wip add other tracers

Signed-off-by: Matthias Bertschy <[email protected]>

Author: matthyx

build/Dockerfile

@@ -11,9 +11,13 @@ RUN --mount=target=. \
 
 FROM --platform=$BUILDPLATFORM ghcr.io/inspektor-gadget/ig:v0.44.1 AS ig
 
+RUN ["ig", "image", "pull", "trace_tcp:v0.44.1"]
+RUN ["ig", "image", "pull", "advise_seccomp:v0.44.1"]
+RUN ["ig", "image", "pull", "trace_capabilities:v0.44.1"]
+RUN ["ig", "image", "pull", "trace_dns:v0.44.1"]
 RUN ["ig", "image", "pull", "trace_exec:v0.44.1"]
 RUN ["ig", "image", "pull", "trace_open:v0.44.1"]
-RUN ["ig", "image", "export", "trace_exec:v0.44.1", "trace_open:v0.44.1", "/tmp/tracers.tar"]
+RUN ["ig", "image", "export", "trace_tcp:v0.44.1", "advise_seccomp:v0.44.1", "trace_capabilities:v0.44.1", "trace_dns:v0.44.1", "trace_exec:v0.44.1", "trace_open:v0.44.1", "/tmp/tracers.tar"]
 
 FROM gcr.io/distroless/static-debian12:latest
 

build/Dockerfile.debug

@@ -3,6 +3,7 @@ FROM --platform=$BUILDPLATFORM golang:1.25-bookworm AS builder
 ENV GO111MODULE=on CGO_ENABLED=0
 WORKDIR /work
 ARG TARGETOS TARGETARCH
+
 RUN go install github.com/go-delve/delve/cmd/dlv@latest
 RUN --mount=target=. \
     --mount=type=cache,target=/root/.cache/go-build \
@@ -11,9 +12,13 @@ RUN --mount=target=. \
 
 FROM --platform=$BUILDPLATFORM ghcr.io/inspektor-gadget/ig:v0.44.1 AS ig
 
+RUN ["ig", "image", "pull", "trace_tcp:v0.44.1"]
+RUN ["ig", "image", "pull", "advise_seccomp:v0.44.1"]
+RUN ["ig", "image", "pull", "trace_capabilities:v0.44.1"]
+RUN ["ig", "image", "pull", "trace_dns:v0.44.1"]
 RUN ["ig", "image", "pull", "trace_exec:v0.44.1"]
 RUN ["ig", "image", "pull", "trace_open:v0.44.1"]
-RUN ["ig", "image", "export", "trace_exec:v0.44.1", "trace_open:v0.44.1", "/tmp/tracers.tar"]
+RUN ["ig", "image", "export", "trace_tcp:v0.44.1", "advise_seccomp:v0.44.1", "trace_capabilities:v0.44.1", "trace_dns:v0.44.1", "trace_exec:v0.44.1", "trace_open:v0.44.1", "/tmp/tracers.tar"]
 
 FROM gcr.io/distroless/static-debian12:debug
 
@@ -26,4 +31,4 @@ ARG image_version
 ENV RELEASE=$image_version
 
 WORKDIR /root
-ENTRYPOINT ["/usr/bin/dlv", "--listen=:40000", "--headless=true","--accept-multiclient", "--api-version=2", "--log", "exec", "/usr/bin/node-agent"]
+ENTRYPOINT ["/usr/bin/dlv", "--listen=:40000", "--headless=true", "--continue", "--accept-multiclient", "--api-version=2", "--log", "exec", "/usr/bin/node-agent"]

go.mod

@@ -302,6 +302,7 @@ require (
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/sylabs/sif/v2 v2.21.1 // indirect
 	github.com/sylabs/squashfs v1.0.4 // indirect
+	github.com/tetratelabs/wazero v1.9.0 // indirect
 	github.com/therootcompany/xz v1.0.1 // indirect
 	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
 	github.com/tklauser/go-sysconf v0.3.12 // indirect

go.sum

@@ -1117,6 +1117,8 @@ github.com/sylabs/squashfs v1.0.4/go.mod h1:PDgf8YmCntvN4d9Y8hBUBDCZL6qZOzOQwRGx
 github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA=
 github.com/terminalstatic/go-xsd-validate v0.1.5 h1:RqpJnf6HGE2CB/lZB1A8BYguk8uRtcvYAPLCF15qguo=
 github.com/terminalstatic/go-xsd-validate v0.1.5/go.mod h1:18lsvYFofBflqCrvo1umpABZ99+GneNTw2kEEc8UPJw=
+github.com/tetratelabs/wazero v1.9.0 h1:IcZ56OuxrtaEz8UYNRHBrUa9bYeX9oVY93KspZZBf/I=
+github.com/tetratelabs/wazero v1.9.0/go.mod h1:TSbcXCfFP0L2FGkRPxHphadXPjo1T6W+CseNNY7EkjM=
 github.com/therootcompany/xz v1.0.1 h1:CmOtsn1CbtmyYiusbfmhmkpAAETj0wBIH6kCYaX+xzw=
 github.com/therootcompany/xz v1.0.1/go.mod h1:3K3UH1yCKgBneZYhuQUvJ9HPD19UEXEI0BWbMn8qNMY=
 github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0=

pkg/containerprofilemanager/containerprofile_manager_interface.go

@@ -2,7 +2,6 @@ package containerprofilemanager
 
 import (
 	containercollection "github.com/inspektor-gadget/inspektor-gadget/pkg/container-collection"
-	"github.com/inspektor-gadget/inspektor-gadget/pkg/datasource"
 	tracerhardlinktype "github.com/kubescape/node-agent/pkg/ebpf/gadgets/hardlink/types"
 	tracerhttptype "github.com/kubescape/node-agent/pkg/ebpf/gadgets/http/types"
 	tracersymlinktype "github.com/kubescape/node-agent/pkg/ebpf/gadgets/symlink/types"
@@ -12,7 +11,6 @@ import (
 
 type ContainerProfileManagerClient interface {
 	ContainerCallback(notif containercollection.PubSubEvent)
-	RegisterPeekFunc(peek func(mntns uint64) ([]string, error))
 	ReportCapability(containerID, capability string)
 	ReportFileExec(containerID string, event *utils.EnrichEvent)
 	ReportFileOpen(containerID string, event *utils.EnrichEvent)
@@ -21,7 +19,8 @@ type ContainerProfileManagerClient interface {
 	ReportIdentifiedCallStack(containerID string, callStack *v1beta1.IdentifiedCallStack)
 	ReportSymlinkEvent(containerID string, event *tracersymlinktype.Event)
 	ReportHardlinkEvent(containerID string, event *tracerhardlinktype.Event)
-	ReportNetworkEvent(containerID string, event *datasource.Data)
+	ReportNetworkEvent(containerID string, event *utils.EnrichEvent)
+	ReportSyscalls(containerID string, syscalls []string)
 	ReportDroppedEvent(containerID string)
 	RegisterForContainerEndOfLife(notificationChannel chan *containercollection.Container)
 	OnQueueError(profile *v1beta1.ContainerProfile, containerID string, err error)

pkg/containerprofilemanager/containerprofile_manager_mock.go

@@ -2,7 +2,6 @@ package containerprofilemanager
 
 import (
 	containercollection "github.com/inspektor-gadget/inspektor-gadget/pkg/container-collection"
-	"github.com/inspektor-gadget/inspektor-gadget/pkg/datasource"
 	tracerhardlinktype "github.com/kubescape/node-agent/pkg/ebpf/gadgets/hardlink/types"
 	tracerhttptype "github.com/kubescape/node-agent/pkg/ebpf/gadgets/http/types"
 	tracersymlinktype "github.com/kubescape/node-agent/pkg/ebpf/gadgets/symlink/types"
@@ -23,19 +22,19 @@ func (a ContainerProfileManagerMock) ContainerCallback(_ containercollection.Pub
 	// noop
 }
 
-func (a ContainerProfileManagerMock) RegisterPeekFunc(_ func(mntns uint64) ([]string, error)) {
+func (a ContainerProfileManagerMock) ReportSyscalls(_ string, _ []string) {
 	// noop
 }
 
 func (a ContainerProfileManagerMock) ReportCapability(_, _ string) {
 	// noop
 }
 
-func (a ContainerProfileManagerMock) ReportFileExec(containerID string, event *utils.EnrichEvent) {
+func (a ContainerProfileManagerMock) ReportFileExec(_ string, _ *utils.EnrichEvent) {
 	// noop
 }
 
-func (a ContainerProfileManagerMock) ReportFileOpen(containerID string, event *utils.EnrichEvent) {
+func (a ContainerProfileManagerMock) ReportFileOpen(_ string, _ *utils.EnrichEvent) {
 	// noop
 }
 
@@ -67,7 +66,7 @@ func (a ContainerProfileManagerMock) RegisterForContainerEndOfLife(_ chan *conta
 	// noop
 }
 
-func (a ContainerProfileManagerMock) ReportNetworkEvent(_ string, _ *datasource.Data) {
+func (a ContainerProfileManagerMock) ReportNetworkEvent(_ string, _ *utils.EnrichEvent) {
 	// noop
 }
 

pkg/containerprofilemanager/v1/container_data.go

@@ -13,11 +13,11 @@ import (
 	"k8s.io/utils/ptr"
 )
 
-// emptyEvents clears all event data except syscalls (which are kept for peek function)
+// emptyEvents clears all event data
 func (cd *containerData) emptyEvents() {
 	cd.size.Store(0)
 	cd.capabilites = nil
-	// cd.syscalls is intentionally not set to nil, as we want to keep the syscalls for the peek function
+	cd.syscalls = nil
 	cd.endpoints = nil
 	cd.execs = nil
 	cd.opens = nil
@@ -95,6 +95,13 @@ func (cd *containerData) getOpens() []v1beta1.OpenCalls {
 	return opens
 }
 
+func (cd *containerData) getSyscalls() []string {
+	if cd.syscalls == nil {
+		return []string{}
+	}
+	return cd.syscalls.ToSlice()
+}
+
 // getEndpoints returns all HTTP endpoints recorded for this container
 func (cd *containerData) getEndpoints() []v1beta1.HTTPEndpoint {
 	var endpoints []v1beta1.HTTPEndpoint

pkg/containerprofilemanager/v1/container_operations.go

@@ -102,8 +102,3 @@ func (cpm *ContainerProfileManager) removeContainerEntry(containerID string) (*C
 
 	return entry, exists
 }
-
-// RegisterPeekFunc registers the syscall peek function
-func (cpm *ContainerProfileManager) RegisterPeekFunc(peek func(mntns uint64) ([]string, error)) {
-	cpm.syscallPeekFunc = peek
-}

pkg/containerprofilemanager/v1/containerprofile_manager.go

@@ -69,7 +69,6 @@ type ContainerProfileManager struct {
 	k8sObjectCache    objectcache.K8sObjectCache
 	storageClient     storage.StorageClient
 	dnsResolverClient dnsmanager.DNSResolver
-	syscallPeekFunc   func(nsMountId uint64) ([]string, error)
 	seccompManager    seccompmanager.SeccompManagerClient
 	enricher          containerprofilemanager.Enricher
 	ruleBindingCache  rulebindingmanager.RuleBindingCache

pkg/containerprofilemanager/v1/containerprofile_manager_test.go

@@ -596,51 +596,6 @@ func TestContainerDataEmptyEvents(t *testing.T) {
 	// Note: syscalls should remain not nil as per the comment in the code
 }
 
-func TestContainerProfileManagerRegisterPeekFunc(t *testing.T) {
-	// Create a unique temporary directory for this test
-	tempDir, err := os.MkdirTemp("", "fake-storage-queue-*")
-	if err != nil {
-		t.Fatalf("Failed to create temp directory: %v", err)
-	}
-	defer os.RemoveAll(tempDir) // Clean up after test
-
-	// Override the queue directory for this test
-	t.Setenv("QUEUE_DIR", tempDir)
-
-	cfg := config.Config{}
-	ctx := context.TODO()
-	k8sClient := &k8sclient.K8sClientMock{}
-	storageClient := &storage.StorageHttpClientMock{}
-	k8sObjectCacheMock := &objectcache.K8sObjectCacheMock{}
-	seccompManagerMock := &seccompmanager.SeccompManagerMock{}
-
-	cpm, err := NewContainerProfileManager(
-		ctx,
-		cfg,
-		k8sClient,
-		k8sObjectCacheMock,
-		storageClient,
-		nil,
-		seccompManagerMock,
-		nil,
-		nil,
-	)
-	require.NoError(t, err)
-
-	// Register a peek function
-	peekFunc := func(mntns uint64) ([]string, error) {
-		return []string{"open", "read"}, nil
-	}
-
-	cpm.RegisterPeekFunc(peekFunc)
-	assert.NotNil(t, cpm.syscallPeekFunc)
-
-	// Test the registered function
-	result, err := cpm.syscallPeekFunc(12345)
-	assert.NoError(t, err)
-	assert.Equal(t, []string{"open", "read"}, result)
-}
-
 func TestEndpointKindConstants(t *testing.T) {
 	assert.Equal(t, EndpointKind("pod"), EndpointKindPod)
 	assert.Equal(t, EndpointKind("svc"), EndpointKindService)