You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After upgrading to v1.3.0, I observed that applying kprobes with both rate-limited and non-rate-limited actions in a single kprobe TracingPolicy fails.
Upon investigation, I found that in PR #2128's commit d7a30b3, the ratelimit_map was changed to a per-sensor map. This modification causes the ratelimit_map to be shared among programs, but rate-limited and non-rate-limited programs expect different MaxEntries values. As a result, the program load fails due to map specification incompatibility.
The text was updated successfully, but these errors were encountered:
Hello, thanks for the report and the repro, I can imagine why this is happening indeed, your investigation is correct. Let's see how we can fix this :)
What happened?
After upgrading to v1.3.0, I observed that applying kprobes with both rate-limited and non-rate-limited actions in a single kprobe TracingPolicy fails.
The tracing policy is defined as follows:
By either setting
rateLimit
for both or removingrateLimit
from bothmatchActions
, the program loads successfully.Tetragon Version
v1.3.0
Kernel Version
Linux 5.15.0-118-generic x86_64
Kubernetes Version
v1.30.3
Bugtool
No response
Relevant log output
Anything else?
Upon investigation, I found that in PR #2128's commit d7a30b3, the
ratelimit_map
was changed to a per-sensor map. This modification causes theratelimit_map
to be shared among programs, but rate-limited and non-rate-limited programs expect differentMaxEntries
values. As a result, the program load fails due to map specification incompatibility.The text was updated successfully, but these errors were encountered: