From 39f1ad574c57d1231270d295744bbd4300552964 Mon Sep 17 00:00:00 2001 From: Marc Tuduri Date: Wed, 2 Oct 2024 18:39:03 +0200 Subject: [PATCH] merge ktracer --- bpf/generic_tracer.c | 2 +- bpf/http_ssl.h | 2 +- bpf/k_tracer.c | 817 ---------------- bpf/k_tracer.h | 872 ++++++++++++++++-- bpf/k_tracer_defs.h | 129 +++ pkg/internal/discover/finder.go | 3 +- .../ebpf/generictracer/bpf_arm64_bpfel.go | 88 ++ .../ebpf/generictracer/bpf_arm64_bpfel.o | 4 +- .../generictracer/bpf_debug_arm64_bpfel.go | 88 ++ .../generictracer/bpf_debug_arm64_bpfel.o | 4 +- .../ebpf/generictracer/bpf_debug_x86_bpfel.go | 88 ++ .../ebpf/generictracer/bpf_debug_x86_bpfel.o | 4 +- .../ebpf/generictracer/bpf_tp_arm64_bpfel.go | 88 ++ .../ebpf/generictracer/bpf_tp_arm64_bpfel.o | 4 +- .../generictracer/bpf_tp_debug_arm64_bpfel.go | 88 ++ .../generictracer/bpf_tp_debug_arm64_bpfel.o | 4 +- .../generictracer/bpf_tp_debug_x86_bpfel.go | 88 ++ .../generictracer/bpf_tp_debug_x86_bpfel.o | 4 +- .../ebpf/generictracer/bpf_tp_x86_bpfel.go | 88 ++ .../ebpf/generictracer/bpf_tp_x86_bpfel.o | 4 +- .../ebpf/generictracer/bpf_x86_bpfel.go | 88 ++ .../ebpf/generictracer/bpf_x86_bpfel.o | 4 +- .../ebpf/generictracer/generictracer.go | 429 ++++++++- .../generictracer_notlinux.go} | 2 +- .../generictracer_test.go} | 2 +- pkg/internal/ebpf/ktracer/bpf_arm64_bpfel.go | 499 ---------- pkg/internal/ebpf/ktracer/bpf_arm64_bpfel.o | 3 - .../ebpf/ktracer/bpf_debug_arm64_bpfel.go | 502 ---------- .../ebpf/ktracer/bpf_debug_arm64_bpfel.o | 3 - .../ebpf/ktracer/bpf_debug_x86_bpfel.go | 502 ---------- .../ebpf/ktracer/bpf_debug_x86_bpfel.o | 3 - .../ebpf/ktracer/bpf_tp_arm64_bpfel.go | 499 ---------- .../ebpf/ktracer/bpf_tp_arm64_bpfel.o | 3 - .../ebpf/ktracer/bpf_tp_debug_arm64_bpfel.go | 502 ---------- .../ebpf/ktracer/bpf_tp_debug_arm64_bpfel.o | 3 - .../ebpf/ktracer/bpf_tp_debug_x86_bpfel.go | 502 ---------- .../ebpf/ktracer/bpf_tp_debug_x86_bpfel.o | 3 - pkg/internal/ebpf/ktracer/bpf_tp_x86_bpfel.go | 499 ---------- pkg/internal/ebpf/ktracer/bpf_tp_x86_bpfel.o | 3 - pkg/internal/ebpf/ktracer/bpf_x86_bpfel.go | 499 ---------- pkg/internal/ebpf/ktracer/bpf_x86_bpfel.o | 3 - pkg/internal/ebpf/ktracer/ktracer.go | 571 ------------ 42 files changed, 2049 insertions(+), 5544 deletions(-) delete mode 100644 bpf/k_tracer.c create mode 100644 bpf/k_tracer_defs.h rename pkg/internal/ebpf/{ktracer/ktracer_notlinux.go => generictracer/generictracer_notlinux.go} (98%) rename pkg/internal/ebpf/{ktracer/ktracer_test.go => generictracer/generictracer_test.go} (95%) delete mode 100644 pkg/internal/ebpf/ktracer/bpf_arm64_bpfel.go delete mode 100644 pkg/internal/ebpf/ktracer/bpf_arm64_bpfel.o delete mode 100644 pkg/internal/ebpf/ktracer/bpf_debug_arm64_bpfel.go delete mode 100644 pkg/internal/ebpf/ktracer/bpf_debug_arm64_bpfel.o delete mode 100644 pkg/internal/ebpf/ktracer/bpf_debug_x86_bpfel.go delete mode 100644 pkg/internal/ebpf/ktracer/bpf_debug_x86_bpfel.o delete mode 100644 pkg/internal/ebpf/ktracer/bpf_tp_arm64_bpfel.go delete mode 100644 pkg/internal/ebpf/ktracer/bpf_tp_arm64_bpfel.o delete mode 100644 pkg/internal/ebpf/ktracer/bpf_tp_debug_arm64_bpfel.go delete mode 100644 pkg/internal/ebpf/ktracer/bpf_tp_debug_arm64_bpfel.o delete mode 100644 pkg/internal/ebpf/ktracer/bpf_tp_debug_x86_bpfel.go delete mode 100644 pkg/internal/ebpf/ktracer/bpf_tp_debug_x86_bpfel.o delete mode 100644 pkg/internal/ebpf/ktracer/bpf_tp_x86_bpfel.go delete mode 100644 pkg/internal/ebpf/ktracer/bpf_tp_x86_bpfel.o delete mode 100644 pkg/internal/ebpf/ktracer/bpf_x86_bpfel.go delete mode 100644 pkg/internal/ebpf/ktracer/bpf_x86_bpfel.o delete mode 100644 pkg/internal/ebpf/ktracer/ktracer.go diff --git a/bpf/generic_tracer.c b/bpf/generic_tracer.c index 06b65c98b..d7850f176 100644 --- a/bpf/generic_tracer.c +++ b/bpf/generic_tracer.c @@ -1 +1 @@ -#include "http_ssl.h" +#include "k_tracer.h" \ No newline at end of file diff --git a/bpf/http_ssl.h b/bpf/http_ssl.h index 268abefc8..f0039ea71 100644 --- a/bpf/http_ssl.h +++ b/bpf/http_ssl.h @@ -4,7 +4,7 @@ #include "vmlinux.h" #include "bpf_helpers.h" #include "http_types.h" -#include "k_tracer.h" +#include "k_tracer_defs.h" #include "bpf_dbg.h" #include "pid.h" #include "sockaddr.h" diff --git a/bpf/k_tracer.c b/bpf/k_tracer.c deleted file mode 100644 index d538e72e7..000000000 --- a/bpf/k_tracer.c +++ /dev/null @@ -1,817 +0,0 @@ -#include "vmlinux.h" -#include "bpf_helpers.h" -#include "bpf_tracing.h" -#include "bpf_dbg.h" -#include "pid.h" -#include "sockaddr.h" -#include "tcp_info.h" -#include "k_tracer.h" -#include "http_ssl.h" - -#define TC_SYN_PACKET_ID 0xdeadf00d - -// Temporary tracking of accept arguments -struct { - __uint(type, BPF_MAP_TYPE_LRU_HASH); - __uint(max_entries, MAX_CONCURRENT_REQUESTS); - __type(key, u64); - __type(value, sock_args_t); -} active_accept_args SEC(".maps"); - -// Temporary tracking of connect arguments -struct { - __uint(type, BPF_MAP_TYPE_LRU_HASH); - __uint(max_entries, MAX_CONCURRENT_REQUESTS); - __type(key, u64); - __type(value, sock_args_t); -} active_connect_args SEC(".maps"); - -// Temporary tracking of tcp_recvmsg arguments -typedef struct recv_args { - u64 sock_ptr; // linux sock or socket address - u8 iovec_ctx[sizeof(iovec_iter_ctx)]; -} recv_args_t; - -struct { - __uint(type, BPF_MAP_TYPE_LRU_HASH); - __uint(max_entries, MAX_CONCURRENT_REQUESTS); - __type(key, u64); - __type(value, recv_args_t); -} active_recv_args SEC(".maps"); - -typedef struct send_args { - pid_connection_info_t p_conn; - u64 size; -} send_args_t; - -struct { - __uint(type, BPF_MAP_TYPE_LRU_HASH); - __uint(max_entries, MAX_CONCURRENT_REQUESTS); - __type(key, u64); // pid_tid - __type(value, send_args_t); // size to be sent -} active_send_args SEC(".maps"); - -struct { - __uint(type, BPF_MAP_TYPE_LRU_HASH); - __uint(max_entries, MAX_CONCURRENT_REQUESTS); - __type(key, u64); // *sock - __type(value, send_args_t); // size to be sent -} active_send_sock_args SEC(".maps"); - -struct { - __uint(type, BPF_MAP_TYPE_LRU_HASH); - __type( - key, - partial_connection_info_t); // key: the connection info without the destination address, but with the tcp sequence - __type(value, connection_info_t); // value: traceparent info - __uint(max_entries, 1024); - __uint(pinning, LIBBPF_PIN_BY_NAME); -} tcp_connection_map SEC(".maps"); - -// Used by accept to grab the sock details -SEC("kretprobe/sock_alloc") -int BPF_KRETPROBE(kretprobe_sock_alloc, struct socket *sock) { - u64 id = bpf_get_current_pid_tgid(); - - if (!valid_pid(id)) { - return 0; - } - - bpf_dbg_printk("=== sock alloc %llx ===", id); - - u64 addr = (u64)sock; - - sock_args_t args = {}; - - args.addr = addr; - args.accept_time = bpf_ktime_get_ns(); - - // The socket->sock is not valid until accept finishes, therefore - // we don't extract ->sock here, we remember the address of socket - // and parse in sys_accept - bpf_map_update_elem(&active_accept_args, &id, &args, BPF_ANY); - - return 0; -} - -// We tap into accept and connect to figure out if a request is inbound or -// outbound. However, in some cases servers can optimise the accept path if -// the same request is sent over and over. For that reason, in case we miss the -// initial accept, we establish an active filtered connection here. By default -// sets the type to be server HTTP, in client mode we'll overwrite the -// data in the map, since those cannot be optimised. -SEC("kprobe/tcp_rcv_established") -int BPF_KPROBE(kprobe_tcp_rcv_established, struct sock *sk, struct sk_buff *skb) { - u64 id = bpf_get_current_pid_tgid(); - - if (!valid_pid(id)) { - return 0; - } - - bpf_dbg_printk("=== tcp_rcv_established id=%d ===", id); - - ssl_pid_connection_info_t pid_info = {}; - - if (parse_sock_info(sk, &pid_info.p_conn.conn)) { - //u16 orig_dport = info.conn.d_port; - //dbg_print_http_connection_info(&info.conn); - sort_connection_info(&pid_info.p_conn.conn); - pid_info.p_conn.pid = pid_from_pid_tgid(id); - - // This is a current limitation for port ordering detection for SSL. - // tcp_rcv_established flip flops the ports and we can't tell if it's client or server call. - // If the source port for a client call is lower, we'll get this wrong. - // TODO: Need to fix this. - pid_info.orig_dport = pid_info.p_conn.conn.s_port, - bpf_map_update_elem( - &pid_tid_to_conn, - &id, - &pid_info, - BPF_ANY); // to support SSL on missing handshake, respect the original info if there - } - - return 0; -} - -// We tap into both sys_accept and sys_accept4. -// We don't care about the accept entry arguments, since we get only peer information -// we don't have the full picture for the socket. -// -// Note: A current limitation is that likely we won't capture the first accept request. The -// process may have already reached accept, before the instrumenter has launched. -SEC("kretprobe/sys_accept4") -int BPF_KRETPROBE(kretprobe_sys_accept4, uint fd) { - u64 id = bpf_get_current_pid_tgid(); - - if (!valid_pid(id)) { - return 0; - } - - //bpf_dbg_printk("=== accept 4 ret id=%d ===", id); - - // The file descriptor is the value returned from the accept4 syscall. - // If we got a negative file descriptor we don't have a connection - if ((int)fd < 0) { - goto cleanup; - } - - sock_args_t *args = bpf_map_lookup_elem(&active_accept_args, &id); - if (!args) { - //bpf_dbg_printk("No sock info %d", id); - goto cleanup; - } - - bpf_dbg_printk("=== accept 4 ret id=%d, sock=%llx, fd=%d ===", id, args->addr, fd); - - ssl_pid_connection_info_t info = {}; - - if (parse_accept_socket_info(args, &info.p_conn.conn)) { - u16 orig_dport = info.p_conn.conn.d_port; - //dbg_print_http_connection_info(&info.conn); - sort_connection_info(&info.p_conn.conn); - info.p_conn.pid = pid_from_pid_tgid(id); - info.orig_dport = orig_dport; - - bpf_map_update_elem( - &pid_tid_to_conn, &id, &info, BPF_ANY); // to support SSL on missing handshake - } - -cleanup: - bpf_map_delete_elem(&active_accept_args, &id); - return 0; -} - -// Used by connect so that we can grab the sock details -SEC("kprobe/tcp_connect") -int BPF_KPROBE(kprobe_tcp_connect, struct sock *sk) { - u64 id = bpf_get_current_pid_tgid(); - - if (!valid_pid(id)) { - return 0; - } - - bpf_dbg_printk("=== tcp connect %llx ===", id); - - tp_info_pid_t *tp_p = tp_buf(); - - // Connect runs before the SYN packet is sent. - // We use this opportunity to setup a trace context information for the connection. - // We'll later query the trace information in tc_egress, and serialize it on the TCP packet. - // Why would we do this here instead of on the tc_egress itself? We could move this on the tc_egress, - // but we would be modifying all packets, not just for processes which are instrumented, - // since we can't reliably tell the process PID in TC or socket filters. - if (tp_p) { - tp_p->tp.ts = bpf_ktime_get_ns(); - tp_p->tp.flags = 1; - tp_p->valid = 1; - tp_p->pid = - TC_SYN_PACKET_ID; // set an ID up here in case someone else is doing what we are doing - urand_bytes(tp_p->tp.span_id, SPAN_ID_SIZE_BYTES); - tp_info_pid_t *server_tp = find_parent_trace(); - if (server_tp && valid_trace(server_tp->tp.trace_id)) { - __builtin_memcpy(tp_p->tp.trace_id, server_tp->tp.trace_id, sizeof(tp_p->tp.trace_id)); - __builtin_memcpy(tp_p->tp.parent_id, server_tp->tp.span_id, sizeof(tp_p->tp.parent_id)); - } else { - urand_bytes(tp_p->tp.trace_id, TRACE_ID_SIZE_BYTES); - __builtin_memset(tp_p->tp.parent_id, 0, sizeof(tp_p->tp.span_id)); - } - - connection_info_t conn = {}; - parse_sock_info(sk, &conn); - sort_connection_info(&conn); - - bpf_dbg_printk("Setting up tp info"); - dbg_print_http_connection_info(&conn); - - bpf_map_update_elem(&outgoing_trace_map, &conn, tp_p, BPF_ANY); - } - - u64 addr = (u64)sk; - - sock_args_t args = {}; - - args.addr = addr; - args.accept_time = bpf_ktime_get_ns(); - - bpf_map_update_elem(&active_connect_args, &id, &args, BPF_ANY); - - return 0; -} - -// We tap into sys_connect so we can track properly the processes doing -// HTTP client calls -SEC("kretprobe/sys_connect") -int BPF_KRETPROBE(kretprobe_sys_connect, int fd) { - u64 id = bpf_get_current_pid_tgid(); - - if (!valid_pid(id)) { - return 0; - } - - bpf_dbg_printk("=== connect ret id=%d, pid=%d ===", id, pid_from_pid_tgid(id)); - - // The file descriptor is the value returned from the connect syscall. - // If we got a negative file descriptor we don't have a connection, unless we are in progress - if (fd < 0 && (fd != -EINPROGRESS)) { - goto cleanup; - } - - sock_args_t *args = bpf_map_lookup_elem(&active_connect_args, &id); - if (!args) { - bpf_dbg_printk("No sock info %d", id); - goto cleanup; - } - - ssl_pid_connection_info_t info = {}; - - if (parse_connect_sock_info(args, &info.p_conn.conn)) { - bpf_dbg_printk("=== connect ret id=%d, pid=%d ===", id, pid_from_pid_tgid(id)); - u16 orig_dport = info.p_conn.conn.d_port; - //dbg_print_http_connection_info(&info.conn); - sort_connection_info(&info.p_conn.conn); - info.p_conn.pid = pid_from_pid_tgid(id); - info.orig_dport = orig_dport; - - bpf_map_update_elem(&pid_tid_to_conn, &id, &info, BPF_ANY); // to support SSL - } - -cleanup: - bpf_map_delete_elem(&active_connect_args, &id); - return 0; -} - -// Main HTTP read and write operations are handled with tcp_sendmsg and tcp_recvmsg - -static __always_inline void *is_ssl_connection(u64 id) { - void *ssl = 0; - // Checks if it's sandwitched between active SSL handshake, read or write uprobe/uretprobe - void **s = bpf_map_lookup_elem(&active_ssl_handshakes, &id); - if (s) { - ssl = *s; - } else { - ssl_args_t *ssl_args = bpf_map_lookup_elem(&active_ssl_read_args, &id); - if (!ssl_args) { - ssl_args = bpf_map_lookup_elem(&active_ssl_write_args, &id); - } - if (ssl_args) { - ssl = (void *)ssl_args->ssl; - } - } - - return ssl; -} - -static __always_inline void *is_active_ssl(pid_connection_info_t *conn) { - return bpf_map_lookup_elem(&active_ssl_connections, conn); -} - -// The size argument here will be always the total response size. -// However, the return value of tcp_sendmsg tells us how much it sent. When the -// response is large it will get chunked, so we have to use a kretprobe to -// finish the request event, otherwise we won't get accurate timings. -// The problem is that kretprobes can be skipped, otherwise we could always just -// finish the request on the return of tcp_sendmsg. Therefore for any request less -// than 1MB we just finish the request on the kprobe path. -SEC("kprobe/tcp_sendmsg") -int BPF_KPROBE(kprobe_tcp_sendmsg, struct sock *sk, struct msghdr *msg, size_t size) { - u64 id = bpf_get_current_pid_tgid(); - - if (!valid_pid(id)) { - return 0; - } - - bpf_dbg_printk("=== kprobe tcp_sendmsg=%d sock=%llx size %d===", id, sk, size); - - send_args_t s_args = {.size = size}; - - if (parse_sock_info(sk, &s_args.p_conn.conn)) { - u16 orig_dport = s_args.p_conn.conn.d_port; - //dbg_print_http_connection_info(&s_args.p_conn.conn); // commented out since GitHub CI doesn't like this call - sort_connection_info(&s_args.p_conn.conn); - s_args.p_conn.pid = pid_from_pid_tgid(id); - - void *ssl = is_ssl_connection(id); - if (size > 0) { - if (!ssl) { - void *active_ssl = is_active_ssl(&s_args.p_conn); - if (!active_ssl) { - u8 *buf = iovec_memory(); - if (buf) { - size = read_msghdr_buf(msg, buf, size); - if (size) { - u64 sock_p = (u64)sk; - bpf_map_update_elem(&active_send_args, &id, &s_args, BPF_ANY); - bpf_map_update_elem(&active_send_sock_args, &sock_p, &s_args, BPF_ANY); - - // Logically last for !ssl. - handle_buf_with_connection( - ctx, &s_args.p_conn, buf, size, NO_SSL, TCP_SEND, orig_dport); - } else { - bpf_dbg_printk("can't find iovec ptr in msghdr, not tracking sendmsg"); - } - } - } else { - bpf_dbg_printk("tcp_sendmsg for identified SSL connection, ignoring..."); - } - } else { - bpf_dbg_printk("tcp_sendmsg for identified SSL connection, ignoring..."); - } - } - - if (!ssl) { - return 0; - } - - bpf_dbg_printk("=== kprobe SSL tcp_sendmsg=%d sock=%llx ssl=%llx ===", id, sk, ssl); - ssl_pid_connection_info_t *s_conn = bpf_map_lookup_elem(&ssl_to_conn, &ssl); - if (s_conn) { - finish_possible_delayed_tls_http_request(&s_conn->p_conn, ssl); - } - ssl_pid_connection_info_t ssl_conn = { - .orig_dport = orig_dport, - }; - __builtin_memcpy(&ssl_conn.p_conn, &s_args.p_conn, sizeof(pid_connection_info_t)); - bpf_map_update_elem(&ssl_to_conn, &ssl, &ssl_conn, BPF_ANY); - } - - return 0; -} - -// This is really a fallback for the kprobe to ensure we send a large request if it was -// delayed. The code under the `if (size < KPROBES_LARGE_RESPONSE_LEN) {` block should do it -// but it's possible that the kernel sends the data in smaller chunks. -SEC("kretprobe/tcp_sendmsg") -int BPF_KRETPROBE(kretprobe_tcp_sendmsg, int sent_len) { - u64 id = bpf_get_current_pid_tgid(); - - if (!valid_pid(id)) { - return 0; - } - - bpf_dbg_printk("=== kretprobe tcp_sendmsg=%d sent %d===", id, sent_len); - - send_args_t *s_args = bpf_map_lookup_elem(&active_send_args, &id); - if (s_args) { - if (sent_len > 0) { - update_http_sent_len(&s_args->p_conn, sent_len); - } - if (sent_len < - MIN_HTTP_SIZE) { // Sometimes app servers don't send close, but small responses back - finish_possible_delayed_http_request(&s_args->p_conn); - } - } - - return 0; -} - -static __always_inline void ensure_sent_event(u64 id, u64 *sock_p) { - if (high_request_volume) { - return; - } - send_args_t *s_args = bpf_map_lookup_elem(&active_send_args, &id); - if (s_args) { - bpf_dbg_printk("Checking if we need to finish the request per thread id"); - finish_possible_delayed_http_request(&s_args->p_conn); - } // see if we match on another thread, but same sock * - s_args = bpf_map_lookup_elem(&active_send_sock_args, sock_p); - if (s_args) { - bpf_dbg_printk("Checking if we need to finish the request per socket"); - finish_possible_delayed_http_request(&s_args->p_conn); - } -} - -SEC("kprobe/tcp_close") -int BPF_KPROBE(kprobe_tcp_close, struct sock *sk, long timeout) { - u64 id = bpf_get_current_pid_tgid(); - - if (!valid_pid(id)) { - return 0; - } - - u64 sock_p = (u64)sk; - - bpf_dbg_printk("=== kprobe tcp_close %d sock %llx ===", id, sk); - - ensure_sent_event(id, &sock_p); - - pid_connection_info_t info = {}; - - if (parse_sock_info(sk, &info.conn)) { - sort_connection_info(&info.conn); - //dbg_print_http_connection_info(&info.conn); - info.pid = pid_from_pid_tgid(id); - bpf_map_delete_elem(&ongoing_tcp_req, &info); - } - - bpf_map_delete_elem(&active_send_args, &id); - bpf_map_delete_elem(&active_send_sock_args, &sock_p); - - return 0; -} - -//int tcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, int flags, int *addr_len) -SEC("kprobe/tcp_recvmsg") -int BPF_KPROBE( - kprobe_tcp_recvmsg, struct sock *sk, struct msghdr *msg, size_t len, int flags, int *addr_len) { - u64 id = bpf_get_current_pid_tgid(); - - if (!valid_pid(id)) { - return 0; - } - - bpf_dbg_printk("=== tcp_recvmsg id=%d sock=%llx ===", id, sk); - - // Make sure we don't have stale event from earlier socket connection if they are - // sent through the same socket. This mainly happens if the server overlays virtual - // threads in the runtime. - u64 sock_p = (u64)sk; - ensure_sent_event(id, &sock_p); - - recv_args_t args = { - .sock_ptr = (u64)sk, - }; - - get_iovec_ctx((iovec_iter_ctx *)&args.iovec_ctx, msg); - - bpf_map_update_elem(&active_recv_args, &id, &args, BPF_ANY); - - return 0; -} - -static __always_inline int return_recvmsg(void *ctx, u64 id, int copied_len) { - recv_args_t *args = bpf_map_lookup_elem(&active_recv_args, &id); - - bpf_dbg_printk("=== return recvmsg id=%d args=%llx copied_len %d ===", id, args, copied_len); - - if (!args || (copied_len <= 0)) { - goto done; - } - - iovec_iter_ctx *iov_ctx = (iovec_iter_ctx *)&args->iovec_ctx; - - if (!iov_ctx->iov && !iov_ctx->ubuf) { - bpf_dbg_printk("iovec_ptr found in kprobe is NULL, ignoring this tcp_recvmsg"); - bpf_map_delete_elem(&active_recv_args, &id); - - goto done; - } - - pid_connection_info_t info = {}; - - void *sock_ptr = (void *)args->sock_ptr; - - bpf_map_delete_elem(&active_recv_args, &id); - - if (parse_sock_info((struct sock *)sock_ptr, &info.conn)) { - u16 orig_dport = info.conn.d_port; - //dbg_print_http_connection_info(&info.conn); - sort_connection_info(&info.conn); - info.pid = pid_from_pid_tgid(id); - - void *ssl = is_ssl_connection(id); - - if (!ssl) { - void *active_ssl = is_active_ssl(&info); - if (!active_ssl) { - u8 *buf = iovec_memory(); - if (buf) { - copied_len = read_iovec_ctx(iov_ctx, buf, copied_len); - if (copied_len) { - // doesn't return must be logically last statement - handle_buf_with_connection( - ctx, &info, buf, copied_len, NO_SSL, TCP_RECV, orig_dport); - } else { - bpf_dbg_printk("Not copied anything"); - } - } - } else { - bpf_dbg_printk("tcp_recvmsg for an identified SSL connection, ignoring..."); - } - } else { - bpf_dbg_printk("tcp_recvmsg for an identified SSL connection, ignoring..."); - } - } - -done: - return 0; -} - -SEC("kprobe/tcp_cleanup_rbuf") -int BPF_KPROBE(kprobe_tcp_cleanup_rbuf, struct sock *sk, int copied) { - u64 id = bpf_get_current_pid_tgid(); - - if (!valid_pid(id)) { - return 0; - } - - bpf_dbg_printk("=== tcp_cleanup_rbuf id=%d copied_len %d ===", id, copied); - - return return_recvmsg(ctx, id, copied); -} - -SEC("kretprobe/tcp_recvmsg") -int BPF_KRETPROBE(kretprobe_tcp_recvmsg, int copied_len) { - u64 id = bpf_get_current_pid_tgid(); - - if (!valid_pid(id)) { - return 0; - } - - bpf_dbg_printk("=== kretprobe_tcp_recvmsg id=%d copied_len %d ===", id, copied_len); - - return return_recvmsg(ctx, id, copied_len); -} - -// Fall-back in case we don't see kretprobe on tcp_recvmsg in high network volume situations -SEC("socket/http_filter") -int socket__http_filter(struct __sk_buff *skb) { - protocol_info_t tcp = {}; - connection_info_t conn = {}; - - if (!read_sk_buff(skb, &tcp, &conn)) { - return 0; - } - - // ignore ACK packets - if (tcp_ack(&tcp)) { - return 0; - } - - // ignore empty packets, unless it's TCP FIN or TCP RST - if (!tcp_close(&tcp) && tcp_empty(&tcp, skb)) { - return 0; - } - - // we don't want to read the whole buffer for every packed that passes our checks, we read only a bit and check if it's truly HTTP request/response. - unsigned char buf[MIN_HTTP_SIZE] = {0}; - bpf_skb_load_bytes(skb, tcp.hdr_len, (void *)buf, sizeof(buf)); - // technically the read should be reversed, but eBPF verifier complains on read with variable length - u32 len = skb->len - tcp.hdr_len; - if (len > MIN_HTTP_SIZE) { - len = MIN_HTTP_SIZE; - } - - u8 packet_type = 0; - if (is_http( - buf, - len, - &packet_type)) { // we must check tcp_close second, a packet can be a close and a response - //dbg_print_http_connection_info(&conn); // commented out since GitHub CI doesn't like this call - sort_connection_info(&conn); - - http_info_t *info = empty_http_info(); - if (!info) { - return 0; - } - - __builtin_memcpy(&info->conn_info, &conn, sizeof(conn)); - - if (packet_type == PACKET_TYPE_REQUEST) { - u32 full_len = skb->len - tcp.hdr_len; - if (full_len > FULL_BUF_SIZE) { - full_len = FULL_BUF_SIZE; - } - read_skb_bytes(skb, tcp.hdr_len, info->buf, full_len); - u64 cookie = bpf_get_socket_cookie(skb); - //bpf_dbg_printk("=== http_filter cookie = %llx, tcp_seq=%d len=%d %s ===", cookie, tcp.seq, len, buf); - //dbg_print_http_connection_info(&conn); - set_fallback_http_info(info, &conn, skb->len - tcp.hdr_len); - - // The code below is looking to see if we have recorded black-box trace info on - // another interface. We do this for client calls, where essentially the original - // request may go out on one interface, but then get re-routed to another, which is - // common with some k8s environments. - // - // This casting is done here to save allocating memory on a per CPU buffer, since - // we don't need info anymore, we reuse it's space and it's much bigger than - // partial_connection_info_t. - partial_connection_info_t *partial = (partial_connection_info_t *)(info); - partial->d_port = conn.d_port; - partial->s_port = conn.s_port; - partial->tcp_seq = tcp.seq; - __builtin_memcpy(partial->s_addr, conn.s_addr, sizeof(partial->s_addr)); - - tp_info_pid_t *trace_info = trace_info_for_connection(&conn); - if (trace_info) { - if (cookie) { // we have an actual socket associated - bpf_map_update_elem(&tcp_connection_map, partial, &conn, BPF_ANY); - } - } else if (!cookie) { // no actual socket for this skb, relayed to another interface - connection_info_t *prev_conn = bpf_map_lookup_elem(&tcp_connection_map, partial); - - if (prev_conn) { - tp_info_pid_t *trace_info = trace_info_for_connection(prev_conn); - if (trace_info) { - if (current_immediate_epoch(trace_info->tp.ts) == - current_immediate_epoch(bpf_ktime_get_ns())) { - //bpf_dbg_printk("Found trace info on another interface, setting it up for this connection"); - tp_info_pid_t other_info = {0}; - __builtin_memcpy(&other_info, trace_info, sizeof(tp_info_pid_t)); - bpf_map_update_elem(&trace_map, &conn, &other_info, BPF_ANY); - } - } - } - } - } - } - - return 0; -} - -/* - The tracking of the clones is complicated by the fact that in container environments - the tid returned by the sys_clone call is the namespaced tid, not the host tid which - bpf sees normally. To mitigate this we work exclusively with namespaces. Only the clone_map - and server_traces are keyed off the namespace:pid. -*/ -SEC("kretprobe/sys_clone") -int BPF_KRETPROBE(kretprobe_sys_clone, int tid) { - u64 id = bpf_get_current_pid_tgid(); - - if (!valid_pid(id) || tid < 0) { - return 0; - } - - pid_key_t parent = {0}; - task_tid(&parent); - - pid_key_t child = { - .pid = (u32)tid, - .ns = parent.ns, - }; - - bpf_dbg_printk("sys_clone_ret %d -> %d", id, tid); - bpf_map_update_elem(&clone_map, &child, &parent, BPF_ANY); - - return 0; -} - -SEC("kprobe/sys_exit") -int BPF_KPROBE(kprobe_sys_exit, int status) { - u64 id = bpf_get_current_pid_tgid(); - - if (!valid_pid(id)) { - return 0; - } - - trace_key_t task = {0}; - task_tid(&task.p_key); - - bpf_dbg_printk( - "sys_exit %d, pid=%d, valid_pid(id)=%d", id, pid_from_pid_tgid(id), valid_pid(id)); - - // handle the case when the thread terminates without closing a socket - send_args_t *s_args = bpf_map_lookup_elem(&active_send_args, &id); - if (s_args) { - bpf_dbg_printk("Checking if we need to finish the request per thread id"); - finish_possible_delayed_http_request(&s_args->p_conn); - bpf_map_delete_elem(&active_ssl_connections, &s_args->p_conn); - } - - bpf_map_delete_elem(&clone_map, &task.p_key); - // This won't delete trace ids for traces with extra_id, like NodeJS. But, - // we expect that it doesn't matter, since NodeJS main thread won't exit. - bpf_map_delete_elem(&server_traces, &task); - - return 0; -} - -SEC("tc_ingress") -int app_ingress(struct __sk_buff *skb) { - //bpf_printk("ingress"); - - protocol_info_t tcp = {}; - connection_info_t conn = {}; - - if (!read_sk_buff(skb, &tcp, &conn)) { - return 0; - } - - // handle SYN only, ignore SYN+ACK packets - if (!tcp_syn(&tcp) || tcp_ack(&tcp)) { - return 0; - } - - if (skb->len - tcp.hdr_len < sizeof(tp_info_pid_t)) { - bpf_printk("SYN packet without tp info"); - return 0; - } - - tp_info_pid_t tp = {0}; - - bpf_skb_load_bytes(skb, tcp.hdr_len, &tp, sizeof(tp_info_pid_t)); - - if (tp.pid != TC_SYN_PACKET_ID) { - bpf_printk("SYN packet without the custom ID inside pid, ignoring..."); - return 0; - } - - s32 len = skb->len - sizeof(u32); - bpf_printk("Received SYN packed len = %d, offset = %d, hdr_len %d", skb->len, len, tcp.hdr_len); - - unsigned char tp_buf[TP_MAX_VAL_LENGTH]; - make_tp_string(tp_buf, &tp.tp); - bpf_printk("tp: %s", tp_buf); - - // Once we receive a traceID over the wire (TCP packet) we store it for later to be used by the trace code. - bpf_map_update_elem(&incoming_trace_map, &conn, &tp, BPF_ANY); - - return 0; -} - -SEC("tc_egress") -int app_egress(struct __sk_buff *skb) { - //bpf_printk("egress"); - - protocol_info_t tcp = {}; - connection_info_t conn = {}; - - if (!read_sk_buff(skb, &tcp, &conn)) { - return 0; - } - - // handle SYN only, ignore SYN+ACK packets - if (!tcp_syn(&tcp) || tcp_ack(&tcp)) { - return 0; - } - - sort_connection_info(&conn); - - tp_info_pid_t *tp = bpf_map_lookup_elem(&outgoing_trace_map, &conn); - - if (tp) { - bpf_printk("SYN packed len = %d", skb->len); - - unsigned char tp_buf[TP_MAX_VAL_LENGTH]; - make_tp_string(tp_buf, &tp->tp); - bpf_printk("tp: %s", tp_buf); - - uint16_t pkt_end = skb->data_end - skb->data; - bpf_printk("Changing tail and setting data on syn, end=%d", pkt_end); - bpf_skb_change_tail(skb, pkt_end + sizeof(tp_info_pid_t), 0); - bpf_skb_store_bytes(skb, pkt_end, tp, sizeof(tp_info_pid_t), 0); - - u32 offset_ip_tot_len = 0; - u32 offset_ip_checksum = 0; - if (tcp.h_proto == ETH_P_IP) { - offset_ip_tot_len = ETH_HLEN + offsetof(struct iphdr, tot_len); - offset_ip_checksum = ETH_HLEN + offsetof(struct iphdr, check); - } else { - offset_ip_tot_len = ETH_HLEN + offsetof(struct ipv6hdr, payload_len); - } - - u16 new_tot_len = bpf_htons(bpf_ntohs(tcp.tot_len) + sizeof(tp_info_pid_t)); - - bpf_printk( - "tot_len = %u, new_tot_len = %u", bpf_ntohs(tcp.tot_len), bpf_ntohs(new_tot_len)); - bpf_printk("h_proto = %u, skb->len = %u", tcp.h_proto, skb->len); - - if (offset_ip_checksum) { - bpf_l3_csum_replace(skb, offset_ip_checksum, tcp.tot_len, new_tot_len, sizeof(u16)); - } - - bpf_skb_store_bytes(skb, offset_ip_tot_len, &new_tot_len, sizeof(u16), 0); - } - - return 0; -} \ No newline at end of file diff --git a/bpf/k_tracer.h b/bpf/k_tracer.h index 1ba76da30..11c71bd92 100644 --- a/bpf/k_tracer.h +++ b/bpf/k_tracer.h @@ -1,129 +1,817 @@ -#ifndef K_TRACER_HELPERS -#define K_TRACER_HELPERS - #include "vmlinux.h" #include "bpf_helpers.h" -#include "http_types.h" -#include "ringbuf.h" +#include "bpf_tracing.h" +#include "bpf_dbg.h" #include "pid.h" -#include "trace_common.h" -#include "protocol_common.h" -#include "protocol_http.h" -#include "protocol_http2.h" -#include "protocol_tcp.h" - -struct bpf_map_def SEC("maps") jump_table = { - .type = BPF_MAP_TYPE_PROG_ARRAY, - .key_size = sizeof(__u32), - .value_size = sizeof(__u32), - .max_entries = 8, -}; - -#define TAIL_PROTOCOL_HTTP 0 -#define TAIL_PROTOCOL_HTTP2 1 -#define TAIL_PROTOCOL_TCP 2 - -static __always_inline void handle_buf_with_args(void *ctx, call_protocol_args_t *args) { - bpf_probe_read(args->small_buf, MIN_HTTP2_SIZE, (void *)args->u_buf); +#include "sockaddr.h" +#include "tcp_info.h" +#include "k_tracer_defs.h" +#include "http_ssl.h" - bpf_dbg_printk( - "buf=[%s], pid=%d, len=%d", args->small_buf, args->pid_conn.pid, args->bytes_len); - - if (is_http(args->small_buf, MIN_HTTP_SIZE, &args->packet_type)) { - bpf_tail_call(ctx, &jump_table, TAIL_PROTOCOL_HTTP); - } else if (is_http2_or_grpc(args->small_buf, MIN_HTTP2_SIZE)) { - bpf_dbg_printk("Found HTTP2 or gRPC connection"); - u8 is_ssl = args->ssl; - bpf_map_update_elem(&ongoing_http2_connections, &args->pid_conn, &is_ssl, BPF_ANY); +#define TC_SYN_PACKET_ID 0xdeadf00d + +// Temporary tracking of accept arguments +struct { + __uint(type, BPF_MAP_TYPE_LRU_HASH); + __uint(max_entries, MAX_CONCURRENT_REQUESTS); + __type(key, u64); + __type(value, sock_args_t); +} active_accept_args SEC(".maps"); + +// Temporary tracking of connect arguments +struct { + __uint(type, BPF_MAP_TYPE_LRU_HASH); + __uint(max_entries, MAX_CONCURRENT_REQUESTS); + __type(key, u64); + __type(value, sock_args_t); +} active_connect_args SEC(".maps"); + +// Temporary tracking of tcp_recvmsg arguments +typedef struct recv_args { + u64 sock_ptr; // linux sock or socket address + u8 iovec_ctx[sizeof(iovec_iter_ctx)]; +} recv_args_t; + +struct { + __uint(type, BPF_MAP_TYPE_LRU_HASH); + __uint(max_entries, MAX_CONCURRENT_REQUESTS); + __type(key, u64); + __type(value, recv_args_t); +} active_recv_args SEC(".maps"); + +typedef struct send_args { + pid_connection_info_t p_conn; + u64 size; +} send_args_t; + +struct { + __uint(type, BPF_MAP_TYPE_LRU_HASH); + __uint(max_entries, MAX_CONCURRENT_REQUESTS); + __type(key, u64); // pid_tid + __type(value, send_args_t); // size to be sent +} active_send_args SEC(".maps"); + +struct { + __uint(type, BPF_MAP_TYPE_LRU_HASH); + __uint(max_entries, MAX_CONCURRENT_REQUESTS); + __type(key, u64); // *sock + __type(value, send_args_t); // size to be sent +} active_send_sock_args SEC(".maps"); + +struct { + __uint(type, BPF_MAP_TYPE_LRU_HASH); + __type( + key, + partial_connection_info_t); // key: the connection info without the destination address, but with the tcp sequence + __type(value, connection_info_t); // value: traceparent info + __uint(max_entries, 1024); + __uint(pinning, LIBBPF_PIN_BY_NAME); +} tcp_connection_map SEC(".maps"); + +// Used by accept to grab the sock details +SEC("kretprobe/sock_alloc") +int BPF_KRETPROBE(kretprobe_sock_alloc, struct socket *sock) { + u64 id = bpf_get_current_pid_tgid(); + + if (!valid_pid(id)) { + return 0; + } + + bpf_dbg_printk("=== sock alloc %llx ===", id); + + u64 addr = (u64)sock; + + sock_args_t args = {}; + + args.addr = addr; + args.accept_time = bpf_ktime_get_ns(); + + // The socket->sock is not valid until accept finishes, therefore + // we don't extract ->sock here, we remember the address of socket + // and parse in sys_accept + bpf_map_update_elem(&active_accept_args, &id, &args, BPF_ANY); + + return 0; +} + +// We tap into accept and connect to figure out if a request is inbound or +// outbound. However, in some cases servers can optimise the accept path if +// the same request is sent over and over. For that reason, in case we miss the +// initial accept, we establish an active filtered connection here. By default +// sets the type to be server HTTP, in client mode we'll overwrite the +// data in the map, since those cannot be optimised. +SEC("kprobe/tcp_rcv_established") +int BPF_KPROBE(kprobe_tcp_rcv_established, struct sock *sk, struct sk_buff *skb) { + u64 id = bpf_get_current_pid_tgid(); + + if (!valid_pid(id)) { + return 0; + } + + bpf_dbg_printk("=== tcp_rcv_established id=%d ===", id); + + ssl_pid_connection_info_t pid_info = {}; + + if (parse_sock_info(sk, &pid_info.p_conn.conn)) { + //u16 orig_dport = info.conn.d_port; + //dbg_print_http_connection_info(&info.conn); + sort_connection_info(&pid_info.p_conn.conn); + pid_info.p_conn.pid = pid_from_pid_tgid(id); + + // This is a current limitation for port ordering detection for SSL. + // tcp_rcv_established flip flops the ports and we can't tell if it's client or server call. + // If the source port for a client call is lower, we'll get this wrong. + // TODO: Need to fix this. + pid_info.orig_dport = pid_info.p_conn.conn.s_port, + bpf_map_update_elem( + &pid_tid_to_conn, + &id, + &pid_info, + BPF_ANY); // to support SSL on missing handshake, respect the original info if there + } + + return 0; +} + +// We tap into both sys_accept and sys_accept4. +// We don't care about the accept entry arguments, since we get only peer information +// we don't have the full picture for the socket. +// +// Note: A current limitation is that likely we won't capture the first accept request. The +// process may have already reached accept, before the instrumenter has launched. +SEC("kretprobe/sys_accept4") +int BPF_KRETPROBE(kretprobe_sys_accept4, uint fd) { + u64 id = bpf_get_current_pid_tgid(); + + if (!valid_pid(id)) { + return 0; + } + + //bpf_dbg_printk("=== accept 4 ret id=%d ===", id); + + // The file descriptor is the value returned from the accept4 syscall. + // If we got a negative file descriptor we don't have a connection + if ((int)fd < 0) { + goto cleanup; + } + + sock_args_t *args = bpf_map_lookup_elem(&active_accept_args, &id); + if (!args) { + //bpf_dbg_printk("No sock info %d", id); + goto cleanup; + } + + bpf_dbg_printk("=== accept 4 ret id=%d, sock=%llx, fd=%d ===", id, args->addr, fd); + + ssl_pid_connection_info_t info = {}; + + if (parse_accept_socket_info(args, &info.p_conn.conn)) { + u16 orig_dport = info.p_conn.conn.d_port; + //dbg_print_http_connection_info(&info.conn); + sort_connection_info(&info.p_conn.conn); + info.p_conn.pid = pid_from_pid_tgid(id); + info.orig_dport = orig_dport; + + bpf_map_update_elem( + &pid_tid_to_conn, &id, &info, BPF_ANY); // to support SSL on missing handshake + } + +cleanup: + bpf_map_delete_elem(&active_accept_args, &id); + return 0; +} + +// Used by connect so that we can grab the sock details +SEC("kprobe/tcp_connect") +int BPF_KPROBE(kprobe_tcp_connect, struct sock *sk) { + u64 id = bpf_get_current_pid_tgid(); + + if (!valid_pid(id)) { + return 0; + } + + bpf_dbg_printk("=== tcp connect %llx ===", id); + + tp_info_pid_t *tp_p = tp_buf(); + + // Connect runs before the SYN packet is sent. + // We use this opportunity to setup a trace context information for the connection. + // We'll later query the trace information in tc_egress, and serialize it on the TCP packet. + // Why would we do this here instead of on the tc_egress itself? We could move this on the tc_egress, + // but we would be modifying all packets, not just for processes which are instrumented, + // since we can't reliably tell the process PID in TC or socket filters. + if (tp_p) { + tp_p->tp.ts = bpf_ktime_get_ns(); + tp_p->tp.flags = 1; + tp_p->valid = 1; + tp_p->pid = + TC_SYN_PACKET_ID; // set an ID up here in case someone else is doing what we are doing + urand_bytes(tp_p->tp.span_id, SPAN_ID_SIZE_BYTES); + tp_info_pid_t *server_tp = find_parent_trace(); + if (server_tp && valid_trace(server_tp->tp.trace_id)) { + __builtin_memcpy(tp_p->tp.trace_id, server_tp->tp.trace_id, sizeof(tp_p->tp.trace_id)); + __builtin_memcpy(tp_p->tp.parent_id, server_tp->tp.span_id, sizeof(tp_p->tp.parent_id)); + } else { + urand_bytes(tp_p->tp.trace_id, TRACE_ID_SIZE_BYTES); + __builtin_memset(tp_p->tp.parent_id, 0, sizeof(tp_p->tp.span_id)); + } + + connection_info_t conn = {}; + parse_sock_info(sk, &conn); + sort_connection_info(&conn); + + bpf_dbg_printk("Setting up tp info"); + dbg_print_http_connection_info(&conn); + + bpf_map_update_elem(&outgoing_trace_map, &conn, tp_p, BPF_ANY); + } + + u64 addr = (u64)sk; + + sock_args_t args = {}; + + args.addr = addr; + args.accept_time = bpf_ktime_get_ns(); + + bpf_map_update_elem(&active_connect_args, &id, &args, BPF_ANY); + + return 0; +} + +// We tap into sys_connect so we can track properly the processes doing +// HTTP client calls +SEC("kretprobe/sys_connect") +int BPF_KRETPROBE(kretprobe_sys_connect, int fd) { + u64 id = bpf_get_current_pid_tgid(); + + if (!valid_pid(id)) { + return 0; + } + + bpf_dbg_printk("=== connect ret id=%d, pid=%d ===", id, pid_from_pid_tgid(id)); + + // The file descriptor is the value returned from the connect syscall. + // If we got a negative file descriptor we don't have a connection, unless we are in progress + if (fd < 0 && (fd != -EINPROGRESS)) { + goto cleanup; + } + + sock_args_t *args = bpf_map_lookup_elem(&active_connect_args, &id); + if (!args) { + bpf_dbg_printk("No sock info %d", id); + goto cleanup; + } + + ssl_pid_connection_info_t info = {}; + + if (parse_connect_sock_info(args, &info.p_conn.conn)) { + bpf_dbg_printk("=== connect ret id=%d, pid=%d ===", id, pid_from_pid_tgid(id)); + u16 orig_dport = info.p_conn.conn.d_port; + //dbg_print_http_connection_info(&info.conn); + sort_connection_info(&info.p_conn.conn); + info.p_conn.pid = pid_from_pid_tgid(id); + info.orig_dport = orig_dport; + + bpf_map_update_elem(&pid_tid_to_conn, &id, &info, BPF_ANY); // to support SSL + } + +cleanup: + bpf_map_delete_elem(&active_connect_args, &id); + return 0; +} + +// Main HTTP read and write operations are handled with tcp_sendmsg and tcp_recvmsg + +static __always_inline void *is_ssl_connection(u64 id) { + void *ssl = 0; + // Checks if it's sandwitched between active SSL handshake, read or write uprobe/uretprobe + void **s = bpf_map_lookup_elem(&active_ssl_handshakes, &id); + if (s) { + ssl = *s; } else { - u8 *h2g = bpf_map_lookup_elem(&ongoing_http2_connections, &args->pid_conn); - if (h2g && *h2g == args->ssl) { - bpf_tail_call(ctx, &jump_table, TAIL_PROTOCOL_HTTP2); - } else { // large request tracking - http_info_t *info = bpf_map_lookup_elem(&ongoing_http, &args->pid_conn); - - if (info && still_responding(info)) { - info->end_monotime_ns = bpf_ktime_get_ns(); - } else if (!info) { - // SSL requests will see both TCP traffic and text traffic, ignore the TCP if - // we are processing SSL request. HTTP2 is already checked in handle_buf_with_connection. - http_info_t *http_info = bpf_map_lookup_elem(&ongoing_http, &args->pid_conn); - if (!http_info) { - bpf_tail_call(ctx, &jump_table, TAIL_PROTOCOL_TCP); + ssl_args_t *ssl_args = bpf_map_lookup_elem(&active_ssl_read_args, &id); + if (!ssl_args) { + ssl_args = bpf_map_lookup_elem(&active_ssl_write_args, &id); + } + if (ssl_args) { + ssl = (void *)ssl_args->ssl; + } + } + + return ssl; +} + +static __always_inline void *is_active_ssl(pid_connection_info_t *conn) { + return bpf_map_lookup_elem(&active_ssl_connections, conn); +} + +// The size argument here will be always the total response size. +// However, the return value of tcp_sendmsg tells us how much it sent. When the +// response is large it will get chunked, so we have to use a kretprobe to +// finish the request event, otherwise we won't get accurate timings. +// The problem is that kretprobes can be skipped, otherwise we could always just +// finish the request on the return of tcp_sendmsg. Therefore for any request less +// than 1MB we just finish the request on the kprobe path. +SEC("kprobe/tcp_sendmsg") +int BPF_KPROBE(kprobe_tcp_sendmsg, struct sock *sk, struct msghdr *msg, size_t size) { + u64 id = bpf_get_current_pid_tgid(); + + if (!valid_pid(id)) { + return 0; + } + + bpf_dbg_printk("=== kprobe tcp_sendmsg=%d sock=%llx size %d===", id, sk, size); + + send_args_t s_args = {.size = size}; + + if (parse_sock_info(sk, &s_args.p_conn.conn)) { + u16 orig_dport = s_args.p_conn.conn.d_port; + //dbg_print_http_connection_info(&s_args.p_conn.conn); // commented out since GitHub CI doesn't like this call + sort_connection_info(&s_args.p_conn.conn); + s_args.p_conn.pid = pid_from_pid_tgid(id); + + void *ssl = is_ssl_connection(id); + if (size > 0) { + if (!ssl) { + void *active_ssl = is_active_ssl(&s_args.p_conn); + if (!active_ssl) { + u8 *buf = iovec_memory(); + if (buf) { + size = read_msghdr_buf(msg, buf, size); + if (size) { + u64 sock_p = (u64)sk; + bpf_map_update_elem(&active_send_args, &id, &s_args, BPF_ANY); + bpf_map_update_elem(&active_send_sock_args, &sock_p, &s_args, BPF_ANY); + + // Logically last for !ssl. + handle_buf_with_connection( + ctx, &s_args.p_conn, buf, size, NO_SSL, TCP_SEND, orig_dport); + } else { + bpf_dbg_printk("can't find iovec ptr in msghdr, not tracking sendmsg"); + } + } + } else { + bpf_dbg_printk("tcp_sendmsg for identified SSL connection, ignoring..."); } + } else { + bpf_dbg_printk("tcp_sendmsg for identified SSL connection, ignoring..."); } } + + if (!ssl) { + return 0; + } + + bpf_dbg_printk("=== kprobe SSL tcp_sendmsg=%d sock=%llx ssl=%llx ===", id, sk, ssl); + ssl_pid_connection_info_t *s_conn = bpf_map_lookup_elem(&ssl_to_conn, &ssl); + if (s_conn) { + finish_possible_delayed_tls_http_request(&s_conn->p_conn, ssl); + } + ssl_pid_connection_info_t ssl_conn = { + .orig_dport = orig_dport, + }; + __builtin_memcpy(&ssl_conn.p_conn, &s_args.p_conn, sizeof(pid_connection_info_t)); + bpf_map_update_elem(&ssl_to_conn, &ssl, &ssl_conn, BPF_ANY); } + + return 0; } -static __always_inline call_protocol_args_t * -make_protocol_args(void *u_buf, int bytes_len, u8 ssl, u8 direction, u16 orig_dport) { - call_protocol_args_t *args = protocol_args(); +// This is really a fallback for the kprobe to ensure we send a large request if it was +// delayed. The code under the `if (size < KPROBES_LARGE_RESPONSE_LEN) {` block should do it +// but it's possible that the kernel sends the data in smaller chunks. +SEC("kretprobe/tcp_sendmsg") +int BPF_KRETPROBE(kretprobe_tcp_sendmsg, int sent_len) { + u64 id = bpf_get_current_pid_tgid(); - if (!args) { + if (!valid_pid(id)) { return 0; } - args->ssl = ssl; - args->bytes_len = bytes_len; - args->direction = direction; - args->orig_dport = orig_dport; - args->u_buf = (u64)u_buf; + bpf_dbg_printk("=== kretprobe tcp_sendmsg=%d sent %d===", id, sent_len); - return args; -} + send_args_t *s_args = bpf_map_lookup_elem(&active_send_args, &id); + if (s_args) { + if (sent_len > 0) { + update_http_sent_len(&s_args->p_conn, sent_len); + } + if (sent_len < + MIN_HTTP_SIZE) { // Sometimes app servers don't send close, but small responses back + finish_possible_delayed_http_request(&s_args->p_conn); + } + } -static __always_inline void handle_buf_with_connection(void *ctx, - pid_connection_info_t *pid_conn, - void *u_buf, - int bytes_len, - u8 ssl, - u8 direction, - u16 orig_dport) { - call_protocol_args_t *args = make_protocol_args(u_buf, bytes_len, ssl, direction, orig_dport); + return 0; +} - if (!args) { +static __always_inline void ensure_sent_event(u64 id, u64 *sock_p) { + if (high_request_volume) { return; } + send_args_t *s_args = bpf_map_lookup_elem(&active_send_args, &id); + if (s_args) { + bpf_dbg_printk("Checking if we need to finish the request per thread id"); + finish_possible_delayed_http_request(&s_args->p_conn); + } // see if we match on another thread, but same sock * + s_args = bpf_map_lookup_elem(&active_send_sock_args, sock_p); + if (s_args) { + bpf_dbg_printk("Checking if we need to finish the request per socket"); + finish_possible_delayed_http_request(&s_args->p_conn); + } +} + +SEC("kprobe/tcp_close") +int BPF_KPROBE(kprobe_tcp_close, struct sock *sk, long timeout) { + u64 id = bpf_get_current_pid_tgid(); + + if (!valid_pid(id)) { + return 0; + } + + u64 sock_p = (u64)sk; + + bpf_dbg_printk("=== kprobe tcp_close %d sock %llx ===", id, sk); + + ensure_sent_event(id, &sock_p); + + pid_connection_info_t info = {}; + + if (parse_sock_info(sk, &info.conn)) { + sort_connection_info(&info.conn); + //dbg_print_http_connection_info(&info.conn); + info.pid = pid_from_pid_tgid(id); + bpf_map_delete_elem(&ongoing_tcp_req, &info); + } - __builtin_memcpy(&args->pid_conn, pid_conn, sizeof(pid_connection_info_t)); + bpf_map_delete_elem(&active_send_args, &id); + bpf_map_delete_elem(&active_send_sock_args, &sock_p); - handle_buf_with_args(ctx, args); + return 0; } -#define BUF_COPY_BLOCK_SIZE 16 +//int tcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, int flags, int *addr_len) +SEC("kprobe/tcp_recvmsg") +int BPF_KPROBE( + kprobe_tcp_recvmsg, struct sock *sk, struct msghdr *msg, size_t len, int flags, int *addr_len) { + u64 id = bpf_get_current_pid_tgid(); -static __always_inline void -read_skb_bytes(const void *skb, u32 offset, unsigned char *buf, const u32 len) { - u32 max = offset + len; - int b = 0; - for (; b < (FULL_BUF_SIZE / BUF_COPY_BLOCK_SIZE); b++) { - if ((offset + (BUF_COPY_BLOCK_SIZE - 1)) >= max) { - break; + if (!valid_pid(id)) { + return 0; + } + + bpf_dbg_printk("=== tcp_recvmsg id=%d sock=%llx ===", id, sk); + + // Make sure we don't have stale event from earlier socket connection if they are + // sent through the same socket. This mainly happens if the server overlays virtual + // threads in the runtime. + u64 sock_p = (u64)sk; + ensure_sent_event(id, &sock_p); + + recv_args_t args = { + .sock_ptr = (u64)sk, + }; + + get_iovec_ctx((iovec_iter_ctx *)&args.iovec_ctx, msg); + + bpf_map_update_elem(&active_recv_args, &id, &args, BPF_ANY); + + return 0; +} + +static __always_inline int return_recvmsg(void *ctx, u64 id, int copied_len) { + recv_args_t *args = bpf_map_lookup_elem(&active_recv_args, &id); + + bpf_dbg_printk("=== return recvmsg id=%d args=%llx copied_len %d ===", id, args, copied_len); + + if (!args || (copied_len <= 0)) { + goto done; + } + + iovec_iter_ctx *iov_ctx = (iovec_iter_ctx *)&args->iovec_ctx; + + if (!iov_ctx->iov && !iov_ctx->ubuf) { + bpf_dbg_printk("iovec_ptr found in kprobe is NULL, ignoring this tcp_recvmsg"); + bpf_map_delete_elem(&active_recv_args, &id); + + goto done; + } + + pid_connection_info_t info = {}; + + void *sock_ptr = (void *)args->sock_ptr; + + bpf_map_delete_elem(&active_recv_args, &id); + + if (parse_sock_info((struct sock *)sock_ptr, &info.conn)) { + u16 orig_dport = info.conn.d_port; + //dbg_print_http_connection_info(&info.conn); + sort_connection_info(&info.conn); + info.pid = pid_from_pid_tgid(id); + + void *ssl = is_ssl_connection(id); + + if (!ssl) { + void *active_ssl = is_active_ssl(&info); + if (!active_ssl) { + u8 *buf = iovec_memory(); + if (buf) { + copied_len = read_iovec_ctx(iov_ctx, buf, copied_len); + if (copied_len) { + // doesn't return must be logically last statement + handle_buf_with_connection( + ctx, &info, buf, copied_len, NO_SSL, TCP_RECV, orig_dport); + } else { + bpf_dbg_printk("Not copied anything"); + } + } + } else { + bpf_dbg_printk("tcp_recvmsg for an identified SSL connection, ignoring..."); + } + } else { + bpf_dbg_printk("tcp_recvmsg for an identified SSL connection, ignoring..."); } - bpf_skb_load_bytes( - skb, offset, (void *)(&buf[b * BUF_COPY_BLOCK_SIZE]), BUF_COPY_BLOCK_SIZE); - offset += BUF_COPY_BLOCK_SIZE; } - if ((b * BUF_COPY_BLOCK_SIZE) >= len) { - return; +done: + return 0; +} + +SEC("kprobe/tcp_cleanup_rbuf") +int BPF_KPROBE(kprobe_tcp_cleanup_rbuf, struct sock *sk, int copied) { + u64 id = bpf_get_current_pid_tgid(); + + if (!valid_pid(id)) { + return 0; } - // This code is messy to make sure the eBPF verifier is happy. I had to cast to signed 64bit. - s64 remainder = (s64)max - (s64)offset; + bpf_dbg_printk("=== tcp_cleanup_rbuf id=%d copied_len %d ===", id, copied); - if (remainder <= 0) { - return; + return return_recvmsg(ctx, id, copied); +} + +SEC("kretprobe/tcp_recvmsg") +int BPF_KRETPROBE(kretprobe_tcp_recvmsg, int copied_len) { + u64 id = bpf_get_current_pid_tgid(); + + if (!valid_pid(id)) { + return 0; + } + + bpf_dbg_printk("=== kretprobe_tcp_recvmsg id=%d copied_len %d ===", id, copied_len); + + return return_recvmsg(ctx, id, copied_len); +} + +// Fall-back in case we don't see kretprobe on tcp_recvmsg in high network volume situations +SEC("socket/http_filter") +int socket__http_filter(struct __sk_buff *skb) { + protocol_info_t tcp = {}; + connection_info_t conn = {}; + + if (!read_sk_buff(skb, &tcp, &conn)) { + return 0; + } + + // ignore ACK packets + if (tcp_ack(&tcp)) { + return 0; } - int remaining_to_copy = - (remainder < (BUF_COPY_BLOCK_SIZE - 1)) ? remainder : (BUF_COPY_BLOCK_SIZE - 1); - int space_in_buffer = (len < (b * BUF_COPY_BLOCK_SIZE)) ? 0 : len - (b * BUF_COPY_BLOCK_SIZE); + // ignore empty packets, unless it's TCP FIN or TCP RST + if (!tcp_close(&tcp) && tcp_empty(&tcp, skb)) { + return 0; + } - if (remaining_to_copy <= space_in_buffer) { - bpf_skb_load_bytes(skb, offset, (void *)(&buf[b * BUF_COPY_BLOCK_SIZE]), remaining_to_copy); + // we don't want to read the whole buffer for every packed that passes our checks, we read only a bit and check if it's truly HTTP request/response. + unsigned char buf[MIN_HTTP_SIZE] = {0}; + bpf_skb_load_bytes(skb, tcp.hdr_len, (void *)buf, sizeof(buf)); + // technically the read should be reversed, but eBPF verifier complains on read with variable length + u32 len = skb->len - tcp.hdr_len; + if (len > MIN_HTTP_SIZE) { + len = MIN_HTTP_SIZE; } + + u8 packet_type = 0; + if (is_http( + buf, + len, + &packet_type)) { // we must check tcp_close second, a packet can be a close and a response + //dbg_print_http_connection_info(&conn); // commented out since GitHub CI doesn't like this call + sort_connection_info(&conn); + + http_info_t *info = empty_http_info(); + if (!info) { + return 0; + } + + __builtin_memcpy(&info->conn_info, &conn, sizeof(conn)); + + if (packet_type == PACKET_TYPE_REQUEST) { + u32 full_len = skb->len - tcp.hdr_len; + if (full_len > FULL_BUF_SIZE) { + full_len = FULL_BUF_SIZE; + } + read_skb_bytes(skb, tcp.hdr_len, info->buf, full_len); + u64 cookie = bpf_get_socket_cookie(skb); + //bpf_dbg_printk("=== http_filter cookie = %llx, tcp_seq=%d len=%d %s ===", cookie, tcp.seq, len, buf); + //dbg_print_http_connection_info(&conn); + set_fallback_http_info(info, &conn, skb->len - tcp.hdr_len); + + // The code below is looking to see if we have recorded black-box trace info on + // another interface. We do this for client calls, where essentially the original + // request may go out on one interface, but then get re-routed to another, which is + // common with some k8s environments. + // + // This casting is done here to save allocating memory on a per CPU buffer, since + // we don't need info anymore, we reuse it's space and it's much bigger than + // partial_connection_info_t. + partial_connection_info_t *partial = (partial_connection_info_t *)(info); + partial->d_port = conn.d_port; + partial->s_port = conn.s_port; + partial->tcp_seq = tcp.seq; + __builtin_memcpy(partial->s_addr, conn.s_addr, sizeof(partial->s_addr)); + + tp_info_pid_t *trace_info = trace_info_for_connection(&conn); + if (trace_info) { + if (cookie) { // we have an actual socket associated + bpf_map_update_elem(&tcp_connection_map, partial, &conn, BPF_ANY); + } + } else if (!cookie) { // no actual socket for this skb, relayed to another interface + connection_info_t *prev_conn = bpf_map_lookup_elem(&tcp_connection_map, partial); + + if (prev_conn) { + tp_info_pid_t *trace_info = trace_info_for_connection(prev_conn); + if (trace_info) { + if (current_immediate_epoch(trace_info->tp.ts) == + current_immediate_epoch(bpf_ktime_get_ns())) { + //bpf_dbg_printk("Found trace info on another interface, setting it up for this connection"); + tp_info_pid_t other_info = {0}; + __builtin_memcpy(&other_info, trace_info, sizeof(tp_info_pid_t)); + bpf_map_update_elem(&trace_map, &conn, &other_info, BPF_ANY); + } + } + } + } + } + } + + return 0; } -#endif +/* + The tracking of the clones is complicated by the fact that in container environments + the tid returned by the sys_clone call is the namespaced tid, not the host tid which + bpf sees normally. To mitigate this we work exclusively with namespaces. Only the clone_map + and server_traces are keyed off the namespace:pid. +*/ +SEC("kretprobe/sys_clone") +int BPF_KRETPROBE(kretprobe_sys_clone, int tid) { + u64 id = bpf_get_current_pid_tgid(); + + if (!valid_pid(id) || tid < 0) { + return 0; + } + + pid_key_t parent = {0}; + task_tid(&parent); + + pid_key_t child = { + .pid = (u32)tid, + .ns = parent.ns, + }; + + bpf_dbg_printk("sys_clone_ret %d -> %d", id, tid); + bpf_map_update_elem(&clone_map, &child, &parent, BPF_ANY); + + return 0; +} + +SEC("kprobe/sys_exit") +int BPF_KPROBE(kprobe_sys_exit, int status) { + u64 id = bpf_get_current_pid_tgid(); + + if (!valid_pid(id)) { + return 0; + } + + trace_key_t task = {0}; + task_tid(&task.p_key); + + bpf_dbg_printk( + "sys_exit %d, pid=%d, valid_pid(id)=%d", id, pid_from_pid_tgid(id), valid_pid(id)); + + // handle the case when the thread terminates without closing a socket + send_args_t *s_args = bpf_map_lookup_elem(&active_send_args, &id); + if (s_args) { + bpf_dbg_printk("Checking if we need to finish the request per thread id"); + finish_possible_delayed_http_request(&s_args->p_conn); + bpf_map_delete_elem(&active_ssl_connections, &s_args->p_conn); + } + + bpf_map_delete_elem(&clone_map, &task.p_key); + // This won't delete trace ids for traces with extra_id, like NodeJS. But, + // we expect that it doesn't matter, since NodeJS main thread won't exit. + bpf_map_delete_elem(&server_traces, &task); + + return 0; +} + +SEC("tc_ingress") +int app_ingress(struct __sk_buff *skb) { + //bpf_printk("ingress"); + + protocol_info_t tcp = {}; + connection_info_t conn = {}; + + if (!read_sk_buff(skb, &tcp, &conn)) { + return 0; + } + + // handle SYN only, ignore SYN+ACK packets + if (!tcp_syn(&tcp) || tcp_ack(&tcp)) { + return 0; + } + + if (skb->len - tcp.hdr_len < sizeof(tp_info_pid_t)) { + bpf_printk("SYN packet without tp info"); + return 0; + } + + tp_info_pid_t tp = {0}; + + bpf_skb_load_bytes(skb, tcp.hdr_len, &tp, sizeof(tp_info_pid_t)); + + if (tp.pid != TC_SYN_PACKET_ID) { + bpf_printk("SYN packet without the custom ID inside pid, ignoring..."); + return 0; + } + + s32 len = skb->len - sizeof(u32); + bpf_printk("Received SYN packed len = %d, offset = %d, hdr_len %d", skb->len, len, tcp.hdr_len); + + unsigned char tp_buf[TP_MAX_VAL_LENGTH]; + make_tp_string(tp_buf, &tp.tp); + bpf_printk("tp: %s", tp_buf); + + // Once we receive a traceID over the wire (TCP packet) we store it for later to be used by the trace code. + bpf_map_update_elem(&incoming_trace_map, &conn, &tp, BPF_ANY); + + return 0; +} + +SEC("tc_egress") +int app_egress(struct __sk_buff *skb) { + //bpf_printk("egress"); + + protocol_info_t tcp = {}; + connection_info_t conn = {}; + + if (!read_sk_buff(skb, &tcp, &conn)) { + return 0; + } + + // handle SYN only, ignore SYN+ACK packets + if (!tcp_syn(&tcp) || tcp_ack(&tcp)) { + return 0; + } + + sort_connection_info(&conn); + + tp_info_pid_t *tp = bpf_map_lookup_elem(&outgoing_trace_map, &conn); + + if (tp) { + bpf_printk("SYN packed len = %d", skb->len); + + unsigned char tp_buf[TP_MAX_VAL_LENGTH]; + make_tp_string(tp_buf, &tp->tp); + bpf_printk("tp: %s", tp_buf); + + uint16_t pkt_end = skb->data_end - skb->data; + bpf_printk("Changing tail and setting data on syn, end=%d", pkt_end); + bpf_skb_change_tail(skb, pkt_end + sizeof(tp_info_pid_t), 0); + bpf_skb_store_bytes(skb, pkt_end, tp, sizeof(tp_info_pid_t), 0); + + u32 offset_ip_tot_len = 0; + u32 offset_ip_checksum = 0; + if (tcp.h_proto == ETH_P_IP) { + offset_ip_tot_len = ETH_HLEN + offsetof(struct iphdr, tot_len); + offset_ip_checksum = ETH_HLEN + offsetof(struct iphdr, check); + } else { + offset_ip_tot_len = ETH_HLEN + offsetof(struct ipv6hdr, payload_len); + } + + u16 new_tot_len = bpf_htons(bpf_ntohs(tcp.tot_len) + sizeof(tp_info_pid_t)); + + bpf_printk( + "tot_len = %u, new_tot_len = %u", bpf_ntohs(tcp.tot_len), bpf_ntohs(new_tot_len)); + bpf_printk("h_proto = %u, skb->len = %u", tcp.h_proto, skb->len); + + if (offset_ip_checksum) { + bpf_l3_csum_replace(skb, offset_ip_checksum, tcp.tot_len, new_tot_len, sizeof(u16)); + } + + bpf_skb_store_bytes(skb, offset_ip_tot_len, &new_tot_len, sizeof(u16), 0); + } + + return 0; +} \ No newline at end of file diff --git a/bpf/k_tracer_defs.h b/bpf/k_tracer_defs.h new file mode 100644 index 000000000..1ba76da30 --- /dev/null +++ b/bpf/k_tracer_defs.h @@ -0,0 +1,129 @@ +#ifndef K_TRACER_HELPERS +#define K_TRACER_HELPERS + +#include "vmlinux.h" +#include "bpf_helpers.h" +#include "http_types.h" +#include "ringbuf.h" +#include "pid.h" +#include "trace_common.h" +#include "protocol_common.h" +#include "protocol_http.h" +#include "protocol_http2.h" +#include "protocol_tcp.h" + +struct bpf_map_def SEC("maps") jump_table = { + .type = BPF_MAP_TYPE_PROG_ARRAY, + .key_size = sizeof(__u32), + .value_size = sizeof(__u32), + .max_entries = 8, +}; + +#define TAIL_PROTOCOL_HTTP 0 +#define TAIL_PROTOCOL_HTTP2 1 +#define TAIL_PROTOCOL_TCP 2 + +static __always_inline void handle_buf_with_args(void *ctx, call_protocol_args_t *args) { + bpf_probe_read(args->small_buf, MIN_HTTP2_SIZE, (void *)args->u_buf); + + bpf_dbg_printk( + "buf=[%s], pid=%d, len=%d", args->small_buf, args->pid_conn.pid, args->bytes_len); + + if (is_http(args->small_buf, MIN_HTTP_SIZE, &args->packet_type)) { + bpf_tail_call(ctx, &jump_table, TAIL_PROTOCOL_HTTP); + } else if (is_http2_or_grpc(args->small_buf, MIN_HTTP2_SIZE)) { + bpf_dbg_printk("Found HTTP2 or gRPC connection"); + u8 is_ssl = args->ssl; + bpf_map_update_elem(&ongoing_http2_connections, &args->pid_conn, &is_ssl, BPF_ANY); + } else { + u8 *h2g = bpf_map_lookup_elem(&ongoing_http2_connections, &args->pid_conn); + if (h2g && *h2g == args->ssl) { + bpf_tail_call(ctx, &jump_table, TAIL_PROTOCOL_HTTP2); + } else { // large request tracking + http_info_t *info = bpf_map_lookup_elem(&ongoing_http, &args->pid_conn); + + if (info && still_responding(info)) { + info->end_monotime_ns = bpf_ktime_get_ns(); + } else if (!info) { + // SSL requests will see both TCP traffic and text traffic, ignore the TCP if + // we are processing SSL request. HTTP2 is already checked in handle_buf_with_connection. + http_info_t *http_info = bpf_map_lookup_elem(&ongoing_http, &args->pid_conn); + if (!http_info) { + bpf_tail_call(ctx, &jump_table, TAIL_PROTOCOL_TCP); + } + } + } + } +} + +static __always_inline call_protocol_args_t * +make_protocol_args(void *u_buf, int bytes_len, u8 ssl, u8 direction, u16 orig_dport) { + call_protocol_args_t *args = protocol_args(); + + if (!args) { + return 0; + } + + args->ssl = ssl; + args->bytes_len = bytes_len; + args->direction = direction; + args->orig_dport = orig_dport; + args->u_buf = (u64)u_buf; + + return args; +} + +static __always_inline void handle_buf_with_connection(void *ctx, + pid_connection_info_t *pid_conn, + void *u_buf, + int bytes_len, + u8 ssl, + u8 direction, + u16 orig_dport) { + call_protocol_args_t *args = make_protocol_args(u_buf, bytes_len, ssl, direction, orig_dport); + + if (!args) { + return; + } + + __builtin_memcpy(&args->pid_conn, pid_conn, sizeof(pid_connection_info_t)); + + handle_buf_with_args(ctx, args); +} + +#define BUF_COPY_BLOCK_SIZE 16 + +static __always_inline void +read_skb_bytes(const void *skb, u32 offset, unsigned char *buf, const u32 len) { + u32 max = offset + len; + int b = 0; + for (; b < (FULL_BUF_SIZE / BUF_COPY_BLOCK_SIZE); b++) { + if ((offset + (BUF_COPY_BLOCK_SIZE - 1)) >= max) { + break; + } + bpf_skb_load_bytes( + skb, offset, (void *)(&buf[b * BUF_COPY_BLOCK_SIZE]), BUF_COPY_BLOCK_SIZE); + offset += BUF_COPY_BLOCK_SIZE; + } + + if ((b * BUF_COPY_BLOCK_SIZE) >= len) { + return; + } + + // This code is messy to make sure the eBPF verifier is happy. I had to cast to signed 64bit. + s64 remainder = (s64)max - (s64)offset; + + if (remainder <= 0) { + return; + } + + int remaining_to_copy = + (remainder < (BUF_COPY_BLOCK_SIZE - 1)) ? remainder : (BUF_COPY_BLOCK_SIZE - 1); + int space_in_buffer = (len < (b * BUF_COPY_BLOCK_SIZE)) ? 0 : len - (b * BUF_COPY_BLOCK_SIZE); + + if (remaining_to_copy <= space_in_buffer) { + bpf_skb_load_bytes(skb, offset, (void *)(&buf[b * BUF_COPY_BLOCK_SIZE]), remaining_to_copy); + } +} + +#endif diff --git a/pkg/internal/discover/finder.go b/pkg/internal/discover/finder.go index 86cd42994..a906463c6 100644 --- a/pkg/internal/discover/finder.go +++ b/pkg/internal/discover/finder.go @@ -10,7 +10,6 @@ import ( "github.com/grafana/beyla/pkg/internal/ebpf" "github.com/grafana/beyla/pkg/internal/ebpf/generictracer" "github.com/grafana/beyla/pkg/internal/ebpf/gotracer" - "github.com/grafana/beyla/pkg/internal/ebpf/ktracer" "github.com/grafana/beyla/pkg/internal/ebpf/nodejs" "github.com/grafana/beyla/pkg/internal/imetrics" "github.com/grafana/beyla/pkg/internal/pipe/global" @@ -97,7 +96,7 @@ func newGoTracersGroup(cfg *beyla.Config, metrics imetrics.Reporter) []ebpf.Trac } func newNonGoTracersGroup(cfg *beyla.Config, metrics imetrics.Reporter) []ebpf.Tracer { - return []ebpf.Tracer{ktracer.New(cfg, metrics), generictracer.New(cfg, metrics)} + return []ebpf.Tracer{generictracer.New(cfg, metrics)} } func newNonGoTracersGroupUProbes(cfg *beyla.Config, metrics imetrics.Reporter) []ebpf.Tracer { diff --git a/pkg/internal/ebpf/generictracer/bpf_arm64_bpfel.go b/pkg/internal/ebpf/generictracer/bpf_arm64_bpfel.go index 6d1c396cb..58890af27 100644 --- a/pkg/internal/ebpf/generictracer/bpf_arm64_bpfel.go +++ b/pkg/internal/ebpf/generictracer/bpf_arm64_bpfel.go @@ -105,6 +105,13 @@ type bpfHttpInfoT struct { _ [4]byte } +type bpfPartialConnectionInfoT struct { + S_addr [16]uint8 + S_port uint16 + D_port uint16 + TcpSeq uint32 +} + type bpfPidConnectionInfoT struct { Conn bpfConnectionInfoT Pid uint32 @@ -115,6 +122,21 @@ type bpfPidKeyT struct { Ns uint32 } +type bpfRecvArgsT struct { + SockPtr uint64 + IovecCtx [40]uint8 +} + +type bpfSendArgsT struct { + P_conn bpfPidConnectionInfoT + Size uint64 +} + +type bpfSockArgsT struct { + Addr uint64 + AcceptTime uint64 +} + type bpfSslArgsT struct { Ssl uint64 Buf uint64 @@ -216,9 +238,25 @@ type bpfSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpfProgramSpecs struct { + AppEgress *ebpf.ProgramSpec `ebpf:"app_egress"` + AppIngress *ebpf.ProgramSpec `ebpf:"app_ingress"` + KprobeSysExit *ebpf.ProgramSpec `ebpf:"kprobe_sys_exit"` + KprobeTcpCleanupRbuf *ebpf.ProgramSpec `ebpf:"kprobe_tcp_cleanup_rbuf"` + KprobeTcpClose *ebpf.ProgramSpec `ebpf:"kprobe_tcp_close"` + KprobeTcpConnect *ebpf.ProgramSpec `ebpf:"kprobe_tcp_connect"` + KprobeTcpRcvEstablished *ebpf.ProgramSpec `ebpf:"kprobe_tcp_rcv_established"` + KprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_recvmsg"` + KprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_sendmsg"` + KretprobeSockAlloc *ebpf.ProgramSpec `ebpf:"kretprobe_sock_alloc"` + KretprobeSysAccept4 *ebpf.ProgramSpec `ebpf:"kretprobe_sys_accept4"` + KretprobeSysClone *ebpf.ProgramSpec `ebpf:"kretprobe_sys_clone"` + KretprobeSysConnect *ebpf.ProgramSpec `ebpf:"kretprobe_sys_connect"` + KretprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_recvmsg"` + KretprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_sendmsg"` ProtocolHttp *ebpf.ProgramSpec `ebpf:"protocol_http"` ProtocolHttp2 *ebpf.ProgramSpec `ebpf:"protocol_http2"` ProtocolTcp *ebpf.ProgramSpec `ebpf:"protocol_tcp"` + SocketHttpFilter *ebpf.ProgramSpec `ebpf:"socket__http_filter"` UprobeSslDoHandshake *ebpf.ProgramSpec `ebpf:"uprobe_ssl_do_handshake"` UprobeSslRead *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read"` UprobeSslReadEx *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read_ex"` @@ -236,7 +274,12 @@ type bpfProgramSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpfMapSpecs struct { + ActiveAcceptArgs *ebpf.MapSpec `ebpf:"active_accept_args"` + ActiveConnectArgs *ebpf.MapSpec `ebpf:"active_connect_args"` ActiveNodejsIds *ebpf.MapSpec `ebpf:"active_nodejs_ids"` + ActiveRecvArgs *ebpf.MapSpec `ebpf:"active_recv_args"` + ActiveSendArgs *ebpf.MapSpec `ebpf:"active_send_args"` + ActiveSendSockArgs *ebpf.MapSpec `ebpf:"active_send_sock_args"` ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` @@ -262,6 +305,7 @@ type bpfMapSpecs struct { ServerTraces *ebpf.MapSpec `ebpf:"server_traces"` SslToConn *ebpf.MapSpec `ebpf:"ssl_to_conn"` SslToPidTid *ebpf.MapSpec `ebpf:"ssl_to_pid_tid"` + TcpConnectionMap *ebpf.MapSpec `ebpf:"tcp_connection_map"` TcpReqMem *ebpf.MapSpec `ebpf:"tcp_req_mem"` TpCharBufMem *ebpf.MapSpec `ebpf:"tp_char_buf_mem"` TpInfoMem *ebpf.MapSpec `ebpf:"tp_info_mem"` @@ -288,7 +332,12 @@ func (o *bpfObjects) Close() error { // // It can be passed to loadBpfObjects or ebpf.CollectionSpec.LoadAndAssign. type bpfMaps struct { + ActiveAcceptArgs *ebpf.Map `ebpf:"active_accept_args"` + ActiveConnectArgs *ebpf.Map `ebpf:"active_connect_args"` ActiveNodejsIds *ebpf.Map `ebpf:"active_nodejs_ids"` + ActiveRecvArgs *ebpf.Map `ebpf:"active_recv_args"` + ActiveSendArgs *ebpf.Map `ebpf:"active_send_args"` + ActiveSendSockArgs *ebpf.Map `ebpf:"active_send_sock_args"` ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` @@ -314,6 +363,7 @@ type bpfMaps struct { ServerTraces *ebpf.Map `ebpf:"server_traces"` SslToConn *ebpf.Map `ebpf:"ssl_to_conn"` SslToPidTid *ebpf.Map `ebpf:"ssl_to_pid_tid"` + TcpConnectionMap *ebpf.Map `ebpf:"tcp_connection_map"` TcpReqMem *ebpf.Map `ebpf:"tcp_req_mem"` TpCharBufMem *ebpf.Map `ebpf:"tp_char_buf_mem"` TpInfoMem *ebpf.Map `ebpf:"tp_info_mem"` @@ -323,7 +373,12 @@ type bpfMaps struct { func (m *bpfMaps) Close() error { return _BpfClose( + m.ActiveAcceptArgs, + m.ActiveConnectArgs, m.ActiveNodejsIds, + m.ActiveRecvArgs, + m.ActiveSendArgs, + m.ActiveSendSockArgs, m.ActiveSslConnections, m.ActiveSslHandshakes, m.ActiveSslReadArgs, @@ -349,6 +404,7 @@ func (m *bpfMaps) Close() error { m.ServerTraces, m.SslToConn, m.SslToPidTid, + m.TcpConnectionMap, m.TcpReqMem, m.TpCharBufMem, m.TpInfoMem, @@ -361,9 +417,25 @@ func (m *bpfMaps) Close() error { // // It can be passed to loadBpfObjects or ebpf.CollectionSpec.LoadAndAssign. type bpfPrograms struct { + AppEgress *ebpf.Program `ebpf:"app_egress"` + AppIngress *ebpf.Program `ebpf:"app_ingress"` + KprobeSysExit *ebpf.Program `ebpf:"kprobe_sys_exit"` + KprobeTcpCleanupRbuf *ebpf.Program `ebpf:"kprobe_tcp_cleanup_rbuf"` + KprobeTcpClose *ebpf.Program `ebpf:"kprobe_tcp_close"` + KprobeTcpConnect *ebpf.Program `ebpf:"kprobe_tcp_connect"` + KprobeTcpRcvEstablished *ebpf.Program `ebpf:"kprobe_tcp_rcv_established"` + KprobeTcpRecvmsg *ebpf.Program `ebpf:"kprobe_tcp_recvmsg"` + KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe_tcp_sendmsg"` + KretprobeSockAlloc *ebpf.Program `ebpf:"kretprobe_sock_alloc"` + KretprobeSysAccept4 *ebpf.Program `ebpf:"kretprobe_sys_accept4"` + KretprobeSysClone *ebpf.Program `ebpf:"kretprobe_sys_clone"` + KretprobeSysConnect *ebpf.Program `ebpf:"kretprobe_sys_connect"` + KretprobeTcpRecvmsg *ebpf.Program `ebpf:"kretprobe_tcp_recvmsg"` + KretprobeTcpSendmsg *ebpf.Program `ebpf:"kretprobe_tcp_sendmsg"` ProtocolHttp *ebpf.Program `ebpf:"protocol_http"` ProtocolHttp2 *ebpf.Program `ebpf:"protocol_http2"` ProtocolTcp *ebpf.Program `ebpf:"protocol_tcp"` + SocketHttpFilter *ebpf.Program `ebpf:"socket__http_filter"` UprobeSslDoHandshake *ebpf.Program `ebpf:"uprobe_ssl_do_handshake"` UprobeSslRead *ebpf.Program `ebpf:"uprobe_ssl_read"` UprobeSslReadEx *ebpf.Program `ebpf:"uprobe_ssl_read_ex"` @@ -379,9 +451,25 @@ type bpfPrograms struct { func (p *bpfPrograms) Close() error { return _BpfClose( + p.AppEgress, + p.AppIngress, + p.KprobeSysExit, + p.KprobeTcpCleanupRbuf, + p.KprobeTcpClose, + p.KprobeTcpConnect, + p.KprobeTcpRcvEstablished, + p.KprobeTcpRecvmsg, + p.KprobeTcpSendmsg, + p.KretprobeSockAlloc, + p.KretprobeSysAccept4, + p.KretprobeSysClone, + p.KretprobeSysConnect, + p.KretprobeTcpRecvmsg, + p.KretprobeTcpSendmsg, p.ProtocolHttp, p.ProtocolHttp2, p.ProtocolTcp, + p.SocketHttpFilter, p.UprobeSslDoHandshake, p.UprobeSslRead, p.UprobeSslReadEx, diff --git a/pkg/internal/ebpf/generictracer/bpf_arm64_bpfel.o b/pkg/internal/ebpf/generictracer/bpf_arm64_bpfel.o index 20a583106..b1d941dc8 100644 --- a/pkg/internal/ebpf/generictracer/bpf_arm64_bpfel.o +++ b/pkg/internal/ebpf/generictracer/bpf_arm64_bpfel.o @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:3601e0d0f1d2a9342e0a4f5d82ecde6a6aef403ced2a584f1ec4e29d4114fc69 -size 247360 +oid sha256:709e092298642fe770ffcb09f6d955613ff43d41489db3110afdeba06b330008 +size 481280 diff --git a/pkg/internal/ebpf/generictracer/bpf_debug_arm64_bpfel.go b/pkg/internal/ebpf/generictracer/bpf_debug_arm64_bpfel.go index b0d547d13..3cb08dff7 100644 --- a/pkg/internal/ebpf/generictracer/bpf_debug_arm64_bpfel.go +++ b/pkg/internal/ebpf/generictracer/bpf_debug_arm64_bpfel.go @@ -105,6 +105,13 @@ type bpf_debugHttpInfoT struct { _ [4]byte } +type bpf_debugPartialConnectionInfoT struct { + S_addr [16]uint8 + S_port uint16 + D_port uint16 + TcpSeq uint32 +} + type bpf_debugPidConnectionInfoT struct { Conn bpf_debugConnectionInfoT Pid uint32 @@ -115,6 +122,21 @@ type bpf_debugPidKeyT struct { Ns uint32 } +type bpf_debugRecvArgsT struct { + SockPtr uint64 + IovecCtx [40]uint8 +} + +type bpf_debugSendArgsT struct { + P_conn bpf_debugPidConnectionInfoT + Size uint64 +} + +type bpf_debugSockArgsT struct { + Addr uint64 + AcceptTime uint64 +} + type bpf_debugSslArgsT struct { Ssl uint64 Buf uint64 @@ -216,9 +238,25 @@ type bpf_debugSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpf_debugProgramSpecs struct { + AppEgress *ebpf.ProgramSpec `ebpf:"app_egress"` + AppIngress *ebpf.ProgramSpec `ebpf:"app_ingress"` + KprobeSysExit *ebpf.ProgramSpec `ebpf:"kprobe_sys_exit"` + KprobeTcpCleanupRbuf *ebpf.ProgramSpec `ebpf:"kprobe_tcp_cleanup_rbuf"` + KprobeTcpClose *ebpf.ProgramSpec `ebpf:"kprobe_tcp_close"` + KprobeTcpConnect *ebpf.ProgramSpec `ebpf:"kprobe_tcp_connect"` + KprobeTcpRcvEstablished *ebpf.ProgramSpec `ebpf:"kprobe_tcp_rcv_established"` + KprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_recvmsg"` + KprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_sendmsg"` + KretprobeSockAlloc *ebpf.ProgramSpec `ebpf:"kretprobe_sock_alloc"` + KretprobeSysAccept4 *ebpf.ProgramSpec `ebpf:"kretprobe_sys_accept4"` + KretprobeSysClone *ebpf.ProgramSpec `ebpf:"kretprobe_sys_clone"` + KretprobeSysConnect *ebpf.ProgramSpec `ebpf:"kretprobe_sys_connect"` + KretprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_recvmsg"` + KretprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_sendmsg"` ProtocolHttp *ebpf.ProgramSpec `ebpf:"protocol_http"` ProtocolHttp2 *ebpf.ProgramSpec `ebpf:"protocol_http2"` ProtocolTcp *ebpf.ProgramSpec `ebpf:"protocol_tcp"` + SocketHttpFilter *ebpf.ProgramSpec `ebpf:"socket__http_filter"` UprobeSslDoHandshake *ebpf.ProgramSpec `ebpf:"uprobe_ssl_do_handshake"` UprobeSslRead *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read"` UprobeSslReadEx *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read_ex"` @@ -236,7 +274,12 @@ type bpf_debugProgramSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpf_debugMapSpecs struct { + ActiveAcceptArgs *ebpf.MapSpec `ebpf:"active_accept_args"` + ActiveConnectArgs *ebpf.MapSpec `ebpf:"active_connect_args"` ActiveNodejsIds *ebpf.MapSpec `ebpf:"active_nodejs_ids"` + ActiveRecvArgs *ebpf.MapSpec `ebpf:"active_recv_args"` + ActiveSendArgs *ebpf.MapSpec `ebpf:"active_send_args"` + ActiveSendSockArgs *ebpf.MapSpec `ebpf:"active_send_sock_args"` ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` @@ -263,6 +306,7 @@ type bpf_debugMapSpecs struct { ServerTraces *ebpf.MapSpec `ebpf:"server_traces"` SslToConn *ebpf.MapSpec `ebpf:"ssl_to_conn"` SslToPidTid *ebpf.MapSpec `ebpf:"ssl_to_pid_tid"` + TcpConnectionMap *ebpf.MapSpec `ebpf:"tcp_connection_map"` TcpReqMem *ebpf.MapSpec `ebpf:"tcp_req_mem"` TpCharBufMem *ebpf.MapSpec `ebpf:"tp_char_buf_mem"` TpInfoMem *ebpf.MapSpec `ebpf:"tp_info_mem"` @@ -289,7 +333,12 @@ func (o *bpf_debugObjects) Close() error { // // It can be passed to loadBpf_debugObjects or ebpf.CollectionSpec.LoadAndAssign. type bpf_debugMaps struct { + ActiveAcceptArgs *ebpf.Map `ebpf:"active_accept_args"` + ActiveConnectArgs *ebpf.Map `ebpf:"active_connect_args"` ActiveNodejsIds *ebpf.Map `ebpf:"active_nodejs_ids"` + ActiveRecvArgs *ebpf.Map `ebpf:"active_recv_args"` + ActiveSendArgs *ebpf.Map `ebpf:"active_send_args"` + ActiveSendSockArgs *ebpf.Map `ebpf:"active_send_sock_args"` ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` @@ -316,6 +365,7 @@ type bpf_debugMaps struct { ServerTraces *ebpf.Map `ebpf:"server_traces"` SslToConn *ebpf.Map `ebpf:"ssl_to_conn"` SslToPidTid *ebpf.Map `ebpf:"ssl_to_pid_tid"` + TcpConnectionMap *ebpf.Map `ebpf:"tcp_connection_map"` TcpReqMem *ebpf.Map `ebpf:"tcp_req_mem"` TpCharBufMem *ebpf.Map `ebpf:"tp_char_buf_mem"` TpInfoMem *ebpf.Map `ebpf:"tp_info_mem"` @@ -325,7 +375,12 @@ type bpf_debugMaps struct { func (m *bpf_debugMaps) Close() error { return _Bpf_debugClose( + m.ActiveAcceptArgs, + m.ActiveConnectArgs, m.ActiveNodejsIds, + m.ActiveRecvArgs, + m.ActiveSendArgs, + m.ActiveSendSockArgs, m.ActiveSslConnections, m.ActiveSslHandshakes, m.ActiveSslReadArgs, @@ -352,6 +407,7 @@ func (m *bpf_debugMaps) Close() error { m.ServerTraces, m.SslToConn, m.SslToPidTid, + m.TcpConnectionMap, m.TcpReqMem, m.TpCharBufMem, m.TpInfoMem, @@ -364,9 +420,25 @@ func (m *bpf_debugMaps) Close() error { // // It can be passed to loadBpf_debugObjects or ebpf.CollectionSpec.LoadAndAssign. type bpf_debugPrograms struct { + AppEgress *ebpf.Program `ebpf:"app_egress"` + AppIngress *ebpf.Program `ebpf:"app_ingress"` + KprobeSysExit *ebpf.Program `ebpf:"kprobe_sys_exit"` + KprobeTcpCleanupRbuf *ebpf.Program `ebpf:"kprobe_tcp_cleanup_rbuf"` + KprobeTcpClose *ebpf.Program `ebpf:"kprobe_tcp_close"` + KprobeTcpConnect *ebpf.Program `ebpf:"kprobe_tcp_connect"` + KprobeTcpRcvEstablished *ebpf.Program `ebpf:"kprobe_tcp_rcv_established"` + KprobeTcpRecvmsg *ebpf.Program `ebpf:"kprobe_tcp_recvmsg"` + KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe_tcp_sendmsg"` + KretprobeSockAlloc *ebpf.Program `ebpf:"kretprobe_sock_alloc"` + KretprobeSysAccept4 *ebpf.Program `ebpf:"kretprobe_sys_accept4"` + KretprobeSysClone *ebpf.Program `ebpf:"kretprobe_sys_clone"` + KretprobeSysConnect *ebpf.Program `ebpf:"kretprobe_sys_connect"` + KretprobeTcpRecvmsg *ebpf.Program `ebpf:"kretprobe_tcp_recvmsg"` + KretprobeTcpSendmsg *ebpf.Program `ebpf:"kretprobe_tcp_sendmsg"` ProtocolHttp *ebpf.Program `ebpf:"protocol_http"` ProtocolHttp2 *ebpf.Program `ebpf:"protocol_http2"` ProtocolTcp *ebpf.Program `ebpf:"protocol_tcp"` + SocketHttpFilter *ebpf.Program `ebpf:"socket__http_filter"` UprobeSslDoHandshake *ebpf.Program `ebpf:"uprobe_ssl_do_handshake"` UprobeSslRead *ebpf.Program `ebpf:"uprobe_ssl_read"` UprobeSslReadEx *ebpf.Program `ebpf:"uprobe_ssl_read_ex"` @@ -382,9 +454,25 @@ type bpf_debugPrograms struct { func (p *bpf_debugPrograms) Close() error { return _Bpf_debugClose( + p.AppEgress, + p.AppIngress, + p.KprobeSysExit, + p.KprobeTcpCleanupRbuf, + p.KprobeTcpClose, + p.KprobeTcpConnect, + p.KprobeTcpRcvEstablished, + p.KprobeTcpRecvmsg, + p.KprobeTcpSendmsg, + p.KretprobeSockAlloc, + p.KretprobeSysAccept4, + p.KretprobeSysClone, + p.KretprobeSysConnect, + p.KretprobeTcpRecvmsg, + p.KretprobeTcpSendmsg, p.ProtocolHttp, p.ProtocolHttp2, p.ProtocolTcp, + p.SocketHttpFilter, p.UprobeSslDoHandshake, p.UprobeSslRead, p.UprobeSslReadEx, diff --git a/pkg/internal/ebpf/generictracer/bpf_debug_arm64_bpfel.o b/pkg/internal/ebpf/generictracer/bpf_debug_arm64_bpfel.o index b6c2854db..1ecea966a 100644 --- a/pkg/internal/ebpf/generictracer/bpf_debug_arm64_bpfel.o +++ b/pkg/internal/ebpf/generictracer/bpf_debug_arm64_bpfel.o @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:fc33cd40cc966db105d7e52078a45ab04e6a25b675fdc6cd5c5aad2d28f64c20 -size 404032 +oid sha256:e4b0bb1ff69e605a8630fc85d1c2703ab39fe311b485ec221274a9591c11f276 +size 765944 diff --git a/pkg/internal/ebpf/generictracer/bpf_debug_x86_bpfel.go b/pkg/internal/ebpf/generictracer/bpf_debug_x86_bpfel.go index 19055ab73..fa2aa4871 100644 --- a/pkg/internal/ebpf/generictracer/bpf_debug_x86_bpfel.go +++ b/pkg/internal/ebpf/generictracer/bpf_debug_x86_bpfel.go @@ -105,6 +105,13 @@ type bpf_debugHttpInfoT struct { _ [4]byte } +type bpf_debugPartialConnectionInfoT struct { + S_addr [16]uint8 + S_port uint16 + D_port uint16 + TcpSeq uint32 +} + type bpf_debugPidConnectionInfoT struct { Conn bpf_debugConnectionInfoT Pid uint32 @@ -115,6 +122,21 @@ type bpf_debugPidKeyT struct { Ns uint32 } +type bpf_debugRecvArgsT struct { + SockPtr uint64 + IovecCtx [40]uint8 +} + +type bpf_debugSendArgsT struct { + P_conn bpf_debugPidConnectionInfoT + Size uint64 +} + +type bpf_debugSockArgsT struct { + Addr uint64 + AcceptTime uint64 +} + type bpf_debugSslArgsT struct { Ssl uint64 Buf uint64 @@ -216,9 +238,25 @@ type bpf_debugSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpf_debugProgramSpecs struct { + AppEgress *ebpf.ProgramSpec `ebpf:"app_egress"` + AppIngress *ebpf.ProgramSpec `ebpf:"app_ingress"` + KprobeSysExit *ebpf.ProgramSpec `ebpf:"kprobe_sys_exit"` + KprobeTcpCleanupRbuf *ebpf.ProgramSpec `ebpf:"kprobe_tcp_cleanup_rbuf"` + KprobeTcpClose *ebpf.ProgramSpec `ebpf:"kprobe_tcp_close"` + KprobeTcpConnect *ebpf.ProgramSpec `ebpf:"kprobe_tcp_connect"` + KprobeTcpRcvEstablished *ebpf.ProgramSpec `ebpf:"kprobe_tcp_rcv_established"` + KprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_recvmsg"` + KprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_sendmsg"` + KretprobeSockAlloc *ebpf.ProgramSpec `ebpf:"kretprobe_sock_alloc"` + KretprobeSysAccept4 *ebpf.ProgramSpec `ebpf:"kretprobe_sys_accept4"` + KretprobeSysClone *ebpf.ProgramSpec `ebpf:"kretprobe_sys_clone"` + KretprobeSysConnect *ebpf.ProgramSpec `ebpf:"kretprobe_sys_connect"` + KretprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_recvmsg"` + KretprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_sendmsg"` ProtocolHttp *ebpf.ProgramSpec `ebpf:"protocol_http"` ProtocolHttp2 *ebpf.ProgramSpec `ebpf:"protocol_http2"` ProtocolTcp *ebpf.ProgramSpec `ebpf:"protocol_tcp"` + SocketHttpFilter *ebpf.ProgramSpec `ebpf:"socket__http_filter"` UprobeSslDoHandshake *ebpf.ProgramSpec `ebpf:"uprobe_ssl_do_handshake"` UprobeSslRead *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read"` UprobeSslReadEx *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read_ex"` @@ -236,7 +274,12 @@ type bpf_debugProgramSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpf_debugMapSpecs struct { + ActiveAcceptArgs *ebpf.MapSpec `ebpf:"active_accept_args"` + ActiveConnectArgs *ebpf.MapSpec `ebpf:"active_connect_args"` ActiveNodejsIds *ebpf.MapSpec `ebpf:"active_nodejs_ids"` + ActiveRecvArgs *ebpf.MapSpec `ebpf:"active_recv_args"` + ActiveSendArgs *ebpf.MapSpec `ebpf:"active_send_args"` + ActiveSendSockArgs *ebpf.MapSpec `ebpf:"active_send_sock_args"` ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` @@ -263,6 +306,7 @@ type bpf_debugMapSpecs struct { ServerTraces *ebpf.MapSpec `ebpf:"server_traces"` SslToConn *ebpf.MapSpec `ebpf:"ssl_to_conn"` SslToPidTid *ebpf.MapSpec `ebpf:"ssl_to_pid_tid"` + TcpConnectionMap *ebpf.MapSpec `ebpf:"tcp_connection_map"` TcpReqMem *ebpf.MapSpec `ebpf:"tcp_req_mem"` TpCharBufMem *ebpf.MapSpec `ebpf:"tp_char_buf_mem"` TpInfoMem *ebpf.MapSpec `ebpf:"tp_info_mem"` @@ -289,7 +333,12 @@ func (o *bpf_debugObjects) Close() error { // // It can be passed to loadBpf_debugObjects or ebpf.CollectionSpec.LoadAndAssign. type bpf_debugMaps struct { + ActiveAcceptArgs *ebpf.Map `ebpf:"active_accept_args"` + ActiveConnectArgs *ebpf.Map `ebpf:"active_connect_args"` ActiveNodejsIds *ebpf.Map `ebpf:"active_nodejs_ids"` + ActiveRecvArgs *ebpf.Map `ebpf:"active_recv_args"` + ActiveSendArgs *ebpf.Map `ebpf:"active_send_args"` + ActiveSendSockArgs *ebpf.Map `ebpf:"active_send_sock_args"` ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` @@ -316,6 +365,7 @@ type bpf_debugMaps struct { ServerTraces *ebpf.Map `ebpf:"server_traces"` SslToConn *ebpf.Map `ebpf:"ssl_to_conn"` SslToPidTid *ebpf.Map `ebpf:"ssl_to_pid_tid"` + TcpConnectionMap *ebpf.Map `ebpf:"tcp_connection_map"` TcpReqMem *ebpf.Map `ebpf:"tcp_req_mem"` TpCharBufMem *ebpf.Map `ebpf:"tp_char_buf_mem"` TpInfoMem *ebpf.Map `ebpf:"tp_info_mem"` @@ -325,7 +375,12 @@ type bpf_debugMaps struct { func (m *bpf_debugMaps) Close() error { return _Bpf_debugClose( + m.ActiveAcceptArgs, + m.ActiveConnectArgs, m.ActiveNodejsIds, + m.ActiveRecvArgs, + m.ActiveSendArgs, + m.ActiveSendSockArgs, m.ActiveSslConnections, m.ActiveSslHandshakes, m.ActiveSslReadArgs, @@ -352,6 +407,7 @@ func (m *bpf_debugMaps) Close() error { m.ServerTraces, m.SslToConn, m.SslToPidTid, + m.TcpConnectionMap, m.TcpReqMem, m.TpCharBufMem, m.TpInfoMem, @@ -364,9 +420,25 @@ func (m *bpf_debugMaps) Close() error { // // It can be passed to loadBpf_debugObjects or ebpf.CollectionSpec.LoadAndAssign. type bpf_debugPrograms struct { + AppEgress *ebpf.Program `ebpf:"app_egress"` + AppIngress *ebpf.Program `ebpf:"app_ingress"` + KprobeSysExit *ebpf.Program `ebpf:"kprobe_sys_exit"` + KprobeTcpCleanupRbuf *ebpf.Program `ebpf:"kprobe_tcp_cleanup_rbuf"` + KprobeTcpClose *ebpf.Program `ebpf:"kprobe_tcp_close"` + KprobeTcpConnect *ebpf.Program `ebpf:"kprobe_tcp_connect"` + KprobeTcpRcvEstablished *ebpf.Program `ebpf:"kprobe_tcp_rcv_established"` + KprobeTcpRecvmsg *ebpf.Program `ebpf:"kprobe_tcp_recvmsg"` + KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe_tcp_sendmsg"` + KretprobeSockAlloc *ebpf.Program `ebpf:"kretprobe_sock_alloc"` + KretprobeSysAccept4 *ebpf.Program `ebpf:"kretprobe_sys_accept4"` + KretprobeSysClone *ebpf.Program `ebpf:"kretprobe_sys_clone"` + KretprobeSysConnect *ebpf.Program `ebpf:"kretprobe_sys_connect"` + KretprobeTcpRecvmsg *ebpf.Program `ebpf:"kretprobe_tcp_recvmsg"` + KretprobeTcpSendmsg *ebpf.Program `ebpf:"kretprobe_tcp_sendmsg"` ProtocolHttp *ebpf.Program `ebpf:"protocol_http"` ProtocolHttp2 *ebpf.Program `ebpf:"protocol_http2"` ProtocolTcp *ebpf.Program `ebpf:"protocol_tcp"` + SocketHttpFilter *ebpf.Program `ebpf:"socket__http_filter"` UprobeSslDoHandshake *ebpf.Program `ebpf:"uprobe_ssl_do_handshake"` UprobeSslRead *ebpf.Program `ebpf:"uprobe_ssl_read"` UprobeSslReadEx *ebpf.Program `ebpf:"uprobe_ssl_read_ex"` @@ -382,9 +454,25 @@ type bpf_debugPrograms struct { func (p *bpf_debugPrograms) Close() error { return _Bpf_debugClose( + p.AppEgress, + p.AppIngress, + p.KprobeSysExit, + p.KprobeTcpCleanupRbuf, + p.KprobeTcpClose, + p.KprobeTcpConnect, + p.KprobeTcpRcvEstablished, + p.KprobeTcpRecvmsg, + p.KprobeTcpSendmsg, + p.KretprobeSockAlloc, + p.KretprobeSysAccept4, + p.KretprobeSysClone, + p.KretprobeSysConnect, + p.KretprobeTcpRecvmsg, + p.KretprobeTcpSendmsg, p.ProtocolHttp, p.ProtocolHttp2, p.ProtocolTcp, + p.SocketHttpFilter, p.UprobeSslDoHandshake, p.UprobeSslRead, p.UprobeSslReadEx, diff --git a/pkg/internal/ebpf/generictracer/bpf_debug_x86_bpfel.o b/pkg/internal/ebpf/generictracer/bpf_debug_x86_bpfel.o index 54ee7c1f0..3a8cf343d 100644 --- a/pkg/internal/ebpf/generictracer/bpf_debug_x86_bpfel.o +++ b/pkg/internal/ebpf/generictracer/bpf_debug_x86_bpfel.o @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:1202b8c657b3d1aff3948d821df66f5e1a970684cf53aca6bfd6486b44f41dfd -size 405192 +oid sha256:984d3ae17d04f2fed3a69ab4c82950168673aa146e5934965b8c6c011ec1773b +size 765216 diff --git a/pkg/internal/ebpf/generictracer/bpf_tp_arm64_bpfel.go b/pkg/internal/ebpf/generictracer/bpf_tp_arm64_bpfel.go index 16d00fdd9..6adeef0a5 100644 --- a/pkg/internal/ebpf/generictracer/bpf_tp_arm64_bpfel.go +++ b/pkg/internal/ebpf/generictracer/bpf_tp_arm64_bpfel.go @@ -105,6 +105,13 @@ type bpf_tpHttpInfoT struct { _ [4]byte } +type bpf_tpPartialConnectionInfoT struct { + S_addr [16]uint8 + S_port uint16 + D_port uint16 + TcpSeq uint32 +} + type bpf_tpPidConnectionInfoT struct { Conn bpf_tpConnectionInfoT Pid uint32 @@ -115,6 +122,21 @@ type bpf_tpPidKeyT struct { Ns uint32 } +type bpf_tpRecvArgsT struct { + SockPtr uint64 + IovecCtx [40]uint8 +} + +type bpf_tpSendArgsT struct { + P_conn bpf_tpPidConnectionInfoT + Size uint64 +} + +type bpf_tpSockArgsT struct { + Addr uint64 + AcceptTime uint64 +} + type bpf_tpSslArgsT struct { Ssl uint64 Buf uint64 @@ -216,9 +238,25 @@ type bpf_tpSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpf_tpProgramSpecs struct { + AppEgress *ebpf.ProgramSpec `ebpf:"app_egress"` + AppIngress *ebpf.ProgramSpec `ebpf:"app_ingress"` + KprobeSysExit *ebpf.ProgramSpec `ebpf:"kprobe_sys_exit"` + KprobeTcpCleanupRbuf *ebpf.ProgramSpec `ebpf:"kprobe_tcp_cleanup_rbuf"` + KprobeTcpClose *ebpf.ProgramSpec `ebpf:"kprobe_tcp_close"` + KprobeTcpConnect *ebpf.ProgramSpec `ebpf:"kprobe_tcp_connect"` + KprobeTcpRcvEstablished *ebpf.ProgramSpec `ebpf:"kprobe_tcp_rcv_established"` + KprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_recvmsg"` + KprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_sendmsg"` + KretprobeSockAlloc *ebpf.ProgramSpec `ebpf:"kretprobe_sock_alloc"` + KretprobeSysAccept4 *ebpf.ProgramSpec `ebpf:"kretprobe_sys_accept4"` + KretprobeSysClone *ebpf.ProgramSpec `ebpf:"kretprobe_sys_clone"` + KretprobeSysConnect *ebpf.ProgramSpec `ebpf:"kretprobe_sys_connect"` + KretprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_recvmsg"` + KretprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_sendmsg"` ProtocolHttp *ebpf.ProgramSpec `ebpf:"protocol_http"` ProtocolHttp2 *ebpf.ProgramSpec `ebpf:"protocol_http2"` ProtocolTcp *ebpf.ProgramSpec `ebpf:"protocol_tcp"` + SocketHttpFilter *ebpf.ProgramSpec `ebpf:"socket__http_filter"` UprobeSslDoHandshake *ebpf.ProgramSpec `ebpf:"uprobe_ssl_do_handshake"` UprobeSslRead *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read"` UprobeSslReadEx *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read_ex"` @@ -236,7 +274,12 @@ type bpf_tpProgramSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpf_tpMapSpecs struct { + ActiveAcceptArgs *ebpf.MapSpec `ebpf:"active_accept_args"` + ActiveConnectArgs *ebpf.MapSpec `ebpf:"active_connect_args"` ActiveNodejsIds *ebpf.MapSpec `ebpf:"active_nodejs_ids"` + ActiveRecvArgs *ebpf.MapSpec `ebpf:"active_recv_args"` + ActiveSendArgs *ebpf.MapSpec `ebpf:"active_send_args"` + ActiveSendSockArgs *ebpf.MapSpec `ebpf:"active_send_sock_args"` ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` @@ -262,6 +305,7 @@ type bpf_tpMapSpecs struct { ServerTraces *ebpf.MapSpec `ebpf:"server_traces"` SslToConn *ebpf.MapSpec `ebpf:"ssl_to_conn"` SslToPidTid *ebpf.MapSpec `ebpf:"ssl_to_pid_tid"` + TcpConnectionMap *ebpf.MapSpec `ebpf:"tcp_connection_map"` TcpReqMem *ebpf.MapSpec `ebpf:"tcp_req_mem"` TpCharBufMem *ebpf.MapSpec `ebpf:"tp_char_buf_mem"` TpInfoMem *ebpf.MapSpec `ebpf:"tp_info_mem"` @@ -288,7 +332,12 @@ func (o *bpf_tpObjects) Close() error { // // It can be passed to loadBpf_tpObjects or ebpf.CollectionSpec.LoadAndAssign. type bpf_tpMaps struct { + ActiveAcceptArgs *ebpf.Map `ebpf:"active_accept_args"` + ActiveConnectArgs *ebpf.Map `ebpf:"active_connect_args"` ActiveNodejsIds *ebpf.Map `ebpf:"active_nodejs_ids"` + ActiveRecvArgs *ebpf.Map `ebpf:"active_recv_args"` + ActiveSendArgs *ebpf.Map `ebpf:"active_send_args"` + ActiveSendSockArgs *ebpf.Map `ebpf:"active_send_sock_args"` ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` @@ -314,6 +363,7 @@ type bpf_tpMaps struct { ServerTraces *ebpf.Map `ebpf:"server_traces"` SslToConn *ebpf.Map `ebpf:"ssl_to_conn"` SslToPidTid *ebpf.Map `ebpf:"ssl_to_pid_tid"` + TcpConnectionMap *ebpf.Map `ebpf:"tcp_connection_map"` TcpReqMem *ebpf.Map `ebpf:"tcp_req_mem"` TpCharBufMem *ebpf.Map `ebpf:"tp_char_buf_mem"` TpInfoMem *ebpf.Map `ebpf:"tp_info_mem"` @@ -323,7 +373,12 @@ type bpf_tpMaps struct { func (m *bpf_tpMaps) Close() error { return _Bpf_tpClose( + m.ActiveAcceptArgs, + m.ActiveConnectArgs, m.ActiveNodejsIds, + m.ActiveRecvArgs, + m.ActiveSendArgs, + m.ActiveSendSockArgs, m.ActiveSslConnections, m.ActiveSslHandshakes, m.ActiveSslReadArgs, @@ -349,6 +404,7 @@ func (m *bpf_tpMaps) Close() error { m.ServerTraces, m.SslToConn, m.SslToPidTid, + m.TcpConnectionMap, m.TcpReqMem, m.TpCharBufMem, m.TpInfoMem, @@ -361,9 +417,25 @@ func (m *bpf_tpMaps) Close() error { // // It can be passed to loadBpf_tpObjects or ebpf.CollectionSpec.LoadAndAssign. type bpf_tpPrograms struct { + AppEgress *ebpf.Program `ebpf:"app_egress"` + AppIngress *ebpf.Program `ebpf:"app_ingress"` + KprobeSysExit *ebpf.Program `ebpf:"kprobe_sys_exit"` + KprobeTcpCleanupRbuf *ebpf.Program `ebpf:"kprobe_tcp_cleanup_rbuf"` + KprobeTcpClose *ebpf.Program `ebpf:"kprobe_tcp_close"` + KprobeTcpConnect *ebpf.Program `ebpf:"kprobe_tcp_connect"` + KprobeTcpRcvEstablished *ebpf.Program `ebpf:"kprobe_tcp_rcv_established"` + KprobeTcpRecvmsg *ebpf.Program `ebpf:"kprobe_tcp_recvmsg"` + KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe_tcp_sendmsg"` + KretprobeSockAlloc *ebpf.Program `ebpf:"kretprobe_sock_alloc"` + KretprobeSysAccept4 *ebpf.Program `ebpf:"kretprobe_sys_accept4"` + KretprobeSysClone *ebpf.Program `ebpf:"kretprobe_sys_clone"` + KretprobeSysConnect *ebpf.Program `ebpf:"kretprobe_sys_connect"` + KretprobeTcpRecvmsg *ebpf.Program `ebpf:"kretprobe_tcp_recvmsg"` + KretprobeTcpSendmsg *ebpf.Program `ebpf:"kretprobe_tcp_sendmsg"` ProtocolHttp *ebpf.Program `ebpf:"protocol_http"` ProtocolHttp2 *ebpf.Program `ebpf:"protocol_http2"` ProtocolTcp *ebpf.Program `ebpf:"protocol_tcp"` + SocketHttpFilter *ebpf.Program `ebpf:"socket__http_filter"` UprobeSslDoHandshake *ebpf.Program `ebpf:"uprobe_ssl_do_handshake"` UprobeSslRead *ebpf.Program `ebpf:"uprobe_ssl_read"` UprobeSslReadEx *ebpf.Program `ebpf:"uprobe_ssl_read_ex"` @@ -379,9 +451,25 @@ type bpf_tpPrograms struct { func (p *bpf_tpPrograms) Close() error { return _Bpf_tpClose( + p.AppEgress, + p.AppIngress, + p.KprobeSysExit, + p.KprobeTcpCleanupRbuf, + p.KprobeTcpClose, + p.KprobeTcpConnect, + p.KprobeTcpRcvEstablished, + p.KprobeTcpRecvmsg, + p.KprobeTcpSendmsg, + p.KretprobeSockAlloc, + p.KretprobeSysAccept4, + p.KretprobeSysClone, + p.KretprobeSysConnect, + p.KretprobeTcpRecvmsg, + p.KretprobeTcpSendmsg, p.ProtocolHttp, p.ProtocolHttp2, p.ProtocolTcp, + p.SocketHttpFilter, p.UprobeSslDoHandshake, p.UprobeSslRead, p.UprobeSslReadEx, diff --git a/pkg/internal/ebpf/generictracer/bpf_tp_arm64_bpfel.o b/pkg/internal/ebpf/generictracer/bpf_tp_arm64_bpfel.o index e2fa538fd..5839adfbf 100644 --- a/pkg/internal/ebpf/generictracer/bpf_tp_arm64_bpfel.o +++ b/pkg/internal/ebpf/generictracer/bpf_tp_arm64_bpfel.o @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:54f9a16daafa1217fc660d602de3190634e3ce9a1d54ded5a9d65a6e3883f350 -size 261936 +oid sha256:22e29853a4864d1326b161a28c5f960ca3b863ea595bc9fd2d1b80e676fb6cb5 +size 495832 diff --git a/pkg/internal/ebpf/generictracer/bpf_tp_debug_arm64_bpfel.go b/pkg/internal/ebpf/generictracer/bpf_tp_debug_arm64_bpfel.go index a1c36126b..75f6c5daf 100644 --- a/pkg/internal/ebpf/generictracer/bpf_tp_debug_arm64_bpfel.go +++ b/pkg/internal/ebpf/generictracer/bpf_tp_debug_arm64_bpfel.go @@ -105,6 +105,13 @@ type bpf_tp_debugHttpInfoT struct { _ [4]byte } +type bpf_tp_debugPartialConnectionInfoT struct { + S_addr [16]uint8 + S_port uint16 + D_port uint16 + TcpSeq uint32 +} + type bpf_tp_debugPidConnectionInfoT struct { Conn bpf_tp_debugConnectionInfoT Pid uint32 @@ -115,6 +122,21 @@ type bpf_tp_debugPidKeyT struct { Ns uint32 } +type bpf_tp_debugRecvArgsT struct { + SockPtr uint64 + IovecCtx [40]uint8 +} + +type bpf_tp_debugSendArgsT struct { + P_conn bpf_tp_debugPidConnectionInfoT + Size uint64 +} + +type bpf_tp_debugSockArgsT struct { + Addr uint64 + AcceptTime uint64 +} + type bpf_tp_debugSslArgsT struct { Ssl uint64 Buf uint64 @@ -216,9 +238,25 @@ type bpf_tp_debugSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpf_tp_debugProgramSpecs struct { + AppEgress *ebpf.ProgramSpec `ebpf:"app_egress"` + AppIngress *ebpf.ProgramSpec `ebpf:"app_ingress"` + KprobeSysExit *ebpf.ProgramSpec `ebpf:"kprobe_sys_exit"` + KprobeTcpCleanupRbuf *ebpf.ProgramSpec `ebpf:"kprobe_tcp_cleanup_rbuf"` + KprobeTcpClose *ebpf.ProgramSpec `ebpf:"kprobe_tcp_close"` + KprobeTcpConnect *ebpf.ProgramSpec `ebpf:"kprobe_tcp_connect"` + KprobeTcpRcvEstablished *ebpf.ProgramSpec `ebpf:"kprobe_tcp_rcv_established"` + KprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_recvmsg"` + KprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_sendmsg"` + KretprobeSockAlloc *ebpf.ProgramSpec `ebpf:"kretprobe_sock_alloc"` + KretprobeSysAccept4 *ebpf.ProgramSpec `ebpf:"kretprobe_sys_accept4"` + KretprobeSysClone *ebpf.ProgramSpec `ebpf:"kretprobe_sys_clone"` + KretprobeSysConnect *ebpf.ProgramSpec `ebpf:"kretprobe_sys_connect"` + KretprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_recvmsg"` + KretprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_sendmsg"` ProtocolHttp *ebpf.ProgramSpec `ebpf:"protocol_http"` ProtocolHttp2 *ebpf.ProgramSpec `ebpf:"protocol_http2"` ProtocolTcp *ebpf.ProgramSpec `ebpf:"protocol_tcp"` + SocketHttpFilter *ebpf.ProgramSpec `ebpf:"socket__http_filter"` UprobeSslDoHandshake *ebpf.ProgramSpec `ebpf:"uprobe_ssl_do_handshake"` UprobeSslRead *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read"` UprobeSslReadEx *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read_ex"` @@ -236,7 +274,12 @@ type bpf_tp_debugProgramSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpf_tp_debugMapSpecs struct { + ActiveAcceptArgs *ebpf.MapSpec `ebpf:"active_accept_args"` + ActiveConnectArgs *ebpf.MapSpec `ebpf:"active_connect_args"` ActiveNodejsIds *ebpf.MapSpec `ebpf:"active_nodejs_ids"` + ActiveRecvArgs *ebpf.MapSpec `ebpf:"active_recv_args"` + ActiveSendArgs *ebpf.MapSpec `ebpf:"active_send_args"` + ActiveSendSockArgs *ebpf.MapSpec `ebpf:"active_send_sock_args"` ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` @@ -263,6 +306,7 @@ type bpf_tp_debugMapSpecs struct { ServerTraces *ebpf.MapSpec `ebpf:"server_traces"` SslToConn *ebpf.MapSpec `ebpf:"ssl_to_conn"` SslToPidTid *ebpf.MapSpec `ebpf:"ssl_to_pid_tid"` + TcpConnectionMap *ebpf.MapSpec `ebpf:"tcp_connection_map"` TcpReqMem *ebpf.MapSpec `ebpf:"tcp_req_mem"` TpCharBufMem *ebpf.MapSpec `ebpf:"tp_char_buf_mem"` TpInfoMem *ebpf.MapSpec `ebpf:"tp_info_mem"` @@ -289,7 +333,12 @@ func (o *bpf_tp_debugObjects) Close() error { // // It can be passed to loadBpf_tp_debugObjects or ebpf.CollectionSpec.LoadAndAssign. type bpf_tp_debugMaps struct { + ActiveAcceptArgs *ebpf.Map `ebpf:"active_accept_args"` + ActiveConnectArgs *ebpf.Map `ebpf:"active_connect_args"` ActiveNodejsIds *ebpf.Map `ebpf:"active_nodejs_ids"` + ActiveRecvArgs *ebpf.Map `ebpf:"active_recv_args"` + ActiveSendArgs *ebpf.Map `ebpf:"active_send_args"` + ActiveSendSockArgs *ebpf.Map `ebpf:"active_send_sock_args"` ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` @@ -316,6 +365,7 @@ type bpf_tp_debugMaps struct { ServerTraces *ebpf.Map `ebpf:"server_traces"` SslToConn *ebpf.Map `ebpf:"ssl_to_conn"` SslToPidTid *ebpf.Map `ebpf:"ssl_to_pid_tid"` + TcpConnectionMap *ebpf.Map `ebpf:"tcp_connection_map"` TcpReqMem *ebpf.Map `ebpf:"tcp_req_mem"` TpCharBufMem *ebpf.Map `ebpf:"tp_char_buf_mem"` TpInfoMem *ebpf.Map `ebpf:"tp_info_mem"` @@ -325,7 +375,12 @@ type bpf_tp_debugMaps struct { func (m *bpf_tp_debugMaps) Close() error { return _Bpf_tp_debugClose( + m.ActiveAcceptArgs, + m.ActiveConnectArgs, m.ActiveNodejsIds, + m.ActiveRecvArgs, + m.ActiveSendArgs, + m.ActiveSendSockArgs, m.ActiveSslConnections, m.ActiveSslHandshakes, m.ActiveSslReadArgs, @@ -352,6 +407,7 @@ func (m *bpf_tp_debugMaps) Close() error { m.ServerTraces, m.SslToConn, m.SslToPidTid, + m.TcpConnectionMap, m.TcpReqMem, m.TpCharBufMem, m.TpInfoMem, @@ -364,9 +420,25 @@ func (m *bpf_tp_debugMaps) Close() error { // // It can be passed to loadBpf_tp_debugObjects or ebpf.CollectionSpec.LoadAndAssign. type bpf_tp_debugPrograms struct { + AppEgress *ebpf.Program `ebpf:"app_egress"` + AppIngress *ebpf.Program `ebpf:"app_ingress"` + KprobeSysExit *ebpf.Program `ebpf:"kprobe_sys_exit"` + KprobeTcpCleanupRbuf *ebpf.Program `ebpf:"kprobe_tcp_cleanup_rbuf"` + KprobeTcpClose *ebpf.Program `ebpf:"kprobe_tcp_close"` + KprobeTcpConnect *ebpf.Program `ebpf:"kprobe_tcp_connect"` + KprobeTcpRcvEstablished *ebpf.Program `ebpf:"kprobe_tcp_rcv_established"` + KprobeTcpRecvmsg *ebpf.Program `ebpf:"kprobe_tcp_recvmsg"` + KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe_tcp_sendmsg"` + KretprobeSockAlloc *ebpf.Program `ebpf:"kretprobe_sock_alloc"` + KretprobeSysAccept4 *ebpf.Program `ebpf:"kretprobe_sys_accept4"` + KretprobeSysClone *ebpf.Program `ebpf:"kretprobe_sys_clone"` + KretprobeSysConnect *ebpf.Program `ebpf:"kretprobe_sys_connect"` + KretprobeTcpRecvmsg *ebpf.Program `ebpf:"kretprobe_tcp_recvmsg"` + KretprobeTcpSendmsg *ebpf.Program `ebpf:"kretprobe_tcp_sendmsg"` ProtocolHttp *ebpf.Program `ebpf:"protocol_http"` ProtocolHttp2 *ebpf.Program `ebpf:"protocol_http2"` ProtocolTcp *ebpf.Program `ebpf:"protocol_tcp"` + SocketHttpFilter *ebpf.Program `ebpf:"socket__http_filter"` UprobeSslDoHandshake *ebpf.Program `ebpf:"uprobe_ssl_do_handshake"` UprobeSslRead *ebpf.Program `ebpf:"uprobe_ssl_read"` UprobeSslReadEx *ebpf.Program `ebpf:"uprobe_ssl_read_ex"` @@ -382,9 +454,25 @@ type bpf_tp_debugPrograms struct { func (p *bpf_tp_debugPrograms) Close() error { return _Bpf_tp_debugClose( + p.AppEgress, + p.AppIngress, + p.KprobeSysExit, + p.KprobeTcpCleanupRbuf, + p.KprobeTcpClose, + p.KprobeTcpConnect, + p.KprobeTcpRcvEstablished, + p.KprobeTcpRecvmsg, + p.KprobeTcpSendmsg, + p.KretprobeSockAlloc, + p.KretprobeSysAccept4, + p.KretprobeSysClone, + p.KretprobeSysConnect, + p.KretprobeTcpRecvmsg, + p.KretprobeTcpSendmsg, p.ProtocolHttp, p.ProtocolHttp2, p.ProtocolTcp, + p.SocketHttpFilter, p.UprobeSslDoHandshake, p.UprobeSslRead, p.UprobeSslReadEx, diff --git a/pkg/internal/ebpf/generictracer/bpf_tp_debug_arm64_bpfel.o b/pkg/internal/ebpf/generictracer/bpf_tp_debug_arm64_bpfel.o index a5e7cdbdd..167f23692 100644 --- a/pkg/internal/ebpf/generictracer/bpf_tp_debug_arm64_bpfel.o +++ b/pkg/internal/ebpf/generictracer/bpf_tp_debug_arm64_bpfel.o @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:d2d0c114ca63e0658b39fc53f30a31a3ba244b312bdb6b7cd152475e3345504d -size 422680 +oid sha256:dd6d7d787729259302ca414cd3f0d276092aeb6c77b2e0d236280d29575b3a20 +size 784600 diff --git a/pkg/internal/ebpf/generictracer/bpf_tp_debug_x86_bpfel.go b/pkg/internal/ebpf/generictracer/bpf_tp_debug_x86_bpfel.go index 15c705f61..3e6fdd5a0 100644 --- a/pkg/internal/ebpf/generictracer/bpf_tp_debug_x86_bpfel.go +++ b/pkg/internal/ebpf/generictracer/bpf_tp_debug_x86_bpfel.go @@ -105,6 +105,13 @@ type bpf_tp_debugHttpInfoT struct { _ [4]byte } +type bpf_tp_debugPartialConnectionInfoT struct { + S_addr [16]uint8 + S_port uint16 + D_port uint16 + TcpSeq uint32 +} + type bpf_tp_debugPidConnectionInfoT struct { Conn bpf_tp_debugConnectionInfoT Pid uint32 @@ -115,6 +122,21 @@ type bpf_tp_debugPidKeyT struct { Ns uint32 } +type bpf_tp_debugRecvArgsT struct { + SockPtr uint64 + IovecCtx [40]uint8 +} + +type bpf_tp_debugSendArgsT struct { + P_conn bpf_tp_debugPidConnectionInfoT + Size uint64 +} + +type bpf_tp_debugSockArgsT struct { + Addr uint64 + AcceptTime uint64 +} + type bpf_tp_debugSslArgsT struct { Ssl uint64 Buf uint64 @@ -216,9 +238,25 @@ type bpf_tp_debugSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpf_tp_debugProgramSpecs struct { + AppEgress *ebpf.ProgramSpec `ebpf:"app_egress"` + AppIngress *ebpf.ProgramSpec `ebpf:"app_ingress"` + KprobeSysExit *ebpf.ProgramSpec `ebpf:"kprobe_sys_exit"` + KprobeTcpCleanupRbuf *ebpf.ProgramSpec `ebpf:"kprobe_tcp_cleanup_rbuf"` + KprobeTcpClose *ebpf.ProgramSpec `ebpf:"kprobe_tcp_close"` + KprobeTcpConnect *ebpf.ProgramSpec `ebpf:"kprobe_tcp_connect"` + KprobeTcpRcvEstablished *ebpf.ProgramSpec `ebpf:"kprobe_tcp_rcv_established"` + KprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_recvmsg"` + KprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_sendmsg"` + KretprobeSockAlloc *ebpf.ProgramSpec `ebpf:"kretprobe_sock_alloc"` + KretprobeSysAccept4 *ebpf.ProgramSpec `ebpf:"kretprobe_sys_accept4"` + KretprobeSysClone *ebpf.ProgramSpec `ebpf:"kretprobe_sys_clone"` + KretprobeSysConnect *ebpf.ProgramSpec `ebpf:"kretprobe_sys_connect"` + KretprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_recvmsg"` + KretprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_sendmsg"` ProtocolHttp *ebpf.ProgramSpec `ebpf:"protocol_http"` ProtocolHttp2 *ebpf.ProgramSpec `ebpf:"protocol_http2"` ProtocolTcp *ebpf.ProgramSpec `ebpf:"protocol_tcp"` + SocketHttpFilter *ebpf.ProgramSpec `ebpf:"socket__http_filter"` UprobeSslDoHandshake *ebpf.ProgramSpec `ebpf:"uprobe_ssl_do_handshake"` UprobeSslRead *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read"` UprobeSslReadEx *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read_ex"` @@ -236,7 +274,12 @@ type bpf_tp_debugProgramSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpf_tp_debugMapSpecs struct { + ActiveAcceptArgs *ebpf.MapSpec `ebpf:"active_accept_args"` + ActiveConnectArgs *ebpf.MapSpec `ebpf:"active_connect_args"` ActiveNodejsIds *ebpf.MapSpec `ebpf:"active_nodejs_ids"` + ActiveRecvArgs *ebpf.MapSpec `ebpf:"active_recv_args"` + ActiveSendArgs *ebpf.MapSpec `ebpf:"active_send_args"` + ActiveSendSockArgs *ebpf.MapSpec `ebpf:"active_send_sock_args"` ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` @@ -263,6 +306,7 @@ type bpf_tp_debugMapSpecs struct { ServerTraces *ebpf.MapSpec `ebpf:"server_traces"` SslToConn *ebpf.MapSpec `ebpf:"ssl_to_conn"` SslToPidTid *ebpf.MapSpec `ebpf:"ssl_to_pid_tid"` + TcpConnectionMap *ebpf.MapSpec `ebpf:"tcp_connection_map"` TcpReqMem *ebpf.MapSpec `ebpf:"tcp_req_mem"` TpCharBufMem *ebpf.MapSpec `ebpf:"tp_char_buf_mem"` TpInfoMem *ebpf.MapSpec `ebpf:"tp_info_mem"` @@ -289,7 +333,12 @@ func (o *bpf_tp_debugObjects) Close() error { // // It can be passed to loadBpf_tp_debugObjects or ebpf.CollectionSpec.LoadAndAssign. type bpf_tp_debugMaps struct { + ActiveAcceptArgs *ebpf.Map `ebpf:"active_accept_args"` + ActiveConnectArgs *ebpf.Map `ebpf:"active_connect_args"` ActiveNodejsIds *ebpf.Map `ebpf:"active_nodejs_ids"` + ActiveRecvArgs *ebpf.Map `ebpf:"active_recv_args"` + ActiveSendArgs *ebpf.Map `ebpf:"active_send_args"` + ActiveSendSockArgs *ebpf.Map `ebpf:"active_send_sock_args"` ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` @@ -316,6 +365,7 @@ type bpf_tp_debugMaps struct { ServerTraces *ebpf.Map `ebpf:"server_traces"` SslToConn *ebpf.Map `ebpf:"ssl_to_conn"` SslToPidTid *ebpf.Map `ebpf:"ssl_to_pid_tid"` + TcpConnectionMap *ebpf.Map `ebpf:"tcp_connection_map"` TcpReqMem *ebpf.Map `ebpf:"tcp_req_mem"` TpCharBufMem *ebpf.Map `ebpf:"tp_char_buf_mem"` TpInfoMem *ebpf.Map `ebpf:"tp_info_mem"` @@ -325,7 +375,12 @@ type bpf_tp_debugMaps struct { func (m *bpf_tp_debugMaps) Close() error { return _Bpf_tp_debugClose( + m.ActiveAcceptArgs, + m.ActiveConnectArgs, m.ActiveNodejsIds, + m.ActiveRecvArgs, + m.ActiveSendArgs, + m.ActiveSendSockArgs, m.ActiveSslConnections, m.ActiveSslHandshakes, m.ActiveSslReadArgs, @@ -352,6 +407,7 @@ func (m *bpf_tp_debugMaps) Close() error { m.ServerTraces, m.SslToConn, m.SslToPidTid, + m.TcpConnectionMap, m.TcpReqMem, m.TpCharBufMem, m.TpInfoMem, @@ -364,9 +420,25 @@ func (m *bpf_tp_debugMaps) Close() error { // // It can be passed to loadBpf_tp_debugObjects or ebpf.CollectionSpec.LoadAndAssign. type bpf_tp_debugPrograms struct { + AppEgress *ebpf.Program `ebpf:"app_egress"` + AppIngress *ebpf.Program `ebpf:"app_ingress"` + KprobeSysExit *ebpf.Program `ebpf:"kprobe_sys_exit"` + KprobeTcpCleanupRbuf *ebpf.Program `ebpf:"kprobe_tcp_cleanup_rbuf"` + KprobeTcpClose *ebpf.Program `ebpf:"kprobe_tcp_close"` + KprobeTcpConnect *ebpf.Program `ebpf:"kprobe_tcp_connect"` + KprobeTcpRcvEstablished *ebpf.Program `ebpf:"kprobe_tcp_rcv_established"` + KprobeTcpRecvmsg *ebpf.Program `ebpf:"kprobe_tcp_recvmsg"` + KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe_tcp_sendmsg"` + KretprobeSockAlloc *ebpf.Program `ebpf:"kretprobe_sock_alloc"` + KretprobeSysAccept4 *ebpf.Program `ebpf:"kretprobe_sys_accept4"` + KretprobeSysClone *ebpf.Program `ebpf:"kretprobe_sys_clone"` + KretprobeSysConnect *ebpf.Program `ebpf:"kretprobe_sys_connect"` + KretprobeTcpRecvmsg *ebpf.Program `ebpf:"kretprobe_tcp_recvmsg"` + KretprobeTcpSendmsg *ebpf.Program `ebpf:"kretprobe_tcp_sendmsg"` ProtocolHttp *ebpf.Program `ebpf:"protocol_http"` ProtocolHttp2 *ebpf.Program `ebpf:"protocol_http2"` ProtocolTcp *ebpf.Program `ebpf:"protocol_tcp"` + SocketHttpFilter *ebpf.Program `ebpf:"socket__http_filter"` UprobeSslDoHandshake *ebpf.Program `ebpf:"uprobe_ssl_do_handshake"` UprobeSslRead *ebpf.Program `ebpf:"uprobe_ssl_read"` UprobeSslReadEx *ebpf.Program `ebpf:"uprobe_ssl_read_ex"` @@ -382,9 +454,25 @@ type bpf_tp_debugPrograms struct { func (p *bpf_tp_debugPrograms) Close() error { return _Bpf_tp_debugClose( + p.AppEgress, + p.AppIngress, + p.KprobeSysExit, + p.KprobeTcpCleanupRbuf, + p.KprobeTcpClose, + p.KprobeTcpConnect, + p.KprobeTcpRcvEstablished, + p.KprobeTcpRecvmsg, + p.KprobeTcpSendmsg, + p.KretprobeSockAlloc, + p.KretprobeSysAccept4, + p.KretprobeSysClone, + p.KretprobeSysConnect, + p.KretprobeTcpRecvmsg, + p.KretprobeTcpSendmsg, p.ProtocolHttp, p.ProtocolHttp2, p.ProtocolTcp, + p.SocketHttpFilter, p.UprobeSslDoHandshake, p.UprobeSslRead, p.UprobeSslReadEx, diff --git a/pkg/internal/ebpf/generictracer/bpf_tp_debug_x86_bpfel.o b/pkg/internal/ebpf/generictracer/bpf_tp_debug_x86_bpfel.o index e1444b153..2c8132535 100644 --- a/pkg/internal/ebpf/generictracer/bpf_tp_debug_x86_bpfel.o +++ b/pkg/internal/ebpf/generictracer/bpf_tp_debug_x86_bpfel.o @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:cd98dd16228fbe0dcb542a57b7f1320bdf67c9975ceca3b03c245194e733c5ea -size 423840 +oid sha256:50d71afcca60eda2307e183f494020cac5ff9b089bf05185db8027296114dd25 +size 783872 diff --git a/pkg/internal/ebpf/generictracer/bpf_tp_x86_bpfel.go b/pkg/internal/ebpf/generictracer/bpf_tp_x86_bpfel.go index ec10272bb..3223ba4ae 100644 --- a/pkg/internal/ebpf/generictracer/bpf_tp_x86_bpfel.go +++ b/pkg/internal/ebpf/generictracer/bpf_tp_x86_bpfel.go @@ -105,6 +105,13 @@ type bpf_tpHttpInfoT struct { _ [4]byte } +type bpf_tpPartialConnectionInfoT struct { + S_addr [16]uint8 + S_port uint16 + D_port uint16 + TcpSeq uint32 +} + type bpf_tpPidConnectionInfoT struct { Conn bpf_tpConnectionInfoT Pid uint32 @@ -115,6 +122,21 @@ type bpf_tpPidKeyT struct { Ns uint32 } +type bpf_tpRecvArgsT struct { + SockPtr uint64 + IovecCtx [40]uint8 +} + +type bpf_tpSendArgsT struct { + P_conn bpf_tpPidConnectionInfoT + Size uint64 +} + +type bpf_tpSockArgsT struct { + Addr uint64 + AcceptTime uint64 +} + type bpf_tpSslArgsT struct { Ssl uint64 Buf uint64 @@ -216,9 +238,25 @@ type bpf_tpSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpf_tpProgramSpecs struct { + AppEgress *ebpf.ProgramSpec `ebpf:"app_egress"` + AppIngress *ebpf.ProgramSpec `ebpf:"app_ingress"` + KprobeSysExit *ebpf.ProgramSpec `ebpf:"kprobe_sys_exit"` + KprobeTcpCleanupRbuf *ebpf.ProgramSpec `ebpf:"kprobe_tcp_cleanup_rbuf"` + KprobeTcpClose *ebpf.ProgramSpec `ebpf:"kprobe_tcp_close"` + KprobeTcpConnect *ebpf.ProgramSpec `ebpf:"kprobe_tcp_connect"` + KprobeTcpRcvEstablished *ebpf.ProgramSpec `ebpf:"kprobe_tcp_rcv_established"` + KprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_recvmsg"` + KprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_sendmsg"` + KretprobeSockAlloc *ebpf.ProgramSpec `ebpf:"kretprobe_sock_alloc"` + KretprobeSysAccept4 *ebpf.ProgramSpec `ebpf:"kretprobe_sys_accept4"` + KretprobeSysClone *ebpf.ProgramSpec `ebpf:"kretprobe_sys_clone"` + KretprobeSysConnect *ebpf.ProgramSpec `ebpf:"kretprobe_sys_connect"` + KretprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_recvmsg"` + KretprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_sendmsg"` ProtocolHttp *ebpf.ProgramSpec `ebpf:"protocol_http"` ProtocolHttp2 *ebpf.ProgramSpec `ebpf:"protocol_http2"` ProtocolTcp *ebpf.ProgramSpec `ebpf:"protocol_tcp"` + SocketHttpFilter *ebpf.ProgramSpec `ebpf:"socket__http_filter"` UprobeSslDoHandshake *ebpf.ProgramSpec `ebpf:"uprobe_ssl_do_handshake"` UprobeSslRead *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read"` UprobeSslReadEx *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read_ex"` @@ -236,7 +274,12 @@ type bpf_tpProgramSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpf_tpMapSpecs struct { + ActiveAcceptArgs *ebpf.MapSpec `ebpf:"active_accept_args"` + ActiveConnectArgs *ebpf.MapSpec `ebpf:"active_connect_args"` ActiveNodejsIds *ebpf.MapSpec `ebpf:"active_nodejs_ids"` + ActiveRecvArgs *ebpf.MapSpec `ebpf:"active_recv_args"` + ActiveSendArgs *ebpf.MapSpec `ebpf:"active_send_args"` + ActiveSendSockArgs *ebpf.MapSpec `ebpf:"active_send_sock_args"` ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` @@ -262,6 +305,7 @@ type bpf_tpMapSpecs struct { ServerTraces *ebpf.MapSpec `ebpf:"server_traces"` SslToConn *ebpf.MapSpec `ebpf:"ssl_to_conn"` SslToPidTid *ebpf.MapSpec `ebpf:"ssl_to_pid_tid"` + TcpConnectionMap *ebpf.MapSpec `ebpf:"tcp_connection_map"` TcpReqMem *ebpf.MapSpec `ebpf:"tcp_req_mem"` TpCharBufMem *ebpf.MapSpec `ebpf:"tp_char_buf_mem"` TpInfoMem *ebpf.MapSpec `ebpf:"tp_info_mem"` @@ -288,7 +332,12 @@ func (o *bpf_tpObjects) Close() error { // // It can be passed to loadBpf_tpObjects or ebpf.CollectionSpec.LoadAndAssign. type bpf_tpMaps struct { + ActiveAcceptArgs *ebpf.Map `ebpf:"active_accept_args"` + ActiveConnectArgs *ebpf.Map `ebpf:"active_connect_args"` ActiveNodejsIds *ebpf.Map `ebpf:"active_nodejs_ids"` + ActiveRecvArgs *ebpf.Map `ebpf:"active_recv_args"` + ActiveSendArgs *ebpf.Map `ebpf:"active_send_args"` + ActiveSendSockArgs *ebpf.Map `ebpf:"active_send_sock_args"` ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` @@ -314,6 +363,7 @@ type bpf_tpMaps struct { ServerTraces *ebpf.Map `ebpf:"server_traces"` SslToConn *ebpf.Map `ebpf:"ssl_to_conn"` SslToPidTid *ebpf.Map `ebpf:"ssl_to_pid_tid"` + TcpConnectionMap *ebpf.Map `ebpf:"tcp_connection_map"` TcpReqMem *ebpf.Map `ebpf:"tcp_req_mem"` TpCharBufMem *ebpf.Map `ebpf:"tp_char_buf_mem"` TpInfoMem *ebpf.Map `ebpf:"tp_info_mem"` @@ -323,7 +373,12 @@ type bpf_tpMaps struct { func (m *bpf_tpMaps) Close() error { return _Bpf_tpClose( + m.ActiveAcceptArgs, + m.ActiveConnectArgs, m.ActiveNodejsIds, + m.ActiveRecvArgs, + m.ActiveSendArgs, + m.ActiveSendSockArgs, m.ActiveSslConnections, m.ActiveSslHandshakes, m.ActiveSslReadArgs, @@ -349,6 +404,7 @@ func (m *bpf_tpMaps) Close() error { m.ServerTraces, m.SslToConn, m.SslToPidTid, + m.TcpConnectionMap, m.TcpReqMem, m.TpCharBufMem, m.TpInfoMem, @@ -361,9 +417,25 @@ func (m *bpf_tpMaps) Close() error { // // It can be passed to loadBpf_tpObjects or ebpf.CollectionSpec.LoadAndAssign. type bpf_tpPrograms struct { + AppEgress *ebpf.Program `ebpf:"app_egress"` + AppIngress *ebpf.Program `ebpf:"app_ingress"` + KprobeSysExit *ebpf.Program `ebpf:"kprobe_sys_exit"` + KprobeTcpCleanupRbuf *ebpf.Program `ebpf:"kprobe_tcp_cleanup_rbuf"` + KprobeTcpClose *ebpf.Program `ebpf:"kprobe_tcp_close"` + KprobeTcpConnect *ebpf.Program `ebpf:"kprobe_tcp_connect"` + KprobeTcpRcvEstablished *ebpf.Program `ebpf:"kprobe_tcp_rcv_established"` + KprobeTcpRecvmsg *ebpf.Program `ebpf:"kprobe_tcp_recvmsg"` + KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe_tcp_sendmsg"` + KretprobeSockAlloc *ebpf.Program `ebpf:"kretprobe_sock_alloc"` + KretprobeSysAccept4 *ebpf.Program `ebpf:"kretprobe_sys_accept4"` + KretprobeSysClone *ebpf.Program `ebpf:"kretprobe_sys_clone"` + KretprobeSysConnect *ebpf.Program `ebpf:"kretprobe_sys_connect"` + KretprobeTcpRecvmsg *ebpf.Program `ebpf:"kretprobe_tcp_recvmsg"` + KretprobeTcpSendmsg *ebpf.Program `ebpf:"kretprobe_tcp_sendmsg"` ProtocolHttp *ebpf.Program `ebpf:"protocol_http"` ProtocolHttp2 *ebpf.Program `ebpf:"protocol_http2"` ProtocolTcp *ebpf.Program `ebpf:"protocol_tcp"` + SocketHttpFilter *ebpf.Program `ebpf:"socket__http_filter"` UprobeSslDoHandshake *ebpf.Program `ebpf:"uprobe_ssl_do_handshake"` UprobeSslRead *ebpf.Program `ebpf:"uprobe_ssl_read"` UprobeSslReadEx *ebpf.Program `ebpf:"uprobe_ssl_read_ex"` @@ -379,9 +451,25 @@ type bpf_tpPrograms struct { func (p *bpf_tpPrograms) Close() error { return _Bpf_tpClose( + p.AppEgress, + p.AppIngress, + p.KprobeSysExit, + p.KprobeTcpCleanupRbuf, + p.KprobeTcpClose, + p.KprobeTcpConnect, + p.KprobeTcpRcvEstablished, + p.KprobeTcpRecvmsg, + p.KprobeTcpSendmsg, + p.KretprobeSockAlloc, + p.KretprobeSysAccept4, + p.KretprobeSysClone, + p.KretprobeSysConnect, + p.KretprobeTcpRecvmsg, + p.KretprobeTcpSendmsg, p.ProtocolHttp, p.ProtocolHttp2, p.ProtocolTcp, + p.SocketHttpFilter, p.UprobeSslDoHandshake, p.UprobeSslRead, p.UprobeSslReadEx, diff --git a/pkg/internal/ebpf/generictracer/bpf_tp_x86_bpfel.o b/pkg/internal/ebpf/generictracer/bpf_tp_x86_bpfel.o index da333c1dd..2224bf838 100644 --- a/pkg/internal/ebpf/generictracer/bpf_tp_x86_bpfel.o +++ b/pkg/internal/ebpf/generictracer/bpf_tp_x86_bpfel.o @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6cf518cfa5a92e71389e56015e4661893e93f4f1eabef06be03f49689bbfe4a2 -size 263096 +oid sha256:a74af03f22e8743edc0d4e69cd4e87c0c8ba3064a9295a187529100ae5cf9b13 +size 494992 diff --git a/pkg/internal/ebpf/generictracer/bpf_x86_bpfel.go b/pkg/internal/ebpf/generictracer/bpf_x86_bpfel.go index 91f687b2c..36fb543be 100644 --- a/pkg/internal/ebpf/generictracer/bpf_x86_bpfel.go +++ b/pkg/internal/ebpf/generictracer/bpf_x86_bpfel.go @@ -105,6 +105,13 @@ type bpfHttpInfoT struct { _ [4]byte } +type bpfPartialConnectionInfoT struct { + S_addr [16]uint8 + S_port uint16 + D_port uint16 + TcpSeq uint32 +} + type bpfPidConnectionInfoT struct { Conn bpfConnectionInfoT Pid uint32 @@ -115,6 +122,21 @@ type bpfPidKeyT struct { Ns uint32 } +type bpfRecvArgsT struct { + SockPtr uint64 + IovecCtx [40]uint8 +} + +type bpfSendArgsT struct { + P_conn bpfPidConnectionInfoT + Size uint64 +} + +type bpfSockArgsT struct { + Addr uint64 + AcceptTime uint64 +} + type bpfSslArgsT struct { Ssl uint64 Buf uint64 @@ -216,9 +238,25 @@ type bpfSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpfProgramSpecs struct { + AppEgress *ebpf.ProgramSpec `ebpf:"app_egress"` + AppIngress *ebpf.ProgramSpec `ebpf:"app_ingress"` + KprobeSysExit *ebpf.ProgramSpec `ebpf:"kprobe_sys_exit"` + KprobeTcpCleanupRbuf *ebpf.ProgramSpec `ebpf:"kprobe_tcp_cleanup_rbuf"` + KprobeTcpClose *ebpf.ProgramSpec `ebpf:"kprobe_tcp_close"` + KprobeTcpConnect *ebpf.ProgramSpec `ebpf:"kprobe_tcp_connect"` + KprobeTcpRcvEstablished *ebpf.ProgramSpec `ebpf:"kprobe_tcp_rcv_established"` + KprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_recvmsg"` + KprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_sendmsg"` + KretprobeSockAlloc *ebpf.ProgramSpec `ebpf:"kretprobe_sock_alloc"` + KretprobeSysAccept4 *ebpf.ProgramSpec `ebpf:"kretprobe_sys_accept4"` + KretprobeSysClone *ebpf.ProgramSpec `ebpf:"kretprobe_sys_clone"` + KretprobeSysConnect *ebpf.ProgramSpec `ebpf:"kretprobe_sys_connect"` + KretprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_recvmsg"` + KretprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_sendmsg"` ProtocolHttp *ebpf.ProgramSpec `ebpf:"protocol_http"` ProtocolHttp2 *ebpf.ProgramSpec `ebpf:"protocol_http2"` ProtocolTcp *ebpf.ProgramSpec `ebpf:"protocol_tcp"` + SocketHttpFilter *ebpf.ProgramSpec `ebpf:"socket__http_filter"` UprobeSslDoHandshake *ebpf.ProgramSpec `ebpf:"uprobe_ssl_do_handshake"` UprobeSslRead *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read"` UprobeSslReadEx *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read_ex"` @@ -236,7 +274,12 @@ type bpfProgramSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpfMapSpecs struct { + ActiveAcceptArgs *ebpf.MapSpec `ebpf:"active_accept_args"` + ActiveConnectArgs *ebpf.MapSpec `ebpf:"active_connect_args"` ActiveNodejsIds *ebpf.MapSpec `ebpf:"active_nodejs_ids"` + ActiveRecvArgs *ebpf.MapSpec `ebpf:"active_recv_args"` + ActiveSendArgs *ebpf.MapSpec `ebpf:"active_send_args"` + ActiveSendSockArgs *ebpf.MapSpec `ebpf:"active_send_sock_args"` ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` @@ -262,6 +305,7 @@ type bpfMapSpecs struct { ServerTraces *ebpf.MapSpec `ebpf:"server_traces"` SslToConn *ebpf.MapSpec `ebpf:"ssl_to_conn"` SslToPidTid *ebpf.MapSpec `ebpf:"ssl_to_pid_tid"` + TcpConnectionMap *ebpf.MapSpec `ebpf:"tcp_connection_map"` TcpReqMem *ebpf.MapSpec `ebpf:"tcp_req_mem"` TpCharBufMem *ebpf.MapSpec `ebpf:"tp_char_buf_mem"` TpInfoMem *ebpf.MapSpec `ebpf:"tp_info_mem"` @@ -288,7 +332,12 @@ func (o *bpfObjects) Close() error { // // It can be passed to loadBpfObjects or ebpf.CollectionSpec.LoadAndAssign. type bpfMaps struct { + ActiveAcceptArgs *ebpf.Map `ebpf:"active_accept_args"` + ActiveConnectArgs *ebpf.Map `ebpf:"active_connect_args"` ActiveNodejsIds *ebpf.Map `ebpf:"active_nodejs_ids"` + ActiveRecvArgs *ebpf.Map `ebpf:"active_recv_args"` + ActiveSendArgs *ebpf.Map `ebpf:"active_send_args"` + ActiveSendSockArgs *ebpf.Map `ebpf:"active_send_sock_args"` ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` @@ -314,6 +363,7 @@ type bpfMaps struct { ServerTraces *ebpf.Map `ebpf:"server_traces"` SslToConn *ebpf.Map `ebpf:"ssl_to_conn"` SslToPidTid *ebpf.Map `ebpf:"ssl_to_pid_tid"` + TcpConnectionMap *ebpf.Map `ebpf:"tcp_connection_map"` TcpReqMem *ebpf.Map `ebpf:"tcp_req_mem"` TpCharBufMem *ebpf.Map `ebpf:"tp_char_buf_mem"` TpInfoMem *ebpf.Map `ebpf:"tp_info_mem"` @@ -323,7 +373,12 @@ type bpfMaps struct { func (m *bpfMaps) Close() error { return _BpfClose( + m.ActiveAcceptArgs, + m.ActiveConnectArgs, m.ActiveNodejsIds, + m.ActiveRecvArgs, + m.ActiveSendArgs, + m.ActiveSendSockArgs, m.ActiveSslConnections, m.ActiveSslHandshakes, m.ActiveSslReadArgs, @@ -349,6 +404,7 @@ func (m *bpfMaps) Close() error { m.ServerTraces, m.SslToConn, m.SslToPidTid, + m.TcpConnectionMap, m.TcpReqMem, m.TpCharBufMem, m.TpInfoMem, @@ -361,9 +417,25 @@ func (m *bpfMaps) Close() error { // // It can be passed to loadBpfObjects or ebpf.CollectionSpec.LoadAndAssign. type bpfPrograms struct { + AppEgress *ebpf.Program `ebpf:"app_egress"` + AppIngress *ebpf.Program `ebpf:"app_ingress"` + KprobeSysExit *ebpf.Program `ebpf:"kprobe_sys_exit"` + KprobeTcpCleanupRbuf *ebpf.Program `ebpf:"kprobe_tcp_cleanup_rbuf"` + KprobeTcpClose *ebpf.Program `ebpf:"kprobe_tcp_close"` + KprobeTcpConnect *ebpf.Program `ebpf:"kprobe_tcp_connect"` + KprobeTcpRcvEstablished *ebpf.Program `ebpf:"kprobe_tcp_rcv_established"` + KprobeTcpRecvmsg *ebpf.Program `ebpf:"kprobe_tcp_recvmsg"` + KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe_tcp_sendmsg"` + KretprobeSockAlloc *ebpf.Program `ebpf:"kretprobe_sock_alloc"` + KretprobeSysAccept4 *ebpf.Program `ebpf:"kretprobe_sys_accept4"` + KretprobeSysClone *ebpf.Program `ebpf:"kretprobe_sys_clone"` + KretprobeSysConnect *ebpf.Program `ebpf:"kretprobe_sys_connect"` + KretprobeTcpRecvmsg *ebpf.Program `ebpf:"kretprobe_tcp_recvmsg"` + KretprobeTcpSendmsg *ebpf.Program `ebpf:"kretprobe_tcp_sendmsg"` ProtocolHttp *ebpf.Program `ebpf:"protocol_http"` ProtocolHttp2 *ebpf.Program `ebpf:"protocol_http2"` ProtocolTcp *ebpf.Program `ebpf:"protocol_tcp"` + SocketHttpFilter *ebpf.Program `ebpf:"socket__http_filter"` UprobeSslDoHandshake *ebpf.Program `ebpf:"uprobe_ssl_do_handshake"` UprobeSslRead *ebpf.Program `ebpf:"uprobe_ssl_read"` UprobeSslReadEx *ebpf.Program `ebpf:"uprobe_ssl_read_ex"` @@ -379,9 +451,25 @@ type bpfPrograms struct { func (p *bpfPrograms) Close() error { return _BpfClose( + p.AppEgress, + p.AppIngress, + p.KprobeSysExit, + p.KprobeTcpCleanupRbuf, + p.KprobeTcpClose, + p.KprobeTcpConnect, + p.KprobeTcpRcvEstablished, + p.KprobeTcpRecvmsg, + p.KprobeTcpSendmsg, + p.KretprobeSockAlloc, + p.KretprobeSysAccept4, + p.KretprobeSysClone, + p.KretprobeSysConnect, + p.KretprobeTcpRecvmsg, + p.KretprobeTcpSendmsg, p.ProtocolHttp, p.ProtocolHttp2, p.ProtocolTcp, + p.SocketHttpFilter, p.UprobeSslDoHandshake, p.UprobeSslRead, p.UprobeSslReadEx, diff --git a/pkg/internal/ebpf/generictracer/bpf_x86_bpfel.o b/pkg/internal/ebpf/generictracer/bpf_x86_bpfel.o index 712e6b02f..30c9aab94 100644 --- a/pkg/internal/ebpf/generictracer/bpf_x86_bpfel.o +++ b/pkg/internal/ebpf/generictracer/bpf_x86_bpfel.o @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:17d95a989574f1d782a2d61626e3bd2ab5683405fa71e67647b9e666565d2e4f -size 248520 +oid sha256:be7c00627d2ababfdfba1c6865a929de9c68e30304b43b9795310128f802f59d +size 480440 diff --git a/pkg/internal/ebpf/generictracer/generictracer.go b/pkg/internal/ebpf/generictracer/generictracer.go index 406c290a6..678df8d1c 100644 --- a/pkg/internal/ebpf/generictracer/generictracer.go +++ b/pkg/internal/ebpf/generictracer/generictracer.go @@ -2,19 +2,27 @@ package generictracer import ( "context" + "errors" + "fmt" "io" + "io/fs" "log/slog" "sync" + "time" + "unsafe" "github.com/cilium/ebpf" - + "github.com/gavv/monotime" "github.com/grafana/beyla/pkg/beyla" ebpfcommon "github.com/grafana/beyla/pkg/internal/ebpf/common" "github.com/grafana/beyla/pkg/internal/exec" "github.com/grafana/beyla/pkg/internal/goexec" "github.com/grafana/beyla/pkg/internal/imetrics" + "github.com/grafana/beyla/pkg/internal/netolly/ifaces" "github.com/grafana/beyla/pkg/internal/request" "github.com/grafana/beyla/pkg/internal/svc" + "github.com/vishvananda/netlink" + "golang.org/x/sys/unix" ) //go:generate $BPF2GO -cc $BPF_CLANG -cflags $BPF_CFLAGS -target amd64,arm64 bpf ../../../../bpf/generic_tracer.c -- -I../../../../bpf/headers @@ -27,30 +35,89 @@ var instrumentedLibs = make(map[uint64]bool) var libsMux sync.Mutex type Tracer struct { - pidsFilter ebpfcommon.ServiceFilter - cfg *beyla.Config - metrics imetrics.Reporter - bpfObjects bpfObjects - closers []io.Closer - log *slog.Logger + pidsFilter ebpfcommon.ServiceFilter + cfg *beyla.Config + metrics imetrics.Reporter + bpfObjects bpfObjects + closers []io.Closer + log *slog.Logger + qdiscs map[ifaces.Interface]*netlink.GenericQdisc + egressFilters map[ifaces.Interface]*netlink.BpfFilter + ingressFilters map[ifaces.Interface]*netlink.BpfFilter } func New(cfg *beyla.Config, metrics imetrics.Reporter) *Tracer { - log := slog.With("component", "httpssl.Tracer") + log := slog.With("component", "generic.Tracer") return &Tracer{ - log: log, - cfg: cfg, - metrics: metrics, - pidsFilter: ebpfcommon.CommonPIDsFilter(&cfg.Discovery), + log: log, + cfg: cfg, + metrics: metrics, + pidsFilter: ebpfcommon.CommonPIDsFilter(&cfg.Discovery), + qdiscs: map[ifaces.Interface]*netlink.GenericQdisc{}, + egressFilters: map[ifaces.Interface]*netlink.BpfFilter{}, + ingressFilters: map[ifaces.Interface]*netlink.BpfFilter{}, + } +} + +// Updating these requires updating the constants below in pid.h +// #define MAX_CONCURRENT_PIDS 3001 // estimate: 1000 concurrent processes (including children) * 3 namespaces per pid +// #define PRIME_HASH 192053 // closest prime to 3001 * 64 +const ( + maxConcurrentPids = 3001 + primeHash = 192053 +) + +func pidSegmentBit(k uint64) (uint32, uint32) { + h := uint32(k % primeHash) + segment := h / 64 + bit := h & 63 + + return segment, bit +} + +func (p *Tracer) buildPidFilter() []uint64 { + result := make([]uint64, maxConcurrentPids) + for nsid, pids := range p.pidsFilter.CurrentPIDs(ebpfcommon.PIDTypeKProbes) { + for pid := range pids { + // skip any pids that might've been added, but are not tracked by the kprobes + p.log.Debug("Reallowing pid", "pid", pid, "namespace", nsid) + + k := uint64((uint64(nsid) << 32) | uint64(pid)) + + segment, bit := pidSegmentBit(k) + + v := result[segment] + v |= (1 << bit) + result[segment] = v + } + } + + return result +} + +func (p *Tracer) rebuildValidPids() { + if p.bpfObjects.ValidPids != nil { + v := p.buildPidFilter() + + p.log.Debug("number of segments in pid filter cache", "len", len(v)) + + for i, segment := range v { + err := p.bpfObjects.ValidPids.Put(uint32(i), uint64(segment)) + if err != nil { + p.log.Error("Error setting up pid in BPF space, sizes of Go and BPF maps don't match", "error", err, "i", i) + } + } } } func (p *Tracer) AllowPID(pid, ns uint32, svc *svc.ID) { p.pidsFilter.AllowPID(pid, ns, svc, ebpfcommon.PIDTypeKProbes) + p.rebuildValidPids() } func (p *Tracer) BlockPID(pid, ns uint32) { p.pidsFilter.BlockPID(pid, ns) + p.rebuildValidPids() } func (p *Tracer) Load() (*ebpf.CollectionSpec, error) { @@ -140,7 +207,66 @@ func (p *Tracer) GoProbes() map[string][]ebpfcommon.FunctionPrograms { } func (p *Tracer) KProbes() map[string]ebpfcommon.FunctionPrograms { - return nil + return map[string]ebpfcommon.FunctionPrograms{ + // Both sys accept probes use the same kretprobe. + // We could tap into __sys_accept4, but we might be more prone to + // issues with the internal kernel code changing. + "sys_accept": { + Required: true, + End: p.bpfObjects.KretprobeSysAccept4, + }, + "sys_accept4": { + Required: true, + End: p.bpfObjects.KretprobeSysAccept4, + }, + "sock_alloc": { + Required: true, + End: p.bpfObjects.KretprobeSockAlloc, + }, + "tcp_rcv_established": { + Required: true, + Start: p.bpfObjects.KprobeTcpRcvEstablished, + }, + // Tracking of HTTP client calls, by tapping into connect + "sys_connect": { + Required: true, + End: p.bpfObjects.KretprobeSysConnect, + }, + "tcp_connect": { + Required: true, + Start: p.bpfObjects.KprobeTcpConnect, + }, + "tcp_close": { + Required: true, + Start: p.bpfObjects.KprobeTcpClose, + }, + "tcp_sendmsg": { + Required: true, + Start: p.bpfObjects.KprobeTcpSendmsg, + End: p.bpfObjects.KretprobeTcpSendmsg, + }, + // Reading more than 160 bytes + "tcp_recvmsg": { + Required: true, + Start: p.bpfObjects.KprobeTcpRecvmsg, + End: p.bpfObjects.KretprobeTcpRecvmsg, + }, + "tcp_cleanup_rbuf": { + Start: p.bpfObjects.KprobeTcpCleanupRbuf, // this kprobe runs the same code as recvmsg return, we use it because kretprobes can be unreliable. + }, + "sys_clone": { + Required: true, + End: p.bpfObjects.KretprobeSysClone, + }, + "sys_clone3": { + Required: false, + End: p.bpfObjects.KretprobeSysClone, + }, + "sys_exit": { + Required: true, + Start: p.bpfObjects.KprobeSysExit, + }, + } } func (p *Tracer) Tracepoints() map[string]ebpfcommon.FunctionPrograms { @@ -202,13 +328,288 @@ func (p *Tracer) AlreadyInstrumentedLib(id uint64) bool { return ok } -func (p *Tracer) SetupTC() {} +func (p *Tracer) SetupTC() { + if !p.cfg.EBPF.UseLinuxTC { + return + } + + informer := ifaces.NewWatcher(p.cfg.ChannelBufferLen) + registerer := ifaces.NewRegisterer(informer, p.cfg.ChannelBufferLen) + ctx := context.Background() + + p.log.Debug("subscribing for network interface events") + ifaceEvents, err := registerer.Subscribe(ctx) + if err != nil { + p.log.Error("instantiating interfaces' informer", "error", err) + return + } + + go func() { + for { + select { + case <-ctx.Done(): + slog.Debug("stopping interfaces' listener") + return + case event := <-ifaceEvents: + slog.Debug("received event", "event", event) + switch event.Type { + case ifaces.EventAdded: + p.registerTC(event.Interface) + case ifaces.EventDeleted: + // qdiscs, ingress and egress filters are automatically deleted so we don't need to + // specifically detach them from the ebpfFetcher + default: + slog.Warn("unknown event type", "event", event) + } + } + } + }() +} func (p *Tracer) Run(ctx context.Context, eventsChan chan<- []request.Span) { + // At this point we now have loaded the bpf objects, which means we should insert any + // pids that are allowed into the bpf map + if p.bpfObjects.ValidPids != nil { + p.rebuildValidPids() + } else { + p.log.Error("BPF Pids map is not created yet, this is a bug.") + } + + timeoutTicker := time.NewTicker(2 * time.Second) + + go p.watchForMisclassifedEvents() + go p.lookForTimeouts(timeoutTicker, eventsChan) + defer timeoutTicker.Stop() + ebpfcommon.SharedRingbuf( &p.cfg.EBPF, p.pidsFilter, p.bpfObjects.Events, p.metrics, )(ctx, append(p.closers, &p.bpfObjects), eventsChan) + + p.closeTC() +} + +func kernelTime(ktime uint64) time.Time { + now := time.Now() + delta := monotime.Now() - time.Duration(int64(ktime)) + + return now.Add(-delta) +} + +//nolint:cyclop +func (p *Tracer) lookForTimeouts(ticker *time.Ticker, eventsChan chan<- []request.Span) { + for t := range ticker.C { + if p.bpfObjects.OngoingHttp != nil { + i := p.bpfObjects.OngoingHttp.Iterate() + var k bpfPidConnectionInfoT + var v bpfHttpInfoT + for i.Next(&k, &v) { + // Check if we have a lingering request which we've completed, as in it has EndMonotimeNs + // but it hasn't been posted yet, likely missed by the logic that looks at finishing requests + // where we track the full response. If we haven't updated the EndMonotimeNs in more than some + // short interval, we are likely not going to finish this request from eBPF, so let's do it here. + if v.EndMonotimeNs != 0 && t.After(kernelTime(v.EndMonotimeNs).Add(2*time.Second)) { + // Must use unsafe here, the two bpfHttpInfoTs are the same but generated from different + // ebpf2go outputs + s, ignore, err := ebpfcommon.HTTPInfoEventToSpan(*(*ebpfcommon.BPFHTTPInfo)(unsafe.Pointer(&v))) + if !ignore && err == nil { + eventsChan <- p.pidsFilter.Filter([]request.Span{s}) + } + if err := p.bpfObjects.OngoingHttp.Delete(k); err != nil { + p.log.Debug("Error deleting ongoing request", "error", err) + } + } else if v.EndMonotimeNs == 0 && p.cfg.EBPF.HTTPRequestTimeout.Milliseconds() > 0 && t.After(kernelTime(v.StartMonotimeNs).Add(p.cfg.EBPF.HTTPRequestTimeout)) { + // If we don't have a request finish with endTime by the configured request timeout, terminate the + // waiting request with a timeout 408 + s, ignore, err := ebpfcommon.HTTPInfoEventToSpan(*(*ebpfcommon.BPFHTTPInfo)(unsafe.Pointer(&v))) + + if !ignore && err == nil { + s.Status = 408 // timeout + if s.RequestStart == 0 { + s.RequestStart = s.Start + } + s.End = s.Start + p.cfg.EBPF.HTTPRequestTimeout.Nanoseconds() + + eventsChan <- p.pidsFilter.Filter([]request.Span{s}) + } + if err := p.bpfObjects.OngoingHttp.Delete(k); err != nil { + p.log.Debug("Error deleting ongoing request", "error", err) + } + } + } + } + } +} + +func (p *Tracer) watchForMisclassifedEvents() { + for e := range ebpfcommon.MisclassifiedEvents { + if e.EventType == ebpfcommon.EventTypeKHTTP2 { + if p.bpfObjects.OngoingHttp2Connections != nil { + err := p.bpfObjects.OngoingHttp2Connections.Put( + &bpfPidConnectionInfoT{Conn: bpfConnectionInfoT(e.TCPInfo.ConnInfo), Pid: e.TCPInfo.Pid.HostPid}, + uint8(e.TCPInfo.Ssl), + ) + if err != nil { + p.log.Debug("error writing HTTP2/gRPC connection info", "error", err) + } + } + } + } +} + +func (p *Tracer) registerTC(iface ifaces.Interface) { + // Load pre-compiled programs and maps into the kernel, and rewrites the configuration + ipvlan, err := netlink.LinkByIndex(iface.Index) + if err != nil { + p.log.Error("failed to lookup ipvlan device", "index", iface.Index, "name", iface.Name, "error", err) + return + } + qdiscAttrs := netlink.QdiscAttrs{ + LinkIndex: ipvlan.Attrs().Index, + Handle: netlink.MakeHandle(0xffff, 0), + Parent: netlink.HANDLE_CLSACT, + } + qdisc := &netlink.GenericQdisc{ + QdiscAttrs: qdiscAttrs, + QdiscType: "clsact", + } + if err := netlink.QdiscDel(qdisc); err == nil { + p.log.Warn("qdisc clsact already existed. Deleted it") + } + if err := netlink.QdiscAdd(qdisc); err != nil { + if errors.Is(err, fs.ErrExist) { + p.log.Warn("qdisc clsact already exists. Ignoring", "error", err) + } else { + p.log.Error("failed to create clsact qdisc on", "index", iface.Index, "name", iface.Name, "error", err) + return + } + } + p.qdiscs[iface] = qdisc + + if err := p.registerEgress(iface, ipvlan); err != nil { + p.log.Error("failed to install egress filters", "error", err) + } + + if err := p.registerIngress(iface, ipvlan); err != nil { + p.log.Error("failed to install ingres filters", "error", err) + } +} + +func (p *Tracer) registerEgress(iface ifaces.Interface, ipvlan netlink.Link) error { + // Fetch events on egress + egressAttrs := netlink.FilterAttrs{ + LinkIndex: ipvlan.Attrs().Index, + Parent: netlink.HANDLE_MIN_EGRESS, + Handle: netlink.MakeHandle(0, 1), + Protocol: 3, + Priority: 1, + } + egressFilter := &netlink.BpfFilter{ + FilterAttrs: egressAttrs, + Fd: p.bpfObjects.AppEgress.FD(), + Name: "tc/app_tc_egress", + DirectAction: true, + } + if err := netlink.FilterDel(egressFilter); err == nil { + p.log.Warn("egress filter already existed. Deleted it") + } + if err := netlink.FilterAdd(egressFilter); err != nil { + if errors.Is(err, fs.ErrExist) { + p.log.Warn("egress filter already exists. Ignoring", "error", err) + } else { + return fmt.Errorf("failed to create egress filter: %w", err) + } + } + + p.egressFilters[iface] = egressFilter + return nil +} + +func (p *Tracer) registerIngress(iface ifaces.Interface, ipvlan netlink.Link) error { + // Fetch events on ingress + ingressAttrs := netlink.FilterAttrs{ + LinkIndex: ipvlan.Attrs().Index, + Parent: netlink.HANDLE_MIN_INGRESS, + Handle: netlink.MakeHandle(0, 1), + Protocol: unix.ETH_P_ALL, + Priority: 1, + } + ingressFilter := &netlink.BpfFilter{ + FilterAttrs: ingressAttrs, + Fd: p.bpfObjects.AppIngress.FD(), + Name: "tc/app_tc_ingress", + DirectAction: true, + } + if err := netlink.FilterDel(ingressFilter); err == nil { + p.log.Warn("ingress filter already existed. Deleted it") + } + if err := netlink.FilterAdd(ingressFilter); err != nil { + if errors.Is(err, fs.ErrExist) { + p.log.Warn("ingress filter already exists. Ignoring", "error", err) + } else { + return fmt.Errorf("failed to create ingress filter: %w", err) + } + } + + p.ingressFilters[iface] = ingressFilter + return nil +} + +func (p *Tracer) closeTC() { + p.log.Info("removing traffic control probes") + + p.bpfObjects.AppEgress.Close() + p.bpfObjects.AppIngress.Close() + + // cleanup egress + for iface, ef := range p.egressFilters { + p.log.Debug("deleting egress filter", "interface", iface) + if err := doIgnoreNoDev(netlink.FilterDel, netlink.Filter(ef)); err != nil { + p.log.Error("deleting egress filter", "error", err) + } + } + p.egressFilters = map[ifaces.Interface]*netlink.BpfFilter{} + + // cleanup ingress + for iface, igf := range p.ingressFilters { + p.log.Debug("deleting ingress filter", "interface", iface) + if err := doIgnoreNoDev(netlink.FilterDel, netlink.Filter(igf)); err != nil { + p.log.Error("deleting ingress filter", "error", err) + } + } + p.ingressFilters = map[ifaces.Interface]*netlink.BpfFilter{} + + // cleanup qdiscs + for iface, qd := range p.qdiscs { + p.log.Debug("deleting Qdisc", "interface", iface) + if err := doIgnoreNoDev(netlink.QdiscDel, netlink.Qdisc(qd)); err != nil { + p.log.Error("deleting qdisc", "error", err) + } + } + p.qdiscs = map[ifaces.Interface]*netlink.GenericQdisc{} +} + +// doIgnoreNoDev runs the provided syscall over the provided device and ignores the error +// if the cause is a non-existing device (just logs the error as debug). +// If the agent is deployed as part of the Network Metrics pipeline, normally +// undeploying the FlowCollector could cause the agent to try to remove resources +// from Pods that have been removed immediately before (e.g. flowlogs-pipeline or the +// console plugin), so we avoid logging some errors that would unnecessarily raise the +// user's attention. +// This function uses generics because the set of provided functions accept different argument +// types. +func doIgnoreNoDev[T any](sysCall func(T) error, dev T) error { + if err := sysCall(dev); err != nil { + if errors.Is(err, unix.ENODEV) { + slog.Error("can't delete. Ignore this error if other pods or interfaces "+ + " are also being deleted at this moment. For example, if you are undeploying "+ + " a FlowCollector or Deployment where this agent is part of", + "error", err) + } else { + return err + } + } + return nil } diff --git a/pkg/internal/ebpf/ktracer/ktracer_notlinux.go b/pkg/internal/ebpf/generictracer/generictracer_notlinux.go similarity index 98% rename from pkg/internal/ebpf/ktracer/ktracer_notlinux.go rename to pkg/internal/ebpf/generictracer/generictracer_notlinux.go index 2b081ef49..ecbbf72d8 100644 --- a/pkg/internal/ebpf/ktracer/ktracer_notlinux.go +++ b/pkg/internal/ebpf/generictracer/generictracer_notlinux.go @@ -2,7 +2,7 @@ // this file is emptied on purpose to allow Beyla compiling in non-linux environments -package ktracer +package generictracer import ( "context" diff --git a/pkg/internal/ebpf/ktracer/ktracer_test.go b/pkg/internal/ebpf/generictracer/generictracer_test.go similarity index 95% rename from pkg/internal/ebpf/ktracer/ktracer_test.go rename to pkg/internal/ebpf/generictracer/generictracer_test.go index 8c0466e47..533c2f068 100644 --- a/pkg/internal/ebpf/ktracer/ktracer_test.go +++ b/pkg/internal/ebpf/generictracer/generictracer_test.go @@ -1,6 +1,6 @@ //go:build linux -package ktracer +package generictracer import ( "testing" diff --git a/pkg/internal/ebpf/ktracer/bpf_arm64_bpfel.go b/pkg/internal/ebpf/ktracer/bpf_arm64_bpfel.go deleted file mode 100644 index 345746212..000000000 --- a/pkg/internal/ebpf/ktracer/bpf_arm64_bpfel.go +++ /dev/null @@ -1,499 +0,0 @@ -// Code generated by bpf2go; DO NOT EDIT. -//go:build arm64 - -package ktracer - -import ( - "bytes" - _ "embed" - "fmt" - "io" - - "github.com/cilium/ebpf" -) - -type bpfCallProtocolArgsT struct { - PidConn bpfPidConnectionInfoT - SmallBuf [24]uint8 - U_buf uint64 - BytesLen int32 - Ssl uint8 - Direction uint8 - OrigDport uint16 - PacketType uint8 - _ [7]byte -} - -type bpfConnectionInfoT struct { - S_addr [16]uint8 - D_addr [16]uint8 - S_port uint16 - D_port uint16 -} - -type bpfHttp2ConnStreamT struct { - PidConn bpfPidConnectionInfoT - StreamId uint32 -} - -type bpfHttp2GrpcRequestT struct { - Flags uint8 - _ [1]byte - ConnInfo bpfConnectionInfoT - Data [256]uint8 - RetData [64]uint8 - Type uint8 - _ [1]byte - Len int32 - _ [4]byte - StartMonotimeNs uint64 - EndMonotimeNs uint64 - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - Ssl uint8 - _ [3]byte - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } -} - -type bpfHttpConnectionMetadataT struct { - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - Type uint8 -} - -type bpfHttpInfoT struct { - Flags uint8 - _ [1]byte - ConnInfo bpfConnectionInfoT - _ [2]byte - StartMonotimeNs uint64 - EndMonotimeNs uint64 - Buf [192]uint8 - Len uint32 - RespLen uint32 - Status uint16 - Type uint8 - Ssl uint8 - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } - ExtraId uint64 - TaskTid uint32 - _ [4]byte -} - -type bpfPartialConnectionInfoT struct { - S_addr [16]uint8 - S_port uint16 - D_port uint16 - TcpSeq uint32 -} - -type bpfPidConnectionInfoT struct { - Conn bpfConnectionInfoT - Pid uint32 -} - -type bpfPidKeyT struct { - Pid uint32 - Ns uint32 -} - -type bpfRecvArgsT struct { - SockPtr uint64 - IovecCtx [40]uint8 -} - -type bpfSendArgsT struct { - P_conn bpfPidConnectionInfoT - Size uint64 -} - -type bpfSockArgsT struct { - Addr uint64 - AcceptTime uint64 -} - -type bpfSslArgsT struct { - Ssl uint64 - Buf uint64 - LenPtr uint64 -} - -type bpfSslPidConnectionInfoT struct { - P_conn bpfPidConnectionInfoT - OrigDport uint16 - _ [2]byte -} - -type bpfTcpReqT struct { - Flags uint8 - _ [1]byte - ConnInfo bpfConnectionInfoT - _ [2]byte - StartMonotimeNs uint64 - EndMonotimeNs uint64 - Buf [256]uint8 - Rbuf [128]uint8 - Len uint32 - RespLen uint32 - Ssl uint8 - Direction uint8 - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - _ [2]byte - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } -} - -type bpfTpInfoPidT struct { - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } - Pid uint32 - Valid uint8 - _ [3]byte -} - -type bpfTraceKeyT struct { - P_key bpfPidKeyT - ExtraId uint64 -} - -// loadBpf returns the embedded CollectionSpec for bpf. -func loadBpf() (*ebpf.CollectionSpec, error) { - reader := bytes.NewReader(_BpfBytes) - spec, err := ebpf.LoadCollectionSpecFromReader(reader) - if err != nil { - return nil, fmt.Errorf("can't load bpf: %w", err) - } - - return spec, err -} - -// loadBpfObjects loads bpf and converts it into a struct. -// -// The following types are suitable as obj argument: -// -// *bpfObjects -// *bpfPrograms -// *bpfMaps -// -// See ebpf.CollectionSpec.LoadAndAssign documentation for details. -func loadBpfObjects(obj interface{}, opts *ebpf.CollectionOptions) error { - spec, err := loadBpf() - if err != nil { - return err - } - - return spec.LoadAndAssign(obj, opts) -} - -// bpfSpecs contains maps and programs before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpfSpecs struct { - bpfProgramSpecs - bpfMapSpecs -} - -// bpfSpecs contains programs before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpfProgramSpecs struct { - AppEgress *ebpf.ProgramSpec `ebpf:"app_egress"` - AppIngress *ebpf.ProgramSpec `ebpf:"app_ingress"` - KprobeSysExit *ebpf.ProgramSpec `ebpf:"kprobe_sys_exit"` - KprobeTcpCleanupRbuf *ebpf.ProgramSpec `ebpf:"kprobe_tcp_cleanup_rbuf"` - KprobeTcpClose *ebpf.ProgramSpec `ebpf:"kprobe_tcp_close"` - KprobeTcpConnect *ebpf.ProgramSpec `ebpf:"kprobe_tcp_connect"` - KprobeTcpRcvEstablished *ebpf.ProgramSpec `ebpf:"kprobe_tcp_rcv_established"` - KprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_recvmsg"` - KprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_sendmsg"` - KretprobeSockAlloc *ebpf.ProgramSpec `ebpf:"kretprobe_sock_alloc"` - KretprobeSysAccept4 *ebpf.ProgramSpec `ebpf:"kretprobe_sys_accept4"` - KretprobeSysClone *ebpf.ProgramSpec `ebpf:"kretprobe_sys_clone"` - KretprobeSysConnect *ebpf.ProgramSpec `ebpf:"kretprobe_sys_connect"` - KretprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_recvmsg"` - KretprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_sendmsg"` - ProtocolHttp *ebpf.ProgramSpec `ebpf:"protocol_http"` - ProtocolHttp2 *ebpf.ProgramSpec `ebpf:"protocol_http2"` - ProtocolTcp *ebpf.ProgramSpec `ebpf:"protocol_tcp"` - SocketHttpFilter *ebpf.ProgramSpec `ebpf:"socket__http_filter"` - UprobeSslDoHandshake *ebpf.ProgramSpec `ebpf:"uprobe_ssl_do_handshake"` - UprobeSslRead *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read"` - UprobeSslReadEx *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read_ex"` - UprobeSslShutdown *ebpf.ProgramSpec `ebpf:"uprobe_ssl_shutdown"` - UprobeSslWrite *ebpf.ProgramSpec `ebpf:"uprobe_ssl_write"` - UprobeSslWriteEx *ebpf.ProgramSpec `ebpf:"uprobe_ssl_write_ex"` - UretprobeSslDoHandshake *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_do_handshake"` - UretprobeSslRead *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_read"` - UretprobeSslReadEx *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_read_ex"` - UretprobeSslWrite *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_write"` - UretprobeSslWriteEx *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_write_ex"` -} - -// bpfMapSpecs contains maps before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpfMapSpecs struct { - ActiveAcceptArgs *ebpf.MapSpec `ebpf:"active_accept_args"` - ActiveConnectArgs *ebpf.MapSpec `ebpf:"active_connect_args"` - ActiveNodejsIds *ebpf.MapSpec `ebpf:"active_nodejs_ids"` - ActiveRecvArgs *ebpf.MapSpec `ebpf:"active_recv_args"` - ActiveSendArgs *ebpf.MapSpec `ebpf:"active_send_args"` - ActiveSendSockArgs *ebpf.MapSpec `ebpf:"active_send_sock_args"` - ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` - ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` - ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` - ActiveSslWriteArgs *ebpf.MapSpec `ebpf:"active_ssl_write_args"` - CloneMap *ebpf.MapSpec `ebpf:"clone_map"` - ConnectionMetaMem *ebpf.MapSpec `ebpf:"connection_meta_mem"` - Events *ebpf.MapSpec `ebpf:"events"` - Http2InfoMem *ebpf.MapSpec `ebpf:"http2_info_mem"` - HttpInfoMem *ebpf.MapSpec `ebpf:"http_info_mem"` - IncomingTraceMap *ebpf.MapSpec `ebpf:"incoming_trace_map"` - IovecMem *ebpf.MapSpec `ebpf:"iovec_mem"` - JumpTable *ebpf.MapSpec `ebpf:"jump_table"` - NodejsParentMap *ebpf.MapSpec `ebpf:"nodejs_parent_map"` - OngoingHttp *ebpf.MapSpec `ebpf:"ongoing_http"` - OngoingHttp2Connections *ebpf.MapSpec `ebpf:"ongoing_http2_connections"` - OngoingHttp2Grpc *ebpf.MapSpec `ebpf:"ongoing_http2_grpc"` - OngoingHttpFallback *ebpf.MapSpec `ebpf:"ongoing_http_fallback"` - OngoingTcpReq *ebpf.MapSpec `ebpf:"ongoing_tcp_req"` - OutgoingTraceMap *ebpf.MapSpec `ebpf:"outgoing_trace_map"` - PidCache *ebpf.MapSpec `ebpf:"pid_cache"` - PidTidToConn *ebpf.MapSpec `ebpf:"pid_tid_to_conn"` - ProtocolArgsMem *ebpf.MapSpec `ebpf:"protocol_args_mem"` - ServerTraces *ebpf.MapSpec `ebpf:"server_traces"` - SslToConn *ebpf.MapSpec `ebpf:"ssl_to_conn"` - SslToPidTid *ebpf.MapSpec `ebpf:"ssl_to_pid_tid"` - TcpConnectionMap *ebpf.MapSpec `ebpf:"tcp_connection_map"` - TcpReqMem *ebpf.MapSpec `ebpf:"tcp_req_mem"` - TpCharBufMem *ebpf.MapSpec `ebpf:"tp_char_buf_mem"` - TpInfoMem *ebpf.MapSpec `ebpf:"tp_info_mem"` - TraceMap *ebpf.MapSpec `ebpf:"trace_map"` - ValidPids *ebpf.MapSpec `ebpf:"valid_pids"` -} - -// bpfObjects contains all objects after they have been loaded into the kernel. -// -// It can be passed to loadBpfObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpfObjects struct { - bpfPrograms - bpfMaps -} - -func (o *bpfObjects) Close() error { - return _BpfClose( - &o.bpfPrograms, - &o.bpfMaps, - ) -} - -// bpfMaps contains all maps after they have been loaded into the kernel. -// -// It can be passed to loadBpfObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpfMaps struct { - ActiveAcceptArgs *ebpf.Map `ebpf:"active_accept_args"` - ActiveConnectArgs *ebpf.Map `ebpf:"active_connect_args"` - ActiveNodejsIds *ebpf.Map `ebpf:"active_nodejs_ids"` - ActiveRecvArgs *ebpf.Map `ebpf:"active_recv_args"` - ActiveSendArgs *ebpf.Map `ebpf:"active_send_args"` - ActiveSendSockArgs *ebpf.Map `ebpf:"active_send_sock_args"` - ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` - ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` - ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` - ActiveSslWriteArgs *ebpf.Map `ebpf:"active_ssl_write_args"` - CloneMap *ebpf.Map `ebpf:"clone_map"` - ConnectionMetaMem *ebpf.Map `ebpf:"connection_meta_mem"` - Events *ebpf.Map `ebpf:"events"` - Http2InfoMem *ebpf.Map `ebpf:"http2_info_mem"` - HttpInfoMem *ebpf.Map `ebpf:"http_info_mem"` - IncomingTraceMap *ebpf.Map `ebpf:"incoming_trace_map"` - IovecMem *ebpf.Map `ebpf:"iovec_mem"` - JumpTable *ebpf.Map `ebpf:"jump_table"` - NodejsParentMap *ebpf.Map `ebpf:"nodejs_parent_map"` - OngoingHttp *ebpf.Map `ebpf:"ongoing_http"` - OngoingHttp2Connections *ebpf.Map `ebpf:"ongoing_http2_connections"` - OngoingHttp2Grpc *ebpf.Map `ebpf:"ongoing_http2_grpc"` - OngoingHttpFallback *ebpf.Map `ebpf:"ongoing_http_fallback"` - OngoingTcpReq *ebpf.Map `ebpf:"ongoing_tcp_req"` - OutgoingTraceMap *ebpf.Map `ebpf:"outgoing_trace_map"` - PidCache *ebpf.Map `ebpf:"pid_cache"` - PidTidToConn *ebpf.Map `ebpf:"pid_tid_to_conn"` - ProtocolArgsMem *ebpf.Map `ebpf:"protocol_args_mem"` - ServerTraces *ebpf.Map `ebpf:"server_traces"` - SslToConn *ebpf.Map `ebpf:"ssl_to_conn"` - SslToPidTid *ebpf.Map `ebpf:"ssl_to_pid_tid"` - TcpConnectionMap *ebpf.Map `ebpf:"tcp_connection_map"` - TcpReqMem *ebpf.Map `ebpf:"tcp_req_mem"` - TpCharBufMem *ebpf.Map `ebpf:"tp_char_buf_mem"` - TpInfoMem *ebpf.Map `ebpf:"tp_info_mem"` - TraceMap *ebpf.Map `ebpf:"trace_map"` - ValidPids *ebpf.Map `ebpf:"valid_pids"` -} - -func (m *bpfMaps) Close() error { - return _BpfClose( - m.ActiveAcceptArgs, - m.ActiveConnectArgs, - m.ActiveNodejsIds, - m.ActiveRecvArgs, - m.ActiveSendArgs, - m.ActiveSendSockArgs, - m.ActiveSslConnections, - m.ActiveSslHandshakes, - m.ActiveSslReadArgs, - m.ActiveSslWriteArgs, - m.CloneMap, - m.ConnectionMetaMem, - m.Events, - m.Http2InfoMem, - m.HttpInfoMem, - m.IncomingTraceMap, - m.IovecMem, - m.JumpTable, - m.NodejsParentMap, - m.OngoingHttp, - m.OngoingHttp2Connections, - m.OngoingHttp2Grpc, - m.OngoingHttpFallback, - m.OngoingTcpReq, - m.OutgoingTraceMap, - m.PidCache, - m.PidTidToConn, - m.ProtocolArgsMem, - m.ServerTraces, - m.SslToConn, - m.SslToPidTid, - m.TcpConnectionMap, - m.TcpReqMem, - m.TpCharBufMem, - m.TpInfoMem, - m.TraceMap, - m.ValidPids, - ) -} - -// bpfPrograms contains all programs after they have been loaded into the kernel. -// -// It can be passed to loadBpfObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpfPrograms struct { - AppEgress *ebpf.Program `ebpf:"app_egress"` - AppIngress *ebpf.Program `ebpf:"app_ingress"` - KprobeSysExit *ebpf.Program `ebpf:"kprobe_sys_exit"` - KprobeTcpCleanupRbuf *ebpf.Program `ebpf:"kprobe_tcp_cleanup_rbuf"` - KprobeTcpClose *ebpf.Program `ebpf:"kprobe_tcp_close"` - KprobeTcpConnect *ebpf.Program `ebpf:"kprobe_tcp_connect"` - KprobeTcpRcvEstablished *ebpf.Program `ebpf:"kprobe_tcp_rcv_established"` - KprobeTcpRecvmsg *ebpf.Program `ebpf:"kprobe_tcp_recvmsg"` - KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe_tcp_sendmsg"` - KretprobeSockAlloc *ebpf.Program `ebpf:"kretprobe_sock_alloc"` - KretprobeSysAccept4 *ebpf.Program `ebpf:"kretprobe_sys_accept4"` - KretprobeSysClone *ebpf.Program `ebpf:"kretprobe_sys_clone"` - KretprobeSysConnect *ebpf.Program `ebpf:"kretprobe_sys_connect"` - KretprobeTcpRecvmsg *ebpf.Program `ebpf:"kretprobe_tcp_recvmsg"` - KretprobeTcpSendmsg *ebpf.Program `ebpf:"kretprobe_tcp_sendmsg"` - ProtocolHttp *ebpf.Program `ebpf:"protocol_http"` - ProtocolHttp2 *ebpf.Program `ebpf:"protocol_http2"` - ProtocolTcp *ebpf.Program `ebpf:"protocol_tcp"` - SocketHttpFilter *ebpf.Program `ebpf:"socket__http_filter"` - UprobeSslDoHandshake *ebpf.Program `ebpf:"uprobe_ssl_do_handshake"` - UprobeSslRead *ebpf.Program `ebpf:"uprobe_ssl_read"` - UprobeSslReadEx *ebpf.Program `ebpf:"uprobe_ssl_read_ex"` - UprobeSslShutdown *ebpf.Program `ebpf:"uprobe_ssl_shutdown"` - UprobeSslWrite *ebpf.Program `ebpf:"uprobe_ssl_write"` - UprobeSslWriteEx *ebpf.Program `ebpf:"uprobe_ssl_write_ex"` - UretprobeSslDoHandshake *ebpf.Program `ebpf:"uretprobe_ssl_do_handshake"` - UretprobeSslRead *ebpf.Program `ebpf:"uretprobe_ssl_read"` - UretprobeSslReadEx *ebpf.Program `ebpf:"uretprobe_ssl_read_ex"` - UretprobeSslWrite *ebpf.Program `ebpf:"uretprobe_ssl_write"` - UretprobeSslWriteEx *ebpf.Program `ebpf:"uretprobe_ssl_write_ex"` -} - -func (p *bpfPrograms) Close() error { - return _BpfClose( - p.AppEgress, - p.AppIngress, - p.KprobeSysExit, - p.KprobeTcpCleanupRbuf, - p.KprobeTcpClose, - p.KprobeTcpConnect, - p.KprobeTcpRcvEstablished, - p.KprobeTcpRecvmsg, - p.KprobeTcpSendmsg, - p.KretprobeSockAlloc, - p.KretprobeSysAccept4, - p.KretprobeSysClone, - p.KretprobeSysConnect, - p.KretprobeTcpRecvmsg, - p.KretprobeTcpSendmsg, - p.ProtocolHttp, - p.ProtocolHttp2, - p.ProtocolTcp, - p.SocketHttpFilter, - p.UprobeSslDoHandshake, - p.UprobeSslRead, - p.UprobeSslReadEx, - p.UprobeSslShutdown, - p.UprobeSslWrite, - p.UprobeSslWriteEx, - p.UretprobeSslDoHandshake, - p.UretprobeSslRead, - p.UretprobeSslReadEx, - p.UretprobeSslWrite, - p.UretprobeSslWriteEx, - ) -} - -func _BpfClose(closers ...io.Closer) error { - for _, closer := range closers { - if err := closer.Close(); err != nil { - return err - } - } - return nil -} - -// Do not access this directly. -// -//go:embed bpf_arm64_bpfel.o -var _BpfBytes []byte diff --git a/pkg/internal/ebpf/ktracer/bpf_arm64_bpfel.o b/pkg/internal/ebpf/ktracer/bpf_arm64_bpfel.o deleted file mode 100644 index f7ff68500..000000000 --- a/pkg/internal/ebpf/ktracer/bpf_arm64_bpfel.o +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:dca4d0ecb78ae3fa83ca2b42f12a47d69aae677242727a24322e36050c30db48 -size 481272 diff --git a/pkg/internal/ebpf/ktracer/bpf_debug_arm64_bpfel.go b/pkg/internal/ebpf/ktracer/bpf_debug_arm64_bpfel.go deleted file mode 100644 index e8db828ef..000000000 --- a/pkg/internal/ebpf/ktracer/bpf_debug_arm64_bpfel.go +++ /dev/null @@ -1,502 +0,0 @@ -// Code generated by bpf2go; DO NOT EDIT. -//go:build arm64 - -package ktracer - -import ( - "bytes" - _ "embed" - "fmt" - "io" - - "github.com/cilium/ebpf" -) - -type bpf_debugCallProtocolArgsT struct { - PidConn bpf_debugPidConnectionInfoT - SmallBuf [24]uint8 - U_buf uint64 - BytesLen int32 - Ssl uint8 - Direction uint8 - OrigDport uint16 - PacketType uint8 - _ [7]byte -} - -type bpf_debugConnectionInfoT struct { - S_addr [16]uint8 - D_addr [16]uint8 - S_port uint16 - D_port uint16 -} - -type bpf_debugHttp2ConnStreamT struct { - PidConn bpf_debugPidConnectionInfoT - StreamId uint32 -} - -type bpf_debugHttp2GrpcRequestT struct { - Flags uint8 - _ [1]byte - ConnInfo bpf_debugConnectionInfoT - Data [256]uint8 - RetData [64]uint8 - Type uint8 - _ [1]byte - Len int32 - _ [4]byte - StartMonotimeNs uint64 - EndMonotimeNs uint64 - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - Ssl uint8 - _ [3]byte - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } -} - -type bpf_debugHttpConnectionMetadataT struct { - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - Type uint8 -} - -type bpf_debugHttpInfoT struct { - Flags uint8 - _ [1]byte - ConnInfo bpf_debugConnectionInfoT - _ [2]byte - StartMonotimeNs uint64 - EndMonotimeNs uint64 - Buf [192]uint8 - Len uint32 - RespLen uint32 - Status uint16 - Type uint8 - Ssl uint8 - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } - ExtraId uint64 - TaskTid uint32 - _ [4]byte -} - -type bpf_debugPartialConnectionInfoT struct { - S_addr [16]uint8 - S_port uint16 - D_port uint16 - TcpSeq uint32 -} - -type bpf_debugPidConnectionInfoT struct { - Conn bpf_debugConnectionInfoT - Pid uint32 -} - -type bpf_debugPidKeyT struct { - Pid uint32 - Ns uint32 -} - -type bpf_debugRecvArgsT struct { - SockPtr uint64 - IovecCtx [40]uint8 -} - -type bpf_debugSendArgsT struct { - P_conn bpf_debugPidConnectionInfoT - Size uint64 -} - -type bpf_debugSockArgsT struct { - Addr uint64 - AcceptTime uint64 -} - -type bpf_debugSslArgsT struct { - Ssl uint64 - Buf uint64 - LenPtr uint64 -} - -type bpf_debugSslPidConnectionInfoT struct { - P_conn bpf_debugPidConnectionInfoT - OrigDport uint16 - _ [2]byte -} - -type bpf_debugTcpReqT struct { - Flags uint8 - _ [1]byte - ConnInfo bpf_debugConnectionInfoT - _ [2]byte - StartMonotimeNs uint64 - EndMonotimeNs uint64 - Buf [256]uint8 - Rbuf [128]uint8 - Len uint32 - RespLen uint32 - Ssl uint8 - Direction uint8 - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - _ [2]byte - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } -} - -type bpf_debugTpInfoPidT struct { - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } - Pid uint32 - Valid uint8 - _ [3]byte -} - -type bpf_debugTraceKeyT struct { - P_key bpf_debugPidKeyT - ExtraId uint64 -} - -// loadBpf_debug returns the embedded CollectionSpec for bpf_debug. -func loadBpf_debug() (*ebpf.CollectionSpec, error) { - reader := bytes.NewReader(_Bpf_debugBytes) - spec, err := ebpf.LoadCollectionSpecFromReader(reader) - if err != nil { - return nil, fmt.Errorf("can't load bpf_debug: %w", err) - } - - return spec, err -} - -// loadBpf_debugObjects loads bpf_debug and converts it into a struct. -// -// The following types are suitable as obj argument: -// -// *bpf_debugObjects -// *bpf_debugPrograms -// *bpf_debugMaps -// -// See ebpf.CollectionSpec.LoadAndAssign documentation for details. -func loadBpf_debugObjects(obj interface{}, opts *ebpf.CollectionOptions) error { - spec, err := loadBpf_debug() - if err != nil { - return err - } - - return spec.LoadAndAssign(obj, opts) -} - -// bpf_debugSpecs contains maps and programs before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpf_debugSpecs struct { - bpf_debugProgramSpecs - bpf_debugMapSpecs -} - -// bpf_debugSpecs contains programs before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpf_debugProgramSpecs struct { - AppEgress *ebpf.ProgramSpec `ebpf:"app_egress"` - AppIngress *ebpf.ProgramSpec `ebpf:"app_ingress"` - KprobeSysExit *ebpf.ProgramSpec `ebpf:"kprobe_sys_exit"` - KprobeTcpCleanupRbuf *ebpf.ProgramSpec `ebpf:"kprobe_tcp_cleanup_rbuf"` - KprobeTcpClose *ebpf.ProgramSpec `ebpf:"kprobe_tcp_close"` - KprobeTcpConnect *ebpf.ProgramSpec `ebpf:"kprobe_tcp_connect"` - KprobeTcpRcvEstablished *ebpf.ProgramSpec `ebpf:"kprobe_tcp_rcv_established"` - KprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_recvmsg"` - KprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_sendmsg"` - KretprobeSockAlloc *ebpf.ProgramSpec `ebpf:"kretprobe_sock_alloc"` - KretprobeSysAccept4 *ebpf.ProgramSpec `ebpf:"kretprobe_sys_accept4"` - KretprobeSysClone *ebpf.ProgramSpec `ebpf:"kretprobe_sys_clone"` - KretprobeSysConnect *ebpf.ProgramSpec `ebpf:"kretprobe_sys_connect"` - KretprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_recvmsg"` - KretprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_sendmsg"` - ProtocolHttp *ebpf.ProgramSpec `ebpf:"protocol_http"` - ProtocolHttp2 *ebpf.ProgramSpec `ebpf:"protocol_http2"` - ProtocolTcp *ebpf.ProgramSpec `ebpf:"protocol_tcp"` - SocketHttpFilter *ebpf.ProgramSpec `ebpf:"socket__http_filter"` - UprobeSslDoHandshake *ebpf.ProgramSpec `ebpf:"uprobe_ssl_do_handshake"` - UprobeSslRead *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read"` - UprobeSslReadEx *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read_ex"` - UprobeSslShutdown *ebpf.ProgramSpec `ebpf:"uprobe_ssl_shutdown"` - UprobeSslWrite *ebpf.ProgramSpec `ebpf:"uprobe_ssl_write"` - UprobeSslWriteEx *ebpf.ProgramSpec `ebpf:"uprobe_ssl_write_ex"` - UretprobeSslDoHandshake *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_do_handshake"` - UretprobeSslRead *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_read"` - UretprobeSslReadEx *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_read_ex"` - UretprobeSslWrite *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_write"` - UretprobeSslWriteEx *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_write_ex"` -} - -// bpf_debugMapSpecs contains maps before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpf_debugMapSpecs struct { - ActiveAcceptArgs *ebpf.MapSpec `ebpf:"active_accept_args"` - ActiveConnectArgs *ebpf.MapSpec `ebpf:"active_connect_args"` - ActiveNodejsIds *ebpf.MapSpec `ebpf:"active_nodejs_ids"` - ActiveRecvArgs *ebpf.MapSpec `ebpf:"active_recv_args"` - ActiveSendArgs *ebpf.MapSpec `ebpf:"active_send_args"` - ActiveSendSockArgs *ebpf.MapSpec `ebpf:"active_send_sock_args"` - ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` - ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` - ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` - ActiveSslWriteArgs *ebpf.MapSpec `ebpf:"active_ssl_write_args"` - CloneMap *ebpf.MapSpec `ebpf:"clone_map"` - ConnectionMetaMem *ebpf.MapSpec `ebpf:"connection_meta_mem"` - DebugEvents *ebpf.MapSpec `ebpf:"debug_events"` - Events *ebpf.MapSpec `ebpf:"events"` - Http2InfoMem *ebpf.MapSpec `ebpf:"http2_info_mem"` - HttpInfoMem *ebpf.MapSpec `ebpf:"http_info_mem"` - IncomingTraceMap *ebpf.MapSpec `ebpf:"incoming_trace_map"` - IovecMem *ebpf.MapSpec `ebpf:"iovec_mem"` - JumpTable *ebpf.MapSpec `ebpf:"jump_table"` - NodejsParentMap *ebpf.MapSpec `ebpf:"nodejs_parent_map"` - OngoingHttp *ebpf.MapSpec `ebpf:"ongoing_http"` - OngoingHttp2Connections *ebpf.MapSpec `ebpf:"ongoing_http2_connections"` - OngoingHttp2Grpc *ebpf.MapSpec `ebpf:"ongoing_http2_grpc"` - OngoingHttpFallback *ebpf.MapSpec `ebpf:"ongoing_http_fallback"` - OngoingTcpReq *ebpf.MapSpec `ebpf:"ongoing_tcp_req"` - OutgoingTraceMap *ebpf.MapSpec `ebpf:"outgoing_trace_map"` - PidCache *ebpf.MapSpec `ebpf:"pid_cache"` - PidTidToConn *ebpf.MapSpec `ebpf:"pid_tid_to_conn"` - ProtocolArgsMem *ebpf.MapSpec `ebpf:"protocol_args_mem"` - ServerTraces *ebpf.MapSpec `ebpf:"server_traces"` - SslToConn *ebpf.MapSpec `ebpf:"ssl_to_conn"` - SslToPidTid *ebpf.MapSpec `ebpf:"ssl_to_pid_tid"` - TcpConnectionMap *ebpf.MapSpec `ebpf:"tcp_connection_map"` - TcpReqMem *ebpf.MapSpec `ebpf:"tcp_req_mem"` - TpCharBufMem *ebpf.MapSpec `ebpf:"tp_char_buf_mem"` - TpInfoMem *ebpf.MapSpec `ebpf:"tp_info_mem"` - TraceMap *ebpf.MapSpec `ebpf:"trace_map"` - ValidPids *ebpf.MapSpec `ebpf:"valid_pids"` -} - -// bpf_debugObjects contains all objects after they have been loaded into the kernel. -// -// It can be passed to loadBpf_debugObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpf_debugObjects struct { - bpf_debugPrograms - bpf_debugMaps -} - -func (o *bpf_debugObjects) Close() error { - return _Bpf_debugClose( - &o.bpf_debugPrograms, - &o.bpf_debugMaps, - ) -} - -// bpf_debugMaps contains all maps after they have been loaded into the kernel. -// -// It can be passed to loadBpf_debugObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpf_debugMaps struct { - ActiveAcceptArgs *ebpf.Map `ebpf:"active_accept_args"` - ActiveConnectArgs *ebpf.Map `ebpf:"active_connect_args"` - ActiveNodejsIds *ebpf.Map `ebpf:"active_nodejs_ids"` - ActiveRecvArgs *ebpf.Map `ebpf:"active_recv_args"` - ActiveSendArgs *ebpf.Map `ebpf:"active_send_args"` - ActiveSendSockArgs *ebpf.Map `ebpf:"active_send_sock_args"` - ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` - ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` - ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` - ActiveSslWriteArgs *ebpf.Map `ebpf:"active_ssl_write_args"` - CloneMap *ebpf.Map `ebpf:"clone_map"` - ConnectionMetaMem *ebpf.Map `ebpf:"connection_meta_mem"` - DebugEvents *ebpf.Map `ebpf:"debug_events"` - Events *ebpf.Map `ebpf:"events"` - Http2InfoMem *ebpf.Map `ebpf:"http2_info_mem"` - HttpInfoMem *ebpf.Map `ebpf:"http_info_mem"` - IncomingTraceMap *ebpf.Map `ebpf:"incoming_trace_map"` - IovecMem *ebpf.Map `ebpf:"iovec_mem"` - JumpTable *ebpf.Map `ebpf:"jump_table"` - NodejsParentMap *ebpf.Map `ebpf:"nodejs_parent_map"` - OngoingHttp *ebpf.Map `ebpf:"ongoing_http"` - OngoingHttp2Connections *ebpf.Map `ebpf:"ongoing_http2_connections"` - OngoingHttp2Grpc *ebpf.Map `ebpf:"ongoing_http2_grpc"` - OngoingHttpFallback *ebpf.Map `ebpf:"ongoing_http_fallback"` - OngoingTcpReq *ebpf.Map `ebpf:"ongoing_tcp_req"` - OutgoingTraceMap *ebpf.Map `ebpf:"outgoing_trace_map"` - PidCache *ebpf.Map `ebpf:"pid_cache"` - PidTidToConn *ebpf.Map `ebpf:"pid_tid_to_conn"` - ProtocolArgsMem *ebpf.Map `ebpf:"protocol_args_mem"` - ServerTraces *ebpf.Map `ebpf:"server_traces"` - SslToConn *ebpf.Map `ebpf:"ssl_to_conn"` - SslToPidTid *ebpf.Map `ebpf:"ssl_to_pid_tid"` - TcpConnectionMap *ebpf.Map `ebpf:"tcp_connection_map"` - TcpReqMem *ebpf.Map `ebpf:"tcp_req_mem"` - TpCharBufMem *ebpf.Map `ebpf:"tp_char_buf_mem"` - TpInfoMem *ebpf.Map `ebpf:"tp_info_mem"` - TraceMap *ebpf.Map `ebpf:"trace_map"` - ValidPids *ebpf.Map `ebpf:"valid_pids"` -} - -func (m *bpf_debugMaps) Close() error { - return _Bpf_debugClose( - m.ActiveAcceptArgs, - m.ActiveConnectArgs, - m.ActiveNodejsIds, - m.ActiveRecvArgs, - m.ActiveSendArgs, - m.ActiveSendSockArgs, - m.ActiveSslConnections, - m.ActiveSslHandshakes, - m.ActiveSslReadArgs, - m.ActiveSslWriteArgs, - m.CloneMap, - m.ConnectionMetaMem, - m.DebugEvents, - m.Events, - m.Http2InfoMem, - m.HttpInfoMem, - m.IncomingTraceMap, - m.IovecMem, - m.JumpTable, - m.NodejsParentMap, - m.OngoingHttp, - m.OngoingHttp2Connections, - m.OngoingHttp2Grpc, - m.OngoingHttpFallback, - m.OngoingTcpReq, - m.OutgoingTraceMap, - m.PidCache, - m.PidTidToConn, - m.ProtocolArgsMem, - m.ServerTraces, - m.SslToConn, - m.SslToPidTid, - m.TcpConnectionMap, - m.TcpReqMem, - m.TpCharBufMem, - m.TpInfoMem, - m.TraceMap, - m.ValidPids, - ) -} - -// bpf_debugPrograms contains all programs after they have been loaded into the kernel. -// -// It can be passed to loadBpf_debugObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpf_debugPrograms struct { - AppEgress *ebpf.Program `ebpf:"app_egress"` - AppIngress *ebpf.Program `ebpf:"app_ingress"` - KprobeSysExit *ebpf.Program `ebpf:"kprobe_sys_exit"` - KprobeTcpCleanupRbuf *ebpf.Program `ebpf:"kprobe_tcp_cleanup_rbuf"` - KprobeTcpClose *ebpf.Program `ebpf:"kprobe_tcp_close"` - KprobeTcpConnect *ebpf.Program `ebpf:"kprobe_tcp_connect"` - KprobeTcpRcvEstablished *ebpf.Program `ebpf:"kprobe_tcp_rcv_established"` - KprobeTcpRecvmsg *ebpf.Program `ebpf:"kprobe_tcp_recvmsg"` - KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe_tcp_sendmsg"` - KretprobeSockAlloc *ebpf.Program `ebpf:"kretprobe_sock_alloc"` - KretprobeSysAccept4 *ebpf.Program `ebpf:"kretprobe_sys_accept4"` - KretprobeSysClone *ebpf.Program `ebpf:"kretprobe_sys_clone"` - KretprobeSysConnect *ebpf.Program `ebpf:"kretprobe_sys_connect"` - KretprobeTcpRecvmsg *ebpf.Program `ebpf:"kretprobe_tcp_recvmsg"` - KretprobeTcpSendmsg *ebpf.Program `ebpf:"kretprobe_tcp_sendmsg"` - ProtocolHttp *ebpf.Program `ebpf:"protocol_http"` - ProtocolHttp2 *ebpf.Program `ebpf:"protocol_http2"` - ProtocolTcp *ebpf.Program `ebpf:"protocol_tcp"` - SocketHttpFilter *ebpf.Program `ebpf:"socket__http_filter"` - UprobeSslDoHandshake *ebpf.Program `ebpf:"uprobe_ssl_do_handshake"` - UprobeSslRead *ebpf.Program `ebpf:"uprobe_ssl_read"` - UprobeSslReadEx *ebpf.Program `ebpf:"uprobe_ssl_read_ex"` - UprobeSslShutdown *ebpf.Program `ebpf:"uprobe_ssl_shutdown"` - UprobeSslWrite *ebpf.Program `ebpf:"uprobe_ssl_write"` - UprobeSslWriteEx *ebpf.Program `ebpf:"uprobe_ssl_write_ex"` - UretprobeSslDoHandshake *ebpf.Program `ebpf:"uretprobe_ssl_do_handshake"` - UretprobeSslRead *ebpf.Program `ebpf:"uretprobe_ssl_read"` - UretprobeSslReadEx *ebpf.Program `ebpf:"uretprobe_ssl_read_ex"` - UretprobeSslWrite *ebpf.Program `ebpf:"uretprobe_ssl_write"` - UretprobeSslWriteEx *ebpf.Program `ebpf:"uretprobe_ssl_write_ex"` -} - -func (p *bpf_debugPrograms) Close() error { - return _Bpf_debugClose( - p.AppEgress, - p.AppIngress, - p.KprobeSysExit, - p.KprobeTcpCleanupRbuf, - p.KprobeTcpClose, - p.KprobeTcpConnect, - p.KprobeTcpRcvEstablished, - p.KprobeTcpRecvmsg, - p.KprobeTcpSendmsg, - p.KretprobeSockAlloc, - p.KretprobeSysAccept4, - p.KretprobeSysClone, - p.KretprobeSysConnect, - p.KretprobeTcpRecvmsg, - p.KretprobeTcpSendmsg, - p.ProtocolHttp, - p.ProtocolHttp2, - p.ProtocolTcp, - p.SocketHttpFilter, - p.UprobeSslDoHandshake, - p.UprobeSslRead, - p.UprobeSslReadEx, - p.UprobeSslShutdown, - p.UprobeSslWrite, - p.UprobeSslWriteEx, - p.UretprobeSslDoHandshake, - p.UretprobeSslRead, - p.UretprobeSslReadEx, - p.UretprobeSslWrite, - p.UretprobeSslWriteEx, - ) -} - -func _Bpf_debugClose(closers ...io.Closer) error { - for _, closer := range closers { - if err := closer.Close(); err != nil { - return err - } - } - return nil -} - -// Do not access this directly. -// -//go:embed bpf_debug_arm64_bpfel.o -var _Bpf_debugBytes []byte diff --git a/pkg/internal/ebpf/ktracer/bpf_debug_arm64_bpfel.o b/pkg/internal/ebpf/ktracer/bpf_debug_arm64_bpfel.o deleted file mode 100644 index 2f70a7ae2..000000000 --- a/pkg/internal/ebpf/ktracer/bpf_debug_arm64_bpfel.o +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e3d3e7c561595398488a1dcc23aa65ec42bb3b036c54968ae9d2c86675769f03 -size 765936 diff --git a/pkg/internal/ebpf/ktracer/bpf_debug_x86_bpfel.go b/pkg/internal/ebpf/ktracer/bpf_debug_x86_bpfel.go deleted file mode 100644 index fab0be18c..000000000 --- a/pkg/internal/ebpf/ktracer/bpf_debug_x86_bpfel.go +++ /dev/null @@ -1,502 +0,0 @@ -// Code generated by bpf2go; DO NOT EDIT. -//go:build 386 || amd64 - -package ktracer - -import ( - "bytes" - _ "embed" - "fmt" - "io" - - "github.com/cilium/ebpf" -) - -type bpf_debugCallProtocolArgsT struct { - PidConn bpf_debugPidConnectionInfoT - SmallBuf [24]uint8 - U_buf uint64 - BytesLen int32 - Ssl uint8 - Direction uint8 - OrigDport uint16 - PacketType uint8 - _ [7]byte -} - -type bpf_debugConnectionInfoT struct { - S_addr [16]uint8 - D_addr [16]uint8 - S_port uint16 - D_port uint16 -} - -type bpf_debugHttp2ConnStreamT struct { - PidConn bpf_debugPidConnectionInfoT - StreamId uint32 -} - -type bpf_debugHttp2GrpcRequestT struct { - Flags uint8 - _ [1]byte - ConnInfo bpf_debugConnectionInfoT - Data [256]uint8 - RetData [64]uint8 - Type uint8 - _ [1]byte - Len int32 - _ [4]byte - StartMonotimeNs uint64 - EndMonotimeNs uint64 - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - Ssl uint8 - _ [3]byte - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } -} - -type bpf_debugHttpConnectionMetadataT struct { - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - Type uint8 -} - -type bpf_debugHttpInfoT struct { - Flags uint8 - _ [1]byte - ConnInfo bpf_debugConnectionInfoT - _ [2]byte - StartMonotimeNs uint64 - EndMonotimeNs uint64 - Buf [192]uint8 - Len uint32 - RespLen uint32 - Status uint16 - Type uint8 - Ssl uint8 - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } - ExtraId uint64 - TaskTid uint32 - _ [4]byte -} - -type bpf_debugPartialConnectionInfoT struct { - S_addr [16]uint8 - S_port uint16 - D_port uint16 - TcpSeq uint32 -} - -type bpf_debugPidConnectionInfoT struct { - Conn bpf_debugConnectionInfoT - Pid uint32 -} - -type bpf_debugPidKeyT struct { - Pid uint32 - Ns uint32 -} - -type bpf_debugRecvArgsT struct { - SockPtr uint64 - IovecCtx [40]uint8 -} - -type bpf_debugSendArgsT struct { - P_conn bpf_debugPidConnectionInfoT - Size uint64 -} - -type bpf_debugSockArgsT struct { - Addr uint64 - AcceptTime uint64 -} - -type bpf_debugSslArgsT struct { - Ssl uint64 - Buf uint64 - LenPtr uint64 -} - -type bpf_debugSslPidConnectionInfoT struct { - P_conn bpf_debugPidConnectionInfoT - OrigDport uint16 - _ [2]byte -} - -type bpf_debugTcpReqT struct { - Flags uint8 - _ [1]byte - ConnInfo bpf_debugConnectionInfoT - _ [2]byte - StartMonotimeNs uint64 - EndMonotimeNs uint64 - Buf [256]uint8 - Rbuf [128]uint8 - Len uint32 - RespLen uint32 - Ssl uint8 - Direction uint8 - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - _ [2]byte - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } -} - -type bpf_debugTpInfoPidT struct { - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } - Pid uint32 - Valid uint8 - _ [3]byte -} - -type bpf_debugTraceKeyT struct { - P_key bpf_debugPidKeyT - ExtraId uint64 -} - -// loadBpf_debug returns the embedded CollectionSpec for bpf_debug. -func loadBpf_debug() (*ebpf.CollectionSpec, error) { - reader := bytes.NewReader(_Bpf_debugBytes) - spec, err := ebpf.LoadCollectionSpecFromReader(reader) - if err != nil { - return nil, fmt.Errorf("can't load bpf_debug: %w", err) - } - - return spec, err -} - -// loadBpf_debugObjects loads bpf_debug and converts it into a struct. -// -// The following types are suitable as obj argument: -// -// *bpf_debugObjects -// *bpf_debugPrograms -// *bpf_debugMaps -// -// See ebpf.CollectionSpec.LoadAndAssign documentation for details. -func loadBpf_debugObjects(obj interface{}, opts *ebpf.CollectionOptions) error { - spec, err := loadBpf_debug() - if err != nil { - return err - } - - return spec.LoadAndAssign(obj, opts) -} - -// bpf_debugSpecs contains maps and programs before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpf_debugSpecs struct { - bpf_debugProgramSpecs - bpf_debugMapSpecs -} - -// bpf_debugSpecs contains programs before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpf_debugProgramSpecs struct { - AppEgress *ebpf.ProgramSpec `ebpf:"app_egress"` - AppIngress *ebpf.ProgramSpec `ebpf:"app_ingress"` - KprobeSysExit *ebpf.ProgramSpec `ebpf:"kprobe_sys_exit"` - KprobeTcpCleanupRbuf *ebpf.ProgramSpec `ebpf:"kprobe_tcp_cleanup_rbuf"` - KprobeTcpClose *ebpf.ProgramSpec `ebpf:"kprobe_tcp_close"` - KprobeTcpConnect *ebpf.ProgramSpec `ebpf:"kprobe_tcp_connect"` - KprobeTcpRcvEstablished *ebpf.ProgramSpec `ebpf:"kprobe_tcp_rcv_established"` - KprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_recvmsg"` - KprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_sendmsg"` - KretprobeSockAlloc *ebpf.ProgramSpec `ebpf:"kretprobe_sock_alloc"` - KretprobeSysAccept4 *ebpf.ProgramSpec `ebpf:"kretprobe_sys_accept4"` - KretprobeSysClone *ebpf.ProgramSpec `ebpf:"kretprobe_sys_clone"` - KretprobeSysConnect *ebpf.ProgramSpec `ebpf:"kretprobe_sys_connect"` - KretprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_recvmsg"` - KretprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_sendmsg"` - ProtocolHttp *ebpf.ProgramSpec `ebpf:"protocol_http"` - ProtocolHttp2 *ebpf.ProgramSpec `ebpf:"protocol_http2"` - ProtocolTcp *ebpf.ProgramSpec `ebpf:"protocol_tcp"` - SocketHttpFilter *ebpf.ProgramSpec `ebpf:"socket__http_filter"` - UprobeSslDoHandshake *ebpf.ProgramSpec `ebpf:"uprobe_ssl_do_handshake"` - UprobeSslRead *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read"` - UprobeSslReadEx *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read_ex"` - UprobeSslShutdown *ebpf.ProgramSpec `ebpf:"uprobe_ssl_shutdown"` - UprobeSslWrite *ebpf.ProgramSpec `ebpf:"uprobe_ssl_write"` - UprobeSslWriteEx *ebpf.ProgramSpec `ebpf:"uprobe_ssl_write_ex"` - UretprobeSslDoHandshake *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_do_handshake"` - UretprobeSslRead *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_read"` - UretprobeSslReadEx *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_read_ex"` - UretprobeSslWrite *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_write"` - UretprobeSslWriteEx *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_write_ex"` -} - -// bpf_debugMapSpecs contains maps before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpf_debugMapSpecs struct { - ActiveAcceptArgs *ebpf.MapSpec `ebpf:"active_accept_args"` - ActiveConnectArgs *ebpf.MapSpec `ebpf:"active_connect_args"` - ActiveNodejsIds *ebpf.MapSpec `ebpf:"active_nodejs_ids"` - ActiveRecvArgs *ebpf.MapSpec `ebpf:"active_recv_args"` - ActiveSendArgs *ebpf.MapSpec `ebpf:"active_send_args"` - ActiveSendSockArgs *ebpf.MapSpec `ebpf:"active_send_sock_args"` - ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` - ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` - ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` - ActiveSslWriteArgs *ebpf.MapSpec `ebpf:"active_ssl_write_args"` - CloneMap *ebpf.MapSpec `ebpf:"clone_map"` - ConnectionMetaMem *ebpf.MapSpec `ebpf:"connection_meta_mem"` - DebugEvents *ebpf.MapSpec `ebpf:"debug_events"` - Events *ebpf.MapSpec `ebpf:"events"` - Http2InfoMem *ebpf.MapSpec `ebpf:"http2_info_mem"` - HttpInfoMem *ebpf.MapSpec `ebpf:"http_info_mem"` - IncomingTraceMap *ebpf.MapSpec `ebpf:"incoming_trace_map"` - IovecMem *ebpf.MapSpec `ebpf:"iovec_mem"` - JumpTable *ebpf.MapSpec `ebpf:"jump_table"` - NodejsParentMap *ebpf.MapSpec `ebpf:"nodejs_parent_map"` - OngoingHttp *ebpf.MapSpec `ebpf:"ongoing_http"` - OngoingHttp2Connections *ebpf.MapSpec `ebpf:"ongoing_http2_connections"` - OngoingHttp2Grpc *ebpf.MapSpec `ebpf:"ongoing_http2_grpc"` - OngoingHttpFallback *ebpf.MapSpec `ebpf:"ongoing_http_fallback"` - OngoingTcpReq *ebpf.MapSpec `ebpf:"ongoing_tcp_req"` - OutgoingTraceMap *ebpf.MapSpec `ebpf:"outgoing_trace_map"` - PidCache *ebpf.MapSpec `ebpf:"pid_cache"` - PidTidToConn *ebpf.MapSpec `ebpf:"pid_tid_to_conn"` - ProtocolArgsMem *ebpf.MapSpec `ebpf:"protocol_args_mem"` - ServerTraces *ebpf.MapSpec `ebpf:"server_traces"` - SslToConn *ebpf.MapSpec `ebpf:"ssl_to_conn"` - SslToPidTid *ebpf.MapSpec `ebpf:"ssl_to_pid_tid"` - TcpConnectionMap *ebpf.MapSpec `ebpf:"tcp_connection_map"` - TcpReqMem *ebpf.MapSpec `ebpf:"tcp_req_mem"` - TpCharBufMem *ebpf.MapSpec `ebpf:"tp_char_buf_mem"` - TpInfoMem *ebpf.MapSpec `ebpf:"tp_info_mem"` - TraceMap *ebpf.MapSpec `ebpf:"trace_map"` - ValidPids *ebpf.MapSpec `ebpf:"valid_pids"` -} - -// bpf_debugObjects contains all objects after they have been loaded into the kernel. -// -// It can be passed to loadBpf_debugObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpf_debugObjects struct { - bpf_debugPrograms - bpf_debugMaps -} - -func (o *bpf_debugObjects) Close() error { - return _Bpf_debugClose( - &o.bpf_debugPrograms, - &o.bpf_debugMaps, - ) -} - -// bpf_debugMaps contains all maps after they have been loaded into the kernel. -// -// It can be passed to loadBpf_debugObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpf_debugMaps struct { - ActiveAcceptArgs *ebpf.Map `ebpf:"active_accept_args"` - ActiveConnectArgs *ebpf.Map `ebpf:"active_connect_args"` - ActiveNodejsIds *ebpf.Map `ebpf:"active_nodejs_ids"` - ActiveRecvArgs *ebpf.Map `ebpf:"active_recv_args"` - ActiveSendArgs *ebpf.Map `ebpf:"active_send_args"` - ActiveSendSockArgs *ebpf.Map `ebpf:"active_send_sock_args"` - ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` - ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` - ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` - ActiveSslWriteArgs *ebpf.Map `ebpf:"active_ssl_write_args"` - CloneMap *ebpf.Map `ebpf:"clone_map"` - ConnectionMetaMem *ebpf.Map `ebpf:"connection_meta_mem"` - DebugEvents *ebpf.Map `ebpf:"debug_events"` - Events *ebpf.Map `ebpf:"events"` - Http2InfoMem *ebpf.Map `ebpf:"http2_info_mem"` - HttpInfoMem *ebpf.Map `ebpf:"http_info_mem"` - IncomingTraceMap *ebpf.Map `ebpf:"incoming_trace_map"` - IovecMem *ebpf.Map `ebpf:"iovec_mem"` - JumpTable *ebpf.Map `ebpf:"jump_table"` - NodejsParentMap *ebpf.Map `ebpf:"nodejs_parent_map"` - OngoingHttp *ebpf.Map `ebpf:"ongoing_http"` - OngoingHttp2Connections *ebpf.Map `ebpf:"ongoing_http2_connections"` - OngoingHttp2Grpc *ebpf.Map `ebpf:"ongoing_http2_grpc"` - OngoingHttpFallback *ebpf.Map `ebpf:"ongoing_http_fallback"` - OngoingTcpReq *ebpf.Map `ebpf:"ongoing_tcp_req"` - OutgoingTraceMap *ebpf.Map `ebpf:"outgoing_trace_map"` - PidCache *ebpf.Map `ebpf:"pid_cache"` - PidTidToConn *ebpf.Map `ebpf:"pid_tid_to_conn"` - ProtocolArgsMem *ebpf.Map `ebpf:"protocol_args_mem"` - ServerTraces *ebpf.Map `ebpf:"server_traces"` - SslToConn *ebpf.Map `ebpf:"ssl_to_conn"` - SslToPidTid *ebpf.Map `ebpf:"ssl_to_pid_tid"` - TcpConnectionMap *ebpf.Map `ebpf:"tcp_connection_map"` - TcpReqMem *ebpf.Map `ebpf:"tcp_req_mem"` - TpCharBufMem *ebpf.Map `ebpf:"tp_char_buf_mem"` - TpInfoMem *ebpf.Map `ebpf:"tp_info_mem"` - TraceMap *ebpf.Map `ebpf:"trace_map"` - ValidPids *ebpf.Map `ebpf:"valid_pids"` -} - -func (m *bpf_debugMaps) Close() error { - return _Bpf_debugClose( - m.ActiveAcceptArgs, - m.ActiveConnectArgs, - m.ActiveNodejsIds, - m.ActiveRecvArgs, - m.ActiveSendArgs, - m.ActiveSendSockArgs, - m.ActiveSslConnections, - m.ActiveSslHandshakes, - m.ActiveSslReadArgs, - m.ActiveSslWriteArgs, - m.CloneMap, - m.ConnectionMetaMem, - m.DebugEvents, - m.Events, - m.Http2InfoMem, - m.HttpInfoMem, - m.IncomingTraceMap, - m.IovecMem, - m.JumpTable, - m.NodejsParentMap, - m.OngoingHttp, - m.OngoingHttp2Connections, - m.OngoingHttp2Grpc, - m.OngoingHttpFallback, - m.OngoingTcpReq, - m.OutgoingTraceMap, - m.PidCache, - m.PidTidToConn, - m.ProtocolArgsMem, - m.ServerTraces, - m.SslToConn, - m.SslToPidTid, - m.TcpConnectionMap, - m.TcpReqMem, - m.TpCharBufMem, - m.TpInfoMem, - m.TraceMap, - m.ValidPids, - ) -} - -// bpf_debugPrograms contains all programs after they have been loaded into the kernel. -// -// It can be passed to loadBpf_debugObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpf_debugPrograms struct { - AppEgress *ebpf.Program `ebpf:"app_egress"` - AppIngress *ebpf.Program `ebpf:"app_ingress"` - KprobeSysExit *ebpf.Program `ebpf:"kprobe_sys_exit"` - KprobeTcpCleanupRbuf *ebpf.Program `ebpf:"kprobe_tcp_cleanup_rbuf"` - KprobeTcpClose *ebpf.Program `ebpf:"kprobe_tcp_close"` - KprobeTcpConnect *ebpf.Program `ebpf:"kprobe_tcp_connect"` - KprobeTcpRcvEstablished *ebpf.Program `ebpf:"kprobe_tcp_rcv_established"` - KprobeTcpRecvmsg *ebpf.Program `ebpf:"kprobe_tcp_recvmsg"` - KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe_tcp_sendmsg"` - KretprobeSockAlloc *ebpf.Program `ebpf:"kretprobe_sock_alloc"` - KretprobeSysAccept4 *ebpf.Program `ebpf:"kretprobe_sys_accept4"` - KretprobeSysClone *ebpf.Program `ebpf:"kretprobe_sys_clone"` - KretprobeSysConnect *ebpf.Program `ebpf:"kretprobe_sys_connect"` - KretprobeTcpRecvmsg *ebpf.Program `ebpf:"kretprobe_tcp_recvmsg"` - KretprobeTcpSendmsg *ebpf.Program `ebpf:"kretprobe_tcp_sendmsg"` - ProtocolHttp *ebpf.Program `ebpf:"protocol_http"` - ProtocolHttp2 *ebpf.Program `ebpf:"protocol_http2"` - ProtocolTcp *ebpf.Program `ebpf:"protocol_tcp"` - SocketHttpFilter *ebpf.Program `ebpf:"socket__http_filter"` - UprobeSslDoHandshake *ebpf.Program `ebpf:"uprobe_ssl_do_handshake"` - UprobeSslRead *ebpf.Program `ebpf:"uprobe_ssl_read"` - UprobeSslReadEx *ebpf.Program `ebpf:"uprobe_ssl_read_ex"` - UprobeSslShutdown *ebpf.Program `ebpf:"uprobe_ssl_shutdown"` - UprobeSslWrite *ebpf.Program `ebpf:"uprobe_ssl_write"` - UprobeSslWriteEx *ebpf.Program `ebpf:"uprobe_ssl_write_ex"` - UretprobeSslDoHandshake *ebpf.Program `ebpf:"uretprobe_ssl_do_handshake"` - UretprobeSslRead *ebpf.Program `ebpf:"uretprobe_ssl_read"` - UretprobeSslReadEx *ebpf.Program `ebpf:"uretprobe_ssl_read_ex"` - UretprobeSslWrite *ebpf.Program `ebpf:"uretprobe_ssl_write"` - UretprobeSslWriteEx *ebpf.Program `ebpf:"uretprobe_ssl_write_ex"` -} - -func (p *bpf_debugPrograms) Close() error { - return _Bpf_debugClose( - p.AppEgress, - p.AppIngress, - p.KprobeSysExit, - p.KprobeTcpCleanupRbuf, - p.KprobeTcpClose, - p.KprobeTcpConnect, - p.KprobeTcpRcvEstablished, - p.KprobeTcpRecvmsg, - p.KprobeTcpSendmsg, - p.KretprobeSockAlloc, - p.KretprobeSysAccept4, - p.KretprobeSysClone, - p.KretprobeSysConnect, - p.KretprobeTcpRecvmsg, - p.KretprobeTcpSendmsg, - p.ProtocolHttp, - p.ProtocolHttp2, - p.ProtocolTcp, - p.SocketHttpFilter, - p.UprobeSslDoHandshake, - p.UprobeSslRead, - p.UprobeSslReadEx, - p.UprobeSslShutdown, - p.UprobeSslWrite, - p.UprobeSslWriteEx, - p.UretprobeSslDoHandshake, - p.UretprobeSslRead, - p.UretprobeSslReadEx, - p.UretprobeSslWrite, - p.UretprobeSslWriteEx, - ) -} - -func _Bpf_debugClose(closers ...io.Closer) error { - for _, closer := range closers { - if err := closer.Close(); err != nil { - return err - } - } - return nil -} - -// Do not access this directly. -// -//go:embed bpf_debug_x86_bpfel.o -var _Bpf_debugBytes []byte diff --git a/pkg/internal/ebpf/ktracer/bpf_debug_x86_bpfel.o b/pkg/internal/ebpf/ktracer/bpf_debug_x86_bpfel.o deleted file mode 100644 index 453a2f59c..000000000 --- a/pkg/internal/ebpf/ktracer/bpf_debug_x86_bpfel.o +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:feefcbe3cc1f42c67b2e02935d0a75bd0d564e7576bf9c73b376055cecf06a55 -size 765216 diff --git a/pkg/internal/ebpf/ktracer/bpf_tp_arm64_bpfel.go b/pkg/internal/ebpf/ktracer/bpf_tp_arm64_bpfel.go deleted file mode 100644 index e0437dda6..000000000 --- a/pkg/internal/ebpf/ktracer/bpf_tp_arm64_bpfel.go +++ /dev/null @@ -1,499 +0,0 @@ -// Code generated by bpf2go; DO NOT EDIT. -//go:build arm64 - -package ktracer - -import ( - "bytes" - _ "embed" - "fmt" - "io" - - "github.com/cilium/ebpf" -) - -type bpf_tpCallProtocolArgsT struct { - PidConn bpf_tpPidConnectionInfoT - SmallBuf [24]uint8 - U_buf uint64 - BytesLen int32 - Ssl uint8 - Direction uint8 - OrigDport uint16 - PacketType uint8 - _ [7]byte -} - -type bpf_tpConnectionInfoT struct { - S_addr [16]uint8 - D_addr [16]uint8 - S_port uint16 - D_port uint16 -} - -type bpf_tpHttp2ConnStreamT struct { - PidConn bpf_tpPidConnectionInfoT - StreamId uint32 -} - -type bpf_tpHttp2GrpcRequestT struct { - Flags uint8 - _ [1]byte - ConnInfo bpf_tpConnectionInfoT - Data [256]uint8 - RetData [64]uint8 - Type uint8 - _ [1]byte - Len int32 - _ [4]byte - StartMonotimeNs uint64 - EndMonotimeNs uint64 - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - Ssl uint8 - _ [3]byte - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } -} - -type bpf_tpHttpConnectionMetadataT struct { - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - Type uint8 -} - -type bpf_tpHttpInfoT struct { - Flags uint8 - _ [1]byte - ConnInfo bpf_tpConnectionInfoT - _ [2]byte - StartMonotimeNs uint64 - EndMonotimeNs uint64 - Buf [192]uint8 - Len uint32 - RespLen uint32 - Status uint16 - Type uint8 - Ssl uint8 - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } - ExtraId uint64 - TaskTid uint32 - _ [4]byte -} - -type bpf_tpPartialConnectionInfoT struct { - S_addr [16]uint8 - S_port uint16 - D_port uint16 - TcpSeq uint32 -} - -type bpf_tpPidConnectionInfoT struct { - Conn bpf_tpConnectionInfoT - Pid uint32 -} - -type bpf_tpPidKeyT struct { - Pid uint32 - Ns uint32 -} - -type bpf_tpRecvArgsT struct { - SockPtr uint64 - IovecCtx [40]uint8 -} - -type bpf_tpSendArgsT struct { - P_conn bpf_tpPidConnectionInfoT - Size uint64 -} - -type bpf_tpSockArgsT struct { - Addr uint64 - AcceptTime uint64 -} - -type bpf_tpSslArgsT struct { - Ssl uint64 - Buf uint64 - LenPtr uint64 -} - -type bpf_tpSslPidConnectionInfoT struct { - P_conn bpf_tpPidConnectionInfoT - OrigDport uint16 - _ [2]byte -} - -type bpf_tpTcpReqT struct { - Flags uint8 - _ [1]byte - ConnInfo bpf_tpConnectionInfoT - _ [2]byte - StartMonotimeNs uint64 - EndMonotimeNs uint64 - Buf [256]uint8 - Rbuf [128]uint8 - Len uint32 - RespLen uint32 - Ssl uint8 - Direction uint8 - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - _ [2]byte - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } -} - -type bpf_tpTpInfoPidT struct { - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } - Pid uint32 - Valid uint8 - _ [3]byte -} - -type bpf_tpTraceKeyT struct { - P_key bpf_tpPidKeyT - ExtraId uint64 -} - -// loadBpf_tp returns the embedded CollectionSpec for bpf_tp. -func loadBpf_tp() (*ebpf.CollectionSpec, error) { - reader := bytes.NewReader(_Bpf_tpBytes) - spec, err := ebpf.LoadCollectionSpecFromReader(reader) - if err != nil { - return nil, fmt.Errorf("can't load bpf_tp: %w", err) - } - - return spec, err -} - -// loadBpf_tpObjects loads bpf_tp and converts it into a struct. -// -// The following types are suitable as obj argument: -// -// *bpf_tpObjects -// *bpf_tpPrograms -// *bpf_tpMaps -// -// See ebpf.CollectionSpec.LoadAndAssign documentation for details. -func loadBpf_tpObjects(obj interface{}, opts *ebpf.CollectionOptions) error { - spec, err := loadBpf_tp() - if err != nil { - return err - } - - return spec.LoadAndAssign(obj, opts) -} - -// bpf_tpSpecs contains maps and programs before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpf_tpSpecs struct { - bpf_tpProgramSpecs - bpf_tpMapSpecs -} - -// bpf_tpSpecs contains programs before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpf_tpProgramSpecs struct { - AppEgress *ebpf.ProgramSpec `ebpf:"app_egress"` - AppIngress *ebpf.ProgramSpec `ebpf:"app_ingress"` - KprobeSysExit *ebpf.ProgramSpec `ebpf:"kprobe_sys_exit"` - KprobeTcpCleanupRbuf *ebpf.ProgramSpec `ebpf:"kprobe_tcp_cleanup_rbuf"` - KprobeTcpClose *ebpf.ProgramSpec `ebpf:"kprobe_tcp_close"` - KprobeTcpConnect *ebpf.ProgramSpec `ebpf:"kprobe_tcp_connect"` - KprobeTcpRcvEstablished *ebpf.ProgramSpec `ebpf:"kprobe_tcp_rcv_established"` - KprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_recvmsg"` - KprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_sendmsg"` - KretprobeSockAlloc *ebpf.ProgramSpec `ebpf:"kretprobe_sock_alloc"` - KretprobeSysAccept4 *ebpf.ProgramSpec `ebpf:"kretprobe_sys_accept4"` - KretprobeSysClone *ebpf.ProgramSpec `ebpf:"kretprobe_sys_clone"` - KretprobeSysConnect *ebpf.ProgramSpec `ebpf:"kretprobe_sys_connect"` - KretprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_recvmsg"` - KretprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_sendmsg"` - ProtocolHttp *ebpf.ProgramSpec `ebpf:"protocol_http"` - ProtocolHttp2 *ebpf.ProgramSpec `ebpf:"protocol_http2"` - ProtocolTcp *ebpf.ProgramSpec `ebpf:"protocol_tcp"` - SocketHttpFilter *ebpf.ProgramSpec `ebpf:"socket__http_filter"` - UprobeSslDoHandshake *ebpf.ProgramSpec `ebpf:"uprobe_ssl_do_handshake"` - UprobeSslRead *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read"` - UprobeSslReadEx *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read_ex"` - UprobeSslShutdown *ebpf.ProgramSpec `ebpf:"uprobe_ssl_shutdown"` - UprobeSslWrite *ebpf.ProgramSpec `ebpf:"uprobe_ssl_write"` - UprobeSslWriteEx *ebpf.ProgramSpec `ebpf:"uprobe_ssl_write_ex"` - UretprobeSslDoHandshake *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_do_handshake"` - UretprobeSslRead *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_read"` - UretprobeSslReadEx *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_read_ex"` - UretprobeSslWrite *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_write"` - UretprobeSslWriteEx *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_write_ex"` -} - -// bpf_tpMapSpecs contains maps before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpf_tpMapSpecs struct { - ActiveAcceptArgs *ebpf.MapSpec `ebpf:"active_accept_args"` - ActiveConnectArgs *ebpf.MapSpec `ebpf:"active_connect_args"` - ActiveNodejsIds *ebpf.MapSpec `ebpf:"active_nodejs_ids"` - ActiveRecvArgs *ebpf.MapSpec `ebpf:"active_recv_args"` - ActiveSendArgs *ebpf.MapSpec `ebpf:"active_send_args"` - ActiveSendSockArgs *ebpf.MapSpec `ebpf:"active_send_sock_args"` - ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` - ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` - ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` - ActiveSslWriteArgs *ebpf.MapSpec `ebpf:"active_ssl_write_args"` - CloneMap *ebpf.MapSpec `ebpf:"clone_map"` - ConnectionMetaMem *ebpf.MapSpec `ebpf:"connection_meta_mem"` - Events *ebpf.MapSpec `ebpf:"events"` - Http2InfoMem *ebpf.MapSpec `ebpf:"http2_info_mem"` - HttpInfoMem *ebpf.MapSpec `ebpf:"http_info_mem"` - IncomingTraceMap *ebpf.MapSpec `ebpf:"incoming_trace_map"` - IovecMem *ebpf.MapSpec `ebpf:"iovec_mem"` - JumpTable *ebpf.MapSpec `ebpf:"jump_table"` - NodejsParentMap *ebpf.MapSpec `ebpf:"nodejs_parent_map"` - OngoingHttp *ebpf.MapSpec `ebpf:"ongoing_http"` - OngoingHttp2Connections *ebpf.MapSpec `ebpf:"ongoing_http2_connections"` - OngoingHttp2Grpc *ebpf.MapSpec `ebpf:"ongoing_http2_grpc"` - OngoingHttpFallback *ebpf.MapSpec `ebpf:"ongoing_http_fallback"` - OngoingTcpReq *ebpf.MapSpec `ebpf:"ongoing_tcp_req"` - OutgoingTraceMap *ebpf.MapSpec `ebpf:"outgoing_trace_map"` - PidCache *ebpf.MapSpec `ebpf:"pid_cache"` - PidTidToConn *ebpf.MapSpec `ebpf:"pid_tid_to_conn"` - ProtocolArgsMem *ebpf.MapSpec `ebpf:"protocol_args_mem"` - ServerTraces *ebpf.MapSpec `ebpf:"server_traces"` - SslToConn *ebpf.MapSpec `ebpf:"ssl_to_conn"` - SslToPidTid *ebpf.MapSpec `ebpf:"ssl_to_pid_tid"` - TcpConnectionMap *ebpf.MapSpec `ebpf:"tcp_connection_map"` - TcpReqMem *ebpf.MapSpec `ebpf:"tcp_req_mem"` - TpCharBufMem *ebpf.MapSpec `ebpf:"tp_char_buf_mem"` - TpInfoMem *ebpf.MapSpec `ebpf:"tp_info_mem"` - TraceMap *ebpf.MapSpec `ebpf:"trace_map"` - ValidPids *ebpf.MapSpec `ebpf:"valid_pids"` -} - -// bpf_tpObjects contains all objects after they have been loaded into the kernel. -// -// It can be passed to loadBpf_tpObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpf_tpObjects struct { - bpf_tpPrograms - bpf_tpMaps -} - -func (o *bpf_tpObjects) Close() error { - return _Bpf_tpClose( - &o.bpf_tpPrograms, - &o.bpf_tpMaps, - ) -} - -// bpf_tpMaps contains all maps after they have been loaded into the kernel. -// -// It can be passed to loadBpf_tpObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpf_tpMaps struct { - ActiveAcceptArgs *ebpf.Map `ebpf:"active_accept_args"` - ActiveConnectArgs *ebpf.Map `ebpf:"active_connect_args"` - ActiveNodejsIds *ebpf.Map `ebpf:"active_nodejs_ids"` - ActiveRecvArgs *ebpf.Map `ebpf:"active_recv_args"` - ActiveSendArgs *ebpf.Map `ebpf:"active_send_args"` - ActiveSendSockArgs *ebpf.Map `ebpf:"active_send_sock_args"` - ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` - ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` - ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` - ActiveSslWriteArgs *ebpf.Map `ebpf:"active_ssl_write_args"` - CloneMap *ebpf.Map `ebpf:"clone_map"` - ConnectionMetaMem *ebpf.Map `ebpf:"connection_meta_mem"` - Events *ebpf.Map `ebpf:"events"` - Http2InfoMem *ebpf.Map `ebpf:"http2_info_mem"` - HttpInfoMem *ebpf.Map `ebpf:"http_info_mem"` - IncomingTraceMap *ebpf.Map `ebpf:"incoming_trace_map"` - IovecMem *ebpf.Map `ebpf:"iovec_mem"` - JumpTable *ebpf.Map `ebpf:"jump_table"` - NodejsParentMap *ebpf.Map `ebpf:"nodejs_parent_map"` - OngoingHttp *ebpf.Map `ebpf:"ongoing_http"` - OngoingHttp2Connections *ebpf.Map `ebpf:"ongoing_http2_connections"` - OngoingHttp2Grpc *ebpf.Map `ebpf:"ongoing_http2_grpc"` - OngoingHttpFallback *ebpf.Map `ebpf:"ongoing_http_fallback"` - OngoingTcpReq *ebpf.Map `ebpf:"ongoing_tcp_req"` - OutgoingTraceMap *ebpf.Map `ebpf:"outgoing_trace_map"` - PidCache *ebpf.Map `ebpf:"pid_cache"` - PidTidToConn *ebpf.Map `ebpf:"pid_tid_to_conn"` - ProtocolArgsMem *ebpf.Map `ebpf:"protocol_args_mem"` - ServerTraces *ebpf.Map `ebpf:"server_traces"` - SslToConn *ebpf.Map `ebpf:"ssl_to_conn"` - SslToPidTid *ebpf.Map `ebpf:"ssl_to_pid_tid"` - TcpConnectionMap *ebpf.Map `ebpf:"tcp_connection_map"` - TcpReqMem *ebpf.Map `ebpf:"tcp_req_mem"` - TpCharBufMem *ebpf.Map `ebpf:"tp_char_buf_mem"` - TpInfoMem *ebpf.Map `ebpf:"tp_info_mem"` - TraceMap *ebpf.Map `ebpf:"trace_map"` - ValidPids *ebpf.Map `ebpf:"valid_pids"` -} - -func (m *bpf_tpMaps) Close() error { - return _Bpf_tpClose( - m.ActiveAcceptArgs, - m.ActiveConnectArgs, - m.ActiveNodejsIds, - m.ActiveRecvArgs, - m.ActiveSendArgs, - m.ActiveSendSockArgs, - m.ActiveSslConnections, - m.ActiveSslHandshakes, - m.ActiveSslReadArgs, - m.ActiveSslWriteArgs, - m.CloneMap, - m.ConnectionMetaMem, - m.Events, - m.Http2InfoMem, - m.HttpInfoMem, - m.IncomingTraceMap, - m.IovecMem, - m.JumpTable, - m.NodejsParentMap, - m.OngoingHttp, - m.OngoingHttp2Connections, - m.OngoingHttp2Grpc, - m.OngoingHttpFallback, - m.OngoingTcpReq, - m.OutgoingTraceMap, - m.PidCache, - m.PidTidToConn, - m.ProtocolArgsMem, - m.ServerTraces, - m.SslToConn, - m.SslToPidTid, - m.TcpConnectionMap, - m.TcpReqMem, - m.TpCharBufMem, - m.TpInfoMem, - m.TraceMap, - m.ValidPids, - ) -} - -// bpf_tpPrograms contains all programs after they have been loaded into the kernel. -// -// It can be passed to loadBpf_tpObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpf_tpPrograms struct { - AppEgress *ebpf.Program `ebpf:"app_egress"` - AppIngress *ebpf.Program `ebpf:"app_ingress"` - KprobeSysExit *ebpf.Program `ebpf:"kprobe_sys_exit"` - KprobeTcpCleanupRbuf *ebpf.Program `ebpf:"kprobe_tcp_cleanup_rbuf"` - KprobeTcpClose *ebpf.Program `ebpf:"kprobe_tcp_close"` - KprobeTcpConnect *ebpf.Program `ebpf:"kprobe_tcp_connect"` - KprobeTcpRcvEstablished *ebpf.Program `ebpf:"kprobe_tcp_rcv_established"` - KprobeTcpRecvmsg *ebpf.Program `ebpf:"kprobe_tcp_recvmsg"` - KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe_tcp_sendmsg"` - KretprobeSockAlloc *ebpf.Program `ebpf:"kretprobe_sock_alloc"` - KretprobeSysAccept4 *ebpf.Program `ebpf:"kretprobe_sys_accept4"` - KretprobeSysClone *ebpf.Program `ebpf:"kretprobe_sys_clone"` - KretprobeSysConnect *ebpf.Program `ebpf:"kretprobe_sys_connect"` - KretprobeTcpRecvmsg *ebpf.Program `ebpf:"kretprobe_tcp_recvmsg"` - KretprobeTcpSendmsg *ebpf.Program `ebpf:"kretprobe_tcp_sendmsg"` - ProtocolHttp *ebpf.Program `ebpf:"protocol_http"` - ProtocolHttp2 *ebpf.Program `ebpf:"protocol_http2"` - ProtocolTcp *ebpf.Program `ebpf:"protocol_tcp"` - SocketHttpFilter *ebpf.Program `ebpf:"socket__http_filter"` - UprobeSslDoHandshake *ebpf.Program `ebpf:"uprobe_ssl_do_handshake"` - UprobeSslRead *ebpf.Program `ebpf:"uprobe_ssl_read"` - UprobeSslReadEx *ebpf.Program `ebpf:"uprobe_ssl_read_ex"` - UprobeSslShutdown *ebpf.Program `ebpf:"uprobe_ssl_shutdown"` - UprobeSslWrite *ebpf.Program `ebpf:"uprobe_ssl_write"` - UprobeSslWriteEx *ebpf.Program `ebpf:"uprobe_ssl_write_ex"` - UretprobeSslDoHandshake *ebpf.Program `ebpf:"uretprobe_ssl_do_handshake"` - UretprobeSslRead *ebpf.Program `ebpf:"uretprobe_ssl_read"` - UretprobeSslReadEx *ebpf.Program `ebpf:"uretprobe_ssl_read_ex"` - UretprobeSslWrite *ebpf.Program `ebpf:"uretprobe_ssl_write"` - UretprobeSslWriteEx *ebpf.Program `ebpf:"uretprobe_ssl_write_ex"` -} - -func (p *bpf_tpPrograms) Close() error { - return _Bpf_tpClose( - p.AppEgress, - p.AppIngress, - p.KprobeSysExit, - p.KprobeTcpCleanupRbuf, - p.KprobeTcpClose, - p.KprobeTcpConnect, - p.KprobeTcpRcvEstablished, - p.KprobeTcpRecvmsg, - p.KprobeTcpSendmsg, - p.KretprobeSockAlloc, - p.KretprobeSysAccept4, - p.KretprobeSysClone, - p.KretprobeSysConnect, - p.KretprobeTcpRecvmsg, - p.KretprobeTcpSendmsg, - p.ProtocolHttp, - p.ProtocolHttp2, - p.ProtocolTcp, - p.SocketHttpFilter, - p.UprobeSslDoHandshake, - p.UprobeSslRead, - p.UprobeSslReadEx, - p.UprobeSslShutdown, - p.UprobeSslWrite, - p.UprobeSslWriteEx, - p.UretprobeSslDoHandshake, - p.UretprobeSslRead, - p.UretprobeSslReadEx, - p.UretprobeSslWrite, - p.UretprobeSslWriteEx, - ) -} - -func _Bpf_tpClose(closers ...io.Closer) error { - for _, closer := range closers { - if err := closer.Close(); err != nil { - return err - } - } - return nil -} - -// Do not access this directly. -// -//go:embed bpf_tp_arm64_bpfel.o -var _Bpf_tpBytes []byte diff --git a/pkg/internal/ebpf/ktracer/bpf_tp_arm64_bpfel.o b/pkg/internal/ebpf/ktracer/bpf_tp_arm64_bpfel.o deleted file mode 100644 index efef6364c..000000000 --- a/pkg/internal/ebpf/ktracer/bpf_tp_arm64_bpfel.o +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2fd78c87bad734f26145b172cf2b45e079ad5ae37128af8df834c07d7fddd768 -size 495824 diff --git a/pkg/internal/ebpf/ktracer/bpf_tp_debug_arm64_bpfel.go b/pkg/internal/ebpf/ktracer/bpf_tp_debug_arm64_bpfel.go deleted file mode 100644 index af82ca9d8..000000000 --- a/pkg/internal/ebpf/ktracer/bpf_tp_debug_arm64_bpfel.go +++ /dev/null @@ -1,502 +0,0 @@ -// Code generated by bpf2go; DO NOT EDIT. -//go:build arm64 - -package ktracer - -import ( - "bytes" - _ "embed" - "fmt" - "io" - - "github.com/cilium/ebpf" -) - -type bpf_tp_debugCallProtocolArgsT struct { - PidConn bpf_tp_debugPidConnectionInfoT - SmallBuf [24]uint8 - U_buf uint64 - BytesLen int32 - Ssl uint8 - Direction uint8 - OrigDport uint16 - PacketType uint8 - _ [7]byte -} - -type bpf_tp_debugConnectionInfoT struct { - S_addr [16]uint8 - D_addr [16]uint8 - S_port uint16 - D_port uint16 -} - -type bpf_tp_debugHttp2ConnStreamT struct { - PidConn bpf_tp_debugPidConnectionInfoT - StreamId uint32 -} - -type bpf_tp_debugHttp2GrpcRequestT struct { - Flags uint8 - _ [1]byte - ConnInfo bpf_tp_debugConnectionInfoT - Data [256]uint8 - RetData [64]uint8 - Type uint8 - _ [1]byte - Len int32 - _ [4]byte - StartMonotimeNs uint64 - EndMonotimeNs uint64 - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - Ssl uint8 - _ [3]byte - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } -} - -type bpf_tp_debugHttpConnectionMetadataT struct { - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - Type uint8 -} - -type bpf_tp_debugHttpInfoT struct { - Flags uint8 - _ [1]byte - ConnInfo bpf_tp_debugConnectionInfoT - _ [2]byte - StartMonotimeNs uint64 - EndMonotimeNs uint64 - Buf [192]uint8 - Len uint32 - RespLen uint32 - Status uint16 - Type uint8 - Ssl uint8 - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } - ExtraId uint64 - TaskTid uint32 - _ [4]byte -} - -type bpf_tp_debugPartialConnectionInfoT struct { - S_addr [16]uint8 - S_port uint16 - D_port uint16 - TcpSeq uint32 -} - -type bpf_tp_debugPidConnectionInfoT struct { - Conn bpf_tp_debugConnectionInfoT - Pid uint32 -} - -type bpf_tp_debugPidKeyT struct { - Pid uint32 - Ns uint32 -} - -type bpf_tp_debugRecvArgsT struct { - SockPtr uint64 - IovecCtx [40]uint8 -} - -type bpf_tp_debugSendArgsT struct { - P_conn bpf_tp_debugPidConnectionInfoT - Size uint64 -} - -type bpf_tp_debugSockArgsT struct { - Addr uint64 - AcceptTime uint64 -} - -type bpf_tp_debugSslArgsT struct { - Ssl uint64 - Buf uint64 - LenPtr uint64 -} - -type bpf_tp_debugSslPidConnectionInfoT struct { - P_conn bpf_tp_debugPidConnectionInfoT - OrigDport uint16 - _ [2]byte -} - -type bpf_tp_debugTcpReqT struct { - Flags uint8 - _ [1]byte - ConnInfo bpf_tp_debugConnectionInfoT - _ [2]byte - StartMonotimeNs uint64 - EndMonotimeNs uint64 - Buf [256]uint8 - Rbuf [128]uint8 - Len uint32 - RespLen uint32 - Ssl uint8 - Direction uint8 - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - _ [2]byte - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } -} - -type bpf_tp_debugTpInfoPidT struct { - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } - Pid uint32 - Valid uint8 - _ [3]byte -} - -type bpf_tp_debugTraceKeyT struct { - P_key bpf_tp_debugPidKeyT - ExtraId uint64 -} - -// loadBpf_tp_debug returns the embedded CollectionSpec for bpf_tp_debug. -func loadBpf_tp_debug() (*ebpf.CollectionSpec, error) { - reader := bytes.NewReader(_Bpf_tp_debugBytes) - spec, err := ebpf.LoadCollectionSpecFromReader(reader) - if err != nil { - return nil, fmt.Errorf("can't load bpf_tp_debug: %w", err) - } - - return spec, err -} - -// loadBpf_tp_debugObjects loads bpf_tp_debug and converts it into a struct. -// -// The following types are suitable as obj argument: -// -// *bpf_tp_debugObjects -// *bpf_tp_debugPrograms -// *bpf_tp_debugMaps -// -// See ebpf.CollectionSpec.LoadAndAssign documentation for details. -func loadBpf_tp_debugObjects(obj interface{}, opts *ebpf.CollectionOptions) error { - spec, err := loadBpf_tp_debug() - if err != nil { - return err - } - - return spec.LoadAndAssign(obj, opts) -} - -// bpf_tp_debugSpecs contains maps and programs before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpf_tp_debugSpecs struct { - bpf_tp_debugProgramSpecs - bpf_tp_debugMapSpecs -} - -// bpf_tp_debugSpecs contains programs before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpf_tp_debugProgramSpecs struct { - AppEgress *ebpf.ProgramSpec `ebpf:"app_egress"` - AppIngress *ebpf.ProgramSpec `ebpf:"app_ingress"` - KprobeSysExit *ebpf.ProgramSpec `ebpf:"kprobe_sys_exit"` - KprobeTcpCleanupRbuf *ebpf.ProgramSpec `ebpf:"kprobe_tcp_cleanup_rbuf"` - KprobeTcpClose *ebpf.ProgramSpec `ebpf:"kprobe_tcp_close"` - KprobeTcpConnect *ebpf.ProgramSpec `ebpf:"kprobe_tcp_connect"` - KprobeTcpRcvEstablished *ebpf.ProgramSpec `ebpf:"kprobe_tcp_rcv_established"` - KprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_recvmsg"` - KprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_sendmsg"` - KretprobeSockAlloc *ebpf.ProgramSpec `ebpf:"kretprobe_sock_alloc"` - KretprobeSysAccept4 *ebpf.ProgramSpec `ebpf:"kretprobe_sys_accept4"` - KretprobeSysClone *ebpf.ProgramSpec `ebpf:"kretprobe_sys_clone"` - KretprobeSysConnect *ebpf.ProgramSpec `ebpf:"kretprobe_sys_connect"` - KretprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_recvmsg"` - KretprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_sendmsg"` - ProtocolHttp *ebpf.ProgramSpec `ebpf:"protocol_http"` - ProtocolHttp2 *ebpf.ProgramSpec `ebpf:"protocol_http2"` - ProtocolTcp *ebpf.ProgramSpec `ebpf:"protocol_tcp"` - SocketHttpFilter *ebpf.ProgramSpec `ebpf:"socket__http_filter"` - UprobeSslDoHandshake *ebpf.ProgramSpec `ebpf:"uprobe_ssl_do_handshake"` - UprobeSslRead *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read"` - UprobeSslReadEx *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read_ex"` - UprobeSslShutdown *ebpf.ProgramSpec `ebpf:"uprobe_ssl_shutdown"` - UprobeSslWrite *ebpf.ProgramSpec `ebpf:"uprobe_ssl_write"` - UprobeSslWriteEx *ebpf.ProgramSpec `ebpf:"uprobe_ssl_write_ex"` - UretprobeSslDoHandshake *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_do_handshake"` - UretprobeSslRead *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_read"` - UretprobeSslReadEx *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_read_ex"` - UretprobeSslWrite *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_write"` - UretprobeSslWriteEx *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_write_ex"` -} - -// bpf_tp_debugMapSpecs contains maps before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpf_tp_debugMapSpecs struct { - ActiveAcceptArgs *ebpf.MapSpec `ebpf:"active_accept_args"` - ActiveConnectArgs *ebpf.MapSpec `ebpf:"active_connect_args"` - ActiveNodejsIds *ebpf.MapSpec `ebpf:"active_nodejs_ids"` - ActiveRecvArgs *ebpf.MapSpec `ebpf:"active_recv_args"` - ActiveSendArgs *ebpf.MapSpec `ebpf:"active_send_args"` - ActiveSendSockArgs *ebpf.MapSpec `ebpf:"active_send_sock_args"` - ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` - ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` - ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` - ActiveSslWriteArgs *ebpf.MapSpec `ebpf:"active_ssl_write_args"` - CloneMap *ebpf.MapSpec `ebpf:"clone_map"` - ConnectionMetaMem *ebpf.MapSpec `ebpf:"connection_meta_mem"` - DebugEvents *ebpf.MapSpec `ebpf:"debug_events"` - Events *ebpf.MapSpec `ebpf:"events"` - Http2InfoMem *ebpf.MapSpec `ebpf:"http2_info_mem"` - HttpInfoMem *ebpf.MapSpec `ebpf:"http_info_mem"` - IncomingTraceMap *ebpf.MapSpec `ebpf:"incoming_trace_map"` - IovecMem *ebpf.MapSpec `ebpf:"iovec_mem"` - JumpTable *ebpf.MapSpec `ebpf:"jump_table"` - NodejsParentMap *ebpf.MapSpec `ebpf:"nodejs_parent_map"` - OngoingHttp *ebpf.MapSpec `ebpf:"ongoing_http"` - OngoingHttp2Connections *ebpf.MapSpec `ebpf:"ongoing_http2_connections"` - OngoingHttp2Grpc *ebpf.MapSpec `ebpf:"ongoing_http2_grpc"` - OngoingHttpFallback *ebpf.MapSpec `ebpf:"ongoing_http_fallback"` - OngoingTcpReq *ebpf.MapSpec `ebpf:"ongoing_tcp_req"` - OutgoingTraceMap *ebpf.MapSpec `ebpf:"outgoing_trace_map"` - PidCache *ebpf.MapSpec `ebpf:"pid_cache"` - PidTidToConn *ebpf.MapSpec `ebpf:"pid_tid_to_conn"` - ProtocolArgsMem *ebpf.MapSpec `ebpf:"protocol_args_mem"` - ServerTraces *ebpf.MapSpec `ebpf:"server_traces"` - SslToConn *ebpf.MapSpec `ebpf:"ssl_to_conn"` - SslToPidTid *ebpf.MapSpec `ebpf:"ssl_to_pid_tid"` - TcpConnectionMap *ebpf.MapSpec `ebpf:"tcp_connection_map"` - TcpReqMem *ebpf.MapSpec `ebpf:"tcp_req_mem"` - TpCharBufMem *ebpf.MapSpec `ebpf:"tp_char_buf_mem"` - TpInfoMem *ebpf.MapSpec `ebpf:"tp_info_mem"` - TraceMap *ebpf.MapSpec `ebpf:"trace_map"` - ValidPids *ebpf.MapSpec `ebpf:"valid_pids"` -} - -// bpf_tp_debugObjects contains all objects after they have been loaded into the kernel. -// -// It can be passed to loadBpf_tp_debugObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpf_tp_debugObjects struct { - bpf_tp_debugPrograms - bpf_tp_debugMaps -} - -func (o *bpf_tp_debugObjects) Close() error { - return _Bpf_tp_debugClose( - &o.bpf_tp_debugPrograms, - &o.bpf_tp_debugMaps, - ) -} - -// bpf_tp_debugMaps contains all maps after they have been loaded into the kernel. -// -// It can be passed to loadBpf_tp_debugObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpf_tp_debugMaps struct { - ActiveAcceptArgs *ebpf.Map `ebpf:"active_accept_args"` - ActiveConnectArgs *ebpf.Map `ebpf:"active_connect_args"` - ActiveNodejsIds *ebpf.Map `ebpf:"active_nodejs_ids"` - ActiveRecvArgs *ebpf.Map `ebpf:"active_recv_args"` - ActiveSendArgs *ebpf.Map `ebpf:"active_send_args"` - ActiveSendSockArgs *ebpf.Map `ebpf:"active_send_sock_args"` - ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` - ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` - ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` - ActiveSslWriteArgs *ebpf.Map `ebpf:"active_ssl_write_args"` - CloneMap *ebpf.Map `ebpf:"clone_map"` - ConnectionMetaMem *ebpf.Map `ebpf:"connection_meta_mem"` - DebugEvents *ebpf.Map `ebpf:"debug_events"` - Events *ebpf.Map `ebpf:"events"` - Http2InfoMem *ebpf.Map `ebpf:"http2_info_mem"` - HttpInfoMem *ebpf.Map `ebpf:"http_info_mem"` - IncomingTraceMap *ebpf.Map `ebpf:"incoming_trace_map"` - IovecMem *ebpf.Map `ebpf:"iovec_mem"` - JumpTable *ebpf.Map `ebpf:"jump_table"` - NodejsParentMap *ebpf.Map `ebpf:"nodejs_parent_map"` - OngoingHttp *ebpf.Map `ebpf:"ongoing_http"` - OngoingHttp2Connections *ebpf.Map `ebpf:"ongoing_http2_connections"` - OngoingHttp2Grpc *ebpf.Map `ebpf:"ongoing_http2_grpc"` - OngoingHttpFallback *ebpf.Map `ebpf:"ongoing_http_fallback"` - OngoingTcpReq *ebpf.Map `ebpf:"ongoing_tcp_req"` - OutgoingTraceMap *ebpf.Map `ebpf:"outgoing_trace_map"` - PidCache *ebpf.Map `ebpf:"pid_cache"` - PidTidToConn *ebpf.Map `ebpf:"pid_tid_to_conn"` - ProtocolArgsMem *ebpf.Map `ebpf:"protocol_args_mem"` - ServerTraces *ebpf.Map `ebpf:"server_traces"` - SslToConn *ebpf.Map `ebpf:"ssl_to_conn"` - SslToPidTid *ebpf.Map `ebpf:"ssl_to_pid_tid"` - TcpConnectionMap *ebpf.Map `ebpf:"tcp_connection_map"` - TcpReqMem *ebpf.Map `ebpf:"tcp_req_mem"` - TpCharBufMem *ebpf.Map `ebpf:"tp_char_buf_mem"` - TpInfoMem *ebpf.Map `ebpf:"tp_info_mem"` - TraceMap *ebpf.Map `ebpf:"trace_map"` - ValidPids *ebpf.Map `ebpf:"valid_pids"` -} - -func (m *bpf_tp_debugMaps) Close() error { - return _Bpf_tp_debugClose( - m.ActiveAcceptArgs, - m.ActiveConnectArgs, - m.ActiveNodejsIds, - m.ActiveRecvArgs, - m.ActiveSendArgs, - m.ActiveSendSockArgs, - m.ActiveSslConnections, - m.ActiveSslHandshakes, - m.ActiveSslReadArgs, - m.ActiveSslWriteArgs, - m.CloneMap, - m.ConnectionMetaMem, - m.DebugEvents, - m.Events, - m.Http2InfoMem, - m.HttpInfoMem, - m.IncomingTraceMap, - m.IovecMem, - m.JumpTable, - m.NodejsParentMap, - m.OngoingHttp, - m.OngoingHttp2Connections, - m.OngoingHttp2Grpc, - m.OngoingHttpFallback, - m.OngoingTcpReq, - m.OutgoingTraceMap, - m.PidCache, - m.PidTidToConn, - m.ProtocolArgsMem, - m.ServerTraces, - m.SslToConn, - m.SslToPidTid, - m.TcpConnectionMap, - m.TcpReqMem, - m.TpCharBufMem, - m.TpInfoMem, - m.TraceMap, - m.ValidPids, - ) -} - -// bpf_tp_debugPrograms contains all programs after they have been loaded into the kernel. -// -// It can be passed to loadBpf_tp_debugObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpf_tp_debugPrograms struct { - AppEgress *ebpf.Program `ebpf:"app_egress"` - AppIngress *ebpf.Program `ebpf:"app_ingress"` - KprobeSysExit *ebpf.Program `ebpf:"kprobe_sys_exit"` - KprobeTcpCleanupRbuf *ebpf.Program `ebpf:"kprobe_tcp_cleanup_rbuf"` - KprobeTcpClose *ebpf.Program `ebpf:"kprobe_tcp_close"` - KprobeTcpConnect *ebpf.Program `ebpf:"kprobe_tcp_connect"` - KprobeTcpRcvEstablished *ebpf.Program `ebpf:"kprobe_tcp_rcv_established"` - KprobeTcpRecvmsg *ebpf.Program `ebpf:"kprobe_tcp_recvmsg"` - KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe_tcp_sendmsg"` - KretprobeSockAlloc *ebpf.Program `ebpf:"kretprobe_sock_alloc"` - KretprobeSysAccept4 *ebpf.Program `ebpf:"kretprobe_sys_accept4"` - KretprobeSysClone *ebpf.Program `ebpf:"kretprobe_sys_clone"` - KretprobeSysConnect *ebpf.Program `ebpf:"kretprobe_sys_connect"` - KretprobeTcpRecvmsg *ebpf.Program `ebpf:"kretprobe_tcp_recvmsg"` - KretprobeTcpSendmsg *ebpf.Program `ebpf:"kretprobe_tcp_sendmsg"` - ProtocolHttp *ebpf.Program `ebpf:"protocol_http"` - ProtocolHttp2 *ebpf.Program `ebpf:"protocol_http2"` - ProtocolTcp *ebpf.Program `ebpf:"protocol_tcp"` - SocketHttpFilter *ebpf.Program `ebpf:"socket__http_filter"` - UprobeSslDoHandshake *ebpf.Program `ebpf:"uprobe_ssl_do_handshake"` - UprobeSslRead *ebpf.Program `ebpf:"uprobe_ssl_read"` - UprobeSslReadEx *ebpf.Program `ebpf:"uprobe_ssl_read_ex"` - UprobeSslShutdown *ebpf.Program `ebpf:"uprobe_ssl_shutdown"` - UprobeSslWrite *ebpf.Program `ebpf:"uprobe_ssl_write"` - UprobeSslWriteEx *ebpf.Program `ebpf:"uprobe_ssl_write_ex"` - UretprobeSslDoHandshake *ebpf.Program `ebpf:"uretprobe_ssl_do_handshake"` - UretprobeSslRead *ebpf.Program `ebpf:"uretprobe_ssl_read"` - UretprobeSslReadEx *ebpf.Program `ebpf:"uretprobe_ssl_read_ex"` - UretprobeSslWrite *ebpf.Program `ebpf:"uretprobe_ssl_write"` - UretprobeSslWriteEx *ebpf.Program `ebpf:"uretprobe_ssl_write_ex"` -} - -func (p *bpf_tp_debugPrograms) Close() error { - return _Bpf_tp_debugClose( - p.AppEgress, - p.AppIngress, - p.KprobeSysExit, - p.KprobeTcpCleanupRbuf, - p.KprobeTcpClose, - p.KprobeTcpConnect, - p.KprobeTcpRcvEstablished, - p.KprobeTcpRecvmsg, - p.KprobeTcpSendmsg, - p.KretprobeSockAlloc, - p.KretprobeSysAccept4, - p.KretprobeSysClone, - p.KretprobeSysConnect, - p.KretprobeTcpRecvmsg, - p.KretprobeTcpSendmsg, - p.ProtocolHttp, - p.ProtocolHttp2, - p.ProtocolTcp, - p.SocketHttpFilter, - p.UprobeSslDoHandshake, - p.UprobeSslRead, - p.UprobeSslReadEx, - p.UprobeSslShutdown, - p.UprobeSslWrite, - p.UprobeSslWriteEx, - p.UretprobeSslDoHandshake, - p.UretprobeSslRead, - p.UretprobeSslReadEx, - p.UretprobeSslWrite, - p.UretprobeSslWriteEx, - ) -} - -func _Bpf_tp_debugClose(closers ...io.Closer) error { - for _, closer := range closers { - if err := closer.Close(); err != nil { - return err - } - } - return nil -} - -// Do not access this directly. -// -//go:embed bpf_tp_debug_arm64_bpfel.o -var _Bpf_tp_debugBytes []byte diff --git a/pkg/internal/ebpf/ktracer/bpf_tp_debug_arm64_bpfel.o b/pkg/internal/ebpf/ktracer/bpf_tp_debug_arm64_bpfel.o deleted file mode 100644 index 3bc768f37..000000000 --- a/pkg/internal/ebpf/ktracer/bpf_tp_debug_arm64_bpfel.o +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:06c0107ad1bf7f5a5ff6554744cc9e9edcbfd4c5c96aa45ab24eea9a5591e1cf -size 784592 diff --git a/pkg/internal/ebpf/ktracer/bpf_tp_debug_x86_bpfel.go b/pkg/internal/ebpf/ktracer/bpf_tp_debug_x86_bpfel.go deleted file mode 100644 index ee0a2ee07..000000000 --- a/pkg/internal/ebpf/ktracer/bpf_tp_debug_x86_bpfel.go +++ /dev/null @@ -1,502 +0,0 @@ -// Code generated by bpf2go; DO NOT EDIT. -//go:build 386 || amd64 - -package ktracer - -import ( - "bytes" - _ "embed" - "fmt" - "io" - - "github.com/cilium/ebpf" -) - -type bpf_tp_debugCallProtocolArgsT struct { - PidConn bpf_tp_debugPidConnectionInfoT - SmallBuf [24]uint8 - U_buf uint64 - BytesLen int32 - Ssl uint8 - Direction uint8 - OrigDport uint16 - PacketType uint8 - _ [7]byte -} - -type bpf_tp_debugConnectionInfoT struct { - S_addr [16]uint8 - D_addr [16]uint8 - S_port uint16 - D_port uint16 -} - -type bpf_tp_debugHttp2ConnStreamT struct { - PidConn bpf_tp_debugPidConnectionInfoT - StreamId uint32 -} - -type bpf_tp_debugHttp2GrpcRequestT struct { - Flags uint8 - _ [1]byte - ConnInfo bpf_tp_debugConnectionInfoT - Data [256]uint8 - RetData [64]uint8 - Type uint8 - _ [1]byte - Len int32 - _ [4]byte - StartMonotimeNs uint64 - EndMonotimeNs uint64 - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - Ssl uint8 - _ [3]byte - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } -} - -type bpf_tp_debugHttpConnectionMetadataT struct { - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - Type uint8 -} - -type bpf_tp_debugHttpInfoT struct { - Flags uint8 - _ [1]byte - ConnInfo bpf_tp_debugConnectionInfoT - _ [2]byte - StartMonotimeNs uint64 - EndMonotimeNs uint64 - Buf [192]uint8 - Len uint32 - RespLen uint32 - Status uint16 - Type uint8 - Ssl uint8 - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } - ExtraId uint64 - TaskTid uint32 - _ [4]byte -} - -type bpf_tp_debugPartialConnectionInfoT struct { - S_addr [16]uint8 - S_port uint16 - D_port uint16 - TcpSeq uint32 -} - -type bpf_tp_debugPidConnectionInfoT struct { - Conn bpf_tp_debugConnectionInfoT - Pid uint32 -} - -type bpf_tp_debugPidKeyT struct { - Pid uint32 - Ns uint32 -} - -type bpf_tp_debugRecvArgsT struct { - SockPtr uint64 - IovecCtx [40]uint8 -} - -type bpf_tp_debugSendArgsT struct { - P_conn bpf_tp_debugPidConnectionInfoT - Size uint64 -} - -type bpf_tp_debugSockArgsT struct { - Addr uint64 - AcceptTime uint64 -} - -type bpf_tp_debugSslArgsT struct { - Ssl uint64 - Buf uint64 - LenPtr uint64 -} - -type bpf_tp_debugSslPidConnectionInfoT struct { - P_conn bpf_tp_debugPidConnectionInfoT - OrigDport uint16 - _ [2]byte -} - -type bpf_tp_debugTcpReqT struct { - Flags uint8 - _ [1]byte - ConnInfo bpf_tp_debugConnectionInfoT - _ [2]byte - StartMonotimeNs uint64 - EndMonotimeNs uint64 - Buf [256]uint8 - Rbuf [128]uint8 - Len uint32 - RespLen uint32 - Ssl uint8 - Direction uint8 - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - _ [2]byte - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } -} - -type bpf_tp_debugTpInfoPidT struct { - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } - Pid uint32 - Valid uint8 - _ [3]byte -} - -type bpf_tp_debugTraceKeyT struct { - P_key bpf_tp_debugPidKeyT - ExtraId uint64 -} - -// loadBpf_tp_debug returns the embedded CollectionSpec for bpf_tp_debug. -func loadBpf_tp_debug() (*ebpf.CollectionSpec, error) { - reader := bytes.NewReader(_Bpf_tp_debugBytes) - spec, err := ebpf.LoadCollectionSpecFromReader(reader) - if err != nil { - return nil, fmt.Errorf("can't load bpf_tp_debug: %w", err) - } - - return spec, err -} - -// loadBpf_tp_debugObjects loads bpf_tp_debug and converts it into a struct. -// -// The following types are suitable as obj argument: -// -// *bpf_tp_debugObjects -// *bpf_tp_debugPrograms -// *bpf_tp_debugMaps -// -// See ebpf.CollectionSpec.LoadAndAssign documentation for details. -func loadBpf_tp_debugObjects(obj interface{}, opts *ebpf.CollectionOptions) error { - spec, err := loadBpf_tp_debug() - if err != nil { - return err - } - - return spec.LoadAndAssign(obj, opts) -} - -// bpf_tp_debugSpecs contains maps and programs before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpf_tp_debugSpecs struct { - bpf_tp_debugProgramSpecs - bpf_tp_debugMapSpecs -} - -// bpf_tp_debugSpecs contains programs before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpf_tp_debugProgramSpecs struct { - AppEgress *ebpf.ProgramSpec `ebpf:"app_egress"` - AppIngress *ebpf.ProgramSpec `ebpf:"app_ingress"` - KprobeSysExit *ebpf.ProgramSpec `ebpf:"kprobe_sys_exit"` - KprobeTcpCleanupRbuf *ebpf.ProgramSpec `ebpf:"kprobe_tcp_cleanup_rbuf"` - KprobeTcpClose *ebpf.ProgramSpec `ebpf:"kprobe_tcp_close"` - KprobeTcpConnect *ebpf.ProgramSpec `ebpf:"kprobe_tcp_connect"` - KprobeTcpRcvEstablished *ebpf.ProgramSpec `ebpf:"kprobe_tcp_rcv_established"` - KprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_recvmsg"` - KprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_sendmsg"` - KretprobeSockAlloc *ebpf.ProgramSpec `ebpf:"kretprobe_sock_alloc"` - KretprobeSysAccept4 *ebpf.ProgramSpec `ebpf:"kretprobe_sys_accept4"` - KretprobeSysClone *ebpf.ProgramSpec `ebpf:"kretprobe_sys_clone"` - KretprobeSysConnect *ebpf.ProgramSpec `ebpf:"kretprobe_sys_connect"` - KretprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_recvmsg"` - KretprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_sendmsg"` - ProtocolHttp *ebpf.ProgramSpec `ebpf:"protocol_http"` - ProtocolHttp2 *ebpf.ProgramSpec `ebpf:"protocol_http2"` - ProtocolTcp *ebpf.ProgramSpec `ebpf:"protocol_tcp"` - SocketHttpFilter *ebpf.ProgramSpec `ebpf:"socket__http_filter"` - UprobeSslDoHandshake *ebpf.ProgramSpec `ebpf:"uprobe_ssl_do_handshake"` - UprobeSslRead *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read"` - UprobeSslReadEx *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read_ex"` - UprobeSslShutdown *ebpf.ProgramSpec `ebpf:"uprobe_ssl_shutdown"` - UprobeSslWrite *ebpf.ProgramSpec `ebpf:"uprobe_ssl_write"` - UprobeSslWriteEx *ebpf.ProgramSpec `ebpf:"uprobe_ssl_write_ex"` - UretprobeSslDoHandshake *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_do_handshake"` - UretprobeSslRead *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_read"` - UretprobeSslReadEx *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_read_ex"` - UretprobeSslWrite *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_write"` - UretprobeSslWriteEx *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_write_ex"` -} - -// bpf_tp_debugMapSpecs contains maps before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpf_tp_debugMapSpecs struct { - ActiveAcceptArgs *ebpf.MapSpec `ebpf:"active_accept_args"` - ActiveConnectArgs *ebpf.MapSpec `ebpf:"active_connect_args"` - ActiveNodejsIds *ebpf.MapSpec `ebpf:"active_nodejs_ids"` - ActiveRecvArgs *ebpf.MapSpec `ebpf:"active_recv_args"` - ActiveSendArgs *ebpf.MapSpec `ebpf:"active_send_args"` - ActiveSendSockArgs *ebpf.MapSpec `ebpf:"active_send_sock_args"` - ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` - ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` - ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` - ActiveSslWriteArgs *ebpf.MapSpec `ebpf:"active_ssl_write_args"` - CloneMap *ebpf.MapSpec `ebpf:"clone_map"` - ConnectionMetaMem *ebpf.MapSpec `ebpf:"connection_meta_mem"` - DebugEvents *ebpf.MapSpec `ebpf:"debug_events"` - Events *ebpf.MapSpec `ebpf:"events"` - Http2InfoMem *ebpf.MapSpec `ebpf:"http2_info_mem"` - HttpInfoMem *ebpf.MapSpec `ebpf:"http_info_mem"` - IncomingTraceMap *ebpf.MapSpec `ebpf:"incoming_trace_map"` - IovecMem *ebpf.MapSpec `ebpf:"iovec_mem"` - JumpTable *ebpf.MapSpec `ebpf:"jump_table"` - NodejsParentMap *ebpf.MapSpec `ebpf:"nodejs_parent_map"` - OngoingHttp *ebpf.MapSpec `ebpf:"ongoing_http"` - OngoingHttp2Connections *ebpf.MapSpec `ebpf:"ongoing_http2_connections"` - OngoingHttp2Grpc *ebpf.MapSpec `ebpf:"ongoing_http2_grpc"` - OngoingHttpFallback *ebpf.MapSpec `ebpf:"ongoing_http_fallback"` - OngoingTcpReq *ebpf.MapSpec `ebpf:"ongoing_tcp_req"` - OutgoingTraceMap *ebpf.MapSpec `ebpf:"outgoing_trace_map"` - PidCache *ebpf.MapSpec `ebpf:"pid_cache"` - PidTidToConn *ebpf.MapSpec `ebpf:"pid_tid_to_conn"` - ProtocolArgsMem *ebpf.MapSpec `ebpf:"protocol_args_mem"` - ServerTraces *ebpf.MapSpec `ebpf:"server_traces"` - SslToConn *ebpf.MapSpec `ebpf:"ssl_to_conn"` - SslToPidTid *ebpf.MapSpec `ebpf:"ssl_to_pid_tid"` - TcpConnectionMap *ebpf.MapSpec `ebpf:"tcp_connection_map"` - TcpReqMem *ebpf.MapSpec `ebpf:"tcp_req_mem"` - TpCharBufMem *ebpf.MapSpec `ebpf:"tp_char_buf_mem"` - TpInfoMem *ebpf.MapSpec `ebpf:"tp_info_mem"` - TraceMap *ebpf.MapSpec `ebpf:"trace_map"` - ValidPids *ebpf.MapSpec `ebpf:"valid_pids"` -} - -// bpf_tp_debugObjects contains all objects after they have been loaded into the kernel. -// -// It can be passed to loadBpf_tp_debugObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpf_tp_debugObjects struct { - bpf_tp_debugPrograms - bpf_tp_debugMaps -} - -func (o *bpf_tp_debugObjects) Close() error { - return _Bpf_tp_debugClose( - &o.bpf_tp_debugPrograms, - &o.bpf_tp_debugMaps, - ) -} - -// bpf_tp_debugMaps contains all maps after they have been loaded into the kernel. -// -// It can be passed to loadBpf_tp_debugObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpf_tp_debugMaps struct { - ActiveAcceptArgs *ebpf.Map `ebpf:"active_accept_args"` - ActiveConnectArgs *ebpf.Map `ebpf:"active_connect_args"` - ActiveNodejsIds *ebpf.Map `ebpf:"active_nodejs_ids"` - ActiveRecvArgs *ebpf.Map `ebpf:"active_recv_args"` - ActiveSendArgs *ebpf.Map `ebpf:"active_send_args"` - ActiveSendSockArgs *ebpf.Map `ebpf:"active_send_sock_args"` - ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` - ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` - ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` - ActiveSslWriteArgs *ebpf.Map `ebpf:"active_ssl_write_args"` - CloneMap *ebpf.Map `ebpf:"clone_map"` - ConnectionMetaMem *ebpf.Map `ebpf:"connection_meta_mem"` - DebugEvents *ebpf.Map `ebpf:"debug_events"` - Events *ebpf.Map `ebpf:"events"` - Http2InfoMem *ebpf.Map `ebpf:"http2_info_mem"` - HttpInfoMem *ebpf.Map `ebpf:"http_info_mem"` - IncomingTraceMap *ebpf.Map `ebpf:"incoming_trace_map"` - IovecMem *ebpf.Map `ebpf:"iovec_mem"` - JumpTable *ebpf.Map `ebpf:"jump_table"` - NodejsParentMap *ebpf.Map `ebpf:"nodejs_parent_map"` - OngoingHttp *ebpf.Map `ebpf:"ongoing_http"` - OngoingHttp2Connections *ebpf.Map `ebpf:"ongoing_http2_connections"` - OngoingHttp2Grpc *ebpf.Map `ebpf:"ongoing_http2_grpc"` - OngoingHttpFallback *ebpf.Map `ebpf:"ongoing_http_fallback"` - OngoingTcpReq *ebpf.Map `ebpf:"ongoing_tcp_req"` - OutgoingTraceMap *ebpf.Map `ebpf:"outgoing_trace_map"` - PidCache *ebpf.Map `ebpf:"pid_cache"` - PidTidToConn *ebpf.Map `ebpf:"pid_tid_to_conn"` - ProtocolArgsMem *ebpf.Map `ebpf:"protocol_args_mem"` - ServerTraces *ebpf.Map `ebpf:"server_traces"` - SslToConn *ebpf.Map `ebpf:"ssl_to_conn"` - SslToPidTid *ebpf.Map `ebpf:"ssl_to_pid_tid"` - TcpConnectionMap *ebpf.Map `ebpf:"tcp_connection_map"` - TcpReqMem *ebpf.Map `ebpf:"tcp_req_mem"` - TpCharBufMem *ebpf.Map `ebpf:"tp_char_buf_mem"` - TpInfoMem *ebpf.Map `ebpf:"tp_info_mem"` - TraceMap *ebpf.Map `ebpf:"trace_map"` - ValidPids *ebpf.Map `ebpf:"valid_pids"` -} - -func (m *bpf_tp_debugMaps) Close() error { - return _Bpf_tp_debugClose( - m.ActiveAcceptArgs, - m.ActiveConnectArgs, - m.ActiveNodejsIds, - m.ActiveRecvArgs, - m.ActiveSendArgs, - m.ActiveSendSockArgs, - m.ActiveSslConnections, - m.ActiveSslHandshakes, - m.ActiveSslReadArgs, - m.ActiveSslWriteArgs, - m.CloneMap, - m.ConnectionMetaMem, - m.DebugEvents, - m.Events, - m.Http2InfoMem, - m.HttpInfoMem, - m.IncomingTraceMap, - m.IovecMem, - m.JumpTable, - m.NodejsParentMap, - m.OngoingHttp, - m.OngoingHttp2Connections, - m.OngoingHttp2Grpc, - m.OngoingHttpFallback, - m.OngoingTcpReq, - m.OutgoingTraceMap, - m.PidCache, - m.PidTidToConn, - m.ProtocolArgsMem, - m.ServerTraces, - m.SslToConn, - m.SslToPidTid, - m.TcpConnectionMap, - m.TcpReqMem, - m.TpCharBufMem, - m.TpInfoMem, - m.TraceMap, - m.ValidPids, - ) -} - -// bpf_tp_debugPrograms contains all programs after they have been loaded into the kernel. -// -// It can be passed to loadBpf_tp_debugObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpf_tp_debugPrograms struct { - AppEgress *ebpf.Program `ebpf:"app_egress"` - AppIngress *ebpf.Program `ebpf:"app_ingress"` - KprobeSysExit *ebpf.Program `ebpf:"kprobe_sys_exit"` - KprobeTcpCleanupRbuf *ebpf.Program `ebpf:"kprobe_tcp_cleanup_rbuf"` - KprobeTcpClose *ebpf.Program `ebpf:"kprobe_tcp_close"` - KprobeTcpConnect *ebpf.Program `ebpf:"kprobe_tcp_connect"` - KprobeTcpRcvEstablished *ebpf.Program `ebpf:"kprobe_tcp_rcv_established"` - KprobeTcpRecvmsg *ebpf.Program `ebpf:"kprobe_tcp_recvmsg"` - KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe_tcp_sendmsg"` - KretprobeSockAlloc *ebpf.Program `ebpf:"kretprobe_sock_alloc"` - KretprobeSysAccept4 *ebpf.Program `ebpf:"kretprobe_sys_accept4"` - KretprobeSysClone *ebpf.Program `ebpf:"kretprobe_sys_clone"` - KretprobeSysConnect *ebpf.Program `ebpf:"kretprobe_sys_connect"` - KretprobeTcpRecvmsg *ebpf.Program `ebpf:"kretprobe_tcp_recvmsg"` - KretprobeTcpSendmsg *ebpf.Program `ebpf:"kretprobe_tcp_sendmsg"` - ProtocolHttp *ebpf.Program `ebpf:"protocol_http"` - ProtocolHttp2 *ebpf.Program `ebpf:"protocol_http2"` - ProtocolTcp *ebpf.Program `ebpf:"protocol_tcp"` - SocketHttpFilter *ebpf.Program `ebpf:"socket__http_filter"` - UprobeSslDoHandshake *ebpf.Program `ebpf:"uprobe_ssl_do_handshake"` - UprobeSslRead *ebpf.Program `ebpf:"uprobe_ssl_read"` - UprobeSslReadEx *ebpf.Program `ebpf:"uprobe_ssl_read_ex"` - UprobeSslShutdown *ebpf.Program `ebpf:"uprobe_ssl_shutdown"` - UprobeSslWrite *ebpf.Program `ebpf:"uprobe_ssl_write"` - UprobeSslWriteEx *ebpf.Program `ebpf:"uprobe_ssl_write_ex"` - UretprobeSslDoHandshake *ebpf.Program `ebpf:"uretprobe_ssl_do_handshake"` - UretprobeSslRead *ebpf.Program `ebpf:"uretprobe_ssl_read"` - UretprobeSslReadEx *ebpf.Program `ebpf:"uretprobe_ssl_read_ex"` - UretprobeSslWrite *ebpf.Program `ebpf:"uretprobe_ssl_write"` - UretprobeSslWriteEx *ebpf.Program `ebpf:"uretprobe_ssl_write_ex"` -} - -func (p *bpf_tp_debugPrograms) Close() error { - return _Bpf_tp_debugClose( - p.AppEgress, - p.AppIngress, - p.KprobeSysExit, - p.KprobeTcpCleanupRbuf, - p.KprobeTcpClose, - p.KprobeTcpConnect, - p.KprobeTcpRcvEstablished, - p.KprobeTcpRecvmsg, - p.KprobeTcpSendmsg, - p.KretprobeSockAlloc, - p.KretprobeSysAccept4, - p.KretprobeSysClone, - p.KretprobeSysConnect, - p.KretprobeTcpRecvmsg, - p.KretprobeTcpSendmsg, - p.ProtocolHttp, - p.ProtocolHttp2, - p.ProtocolTcp, - p.SocketHttpFilter, - p.UprobeSslDoHandshake, - p.UprobeSslRead, - p.UprobeSslReadEx, - p.UprobeSslShutdown, - p.UprobeSslWrite, - p.UprobeSslWriteEx, - p.UretprobeSslDoHandshake, - p.UretprobeSslRead, - p.UretprobeSslReadEx, - p.UretprobeSslWrite, - p.UretprobeSslWriteEx, - ) -} - -func _Bpf_tp_debugClose(closers ...io.Closer) error { - for _, closer := range closers { - if err := closer.Close(); err != nil { - return err - } - } - return nil -} - -// Do not access this directly. -// -//go:embed bpf_tp_debug_x86_bpfel.o -var _Bpf_tp_debugBytes []byte diff --git a/pkg/internal/ebpf/ktracer/bpf_tp_debug_x86_bpfel.o b/pkg/internal/ebpf/ktracer/bpf_tp_debug_x86_bpfel.o deleted file mode 100644 index b2d162146..000000000 --- a/pkg/internal/ebpf/ktracer/bpf_tp_debug_x86_bpfel.o +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:af1fe18fc734cfa5dcc0fdb7dad01a377d03cf395c8b71bc24310470250a0078 -size 783864 diff --git a/pkg/internal/ebpf/ktracer/bpf_tp_x86_bpfel.go b/pkg/internal/ebpf/ktracer/bpf_tp_x86_bpfel.go deleted file mode 100644 index 4e9951885..000000000 --- a/pkg/internal/ebpf/ktracer/bpf_tp_x86_bpfel.go +++ /dev/null @@ -1,499 +0,0 @@ -// Code generated by bpf2go; DO NOT EDIT. -//go:build 386 || amd64 - -package ktracer - -import ( - "bytes" - _ "embed" - "fmt" - "io" - - "github.com/cilium/ebpf" -) - -type bpf_tpCallProtocolArgsT struct { - PidConn bpf_tpPidConnectionInfoT - SmallBuf [24]uint8 - U_buf uint64 - BytesLen int32 - Ssl uint8 - Direction uint8 - OrigDport uint16 - PacketType uint8 - _ [7]byte -} - -type bpf_tpConnectionInfoT struct { - S_addr [16]uint8 - D_addr [16]uint8 - S_port uint16 - D_port uint16 -} - -type bpf_tpHttp2ConnStreamT struct { - PidConn bpf_tpPidConnectionInfoT - StreamId uint32 -} - -type bpf_tpHttp2GrpcRequestT struct { - Flags uint8 - _ [1]byte - ConnInfo bpf_tpConnectionInfoT - Data [256]uint8 - RetData [64]uint8 - Type uint8 - _ [1]byte - Len int32 - _ [4]byte - StartMonotimeNs uint64 - EndMonotimeNs uint64 - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - Ssl uint8 - _ [3]byte - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } -} - -type bpf_tpHttpConnectionMetadataT struct { - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - Type uint8 -} - -type bpf_tpHttpInfoT struct { - Flags uint8 - _ [1]byte - ConnInfo bpf_tpConnectionInfoT - _ [2]byte - StartMonotimeNs uint64 - EndMonotimeNs uint64 - Buf [192]uint8 - Len uint32 - RespLen uint32 - Status uint16 - Type uint8 - Ssl uint8 - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } - ExtraId uint64 - TaskTid uint32 - _ [4]byte -} - -type bpf_tpPartialConnectionInfoT struct { - S_addr [16]uint8 - S_port uint16 - D_port uint16 - TcpSeq uint32 -} - -type bpf_tpPidConnectionInfoT struct { - Conn bpf_tpConnectionInfoT - Pid uint32 -} - -type bpf_tpPidKeyT struct { - Pid uint32 - Ns uint32 -} - -type bpf_tpRecvArgsT struct { - SockPtr uint64 - IovecCtx [40]uint8 -} - -type bpf_tpSendArgsT struct { - P_conn bpf_tpPidConnectionInfoT - Size uint64 -} - -type bpf_tpSockArgsT struct { - Addr uint64 - AcceptTime uint64 -} - -type bpf_tpSslArgsT struct { - Ssl uint64 - Buf uint64 - LenPtr uint64 -} - -type bpf_tpSslPidConnectionInfoT struct { - P_conn bpf_tpPidConnectionInfoT - OrigDport uint16 - _ [2]byte -} - -type bpf_tpTcpReqT struct { - Flags uint8 - _ [1]byte - ConnInfo bpf_tpConnectionInfoT - _ [2]byte - StartMonotimeNs uint64 - EndMonotimeNs uint64 - Buf [256]uint8 - Rbuf [128]uint8 - Len uint32 - RespLen uint32 - Ssl uint8 - Direction uint8 - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - _ [2]byte - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } -} - -type bpf_tpTpInfoPidT struct { - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } - Pid uint32 - Valid uint8 - _ [3]byte -} - -type bpf_tpTraceKeyT struct { - P_key bpf_tpPidKeyT - ExtraId uint64 -} - -// loadBpf_tp returns the embedded CollectionSpec for bpf_tp. -func loadBpf_tp() (*ebpf.CollectionSpec, error) { - reader := bytes.NewReader(_Bpf_tpBytes) - spec, err := ebpf.LoadCollectionSpecFromReader(reader) - if err != nil { - return nil, fmt.Errorf("can't load bpf_tp: %w", err) - } - - return spec, err -} - -// loadBpf_tpObjects loads bpf_tp and converts it into a struct. -// -// The following types are suitable as obj argument: -// -// *bpf_tpObjects -// *bpf_tpPrograms -// *bpf_tpMaps -// -// See ebpf.CollectionSpec.LoadAndAssign documentation for details. -func loadBpf_tpObjects(obj interface{}, opts *ebpf.CollectionOptions) error { - spec, err := loadBpf_tp() - if err != nil { - return err - } - - return spec.LoadAndAssign(obj, opts) -} - -// bpf_tpSpecs contains maps and programs before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpf_tpSpecs struct { - bpf_tpProgramSpecs - bpf_tpMapSpecs -} - -// bpf_tpSpecs contains programs before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpf_tpProgramSpecs struct { - AppEgress *ebpf.ProgramSpec `ebpf:"app_egress"` - AppIngress *ebpf.ProgramSpec `ebpf:"app_ingress"` - KprobeSysExit *ebpf.ProgramSpec `ebpf:"kprobe_sys_exit"` - KprobeTcpCleanupRbuf *ebpf.ProgramSpec `ebpf:"kprobe_tcp_cleanup_rbuf"` - KprobeTcpClose *ebpf.ProgramSpec `ebpf:"kprobe_tcp_close"` - KprobeTcpConnect *ebpf.ProgramSpec `ebpf:"kprobe_tcp_connect"` - KprobeTcpRcvEstablished *ebpf.ProgramSpec `ebpf:"kprobe_tcp_rcv_established"` - KprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_recvmsg"` - KprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_sendmsg"` - KretprobeSockAlloc *ebpf.ProgramSpec `ebpf:"kretprobe_sock_alloc"` - KretprobeSysAccept4 *ebpf.ProgramSpec `ebpf:"kretprobe_sys_accept4"` - KretprobeSysClone *ebpf.ProgramSpec `ebpf:"kretprobe_sys_clone"` - KretprobeSysConnect *ebpf.ProgramSpec `ebpf:"kretprobe_sys_connect"` - KretprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_recvmsg"` - KretprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_sendmsg"` - ProtocolHttp *ebpf.ProgramSpec `ebpf:"protocol_http"` - ProtocolHttp2 *ebpf.ProgramSpec `ebpf:"protocol_http2"` - ProtocolTcp *ebpf.ProgramSpec `ebpf:"protocol_tcp"` - SocketHttpFilter *ebpf.ProgramSpec `ebpf:"socket__http_filter"` - UprobeSslDoHandshake *ebpf.ProgramSpec `ebpf:"uprobe_ssl_do_handshake"` - UprobeSslRead *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read"` - UprobeSslReadEx *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read_ex"` - UprobeSslShutdown *ebpf.ProgramSpec `ebpf:"uprobe_ssl_shutdown"` - UprobeSslWrite *ebpf.ProgramSpec `ebpf:"uprobe_ssl_write"` - UprobeSslWriteEx *ebpf.ProgramSpec `ebpf:"uprobe_ssl_write_ex"` - UretprobeSslDoHandshake *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_do_handshake"` - UretprobeSslRead *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_read"` - UretprobeSslReadEx *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_read_ex"` - UretprobeSslWrite *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_write"` - UretprobeSslWriteEx *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_write_ex"` -} - -// bpf_tpMapSpecs contains maps before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpf_tpMapSpecs struct { - ActiveAcceptArgs *ebpf.MapSpec `ebpf:"active_accept_args"` - ActiveConnectArgs *ebpf.MapSpec `ebpf:"active_connect_args"` - ActiveNodejsIds *ebpf.MapSpec `ebpf:"active_nodejs_ids"` - ActiveRecvArgs *ebpf.MapSpec `ebpf:"active_recv_args"` - ActiveSendArgs *ebpf.MapSpec `ebpf:"active_send_args"` - ActiveSendSockArgs *ebpf.MapSpec `ebpf:"active_send_sock_args"` - ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` - ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` - ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` - ActiveSslWriteArgs *ebpf.MapSpec `ebpf:"active_ssl_write_args"` - CloneMap *ebpf.MapSpec `ebpf:"clone_map"` - ConnectionMetaMem *ebpf.MapSpec `ebpf:"connection_meta_mem"` - Events *ebpf.MapSpec `ebpf:"events"` - Http2InfoMem *ebpf.MapSpec `ebpf:"http2_info_mem"` - HttpInfoMem *ebpf.MapSpec `ebpf:"http_info_mem"` - IncomingTraceMap *ebpf.MapSpec `ebpf:"incoming_trace_map"` - IovecMem *ebpf.MapSpec `ebpf:"iovec_mem"` - JumpTable *ebpf.MapSpec `ebpf:"jump_table"` - NodejsParentMap *ebpf.MapSpec `ebpf:"nodejs_parent_map"` - OngoingHttp *ebpf.MapSpec `ebpf:"ongoing_http"` - OngoingHttp2Connections *ebpf.MapSpec `ebpf:"ongoing_http2_connections"` - OngoingHttp2Grpc *ebpf.MapSpec `ebpf:"ongoing_http2_grpc"` - OngoingHttpFallback *ebpf.MapSpec `ebpf:"ongoing_http_fallback"` - OngoingTcpReq *ebpf.MapSpec `ebpf:"ongoing_tcp_req"` - OutgoingTraceMap *ebpf.MapSpec `ebpf:"outgoing_trace_map"` - PidCache *ebpf.MapSpec `ebpf:"pid_cache"` - PidTidToConn *ebpf.MapSpec `ebpf:"pid_tid_to_conn"` - ProtocolArgsMem *ebpf.MapSpec `ebpf:"protocol_args_mem"` - ServerTraces *ebpf.MapSpec `ebpf:"server_traces"` - SslToConn *ebpf.MapSpec `ebpf:"ssl_to_conn"` - SslToPidTid *ebpf.MapSpec `ebpf:"ssl_to_pid_tid"` - TcpConnectionMap *ebpf.MapSpec `ebpf:"tcp_connection_map"` - TcpReqMem *ebpf.MapSpec `ebpf:"tcp_req_mem"` - TpCharBufMem *ebpf.MapSpec `ebpf:"tp_char_buf_mem"` - TpInfoMem *ebpf.MapSpec `ebpf:"tp_info_mem"` - TraceMap *ebpf.MapSpec `ebpf:"trace_map"` - ValidPids *ebpf.MapSpec `ebpf:"valid_pids"` -} - -// bpf_tpObjects contains all objects after they have been loaded into the kernel. -// -// It can be passed to loadBpf_tpObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpf_tpObjects struct { - bpf_tpPrograms - bpf_tpMaps -} - -func (o *bpf_tpObjects) Close() error { - return _Bpf_tpClose( - &o.bpf_tpPrograms, - &o.bpf_tpMaps, - ) -} - -// bpf_tpMaps contains all maps after they have been loaded into the kernel. -// -// It can be passed to loadBpf_tpObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpf_tpMaps struct { - ActiveAcceptArgs *ebpf.Map `ebpf:"active_accept_args"` - ActiveConnectArgs *ebpf.Map `ebpf:"active_connect_args"` - ActiveNodejsIds *ebpf.Map `ebpf:"active_nodejs_ids"` - ActiveRecvArgs *ebpf.Map `ebpf:"active_recv_args"` - ActiveSendArgs *ebpf.Map `ebpf:"active_send_args"` - ActiveSendSockArgs *ebpf.Map `ebpf:"active_send_sock_args"` - ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` - ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` - ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` - ActiveSslWriteArgs *ebpf.Map `ebpf:"active_ssl_write_args"` - CloneMap *ebpf.Map `ebpf:"clone_map"` - ConnectionMetaMem *ebpf.Map `ebpf:"connection_meta_mem"` - Events *ebpf.Map `ebpf:"events"` - Http2InfoMem *ebpf.Map `ebpf:"http2_info_mem"` - HttpInfoMem *ebpf.Map `ebpf:"http_info_mem"` - IncomingTraceMap *ebpf.Map `ebpf:"incoming_trace_map"` - IovecMem *ebpf.Map `ebpf:"iovec_mem"` - JumpTable *ebpf.Map `ebpf:"jump_table"` - NodejsParentMap *ebpf.Map `ebpf:"nodejs_parent_map"` - OngoingHttp *ebpf.Map `ebpf:"ongoing_http"` - OngoingHttp2Connections *ebpf.Map `ebpf:"ongoing_http2_connections"` - OngoingHttp2Grpc *ebpf.Map `ebpf:"ongoing_http2_grpc"` - OngoingHttpFallback *ebpf.Map `ebpf:"ongoing_http_fallback"` - OngoingTcpReq *ebpf.Map `ebpf:"ongoing_tcp_req"` - OutgoingTraceMap *ebpf.Map `ebpf:"outgoing_trace_map"` - PidCache *ebpf.Map `ebpf:"pid_cache"` - PidTidToConn *ebpf.Map `ebpf:"pid_tid_to_conn"` - ProtocolArgsMem *ebpf.Map `ebpf:"protocol_args_mem"` - ServerTraces *ebpf.Map `ebpf:"server_traces"` - SslToConn *ebpf.Map `ebpf:"ssl_to_conn"` - SslToPidTid *ebpf.Map `ebpf:"ssl_to_pid_tid"` - TcpConnectionMap *ebpf.Map `ebpf:"tcp_connection_map"` - TcpReqMem *ebpf.Map `ebpf:"tcp_req_mem"` - TpCharBufMem *ebpf.Map `ebpf:"tp_char_buf_mem"` - TpInfoMem *ebpf.Map `ebpf:"tp_info_mem"` - TraceMap *ebpf.Map `ebpf:"trace_map"` - ValidPids *ebpf.Map `ebpf:"valid_pids"` -} - -func (m *bpf_tpMaps) Close() error { - return _Bpf_tpClose( - m.ActiveAcceptArgs, - m.ActiveConnectArgs, - m.ActiveNodejsIds, - m.ActiveRecvArgs, - m.ActiveSendArgs, - m.ActiveSendSockArgs, - m.ActiveSslConnections, - m.ActiveSslHandshakes, - m.ActiveSslReadArgs, - m.ActiveSslWriteArgs, - m.CloneMap, - m.ConnectionMetaMem, - m.Events, - m.Http2InfoMem, - m.HttpInfoMem, - m.IncomingTraceMap, - m.IovecMem, - m.JumpTable, - m.NodejsParentMap, - m.OngoingHttp, - m.OngoingHttp2Connections, - m.OngoingHttp2Grpc, - m.OngoingHttpFallback, - m.OngoingTcpReq, - m.OutgoingTraceMap, - m.PidCache, - m.PidTidToConn, - m.ProtocolArgsMem, - m.ServerTraces, - m.SslToConn, - m.SslToPidTid, - m.TcpConnectionMap, - m.TcpReqMem, - m.TpCharBufMem, - m.TpInfoMem, - m.TraceMap, - m.ValidPids, - ) -} - -// bpf_tpPrograms contains all programs after they have been loaded into the kernel. -// -// It can be passed to loadBpf_tpObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpf_tpPrograms struct { - AppEgress *ebpf.Program `ebpf:"app_egress"` - AppIngress *ebpf.Program `ebpf:"app_ingress"` - KprobeSysExit *ebpf.Program `ebpf:"kprobe_sys_exit"` - KprobeTcpCleanupRbuf *ebpf.Program `ebpf:"kprobe_tcp_cleanup_rbuf"` - KprobeTcpClose *ebpf.Program `ebpf:"kprobe_tcp_close"` - KprobeTcpConnect *ebpf.Program `ebpf:"kprobe_tcp_connect"` - KprobeTcpRcvEstablished *ebpf.Program `ebpf:"kprobe_tcp_rcv_established"` - KprobeTcpRecvmsg *ebpf.Program `ebpf:"kprobe_tcp_recvmsg"` - KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe_tcp_sendmsg"` - KretprobeSockAlloc *ebpf.Program `ebpf:"kretprobe_sock_alloc"` - KretprobeSysAccept4 *ebpf.Program `ebpf:"kretprobe_sys_accept4"` - KretprobeSysClone *ebpf.Program `ebpf:"kretprobe_sys_clone"` - KretprobeSysConnect *ebpf.Program `ebpf:"kretprobe_sys_connect"` - KretprobeTcpRecvmsg *ebpf.Program `ebpf:"kretprobe_tcp_recvmsg"` - KretprobeTcpSendmsg *ebpf.Program `ebpf:"kretprobe_tcp_sendmsg"` - ProtocolHttp *ebpf.Program `ebpf:"protocol_http"` - ProtocolHttp2 *ebpf.Program `ebpf:"protocol_http2"` - ProtocolTcp *ebpf.Program `ebpf:"protocol_tcp"` - SocketHttpFilter *ebpf.Program `ebpf:"socket__http_filter"` - UprobeSslDoHandshake *ebpf.Program `ebpf:"uprobe_ssl_do_handshake"` - UprobeSslRead *ebpf.Program `ebpf:"uprobe_ssl_read"` - UprobeSslReadEx *ebpf.Program `ebpf:"uprobe_ssl_read_ex"` - UprobeSslShutdown *ebpf.Program `ebpf:"uprobe_ssl_shutdown"` - UprobeSslWrite *ebpf.Program `ebpf:"uprobe_ssl_write"` - UprobeSslWriteEx *ebpf.Program `ebpf:"uprobe_ssl_write_ex"` - UretprobeSslDoHandshake *ebpf.Program `ebpf:"uretprobe_ssl_do_handshake"` - UretprobeSslRead *ebpf.Program `ebpf:"uretprobe_ssl_read"` - UretprobeSslReadEx *ebpf.Program `ebpf:"uretprobe_ssl_read_ex"` - UretprobeSslWrite *ebpf.Program `ebpf:"uretprobe_ssl_write"` - UretprobeSslWriteEx *ebpf.Program `ebpf:"uretprobe_ssl_write_ex"` -} - -func (p *bpf_tpPrograms) Close() error { - return _Bpf_tpClose( - p.AppEgress, - p.AppIngress, - p.KprobeSysExit, - p.KprobeTcpCleanupRbuf, - p.KprobeTcpClose, - p.KprobeTcpConnect, - p.KprobeTcpRcvEstablished, - p.KprobeTcpRecvmsg, - p.KprobeTcpSendmsg, - p.KretprobeSockAlloc, - p.KretprobeSysAccept4, - p.KretprobeSysClone, - p.KretprobeSysConnect, - p.KretprobeTcpRecvmsg, - p.KretprobeTcpSendmsg, - p.ProtocolHttp, - p.ProtocolHttp2, - p.ProtocolTcp, - p.SocketHttpFilter, - p.UprobeSslDoHandshake, - p.UprobeSslRead, - p.UprobeSslReadEx, - p.UprobeSslShutdown, - p.UprobeSslWrite, - p.UprobeSslWriteEx, - p.UretprobeSslDoHandshake, - p.UretprobeSslRead, - p.UretprobeSslReadEx, - p.UretprobeSslWrite, - p.UretprobeSslWriteEx, - ) -} - -func _Bpf_tpClose(closers ...io.Closer) error { - for _, closer := range closers { - if err := closer.Close(); err != nil { - return err - } - } - return nil -} - -// Do not access this directly. -// -//go:embed bpf_tp_x86_bpfel.o -var _Bpf_tpBytes []byte diff --git a/pkg/internal/ebpf/ktracer/bpf_tp_x86_bpfel.o b/pkg/internal/ebpf/ktracer/bpf_tp_x86_bpfel.o deleted file mode 100644 index a1238ac78..000000000 --- a/pkg/internal/ebpf/ktracer/bpf_tp_x86_bpfel.o +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f0a8186e7a1dba310e7f98db9e7d4e37130a0614b1e6897e3b02de8016649d16 -size 494992 diff --git a/pkg/internal/ebpf/ktracer/bpf_x86_bpfel.go b/pkg/internal/ebpf/ktracer/bpf_x86_bpfel.go deleted file mode 100644 index 7126a7246..000000000 --- a/pkg/internal/ebpf/ktracer/bpf_x86_bpfel.go +++ /dev/null @@ -1,499 +0,0 @@ -// Code generated by bpf2go; DO NOT EDIT. -//go:build 386 || amd64 - -package ktracer - -import ( - "bytes" - _ "embed" - "fmt" - "io" - - "github.com/cilium/ebpf" -) - -type bpfCallProtocolArgsT struct { - PidConn bpfPidConnectionInfoT - SmallBuf [24]uint8 - U_buf uint64 - BytesLen int32 - Ssl uint8 - Direction uint8 - OrigDport uint16 - PacketType uint8 - _ [7]byte -} - -type bpfConnectionInfoT struct { - S_addr [16]uint8 - D_addr [16]uint8 - S_port uint16 - D_port uint16 -} - -type bpfHttp2ConnStreamT struct { - PidConn bpfPidConnectionInfoT - StreamId uint32 -} - -type bpfHttp2GrpcRequestT struct { - Flags uint8 - _ [1]byte - ConnInfo bpfConnectionInfoT - Data [256]uint8 - RetData [64]uint8 - Type uint8 - _ [1]byte - Len int32 - _ [4]byte - StartMonotimeNs uint64 - EndMonotimeNs uint64 - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - Ssl uint8 - _ [3]byte - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } -} - -type bpfHttpConnectionMetadataT struct { - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - Type uint8 -} - -type bpfHttpInfoT struct { - Flags uint8 - _ [1]byte - ConnInfo bpfConnectionInfoT - _ [2]byte - StartMonotimeNs uint64 - EndMonotimeNs uint64 - Buf [192]uint8 - Len uint32 - RespLen uint32 - Status uint16 - Type uint8 - Ssl uint8 - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } - ExtraId uint64 - TaskTid uint32 - _ [4]byte -} - -type bpfPartialConnectionInfoT struct { - S_addr [16]uint8 - S_port uint16 - D_port uint16 - TcpSeq uint32 -} - -type bpfPidConnectionInfoT struct { - Conn bpfConnectionInfoT - Pid uint32 -} - -type bpfPidKeyT struct { - Pid uint32 - Ns uint32 -} - -type bpfRecvArgsT struct { - SockPtr uint64 - IovecCtx [40]uint8 -} - -type bpfSendArgsT struct { - P_conn bpfPidConnectionInfoT - Size uint64 -} - -type bpfSockArgsT struct { - Addr uint64 - AcceptTime uint64 -} - -type bpfSslArgsT struct { - Ssl uint64 - Buf uint64 - LenPtr uint64 -} - -type bpfSslPidConnectionInfoT struct { - P_conn bpfPidConnectionInfoT - OrigDport uint16 - _ [2]byte -} - -type bpfTcpReqT struct { - Flags uint8 - _ [1]byte - ConnInfo bpfConnectionInfoT - _ [2]byte - StartMonotimeNs uint64 - EndMonotimeNs uint64 - Buf [256]uint8 - Rbuf [128]uint8 - Len uint32 - RespLen uint32 - Ssl uint8 - Direction uint8 - Pid struct { - HostPid uint32 - UserPid uint32 - Ns uint32 - } - _ [2]byte - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } -} - -type bpfTpInfoPidT struct { - Tp struct { - TraceId [16]uint8 - SpanId [8]uint8 - ParentId [8]uint8 - Ts uint64 - Flags uint8 - _ [7]byte - } - Pid uint32 - Valid uint8 - _ [3]byte -} - -type bpfTraceKeyT struct { - P_key bpfPidKeyT - ExtraId uint64 -} - -// loadBpf returns the embedded CollectionSpec for bpf. -func loadBpf() (*ebpf.CollectionSpec, error) { - reader := bytes.NewReader(_BpfBytes) - spec, err := ebpf.LoadCollectionSpecFromReader(reader) - if err != nil { - return nil, fmt.Errorf("can't load bpf: %w", err) - } - - return spec, err -} - -// loadBpfObjects loads bpf and converts it into a struct. -// -// The following types are suitable as obj argument: -// -// *bpfObjects -// *bpfPrograms -// *bpfMaps -// -// See ebpf.CollectionSpec.LoadAndAssign documentation for details. -func loadBpfObjects(obj interface{}, opts *ebpf.CollectionOptions) error { - spec, err := loadBpf() - if err != nil { - return err - } - - return spec.LoadAndAssign(obj, opts) -} - -// bpfSpecs contains maps and programs before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpfSpecs struct { - bpfProgramSpecs - bpfMapSpecs -} - -// bpfSpecs contains programs before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpfProgramSpecs struct { - AppEgress *ebpf.ProgramSpec `ebpf:"app_egress"` - AppIngress *ebpf.ProgramSpec `ebpf:"app_ingress"` - KprobeSysExit *ebpf.ProgramSpec `ebpf:"kprobe_sys_exit"` - KprobeTcpCleanupRbuf *ebpf.ProgramSpec `ebpf:"kprobe_tcp_cleanup_rbuf"` - KprobeTcpClose *ebpf.ProgramSpec `ebpf:"kprobe_tcp_close"` - KprobeTcpConnect *ebpf.ProgramSpec `ebpf:"kprobe_tcp_connect"` - KprobeTcpRcvEstablished *ebpf.ProgramSpec `ebpf:"kprobe_tcp_rcv_established"` - KprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_recvmsg"` - KprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kprobe_tcp_sendmsg"` - KretprobeSockAlloc *ebpf.ProgramSpec `ebpf:"kretprobe_sock_alloc"` - KretprobeSysAccept4 *ebpf.ProgramSpec `ebpf:"kretprobe_sys_accept4"` - KretprobeSysClone *ebpf.ProgramSpec `ebpf:"kretprobe_sys_clone"` - KretprobeSysConnect *ebpf.ProgramSpec `ebpf:"kretprobe_sys_connect"` - KretprobeTcpRecvmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_recvmsg"` - KretprobeTcpSendmsg *ebpf.ProgramSpec `ebpf:"kretprobe_tcp_sendmsg"` - ProtocolHttp *ebpf.ProgramSpec `ebpf:"protocol_http"` - ProtocolHttp2 *ebpf.ProgramSpec `ebpf:"protocol_http2"` - ProtocolTcp *ebpf.ProgramSpec `ebpf:"protocol_tcp"` - SocketHttpFilter *ebpf.ProgramSpec `ebpf:"socket__http_filter"` - UprobeSslDoHandshake *ebpf.ProgramSpec `ebpf:"uprobe_ssl_do_handshake"` - UprobeSslRead *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read"` - UprobeSslReadEx *ebpf.ProgramSpec `ebpf:"uprobe_ssl_read_ex"` - UprobeSslShutdown *ebpf.ProgramSpec `ebpf:"uprobe_ssl_shutdown"` - UprobeSslWrite *ebpf.ProgramSpec `ebpf:"uprobe_ssl_write"` - UprobeSslWriteEx *ebpf.ProgramSpec `ebpf:"uprobe_ssl_write_ex"` - UretprobeSslDoHandshake *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_do_handshake"` - UretprobeSslRead *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_read"` - UretprobeSslReadEx *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_read_ex"` - UretprobeSslWrite *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_write"` - UretprobeSslWriteEx *ebpf.ProgramSpec `ebpf:"uretprobe_ssl_write_ex"` -} - -// bpfMapSpecs contains maps before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpfMapSpecs struct { - ActiveAcceptArgs *ebpf.MapSpec `ebpf:"active_accept_args"` - ActiveConnectArgs *ebpf.MapSpec `ebpf:"active_connect_args"` - ActiveNodejsIds *ebpf.MapSpec `ebpf:"active_nodejs_ids"` - ActiveRecvArgs *ebpf.MapSpec `ebpf:"active_recv_args"` - ActiveSendArgs *ebpf.MapSpec `ebpf:"active_send_args"` - ActiveSendSockArgs *ebpf.MapSpec `ebpf:"active_send_sock_args"` - ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` - ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` - ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` - ActiveSslWriteArgs *ebpf.MapSpec `ebpf:"active_ssl_write_args"` - CloneMap *ebpf.MapSpec `ebpf:"clone_map"` - ConnectionMetaMem *ebpf.MapSpec `ebpf:"connection_meta_mem"` - Events *ebpf.MapSpec `ebpf:"events"` - Http2InfoMem *ebpf.MapSpec `ebpf:"http2_info_mem"` - HttpInfoMem *ebpf.MapSpec `ebpf:"http_info_mem"` - IncomingTraceMap *ebpf.MapSpec `ebpf:"incoming_trace_map"` - IovecMem *ebpf.MapSpec `ebpf:"iovec_mem"` - JumpTable *ebpf.MapSpec `ebpf:"jump_table"` - NodejsParentMap *ebpf.MapSpec `ebpf:"nodejs_parent_map"` - OngoingHttp *ebpf.MapSpec `ebpf:"ongoing_http"` - OngoingHttp2Connections *ebpf.MapSpec `ebpf:"ongoing_http2_connections"` - OngoingHttp2Grpc *ebpf.MapSpec `ebpf:"ongoing_http2_grpc"` - OngoingHttpFallback *ebpf.MapSpec `ebpf:"ongoing_http_fallback"` - OngoingTcpReq *ebpf.MapSpec `ebpf:"ongoing_tcp_req"` - OutgoingTraceMap *ebpf.MapSpec `ebpf:"outgoing_trace_map"` - PidCache *ebpf.MapSpec `ebpf:"pid_cache"` - PidTidToConn *ebpf.MapSpec `ebpf:"pid_tid_to_conn"` - ProtocolArgsMem *ebpf.MapSpec `ebpf:"protocol_args_mem"` - ServerTraces *ebpf.MapSpec `ebpf:"server_traces"` - SslToConn *ebpf.MapSpec `ebpf:"ssl_to_conn"` - SslToPidTid *ebpf.MapSpec `ebpf:"ssl_to_pid_tid"` - TcpConnectionMap *ebpf.MapSpec `ebpf:"tcp_connection_map"` - TcpReqMem *ebpf.MapSpec `ebpf:"tcp_req_mem"` - TpCharBufMem *ebpf.MapSpec `ebpf:"tp_char_buf_mem"` - TpInfoMem *ebpf.MapSpec `ebpf:"tp_info_mem"` - TraceMap *ebpf.MapSpec `ebpf:"trace_map"` - ValidPids *ebpf.MapSpec `ebpf:"valid_pids"` -} - -// bpfObjects contains all objects after they have been loaded into the kernel. -// -// It can be passed to loadBpfObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpfObjects struct { - bpfPrograms - bpfMaps -} - -func (o *bpfObjects) Close() error { - return _BpfClose( - &o.bpfPrograms, - &o.bpfMaps, - ) -} - -// bpfMaps contains all maps after they have been loaded into the kernel. -// -// It can be passed to loadBpfObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpfMaps struct { - ActiveAcceptArgs *ebpf.Map `ebpf:"active_accept_args"` - ActiveConnectArgs *ebpf.Map `ebpf:"active_connect_args"` - ActiveNodejsIds *ebpf.Map `ebpf:"active_nodejs_ids"` - ActiveRecvArgs *ebpf.Map `ebpf:"active_recv_args"` - ActiveSendArgs *ebpf.Map `ebpf:"active_send_args"` - ActiveSendSockArgs *ebpf.Map `ebpf:"active_send_sock_args"` - ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` - ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` - ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` - ActiveSslWriteArgs *ebpf.Map `ebpf:"active_ssl_write_args"` - CloneMap *ebpf.Map `ebpf:"clone_map"` - ConnectionMetaMem *ebpf.Map `ebpf:"connection_meta_mem"` - Events *ebpf.Map `ebpf:"events"` - Http2InfoMem *ebpf.Map `ebpf:"http2_info_mem"` - HttpInfoMem *ebpf.Map `ebpf:"http_info_mem"` - IncomingTraceMap *ebpf.Map `ebpf:"incoming_trace_map"` - IovecMem *ebpf.Map `ebpf:"iovec_mem"` - JumpTable *ebpf.Map `ebpf:"jump_table"` - NodejsParentMap *ebpf.Map `ebpf:"nodejs_parent_map"` - OngoingHttp *ebpf.Map `ebpf:"ongoing_http"` - OngoingHttp2Connections *ebpf.Map `ebpf:"ongoing_http2_connections"` - OngoingHttp2Grpc *ebpf.Map `ebpf:"ongoing_http2_grpc"` - OngoingHttpFallback *ebpf.Map `ebpf:"ongoing_http_fallback"` - OngoingTcpReq *ebpf.Map `ebpf:"ongoing_tcp_req"` - OutgoingTraceMap *ebpf.Map `ebpf:"outgoing_trace_map"` - PidCache *ebpf.Map `ebpf:"pid_cache"` - PidTidToConn *ebpf.Map `ebpf:"pid_tid_to_conn"` - ProtocolArgsMem *ebpf.Map `ebpf:"protocol_args_mem"` - ServerTraces *ebpf.Map `ebpf:"server_traces"` - SslToConn *ebpf.Map `ebpf:"ssl_to_conn"` - SslToPidTid *ebpf.Map `ebpf:"ssl_to_pid_tid"` - TcpConnectionMap *ebpf.Map `ebpf:"tcp_connection_map"` - TcpReqMem *ebpf.Map `ebpf:"tcp_req_mem"` - TpCharBufMem *ebpf.Map `ebpf:"tp_char_buf_mem"` - TpInfoMem *ebpf.Map `ebpf:"tp_info_mem"` - TraceMap *ebpf.Map `ebpf:"trace_map"` - ValidPids *ebpf.Map `ebpf:"valid_pids"` -} - -func (m *bpfMaps) Close() error { - return _BpfClose( - m.ActiveAcceptArgs, - m.ActiveConnectArgs, - m.ActiveNodejsIds, - m.ActiveRecvArgs, - m.ActiveSendArgs, - m.ActiveSendSockArgs, - m.ActiveSslConnections, - m.ActiveSslHandshakes, - m.ActiveSslReadArgs, - m.ActiveSslWriteArgs, - m.CloneMap, - m.ConnectionMetaMem, - m.Events, - m.Http2InfoMem, - m.HttpInfoMem, - m.IncomingTraceMap, - m.IovecMem, - m.JumpTable, - m.NodejsParentMap, - m.OngoingHttp, - m.OngoingHttp2Connections, - m.OngoingHttp2Grpc, - m.OngoingHttpFallback, - m.OngoingTcpReq, - m.OutgoingTraceMap, - m.PidCache, - m.PidTidToConn, - m.ProtocolArgsMem, - m.ServerTraces, - m.SslToConn, - m.SslToPidTid, - m.TcpConnectionMap, - m.TcpReqMem, - m.TpCharBufMem, - m.TpInfoMem, - m.TraceMap, - m.ValidPids, - ) -} - -// bpfPrograms contains all programs after they have been loaded into the kernel. -// -// It can be passed to loadBpfObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpfPrograms struct { - AppEgress *ebpf.Program `ebpf:"app_egress"` - AppIngress *ebpf.Program `ebpf:"app_ingress"` - KprobeSysExit *ebpf.Program `ebpf:"kprobe_sys_exit"` - KprobeTcpCleanupRbuf *ebpf.Program `ebpf:"kprobe_tcp_cleanup_rbuf"` - KprobeTcpClose *ebpf.Program `ebpf:"kprobe_tcp_close"` - KprobeTcpConnect *ebpf.Program `ebpf:"kprobe_tcp_connect"` - KprobeTcpRcvEstablished *ebpf.Program `ebpf:"kprobe_tcp_rcv_established"` - KprobeTcpRecvmsg *ebpf.Program `ebpf:"kprobe_tcp_recvmsg"` - KprobeTcpSendmsg *ebpf.Program `ebpf:"kprobe_tcp_sendmsg"` - KretprobeSockAlloc *ebpf.Program `ebpf:"kretprobe_sock_alloc"` - KretprobeSysAccept4 *ebpf.Program `ebpf:"kretprobe_sys_accept4"` - KretprobeSysClone *ebpf.Program `ebpf:"kretprobe_sys_clone"` - KretprobeSysConnect *ebpf.Program `ebpf:"kretprobe_sys_connect"` - KretprobeTcpRecvmsg *ebpf.Program `ebpf:"kretprobe_tcp_recvmsg"` - KretprobeTcpSendmsg *ebpf.Program `ebpf:"kretprobe_tcp_sendmsg"` - ProtocolHttp *ebpf.Program `ebpf:"protocol_http"` - ProtocolHttp2 *ebpf.Program `ebpf:"protocol_http2"` - ProtocolTcp *ebpf.Program `ebpf:"protocol_tcp"` - SocketHttpFilter *ebpf.Program `ebpf:"socket__http_filter"` - UprobeSslDoHandshake *ebpf.Program `ebpf:"uprobe_ssl_do_handshake"` - UprobeSslRead *ebpf.Program `ebpf:"uprobe_ssl_read"` - UprobeSslReadEx *ebpf.Program `ebpf:"uprobe_ssl_read_ex"` - UprobeSslShutdown *ebpf.Program `ebpf:"uprobe_ssl_shutdown"` - UprobeSslWrite *ebpf.Program `ebpf:"uprobe_ssl_write"` - UprobeSslWriteEx *ebpf.Program `ebpf:"uprobe_ssl_write_ex"` - UretprobeSslDoHandshake *ebpf.Program `ebpf:"uretprobe_ssl_do_handshake"` - UretprobeSslRead *ebpf.Program `ebpf:"uretprobe_ssl_read"` - UretprobeSslReadEx *ebpf.Program `ebpf:"uretprobe_ssl_read_ex"` - UretprobeSslWrite *ebpf.Program `ebpf:"uretprobe_ssl_write"` - UretprobeSslWriteEx *ebpf.Program `ebpf:"uretprobe_ssl_write_ex"` -} - -func (p *bpfPrograms) Close() error { - return _BpfClose( - p.AppEgress, - p.AppIngress, - p.KprobeSysExit, - p.KprobeTcpCleanupRbuf, - p.KprobeTcpClose, - p.KprobeTcpConnect, - p.KprobeTcpRcvEstablished, - p.KprobeTcpRecvmsg, - p.KprobeTcpSendmsg, - p.KretprobeSockAlloc, - p.KretprobeSysAccept4, - p.KretprobeSysClone, - p.KretprobeSysConnect, - p.KretprobeTcpRecvmsg, - p.KretprobeTcpSendmsg, - p.ProtocolHttp, - p.ProtocolHttp2, - p.ProtocolTcp, - p.SocketHttpFilter, - p.UprobeSslDoHandshake, - p.UprobeSslRead, - p.UprobeSslReadEx, - p.UprobeSslShutdown, - p.UprobeSslWrite, - p.UprobeSslWriteEx, - p.UretprobeSslDoHandshake, - p.UretprobeSslRead, - p.UretprobeSslReadEx, - p.UretprobeSslWrite, - p.UretprobeSslWriteEx, - ) -} - -func _BpfClose(closers ...io.Closer) error { - for _, closer := range closers { - if err := closer.Close(); err != nil { - return err - } - } - return nil -} - -// Do not access this directly. -// -//go:embed bpf_x86_bpfel.o -var _BpfBytes []byte diff --git a/pkg/internal/ebpf/ktracer/bpf_x86_bpfel.o b/pkg/internal/ebpf/ktracer/bpf_x86_bpfel.o deleted file mode 100644 index 062ee2d7a..000000000 --- a/pkg/internal/ebpf/ktracer/bpf_x86_bpfel.o +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:961e15445f5e0666181af07bf068c327e0b0021521f210ebc5351ac444ee0695 -size 480440 diff --git a/pkg/internal/ebpf/ktracer/ktracer.go b/pkg/internal/ebpf/ktracer/ktracer.go deleted file mode 100644 index 1200e8311..000000000 --- a/pkg/internal/ebpf/ktracer/ktracer.go +++ /dev/null @@ -1,571 +0,0 @@ -//go:build linux - -package ktracer - -import ( - "context" - "errors" - "fmt" - "io" - "io/fs" - "log/slog" - "time" - "unsafe" - - "github.com/cilium/ebpf" - "github.com/gavv/monotime" - "github.com/vishvananda/netlink" - "golang.org/x/sys/unix" - - "github.com/grafana/beyla/pkg/beyla" - ebpfcommon "github.com/grafana/beyla/pkg/internal/ebpf/common" - "github.com/grafana/beyla/pkg/internal/exec" - "github.com/grafana/beyla/pkg/internal/goexec" - "github.com/grafana/beyla/pkg/internal/imetrics" - "github.com/grafana/beyla/pkg/internal/netolly/ifaces" - "github.com/grafana/beyla/pkg/internal/request" - "github.com/grafana/beyla/pkg/internal/svc" -) - -//go:generate $BPF2GO -cc $BPF_CLANG -cflags $BPF_CFLAGS -target amd64,arm64 bpf ../../../../bpf/k_tracer.c -- -I../../../../bpf/headers -//go:generate $BPF2GO -cc $BPF_CLANG -cflags $BPF_CFLAGS -target amd64,arm64 bpf_tp ../../../../bpf/k_tracer.c -- -I../../../../bpf/headers -DBPF_TRACEPARENT -//go:generate $BPF2GO -cc $BPF_CLANG -cflags $BPF_CFLAGS -target amd64,arm64 bpf_debug ../../../../bpf/k_tracer.c -- -I../../../../bpf/headers -DBPF_DEBUG -//go:generate $BPF2GO -cc $BPF_CLANG -cflags $BPF_CFLAGS -target amd64,arm64 bpf_tp_debug ../../../../bpf/k_tracer.c -- -I../../../../bpf/headers -DBPF_DEBUG -DBPF_TRACEPARENT - -type Tracer struct { - pidsFilter ebpfcommon.ServiceFilter - cfg *beyla.Config - metrics imetrics.Reporter - bpfObjects bpfObjects - closers []io.Closer - log *slog.Logger - qdiscs map[ifaces.Interface]*netlink.GenericQdisc - egressFilters map[ifaces.Interface]*netlink.BpfFilter - ingressFilters map[ifaces.Interface]*netlink.BpfFilter -} - -func New(cfg *beyla.Config, metrics imetrics.Reporter) *Tracer { - log := slog.With("component", "ktracer.Tracer") - return &Tracer{ - log: log, - cfg: cfg, - metrics: metrics, - pidsFilter: ebpfcommon.CommonPIDsFilter(&cfg.Discovery), - qdiscs: map[ifaces.Interface]*netlink.GenericQdisc{}, - egressFilters: map[ifaces.Interface]*netlink.BpfFilter{}, - ingressFilters: map[ifaces.Interface]*netlink.BpfFilter{}, - } -} - -// Updating these requires updating the constants below in pid.h -// #define MAX_CONCURRENT_PIDS 3001 // estimate: 1000 concurrent processes (including children) * 3 namespaces per pid -// #define PRIME_HASH 192053 // closest prime to 3001 * 64 -const ( - maxConcurrentPids = 3001 - primeHash = 192053 -) - -func pidSegmentBit(k uint64) (uint32, uint32) { - h := uint32(k % primeHash) - segment := h / 64 - bit := h & 63 - - return segment, bit -} - -func (p *Tracer) buildPidFilter() []uint64 { - result := make([]uint64, maxConcurrentPids) - for nsid, pids := range p.pidsFilter.CurrentPIDs(ebpfcommon.PIDTypeKProbes) { - for pid := range pids { - // skip any pids that might've been added, but are not tracked by the kprobes - p.log.Debug("Reallowing pid", "pid", pid, "namespace", nsid) - - k := uint64((uint64(nsid) << 32) | uint64(pid)) - - segment, bit := pidSegmentBit(k) - - v := result[segment] - v |= (1 << bit) - result[segment] = v - } - } - - return result -} - -func (p *Tracer) rebuildValidPids() { - if p.bpfObjects.ValidPids != nil { - v := p.buildPidFilter() - - p.log.Debug("number of segments in pid filter cache", "len", len(v)) - - for i, segment := range v { - err := p.bpfObjects.ValidPids.Put(uint32(i), uint64(segment)) - if err != nil { - p.log.Error("Error setting up pid in BPF space, sizes of Go and BPF maps don't match", "error", err, "i", i) - } - } - } -} - -func (p *Tracer) AllowPID(pid, ns uint32, svc *svc.ID) { - p.pidsFilter.AllowPID(pid, ns, svc, ebpfcommon.PIDTypeKProbes) - p.rebuildValidPids() -} - -func (p *Tracer) BlockPID(pid, ns uint32) { - p.pidsFilter.BlockPID(pid, ns) - p.rebuildValidPids() -} - -func (p *Tracer) Load() (*ebpf.CollectionSpec, error) { - loader := loadBpf - if p.cfg.EBPF.BpfDebug { - loader = loadBpf_debug - } - - if p.cfg.EBPF.TrackRequestHeaders { - if ebpfcommon.SupportsEBPFLoops() { - p.log.Info("Found Linux kernel later than 5.17, enabling trace information parsing") - loader = loadBpf_tp - if p.cfg.EBPF.BpfDebug { - loader = loadBpf_tp_debug - } - } - } - - return loader() -} - -func (p *Tracer) SetupTailCalls() { - for _, tc := range []struct { - index int - prog *ebpf.Program - }{ - { - index: 0, - prog: p.bpfObjects.ProtocolHttp, - }, - { - index: 1, - prog: p.bpfObjects.ProtocolHttp2, - }, - { - index: 2, - prog: p.bpfObjects.ProtocolTcp, - }, - } { - err := p.bpfObjects.JumpTable.Update(uint32(tc.index), uint32(tc.prog.FD()), ebpf.UpdateAny) - - if err != nil { - p.log.Error("error loading info tail call jump table", "error", err) - } - } -} - -func (p *Tracer) Constants() map[string]any { - m := make(map[string]any, 2) - - // The eBPF side does some basic filtering of events that do not belong to - // processes which we monitor. We filter more accurately in the userspace, but - // for performance reasons we enable the PID based filtering in eBPF. - // This must match httpssl.go, otherwise we get partial events in userspace. - if !p.cfg.Discovery.SystemWide && !p.cfg.Discovery.BPFPidFilterOff { - m["filter_pids"] = int32(1) - } else { - m["filter_pids"] = int32(0) - } - - if p.cfg.EBPF.TrackRequestHeaders { - m["capture_header_buffer"] = int32(1) - } else { - m["capture_header_buffer"] = int32(0) - } - - if p.cfg.EBPF.HighRequestVolume { - m["high_request_volume"] = uint32(1) - } - - return m -} - -func (p *Tracer) RegisterOffsets(_ *exec.FileInfo, _ *goexec.Offsets) {} - -func (p *Tracer) BpfObjects() any { - return &p.bpfObjects -} - -func (p *Tracer) AddCloser(c ...io.Closer) { - p.closers = append(p.closers, c...) -} - -func (p *Tracer) GoProbes() map[string][]ebpfcommon.FunctionPrograms { - return nil -} - -func (p *Tracer) KProbes() map[string]ebpfcommon.FunctionPrograms { - return map[string]ebpfcommon.FunctionPrograms{ - // Both sys accept probes use the same kretprobe. - // We could tap into __sys_accept4, but we might be more prone to - // issues with the internal kernel code changing. - "sys_accept": { - Required: true, - End: p.bpfObjects.KretprobeSysAccept4, - }, - "sys_accept4": { - Required: true, - End: p.bpfObjects.KretprobeSysAccept4, - }, - "sock_alloc": { - Required: true, - End: p.bpfObjects.KretprobeSockAlloc, - }, - "tcp_rcv_established": { - Required: true, - Start: p.bpfObjects.KprobeTcpRcvEstablished, - }, - // Tracking of HTTP client calls, by tapping into connect - "sys_connect": { - Required: true, - End: p.bpfObjects.KretprobeSysConnect, - }, - "tcp_connect": { - Required: true, - Start: p.bpfObjects.KprobeTcpConnect, - }, - "tcp_close": { - Required: true, - Start: p.bpfObjects.KprobeTcpClose, - }, - "tcp_sendmsg": { - Required: true, - Start: p.bpfObjects.KprobeTcpSendmsg, - End: p.bpfObjects.KretprobeTcpSendmsg, - }, - // Reading more than 160 bytes - "tcp_recvmsg": { - Required: true, - Start: p.bpfObjects.KprobeTcpRecvmsg, - End: p.bpfObjects.KretprobeTcpRecvmsg, - }, - "tcp_cleanup_rbuf": { - Start: p.bpfObjects.KprobeTcpCleanupRbuf, // this kprobe runs the same code as recvmsg return, we use it because kretprobes can be unreliable. - }, - "sys_clone": { - Required: true, - End: p.bpfObjects.KretprobeSysClone, - }, - "sys_clone3": { - Required: false, - End: p.bpfObjects.KretprobeSysClone, - }, - "sys_exit": { - Required: true, - Start: p.bpfObjects.KprobeSysExit, - }, - } -} - -func (p *Tracer) UProbes() map[string]map[string]ebpfcommon.FunctionPrograms { - return nil -} - -func (p *Tracer) Tracepoints() map[string]ebpfcommon.FunctionPrograms { - return nil -} - -func (p *Tracer) SocketFilters() []*ebpf.Program { - return []*ebpf.Program{p.bpfObjects.SocketHttpFilter} -} - -func (p *Tracer) RecordInstrumentedLib(_ uint64) {} - -func (p *Tracer) AlreadyInstrumentedLib(_ uint64) bool { - return false -} - -func (p *Tracer) SetupTC() { - if !p.cfg.EBPF.UseLinuxTC { - return - } - - informer := ifaces.NewWatcher(p.cfg.ChannelBufferLen) - registerer := ifaces.NewRegisterer(informer, p.cfg.ChannelBufferLen) - ctx := context.Background() - - p.log.Debug("subscribing for network interface events") - ifaceEvents, err := registerer.Subscribe(ctx) - if err != nil { - p.log.Error("instantiating interfaces' informer", "error", err) - return - } - - go func() { - for { - select { - case <-ctx.Done(): - slog.Debug("stopping interfaces' listener") - return - case event := <-ifaceEvents: - slog.Debug("received event", "event", event) - switch event.Type { - case ifaces.EventAdded: - p.registerTC(event.Interface) - case ifaces.EventDeleted: - // qdiscs, ingress and egress filters are automatically deleted so we don't need to - // specifically detach them from the ebpfFetcher - default: - slog.Warn("unknown event type", "event", event) - } - } - } - }() -} - -func (p *Tracer) Run(ctx context.Context, eventsChan chan<- []request.Span) { - // At this point we now have loaded the bpf objects, which means we should insert any - // pids that are allowed into the bpf map - if p.bpfObjects.ValidPids != nil { - p.rebuildValidPids() - } else { - p.log.Error("BPF Pids map is not created yet, this is a bug.") - } - - timeoutTicker := time.NewTicker(2 * time.Second) - - go p.watchForMisclassifedEvents() - go p.lookForTimeouts(timeoutTicker, eventsChan) - defer timeoutTicker.Stop() - - ebpfcommon.SharedRingbuf( - &p.cfg.EBPF, - p.pidsFilter, - p.bpfObjects.Events, - p.metrics, - )(ctx, append(p.closers, &p.bpfObjects), eventsChan) - - p.closeTC() -} - -func kernelTime(ktime uint64) time.Time { - now := time.Now() - delta := monotime.Now() - time.Duration(int64(ktime)) - - return now.Add(-delta) -} - -//nolint:cyclop -func (p *Tracer) lookForTimeouts(ticker *time.Ticker, eventsChan chan<- []request.Span) { - for t := range ticker.C { - if p.bpfObjects.OngoingHttp != nil { - i := p.bpfObjects.OngoingHttp.Iterate() - var k bpfPidConnectionInfoT - var v bpfHttpInfoT - for i.Next(&k, &v) { - // Check if we have a lingering request which we've completed, as in it has EndMonotimeNs - // but it hasn't been posted yet, likely missed by the logic that looks at finishing requests - // where we track the full response. If we haven't updated the EndMonotimeNs in more than some - // short interval, we are likely not going to finish this request from eBPF, so let's do it here. - if v.EndMonotimeNs != 0 && t.After(kernelTime(v.EndMonotimeNs).Add(2*time.Second)) { - // Must use unsafe here, the two bpfHttpInfoTs are the same but generated from different - // ebpf2go outputs - s, ignore, err := ebpfcommon.HTTPInfoEventToSpan(*(*ebpfcommon.BPFHTTPInfo)(unsafe.Pointer(&v))) - if !ignore && err == nil { - eventsChan <- p.pidsFilter.Filter([]request.Span{s}) - } - if err := p.bpfObjects.OngoingHttp.Delete(k); err != nil { - p.log.Debug("Error deleting ongoing request", "error", err) - } - } else if v.EndMonotimeNs == 0 && p.cfg.EBPF.HTTPRequestTimeout.Milliseconds() > 0 && t.After(kernelTime(v.StartMonotimeNs).Add(p.cfg.EBPF.HTTPRequestTimeout)) { - // If we don't have a request finish with endTime by the configured request timeout, terminate the - // waiting request with a timeout 408 - s, ignore, err := ebpfcommon.HTTPInfoEventToSpan(*(*ebpfcommon.BPFHTTPInfo)(unsafe.Pointer(&v))) - - if !ignore && err == nil { - s.Status = 408 // timeout - if s.RequestStart == 0 { - s.RequestStart = s.Start - } - s.End = s.Start + p.cfg.EBPF.HTTPRequestTimeout.Nanoseconds() - - eventsChan <- p.pidsFilter.Filter([]request.Span{s}) - } - if err := p.bpfObjects.OngoingHttp.Delete(k); err != nil { - p.log.Debug("Error deleting ongoing request", "error", err) - } - } - } - } - } -} - -func (p *Tracer) watchForMisclassifedEvents() { - for e := range ebpfcommon.MisclassifiedEvents { - if e.EventType == ebpfcommon.EventTypeKHTTP2 { - if p.bpfObjects.OngoingHttp2Connections != nil { - err := p.bpfObjects.OngoingHttp2Connections.Put( - &bpfPidConnectionInfoT{Conn: bpfConnectionInfoT(e.TCPInfo.ConnInfo), Pid: e.TCPInfo.Pid.HostPid}, - uint8(e.TCPInfo.Ssl), - ) - if err != nil { - p.log.Debug("error writing HTTP2/gRPC connection info", "error", err) - } - } - } - } -} - -func (p *Tracer) registerTC(iface ifaces.Interface) { - // Load pre-compiled programs and maps into the kernel, and rewrites the configuration - ipvlan, err := netlink.LinkByIndex(iface.Index) - if err != nil { - p.log.Error("failed to lookup ipvlan device", "index", iface.Index, "name", iface.Name, "error", err) - return - } - qdiscAttrs := netlink.QdiscAttrs{ - LinkIndex: ipvlan.Attrs().Index, - Handle: netlink.MakeHandle(0xffff, 0), - Parent: netlink.HANDLE_CLSACT, - } - qdisc := &netlink.GenericQdisc{ - QdiscAttrs: qdiscAttrs, - QdiscType: "clsact", - } - if err := netlink.QdiscDel(qdisc); err == nil { - p.log.Warn("qdisc clsact already existed. Deleted it") - } - if err := netlink.QdiscAdd(qdisc); err != nil { - if errors.Is(err, fs.ErrExist) { - p.log.Warn("qdisc clsact already exists. Ignoring", "error", err) - } else { - p.log.Error("failed to create clsact qdisc on", "index", iface.Index, "name", iface.Name, "error", err) - return - } - } - p.qdiscs[iface] = qdisc - - if err := p.registerEgress(iface, ipvlan); err != nil { - p.log.Error("failed to install egress filters", "error", err) - } - - if err := p.registerIngress(iface, ipvlan); err != nil { - p.log.Error("failed to install ingres filters", "error", err) - } -} - -func (p *Tracer) registerEgress(iface ifaces.Interface, ipvlan netlink.Link) error { - // Fetch events on egress - egressAttrs := netlink.FilterAttrs{ - LinkIndex: ipvlan.Attrs().Index, - Parent: netlink.HANDLE_MIN_EGRESS, - Handle: netlink.MakeHandle(0, 1), - Protocol: 3, - Priority: 1, - } - egressFilter := &netlink.BpfFilter{ - FilterAttrs: egressAttrs, - Fd: p.bpfObjects.AppEgress.FD(), - Name: "tc/app_tc_egress", - DirectAction: true, - } - if err := netlink.FilterDel(egressFilter); err == nil { - p.log.Warn("egress filter already existed. Deleted it") - } - if err := netlink.FilterAdd(egressFilter); err != nil { - if errors.Is(err, fs.ErrExist) { - p.log.Warn("egress filter already exists. Ignoring", "error", err) - } else { - return fmt.Errorf("failed to create egress filter: %w", err) - } - } - - p.egressFilters[iface] = egressFilter - return nil -} - -func (p *Tracer) registerIngress(iface ifaces.Interface, ipvlan netlink.Link) error { - // Fetch events on ingress - ingressAttrs := netlink.FilterAttrs{ - LinkIndex: ipvlan.Attrs().Index, - Parent: netlink.HANDLE_MIN_INGRESS, - Handle: netlink.MakeHandle(0, 1), - Protocol: unix.ETH_P_ALL, - Priority: 1, - } - ingressFilter := &netlink.BpfFilter{ - FilterAttrs: ingressAttrs, - Fd: p.bpfObjects.AppIngress.FD(), - Name: "tc/app_tc_ingress", - DirectAction: true, - } - if err := netlink.FilterDel(ingressFilter); err == nil { - p.log.Warn("ingress filter already existed. Deleted it") - } - if err := netlink.FilterAdd(ingressFilter); err != nil { - if errors.Is(err, fs.ErrExist) { - p.log.Warn("ingress filter already exists. Ignoring", "error", err) - } else { - return fmt.Errorf("failed to create ingress filter: %w", err) - } - } - - p.ingressFilters[iface] = ingressFilter - return nil -} - -func (p *Tracer) closeTC() { - p.log.Info("removing traffic control probes") - - p.bpfObjects.AppEgress.Close() - p.bpfObjects.AppIngress.Close() - - // cleanup egress - for iface, ef := range p.egressFilters { - p.log.Debug("deleting egress filter", "interface", iface) - if err := doIgnoreNoDev(netlink.FilterDel, netlink.Filter(ef)); err != nil { - p.log.Error("deleting egress filter", "error", err) - } - } - p.egressFilters = map[ifaces.Interface]*netlink.BpfFilter{} - - // cleanup ingress - for iface, igf := range p.ingressFilters { - p.log.Debug("deleting ingress filter", "interface", iface) - if err := doIgnoreNoDev(netlink.FilterDel, netlink.Filter(igf)); err != nil { - p.log.Error("deleting ingress filter", "error", err) - } - } - p.ingressFilters = map[ifaces.Interface]*netlink.BpfFilter{} - - // cleanup qdiscs - for iface, qd := range p.qdiscs { - p.log.Debug("deleting Qdisc", "interface", iface) - if err := doIgnoreNoDev(netlink.QdiscDel, netlink.Qdisc(qd)); err != nil { - p.log.Error("deleting qdisc", "error", err) - } - } - p.qdiscs = map[ifaces.Interface]*netlink.GenericQdisc{} -} - -// doIgnoreNoDev runs the provided syscall over the provided device and ignores the error -// if the cause is a non-existing device (just logs the error as debug). -// If the agent is deployed as part of the Network Metrics pipeline, normally -// undeploying the FlowCollector could cause the agent to try to remove resources -// from Pods that have been removed immediately before (e.g. flowlogs-pipeline or the -// console plugin), so we avoid logging some errors that would unnecessarily raise the -// user's attention. -// This function uses generics because the set of provided functions accept different argument -// types. -func doIgnoreNoDev[T any](sysCall func(T) error, dev T) error { - if err := sysCall(dev); err != nil { - if errors.Is(err, unix.ENODEV) { - slog.Error("can't delete. Ignore this error if other pods or interfaces "+ - " are also being deleted at this moment. For example, if you are undeploying "+ - " a FlowCollector or Deployment where this agent is part of", - "error", err) - } else { - return err - } - } - return nil -}