This is the first PR that is bringing modifications for our eBPF programs to allow grouping data according the Real Parent ID, the Parent ID, and the process ID.
The main goal with these changes is to reduce the time kernel needs to find a process in the hash tables and speed up processing. We are not going to remove from users the possibility to see all process, but this won't be enabled by default.
This PR is also bringing small fixed for the functional tester.
Test Plan
Get files from this link and store in a specific file, for example, ~/PATH_TO_ARTIFACTS
Extract the files running
for i in `ls *.zip`; do unzip $i; rm .gitkeep ; rm $i; done
for i in `ls *.xz`; do tar -xf $i; rm $i* ; done
The final result will demonstrate more Processes stored when --pid receives 2 as arguments, for the first two options it can be equal or to have a small difference depending of the processes running on computer/VM.
Summary
This is the first PR that is bringing modifications for our eBPF programs to allow grouping data according the Real Parent ID, the Parent ID, and the process ID.
The main goal with these changes is to reduce the time kernel needs to find a process in the hash tables and speed up processing. We are not going to remove from users the possibility to see all process, but this won't be enabled by default.
This PR is also bringing small fixed for the functional tester.
Test Plan
~/PATH_TO_ARTIFACTSCompile current branch:
Run tests:
The final result will demonstrate more Processes stored when
--pidreceives2as arguments, for the first two options it can be equal or to have a small difference depending of the processes running on computer/VM.Additional information
This PR was already tested on :