ebpfcommon

package
v1.7.1-alpha.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 15, 2024 License: Apache-2.0 Imports: 33 Imported by: 0

Documentation

Index

Constants

View Source
const (
	FrameData         http2FrameType = 0x0
	FrameHeaders      http2FrameType = 0x1
	FramePriority     http2FrameType = 0x2
	FrameRSTStream    http2FrameType = 0x3
	FrameSettings     http2FrameType = 0x4
	FramePushPromise  http2FrameType = 0x5
	FramePing         http2FrameType = 0x6
	FrameGoAway       http2FrameType = 0x7
	FrameWindowUpdate http2FrameType = 0x8
	FrameContinuation http2FrameType = 0x9
)
View Source
const EventTypeGoKafkaGo = 11 // Kafka-Go client from Segment-io
View Source
const EventTypeGoRedis = 10 // Redis client for Go
View Source
const EventTypeGoSarama = 9 // Kafka client for Go (Shopify/IBM Sarama)
View Source
const EventTypeKHTTP = 6 // HTTP Events generated by kprobes
View Source
const EventTypeKHTTP2 = 7 // HTTP2/gRPC Events generated by kprobes
View Source
const EventTypeSQL = 5 // EVENT_SQL_CLIENT
View Source
const EventTypeTCP = 8 // Unknown TCP protocol to be classified by user space
View Source
const KafkaMaxPayload = 20 * 1024 * 1024 // 20 MB max, 1MB is default for most Kafka installations
View Source
const KafkaMinLength = 14

Variables

View Source
var ActiveNamespaces = make(map[uint32]uint32)
View Source
var IntegrityModeOverride = false
View Source
var MisclassifiedEvents = make(chan MisclassifiedEvent)

Functions

func ForwardRingbuf

func ForwardRingbuf(
	cfg *TracerConfig,
	ringbuffer *ebpf.Map,
	filter ServiceFilter,
	reader func(*ringbuf.Record, ServiceFilter) (request.Span, bool, error),
	logger *slog.Logger,
	metrics imetrics.Reporter,
	closers ...io.Closer,
) func(context.Context, chan<- []request.Span)

func GoKafkaSaramaToSpan added in v1.7.0

func GoKafkaSaramaToSpan(event *GoSaramaClientInfo, data *KafkaInfo) request.Span

func HTTPInfoEventToSpan added in v1.6.0

func HTTPInfoEventToSpan(event BPFHTTPInfo) (request.Span, bool, error)

func HTTPRequestTraceToSpan added in v0.0.5

func HTTPRequestTraceToSpan(trace *HTTPRequestTrace) request.Span

func KernelVersion added in v1.2.0

func KernelVersion() (major, minor int)

Copied from https://github.com/golang/go/blob/go1.21.3/src/internal/syscall/unix/kernel_version_linux.go

func ReadBPFTraceAsSpan added in v1.7.0

func ReadBPFTraceAsSpan(record *ringbuf.Record, filter ServiceFilter) (request.Span, bool, error)

func ReadGoKafkaGoRequestIntoSpan added in v1.7.0

func ReadGoKafkaGoRequestIntoSpan(record *ringbuf.Record) (request.Span, bool, error)

func ReadGoRedisRequestIntoSpan added in v1.7.0

func ReadGoRedisRequestIntoSpan(record *ringbuf.Record) (request.Span, bool, error)

func ReadGoSaramaRequestIntoSpan added in v1.7.0

func ReadGoSaramaRequestIntoSpan(record *ringbuf.Record) (request.Span, bool, error)

func ReadHTTP2InfoIntoSpan added in v1.4.0

func ReadHTTP2InfoIntoSpan(record *ringbuf.Record, filter ServiceFilter) (request.Span, bool, error)

func ReadHTTPInfoIntoSpan added in v1.3.0

func ReadHTTPInfoIntoSpan(record *ringbuf.Record, filter ServiceFilter) (request.Span, bool, error)

func ReadSQLRequestTraceAsSpan added in v1.0.0

func ReadSQLRequestTraceAsSpan(record *ringbuf.Record) (request.Span, bool, error)

func ReadTCPRequestIntoSpan added in v1.6.0

func ReadTCPRequestIntoSpan(record *ringbuf.Record, filter ServiceFilter) (request.Span, bool, error)

nolint:cyclop

func SQLRequestTraceToSpan added in v1.0.0

func SQLRequestTraceToSpan(trace *SQLRequestTrace) request.Span

func SharedRingbuf added in v1.3.0

func SharedRingbuf(
	cfg *TracerConfig,
	filter ServiceFilter,
	ringbuffer *ebpf.Map,
	metrics imetrics.Reporter,
) func(context.Context, []io.Closer, chan<- []request.Span)

ForwardRingbuf returns a function reads HTTPRequestTraces from an input ring buffer, accumulates them into an internal buffer, and forwards them to an output events channel, previously converted to request.Span instances.

func SupportsContextPropagation added in v1.2.0

func SupportsContextPropagation(log *slog.Logger) bool

func SupportsEBPFLoops added in v1.2.0

func SupportsEBPFLoops() bool

func TCPToKafkaToSpan added in v1.7.0

func TCPToKafkaToSpan(trace *TCPRequestInfo, data *KafkaInfo) request.Span

func TCPToRedisToSpan added in v1.7.0

func TCPToRedisToSpan(trace *TCPRequestInfo, op, text string, status int) request.Span

func TCPToSQLToSpan added in v1.6.0

func TCPToSQLToSpan(trace *TCPRequestInfo, op, table, sql string) request.Span

Types

type BPFConnInfo added in v1.3.0

type BPFConnInfo bpfConnectionInfoT

type BPFHTTP2Info added in v1.4.0

type BPFHTTP2Info bpfHttp2GrpcRequestT

type BPFHTTPInfo added in v1.3.0

type BPFHTTPInfo bpfHttpInfoT

type Filter

type Filter struct {
	io.Closer
	Fd int
}

func (*Filter) Close

func (f *Filter) Close() error

type FunctionPrograms

type FunctionPrograms struct {
	// Required, if true, will cancel the execution of the eBPF Tracer
	// if the function has not been found in the executable
	Required bool
	Start    *ebpf.Program
	End      *ebpf.Program
}

type GoKafkaGoClientInfo added in v1.7.0

type GoKafkaGoClientInfo bpfKafkaGoReqT

type GoRedisClientInfo added in v1.7.0

type GoRedisClientInfo bpfRedisClientReqT

type GoSaramaClientInfo added in v1.7.0

type GoSaramaClientInfo bpfKafkaClientReqT

type HTTPInfo added in v1.3.0

type HTTPInfo struct {
	BPFHTTPInfo
	Method  string
	URL     string
	Host    string
	Peer    string
	Service svc.ID
}

type HTTPRequestTrace

type HTTPRequestTrace bpfHttpRequestTrace

HTTPRequestTrace contains information from an HTTP request as directly received from the eBPF layer. This contains low-level C structures for accurate binary read from ring buffer.

type Header struct {
	MessageSize   int32
	APIKey        int16
	APIVersion    int16
	CorrelationID int32
	ClientIDSize  int16
}

type IdentityPidsFilter added in v0.3.2

type IdentityPidsFilter struct{}

IdentityPidsFilter is a PIDsFilter that does not filter anything. It is feasible for system-wide instrumenation

func (*IdentityPidsFilter) AllowPID added in v0.3.2

func (pf *IdentityPidsFilter) AllowPID(_ uint32, _ uint32, _ svc.ID, _ PIDType)

func (*IdentityPidsFilter) BlockPID added in v0.3.2

func (pf *IdentityPidsFilter) BlockPID(_ uint32, _ uint32)

func (*IdentityPidsFilter) CurrentPIDs added in v0.3.2

func (pf *IdentityPidsFilter) CurrentPIDs(_ PIDType) map[uint32]map[uint32]svc.ID

func (*IdentityPidsFilter) Filter added in v0.3.2

func (pf *IdentityPidsFilter) Filter(inputSpans []request.Span) []request.Span

func (*IdentityPidsFilter) ValidPID added in v1.7.0

func (pf *IdentityPidsFilter) ValidPID(_ uint32, _ uint32, _ PIDType) bool

type KafkaInfo added in v1.7.0

type KafkaInfo struct {
	Operation   Operation
	Topic       string
	ClientID    string
	TopicOffset int
}

func ProcessKafkaRequest added in v1.7.0

func ProcessKafkaRequest(pkt []byte) (*KafkaInfo, error)

https://kafka.apache.org/protocol.html

func ProcessPossibleKafkaEvent added in v1.7.0

func ProcessPossibleKafkaEvent(event *TCPRequestInfo, pkt []byte, rpkt []byte) (*KafkaInfo, error)

ProcessKafkaRequest processes a TCP packet and returns error if the packet is not a valid Kafka request. Otherwise, return kafka.Info with the processed data.

type KernelLockdown added in v1.1.0

type KernelLockdown uint8
const (
	KernelLockdownNone KernelLockdown = iota + 1
	KernelLockdownIntegrity
	KernelLockdownConfidentiality
	KernelLockdownOther
)

func KernelLockdownMode added in v1.1.0

func KernelLockdownMode() KernelLockdown

type MisclassifiedEvent added in v1.7.0

type MisclassifiedEvent struct {
	EventType int
	TCPInfo   *TCPRequestInfo
}

type Operation added in v1.7.0

type Operation int8
const (
	Produce Operation = 0
	Fetch   Operation = 1
)

func (Operation) String added in v1.7.0

func (k Operation) String() string

type PIDInfo added in v1.3.0

type PIDInfo struct {
	// contains filtered or unexported fields
}

type PIDType added in v1.3.0

type PIDType uint8
const (
	PIDTypeKProbes PIDType = iota + 1
	PIDTypeGo
)

type PIDsFilter added in v0.3.2

type PIDsFilter struct {
	// contains filtered or unexported fields
}

PIDsFilter keeps a thread-safe copy of the PIDs whose traces are allowed to be forwarded. Its Filter method filters the request.Span instances whose PIDs are not in the allowed list.

func NewPIDsFilter added in v0.3.2

func NewPIDsFilter(log *slog.Logger) *PIDsFilter

func (*PIDsFilter) AllowPID added in v0.3.2

func (pf *PIDsFilter) AllowPID(pid, ns uint32, svc svc.ID, pidType PIDType)

func (*PIDsFilter) BlockPID added in v0.3.2

func (pf *PIDsFilter) BlockPID(pid, ns uint32)

func (*PIDsFilter) CurrentPIDs added in v0.3.2

func (pf *PIDsFilter) CurrentPIDs(t PIDType) map[uint32]map[uint32]svc.ID

func (*PIDsFilter) Filter added in v0.3.2

func (pf *PIDsFilter) Filter(inputSpans []request.Span) []request.Span

func (*PIDsFilter) ValidPID added in v1.7.0

func (pf *PIDsFilter) ValidPID(userPID, ns uint32, pidType PIDType) bool

type Probe

type Probe struct {
	Offsets  goexec.FuncOffsets
	Programs FunctionPrograms
}

Probe holds the information of the instrumentation points of a given function: its start and end offsets and eBPF programs

type Protocol added in v1.4.0

type Protocol uint8
const (
	HTTP2 Protocol = iota + 1
	GRPC
)

The following consts need to coincide with some C identifiers: EVENT_HTTP_REQUEST, EVENT_GRPC_REQUEST, EVENT_HTTP_CLIENT, EVENT_GRPC_CLIENT, EVENT_SQL_CLIENT

type SQLRequestTrace added in v1.0.0

type SQLRequestTrace bpfSqlRequestTrace

type ServiceFilter added in v1.3.0

type ServiceFilter interface {
	AllowPID(uint32, uint32, svc.ID, PIDType)
	BlockPID(uint32, uint32)
	ValidPID(uint32, uint32, PIDType) bool
	Filter(inputSpans []request.Span) []request.Span
	CurrentPIDs(PIDType) map[uint32]map[uint32]svc.ID
}

func CommonPIDsFilter added in v1.1.0

func CommonPIDsFilter(systemWide bool) ServiceFilter

type TCPRequestInfo added in v1.6.0

type TCPRequestInfo bpfTcpReqT

type TracerConfig

type TracerConfig struct {
	BpfDebug bool `yaml:"bpf_debug" env:"BEYLA_BPF_DEBUG"`

	// WakeupLen specifies how many messages need to be accumulated in the eBPF ringbuffer
	// before sending a wakeup request.
	// High values of WakeupLen could add a noticeable metric delay in services with low
	// requests/second.
	// TODO: see if there is a way to force eBPF to wakeup userspace on timeout
	WakeupLen int `yaml:"wakeup_len" env:"BEYLA_BPF_WAKEUP_LEN"`
	// BatchLength allows specifying how many traces will be batched at the initial
	// stage before being forwarded to the next stage
	BatchLength int `yaml:"batch_length" env:"BEYLA_BPF_BATCH_LENGTH"`
	// BatchTimeout specifies the timeout to forward the data batch if it didn't
	// reach the BatchLength size
	BatchTimeout time.Duration `yaml:"batch_timeout" env:"BEYLA_BPF_BATCH_TIMEOUT"`

	// BpfBaseDir specifies the base directory where the BPF pinned maps will be mounted.
	// By default, it will be /var/run/beyla
	BpfBaseDir string `yaml:"bpf_fs_base_dir" env:"BEYLA_BPF_FS_BASE_DIR"`

	// BpfPath specifies the path in the base directory where the BPF pinned maps will be mounted.
	// By default, it will be beyla-<pid>.
	BpfPath string `yaml:"bpf_fs_path" env:"BEYLA_BPF_FS_PATH"`

	// If enabled, the kprobes based HTTP request tracking will start tracking the request
	// headers to process any 'Traceparent' fields.
	TrackRequestHeaders bool `yaml:"track_request_headers" env:"BEYLA_BPF_TRACK_REQUEST_HEADERS"`

	HTTPRequestTimeout time.Duration `yaml:"http_request_timeout" env:"BEYLA_BPF_HTTP_REQUEST_TIMEOUT"`
}

TracerConfig configuration for eBPF programs

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL