Skip to content

Commit 86f4cf1

Browse files
ExceptionalHandlerjrfastab
ExceptionalHandler
authored and
jrfastab
committed
tetragon/windows: Port process cache package on Windows
This PR compiles and ports process cache into Windows. The only difference on Windows is how the pid for cache is computed. Currently on Windows, we are not using ktime as an input into process identifier. The PID re-use is not a very big problem on Windows and the current bpf program does not communicate the parent's ktime to usermode. So the cache pid on windows is based on numeric PID issued by kernel. Signed-off-by: Anadi Anadi <[email protected]>
1 parent 36f68c5 commit 86f4cf1

File tree

3 files changed

+28
-6
lines changed

3 files changed

+28
-6
lines changed

pkg/process/process.go

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@
44
package process
55

66
import (
7-
"encoding/base64"
87
"errors"
98
"fmt"
109
"strings"
@@ -25,7 +24,6 @@ import (
2524
"github.com/cilium/tetragon/pkg/reader/caps"
2625
"github.com/cilium/tetragon/pkg/reader/exec"
2726
"github.com/cilium/tetragon/pkg/reader/namespace"
28-
"github.com/cilium/tetragon/pkg/reader/node"
2927
"github.com/cilium/tetragon/pkg/reader/path"
3028
"github.com/cilium/tetragon/pkg/reader/proc"
3129
"github.com/cilium/tetragon/pkg/watcher"
@@ -260,10 +258,6 @@ func UpdateEventProcessTid(process *tetragon.Process, tid *uint32) {
260258
}
261259
}
262260

263-
func GetProcessID(pid uint32, ktime uint64) string {
264-
return base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%d:%d", node.GetNodeNameForExport(), ktime, pid)))
265-
}
266-
267261
func GetExecID(proc *tetragonAPI.MsgProcess) string {
268262
return GetProcessID(proc.PID, proc.Ktime)
269263
}

pkg/process/process_id_linux.go

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
// SPDX-License-Identifier: Apache-2.0
2+
// Copyright Authors of Tetragon
3+
4+
package process
5+
6+
import (
7+
"encoding/base64"
8+
"fmt"
9+
10+
"github.com/cilium/tetragon/pkg/reader/node"
11+
)
12+
13+
func GetProcessID(pid uint32, ktime uint64) string {
14+
return base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%d:%d", node.GetNodeNameForExport(), ktime, pid)))
15+
}

pkg/process/process_id_windows.go

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
// SPDX-License-Identifier: Apache-2.0
2+
// Copyright Authors of Tetragon
3+
4+
package process
5+
6+
import (
7+
"encoding/base64"
8+
"fmt"
9+
)
10+
11+
func GetProcessID(pid uint32, ktime uint64) string {
12+
return base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%d:%d:%d", pid, pid, pid)))
13+
}

0 commit comments

Comments
 (0)