Exclude unneeded progs #1636
Exclude unneeded progs #1636
Conversation
Reduce number of bpf programs we include into the final probe. This helps to reduce the probe size, and as a side effect helps fighting debug log truncation due to its large size (it contains relocations for all of those progs).
collector/CMakeLists.txt
Outdated
| # $ bpftool prog | grep tracing | awk '{print $4}' > all_progs.list | ||
| # $ grep -v -f progs_in_use.list all_progs.list > collector/excluded_progs.list | ||
| file(READ "excluded_progs.list" EXCLUDED_PROGS) | ||
| STRING(REGEX REPLACE "\n" "" EXCLUDED_PROGS "${EXCLUDED_PROGS}") |
There was a problem hiding this comment.
Oh Lord have mercy on our souls :repenting_intensifies:
collector/excluded_progs.list
Outdated
| @@ -0,0 +1,140 @@ | |||
| ^( | |||
There was a problem hiding this comment.
On a somewhat more serious note, could we change this to be a straight up list of progs, then use something like JOIN to put them together with | and simply add the ^( and )$ afterwards?
https://cmake.org/cmake/help/latest/command/string.html#join
|
How do we keep this synchronized when either new system calls are supported in Falco or new system calls are added to collector ( |
Good question, @robbycochran. I've described in the commentary how the list was generated, so what we could do to make it easier is to automate this process, maybe load list of used syscalls from an external file during the build as well (not just define in the header), and add a CI check to verify if there are any differences. This way if:
|
erthalion
added
all-integration-tests
run-multiarch-builds
Description
Reduce number of bpf programs we include into the final probe. This helps to reduce the probe size, and as a side effect helps fighting debug log truncation due to its large size (it contains relocations for all of those progs).
Checklist
Automated testing
If any of these don't apply, please comment below.
Testing Performed
Manual testing.