Documentation ¶
Index ¶
- Constants
- Variables
- func ForwardRingbuf(cfg *TracerConfig, ringbuffer *ebpf.Map, filter ServiceFilter, ...) func(context.Context, chan<- []request.Span)
- func GoKafkaSaramaToSpan(event *GoSaramaClientInfo, data *KafkaInfo) request.Span
- func HTTPInfoEventToSpan(event BPFHTTPInfo) (request.Span, bool, error)
- func HTTPRequestTraceToSpan(trace *HTTPRequestTrace) request.Span
- func KernelVersion() (major, minor int)
- func ReadBPFTraceAsSpan(record *ringbuf.Record, filter ServiceFilter) (request.Span, bool, error)
- func ReadGoKafkaGoRequestIntoSpan(record *ringbuf.Record) (request.Span, bool, error)
- func ReadGoRedisRequestIntoSpan(record *ringbuf.Record) (request.Span, bool, error)
- func ReadGoSaramaRequestIntoSpan(record *ringbuf.Record) (request.Span, bool, error)
- func ReadHTTP2InfoIntoSpan(record *ringbuf.Record, filter ServiceFilter) (request.Span, bool, error)
- func ReadHTTPInfoIntoSpan(record *ringbuf.Record, filter ServiceFilter) (request.Span, bool, error)
- func ReadSQLRequestTraceAsSpan(record *ringbuf.Record) (request.Span, bool, error)
- func ReadTCPRequestIntoSpan(record *ringbuf.Record, filter ServiceFilter) (request.Span, bool, error)
- func SQLRequestTraceToSpan(trace *SQLRequestTrace) request.Span
- func SharedRingbuf(cfg *TracerConfig, filter ServiceFilter, ringbuffer *ebpf.Map, ...) func(context.Context, []io.Closer, chan<- []request.Span)
- func SupportsContextPropagation(log *slog.Logger) bool
- func SupportsEBPFLoops() bool
- func TCPToKafkaToSpan(trace *TCPRequestInfo, data *KafkaInfo) request.Span
- func TCPToRedisToSpan(trace *TCPRequestInfo, op, text string, status int) request.Span
- func TCPToSQLToSpan(trace *TCPRequestInfo, op, table, sql string) request.Span
- type BPFConnInfo
- type BPFHTTP2Info
- type BPFHTTPInfo
- type Filter
- type FunctionPrograms
- type GoKafkaGoClientInfo
- type GoRedisClientInfo
- type GoSaramaClientInfo
- type HTTPInfo
- type HTTPRequestTrace
- type Header
- type IdentityPidsFilter
- func (pf *IdentityPidsFilter) AllowPID(_ uint32, _ uint32, _ svc.ID, _ PIDType)
- func (pf *IdentityPidsFilter) BlockPID(_ uint32, _ uint32)
- func (pf *IdentityPidsFilter) CurrentPIDs(_ PIDType) map[uint32]map[uint32]svc.ID
- func (pf *IdentityPidsFilter) Filter(inputSpans []request.Span) []request.Span
- func (pf *IdentityPidsFilter) ValidPID(_ uint32, _ uint32, _ PIDType) bool
- type KafkaInfo
- type KernelLockdown
- type MisclassifiedEvent
- type Operation
- type PIDInfo
- type PIDType
- type PIDsFilter
- func (pf *PIDsFilter) AllowPID(pid, ns uint32, svc svc.ID, pidType PIDType)
- func (pf *PIDsFilter) BlockPID(pid, ns uint32)
- func (pf *PIDsFilter) CurrentPIDs(t PIDType) map[uint32]map[uint32]svc.ID
- func (pf *PIDsFilter) Filter(inputSpans []request.Span) []request.Span
- func (pf *PIDsFilter) ValidPID(userPID, ns uint32, pidType PIDType) bool
- type Probe
- type Protocol
- type SQLRequestTrace
- type ServiceFilter
- type TCPRequestInfo
- type TracerConfig
Constants ¶
const ( FrameData http2FrameType = 0x0 FrameHeaders http2FrameType = 0x1 FramePriority http2FrameType = 0x2 FrameRSTStream http2FrameType = 0x3 FrameSettings http2FrameType = 0x4 FramePushPromise http2FrameType = 0x5 FramePing http2FrameType = 0x6 FrameGoAway http2FrameType = 0x7 FrameWindowUpdate http2FrameType = 0x8 FrameContinuation http2FrameType = 0x9 )
const EventTypeGoKafkaGo = 11 // Kafka-Go client from Segment-io
const EventTypeGoRedis = 10 // Redis client for Go
const EventTypeGoSarama = 9 // Kafka client for Go (Shopify/IBM Sarama)
const EventTypeKHTTP = 6 // HTTP Events generated by kprobes
const EventTypeKHTTP2 = 7 // HTTP2/gRPC Events generated by kprobes
const EventTypeSQL = 5 // EVENT_SQL_CLIENT
const EventTypeTCP = 8 // Unknown TCP protocol to be classified by user space
const KafkaMaxPayload = 20 * 1024 * 1024 // 20 MB max, 1MB is default for most Kafka installations
const KafkaMinLength = 14
Variables ¶
var ActiveNamespaces = make(map[uint32]uint32)
var IntegrityModeOverride = false
var MisclassifiedEvents = make(chan MisclassifiedEvent)
Functions ¶
func ForwardRingbuf ¶
func GoKafkaSaramaToSpan ¶ added in v1.7.0
func GoKafkaSaramaToSpan(event *GoSaramaClientInfo, data *KafkaInfo) request.Span
func HTTPInfoEventToSpan ¶ added in v1.6.0
func HTTPInfoEventToSpan(event BPFHTTPInfo) (request.Span, bool, error)
func HTTPRequestTraceToSpan ¶ added in v0.0.5
func HTTPRequestTraceToSpan(trace *HTTPRequestTrace) request.Span
func KernelVersion ¶ added in v1.2.0
func KernelVersion() (major, minor int)
Copied from https://github.com/golang/go/blob/go1.21.3/src/internal/syscall/unix/kernel_version_linux.go
func ReadBPFTraceAsSpan ¶ added in v1.7.0
func ReadGoKafkaGoRequestIntoSpan ¶ added in v1.7.0
func ReadGoRedisRequestIntoSpan ¶ added in v1.7.0
func ReadGoSaramaRequestIntoSpan ¶ added in v1.7.0
func ReadHTTP2InfoIntoSpan ¶ added in v1.4.0
func ReadHTTPInfoIntoSpan ¶ added in v1.3.0
func ReadSQLRequestTraceAsSpan ¶ added in v1.0.0
func ReadTCPRequestIntoSpan ¶ added in v1.6.0
func ReadTCPRequestIntoSpan(record *ringbuf.Record, filter ServiceFilter) (request.Span, bool, error)
nolint:cyclop
func SQLRequestTraceToSpan ¶ added in v1.0.0
func SQLRequestTraceToSpan(trace *SQLRequestTrace) request.Span
func SharedRingbuf ¶ added in v1.3.0
func SharedRingbuf( cfg *TracerConfig, filter ServiceFilter, ringbuffer *ebpf.Map, metrics imetrics.Reporter, ) func(context.Context, []io.Closer, chan<- []request.Span)
ForwardRingbuf returns a function reads HTTPRequestTraces from an input ring buffer, accumulates them into an internal buffer, and forwards them to an output events channel, previously converted to request.Span instances.
func SupportsContextPropagation ¶ added in v1.2.0
func SupportsEBPFLoops ¶ added in v1.2.0
func SupportsEBPFLoops() bool
func TCPToKafkaToSpan ¶ added in v1.7.0
func TCPToKafkaToSpan(trace *TCPRequestInfo, data *KafkaInfo) request.Span
func TCPToRedisToSpan ¶ added in v1.7.0
func TCPToRedisToSpan(trace *TCPRequestInfo, op, text string, status int) request.Span
func TCPToSQLToSpan ¶ added in v1.6.0
func TCPToSQLToSpan(trace *TCPRequestInfo, op, table, sql string) request.Span
Types ¶
type BPFConnInfo ¶ added in v1.3.0
type BPFConnInfo bpfConnectionInfoT
type BPFHTTP2Info ¶ added in v1.4.0
type BPFHTTP2Info bpfHttp2GrpcRequestT
type BPFHTTPInfo ¶ added in v1.3.0
type BPFHTTPInfo bpfHttpInfoT
type FunctionPrograms ¶
type GoKafkaGoClientInfo ¶ added in v1.7.0
type GoKafkaGoClientInfo bpfKafkaGoReqT
type GoRedisClientInfo ¶ added in v1.7.0
type GoRedisClientInfo bpfRedisClientReqT
type GoSaramaClientInfo ¶ added in v1.7.0
type GoSaramaClientInfo bpfKafkaClientReqT
type HTTPRequestTrace ¶
type HTTPRequestTrace bpfHttpRequestTrace
HTTPRequestTrace contains information from an HTTP request as directly received from the eBPF layer. This contains low-level C structures for accurate binary read from ring buffer.
type IdentityPidsFilter ¶ added in v0.3.2
type IdentityPidsFilter struct{}
IdentityPidsFilter is a PIDsFilter that does not filter anything. It is feasible for system-wide instrumenation
func (*IdentityPidsFilter) BlockPID ¶ added in v0.3.2
func (pf *IdentityPidsFilter) BlockPID(_ uint32, _ uint32)
func (*IdentityPidsFilter) CurrentPIDs ¶ added in v0.3.2
type KafkaInfo ¶ added in v1.7.0
func ProcessKafkaRequest ¶ added in v1.7.0
func ProcessPossibleKafkaEvent ¶ added in v1.7.0
func ProcessPossibleKafkaEvent(event *TCPRequestInfo, pkt []byte, rpkt []byte) (*KafkaInfo, error)
ProcessKafkaRequest processes a TCP packet and returns error if the packet is not a valid Kafka request. Otherwise, return kafka.Info with the processed data.
type KernelLockdown ¶ added in v1.1.0
type KernelLockdown uint8
const ( KernelLockdownNone KernelLockdown = iota + 1 KernelLockdownIntegrity KernelLockdownConfidentiality KernelLockdownOther )
func KernelLockdownMode ¶ added in v1.1.0
func KernelLockdownMode() KernelLockdown
type MisclassifiedEvent ¶ added in v1.7.0
type MisclassifiedEvent struct { EventType int TCPInfo *TCPRequestInfo }
type PIDsFilter ¶ added in v0.3.2
type PIDsFilter struct {
// contains filtered or unexported fields
}
PIDsFilter keeps a thread-safe copy of the PIDs whose traces are allowed to be forwarded. Its Filter method filters the request.Span instances whose PIDs are not in the allowed list.
func NewPIDsFilter ¶ added in v0.3.2
func NewPIDsFilter(log *slog.Logger) *PIDsFilter
func (*PIDsFilter) AllowPID ¶ added in v0.3.2
func (pf *PIDsFilter) AllowPID(pid, ns uint32, svc svc.ID, pidType PIDType)
func (*PIDsFilter) BlockPID ¶ added in v0.3.2
func (pf *PIDsFilter) BlockPID(pid, ns uint32)
func (*PIDsFilter) CurrentPIDs ¶ added in v0.3.2
type Probe ¶
type Probe struct { Offsets goexec.FuncOffsets Programs FunctionPrograms }
Probe holds the information of the instrumentation points of a given function: its start and end offsets and eBPF programs
type SQLRequestTrace ¶ added in v1.0.0
type SQLRequestTrace bpfSqlRequestTrace
type ServiceFilter ¶ added in v1.3.0
type ServiceFilter interface { AllowPID(uint32, uint32, svc.ID, PIDType) BlockPID(uint32, uint32) ValidPID(uint32, uint32, PIDType) bool Filter(inputSpans []request.Span) []request.Span CurrentPIDs(PIDType) map[uint32]map[uint32]svc.ID }
func CommonPIDsFilter ¶ added in v1.1.0
func CommonPIDsFilter(systemWide bool) ServiceFilter
type TCPRequestInfo ¶ added in v1.6.0
type TCPRequestInfo bpfTcpReqT
type TracerConfig ¶
type TracerConfig struct { BpfDebug bool `yaml:"bpf_debug" env:"BEYLA_BPF_DEBUG"` // WakeupLen specifies how many messages need to be accumulated in the eBPF ringbuffer // before sending a wakeup request. // High values of WakeupLen could add a noticeable metric delay in services with low // requests/second. // TODO: see if there is a way to force eBPF to wakeup userspace on timeout WakeupLen int `yaml:"wakeup_len" env:"BEYLA_BPF_WAKEUP_LEN"` // BatchLength allows specifying how many traces will be batched at the initial // stage before being forwarded to the next stage BatchLength int `yaml:"batch_length" env:"BEYLA_BPF_BATCH_LENGTH"` // BatchTimeout specifies the timeout to forward the data batch if it didn't // reach the BatchLength size BatchTimeout time.Duration `yaml:"batch_timeout" env:"BEYLA_BPF_BATCH_TIMEOUT"` // BpfBaseDir specifies the base directory where the BPF pinned maps will be mounted. // By default, it will be /var/run/beyla BpfBaseDir string `yaml:"bpf_fs_base_dir" env:"BEYLA_BPF_FS_BASE_DIR"` // BpfPath specifies the path in the base directory where the BPF pinned maps will be mounted. // By default, it will be beyla-<pid>. BpfPath string `yaml:"bpf_fs_path" env:"BEYLA_BPF_FS_PATH"` // If enabled, the kprobes based HTTP request tracking will start tracking the request // headers to process any 'Traceparent' fields. TrackRequestHeaders bool `yaml:"track_request_headers" env:"BEYLA_BPF_TRACK_REQUEST_HEADERS"` HTTPRequestTimeout time.Duration `yaml:"http_request_timeout" env:"BEYLA_BPF_HTTP_REQUEST_TIMEOUT"` }
TracerConfig configuration for eBPF programs