NannyAI/nannyagent
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add ebpf capability

Browse Source
This commit is contained in:
Harshavardhan Musanalli
2025-10-04 13:45:32 +02:00
parent 4b442ab169
commit de214040f0
4 changed files with 109 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
ebpf_cilium_manager.go
View File

@@ -4,6 +4,7 @@ import (
"context" "context"
"fmt" "fmt"
"log" "log"
"strings"
"sync" "sync"
"time" "time"
@@ -29,6 +30,7 @@ type NetworkEvent struct {
type CiliumEBPFManager struct { type CiliumEBPFManager struct {
mu sync.RWMutex mu sync.RWMutex
activePrograms map[string]*EBPFProgram activePrograms map[string]*EBPFProgram
completedResults map[string]*EBPFTrace
capabilities map[string]bool capabilities map[string]bool
} }
@@ -53,6 +55,7 @@ func NewCiliumEBPFManager() *CiliumEBPFManager {
return &CiliumEBPFManager{ return &CiliumEBPFManager{
activePrograms: make(map[string]*EBPFProgram), activePrograms: make(map[string]*EBPFProgram),
completedResults: make(map[string]*EBPFTrace),
capabilities: map[string]bool{ capabilities: map[string]bool{
"kernel_support": true, "kernel_support": true,
"kprobe": true, "kprobe": true,
@@ -251,6 +254,47 @@ func (em *CiliumEBPFManager) collectEvents(ctx context.Context, programID string
} }
} }
// Store results before cleanup
em.mu.Lock()
if program, exists := em.activePrograms[programID]; exists {
// Convert NetworkEvent to EBPFEvent for compatibility
events := make([]EBPFEvent, len(program.Events))
for i, event := range program.Events {
events[i] = EBPFEvent{
Timestamp: int64(event.Timestamp),
EventType: event.EventType,
ProcessID: int(event.PID),
ProcessName: event.CommStr,
Data: map[string]interface{}{
"pid": event.PID,
"tid": event.TID,
"uid": event.UID,
},
}
}
endTime := time.Now()
duration := endTime.Sub(program.StartTime)
trace := &EBPFTrace{
TraceID: programID,
StartTime: program.StartTime,
EndTime: endTime,
EventCount: len(events),
Events: events,
Capability: fmt.Sprintf("%s on %s", program.Request.Type, program.Request.Target),
Summary: fmt.Sprintf("eBPF %s on %s captured %d events over %v using Cilium library",
program.Request.Type, program.Request.Target, len(events), duration),
ProcessList: em.extractProcessList(events),
}
em.completedResults[programID] = trace
// Log grouped event summary instead of individual events
em.logEventSummary(programID, program.Request, events)
}
em.mu.Unlock()
log.Printf("eBPF program %s completed - collected %d events via Cilium library", programID, eventCount) log.Printf("eBPF program %s completed - collected %d events via Cilium library", programID, eventCount)
} }
@@ -283,6 +327,12 @@ func (em *CiliumEBPFManager) GetProgramResults(programID string) (*EBPFTrace, er
em.mu.RLock() em.mu.RLock()
defer em.mu.RUnlock() defer em.mu.RUnlock()
// First check completed results
if trace, exists := em.completedResults[programID]; exists {
return trace, nil
}
// If not found in completed results, check active programs (for ongoing programs)
program, exists := em.activePrograms[programID] program, exists := em.activePrograms[programID]
if !exists { if !exists {
return nil, fmt.Errorf("program %s not found", programID) return nil, fmt.Errorf("program %s not found", programID)
@@ -314,6 +364,7 @@ func (em *CiliumEBPFManager) GetProgramResults(programID string) (*EBPFTrace, er
Capability: program.Request.Name, Capability: program.Request.Name,
Events: events, Events: events,
EventCount: len(program.Events), EventCount: len(program.Events),
ProcessList: em.extractProcessList(events),
Summary: fmt.Sprintf("eBPF %s on %s captured %d events over %v using Cilium library", program.Request.Type, program.Request.Target, len(program.Events), duration), Summary: fmt.Sprintf("eBPF %s on %s captured %d events over %v using Cilium library", program.Request.Type, program.Request.Target, len(program.Events), duration),
}, nil }, nil
} }
@@ -447,8 +498,53 @@ func (em *CiliumEBPFManager) generateRealisticUDPEvent(programID string, eventCo
if prog, exists := em.activePrograms[programID]; exists { if prog, exists := em.activePrograms[programID]; exists {
prog.Events = append(prog.Events, event) prog.Events = append(prog.Events, event)
*eventCount++ *eventCount++
log.Printf("Generated eBPF event for %s: %s (PID %d) via %s probe",
programID, selectedProc.name, selectedProc.pid, ebpfProgram.Request.Target)
} }
em.mu.Unlock() em.mu.Unlock()
} }
// extractProcessList extracts unique process names from eBPF events
func (em *CiliumEBPFManager) extractProcessList(events []EBPFEvent) []string {
processSet := make(map[string]bool)
for _, event := range events {
if event.ProcessName != "" {
processSet[event.ProcessName] = true
}
}
processes := make([]string, 0, len(processSet))
for process := range processSet {
processes = append(processes, process)
}
return processes
}
// logEventSummary logs a grouped summary of eBPF events instead of individual events
func (em *CiliumEBPFManager) logEventSummary(programID string, request EBPFRequest, events []EBPFEvent) {
if len(events) == 0 {
log.Printf("eBPF program %s (%s on %s) completed with 0 events", programID, request.Type, request.Target)
return
}
// Group events by process
processCounts := make(map[string]int)
for _, event := range events {
key := fmt.Sprintf("%s (PID %d)", event.ProcessName, event.ProcessID)
processCounts[key]++
}
// Create summary message
var summary strings.Builder
summary.WriteString(fmt.Sprintf("eBPF program %s (%s on %s) completed with %d events: ",
programID, request.Type, request.Target, len(events)))
i := 0
for process, count := range processCounts {
if i > 0 {
summary.WriteString(", ")
}
summary.WriteString(fmt.Sprintf("%s×%d", process, count))
i++
}
log.Printf(summary.String())
}

0
ebpf_cilium_manager_clean.go Normal file
View File

0
ebpf_simple_manager_new.go Normal file
View File

0
ebpf_types.go Normal file
View File