tarian-detector integration and existing ebpf code removal

.github/workflows/charts.yaml

@@ -107,7 +107,7 @@ jobs:
           go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@938f6e2f7550e542bd78f3b9e8812665db109e02 # @v1.1.0
           make bin/protoc bin/goreleaser
           bash ./dev/run-kind-registry.sh
-          make ebpf generate
+          make generate
           ./bin/goreleaser release --snapshot --rm-dist
           make push-local-images
           cp dist/tarianctl_linux_amd64/tarianctl ./bin/

.github/workflows/ci.yaml

@@ -62,7 +62,6 @@ jobs:
         run: |
           set -x
           sudo apt update && sudo apt install -y jq pkg-config libelf-dev clang
-          make ebpf
 
       - name: Run unit tests
         run: make unit-test
@@ -131,7 +130,7 @@ jobs:
           go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@938f6e2f7550e542bd78f3b9e8812665db109e02 # @v1.1.0
           make bin/protoc bin/goreleaser
           bash ./dev/run-kind-registry.sh
-          make ebpf generate
+          make generate
           ./bin/goreleaser release --snapshot --rm-dist
           make push-local-images
           cp dist/tarianctl_linux_amd64/tarianctl ./bin/

.gitignore

@@ -4,7 +4,6 @@
 /vendor
 /.local
 /.vscode
-/pkg/**/capture_exec.bpf.o
 /pkg/tarianpb/api.pb.go
 /pkg/tarianpb/types.pb.go
 coverage.xml

.golangci.yml

@@ -1,8 +1,6 @@
 run:
   timeout: 10m
   concurrency: 4
-  skip-files:
-  - pkg/nodeagent/ebpf/exec.go
 
 linters:
   disable-all: true

.goreleaser.yml

@@ -1,7 +1,6 @@
 env:
   - CONTAINER_REGISTRY={{ if index .Env "CONTAINER_REGISTRY" }}{{ .Env.CONTAINER_REGISTRY }}{{ else }}localhost:5000{{ end }}
   - CGO_CFLAGS=-I{{ abs .ModulePath }}/output -Wno-unknown-attributes
-  - CGO_LDFLAGS=-lelf -lz {{ abs .ModulePath}}/output/libbpf.a
 builds:
   - id: tarian-server
     main: ./cmd/tarian-server/
@@ -39,7 +38,7 @@ builds:
     main: ./cmd/tarian-node-agent/
     binary: tarian-node-agent
     env:
-      - CC=clang
+      - CGO_ENABLED=0
     goos:
       - linux
     goarch:

Dockerfile-node-agent

@@ -1,4 +1,3 @@
-# FROM cgr.dev/chainguard/static:latest
 FROM cgr.dev/chainguard/static@sha256:2ea44d9bdd177a07e6fba8a60f7d45cb8a7358586a5f740187866566e6df310d
 
 COPY ./tarian-node-agent .

Makefile

@@ -34,19 +34,12 @@ default: help
 help: ## Display this help.
 	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
 
-##@ eBPF
 
 BASEDIR = $(abspath ./)
 OUTPUT = ./output
 ARCH := $(shell uname -m | sed 's/x86_64/amd64/g; s/aarch64/arm64/g')
 
-LIBBPF_SRC = $(abspath ./3rdparty/libbpf/src)
-LIBBPF_OBJ = $(abspath $(OUTPUT)/libbpf.a)
-LIBBPF_OBJDIR = $(abspath $(OUTPUT)/libbpf)
-LIBBPF_DESTDIR = $(abspath $(OUTPUT))
-
 CC = gcc
-CLANG = clang
 GO = go
 CFLAGS = -g -O2 -Wall -fpie
 LDFLAGS =
@@ -60,16 +53,12 @@ CGO_LDFLAGS_DYN = "-lelf -lz -lbpf"
 BTFFILE = /sys/kernel/btf/vmlinux
 BPFTOOL = $(shell which bpftool || /bin/false)
 VMLINUXH = $(OUTPUT)/vmlinux.h
-NODEAGENT_EBPF_DIR = pkg/nodeagent/ebpf
 
 # output
 
 $(OUTPUT):
 	mkdir -p $(OUTPUT)
 
-$(OUTPUT)/libbpf:
-	mkdir -p $(OUTPUT)/libbpf
-
 # vmlinux header file
 
 .PHONY: vmlinuxh
@@ -88,22 +77,7 @@ $(VMLINUXH): $(OUTPUT)
 		echo "INFO: generating $(VMLINUXH) from $(BTFFILE)"; \
 		$(BPFTOOL) btf dump file $(BTFFILE) format c > $(VMLINUXH); \
 	fi
-
-# libbpf
-
-$(LIBBPF_OBJ): $(LIBBPF_SRC) $(wildcard $(LIBBPF_SRC)/*.[ch]) | $(OUTPUT)/libbpf
-	CC="$(CC)" CFLAGS="$(CFLAGS)" LD_FLAGS="$(LDFLAGS)" \
-		$(MAKE) -C $(LIBBPF_SRC) \
-		BUILD_STATIC_ONLY=1 \
-		OBJDIR=$(LIBBPF_OBJDIR) \
-		DESTDIR=$(LIBBPF_DESTDIR) \
-		INCLUDEDIR= LIBDIR= UAPIDIR= install
-
-libbpfgo-static: $(VMLINUXH) | $(LIBBPF_OBJ)
-
-$(NODEAGENT_EBPF_DIR)/capture_exec.bpf.o: vmlinuxh libbpfgo-static ## Build eBPF object
-	$(CLANG) $(CFLAGS) -target bpf -D__TARGET_ARCH_$(ARCH) -I$(OUTPUT) -c $(NODEAGENT_EBPF_DIR)/c/capture_exec.bpf.c -o $@
-
+
 ##@ Development
 
 generate: bin/controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
@@ -115,9 +89,7 @@ fmt: ## Run go fmt against code.
 vet: ## Run go vet against code.
 	CGO_CFLAGS=$(CGO_CFLAGS_STATIC) CGO_LDFLAGS=$(CGO_LDFLAGS_STATIC) go vet ./...
 
-ebpf: $(NODEAGENT_EBPF_DIR)/capture_exec.bpf.o
-
-build: bin/goreleaser generate proto ebpf ## Build binaries and copy to ./bin/
+build: bin/goreleaser generate proto ## Build binaries and copy to ./bin/
 	./bin/goreleaser build --single-target --snapshot --rm-dist --single-target
 	cp dist/*/tarian* ./bin/
 

cmd/tarian-node-agent/cmd/mount_debugfs.go

@@ -9,6 +9,7 @@ import (
 // https://man7.org/linux/man-pages/man2/statfs.2.html
 const DebugFSMagic = 0x64626720
 
+// DebugFSRoot is the location of the DebugFS filesystem
 const DebugFSRoot = "/sys/kernel/debug"
 
 func isDebugFsMounted() bool {

cmd/tarian-node-agent/cmd/run.go

@@ -4,15 +4,22 @@ import (
 	"fmt"
 	"os"
 	"os/signal"
+	"strings"
 	"syscall"
 
+	"github.com/cilium/ebpf/rlimit"
 	"github.com/kube-tarian/tarian/cmd/tarian-node-agent/cmd/flags"
 	"github.com/kube-tarian/tarian/pkg/log"
 	"github.com/kube-tarian/tarian/pkg/nodeagent"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
 
+// Uname contains system uname information.
+type Uname struct {
+	ub syscall.Utsname
+}
+
 type runCommand struct {
 	globalFlags *flags.GlobalFlags
 	logger      *logrus.Logger
@@ -65,6 +72,15 @@ func (c *runCommand) run(_ *cobra.Command, args []string) error {
 		return fmt.Errorf("host proc is not mounted: %w", err)
 	}
 
+	if err := c.setLinuxKernelVersion(); err != nil {
+		c.logger.WithError(err).Error("failed to set linux kernel version")
+		return fmt.Errorf("failed to set linux kernel version: %w", err)
+	}
+
+	if err := rlimit.RemoveMemlock(); err != nil {
+		c.logger.Fatal(err)
+	}
+
 	addr := c.clusterAgentHost + ":" + c.clusterAgentPort
 	agent := nodeagent.NewNodeAgent(c.logger, addr)
 	agent.EnableAddConstraint(c.enableAddConstraint)
@@ -86,3 +102,48 @@ func (c *runCommand) run(_ *cobra.Command, args []string) error {
 
 	return nil
 }
+
+// setLinuxKernelVersion sets the Linux kernel version by parsing the uname information.
+func (c *runCommand) setLinuxKernelVersion() error {
+	u := &Uname{}
+	err := syscall.Uname(&u.ub)
+
+	if err != nil {
+		c.logger.WithField("error while making syscall to get linux kernel version, err: ", err)
+		return fmt.Errorf("error while making syscall to get linux kernel version: %w", err)
+	}
+
+	linuxKernelVersion := charsToString(u.ub.Release[:])
+	strArr := strings.Split(linuxKernelVersion, ".")
+	if len(strArr) < 3 {
+		c.logger.WithField("version", linuxKernelVersion).Fatal("invalid linux kernel version")
+		return fmt.Errorf("invalid linux kernel version: %s", linuxKernelVersion)
+	}
+	majorVersion := strArr[0]
+	minorVersion := strArr[1]
+	patch := strArr[2]
+	// Split to get the patch version
+	strArr = strings.Split(patch, "-")
+	patchVersion := strArr[0]
+	os.Setenv("LINUX_VERSION_MAJOR", majorVersion)
+	os.Setenv("LINUX_VERSION_MINOR", minorVersion)
+	os.Setenv("LINUX_VERSION_PATCH", patchVersion)
+
+	return nil
+}
+
+// charsToString converts an array of int8 to a string.
+//
+// ca []int8: the array of int8 to be converted.
+// string: the resulting string from the conversion.
+func charsToString(ca []int8) string {
+	s := make([]byte, len(ca))
+	var i int
+	for ; i < len(ca); i++ {
+		if ca[i] == 0 {
+			break
+		}
+		s[i] = uint8(ca[i])
+	}
+	return string(s[0:i])
+}

cmd/tarianctl/cmd/flags/flag.go

@@ -93,7 +93,6 @@ func (globalFlags *GlobalFlags) ValidateGlobalFlags() error {
 func (globalFlags *GlobalFlags) GetFlagValuesFromEnvVar(logger *logrus.Logger) {
 	// Read environment variable for "server-address" flag
 	if globalFlags.ServerAddr == defaultServerAddress || globalFlags.ServerAddr == "" {
-		fmt.Println("here")
 		if serverAddressEnv := os.Getenv(tarianServerAddressEnv); serverAddressEnv != "" {
 			logger.Debugf("Setting server address from environment variable, TARIAN_SERVER_ADDRESS=%s", serverAddressEnv)
 			globalFlags.ServerAddr = serverAddressEnv

cmd/tarianctl/cmd/get/events.go

@@ -161,6 +161,12 @@ func eventsTableOutput(events []*tarianpb.Event, logger *logrus.Logger) {
 				evt.WriteString("pod deleted")
 			}
 
+			if e.GetType() == tarianpb.EventTypeDetection {
+				detectionEventStr := fmt.Sprintf("detection: %s: %s", t.GetDetectionDataType(), t.GetDetectionData())
+				evt.WriteString("tarian detection event\n")
+				evt.WriteString(detectionEventStr)
+			}
+
 			evt.WriteString("\n")
 
 			table.Append(

dev/config/tarian-cluster-agent/tarian-cluster-agent.yaml

@@ -17,6 +17,7 @@ spec:
         image: localhost:5000/tarian-cluster-agent:latest
         args:
         - --log-level=debug
+        - --log-formatter=json
         - run
         - "--server-address=tarian-server:80"
         - --enable-add-constraint

dev/config/tarian-node-agent/tarian-node-agent.yaml

@@ -16,6 +16,7 @@ spec:
         image: localhost:5000/tarian-node-agent:latest
         args:
         - --log-level=debug
+        - --log-formatter=json
         - run
         - --cluster-agent-host=tarian-cluster-agent.tarian-system.svc
         - --cluster-agent-port=80

dev/config/tarian-server/tarian-server.yaml

@@ -16,7 +16,7 @@ spec:
       - name: tarian-server
         image: "localhost:5000/tarian-server:latest"
         args:
-        - "--log-formatter=text"
+        - "--log-formatter=json"
         - "--log-level=debug"
         - run
         - "--alertmanager-address=http://alertmanager:9093"