ebpfcommon

package
v1.3.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 4, 2024 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

View Source
const EventTypeKHTTP = 6 // HTTP Events generated by kprobes
View Source
const EventTypeSQL = 5 // EVENT_SQL_CLIENT

Variables

View Source
var ActiveNamespaces = make(map[uint32]uint32)
View Source
var IntegrityModeOverride = false

Functions

func FindNamespace added in v0.4.0

func FindNamespace(pid int32) (uint32, error)

func FindNamespacedPids added in v0.4.0

func FindNamespacedPids(pid int32) ([]uint32, error)

func ForwardRingbuf

func ForwardRingbuf(
	cfg *TracerConfig,
	ringbuffer *ebpf.Map,
	filter ServiceFilter,
	reader func(*ringbuf.Record) (request.Span, bool, error),
	logger *slog.Logger,
	metrics imetrics.Reporter,
	closers ...io.Closer,
) func(context.Context, chan<- []request.Span)

func HTTPRequestTraceToSpan added in v0.0.5

func HTTPRequestTraceToSpan(trace *HTTPRequestTrace) request.Span

func KernelVersion added in v1.2.0

func KernelVersion() (major, minor int)

Copied from https://github.com/golang/go/blob/go1.21.3/src/internal/syscall/unix/kernel_version_linux.go

func ReadHTTPInfoIntoSpan added in v1.3.0

func ReadHTTPInfoIntoSpan(record *ringbuf.Record) (request.Span, bool, error)

func ReadHTTPRequestTraceAsSpan added in v0.0.5

func ReadHTTPRequestTraceAsSpan(record *ringbuf.Record) (request.Span, bool, error)

func ReadSQLRequestTraceAsSpan added in v1.0.0

func ReadSQLRequestTraceAsSpan(record *ringbuf.Record) (request.Span, bool, error)

func SQLRequestTraceToSpan added in v1.0.0

func SQLRequestTraceToSpan(trace *SQLRequestTrace) request.Span

func SharedRingbuf added in v1.3.0

func SharedRingbuf(
	cfg *TracerConfig,
	filter ServiceFilter,
	ringbuffer *ebpf.Map,
	metrics imetrics.Reporter,
	closers ...io.Closer,
) func(context.Context, chan<- []request.Span)

ForwardRingbuf returns a function reads HTTPRequestTraces from an input ring buffer, accumulates them into an internal buffer, and forwards them to an output events channel, previously converted to request.Span instances.

func SupportsContextPropagation added in v1.2.0

func SupportsContextPropagation(log *slog.Logger) bool

func SupportsEBPFLoops added in v1.2.0

func SupportsEBPFLoops() bool

Types

type BPFConnInfo added in v1.3.0

type BPFConnInfo bpfConnectionInfoT

type BPFHTTPInfo added in v1.3.0

type BPFHTTPInfo bpfHttpInfoT

type Filter

type Filter struct {
	io.Closer
	Fd int
}

func (*Filter) Close

func (f *Filter) Close() error

type FunctionPrograms

type FunctionPrograms struct {
	// Required, if true, will cancel the execution of the eBPF Tracer
	// if the function has not been found in the executable
	Required bool
	Start    *ebpf.Program
	End      *ebpf.Program
}

type HTTPInfo added in v1.3.0

type HTTPInfo struct {
	BPFHTTPInfo
	Method  string
	URL     string
	Host    string
	Peer    string
	Service svc.ID
}

type HTTPRequestTrace

type HTTPRequestTrace bpfHttpRequestTrace

HTTPRequestTrace contains information from an HTTP request as directly received from the eBPF layer. This contains low-level C structures for accurate binary read from ring buffer.

type IdentityPidsFilter added in v0.3.2

type IdentityPidsFilter struct{}

IdentityPidsFilter is a PIDsFilter that does not filter anything. It is feasible for system-wide instrumenation

func (*IdentityPidsFilter) AllowPID added in v0.3.2

func (pf *IdentityPidsFilter) AllowPID(_ uint32, _ svc.ID, _ PIDType)

func (*IdentityPidsFilter) BlockPID added in v0.3.2

func (pf *IdentityPidsFilter) BlockPID(_ uint32)

func (*IdentityPidsFilter) CurrentPIDs added in v0.3.2

func (pf *IdentityPidsFilter) CurrentPIDs(_ PIDType) map[uint32]map[uint32]svc.ID

func (*IdentityPidsFilter) Filter added in v0.3.2

func (pf *IdentityPidsFilter) Filter(inputSpans []request.Span) []request.Span

type KernelLockdown added in v1.1.0

type KernelLockdown uint8
const (
	KernelLockdownNone KernelLockdown = iota + 1
	KernelLockdownIntegrity
	KernelLockdownConfidentiality
	KernelLockdownOther
)

func KernelLockdownMode added in v1.1.0

func KernelLockdownMode() KernelLockdown

type PIDInfo added in v1.3.0

type PIDInfo struct {
	// contains filtered or unexported fields
}

type PIDType added in v1.3.0

type PIDType uint8
const (
	PIDTypeKProbes PIDType = iota + 1
	PIDTypeGo
)

type PIDsFilter added in v0.3.2

type PIDsFilter struct {
	// contains filtered or unexported fields
}

PIDsFilter keeps a thread-safe copy of the PIDs whose traces are allowed to be forwarded. Its Filter method filters the request.Span instances whose PIDs are not in the allowed list.

func NewPIDsFilter added in v0.3.2

func NewPIDsFilter(log *slog.Logger) *PIDsFilter

func (*PIDsFilter) AllowPID added in v0.3.2

func (pf *PIDsFilter) AllowPID(pid uint32, svc svc.ID, pidType PIDType)

func (*PIDsFilter) BlockPID added in v0.3.2

func (pf *PIDsFilter) BlockPID(pid uint32)

func (*PIDsFilter) CurrentPIDs added in v0.3.2

func (pf *PIDsFilter) CurrentPIDs(t PIDType) map[uint32]map[uint32]svc.ID

func (*PIDsFilter) Filter added in v0.3.2

func (pf *PIDsFilter) Filter(inputSpans []request.Span) []request.Span

type Probe

type Probe struct {
	Offsets  goexec.FuncOffsets
	Programs FunctionPrograms
}

Probe holds the information of the instrumentation points of a given function: its start and end offsets and eBPF programs

type SQLRequestTrace added in v1.0.0

type SQLRequestTrace bpfSqlRequestTrace

type ServiceFilter added in v1.3.0

type ServiceFilter interface {
	AllowPID(uint32, svc.ID, PIDType)
	BlockPID(uint32)
	Filter(inputSpans []request.Span) []request.Span
	CurrentPIDs(PIDType) map[uint32]map[uint32]svc.ID
}

func CommonPIDsFilter added in v1.1.0

func CommonPIDsFilter(systemWide bool) ServiceFilter

type TracerConfig

type TracerConfig struct {
	BpfDebug bool `yaml:"bfp_debug" env:"BEYLA_BPF_DEBUG"`

	// WakeupLen specifies how many messages need to be accumulated in the eBPF ringbuffer
	// before sending a wakeup request.
	// High values of WakeupLen could add a noticeable metric delay in services with low
	// requests/second.
	// TODO: see if there is a way to force eBPF to wakeup userspace on timeout
	WakeupLen int `yaml:"wakeup_len" env:"BEYLA_BPF_WAKEUP_LEN"`
	// BatchLength allows specifying how many traces will be batched at the initial
	// stage before being forwarded to the next stage
	BatchLength int `yaml:"batch_length" env:"BEYLA_BPF_BATCH_LENGTH"`
	// BatchTimeout specifies the timeout to forward the data batch if it didn't
	// reach the BatchLength size
	BatchTimeout time.Duration `yaml:"batch_timeout" env:"BEYLA_BPF_BATCH_TIMEOUT"`

	// BpfBaseDir specifies the base directory where the BPF pinned maps will be mounted.
	// By default, it will be /var/run/beyla
	BpfBaseDir string `yaml:"bpf_fs_base_dir" env:"BEYLA_BPF_FS_BASE_DIR"`

	// If enabled, the kprobes based HTTP request tracking will start tracking the request
	// headers to process any 'Traceparent' fields.
	TrackRequestHeaders bool `yaml:"track_request_headers" env:"BEYLA_BPF_TRACK_REQUEST_HEADERS"`
}

TracerConfig configuration for eBPF programs

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL