a.Label = e.Label - case api.MsgGenericKprobeArgBpfAttr: - bpfAttrArg := &tetragon.KprobeBpfAttr{ - ProgType: bpf.GetProgType(e.ProgType), - InsnCnt: e.InsnCnt, - ProgName: e.ProgName, - } - a.Arg = &tetragon.KprobeArgument_BpfAttrArg{BpfAttrArg: bpfAttrArg} - a.Label = e.Label - case api.MsgGenericKprobeArgPerfEvent: - perfEventArg := &tetragon.KprobePerfEvent{ - KprobeFunc: e.KprobeFunc, - Type: bpf.GetPerfEventType(e.Type), - Config: e.Config, - ProbeOffset: e.ProbeOffset, - } - a.Arg = &tetragon.KprobeArgument_PerfEventArg{PerfEventArg: perfEventArg} - a.Label = e.Label - case api.MsgGenericKprobeArgBpfMap: - bpfMapArg := &tetragon.KprobeBpfMap{ - MapType: bpf.GetBpfMapType(e.MapType), - KeySize: e.KeySize, - ValueSize: e.ValueSize, - MaxEntries: e.MaxEntries, - MapName: e.MapName, - } - a.Arg = &tetragon.KprobeArgument_BpfMapArg{BpfMapArg: bpfMapArg} - a.Label = e.Label - case api.MsgGenericKprobeArgUserNamespace: - nsArg := &tetragon.UserNamespace{ - Level: &wrapperspb.Int32Value{Value: e.Level}, - Uid: &wrapperspb.UInt32Value{Value: e.Uid}, - Gid: &wrapperspb.UInt32Value{Value: e.Gid}, - Ns: &tetragon.Namespace{ - Inum: e.NsInum, - }, - } - if e.Level == 0 { - nsArg.Ns.IsHost = true - } - a.Arg = &tetragon.KprobeArgument_UserNsArg{UserNsArg: nsArg} - a.Label = e.Label - case api.MsgGenericKprobeArgCapability: - cArg := &tetragon.KprobeCapability{ - Value: &wrapperspb.Int32Value{Value: e.Value}, - } - cArg.Name, _ = caps.GetCapability(e.Value) - a.Arg = &tetragon.KprobeArgument_CapabilityArg{CapabilityArg: cArg} - a.Label = e.Label - case api.MsgGenericKprobeArgLoadModule: - mArg := &tetragon.KernelModule{ - Name: e.Name, - SignatureOk: &wrapperspb.BoolValue{Value: e.SigOk != 0}, - Tainted: kernel.GetTaintedBitsTypes(e.Taints), - } - a.Arg = &tetragon.KprobeArgument_ModuleArg{ModuleArg: mArg} - a.Label = e.Label - case api.MsgGenericKprobeArgKernelModule: - mArg := &tetragon.KernelModule{ - Name: e.Name, - Tainted: kernel.GetTaintedBitsTypes(e.Taints), - } - a.Arg = &tetragon.KprobeArgument_ModuleArg{ModuleArg: mArg} - a.Label = e.Label - default: - logger.GetLogger().WithField("arg", e).Warnf("unexpected type: %T", e) - } + a := getKprobeArgument(arg) if arg.IsReturnArg() { tetragonReturnArg = a } else { From 74c985fbdaa180e97c1916a48ec9bd773d191cea Mon Sep 17 00:00:00 2001 From: Jiri Olsa Date: Sun, 21 Jan 2024 08:10:21 +0000 Subject: [PATCH 05/14] tetragon: Add signed long kprobe argument type Adding signed long kprobe argument type, because it's missing and it will be used in uprobe test spec. We already have long_arg in KprobeArgument message and the support in spec and generictypes, we're just missing the processing code. Signed-off-by: Jiri Olsa --- pkg/api/tracingapi/client_kprobe.go | 14 ++++++++++++++ pkg/grpc/tracing/tracing.go | 3 +++ pkg/sensors/tracing/args.go | 13 +++++++++++++ 3 files changed, 30 insertions(+) diff --git a/pkg/api/tracingapi/client_kprobe.go b/pkg/api/tracingapi/client_kprobe.go index 25f498b5eef..8e9b709b02f 100644 --- a/pkg/api/tracingapi/client_kprobe.go +++ b/pkg/api/tracingapi/client_kprobe.go @@ -157,6 +157,20 @@ func (m MsgGenericKprobeArgSize) IsReturnArg() bool { return m.Index == ReturnArgIndex } +type MsgGenericKprobeArgLong struct { + Index uint64 + Value int64 + Label string +} + +func (m MsgGenericKprobeArgLong) GetIndex() uint64 { + return m.Index +} + +func (m MsgGenericKprobeArgLong) IsReturnArg() bool { + return m.Index == ReturnArgIndex +} + type MsgGenericKprobeTuple struct { Saddr [2]uint64 Daddr [2]uint64 diff --git a/pkg/grpc/tracing/tracing.go b/pkg/grpc/tracing/tracing.go index a47aeaf13b1..21f2a6a664e 100644 --- a/pkg/grpc/tracing/tracing.go +++ b/pkg/grpc/tracing/tracing.go @@ -79,6 +79,9 @@ func getKprobeArgument(arg tracingapi.MsgGenericKprobeArg) *tetragon.KprobeArgum case api.MsgGenericKprobeArgSize: a.Arg = &tetragon.KprobeArgument_SizeArg{SizeArg: e.Value} a.Label = e.Label + case api.MsgGenericKprobeArgLong: + a.Arg = &tetragon.KprobeArgument_LongArg{LongArg: e.Value} + a.Label = e.Label case api.MsgGenericKprobeArgString: a.Arg = &tetragon.KprobeArgument_StringArg{StringArg: e.Value} a.Label = e.Label diff --git a/pkg/sensors/tracing/args.go b/pkg/sensors/tracing/args.go index 62e86d3f37e..46d6f8e7997 100644 --- a/pkg/sensors/tracing/args.go +++ b/pkg/sensors/tracing/args.go @@ -240,6 +240,19 @@ func getArg(r *bytes.Reader, a argPrinter) tracingapi.MsgGenericKprobeArg { arg.Sockaddr = sock.Sockaddr arg.Label = a.label return arg + case gt.GenericS64Type: + var output int64 + var arg api.MsgGenericKprobeArgLong + + err := binary.Read(r, binary.LittleEndian, &output) + if err != nil { + logger.GetLogger().WithError(err).Warnf("Size type err") + } + + arg.Index = uint64(a.index) + arg.Value = output + arg.Label = a.label + return arg case gt.GenericSizeType, gt.GenericU64Type: var output uint64 var arg api.MsgGenericKprobeArgSize From 4efb0eea553b75647d53909bfb74f43785c1e7a3 Mon Sep 17 00:00:00 2001 From: Jiri Olsa Date: Sun, 21 Jan 2024 08:17:36 +0000 Subject: [PATCH 06/14] tetragon: Add support for int16 and int8 types At the moment the smallest value we can read as argument value on bpf side is 32-bit, which might be tricky if rest of the register carrying the argument value is not zeroed out. Adding support to specify 8 and 16 bit values as argument types in the spec and read just the relevant portion of the data. Signed-off-by: Jiri Olsa --- bpf/process/types/basic.h | 17 ++++++ pkg/generictypes/generictypes.go | 13 +++++ .../v1alpha1/cilium.io_tracingpolicies.yaml | 12 +++++ .../cilium.io_tracingpoliciesnamespaced.yaml | 12 +++++ pkg/k8s/apis/cilium.io/v1alpha1/types.go | 2 +- pkg/sensors/tracing/args.go | 52 +++++++++++++++++++ .../v1alpha1/cilium.io_tracingpolicies.yaml | 12 +++++ .../cilium.io_tracingpoliciesnamespaced.yaml | 12 +++++ .../pkg/k8s/apis/cilium.io/v1alpha1/types.go | 2 +- 9 files changed, 132 insertions(+), 2 deletions(-) diff --git a/bpf/process/types/basic.h b/bpf/process/types/basic.h index a4a55e8ae75..89c66c75611 100644 --- a/bpf/process/types/basic.h +++ b/bpf/process/types/basic.h @@ -63,6 +63,11 @@ enum { syscall64_type = 28, + s16_ty = 29, + u16_ty = 30, + s8_ty = 31, + u8_ty = 32, + nop_s64_ty = -10, nop_u64_ty = -11, nop_u32_ty = -12, @@ -2454,6 +2459,18 @@ read_call_arg(void *ctx, struct msg_generic_kprobe *e, int index, int type, probe_read(args, sizeof(__u32), &arg); size = sizeof(__u32); break; + case s16_ty: + case u16_ty: + /* read 2 bytes, but send 4 to keep alignment */ + probe_read(args, sizeof(__u16), &arg); + size = sizeof(__u32); + break; + case s8_ty: + case u8_ty: + /* read 1 byte, but send 4 to keep alignment */ + probe_read(args, sizeof(__u8), &arg); + size = sizeof(__u32); + break; case skb_type: size = copy_skb(args, arg); break; diff --git a/pkg/generictypes/generictypes.go b/pkg/generictypes/generictypes.go index 9e6500ee3c9..98405028413 100644 --- a/pkg/generictypes/generictypes.go +++ b/pkg/generictypes/generictypes.go @@ -39,6 +39,11 @@ const ( GenericSyscall64 = 28 + GenericS16Type = 29 + GenericU16Type = 30 + GenericS8Type = 31 + GenericU8Type = 32 + GenericNopType = -1 GenericInvalidType = -2 ) @@ -101,6 +106,14 @@ func GenericTypeFromString(arg string) int { return GenericKernelModule case "syscall64": return GenericSyscall64 + case "sint16", "int16": + return GenericS16Type + case "uint16": + return GenericU16Type + case "sint8", "int8": + return GenericS8Type + case "uint8": + return GenericU8Type default: return GenericInvalidType } diff --git a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml index 4569c8932f0..c07f2852934 100644 --- a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml +++ b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml @@ -96,6 +96,10 @@ spec: enum: - auto - int + - int8 + - uint8 + - int16 + - uint16 - uint32 - int32 - uint64 @@ -183,6 +187,10 @@ spec: enum: - auto - int + - int8 + - uint8 + - int16 + - uint16 - uint32 - int32 - uint64 @@ -823,6 +831,10 @@ spec: enum: - auto - int + - int8 + - uint8 + - int16 + - uint16 - uint32 - int32 - uint64 diff --git a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml index 4c679d27a23..0fd6659401c 100644 --- a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml +++ b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml @@ -96,6 +96,10 @@ spec: enum: - auto - int + - int8 + - uint8 + - int16 + - uint16 - uint32 - int32 - uint64 @@ -183,6 +187,10 @@ spec: enum: - auto - int + - int8 + - uint8 + - int16 + - uint16 - uint32 - int32 - uint64 @@ -823,6 +831,10 @@ spec: enum: - auto - int + - int8 + - uint8 + - int16 + - uint16 - uint32 - int32 - uint64 diff --git a/pkg/k8s/apis/cilium.io/v1alpha1/types.go b/pkg/k8s/apis/cilium.io/v1alpha1/types.go index ee86aba3047..ecce10f9339 100644 --- a/pkg/k8s/apis/cilium.io/v1alpha1/types.go +++ b/pkg/k8s/apis/cilium.io/v1alpha1/types.go @@ -55,7 +55,7 @@ type KProbeArg struct { // +kubebuilder:validation:Minimum=0 // Position of the argument. Index uint32 `json:"index"` - // +kubebuilder:validation:Enum=auto;int;uint32;int32;uint64;int64;char_buf;char_iovec;size_t;skb;sock;string;fd;file;filename;path;nop;bpf_attr;perf_event;bpf_map;user_namespace;capability;kiocb;iov_iter;cred;load_info;module;syscall64; + // +kubebuilder:validation:Enum=auto;int;int8;uint8;int16;uint16;uint32;int32;uint64;int64;char_buf;char_iovec;size_t;skb;sock;string;fd;file;filename;path;nop;bpf_attr;perf_event;bpf_map;user_namespace;capability;kiocb;iov_iter;cred;load_info;module;syscall64; // +kubebuilder:default=auto // Argument type. Type string `json:"type"` diff --git a/pkg/sensors/tracing/args.go b/pkg/sensors/tracing/args.go index 46d6f8e7997..6b54511511e 100644 --- a/pkg/sensors/tracing/args.go +++ b/pkg/sensors/tracing/args.go @@ -387,6 +387,58 @@ func getArg(r *bytes.Reader, a argPrinter) tracingapi.MsgGenericKprobeArg { } arg.Label = a.label return arg + case gt.GenericU16Type: + var output uint32 + var arg api.MsgGenericKprobeArgUInt + + err := binary.Read(r, binary.LittleEndian, &output) + if err != nil { + logger.GetLogger().WithError(err).Warnf("UInt type error") + } + + arg.Index = uint64(a.index) + arg.Value = uint32(uint16(output)) + arg.Label = a.label + return arg + case gt.GenericU8Type: + var output uint32 + var arg api.MsgGenericKprobeArgUInt + + err := binary.Read(r, binary.LittleEndian, &output) + if err != nil { + logger.GetLogger().WithError(err).Warnf("UInt type error") + } + + arg.Index = uint64(a.index) + arg.Value = uint32(uint8(output)) + arg.Label = a.label + return arg + case gt.GenericS16Type: + var output uint32 + var arg api.MsgGenericKprobeArgInt + + err := binary.Read(r, binary.LittleEndian, &output) + if err != nil { + logger.GetLogger().WithError(err).Warnf("Int type error") + } + + arg.Index = uint64(a.index) + arg.Value = int32(int16(output)) + arg.Label = a.label + return arg + case gt.GenericS8Type: + var output uint32 + var arg api.MsgGenericKprobeArgInt + + err := binary.Read(r, binary.LittleEndian, &output) + if err != nil { + logger.GetLogger().WithError(err).Warnf("Int type error") + } + + arg.Index = uint64(a.index) + arg.Value = int32(int8(output)) + arg.Label = a.label + return arg default: logger.GetLogger().WithError(err).WithField("event-type", a.ty).Warnf("Unknown event type") } diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml index 4569c8932f0..c07f2852934 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml @@ -96,6 +96,10 @@ spec: enum: - auto - int + - int8 + - uint8 + - int16 + - uint16 - uint32 - int32 - uint64 @@ -183,6 +187,10 @@ spec: enum: - auto - int + - int8 + - uint8 + - int16 + - uint16 - uint32 - int32 - uint64 @@ -823,6 +831,10 @@ spec: enum: - auto - int + - int8 + - uint8 + - int16 + - uint16 - uint32 - int32 - uint64 diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml index 4c679d27a23..0fd6659401c 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml @@ -96,6 +96,10 @@ spec: enum: - auto - int + - int8 + - uint8 + - int16 + - uint16 - uint32 - int32 - uint64 @@ -183,6 +187,10 @@ spec: enum: - auto - int + - int8 + - uint8 + - int16 + - uint16 - uint32 - int32 - uint64 @@ -823,6 +831,10 @@ spec: enum: - auto - int + - int8 + - uint8 + - int16 + - uint16 - uint32 - int32 - uint64 diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/types.go b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/types.go index ee86aba3047..ecce10f9339 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/types.go +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/types.go @@ -55,7 +55,7 @@ type KProbeArg struct { // +kubebuilder:validation:Minimum=0 // Position of the argument. Index uint32 `json:"index"` - // +kubebuilder:validation:Enum=auto;int;uint32;int32;uint64;int64;char_buf;char_iovec;size_t;skb;sock;string;fd;file;filename;path;nop;bpf_attr;perf_event;bpf_map;user_namespace;capability;kiocb;iov_iter;cred;load_info;module;syscall64; + // +kubebuilder:validation:Enum=auto;int;int8;uint8;int16;uint16;uint32;int32;uint64;int64;char_buf;char_iovec;size_t;skb;sock;string;fd;file;filename;path;nop;bpf_attr;perf_event;bpf_map;user_namespace;capability;kiocb;iov_iter;cred;load_info;module;syscall64; // +kubebuilder:default=auto // Argument type. Type string `json:"type"` From f177733d2173d7ab61e46db900baa7b7d279ddca Mon Sep 17 00:00:00 2001 From: Jiri Olsa Date: Sun, 21 Jan 2024 13:32:20 +0000 Subject: [PATCH 07/14] tetragon: Add more types to btf compatibility validation Adding more types to btf compatibility validation after adding and using several new types in previous changes. Signed-off-by: Jiri Olsa --- pkg/btf/validation.go | 34 ++++++++++++++++++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) diff --git a/pkg/btf/validation.go b/pkg/btf/validation.go index 8d614ac3fbe..d81ed7ec064 100644 --- a/pkg/btf/validation.go +++ b/pkg/btf/validation.go @@ -126,8 +126,13 @@ func ValidateKprobeSpec(bspec *btf.Spec, call string, kspec *v1alpha1.KProbeSpec func getKernelType(arg btf.Type) string { suffix := "" ptr, ok := arg.(*btf.Pointer) + if ok { arg = ptr.Target + _, ok = arg.(*btf.Void) + if ok { + return "void *" + } suffix = suffix + " *" } num, ok := arg.(*btf.Int) @@ -144,14 +149,39 @@ func getKernelType(arg btf.Type) string { func typesCompatible(specTy string, kernelTy string) bool { switch specTy { + case "uint64": + switch kernelTy { + case "u64", "void *": + return true + } + case "int64": + switch kernelTy { + case "s64": + return true + } + case "int16": + switch kernelTy { + case "s16", "short int": + return true + } + case "uint16": + switch kernelTy { + case "u16", "short unsigned int": + return true + } + case "uint8": + switch kernelTy { + case "u8", "unsigned char": + return true + } case "size_t": switch kernelTy { case "size_t": return true } - case "char_buf", "string": + case "char_buf", "string", "int8": switch kernelTy { - case "const char *", "char *": + case "const char *", "char *", "char": return true } case "char_iovec": From f18b580e4803de2cb7543b1d5cee802ee3db5e35 Mon Sep 17 00:00:00 2001 From: Jiri Olsa Date: Mon, 15 Jan 2024 08:46:55 +0000 Subject: [PATCH 08/14] tetragon: Add args array to uprobe spec Adding args array to uprobe spec. Using the KProbeArg object for that, so we can re-use all the arguments code. Signed-off-by: Jiri Olsa --- .../v1alpha1/cilium.io_tracingpolicies.yaml | 81 +++++++++++++++++++ .../cilium.io_tracingpoliciesnamespaced.yaml | 81 +++++++++++++++++++ pkg/k8s/apis/cilium.io/v1alpha1/types.go | 3 + .../v1alpha1/zz_generated.deepcopy.go | 5 ++ .../v1alpha1/cilium.io_tracingpolicies.yaml | 81 +++++++++++++++++++ .../cilium.io_tracingpoliciesnamespaced.yaml | 81 +++++++++++++++++++ .../pkg/k8s/apis/cilium.io/v1alpha1/types.go | 3 + .../v1alpha1/zz_generated.deepcopy.go | 5 ++ 8 files changed, 340 insertions(+) diff --git a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml index c07f2852934..482d36963bf 100644 --- a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml +++ b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml @@ -1336,6 +1336,87 @@ spec: description: A list of uprobe specs. items: properties: + args: + description: A list of function arguments to include in the + trace output. + items: + properties: + index: + description: Position of the argument. + format: int32 + minimum: 0 + type: integer + label: + description: Label to output in the JSON + type: string + maxData: + default: false + description: Read maximum possible data (currently 327360). + This field is only used for char_buff data. When this + value is false (default), the bpf program will fetch + at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is + turned on + type: boolean + returnCopy: + default: false + description: This field is used only for char_buf and + char_iovec types. It indicates that this argument should + be read later (when the kretprobe for the symbol is + triggered) because it might not be populated when the + kprobe is triggered at the entrance of the function. + For example, a buffer supplied to read(2) won't have + content until kretprobe is triggered. + type: boolean + sizeArgIndex: + description: Specifies the position of the corresponding + size argument for this argument. This field is used + only for char_buf and char_iovec types. + format: int32 + minimum: 0 + type: integer + type: + default: auto + description: Argument type. + enum: + - auto + - int + - int8 + - uint8 + - int16 + - uint16 + - uint32 + - int32 + - uint64 + - int64 + - char_buf + - char_iovec + - size_t + - skb + - sock + - string + - fd + - file + - filename + - path + - nop + - bpf_attr + - perf_event + - bpf_map + - user_namespace + - capability + - kiocb + - iov_iter + - cred + - load_info + - module + - syscall64 + type: string + required: + - index + - type + type: object + type: array message: description: A short message of 256 characters max that will be included in the event output to inform users what is going diff --git a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml index 0fd6659401c..80ad8cb6203 100644 --- a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml +++ b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml @@ -1336,6 +1336,87 @@ spec: description: A list of uprobe specs. items: properties: + args: + description: A list of function arguments to include in the + trace output. + items: + properties: + index: + description: Position of the argument. + format: int32 + minimum: 0 + type: integer + label: + description: Label to output in the JSON + type: string + maxData: + default: false + description: Read maximum possible data (currently 327360). + This field is only used for char_buff data. When this + value is false (default), the bpf program will fetch + at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is + turned on + type: boolean + returnCopy: + default: false + description: This field is used only for char_buf and + char_iovec types. It indicates that this argument should + be read later (when the kretprobe for the symbol is + triggered) because it might not be populated when the + kprobe is triggered at the entrance of the function. + For example, a buffer supplied to read(2) won't have + content until kretprobe is triggered. + type: boolean + sizeArgIndex: + description: Specifies the position of the corresponding + size argument for this argument. This field is used + only for char_buf and char_iovec types. + format: int32 + minimum: 0 + type: integer + type: + default: auto + description: Argument type. + enum: + - auto + - int + - int8 + - uint8 + - int16 + - uint16 + - uint32 + - int32 + - uint64 + - int64 + - char_buf + - char_iovec + - size_t + - skb + - sock + - string + - fd + - file + - filename + - path + - nop + - bpf_attr + - perf_event + - bpf_map + - user_namespace + - capability + - kiocb + - iov_iter + - cred + - load_info + - module + - syscall64 + type: string + required: + - index + - type + type: object + type: array message: description: A short message of 256 characters max that will be included in the event output to inform users what is going diff --git a/pkg/k8s/apis/cilium.io/v1alpha1/types.go b/pkg/k8s/apis/cilium.io/v1alpha1/types.go index ecce10f9339..1220c8be2e8 100644 --- a/pkg/k8s/apis/cilium.io/v1alpha1/types.go +++ b/pkg/k8s/apis/cilium.io/v1alpha1/types.go @@ -262,6 +262,9 @@ type UProbeSpec struct { // +kubebuilder:validation:Optional // Selectors to apply before producing trace output. Selectors are ORed. Selectors []KProbeSelector `json:"selectors,omitempty"` + // +kubebuilder:validation:Optional + // A list of function arguments to include in the trace output. + Args []KProbeArg `json:"args,omitempty"` } type ListSpec struct { diff --git a/pkg/k8s/apis/cilium.io/v1alpha1/zz_generated.deepcopy.go b/pkg/k8s/apis/cilium.io/v1alpha1/zz_generated.deepcopy.go index 71045f50074..b1a926118ef 100644 --- a/pkg/k8s/apis/cilium.io/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/k8s/apis/cilium.io/v1alpha1/zz_generated.deepcopy.go @@ -689,6 +689,11 @@ func (in *UProbeSpec) DeepCopyInto(out *UProbeSpec) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Args != nil { + in, out := &in.Args, &out.Args + *out = make([]KProbeArg, len(*in)) + copy(*out, *in) + } return } diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml index c07f2852934..482d36963bf 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml @@ -1336,6 +1336,87 @@ spec: description: A list of uprobe specs. items: properties: + args: + description: A list of function arguments to include in the + trace output. + items: + properties: + index: + description: Position of the argument. + format: int32 + minimum: 0 + type: integer + label: + description: Label to output in the JSON + type: string + maxData: + default: false + description: Read maximum possible data (currently 327360). + This field is only used for char_buff data. When this + value is false (default), the bpf program will fetch + at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is + turned on + type: boolean + returnCopy: + default: false + description: This field is used only for char_buf and + char_iovec types. It indicates that this argument should + be read later (when the kretprobe for the symbol is + triggered) because it might not be populated when the + kprobe is triggered at the entrance of the function. + For example, a buffer supplied to read(2) won't have + content until kretprobe is triggered. + type: boolean + sizeArgIndex: + description: Specifies the position of the corresponding + size argument for this argument. This field is used + only for char_buf and char_iovec types. + format: int32 + minimum: 0 + type: integer + type: + default: auto + description: Argument type. + enum: + - auto + - int + - int8 + - uint8 + - int16 + - uint16 + - uint32 + - int32 + - uint64 + - int64 + - char_buf + - char_iovec + - size_t + - skb + - sock + - string + - fd + - file + - filename + - path + - nop + - bpf_attr + - perf_event + - bpf_map + - user_namespace + - capability + - kiocb + - iov_iter + - cred + - load_info + - module + - syscall64 + type: string + required: + - index + - type + type: object + type: array message: description: A short message of 256 characters max that will be included in the event output to inform users what is going diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml index 0fd6659401c..80ad8cb6203 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml @@ -1336,6 +1336,87 @@ spec: description: A list of uprobe specs. items: properties: + args: + description: A list of function arguments to include in the + trace output. + items: + properties: + index: + description: Position of the argument. + format: int32 + minimum: 0 + type: integer + label: + description: Label to output in the JSON + type: string + maxData: + default: false + description: Read maximum possible data (currently 327360). + This field is only used for char_buff data. When this + value is false (default), the bpf program will fetch + at most 4096 bytes. In later kernels (>=5.4) tetragon + supports fetching up to 327360 bytes if this flag is + turned on + type: boolean + returnCopy: + default: false + description: This field is used only for char_buf and + char_iovec types. It indicates that this argument should + be read later (when the kretprobe for the symbol is + triggered) because it might not be populated when the + kprobe is triggered at the entrance of the function. + For example, a buffer supplied to read(2) won't have + content until kretprobe is triggered. + type: boolean + sizeArgIndex: + description: Specifies the position of the corresponding + size argument for this argument. This field is used + only for char_buf and char_iovec types. + format: int32 + minimum: 0 + type: integer + type: + default: auto + description: Argument type. + enum: + - auto + - int + - int8 + - uint8 + - int16 + - uint16 + - uint32 + - int32 + - uint64 + - int64 + - char_buf + - char_iovec + - size_t + - skb + - sock + - string + - fd + - file + - filename + - path + - nop + - bpf_attr + - perf_event + - bpf_map + - user_namespace + - capability + - kiocb + - iov_iter + - cred + - load_info + - module + - syscall64 + type: string + required: + - index + - type + type: object + type: array message: description: A short message of 256 characters max that will be included in the event output to inform users what is going diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/types.go b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/types.go index ecce10f9339..1220c8be2e8 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/types.go +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/types.go @@ -262,6 +262,9 @@ type UProbeSpec struct { // +kubebuilder:validation:Optional // Selectors to apply before producing trace output. Selectors are ORed. Selectors []KProbeSelector `json:"selectors,omitempty"` + // +kubebuilder:validation:Optional + // A list of function arguments to include in the trace output. + Args []KProbeArg `json:"args,omitempty"` } type ListSpec struct { diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/zz_generated.deepcopy.go index 71045f50074..b1a926118ef 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/zz_generated.deepcopy.go @@ -689,6 +689,11 @@ func (in *UProbeSpec) DeepCopyInto(out *UProbeSpec) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Args != nil { + in, out := &in.Args, &out.Args + *out = make([]KProbeArg, len(*in)) + copy(*out, *in) + } return } From 81034718bb4d431e8667c7fa9152ffc88271e880 Mon Sep 17 00:00:00 2001 From: Jiri Olsa Date: Mon, 15 Jan 2024 11:36:37 +0000 Subject: [PATCH 09/14] tetragon: Add args to ProcessUprobe message Adding args field to ProcessUprobe message to carry out the uprobe's arguments. Using the KprobeArgument object for that, so we can re-use all the arguments code. Signed-off-by: Jiri Olsa --- api/v1/README.md | 1 + .../codegen/eventchecker/eventchecker.pb.go | 25 ++ api/v1/tetragon/tetragon.pb.go | 293 +++++++++--------- api/v1/tetragon/tetragon.proto | 2 + docs/content/en/docs/reference/grpc-api.md | 1 + .../codegen/eventchecker/eventchecker.pb.go | 25 ++ .../tetragon/api/v1/tetragon/tetragon.pb.go | 293 +++++++++--------- .../tetragon/api/v1/tetragon/tetragon.proto | 2 + 8 files changed, 362 insertions(+), 280 deletions(-) diff --git a/api/v1/README.md b/api/v1/README.md index 2091b791e90..761ee56f5ac 100644 --- a/api/v1/README.md +++ b/api/v1/README.md @@ -869,6 +869,7 @@ loader sensor event triggered for loaded binary/library | symbol | [string](#string) | | | | policy_name | [string](#string) | | Name of the policy that created that uprobe. | | message | [string](#string) | | Short message of the Tracing Policy to inform users what is going on. | +| args | [KprobeArgument](#tetragon-KprobeArgument) | repeated | Arguments definition of the observed uprobe. | diff --git a/api/v1/tetragon/codegen/eventchecker/eventchecker.pb.go b/api/v1/tetragon/codegen/eventchecker/eventchecker.pb.go index e2eb02f785f..94d658393be 100644 --- a/api/v1/tetragon/codegen/eventchecker/eventchecker.pb.go +++ b/api/v1/tetragon/codegen/eventchecker/eventchecker.pb.go @@ -1306,6 +1306,7 @@ type ProcessUprobeChecker struct { Symbol *stringmatcher.StringMatcher `json:"symbol,omitempty"` PolicyName *stringmatcher.StringMatcher `json:"policyName,omitempty"` Message *stringmatcher.StringMatcher `json:"message,omitempty"` + Args *KprobeArgumentListMatcher `json:"args,omitempty"` } // CheckEvent checks a single event and implements the EventChecker interface @@ -1377,6 +1378,11 @@ func (checker *ProcessUprobeChecker) Check(event *tetragon.ProcessUprobe) error return fmt.Errorf("Message check failed: %w", err) } } + if checker.Args != nil { + if err := checker.Args.Check(event.Args); err != nil { + return fmt.Errorf("Args check failed: %w", err) + } + } return nil } if err := fieldChecks(); err != nil { @@ -1421,6 +1427,12 @@ func (checker *ProcessUprobeChecker) WithMessage(check *stringmatcher.StringMatc return checker } +// WithArgs adds a Args check to the ProcessUprobeChecker +func (checker *ProcessUprobeChecker) WithArgs(check *KprobeArgumentListMatcher) *ProcessUprobeChecker { + checker.Args = check + return checker +} + //FromProcessUprobe populates the ProcessUprobeChecker using data from a ProcessUprobe event func (checker *ProcessUprobeChecker) FromProcessUprobe(event *tetragon.ProcessUprobe) *ProcessUprobeChecker { if event == nil { @@ -1436,6 +1448,19 @@ func (checker *ProcessUprobeChecker) FromProcessUprobe(event *tetragon.ProcessUp checker.Symbol = stringmatcher.Full(event.Symbol) checker.PolicyName = stringmatcher.Full(event.PolicyName) checker.Message = stringmatcher.Full(event.Message) + { + var checks []*KprobeArgumentChecker + for _, check := range event.Args { + var convertedCheck *KprobeArgumentChecker + if check != nil { + convertedCheck = NewKprobeArgumentChecker().FromKprobeArgument(check) + } + checks = append(checks, convertedCheck) + } + lm := NewKprobeArgumentListMatcher().WithOperator(listmatcher.Ordered). + WithValues(checks...) + checker.Args = lm + } return checker } diff --git a/api/v1/tetragon/tetragon.pb.go b/api/v1/tetragon/tetragon.pb.go index 99bfda02d31..9ba7b0663b5 100644 --- a/api/v1/tetragon/tetragon.pb.go +++ b/api/v1/tetragon/tetragon.pb.go @@ -2947,6 +2947,8 @@ type ProcessUprobe struct { PolicyName string `protobuf:"bytes,5,opt,name=policy_name,json=policyName,proto3" json:"policy_name,omitempty"` // Short message of the Tracing Policy to inform users what is going on. Message string `protobuf:"bytes,6,opt,name=message,proto3" json:"message,omitempty"` + // Arguments definition of the observed uprobe. + Args []*KprobeArgument `protobuf:"bytes,7,rep,name=args,proto3" json:"args,omitempty"` } func (x *ProcessUprobe) Reset() { @@ -3023,6 +3025,13 @@ func (x *ProcessUprobe) GetMessage() string { return "" } +func (x *ProcessUprobe) GetArgs() []*KprobeArgument { + if x != nil { + return x.Args + } + return nil +} + type KernelModule struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -4074,7 +4083,7 @@ var file_tetragon_tetragon_proto_rawDesc = []byte{ 0x67, 0x6f, 0x6e, 0x2e, 0x4b, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, - 0x67, 0x65, 0x22, 0xce, 0x01, 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x55, 0x70, + 0x67, 0x65, 0x22, 0xfc, 0x01, 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x55, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x12, 0x2b, 0x0a, 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x52, 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, @@ -4087,132 +4096,135 @@ var file_tetragon_tetragon_proto_rawDesc = []byte{ 0x63, 0x79, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x73, 0x73, - 0x61, 0x67, 0x65, 0x22, 0x96, 0x01, 0x0a, 0x0c, 0x4b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x4d, 0x6f, - 0x64, 0x75, 0x6c, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3d, 0x0a, 0x0c, 0x73, 0x69, 0x67, 0x6e, - 0x61, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x6f, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0b, 0x73, 0x69, 0x67, 0x6e, - 0x61, 0x74, 0x75, 0x72, 0x65, 0x4f, 0x6b, 0x12, 0x33, 0x0a, 0x07, 0x74, 0x61, 0x69, 0x6e, 0x74, - 0x65, 0x64, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x19, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, - 0x67, 0x6f, 0x6e, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x42, 0x69, 0x74, 0x73, 0x54, - 0x79, 0x70, 0x65, 0x52, 0x07, 0x74, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x22, 0x56, 0x0a, 0x04, - 0x54, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x30, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x30, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x31, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x31, 0x12, 0x12, 0x0a, 0x04, - 0x61, 0x72, 0x67, 0x32, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x32, - 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x33, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, - 0x61, 0x72, 0x67, 0x33, 0x22, 0x51, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x48, 0x65, 0x61, 0x6c, 0x74, - 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x37, - 0x0a, 0x09, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, 0x03, 0x28, - 0x0e, 0x32, 0x1a, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, - 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x54, 0x79, 0x70, 0x65, 0x52, 0x08, 0x65, - 0x76, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x74, 0x22, 0x90, 0x01, 0x0a, 0x0c, 0x48, 0x65, 0x61, 0x6c, - 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x30, 0x0a, 0x05, 0x65, 0x76, 0x65, 0x6e, - 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, - 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x54, - 0x79, 0x70, 0x65, 0x52, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x34, 0x0a, 0x06, 0x73, 0x74, - 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c, 0x2e, 0x74, 0x65, 0x74, + 0x61, 0x67, 0x65, 0x12, 0x2c, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x18, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x4b, 0x70, 0x72, + 0x6f, 0x62, 0x65, 0x41, 0x72, 0x67, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x04, 0x61, 0x72, 0x67, + 0x73, 0x22, 0x96, 0x01, 0x0a, 0x0c, 0x4b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x4d, 0x6f, 0x64, 0x75, + 0x6c, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3d, 0x0a, 0x0c, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, + 0x75, 0x72, 0x65, 0x5f, 0x6f, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, + 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, + 0x75, 0x72, 0x65, 0x4f, 0x6b, 0x12, 0x33, 0x0a, 0x07, 0x74, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, + 0x18, 0x03, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x19, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, + 0x6e, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x42, 0x69, 0x74, 0x73, 0x54, 0x79, 0x70, + 0x65, 0x52, 0x07, 0x74, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x22, 0x56, 0x0a, 0x04, 0x54, 0x65, + 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x30, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, + 0x52, 0x04, 0x61, 0x72, 0x67, 0x30, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x31, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x31, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, + 0x67, 0x32, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x32, 0x12, 0x12, + 0x0a, 0x04, 0x61, 0x72, 0x67, 0x33, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, + 0x67, 0x33, 0x22, 0x51, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, + 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x37, 0x0a, 0x09, + 0x65, 0x76, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0e, 0x32, + 0x1a, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, + 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x54, 0x79, 0x70, 0x65, 0x52, 0x08, 0x65, 0x76, 0x65, + 0x6e, 0x74, 0x53, 0x65, 0x74, 0x22, 0x90, 0x01, 0x0a, 0x0c, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, + 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x30, 0x0a, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, + 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x54, 0x79, 0x70, + 0x65, 0x52, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x34, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, + 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, + 0x67, 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, + 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x18, + 0x0a, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x22, 0x56, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x48, + 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x12, 0x3b, 0x0a, 0x0d, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, 0x73, 0x74, + 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, - 0x75, 0x73, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, - 0x12, 0x18, 0x0a, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x22, 0x56, 0x0a, 0x17, 0x47, 0x65, - 0x74, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3b, 0x0a, 0x0d, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, - 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x74, - 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, - 0x61, 0x74, 0x75, 0x73, 0x52, 0x0c, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, - 0x75, 0x73, 0x22, 0x6a, 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x61, - 0x64, 0x65, 0x72, 0x12, 0x2b, 0x0a, 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, - 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x52, 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, - 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, - 0x70, 0x61, 0x74, 0x68, 0x12, 0x18, 0x0a, 0x07, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x69, 0x64, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x69, 0x64, 0x22, 0x64, - 0x0a, 0x12, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x48, 0x6f, 0x6f, 0x6b, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x12, 0x45, 0x0a, 0x0f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, - 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, - 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, - 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x48, 0x00, 0x52, 0x0f, 0x63, 0x72, 0x65, 0x61, - 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x42, 0x07, 0x0a, 0x05, 0x65, - 0x76, 0x65, 0x6e, 0x74, 0x22, 0x15, 0x0a, 0x13, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x48, - 0x6f, 0x6f, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0xdb, 0x01, 0x0a, 0x0f, - 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x12, - 0x20, 0x0a, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x50, 0x61, 0x74, 0x68, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x50, 0x61, 0x74, - 0x68, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x44, 0x69, 0x72, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x44, 0x69, 0x72, 0x12, 0x4c, 0x0a, 0x0b, 0x61, - 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x2a, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x43, 0x72, 0x65, 0x61, - 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x6e, 0x6e, 0x6f, - 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x61, 0x6e, - 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x3e, 0x0a, 0x10, 0x41, 0x6e, 0x6e, - 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, - 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, - 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x5b, 0x0a, 0x0f, 0x53, 0x74, 0x61, - 0x63, 0x6b, 0x54, 0x72, 0x61, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x18, 0x0a, 0x07, - 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x61, - 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, 0x16, - 0x0a, 0x06, 0x73, 0x79, 0x6d, 0x62, 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, - 0x73, 0x79, 0x6d, 0x62, 0x6f, 0x6c, 0x2a, 0x93, 0x03, 0x0a, 0x0c, 0x4b, 0x70, 0x72, 0x6f, 0x62, - 0x65, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x50, 0x52, 0x4f, 0x42, - 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, - 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, - 0x49, 0x4f, 0x4e, 0x5f, 0x50, 0x4f, 0x53, 0x54, 0x10, 0x01, 0x12, 0x1a, 0x0a, 0x16, 0x4b, 0x50, - 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x46, 0x4f, 0x4c, 0x4c, - 0x4f, 0x57, 0x46, 0x44, 0x10, 0x02, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, - 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x49, 0x47, 0x4b, 0x49, 0x4c, 0x4c, 0x10, - 0x03, 0x12, 0x1c, 0x0a, 0x18, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, - 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x46, 0x4f, 0x4c, 0x4c, 0x4f, 0x57, 0x46, 0x44, 0x10, 0x04, 0x12, - 0x1a, 0x0a, 0x16, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, - 0x5f, 0x4f, 0x56, 0x45, 0x52, 0x52, 0x49, 0x44, 0x45, 0x10, 0x05, 0x12, 0x18, 0x0a, 0x14, 0x4b, - 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x43, 0x4f, 0x50, - 0x59, 0x46, 0x44, 0x10, 0x06, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, - 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x47, 0x45, 0x54, 0x55, 0x52, 0x4c, 0x10, 0x07, 0x12, - 0x1b, 0x0a, 0x17, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, - 0x5f, 0x44, 0x4e, 0x53, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x10, 0x08, 0x12, 0x18, 0x0a, 0x14, - 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4e, 0x4f, - 0x50, 0x4f, 0x53, 0x54, 0x10, 0x09, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, - 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x4c, 0x10, 0x0a, - 0x12, 0x1b, 0x0a, 0x17, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, - 0x4e, 0x5f, 0x54, 0x52, 0x41, 0x43, 0x4b, 0x53, 0x4f, 0x43, 0x4b, 0x10, 0x0b, 0x12, 0x1d, 0x0a, - 0x19, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, - 0x4e, 0x54, 0x52, 0x41, 0x43, 0x4b, 0x53, 0x4f, 0x43, 0x4b, 0x10, 0x0c, 0x12, 0x1e, 0x0a, 0x1a, - 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4e, 0x4f, - 0x54, 0x49, 0x46, 0x59, 0x4b, 0x49, 0x4c, 0x4c, 0x45, 0x52, 0x10, 0x0d, 0x2a, 0x4f, 0x0a, 0x10, - 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x54, 0x79, 0x70, 0x65, - 0x12, 0x1c, 0x0a, 0x18, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, - 0x53, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x10, 0x00, 0x12, 0x1d, - 0x0a, 0x19, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, - 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x10, 0x01, 0x2a, 0x7c, 0x0a, - 0x12, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, - 0x75, 0x6c, 0x74, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, - 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, - 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x52, 0x55, - 0x4e, 0x4e, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x45, 0x41, 0x4c, 0x54, - 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x53, 0x54, 0x4f, 0x50, 0x50, 0x45, 0x44, - 0x10, 0x02, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, - 0x54, 0x55, 0x53, 0x5f, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0x03, 0x2a, 0x8d, 0x02, 0x0a, 0x0f, - 0x54, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x42, 0x69, 0x74, 0x73, 0x54, 0x79, 0x70, 0x65, 0x12, - 0x0f, 0x0a, 0x0b, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x55, 0x4e, 0x53, 0x45, 0x54, 0x10, 0x00, - 0x12, 0x1c, 0x0a, 0x18, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x50, 0x52, 0x4f, 0x50, 0x52, 0x49, - 0x45, 0x54, 0x41, 0x52, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x17, - 0x0a, 0x13, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x44, 0x5f, 0x4d, - 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x02, 0x12, 0x1e, 0x0a, 0x1a, 0x54, 0x41, 0x49, 0x4e, 0x54, - 0x5f, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x44, 0x5f, 0x55, 0x4e, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x4d, - 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x04, 0x12, 0x18, 0x0a, 0x13, 0x54, 0x41, 0x49, 0x4e, 0x54, - 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, - 0x08, 0x12, 0x1d, 0x0a, 0x18, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x4f, 0x55, 0x54, 0x5f, 0x4f, - 0x46, 0x5f, 0x54, 0x52, 0x45, 0x45, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x20, - 0x12, 0x1a, 0x0a, 0x15, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x55, 0x4e, 0x53, 0x49, 0x47, 0x4e, - 0x45, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x40, 0x12, 0x24, 0x0a, 0x1e, - 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x4b, 0x45, 0x52, 0x4e, 0x45, 0x4c, 0x5f, 0x4c, 0x49, 0x56, - 0x45, 0x5f, 0x50, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, - 0x80, 0x02, 0x12, 0x17, 0x0a, 0x11, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x54, 0x45, 0x53, 0x54, - 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x80, 0x10, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, + 0x75, 0x73, 0x52, 0x0c, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, + 0x22, 0x6a, 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x61, 0x64, 0x65, + 0x72, 0x12, 0x2b, 0x0a, 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x50, 0x72, + 0x6f, 0x63, 0x65, 0x73, 0x73, 0x52, 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x12, 0x12, + 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, + 0x74, 0x68, 0x12, 0x18, 0x0a, 0x07, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x69, 0x64, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x0c, 0x52, 0x07, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x69, 0x64, 0x22, 0x64, 0x0a, 0x12, + 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x48, 0x6f, 0x6f, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x12, 0x45, 0x0a, 0x0f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, + 0x61, 0x69, 0x6e, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x74, 0x65, + 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, + 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x48, 0x00, 0x52, 0x0f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, + 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x42, 0x07, 0x0a, 0x05, 0x65, 0x76, 0x65, + 0x6e, 0x74, 0x22, 0x15, 0x0a, 0x13, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x48, 0x6f, 0x6f, + 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0xdb, 0x01, 0x0a, 0x0f, 0x43, 0x72, + 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x12, 0x20, 0x0a, + 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x50, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x50, 0x61, 0x74, 0x68, 0x12, + 0x18, 0x0a, 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x44, 0x69, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x44, 0x69, 0x72, 0x12, 0x4c, 0x0a, 0x0b, 0x61, 0x6e, 0x6e, + 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, + 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, + 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, + 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x3e, 0x0a, 0x10, 0x41, 0x6e, 0x6e, 0x6f, 0x74, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, + 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x5b, 0x0a, 0x0f, 0x53, 0x74, 0x61, 0x63, 0x6b, + 0x54, 0x72, 0x61, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, + 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x61, 0x64, 0x64, + 0x72, 0x65, 0x73, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x04, 0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, + 0x73, 0x79, 0x6d, 0x62, 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x79, + 0x6d, 0x62, 0x6f, 0x6c, 0x2a, 0x93, 0x03, 0x0a, 0x0c, 0x4b, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x41, + 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, + 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, + 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, + 0x4e, 0x5f, 0x50, 0x4f, 0x53, 0x54, 0x10, 0x01, 0x12, 0x1a, 0x0a, 0x16, 0x4b, 0x50, 0x52, 0x4f, + 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x46, 0x4f, 0x4c, 0x4c, 0x4f, 0x57, + 0x46, 0x44, 0x10, 0x02, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, + 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x49, 0x47, 0x4b, 0x49, 0x4c, 0x4c, 0x10, 0x03, 0x12, + 0x1c, 0x0a, 0x18, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, + 0x5f, 0x55, 0x4e, 0x46, 0x4f, 0x4c, 0x4c, 0x4f, 0x57, 0x46, 0x44, 0x10, 0x04, 0x12, 0x1a, 0x0a, + 0x16, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4f, + 0x56, 0x45, 0x52, 0x52, 0x49, 0x44, 0x45, 0x10, 0x05, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x50, 0x52, + 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x43, 0x4f, 0x50, 0x59, 0x46, + 0x44, 0x10, 0x06, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, + 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x47, 0x45, 0x54, 0x55, 0x52, 0x4c, 0x10, 0x07, 0x12, 0x1b, 0x0a, + 0x17, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x44, + 0x4e, 0x53, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x10, 0x08, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x50, + 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4e, 0x4f, 0x50, 0x4f, + 0x53, 0x54, 0x10, 0x09, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, + 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x4c, 0x10, 0x0a, 0x12, 0x1b, + 0x0a, 0x17, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, + 0x54, 0x52, 0x41, 0x43, 0x4b, 0x53, 0x4f, 0x43, 0x4b, 0x10, 0x0b, 0x12, 0x1d, 0x0a, 0x19, 0x4b, + 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x54, + 0x52, 0x41, 0x43, 0x4b, 0x53, 0x4f, 0x43, 0x4b, 0x10, 0x0c, 0x12, 0x1e, 0x0a, 0x1a, 0x4b, 0x50, + 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4e, 0x4f, 0x54, 0x49, + 0x46, 0x59, 0x4b, 0x49, 0x4c, 0x4c, 0x45, 0x52, 0x10, 0x0d, 0x2a, 0x4f, 0x0a, 0x10, 0x48, 0x65, + 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1c, + 0x0a, 0x18, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, + 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, + 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x54, 0x59, + 0x50, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x10, 0x01, 0x2a, 0x7c, 0x0a, 0x12, 0x48, + 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x75, 0x6c, + 0x74, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, + 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x45, + 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x52, 0x55, 0x4e, 0x4e, + 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, + 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x53, 0x54, 0x4f, 0x50, 0x50, 0x45, 0x44, 0x10, 0x02, + 0x12, 0x17, 0x0a, 0x13, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, + 0x53, 0x5f, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0x03, 0x2a, 0x8d, 0x02, 0x0a, 0x0f, 0x54, 0x61, + 0x69, 0x6e, 0x74, 0x65, 0x64, 0x42, 0x69, 0x74, 0x73, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0f, 0x0a, + 0x0b, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x55, 0x4e, 0x53, 0x45, 0x54, 0x10, 0x00, 0x12, 0x1c, + 0x0a, 0x18, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x50, 0x52, 0x4f, 0x50, 0x52, 0x49, 0x45, 0x54, + 0x41, 0x52, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x17, 0x0a, 0x13, + 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x44, 0x5f, 0x4d, 0x4f, 0x44, + 0x55, 0x4c, 0x45, 0x10, 0x02, 0x12, 0x1e, 0x0a, 0x1a, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x46, + 0x4f, 0x52, 0x43, 0x45, 0x44, 0x5f, 0x55, 0x4e, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x4d, 0x4f, 0x44, + 0x55, 0x4c, 0x45, 0x10, 0x04, 0x12, 0x18, 0x0a, 0x13, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x53, + 0x54, 0x41, 0x47, 0x45, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x08, 0x12, + 0x1d, 0x0a, 0x18, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x4f, 0x55, 0x54, 0x5f, 0x4f, 0x46, 0x5f, + 0x54, 0x52, 0x45, 0x45, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x20, 0x12, 0x1a, + 0x0a, 0x15, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x55, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x45, 0x44, + 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x40, 0x12, 0x24, 0x0a, 0x1e, 0x54, 0x41, + 0x49, 0x4e, 0x54, 0x5f, 0x4b, 0x45, 0x52, 0x4e, 0x45, 0x4c, 0x5f, 0x4c, 0x49, 0x56, 0x45, 0x5f, + 0x50, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x80, 0x02, + 0x12, 0x17, 0x0a, 0x11, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x54, 0x45, 0x53, 0x54, 0x5f, 0x4d, + 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x80, 0x10, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x33, } var ( @@ -4369,20 +4381,21 @@ var file_tetragon_tetragon_proto_depIdxs = []int32{ 0, // 84: tetragon.ProcessTracepoint.action:type_name -> tetragon.KprobeAction 13, // 85: tetragon.ProcessUprobe.process:type_name -> tetragon.Process 13, // 86: tetragon.ProcessUprobe.parent:type_name -> tetragon.Process - 49, // 87: tetragon.KernelModule.signature_ok:type_name -> google.protobuf.BoolValue - 3, // 88: tetragon.KernelModule.tainted:type_name -> tetragon.TaintedBitsType - 1, // 89: tetragon.GetHealthStatusRequest.event_set:type_name -> tetragon.HealthStatusType - 1, // 90: tetragon.HealthStatus.event:type_name -> tetragon.HealthStatusType - 2, // 91: tetragon.HealthStatus.status:type_name -> tetragon.HealthStatusResult - 34, // 92: tetragon.GetHealthStatusResponse.health_status:type_name -> tetragon.HealthStatus - 13, // 93: tetragon.ProcessLoader.process:type_name -> tetragon.Process - 39, // 94: tetragon.RuntimeHookRequest.createContainer:type_name -> tetragon.CreateContainer - 42, // 95: tetragon.CreateContainer.annotations:type_name -> tetragon.CreateContainer.AnnotationsEntry - 96, // [96:96] is the sub-list for method output_type - 96, // [96:96] is the sub-list for method input_type - 96, // [96:96] is the sub-list for extension type_name - 96, // [96:96] is the sub-list for extension extendee - 0, // [0:96] is the sub-list for field type_name + 27, // 87: tetragon.ProcessUprobe.args:type_name -> tetragon.KprobeArgument + 49, // 88: tetragon.KernelModule.signature_ok:type_name -> google.protobuf.BoolValue + 3, // 89: tetragon.KernelModule.tainted:type_name -> tetragon.TaintedBitsType + 1, // 90: tetragon.GetHealthStatusRequest.event_set:type_name -> tetragon.HealthStatusType + 1, // 91: tetragon.HealthStatus.event:type_name -> tetragon.HealthStatusType + 2, // 92: tetragon.HealthStatus.status:type_name -> tetragon.HealthStatusResult + 34, // 93: tetragon.GetHealthStatusResponse.health_status:type_name -> tetragon.HealthStatus + 13, // 94: tetragon.ProcessLoader.process:type_name -> tetragon.Process + 39, // 95: tetragon.RuntimeHookRequest.createContainer:type_name -> tetragon.CreateContainer + 42, // 96: tetragon.CreateContainer.annotations:type_name -> tetragon.CreateContainer.AnnotationsEntry + 97, // [97:97] is the sub-list for method output_type + 97, // [97:97] is the sub-list for method input_type + 97, // [97:97] is the sub-list for extension type_name + 97, // [97:97] is the sub-list for extension extendee + 0, // [0:97] is the sub-list for field type_name } func init() { file_tetragon_tetragon_proto_init() } diff --git a/api/v1/tetragon/tetragon.proto b/api/v1/tetragon/tetragon.proto index ad0bf214197..113006d1dbc 100644 --- a/api/v1/tetragon/tetragon.proto +++ b/api/v1/tetragon/tetragon.proto @@ -464,6 +464,8 @@ message ProcessUprobe { string policy_name = 5; // Short message of the Tracing Policy to inform users what is going on. string message = 6; + // Arguments definition of the observed uprobe. + repeated KprobeArgument args = 7; } message KernelModule { diff --git a/docs/content/en/docs/reference/grpc-api.md b/docs/content/en/docs/reference/grpc-api.md index 2960755e61f..9990fe6b78c 100644 --- a/docs/content/en/docs/reference/grpc-api.md +++ b/docs/content/en/docs/reference/grpc-api.md @@ -525,6 +525,7 @@ loader sensor event triggered for loaded binary/library | symbol | [string](#string) | | | | policy_name | [string](#string) | | Name of the policy that created that uprobe. | | message | [string](#string) | | Short message of the Tracing Policy to inform users what is going on. | +| args | [KprobeArgument](#tetragon-KprobeArgument) | repeated | Arguments definition of the observed uprobe. | diff --git a/vendor/github.com/cilium/tetragon/api/v1/tetragon/codegen/eventchecker/eventchecker.pb.go b/vendor/github.com/cilium/tetragon/api/v1/tetragon/codegen/eventchecker/eventchecker.pb.go index e2eb02f785f..94d658393be 100644 --- a/vendor/github.com/cilium/tetragon/api/v1/tetragon/codegen/eventchecker/eventchecker.pb.go +++ b/vendor/github.com/cilium/tetragon/api/v1/tetragon/codegen/eventchecker/eventchecker.pb.go @@ -1306,6 +1306,7 @@ type ProcessUprobeChecker struct { Symbol *stringmatcher.StringMatcher `json:"symbol,omitempty"` PolicyName *stringmatcher.StringMatcher `json:"policyName,omitempty"` Message *stringmatcher.StringMatcher `json:"message,omitempty"` + Args *KprobeArgumentListMatcher `json:"args,omitempty"` } // CheckEvent checks a single event and implements the EventChecker interface @@ -1377,6 +1378,11 @@ func (checker *ProcessUprobeChecker) Check(event *tetragon.ProcessUprobe) error return fmt.Errorf("Message check failed: %w", err) } } + if checker.Args != nil { + if err := checker.Args.Check(event.Args); err != nil { + return fmt.Errorf("Args check failed: %w", err) + } + } return nil } if err := fieldChecks(); err != nil { @@ -1421,6 +1427,12 @@ func (checker *ProcessUprobeChecker) WithMessage(check *stringmatcher.StringMatc return checker } +// WithArgs adds a Args check to the ProcessUprobeChecker +func (checker *ProcessUprobeChecker) WithArgs(check *KprobeArgumentListMatcher) *ProcessUprobeChecker { + checker.Args = check + return checker +} + //FromProcessUprobe populates the ProcessUprobeChecker using data from a ProcessUprobe event func (checker *ProcessUprobeChecker) FromProcessUprobe(event *tetragon.ProcessUprobe) *ProcessUprobeChecker { if event == nil { @@ -1436,6 +1448,19 @@ func (checker *ProcessUprobeChecker) FromProcessUprobe(event *tetragon.ProcessUp checker.Symbol = stringmatcher.Full(event.Symbol) checker.PolicyName = stringmatcher.Full(event.PolicyName) checker.Message = stringmatcher.Full(event.Message) + { + var checks []*KprobeArgumentChecker + for _, check := range event.Args { + var convertedCheck *KprobeArgumentChecker + if check != nil { + convertedCheck = NewKprobeArgumentChecker().FromKprobeArgument(check) + } + checks = append(checks, convertedCheck) + } + lm := NewKprobeArgumentListMatcher().WithOperator(listmatcher.Ordered). + WithValues(checks...) + checker.Args = lm + } return checker } diff --git a/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.pb.go b/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.pb.go index 99bfda02d31..9ba7b0663b5 100644 --- a/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.pb.go +++ b/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.pb.go @@ -2947,6 +2947,8 @@ type ProcessUprobe struct { PolicyName string `protobuf:"bytes,5,opt,name=policy_name,json=policyName,proto3" json:"policy_name,omitempty"` // Short message of the Tracing Policy to inform users what is going on. Message string `protobuf:"bytes,6,opt,name=message,proto3" json:"message,omitempty"` + // Arguments definition of the observed uprobe. + Args []*KprobeArgument `protobuf:"bytes,7,rep,name=args,proto3" json:"args,omitempty"` } func (x *ProcessUprobe) Reset() { @@ -3023,6 +3025,13 @@ func (x *ProcessUprobe) GetMessage() string { return "" } +func (x *ProcessUprobe) GetArgs() []*KprobeArgument { + if x != nil { + return x.Args + } + return nil +} + type KernelModule struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -4074,7 +4083,7 @@ var file_tetragon_tetragon_proto_rawDesc = []byte{ 0x67, 0x6f, 0x6e, 0x2e, 0x4b, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, - 0x67, 0x65, 0x22, 0xce, 0x01, 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x55, 0x70, + 0x67, 0x65, 0x22, 0xfc, 0x01, 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x55, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x12, 0x2b, 0x0a, 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x52, 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, @@ -4087,132 +4096,135 @@ var file_tetragon_tetragon_proto_rawDesc = []byte{ 0x63, 0x79, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x73, 0x73, - 0x61, 0x67, 0x65, 0x22, 0x96, 0x01, 0x0a, 0x0c, 0x4b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x4d, 0x6f, - 0x64, 0x75, 0x6c, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3d, 0x0a, 0x0c, 0x73, 0x69, 0x67, 0x6e, - 0x61, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x6f, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0b, 0x73, 0x69, 0x67, 0x6e, - 0x61, 0x74, 0x75, 0x72, 0x65, 0x4f, 0x6b, 0x12, 0x33, 0x0a, 0x07, 0x74, 0x61, 0x69, 0x6e, 0x74, - 0x65, 0x64, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x19, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, - 0x67, 0x6f, 0x6e, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x42, 0x69, 0x74, 0x73, 0x54, - 0x79, 0x70, 0x65, 0x52, 0x07, 0x74, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x22, 0x56, 0x0a, 0x04, - 0x54, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x30, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x30, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x31, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x31, 0x12, 0x12, 0x0a, 0x04, - 0x61, 0x72, 0x67, 0x32, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x32, - 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x33, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, - 0x61, 0x72, 0x67, 0x33, 0x22, 0x51, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x48, 0x65, 0x61, 0x6c, 0x74, - 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x37, - 0x0a, 0x09, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, 0x03, 0x28, - 0x0e, 0x32, 0x1a, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, - 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x54, 0x79, 0x70, 0x65, 0x52, 0x08, 0x65, - 0x76, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x74, 0x22, 0x90, 0x01, 0x0a, 0x0c, 0x48, 0x65, 0x61, 0x6c, - 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x30, 0x0a, 0x05, 0x65, 0x76, 0x65, 0x6e, - 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, - 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x54, - 0x79, 0x70, 0x65, 0x52, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x34, 0x0a, 0x06, 0x73, 0x74, - 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c, 0x2e, 0x74, 0x65, 0x74, + 0x61, 0x67, 0x65, 0x12, 0x2c, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x18, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x4b, 0x70, 0x72, + 0x6f, 0x62, 0x65, 0x41, 0x72, 0x67, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x04, 0x61, 0x72, 0x67, + 0x73, 0x22, 0x96, 0x01, 0x0a, 0x0c, 0x4b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x4d, 0x6f, 0x64, 0x75, + 0x6c, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3d, 0x0a, 0x0c, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, + 0x75, 0x72, 0x65, 0x5f, 0x6f, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, + 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, + 0x75, 0x72, 0x65, 0x4f, 0x6b, 0x12, 0x33, 0x0a, 0x07, 0x74, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, + 0x18, 0x03, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x19, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, + 0x6e, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x42, 0x69, 0x74, 0x73, 0x54, 0x79, 0x70, + 0x65, 0x52, 0x07, 0x74, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x22, 0x56, 0x0a, 0x04, 0x54, 0x65, + 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x30, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, + 0x52, 0x04, 0x61, 0x72, 0x67, 0x30, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x31, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x31, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, + 0x67, 0x32, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x32, 0x12, 0x12, + 0x0a, 0x04, 0x61, 0x72, 0x67, 0x33, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, + 0x67, 0x33, 0x22, 0x51, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, + 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x37, 0x0a, 0x09, + 0x65, 0x76, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0e, 0x32, + 0x1a, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, + 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x54, 0x79, 0x70, 0x65, 0x52, 0x08, 0x65, 0x76, 0x65, + 0x6e, 0x74, 0x53, 0x65, 0x74, 0x22, 0x90, 0x01, 0x0a, 0x0c, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, + 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x30, 0x0a, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, + 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x54, 0x79, 0x70, + 0x65, 0x52, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x34, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, + 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, + 0x67, 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, + 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x18, + 0x0a, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x22, 0x56, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x48, + 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x12, 0x3b, 0x0a, 0x0d, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, 0x73, 0x74, + 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, - 0x75, 0x73, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, - 0x12, 0x18, 0x0a, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x22, 0x56, 0x0a, 0x17, 0x47, 0x65, - 0x74, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3b, 0x0a, 0x0d, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, - 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x74, - 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, - 0x61, 0x74, 0x75, 0x73, 0x52, 0x0c, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, - 0x75, 0x73, 0x22, 0x6a, 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x61, - 0x64, 0x65, 0x72, 0x12, 0x2b, 0x0a, 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, - 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x52, 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, - 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, - 0x70, 0x61, 0x74, 0x68, 0x12, 0x18, 0x0a, 0x07, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x69, 0x64, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x69, 0x64, 0x22, 0x64, - 0x0a, 0x12, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x48, 0x6f, 0x6f, 0x6b, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x12, 0x45, 0x0a, 0x0f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, - 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, - 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, - 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x48, 0x00, 0x52, 0x0f, 0x63, 0x72, 0x65, 0x61, - 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x42, 0x07, 0x0a, 0x05, 0x65, - 0x76, 0x65, 0x6e, 0x74, 0x22, 0x15, 0x0a, 0x13, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x48, - 0x6f, 0x6f, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0xdb, 0x01, 0x0a, 0x0f, - 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x12, - 0x20, 0x0a, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x50, 0x61, 0x74, 0x68, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x50, 0x61, 0x74, - 0x68, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x44, 0x69, 0x72, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x44, 0x69, 0x72, 0x12, 0x4c, 0x0a, 0x0b, 0x61, - 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x2a, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x43, 0x72, 0x65, 0x61, - 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x6e, 0x6e, 0x6f, - 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x61, 0x6e, - 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x3e, 0x0a, 0x10, 0x41, 0x6e, 0x6e, - 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, - 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, - 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x5b, 0x0a, 0x0f, 0x53, 0x74, 0x61, - 0x63, 0x6b, 0x54, 0x72, 0x61, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x18, 0x0a, 0x07, - 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x61, - 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, 0x16, - 0x0a, 0x06, 0x73, 0x79, 0x6d, 0x62, 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, - 0x73, 0x79, 0x6d, 0x62, 0x6f, 0x6c, 0x2a, 0x93, 0x03, 0x0a, 0x0c, 0x4b, 0x70, 0x72, 0x6f, 0x62, - 0x65, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x50, 0x52, 0x4f, 0x42, - 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, - 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, - 0x49, 0x4f, 0x4e, 0x5f, 0x50, 0x4f, 0x53, 0x54, 0x10, 0x01, 0x12, 0x1a, 0x0a, 0x16, 0x4b, 0x50, - 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x46, 0x4f, 0x4c, 0x4c, - 0x4f, 0x57, 0x46, 0x44, 0x10, 0x02, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, - 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x49, 0x47, 0x4b, 0x49, 0x4c, 0x4c, 0x10, - 0x03, 0x12, 0x1c, 0x0a, 0x18, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, - 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x46, 0x4f, 0x4c, 0x4c, 0x4f, 0x57, 0x46, 0x44, 0x10, 0x04, 0x12, - 0x1a, 0x0a, 0x16, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, - 0x5f, 0x4f, 0x56, 0x45, 0x52, 0x52, 0x49, 0x44, 0x45, 0x10, 0x05, 0x12, 0x18, 0x0a, 0x14, 0x4b, - 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x43, 0x4f, 0x50, - 0x59, 0x46, 0x44, 0x10, 0x06, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, - 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x47, 0x45, 0x54, 0x55, 0x52, 0x4c, 0x10, 0x07, 0x12, - 0x1b, 0x0a, 0x17, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, - 0x5f, 0x44, 0x4e, 0x53, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x10, 0x08, 0x12, 0x18, 0x0a, 0x14, - 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4e, 0x4f, - 0x50, 0x4f, 0x53, 0x54, 0x10, 0x09, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, - 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x4c, 0x10, 0x0a, - 0x12, 0x1b, 0x0a, 0x17, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, - 0x4e, 0x5f, 0x54, 0x52, 0x41, 0x43, 0x4b, 0x53, 0x4f, 0x43, 0x4b, 0x10, 0x0b, 0x12, 0x1d, 0x0a, - 0x19, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, - 0x4e, 0x54, 0x52, 0x41, 0x43, 0x4b, 0x53, 0x4f, 0x43, 0x4b, 0x10, 0x0c, 0x12, 0x1e, 0x0a, 0x1a, - 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4e, 0x4f, - 0x54, 0x49, 0x46, 0x59, 0x4b, 0x49, 0x4c, 0x4c, 0x45, 0x52, 0x10, 0x0d, 0x2a, 0x4f, 0x0a, 0x10, - 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x54, 0x79, 0x70, 0x65, - 0x12, 0x1c, 0x0a, 0x18, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, - 0x53, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x10, 0x00, 0x12, 0x1d, - 0x0a, 0x19, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, - 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x10, 0x01, 0x2a, 0x7c, 0x0a, - 0x12, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, - 0x75, 0x6c, 0x74, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, - 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, - 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x52, 0x55, - 0x4e, 0x4e, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x45, 0x41, 0x4c, 0x54, - 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x53, 0x54, 0x4f, 0x50, 0x50, 0x45, 0x44, - 0x10, 0x02, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, - 0x54, 0x55, 0x53, 0x5f, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0x03, 0x2a, 0x8d, 0x02, 0x0a, 0x0f, - 0x54, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x42, 0x69, 0x74, 0x73, 0x54, 0x79, 0x70, 0x65, 0x12, - 0x0f, 0x0a, 0x0b, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x55, 0x4e, 0x53, 0x45, 0x54, 0x10, 0x00, - 0x12, 0x1c, 0x0a, 0x18, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x50, 0x52, 0x4f, 0x50, 0x52, 0x49, - 0x45, 0x54, 0x41, 0x52, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x17, - 0x0a, 0x13, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x44, 0x5f, 0x4d, - 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x02, 0x12, 0x1e, 0x0a, 0x1a, 0x54, 0x41, 0x49, 0x4e, 0x54, - 0x5f, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x44, 0x5f, 0x55, 0x4e, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x4d, - 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x04, 0x12, 0x18, 0x0a, 0x13, 0x54, 0x41, 0x49, 0x4e, 0x54, - 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, - 0x08, 0x12, 0x1d, 0x0a, 0x18, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x4f, 0x55, 0x54, 0x5f, 0x4f, - 0x46, 0x5f, 0x54, 0x52, 0x45, 0x45, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x20, - 0x12, 0x1a, 0x0a, 0x15, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x55, 0x4e, 0x53, 0x49, 0x47, 0x4e, - 0x45, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x40, 0x12, 0x24, 0x0a, 0x1e, - 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x4b, 0x45, 0x52, 0x4e, 0x45, 0x4c, 0x5f, 0x4c, 0x49, 0x56, - 0x45, 0x5f, 0x50, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, - 0x80, 0x02, 0x12, 0x17, 0x0a, 0x11, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x54, 0x45, 0x53, 0x54, - 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x80, 0x10, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, + 0x75, 0x73, 0x52, 0x0c, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, + 0x22, 0x6a, 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x61, 0x64, 0x65, + 0x72, 0x12, 0x2b, 0x0a, 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x50, 0x72, + 0x6f, 0x63, 0x65, 0x73, 0x73, 0x52, 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x12, 0x12, + 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, + 0x74, 0x68, 0x12, 0x18, 0x0a, 0x07, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x69, 0x64, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x0c, 0x52, 0x07, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x69, 0x64, 0x22, 0x64, 0x0a, 0x12, + 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x48, 0x6f, 0x6f, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x12, 0x45, 0x0a, 0x0f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, + 0x61, 0x69, 0x6e, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x74, 0x65, + 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, + 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x48, 0x00, 0x52, 0x0f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, + 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x42, 0x07, 0x0a, 0x05, 0x65, 0x76, 0x65, + 0x6e, 0x74, 0x22, 0x15, 0x0a, 0x13, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x48, 0x6f, 0x6f, + 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0xdb, 0x01, 0x0a, 0x0f, 0x43, 0x72, + 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x12, 0x20, 0x0a, + 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x50, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x50, 0x61, 0x74, 0x68, 0x12, + 0x18, 0x0a, 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x44, 0x69, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x44, 0x69, 0x72, 0x12, 0x4c, 0x0a, 0x0b, 0x61, 0x6e, 0x6e, + 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, + 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, + 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, + 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x3e, 0x0a, 0x10, 0x41, 0x6e, 0x6e, 0x6f, 0x74, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, + 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x5b, 0x0a, 0x0f, 0x53, 0x74, 0x61, 0x63, 0x6b, + 0x54, 0x72, 0x61, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, + 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x61, 0x64, 0x64, + 0x72, 0x65, 0x73, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x04, 0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, + 0x73, 0x79, 0x6d, 0x62, 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x79, + 0x6d, 0x62, 0x6f, 0x6c, 0x2a, 0x93, 0x03, 0x0a, 0x0c, 0x4b, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x41, + 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, + 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, + 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, + 0x4e, 0x5f, 0x50, 0x4f, 0x53, 0x54, 0x10, 0x01, 0x12, 0x1a, 0x0a, 0x16, 0x4b, 0x50, 0x52, 0x4f, + 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x46, 0x4f, 0x4c, 0x4c, 0x4f, 0x57, + 0x46, 0x44, 0x10, 0x02, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, + 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x49, 0x47, 0x4b, 0x49, 0x4c, 0x4c, 0x10, 0x03, 0x12, + 0x1c, 0x0a, 0x18, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, + 0x5f, 0x55, 0x4e, 0x46, 0x4f, 0x4c, 0x4c, 0x4f, 0x57, 0x46, 0x44, 0x10, 0x04, 0x12, 0x1a, 0x0a, + 0x16, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4f, + 0x56, 0x45, 0x52, 0x52, 0x49, 0x44, 0x45, 0x10, 0x05, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x50, 0x52, + 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x43, 0x4f, 0x50, 0x59, 0x46, + 0x44, 0x10, 0x06, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, + 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x47, 0x45, 0x54, 0x55, 0x52, 0x4c, 0x10, 0x07, 0x12, 0x1b, 0x0a, + 0x17, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x44, + 0x4e, 0x53, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x10, 0x08, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x50, + 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4e, 0x4f, 0x50, 0x4f, + 0x53, 0x54, 0x10, 0x09, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, + 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x4c, 0x10, 0x0a, 0x12, 0x1b, + 0x0a, 0x17, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, + 0x54, 0x52, 0x41, 0x43, 0x4b, 0x53, 0x4f, 0x43, 0x4b, 0x10, 0x0b, 0x12, 0x1d, 0x0a, 0x19, 0x4b, + 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x54, + 0x52, 0x41, 0x43, 0x4b, 0x53, 0x4f, 0x43, 0x4b, 0x10, 0x0c, 0x12, 0x1e, 0x0a, 0x1a, 0x4b, 0x50, + 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4e, 0x4f, 0x54, 0x49, + 0x46, 0x59, 0x4b, 0x49, 0x4c, 0x4c, 0x45, 0x52, 0x10, 0x0d, 0x2a, 0x4f, 0x0a, 0x10, 0x48, 0x65, + 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1c, + 0x0a, 0x18, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, + 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, + 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x54, 0x59, + 0x50, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x10, 0x01, 0x2a, 0x7c, 0x0a, 0x12, 0x48, + 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x75, 0x6c, + 0x74, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, + 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x45, + 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x52, 0x55, 0x4e, 0x4e, + 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, + 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x53, 0x54, 0x4f, 0x50, 0x50, 0x45, 0x44, 0x10, 0x02, + 0x12, 0x17, 0x0a, 0x13, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, + 0x53, 0x5f, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0x03, 0x2a, 0x8d, 0x02, 0x0a, 0x0f, 0x54, 0x61, + 0x69, 0x6e, 0x74, 0x65, 0x64, 0x42, 0x69, 0x74, 0x73, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0f, 0x0a, + 0x0b, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x55, 0x4e, 0x53, 0x45, 0x54, 0x10, 0x00, 0x12, 0x1c, + 0x0a, 0x18, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x50, 0x52, 0x4f, 0x50, 0x52, 0x49, 0x45, 0x54, + 0x41, 0x52, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x17, 0x0a, 0x13, + 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x44, 0x5f, 0x4d, 0x4f, 0x44, + 0x55, 0x4c, 0x45, 0x10, 0x02, 0x12, 0x1e, 0x0a, 0x1a, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x46, + 0x4f, 0x52, 0x43, 0x45, 0x44, 0x5f, 0x55, 0x4e, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x4d, 0x4f, 0x44, + 0x55, 0x4c, 0x45, 0x10, 0x04, 0x12, 0x18, 0x0a, 0x13, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x53, + 0x54, 0x41, 0x47, 0x45, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x08, 0x12, + 0x1d, 0x0a, 0x18, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x4f, 0x55, 0x54, 0x5f, 0x4f, 0x46, 0x5f, + 0x54, 0x52, 0x45, 0x45, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x20, 0x12, 0x1a, + 0x0a, 0x15, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x55, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x45, 0x44, + 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x40, 0x12, 0x24, 0x0a, 0x1e, 0x54, 0x41, + 0x49, 0x4e, 0x54, 0x5f, 0x4b, 0x45, 0x52, 0x4e, 0x45, 0x4c, 0x5f, 0x4c, 0x49, 0x56, 0x45, 0x5f, + 0x50, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x80, 0x02, + 0x12, 0x17, 0x0a, 0x11, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x54, 0x45, 0x53, 0x54, 0x5f, 0x4d, + 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x80, 0x10, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x33, } var ( @@ -4369,20 +4381,21 @@ var file_tetragon_tetragon_proto_depIdxs = []int32{ 0, // 84: tetragon.ProcessTracepoint.action:type_name -> tetragon.KprobeAction 13, // 85: tetragon.ProcessUprobe.process:type_name -> tetragon.Process 13, // 86: tetragon.ProcessUprobe.parent:type_name -> tetragon.Process - 49, // 87: tetragon.KernelModule.signature_ok:type_name -> google.protobuf.BoolValue - 3, // 88: tetragon.KernelModule.tainted:type_name -> tetragon.TaintedBitsType - 1, // 89: tetragon.GetHealthStatusRequest.event_set:type_name -> tetragon.HealthStatusType - 1, // 90: tetragon.HealthStatus.event:type_name -> tetragon.HealthStatusType - 2, // 91: tetragon.HealthStatus.status:type_name -> tetragon.HealthStatusResult - 34, // 92: tetragon.GetHealthStatusResponse.health_status:type_name -> tetragon.HealthStatus - 13, // 93: tetragon.ProcessLoader.process:type_name -> tetragon.Process - 39, // 94: tetragon.RuntimeHookRequest.createContainer:type_name -> tetragon.CreateContainer - 42, // 95: tetragon.CreateContainer.annotations:type_name -> tetragon.CreateContainer.AnnotationsEntry - 96, // [96:96] is the sub-list for method output_type - 96, // [96:96] is the sub-list for method input_type - 96, // [96:96] is the sub-list for extension type_name - 96, // [96:96] is the sub-list for extension extendee - 0, // [0:96] is the sub-list for field type_name + 27, // 87: tetragon.ProcessUprobe.args:type_name -> tetragon.KprobeArgument + 49, // 88: tetragon.KernelModule.signature_ok:type_name -> google.protobuf.BoolValue + 3, // 89: tetragon.KernelModule.tainted:type_name -> tetragon.TaintedBitsType + 1, // 90: tetragon.GetHealthStatusRequest.event_set:type_name -> tetragon.HealthStatusType + 1, // 91: tetragon.HealthStatus.event:type_name -> tetragon.HealthStatusType + 2, // 92: tetragon.HealthStatus.status:type_name -> tetragon.HealthStatusResult + 34, // 93: tetragon.GetHealthStatusResponse.health_status:type_name -> tetragon.HealthStatus + 13, // 94: tetragon.ProcessLoader.process:type_name -> tetragon.Process + 39, // 95: tetragon.RuntimeHookRequest.createContainer:type_name -> tetragon.CreateContainer + 42, // 96: tetragon.CreateContainer.annotations:type_name -> tetragon.CreateContainer.AnnotationsEntry + 97, // [97:97] is the sub-list for method output_type + 97, // [97:97] is the sub-list for method input_type + 97, // [97:97] is the sub-list for extension type_name + 97, // [97:97] is the sub-list for extension extendee + 0, // [0:97] is the sub-list for field type_name } func init() { file_tetragon_tetragon_proto_init() } diff --git a/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.proto b/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.proto index ad0bf214197..113006d1dbc 100644 --- a/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.proto +++ b/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.proto @@ -464,6 +464,8 @@ message ProcessUprobe { string policy_name = 5; // Short message of the Tracing Policy to inform users what is going on. string message = 6; + // Arguments definition of the observed uprobe. + repeated KprobeArgument args = 7; } message KernelModule { From 1b50af6c0fba64eb3a80706372b1983797f5c9f5 Mon Sep 17 00:00:00 2001 From: Jiri Olsa Date: Mon, 15 Jan 2024 09:36:15 +0000 Subject: [PATCH 10/14] tetragon: Add support to process uprobe arguments Adding support to process uprobe arguments the same way we do that for kprobes, so we can reuse the code. Using the argPrinter objects to register argument values for uprobe and the decode their values for each event. Adding arguments retrieval code into bpf uprobe event setup code. Signed-off-by: Jiri Olsa --- bpf/process/generic_calls.h | 10 ++-- pkg/grpc/tracing/tracing.go | 7 +++ pkg/sensors/tracing/genericuprobe.go | 71 ++++++++++++++++++++++++---- 3 files changed, 75 insertions(+), 13 deletions(-) diff --git a/bpf/process/generic_calls.h b/bpf/process/generic_calls.h index fea9bbb68f4..d23ac848fbc 100644 --- a/bpf/process/generic_calls.h +++ b/bpf/process/generic_calls.h @@ -174,11 +174,11 @@ generic_process_event_and_setup(struct pt_regs *ctx, #ifdef GENERIC_UPROBE /* no arguments for uprobes for now */ - e->a0 = 0; - e->a1 = 0; - e->a2 = 0; - e->a3 = 0; - e->a4 = 0; + e->a0 = PT_REGS_PARM1_CORE(ctx); + e->a1 = PT_REGS_PARM2_CORE(ctx); + e->a2 = PT_REGS_PARM3_CORE(ctx); + e->a3 = PT_REGS_PARM4_CORE(ctx); + e->a4 = PT_REGS_PARM5_CORE(ctx); generic_process_init(e, MSG_OP_GENERIC_UPROBE, config); #endif diff --git a/pkg/grpc/tracing/tracing.go b/pkg/grpc/tracing/tracing.go index 21f2a6a664e..455d97d731e 100644 --- a/pkg/grpc/tracing/tracing.go +++ b/pkg/grpc/tracing/tracing.go @@ -622,6 +622,7 @@ type MsgGenericUprobeUnix struct { Symbol string PolicyName string Message string + Args []tracingapi.MsgGenericKprobeArg } func (msg *MsgGenericUprobeUnix) Notify() bool { @@ -645,6 +646,7 @@ func (msg *MsgGenericUprobeUnix) Retry(internal *process.ProcessInternal, ev not func GetProcessUprobe(event *MsgGenericUprobeUnix) *tetragon.ProcessUprobe { var tetragonParent, tetragonProcess *tetragon.Process + var tetragonArgs []*tetragon.KprobeArgument proc, parent := process.GetParentProcessInternal(event.ProcessKey.Pid, event.ProcessKey.Ktime) if proc == nil { @@ -664,6 +666,10 @@ func GetProcessUprobe(event *MsgGenericUprobeUnix) *tetragon.ProcessUprobe { tetragonParent = parent.UnsafeGetProcess() } + for _, arg := range event.Args { + tetragonArgs = append(tetragonArgs, getKprobeArgument(arg)) + } + tetragonEvent := &tetragon.ProcessUprobe{ Process: tetragonProcess, Parent: tetragonParent, @@ -671,6 +677,7 @@ func GetProcessUprobe(event *MsgGenericUprobeUnix) *tetragon.ProcessUprobe { Symbol: event.Symbol, PolicyName: event.PolicyName, Message: event.Message, + Args: tetragonArgs, } if tetragonProcess.Pid == nil { diff --git a/pkg/sensors/tracing/genericuprobe.go b/pkg/sensors/tracing/genericuprobe.go index 64bb177dd9f..77a3d65d82a 100644 --- a/pkg/sensors/tracing/genericuprobe.go +++ b/pkg/sensors/tracing/genericuprobe.go @@ -14,6 +14,7 @@ import ( "github.com/cilium/ebpf" "github.com/cilium/tetragon/pkg/api/ops" api "github.com/cilium/tetragon/pkg/api/tracingapi" + gt "github.com/cilium/tetragon/pkg/generictypes" "github.com/cilium/tetragon/pkg/grpc/tracing" "github.com/cilium/tetragon/pkg/idtable" "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1" @@ -47,6 +48,8 @@ type genericUprobe struct { policyName string // message field of the Tracing Policy message string + // argument data printers + argPrinters []argPrinter } func (g *genericUprobe) SetID(id idtable.EntryID) { @@ -97,6 +100,16 @@ func handleGenericUprobe(r *bytes.Reader) ([]observer.Event, error) { unix.PolicyName = uprobeEntry.policyName unix.Message = uprobeEntry.message + // Get argument objects for specific printers/types + for _, a := range uprobeEntry.argPrinters { + arg := getArg(r, a) + // nop or unknown type (already logged) + if arg == nil { + continue + } + unix.Args = append(unix.Args, arg) + } + return []observer.Event{unix}, err } @@ -196,17 +209,59 @@ func createGenericUprobeSensor( logger.GetLogger().WithField("policy-name", policyName).Warnf("TracingPolicy 'message' field too long, truncated to %d characters", TpMaxMessageLen) } + var ( + argTypes [api.EventConfigMaxArgs]int32 + argMeta [api.EventConfigMaxArgs]uint32 + argSet [api.EventConfigMaxArgs]bool + + argPrinters []argPrinter + ) + + // Parse Arguments + for i, a := range spec.Args { + argType := gt.GenericTypeFromString(a.Type) + if argType == gt.GenericInvalidType { + return nil, fmt.Errorf("Arg(%d) type '%s' unsupported", i, a.Type) + } + argMValue, err := getMetaValue(&a) + if err != nil { + return nil, err + } + if a.Index > 4 { + return nil, fmt.Errorf("Error add arg: ArgType %s Index %d out of bounds", + a.Type, int(a.Index)) + } + argTypes[a.Index] = int32(argType) + argMeta[a.Index] = uint32(argMValue) + argSet[a.Index] = true + + argPrinters = append(argPrinters, argPrinter{index: i, ty: argType}) + } + + // Mark remaining arguments as 'nops' the kernel side will skip + // copying 'nop' args. + for i, a := range argSet { + if !a { + argTypes[i] = gt.GenericNopType + argMeta[i] = 0 + } + } + for _, sym := range spec.Symbols { - config := &api.EventConfig{} + config := &api.EventConfig{ + Arg: argTypes, + ArgM: argMeta, + } uprobeEntry := &genericUprobe{ - tableId: idtable.UninitializedEntryID, - config: config, - path: spec.Path, - symbol: sym, - selectors: uprobeSelectorState, - policyName: policyName, - message: msgField, + tableId: idtable.UninitializedEntryID, + config: config, + path: spec.Path, + symbol: sym, + selectors: uprobeSelectorState, + policyName: policyName, + message: msgField, + argPrinters: argPrinters, } uprobeTable.AddEntry(uprobeEntry) From f1715b1b9aa568e77037860e787a6360e3817369 Mon Sep 17 00:00:00 2001 From: Jiri Olsa Date: Tue, 1 Aug 2023 10:44:10 +0000 Subject: [PATCH 11/14] tetragon: Add uprobe test functions for argument values Adding uprobe test functions for argument values that will be used in following test code. Signed-off-by: Jiri Olsa --- contrib/tester-progs/uprobe-lib.c | 30 ++++++++++++++++++++++++++++++ contrib/tester-progs/uprobe-test.c | 12 ++++++++++++ 2 files changed, 42 insertions(+) diff --git a/contrib/tester-progs/uprobe-lib.c b/contrib/tester-progs/uprobe-lib.c index 69091584979..8f21f588aa4 100644 --- a/contrib/tester-progs/uprobe-lib.c +++ b/contrib/tester-progs/uprobe-lib.c @@ -5,3 +5,33 @@ int uprobe_test_lib() printf("uprobe_test_lib called\n"); return 0; } + +int uprobe_test_lib_arg1(int a1) +{ + printf("uprobe_test_lib_arg1 called\n"); + return 0; +} + +int uprobe_test_lib_arg2(char a1, short a2) +{ + printf("uprobe_test_lib_arg2 called\n"); + return 0; +} + +int uprobe_test_lib_arg3(unsigned long a1, unsigned int a2, void *a3) +{ + printf("uprobe_test_lib_arg3 called\n"); + return 0; +} + +int uprobe_test_lib_arg4(long a1, int a2, char a3, void *a4) +{ + printf("uprobe_test_lib_arg3 called\n"); + return 0; +} + +int uprobe_test_lib_arg5(int a1, char a2, unsigned long a3, short a4, void *a5) +{ + printf("uprobe_test_lib_arg3 called\n"); + return 0; +} diff --git a/contrib/tester-progs/uprobe-test.c b/contrib/tester-progs/uprobe-test.c index 31ff3bd4c43..12fcd8d88f7 100644 --- a/contrib/tester-progs/uprobe-test.c +++ b/contrib/tester-progs/uprobe-test.c @@ -2,7 +2,19 @@ void uprobe_test_lib(void); +// argument test functions +int uprobe_test_lib_arg1(int a1); +int uprobe_test_lib_arg2(char a1, short a2); +int uprobe_test_lib_arg3(unsigned long a1, unsigned int a2, void *a3); +int uprobe_test_lib_arg4(long a1, int a2, char a3, void *a4); +int uprobe_test_lib_arg5(int a1, char a2, unsigned long a3, short a4, void *a5); + int main(void) { uprobe_test_lib(); + uprobe_test_lib_arg1(123); + uprobe_test_lib_arg2('a', 4321); + uprobe_test_lib_arg3(1, 0xdeadbeef, NULL); + uprobe_test_lib_arg4(-321, -2, 'b', (void *) 1); + uprobe_test_lib_arg5(1, 'c', 0xcafe, 1234, (void *) 2); } From a967a875d35346d602fb3df9cb6b5f40c6affbd7 Mon Sep 17 00:00:00 2001 From: Jiri Olsa Date: Tue, 1 Aug 2023 10:44:29 +0000 Subject: [PATCH 12/14] tetragon: Add uprobe args retrieval test Adding test for uprobe arguments retrieval from all uprobe_test_lib_arg* functions. Signed-off-by: Jiri Olsa --- pkg/sensors/tracing/uprobe_test.go | 179 +++++++++++++++++++++++++++++ 1 file changed, 179 insertions(+) diff --git a/pkg/sensors/tracing/uprobe_test.go b/pkg/sensors/tracing/uprobe_test.go index baec421f9f0..49ffc51fd4c 100644 --- a/pkg/sensors/tracing/uprobe_test.go +++ b/pkg/sensors/tracing/uprobe_test.go @@ -16,6 +16,7 @@ import ( "github.com/cilium/tetragon/pkg/jsonchecker" "github.com/cilium/tetragon/pkg/kernels" "github.com/cilium/tetragon/pkg/logger" + lc "github.com/cilium/tetragon/pkg/matchers/listmatcher" sm "github.com/cilium/tetragon/pkg/matchers/stringmatcher" "github.com/cilium/tetragon/pkg/observer/observertesthelper" "github.com/cilium/tetragon/pkg/sensors" @@ -365,3 +366,181 @@ spec: err = jsonchecker.JsonTestCheck(t, checker) assert.NoError(t, err) } + +func TestUprobeArgs(t *testing.T) { + execBinary := testutils.RepoRootPath("contrib/tester-progs/uprobe-test-1") + libUprobe := testutils.RepoRootPath("contrib/tester-progs/libuprobe.so") + + pathHook := ` +apiVersion: cilium.io/v1alpha1 +kind: TracingPolicy +metadata: + name: "uprobe" +spec: + uprobes: + - path: "` + libUprobe + `" + symbols: + - "uprobe_test_lib_arg1" + args: + - index: 0 + type: "int" + selectors: + - matchBinaries: + - operator: "In" + values: + - "` + execBinary + `" + - path: "` + libUprobe + `" + symbols: + - "uprobe_test_lib_arg2" + args: + - index: 0 + type: "int8" + - index: 1 + type: "int" + selectors: + - matchBinaries: + - operator: "In" + values: + - "` + execBinary + `" + - path: "` + libUprobe + `" + symbols: + - "uprobe_test_lib_arg3" + args: + - index: 0 + type: "uint64" + - index: 1 + type: "uint32" + - index: 2 + type: "uint64" + selectors: + - matchBinaries: + - operator: "In" + values: + - "` + execBinary + `" + - path: "` + libUprobe + `" + symbols: + - "uprobe_test_lib_arg4" + args: + - index: 0 + type: "int64" + - index: 1 + type: "int" + - index: 2 + type: "int8" + - index: 3 + type: "uint64" + selectors: + - matchBinaries: + - operator: "In" + values: + - "` + execBinary + `" + - path: "` + libUprobe + `" + symbols: + - "uprobe_test_lib_arg5" + args: + - index: 0 + type: "int" + - index: 1 + type: "int8" + - index: 2 + type: "uint64" + - index: 3 + type: "int16" + - index: 4 + type: "uint64" + selectors: + - matchBinaries: + - operator: "In" + values: + - "` + execBinary + `" +` + + pathConfigHook := []byte(pathHook) + err := os.WriteFile(testConfigFile, pathConfigHook, 0644) + if err != nil { + t.Fatalf("writeFile(%s): err %s", testConfigFile, err) + } + + check1 := ec.NewProcessUprobeChecker("UPROBE_ARG1"). + WithProcess(ec.NewProcessChecker(). + WithBinary(sm.Full(execBinary))). + WithSymbol(sm.Full("uprobe_test_lib_arg1")). + WithArgs(ec.NewKprobeArgumentListMatcher(). + WithOperator(lc.Ordered). + WithValues( + ec.NewKprobeArgumentChecker().WithIntArg(123), + )) + + check2 := ec.NewProcessUprobeChecker("UPROBE_ARG2"). + WithProcess(ec.NewProcessChecker(). + WithBinary(sm.Full(execBinary))). + WithSymbol(sm.Full("uprobe_test_lib_arg2")). + WithArgs(ec.NewKprobeArgumentListMatcher(). + WithOperator(lc.Ordered). + WithValues( + ec.NewKprobeArgumentChecker().WithIntArg(int32('a')), + ec.NewKprobeArgumentChecker().WithIntArg(4321), + )) + + check3 := ec.NewProcessUprobeChecker("UPROBE_ARG3"). + WithProcess(ec.NewProcessChecker(). + WithBinary(sm.Full(execBinary))). + WithSymbol(sm.Full("uprobe_test_lib_arg3")). + WithArgs(ec.NewKprobeArgumentListMatcher(). + WithOperator(lc.Ordered). + WithValues( + ec.NewKprobeArgumentChecker().WithSizeArg(1), + ec.NewKprobeArgumentChecker().WithUintArg(0xdeadbeef), + ec.NewKprobeArgumentChecker().WithSizeArg(0), + )) + + check4 := ec.NewProcessUprobeChecker("UPROBE_ARG4"). + WithProcess(ec.NewProcessChecker(). + WithBinary(sm.Full(execBinary))). + WithSymbol(sm.Full("uprobe_test_lib_arg4")). + WithArgs(ec.NewKprobeArgumentListMatcher(). + WithOperator(lc.Ordered). + WithValues( + ec.NewKprobeArgumentChecker().WithLongArg(-321), + ec.NewKprobeArgumentChecker().WithIntArg(-2), + ec.NewKprobeArgumentChecker().WithIntArg(int32('b')), + ec.NewKprobeArgumentChecker().WithSizeArg(1), + )) + + check5 := ec.NewProcessUprobeChecker("UPROBE_ARG5"). + WithProcess(ec.NewProcessChecker(). + WithBinary(sm.Full(execBinary))). + WithSymbol(sm.Full("uprobe_test_lib_arg5")). + WithArgs(ec.NewKprobeArgumentListMatcher(). + WithOperator(lc.Ordered). + WithValues( + ec.NewKprobeArgumentChecker().WithIntArg(1), + ec.NewKprobeArgumentChecker().WithIntArg(int32('c')), + ec.NewKprobeArgumentChecker().WithSizeArg(0xcafe), + ec.NewKprobeArgumentChecker().WithIntArg(1234), + ec.NewKprobeArgumentChecker().WithSizeArg(2), + )) + + checker := ec.NewUnorderedEventChecker(check1, check2, check3, check4, check5) + + var doneWG, readyWG sync.WaitGroup + defer doneWG.Wait() + + ctx, cancel := context.WithTimeout(context.Background(), tus.Conf().CmdWaitTime) + defer cancel() + + obs, err := observertesthelper.GetDefaultObserverWithFile(t, ctx, testConfigFile, + tus.Conf().TetragonLib, observertesthelper.WithMyPid()) + if err != nil { + t.Fatalf("GetDefaultObserverWithFile error: %s", err) + } + observertesthelper.LoopEvents(ctx, t, &doneWG, &readyWG, obs) + readyWG.Wait() + + if err := exec.Command(execBinary).Run(); err != nil { + t.Fatalf("Failed to execute test binary: %s\n", err) + } + + err = jsonchecker.JsonTestCheck(t, checker) + assert.NoError(t, err) +} From e3bbbbe2add93a4f929a5c24e56350934e3179fb Mon Sep 17 00:00:00 2001 From: Jiri Olsa Date: Sat, 20 Jan 2024 20:50:21 +0000 Subject: [PATCH 13/14] tetragon: Add kprobe args retrieval test Adding kprobe args test by hooking bpf_fentry_test[1-5] functions, which have all needed argument types for testing. Signed-off-by: Jiri Olsa --- pkg/sensors/tracing/kprobe_test.go | 203 +++++++++++++++++++++++++++++ 1 file changed, 203 insertions(+) diff --git a/pkg/sensors/tracing/kprobe_test.go b/pkg/sensors/tracing/kprobe_test.go index 158d89c2fdb..2e7f52bbf6e 100644 --- a/pkg/sensors/tracing/kprobe_test.go +++ b/pkg/sensors/tracing/kprobe_test.go @@ -21,6 +21,7 @@ import ( "unsafe" "github.com/cilium/ebpf" + "github.com/cilium/ebpf/asm" "github.com/cilium/tetragon/api/v1/tetragon" "github.com/cilium/tetragon/api/v1/tetragon/codegen/eventchecker" ec "github.com/cilium/tetragon/api/v1/tetragon/codegen/eventchecker" @@ -6051,3 +6052,205 @@ spec: err = jsonchecker.JsonTestCheck(t, checker) assert.NoError(t, err) } + +func trigger(t *testing.T) { + ins := asm.Instructions{ + // Return SK_DROP + asm.LoadImm(asm.R0, 0, asm.DWord), + asm.Return(), + } + + prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{ + Name: "test", + Type: ebpf.Tracing, + AttachType: ebpf.AttachTraceFEntry, + Instructions: ins, + License: "MIT", + AttachTo: "bpf_modify_return_test", + }) + if err != nil { + t.Fatal(err) + } + defer prog.Close() + + opts := ebpf.RunOptions{} + ret, err := prog.Run(&opts) + if err != nil { + t.Fatal(err) + } + + if ret != 0 { + t.Fatalf("Expected return value to be 0, got %d", ret) + } +} + +func TestKprobeArgs(t *testing.T) { + _, err := ftrace.ReadAvailFuncs("bpf_fentry_test1") + if err != nil { + t.Skip("Skipping test: could not find bpf_fentry_test1") + } + + var doneWG, readyWG sync.WaitGroup + defer doneWG.Wait() + + ctx, cancel := context.WithTimeout(context.Background(), tus.Conf().CmdWaitTime) + defer cancel() + + pidStr := strconv.Itoa(int(observertesthelper.GetMyPid())) + t.Logf("tester pid=%s\n", pidStr) + + hook := ` +apiVersion: cilium.io/v1alpha1 +kind: TracingPolicy +metadata: + name: "sys-write" +spec: + kprobes: + - call: "bpf_fentry_test1" + syscall: false + args: + - index: 0 + type: "int" + selectors: + - matchPIDs: + - operator: In + followForks: true + isNamespacePID: false + values: + - ` + pidStr + ` + - call: "bpf_fentry_test2" + syscall: false + args: + - index: 0 + type: "int" + - index: 1 + type: "uint64" + selectors: + - matchPIDs: + - operator: In + followForks: true + isNamespacePID: false + values: + - ` + pidStr + ` + - call: "bpf_fentry_test3" + syscall: false + args: + - index: 0 + type: "int8" + - index: 1 + type: "int" + - index: 2 + type: "uint64" + selectors: + - matchPIDs: + - operator: In + followForks: true + isNamespacePID: false + values: + - ` + pidStr + ` + - call: "bpf_fentry_test4" + syscall: false + args: + - index: 0 + type: "uint64" + - index: 1 + type: "int8" + - index: 2 + type: "int" + - index: 3 + type: "uint64" + selectors: + - matchPIDs: + - operator: In + followForks: true + isNamespacePID: false + values: + - ` + pidStr + ` + - call: "bpf_fentry_test5" + syscall: false + args: + - index: 0 + type: "uint64" + - index: 1 + type: "uint64" + - index: 2 + type: "int16" + - index: 3 + type: "int" + - index: 4 + type: "uint64" + selectors: + - matchPIDs: + - operator: In + followForks: true + isNamespacePID: false + values: + - ` + pidStr + ` +` + + createCrdFile(t, hook) + + obs, err := observertesthelper.GetDefaultObserverWithFile(t, ctx, testConfigFile, tus.Conf().TetragonLib) + if err != nil { + t.Fatalf("GetDefaultObserverWithFile error: %s", err) + } + observertesthelper.LoopEvents(ctx, t, &doneWG, &readyWG, obs) + readyWG.Wait() + + trigger(t) + + check1 := ec.NewProcessKprobeChecker(""). + WithFunctionName(sm.Full("bpf_fentry_test1")). + WithArgs(ec.NewKprobeArgumentListMatcher(). + WithOperator(lc.Ordered). + WithValues( + ec.NewKprobeArgumentChecker().WithIntArg(1), + )) + + check2 := ec.NewProcessKprobeChecker(""). + WithFunctionName(sm.Full("bpf_fentry_test2")). + WithArgs(ec.NewKprobeArgumentListMatcher(). + WithOperator(lc.Ordered). + WithValues( + ec.NewKprobeArgumentChecker().WithIntArg(2), + ec.NewKprobeArgumentChecker().WithSizeArg(3), + )) + + check3 := ec.NewProcessKprobeChecker(""). + WithFunctionName(sm.Full("bpf_fentry_test3")). + WithArgs(ec.NewKprobeArgumentListMatcher(). + WithOperator(lc.Ordered). + WithValues( + ec.NewKprobeArgumentChecker().WithIntArg(4), + ec.NewKprobeArgumentChecker().WithIntArg(5), + ec.NewKprobeArgumentChecker().WithSizeArg(6), + )) + + check4 := ec.NewProcessKprobeChecker(""). + WithFunctionName(sm.Full("bpf_fentry_test4")). + WithArgs(ec.NewKprobeArgumentListMatcher(). + WithOperator(lc.Ordered). + WithValues( + ec.NewKprobeArgumentChecker().WithSizeArg(7), + ec.NewKprobeArgumentChecker().WithIntArg(8), + ec.NewKprobeArgumentChecker().WithIntArg(9), + ec.NewKprobeArgumentChecker().WithSizeArg(10), + )) + + check5 := ec.NewProcessKprobeChecker(""). + WithFunctionName(sm.Full("bpf_fentry_test5")). + WithArgs(ec.NewKprobeArgumentListMatcher(). + WithOperator(lc.Ordered). + WithValues( + ec.NewKprobeArgumentChecker().WithSizeArg(11), + ec.NewKprobeArgumentChecker().WithSizeArg(12), + ec.NewKprobeArgumentChecker().WithIntArg(13), + ec.NewKprobeArgumentChecker().WithIntArg(14), + ec.NewKprobeArgumentChecker().WithSizeArg(15), + )) + + checker := ec.NewUnorderedEventChecker(check1, check2, check3, check4, check5) + + err = jsonchecker.JsonTestCheck(t, checker) + assert.NoError(t, err) +} From dd77b6f1d416ac74241ea7bffb2c6457103c6ec4 Mon Sep 17 00:00:00 2001 From: Jiri Olsa Date: Sun, 21 Jan 2024 21:08:46 +0000 Subject: [PATCH 14/14] tetragon: Fix uprobe documentation example We now have multiple symbols, not just one. The rest of the documentation wrt argument processing is now correct due to the previous patches. Signed-off-by: Jiri Olsa --- docs/content/en/docs/concepts/tracing-policy/hooks.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/content/en/docs/concepts/tracing-policy/hooks.md b/docs/content/en/docs/concepts/tracing-policy/hooks.md index 4106c6a2d63..30f494ce1b7 100644 --- a/docs/content/en/docs/concepts/tracing-policy/hooks.md +++ b/docs/content/en/docs/concepts/tracing-policy/hooks.md @@ -205,7 +205,8 @@ metadata: spec: uprobes: - path: "/bin/bash" - symbol: "readline" + symbols: + - "readline" ``` This example shows how to use uprobes to hook into the readline function