libs
libs copied to clipboard
falcosecurity
new(modern_bpf): add support for some `network` family syscalls
What type of PR is this?
/kind feature
Any specific area of the project related to this PR?
/area driver-modern-bpf
/area libpman
/area tests
Does this PR require a change in the driver versions?
What this PR does / why we need it:
This PR is part of a series https://github.com/falcosecurity/libs/issues/513, the final aim is to support the most important syscalls also in the new probe. This PR introduces:
socketconnectsocketpairacceptaccept4bindlisten
Which issue(s) this PR fixes:
Special notes for your reviewer:
Does this PR introduce a user-facing change?:
new(modern_bpf): add support for some network family syscalls
Hi @Andreagit97
@hbrueckner i should have addressed all your comments :)
Many thanks! I will give it a try on Monday and report back test results. After that being on vacation... so no todo's :wink: from my side in the next couple of days.
Thank you very much!
After that being on vacation... so no todo's wink from my side in the next couple of days.
So happy holidays! :beach_umbrella: I will wait you with new syscalls :rofl: :rofl:
Many thanks! I will give it a try on Monday and report back test results.
Tests pass successfully on s390x:
[----------] Global test environment tear-down
[==========] 83 tests from 2 test suites ran. (6 ms total)
[ PASSED ] 83 tests.
This PR and https://github.com/falcosecurity/libs/pull/553 are blocking for the last syscalls so I would focus the reviewers' attention on them if possible :pray:
LGTM label has been added.
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: Andreagit97, FedeDP
The full list of commands accepted by this bot can be found here.
The pull request process is described here
- ~~OWNERS~~ [Andreagit97,FedeDP]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment