ebpfcommon

package
v2.0.4-alloy-test Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 18, 2025 License: Apache-2.0 Imports: 35 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	FrameData         http2FrameType = 0x0
	FrameHeaders      http2FrameType = 0x1
	FramePriority     http2FrameType = 0x2
	FrameRSTStream    http2FrameType = 0x3
	FrameSettings     http2FrameType = 0x4
	FramePushPromise  http2FrameType = 0x5
	FramePing         http2FrameType = 0x6
	FrameGoAway       http2FrameType = 0x7
	FrameWindowUpdate http2FrameType = 0x8
	FrameContinuation http2FrameType = 0x9
)
View Source 
const EventTypeGoKafkaGo = 11 // Kafka-Go client from Segment-io
View Source 
const EventTypeGoRedis = 10 // Redis client for Go
View Source 
const EventTypeGoSarama = 9 // Kafka client for Go (Shopify/IBM Sarama)
View Source 
const EventTypeKHTTP = 6 // HTTP Events generated by kprobes
View Source 
const EventTypeKHTTP2 = 7 // HTTP2/gRPC Events generated by kprobes
View Source 
const EventTypeSQL = 5 // EVENT_SQL_CLIENT
View Source 
const EventTypeTCP = 8 // Unknown TCP protocol to be classified by user space
View Source 
const KafkaMaxPayload = 20 * 1024 * 1024 // 20 MB max, 1MB is default for most Kafka installations
View Source 
const KafkaMinLength = 14

Variables

View Source 
var ActiveNamespaces = make(map[uint32]uint32)
View Source 
var IntegrityModeOverride = false
View Source 
var MisclassifiedEvents = make(chan MisclassifiedEvent)

Functions

func ForwardRingbuf 

func ForwardRingbuf(
	cfg *config.EBPFTracer,
	ringbuffer *ebpf.Map,
	filter ServiceFilter,
	reader func(*config.EBPFTracer, *ringbuf.Record, ServiceFilter) (request.Span, bool, error),
	logger *slog.Logger,
	metrics imetrics.Reporter,
	closers ...io.Closer,
) func(context.Context, chan<- []request.Span)

func GoKafkaSaramaToSpan 

func GoKafkaSaramaToSpan(event *GoSaramaClientInfo, data *KafkaInfo) request.Span

func HTTPInfoEventToSpan 

func HTTPInfoEventToSpan(event BPFHTTPInfo) (request.Span, bool, error)

func HTTPRequestTraceToSpan 

func HTTPRequestTraceToSpan(trace *HTTPRequestTrace) request.Span

func KernelVersion 

func KernelVersion() (major, minor int)

Copied from https://github.com/golang/go/blob/go1.21.3/src/internal/syscall/unix/kernel_version_linux.go

func ReadBPFTraceAsSpan 

func ReadBPFTraceAsSpan(cfg *config.EBPFTracer, record *ringbuf.Record, filter ServiceFilter) (request.Span, bool, error)

func ReadGoKafkaGoRequestIntoSpan 

func ReadGoKafkaGoRequestIntoSpan(record *ringbuf.Record) (request.Span, bool, error)

func ReadGoRedisRequestIntoSpan 

func ReadGoRedisRequestIntoSpan(record *ringbuf.Record) (request.Span, bool, error)

func ReadGoSaramaRequestIntoSpan 

func ReadGoSaramaRequestIntoSpan(record *ringbuf.Record) (request.Span, bool, error)

func ReadHTTP2InfoIntoSpan 

func ReadHTTP2InfoIntoSpan(record *ringbuf.Record, filter ServiceFilter) (request.Span, bool, error)

func ReadHTTPInfoIntoSpan 

func ReadHTTPInfoIntoSpan(record *ringbuf.Record, filter ServiceFilter) (request.Span, bool, error)

func ReadSQLRequestTraceAsSpan 

func ReadSQLRequestTraceAsSpan(record *ringbuf.Record) (request.Span, bool, error)

func ReadTCPRequestIntoSpan 

func ReadTCPRequestIntoSpan(cfg *config.EBPFTracer, record *ringbuf.Record, filter ServiceFilter) (request.Span, bool, error)

nolint:cyclop

func SQLRequestTraceToSpan 

func SQLRequestTraceToSpan(trace *SQLRequestTrace) request.Span

func SharedRingbuf 

func SharedRingbuf(
	cfg *config.EBPFTracer,
	filter ServiceFilter,
	ringbuffer *ebpf.Map,
	metrics imetrics.Reporter,
) func(context.Context, []io.Closer, chan<- []request.Span)

ForwardRingbuf returns a function reads HTTPRequestTraces from an input ring buffer, accumulates them into an internal buffer, and forwards them to an output events channel, previously converted to request.Span instances.

func SupportsContextPropagation 

func SupportsContextPropagation(log *slog.Logger) bool

func SupportsEBPFLoops 

func SupportsEBPFLoops() bool

func TCPToFastCGIToSpan 

func TCPToFastCGIToSpan(trace *TCPRequestInfo, op, uri string, status int) request.Span

func TCPToKafkaToSpan 

func TCPToKafkaToSpan(trace *TCPRequestInfo, data *KafkaInfo) request.Span

func TCPToRedisToSpan 

func TCPToRedisToSpan(trace *TCPRequestInfo, op, text string, status int) request.Span

func TCPToSQLToSpan 

func TCPToSQLToSpan(trace *TCPRequestInfo, op, table, sql string, kind request.SQLKind) request.Span

Types

type BPFConnInfo 

type BPFConnInfo bpfConnectionInfoT

type BPFHTTP2Info 

type BPFHTTP2Info bpfHttp2GrpcRequestT

type BPFHTTPInfo 

type BPFHTTPInfo bpfHttpInfoT

type Filter 

type Filter struct {
	io.Closer
	Fd int
}

func (*Filter) Close 

func (f *Filter) Close() error

type GoKafkaGoClientInfo 

type GoKafkaGoClientInfo bpfKafkaGoReqT

type GoRedisClientInfo 

type GoRedisClientInfo bpfRedisClientReqT

type GoSaramaClientInfo 

type GoSaramaClientInfo bpfKafkaClientReqT

type HTTPInfo 

type HTTPInfo struct {
	BPFHTTPInfo
	Method string
	URL    string
	Host   string
	Peer   string
}

type HTTPRequestTrace 

type HTTPRequestTrace bpfHttpRequestTrace

HTTPRequestTrace contains information from an HTTP request as directly received from the eBPF layer. This contains low-level C structures for accurate binary read from ring buffer. 

type Header struct {
	MessageSize   int32
	APIKey        int16
	APIVersion    int16
	CorrelationID int32
	ClientIDSize  int16
}

type IdentityPidsFilter 

type IdentityPidsFilter struct {
	// contains filtered or unexported fields
}

IdentityPidsFilter is a PIDsFilter that does not filter anything. It is feasible for system-wide instrumenation

func (*IdentityPidsFilter) AllowPID 

func (pf *IdentityPidsFilter) AllowPID(_ uint32, _ uint32, _ *svc.Attrs, _ PIDType)

func (*IdentityPidsFilter) BlockPID 

func (pf *IdentityPidsFilter) BlockPID(_ uint32, _ uint32)

func (*IdentityPidsFilter) CurrentPIDs 

func (pf *IdentityPidsFilter) CurrentPIDs(_ PIDType) map[uint32]map[uint32]svc.Attrs

func (*IdentityPidsFilter) Filter 

func (pf *IdentityPidsFilter) Filter(inputSpans []request.Span) []request.Span

func (*IdentityPidsFilter) ValidPID 

func (pf *IdentityPidsFilter) ValidPID(_ uint32, _ uint32, _ PIDType) bool

type InstrumentedLibsT 

type InstrumentedLibsT map[uint64]*LibModule

Hold onto Linux inode numbers of files that are already instrumented, e.g. libssl.so.3

func (InstrumentedLibsT) AddRef 

func (libs InstrumentedLibsT) AddRef(id uint64) *LibModule

func (InstrumentedLibsT) At 

func (libs InstrumentedLibsT) At(id uint64) *LibModule

func (InstrumentedLibsT) Find 

func (libs InstrumentedLibsT) Find(id uint64) *LibModule

func (InstrumentedLibsT) RemoveRef 

func (libs InstrumentedLibsT) RemoveRef(id uint64) (*LibModule, error)

type KafkaInfo 

type KafkaInfo struct {
	Operation   Operation
	Topic       string
	ClientID    string
	TopicOffset int
}

func ProcessKafkaRequest 

func ProcessKafkaRequest(pkt []byte) (*KafkaInfo, error)

https://kafka.apache.org/protocol.html

func ProcessPossibleKafkaEvent 

func ProcessPossibleKafkaEvent(event *TCPRequestInfo, pkt []byte, rpkt []byte) (*KafkaInfo, error)

ProcessKafkaRequest processes a TCP packet and returns error if the packet is not a valid Kafka request. Otherwise, return kafka.Info with the processed data.

type KernelLockdown 

type KernelLockdown uint8
const (
	KernelLockdownNone KernelLockdown = iota + 1
	KernelLockdownIntegrity
	KernelLockdownConfidentiality
	KernelLockdownOther
)

func KernelLockdownMode 

func KernelLockdownMode() KernelLockdown

type LibModule 

type LibModule struct {
	References uint64
	Closers    []io.Closer
}

type MisclassifiedEvent 

type MisclassifiedEvent struct {
	EventType int
	TCPInfo   *TCPRequestInfo
}

type Operation 

type Operation int8
const (
	Produce Operation = 0
	Fetch   Operation = 1
)

func (Operation) String 

func (k Operation) String() string

type PIDInfo 

type PIDInfo struct {
	// contains filtered or unexported fields
}

type PIDType 

type PIDType uint8
const (
	PIDTypeKProbes PIDType = iota + 1
	PIDTypeGo
)

type PIDsFilter 

type PIDsFilter struct {
	// contains filtered or unexported fields
}

PIDsFilter keeps a thread-safe copy of the PIDs whose traces are allowed to be forwarded. Its Filter method filters the request.Span instances whose PIDs are not in the allowed list.

func (*PIDsFilter) AllowPID 

func (pf *PIDsFilter) AllowPID(pid, ns uint32, svc *svc.Attrs, pidType PIDType)

func (*PIDsFilter) BlockPID 

func (pf *PIDsFilter) BlockPID(pid, ns uint32)

func (*PIDsFilter) CurrentPIDs 

func (pf *PIDsFilter) CurrentPIDs(t PIDType) map[uint32]map[uint32]svc.Attrs

func (*PIDsFilter) Filter 

func (pf *PIDsFilter) Filter(inputSpans []request.Span) []request.Span

func (*PIDsFilter) ValidPID 

func (pf *PIDsFilter) ValidPID(userPID, ns uint32, pidType PIDType) bool

type ProbeDesc 

type ProbeDesc struct {
	// Required, if true, will cancel the execution of the eBPF Tracer
	// if the function has not been found in the executable
	Required bool

	// The eBPF program to attach to the symbol as a uprobe (either to the
	// symbol name or to StartOffset)
	Start *ebpf.Program

	// The eBPF program to attach to the symbol either as a uretprobe or as a
	// uprobe to ReturnOffsets
	End *ebpf.Program

	// Optional offset to the start of the symbol
	StartOffset uint64

	// Optional list of the offsets of every RET instruction in the symbol
	ReturnOffsets []uint64
}

ProbeDesc holds the information of the instrumentation points of a given function/symbol

type Protocol 

type Protocol uint8
const (
	HTTP2 Protocol = iota + 1
	GRPC
)

The following consts need to coincide with some C identifiers: EVENT_HTTP_REQUEST, EVENT_GRPC_REQUEST, EVENT_HTTP_CLIENT, EVENT_GRPC_CLIENT, EVENT_SQL_CLIENT

type SQLRequestTrace 

type SQLRequestTrace bpfSqlRequestTrace

type ServiceFilter 

type ServiceFilter interface {
	AllowPID(uint32, uint32, *svc.Attrs, PIDType)
	BlockPID(uint32, uint32)
	ValidPID(uint32, uint32, PIDType) bool
	Filter(inputSpans []request.Span) []request.Span
	CurrentPIDs(PIDType) map[uint32]map[uint32]svc.Attrs
}

func CommonPIDsFilter 

func CommonPIDsFilter(c *services.DiscoveryConfig) ServiceFilter

type SockMsg 

type SockMsg struct {
	io.Closer
	Program  *ebpf.Program
	MapFD    int
	AttachAs ebpf.AttachType
}

func (*SockMsg) Close 

func (s *SockMsg) Close() error

type SockOps 

type SockOps struct {
	io.Closer
	Program       *ebpf.Program
	AttachAs      ebpf.AttachType
	SockopsCgroup link.Link
}

func (*SockOps) Close 

func (s *SockOps) Close() error

type TCPRequestInfo 

type TCPRequestInfo bpfTcpReqT

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.