Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pkg/sensors: reduce ratelimit map memory footprint #2551

Merged
merged 4 commits into from
Jun 14, 2024

Conversation

mtardy
Copy link
Member

@mtardy mtardy commented Jun 13, 2024

For every ratelimit map loaded, we add ~10MB of kernel memory, and each kprobe added was adding a ratelimit map. We now only load that map if the user used the rateLimit field in a matchActions to reduce the memory footprint of this feature when unused.

Reduce the kernel memory footprint (accounted by the cgroup memory controller) of the ratelimit feature when unused (around ~10MB per kprobe).

mtardy added 2 commits June 13, 2024 16:53
Since the rate limit feature is only available for LARGE_BPF_PROG, let's
remove the unnecessary map and the struct from the small BPF progs.

Signed-off-by: Mahe Tardy <[email protected]>
@mtardy mtardy added the release-note/bug This PR fixes an issue in a previous release of Tetragon. label Jun 13, 2024
@mtardy mtardy requested a review from kevsecurity June 13, 2024 16:50
@mtardy mtardy marked this pull request as ready for review June 13, 2024 16:50
@mtardy mtardy requested a review from a team as a code owner June 13, 2024 16:50
@mtardy
Copy link
Member Author

mtardy commented Jun 13, 2024

It's ready for review but it would be nice to add a test for ratelimit so that we are sure it wasn't broken here or will be.

Copy link
Contributor

@kevsecurity kevsecurity left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

mtardy and others added 2 commits June 14, 2024 19:10
This commit is very similar to 22510d9

For every ratelimit map loaded, we add ~10MB of kernel memory, and each
kprobe added was adding a ratelimit map. We now only load that map if
the user used the rateLimit field in a matchActions to reduce the memory
footprint of this feature when unused.

Signed-off-by: Mahe Tardy <[email protected]>
Add a NoRateLimit test and a RateLimitTest.

Signed-off-by: Kevin Sheldrake <[email protected]>
@mtardy mtardy force-pushed the pr/mtardy/ratelimit-memory-shrink branch from 3676dc4 to 5c87488 Compare June 14, 2024 17:11
Copy link

netlify bot commented Jun 14, 2024

Deploy Preview for tetragon ready!

Name Link
🔨 Latest commit 5c87488
🔍 Latest deploy log https://app.netlify.com/sites/tetragon/deploys/666c79b0921e8d00088f3c20
😎 Deploy Preview https://deploy-preview-2551--tetragon.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@mtardy mtardy added needs-backport/1.0 This PR needs backporting to 1.0 needs-backport/1.1 This PR needs backporting to 1.1 needs-backport/0.11 and removed needs-backport/0.11 labels Jun 14, 2024
@mtardy mtardy merged commit 1eea47b into main Jun 14, 2024
53 checks passed
@mtardy mtardy deleted the pr/mtardy/ratelimit-memory-shrink branch June 14, 2024 17:52
@mtardy mtardy added backport-done/1.1 The backport of this PR is complete and removed needs-backport/1.1 This PR needs backporting to 1.1 labels Jul 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport-done/1.1 The backport of this PR is complete needs-backport/1.0 This PR needs backporting to 1.0 release-note/bug This PR fixes an issue in a previous release of Tetragon.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants