diff --git a/bpf/go_common.h b/bpf/go_common.h index 1275c68db..5a98ae665 100644 --- a/bpf/go_common.h +++ b/bpf/go_common.h @@ -143,8 +143,11 @@ static __always_inline void server_trace_parent(void *goroutine_addr, tp_info_t u8 found_info = 0; if (info) { + connection_info_t conn = *info; + // Must sort here, Go connection info retains the original ordering. + sort_connection_info(&conn); bpf_dbg_printk("Looking up traceparent for connection info"); - tp_info_pid_t *tp_p = trace_info_for_connection(info); + tp_info_pid_t *tp_p = trace_info_for_connection(&conn); if (tp_p) { if (correlated_request_with_current(tp_p)) { bpf_dbg_printk("Found traceparent from trace map, another process."); @@ -242,8 +245,12 @@ static __always_inline void get_conn_info_from_fd(void *fd_ptr, connection_info_ // read remote read_ip_and_port(info->d_addr, &info->d_port, raddr_ptr); - sort_connection_info(info); //dbg_print_http_connection_info(info); + + // IMPORTANT: Unlike kprobes, where we track the sorted connection info + // in Go we keep the original connection info order, since we only need it + // sorted when we make server requests or when we populate the trace_map for + // black box context propagation. } } } diff --git a/bpf/go_grpc.c b/bpf/go_grpc.c index 4edbd7971..ce2ea3e74 100644 --- a/bpf/go_grpc.c +++ b/bpf/go_grpc.c @@ -198,6 +198,8 @@ int uprobe_server_handleStream_return(struct pt_regs *ctx) { __builtin_memset(&trace->conn, 0, sizeof(connection_info_t)); } + // Server connections have port order reversed from what we want + swap_connection_info_order(&trace->conn); trace->tp = invocation->tp; trace->end_monotime_ns = bpf_ktime_get_ns(); // submit the completed trace via ringbuffer @@ -480,7 +482,7 @@ int uprobe_grpcFramerWriteHeaders(struct pt_regs *ctx) { void *framer = GO_PARAM1(ctx); u64 stream_id = (u64)GO_PARAM2(ctx); - bpf_printk("framer=%llx, stream_id=%lld, framer_w_pos %llx", framer, ((u64)stream_id), framer_w_pos); + bpf_dbg_printk("framer=%llx, stream_id=%lld, framer_w_pos %llx", framer, ((u64)stream_id), framer_w_pos); u32 stream_lookup = (u32)stream_id; diff --git a/bpf/go_nethttp.c b/bpf/go_nethttp.c index aeb889591..fb6524c55 100644 --- a/bpf/go_nethttp.c +++ b/bpf/go_nethttp.c @@ -277,6 +277,8 @@ int uprobe_ServeHTTPReturns(struct pt_regs *ctx) { } } + // Server connections have opposite order, source port is the server port + swap_connection_info_order(&trace->conn); trace->tp = invocation->tp; trace->content_length = invocation->content_length; __builtin_memcpy(trace->method, invocation->method, sizeof(trace->method)); @@ -607,7 +609,7 @@ int uprobe_http2FramerWriteHeaders(struct pt_regs *ctx) { void *framer = GO_PARAM1(ctx); u64 stream_id = (u64)GO_PARAM2(ctx); - bpf_printk("framer=%llx, stream_id=%lld", framer, ((u64)stream_id)); + bpf_dbg_printk("framer=%llx, stream_id=%lld", framer, ((u64)stream_id)); u32 stream_lookup = (u32)stream_id; @@ -822,8 +824,12 @@ int uprobe_persistConnRoundTrip(struct pt_regs *ctx) { tp_clone(&tp_p.tp, &invocation->tp); tp_p.tp.ts = bpf_ktime_get_ns(); bpf_dbg_printk("storing trace_map info for black-box tracing"); - bpf_map_update_elem(&trace_map, &conn, &tp_p, BPF_ANY); bpf_map_update_elem(&ongoing_client_connections, &goroutine_addr, &conn, BPF_ANY); + + // Must sort the connection info, this map is shared with kprobes which use sorted connection + // info always. + sort_connection_info(&conn); + bpf_map_update_elem(&trace_map, &conn, &tp_p, BPF_ANY); } } } diff --git a/bpf/http_sock.c b/bpf/http_sock.c index e17205125..f897c7700 100644 --- a/bpf/http_sock.c +++ b/bpf/http_sock.c @@ -106,18 +106,30 @@ int BPF_KPROBE(kprobe_tcp_rcv_established, struct sock *sk, struct sk_buff *skb) return 0; } + bpf_dbg_printk("=== tcp_rcv_established id=%d ===", id); + pid_connection_info_t info = {}; if (parse_sock_info(sk, &info.conn)) { + //u16 orig_dport = info.conn.d_port; + //dbg_print_http_connection_info(&info.conn); sort_connection_info(&info.conn); info.pid = pid_from_pid_tgid(id); - //dbg_print_http_connection_info(&info.conn); http_connection_metadata_t meta = {}; task_pid(&meta.pid); meta.type = EVENT_HTTP_REQUEST; bpf_map_update_elem(&filtered_connections, &info, &meta, BPF_NOEXIST); // On purpose BPF_NOEXIST, we don't want to overwrite data by accept or connect - bpf_map_update_elem(&pid_tid_to_conn, &id, &info, BPF_ANY); // to support SSL on missing handshake + + // This is a current limitation for port ordering detection for SSL. + // tcp_rcv_established flip flops the ports and we can't tell if it's client or server call. + // If the source port for a client call is lower, we'll get this wrong. + // TODO: Need to fix this. + ssl_pid_connection_info_t pid_info = { + .conn = info, + .orig_dport = info.conn.s_port, + }; + bpf_map_update_elem(&pid_tid_to_conn, &id, &pid_info, BPF_ANY); // to support SSL on missing handshake, respect the original info if there } return 0; @@ -157,15 +169,20 @@ int BPF_KRETPROBE(kretprobe_sys_accept4, uint fd) pid_connection_info_t info = {}; if (parse_accept_socket_info(args, &info.conn)) { - sort_connection_info(&info.conn); + u16 orig_dport = info.conn.d_port; //dbg_print_http_connection_info(&info.conn); + sort_connection_info(&info.conn); info.pid = pid_from_pid_tgid(id); http_connection_metadata_t meta = {}; task_pid(&meta.pid); meta.type = EVENT_HTTP_REQUEST; bpf_map_update_elem(&filtered_connections, &info, &meta, BPF_ANY); // On purpose BPF_ANY, we want to overwrite stale - bpf_map_update_elem(&pid_tid_to_conn, &id, &info, BPF_ANY); // to support SSL on missing handshake + ssl_pid_connection_info_t pid_info = { + .conn = info, + .orig_dport = orig_dport, + }; + bpf_map_update_elem(&pid_tid_to_conn, &id, &pid_info, BPF_ANY); // to support SSL on missing handshake } cleanup: @@ -225,15 +242,20 @@ int BPF_KRETPROBE(kretprobe_sys_connect, int fd) if (parse_connect_sock_info(args, &info.conn)) { bpf_dbg_printk("=== connect ret id=%d, pid=%d ===", id, pid_from_pid_tgid(id)); - sort_connection_info(&info.conn); + u16 orig_dport = info.conn.d_port; //dbg_print_http_connection_info(&info.conn); + sort_connection_info(&info.conn); info.pid = pid_from_pid_tgid(id); http_connection_metadata_t meta = {}; task_pid(&meta.pid); meta.type = EVENT_HTTP_CLIENT; bpf_map_update_elem(&filtered_connections, &info, &meta, BPF_ANY); // On purpose BPF_ANY, we want to overwrite stale - bpf_map_update_elem(&pid_tid_to_conn, &id, &info, BPF_ANY); // to support SSL + ssl_pid_connection_info_t pid_info = { + .conn = info, + .orig_dport = orig_dport, + }; + bpf_map_update_elem(&pid_tid_to_conn, &id, &pid_info, BPF_ANY); // to support SSL } cleanup: @@ -243,6 +265,29 @@ int BPF_KRETPROBE(kretprobe_sys_connect, int fd) // Main HTTP read and write operations are handled with tcp_sendmsg and tcp_recvmsg +static __always_inline void *is_ssl_connection(u64 id, pid_connection_info_t *conn) { + void *ssl = 0; + // Checks if it's sandwitched between active SSL handshake, read or write uprobe/uretprobe + void **s = bpf_map_lookup_elem(&active_ssl_handshakes, &id); + if (s) { + ssl = *s; + } else { + ssl_args_t *ssl_args = bpf_map_lookup_elem(&active_ssl_read_args, &id); + if (!ssl_args) { + ssl_args = bpf_map_lookup_elem(&active_ssl_write_args, &id); + } + if (ssl_args) { + ssl = (void *)ssl_args->ssl; + } + } + + if (ssl) { + return ssl; + } + + return bpf_map_lookup_elem(&active_ssl_connections, conn); +} + // The size argument here will be always the total response size. // However, the return value of tcp_sendmsg tells us how much it sent. When the // response is large it will get chunked, so we have to use a kretprobe to @@ -265,50 +310,46 @@ int BPF_KPROBE(kprobe_tcp_sendmsg, struct sock *sk, struct msghdr *msg, size_t s }; if (parse_sock_info(sk, &s_args.p_conn.conn)) { - //dbg_print_http_connection_info(&info.conn); // commented out since GitHub CI doesn't like this call + u16 orig_dport = s_args.p_conn.conn.d_port; + //dbg_print_http_connection_info(&s_args.p_conn.conn); // commented out since GitHub CI doesn't like this call sort_connection_info(&s_args.p_conn.conn); s_args.p_conn.pid = pid_from_pid_tgid(id); + void *ssl = is_ssl_connection(id, &s_args.p_conn); if (size > 0) { - void *iovec_ptr = find_msghdr_buf(msg); - if (iovec_ptr) { - u64 sock_p = (u64)sk; - bpf_map_update_elem(&active_send_args, &id, &s_args, BPF_ANY); - bpf_map_update_elem(&active_send_sock_args, &sock_p, &s_args, BPF_ANY); - handle_buf_with_connection(&s_args.p_conn, iovec_ptr, size, NO_SSL, TCP_SEND); - // if (size < KPROBES_LARGE_RESPONSE_LEN) { - // bpf_dbg_printk("Maybe we need to finish the request"); - // finish_possible_delayed_http_request(&s_args.p_conn); - // } + if (!ssl) { + void *iovec_ptr = find_msghdr_buf(msg); + if (iovec_ptr) { + u64 sock_p = (u64)sk; + bpf_map_update_elem(&active_send_args, &id, &s_args, BPF_ANY); + bpf_map_update_elem(&active_send_sock_args, &sock_p, &s_args, BPF_ANY); + handle_buf_with_connection(&s_args.p_conn, iovec_ptr, size, NO_SSL, TCP_SEND, orig_dport); + // if (size < KPROBES_LARGE_RESPONSE_LEN) { + // bpf_dbg_printk("Maybe we need to finish the request"); + // finish_possible_delayed_http_request(&s_args.p_conn); + // } + } else { + bpf_dbg_printk("can't find iovec ptr in msghdr, not tracking sendmsg"); + } } else { - bpf_dbg_printk("can't find iovec ptr in msghdr, not tracking sendmsg"); - } - } - - void *ssl = 0; - // Checks if it's sandwitched between active SSL handshake, read or write uprobe/uretprobe - void **s = bpf_map_lookup_elem(&active_ssl_handshakes, &id); - if (s) { - ssl = *s; - } else { - ssl_args_t *ssl_args = bpf_map_lookup_elem(&active_ssl_read_args, &id); - if (!ssl_args) { - ssl_args = bpf_map_lookup_elem(&active_ssl_write_args, &id); - } - if (ssl_args) { - ssl = (void *)ssl_args->ssl; + bpf_dbg_printk("tcp_sendmsg for identified SSL connection, ignoring..."); } } if (!ssl) { return 0; } + bpf_dbg_printk("=== kprobe SSL tcp_sendmsg=%d sock=%llx ssl=%llx ===", id, sk, ssl); - pid_connection_info_t *conn = bpf_map_lookup_elem(&ssl_to_conn, &ssl); + ssl_pid_connection_info_t *conn = bpf_map_lookup_elem(&ssl_to_conn, &ssl); if (conn) { - finish_possible_delayed_http_request(conn); + finish_possible_delayed_tls_http_request(&conn->conn, ssl); } - bpf_map_update_elem(&ssl_to_conn, &ssl, &s_args.p_conn, BPF_ANY); + ssl_pid_connection_info_t ssl_conn = { + .conn = s_args.p_conn, + .orig_dport = orig_dport, + }; + bpf_map_update_elem(&ssl_to_conn, &ssl, &ssl_conn, BPF_ANY); } return 0; @@ -367,7 +408,6 @@ int BPF_KPROBE(kprobe_tcp_close, struct sock *sk, long timeout) { ensure_sent_event(id, &sock_p); - pid_connection_info_t info = {}; if (parse_sock_info(sk, &info.conn)) { @@ -435,10 +475,18 @@ int BPF_KRETPROBE(kretprobe_tcp_recvmsg, int copied_len) { pid_connection_info_t info = {}; if (parse_sock_info((struct sock *)args->sock_ptr, &info.conn)) { - sort_connection_info(&info.conn); + u16 orig_dport = info.conn.d_port; //dbg_print_http_connection_info(&info.conn); + sort_connection_info(&info.conn); info.pid = pid_from_pid_tgid(id); - handle_buf_with_connection(&info, (void *)args->iovec_ptr, copied_len, NO_SSL, TCP_RECV); + + void *ssl = is_ssl_connection(id, &info); + + if (!ssl) { + handle_buf_with_connection(&info, (void *)args->iovec_ptr, copied_len, NO_SSL, TCP_RECV, orig_dport); + } else { + bpf_dbg_printk("tcp_recvmsg for an identified SSL connection, ignoring..."); + } } done: @@ -466,9 +514,6 @@ int socket__http_filter(struct __sk_buff *skb) { if (!tcp_close(&tcp) && tcp_empty(&tcp, skb)) { return 0; } - - // sorting must happen here, before we check or set dups - sort_connection_info(&conn); // we don't want to read the whole buffer for every packed that passes our checks, we read only a bit and check if it's truly HTTP request/response. unsigned char buf[MIN_HTTP_SIZE] = {0}; @@ -480,7 +525,10 @@ int socket__http_filter(struct __sk_buff *skb) { } u8 packet_type = 0; - if (is_http(buf, len, &packet_type)) { // we must check tcp_close second, a packet can be a close and a response + if (is_http(buf, len, &packet_type)) { // we must check tcp_close second, a packet can be a close and a response + //dbg_print_http_connection_info(&conn); // commented out since GitHub CI doesn't like this call + sort_connection_info(&conn); + http_info_t info = {0}; info.conn_info = conn; @@ -581,6 +629,7 @@ int BPF_KPROBE(kprobe_sys_exit, int status) { if (s_args) { bpf_dbg_printk("Checking if we need to finish the request per thread id"); finish_possible_delayed_http_request(&s_args->p_conn); + bpf_map_delete_elem(&active_ssl_connections, &s_args->p_conn); } bpf_map_delete_elem(&clone_map, &task); diff --git a/bpf/http_sock.h b/bpf/http_sock.h index 14ed6d60b..453b27561 100644 --- a/bpf/http_sock.h +++ b/bpf/http_sock.h @@ -71,6 +71,14 @@ struct { __uint(pinning, LIBBPF_PIN_BY_NAME); } ongoing_tcp_req SEC(".maps"); +struct { + __uint(type, BPF_MAP_TYPE_LRU_HASH); + __type(key, pid_connection_info_t); // connection that's SSL + __type(value, u64); // ssl + __uint(max_entries, MAX_CONCURRENT_SHARED_REQUESTS); + __uint(pinning, LIBBPF_PIN_BY_NAME); +} active_ssl_connections SEC(".maps"); + // http_info_t became too big to be declared as a variable in the stack. // We use a percpu array to keep a reusable copy of it struct { @@ -150,15 +158,14 @@ struct _iov_iter { size_t count; }; }; + union { + unsigned long nr_segs; + loff_t xarray_start; + }; }; static __always_inline void *find_msghdr_buf(struct msghdr *msg) { - unsigned int m_flags; - struct iov_iter msg_iter; - - bpf_probe_read_kernel(&m_flags, sizeof(unsigned int), &(msg->msg_flags)); - bpf_probe_read_kernel(&msg_iter, sizeof(struct iov_iter), &(msg->msg_iter)); - + struct iov_iter msg_iter = BPF_CORE_READ(msg, msg_iter); u8 msg_iter_type = 0; if (bpf_core_field_exists(msg_iter.iter_type)) { @@ -166,7 +173,7 @@ static __always_inline void *find_msghdr_buf(struct msghdr *msg) { bpf_dbg_printk("msg iter type exists, read value %d", msg_iter_type); } - bpf_dbg_printk("msg flags %x, iter type %d", m_flags, msg_iter_type); + bpf_dbg_printk("iter type %d", msg_iter_type); struct iovec *iov = NULL; @@ -179,13 +186,12 @@ static __always_inline void *find_msghdr_buf(struct msghdr *msg) { // here assumes the kernel iov_iter structure is the format with __iov and __ubuf_iovec. struct _iov_iter _msg_iter; bpf_probe_read_kernel(&_msg_iter, sizeof(struct _iov_iter), &(msg->msg_iter)); - - bpf_dbg_printk("new kernel, iov doesn't exist"); + bpf_dbg_printk("new kernel, iov doesn't exist, nr_segs %d", _msg_iter.nr_segs); if (msg_iter_type == 5) { struct iovec vec; bpf_probe_read(&vec, sizeof(struct iovec), &(_msg_iter.__ubuf_iovec)); - bpf_dbg_printk("ubuf base %llx", vec.iov_base); + bpf_dbg_printk("ubuf base %llx, &ubuf base %llx", vec.iov_base, &vec.iov_base); return vec.iov_base; } else { @@ -205,7 +211,20 @@ static __always_inline void *find_msghdr_buf(struct msghdr *msg) { struct iovec vec; bpf_probe_read(&vec, sizeof(struct iovec), iov); - bpf_dbg_printk("standard iov %llx base %llx", iov, vec.iov_base); + bpf_dbg_printk("standard iov %llx base %llx len %d", iov, vec.iov_base, vec.iov_len); + + if (!vec.iov_base) { + // We didn't find the base in the first vector, loop couple of times to find the base + for (int i = 1; i < 4; i++) { + void *p = &iov[i]; + bpf_probe_read(&vec, sizeof(struct iovec), p); + bpf_dbg_printk("iov[%d]=%llx base %llx, len %d", i, p, vec.iov_base, vec.iov_len); + if (!vec.iov_base || !vec.iov_len) { + continue; + } + return vec.iov_base; + } + } return vec.iov_base; } @@ -245,8 +264,12 @@ static __always_inline http_connection_metadata_t* empty_connection_meta() { return bpf_map_lookup_elem(&connection_meta_mem, &zero); } -static __always_inline void finish_http(http_info_t *info) { - if (info->start_monotime_ns != 0 && info->status != 0 && info->pid.host_pid != 0) { +static __always_inline u8 http_info_complete(http_info_t *info) { + return (info->start_monotime_ns != 0 && info->status != 0 && info->pid.host_pid != 0); +} + +static __always_inline void finish_http(http_info_t *info, pid_connection_info_t *pid_conn) { + if (http_info_complete(info)) { http_info_t *trace = bpf_ringbuf_reserve(&events, sizeof(http_info_t), 0); if (trace) { bpf_dbg_printk("Sending trace %lx, response length %d", info, info->resp_len); @@ -258,23 +281,17 @@ static __always_inline void finish_http(http_info_t *info) { delete_server_trace(); - u64 pid_tid = bpf_get_current_pid_tgid(); - // bpf_dbg_printk("Terminating trace for pid=%d", pid_from_pid_tgid(pid_tid)); // dbg_print_http_connection_info(&info->conn_info); // commented out since GitHub CI doesn't like this call - pid_connection_info_t pid_conn = { - .conn = info->conn_info, - .pid = pid_from_pid_tgid(pid_tid) - }; - - bpf_map_delete_elem(&ongoing_http, &pid_conn); + bpf_map_delete_elem(&ongoing_http, pid_conn); + bpf_map_delete_elem(&active_ssl_connections, pid_conn); } } static __always_inline void finish_possible_delayed_http_request(pid_connection_info_t *pid_conn) { http_info_t *info = bpf_map_lookup_elem(&ongoing_http, pid_conn); if (info) { - finish_http(info); + finish_http(info, pid_conn); } } @@ -289,7 +306,7 @@ static __always_inline http_info_t *get_or_set_http_info(http_info_t *info, pid_ if (packet_type == PACKET_TYPE_REQUEST) { http_info_t *old_info = bpf_map_lookup_elem(&ongoing_http, pid_conn); if (old_info) { - finish_http(old_info); // this will delete ongoing_http for this connection info if there's full stale request + finish_http(old_info, pid_conn); // this will delete ongoing_http for this connection info if there's full stale request } bpf_map_update_elem(&ongoing_http, pid_conn, info, BPF_ANY); @@ -313,7 +330,21 @@ static __always_inline bool still_reading(http_info_t *info) { return info->status == 0 && info->start_monotime_ns != 0; } -static __always_inline void process_http_request(http_info_t *info, int len, http_connection_metadata_t *meta, int direction) { +// We sort the connection info to ensure we can track requests and responses. However, if the destination port +// is somehow in the ephemeral port range, it can be higher than the source port and we'd use the sorted connection +// info in user space, effectively reversing the flow of the operation. We keep track of the original destination port +// and we undo the swap in the data collections we send to user space. +static __always_inline void fixup_connection_info(connection_info_t *conn_info, u8 client, u16 orig_dport) { + // The destination port is the server port in userspace + if ((client && conn_info->d_port != orig_dport) || + (!client && conn_info->d_port == orig_dport)) { + bpf_dbg_printk("Swapped connection info for userspace, client = %d, orig_dport = %d", client, orig_dport); + swap_connection_info_order(conn_info); + //dbg_print_http_connection_info(conn_info); // commented out since GitHub CI doesn't like this call + } +} + +static __always_inline void process_http_request(http_info_t *info, int len, http_connection_metadata_t *meta, int direction, u16 orig_dport) { // Set pid and type early as best effort in case the request times out or dies. if (meta) { info->pid = meta->pid; @@ -326,6 +357,9 @@ static __always_inline void process_http_request(http_info_t *info, int len, htt } task_pid(&info->pid); } + + fixup_connection_info(&info->conn_info, info->type == EVENT_HTTP_CLIENT, orig_dport); + info->start_monotime_ns = bpf_ktime_get_ns(); info->status = 0; info->len = len; @@ -343,13 +377,8 @@ static __always_inline void process_http_response(http_info_t *info, unsigned ch } } -static __always_inline http_connection_metadata_t *connection_meta(pid_connection_info_t *pid_conn, u8 direction, u8 packet_type) { - http_connection_metadata_t *meta = bpf_map_lookup_elem(&filtered_connections, pid_conn); - if (meta) { - return meta; - } - - meta = empty_connection_meta(); +static __always_inline http_connection_metadata_t *connection_meta_by_direction(pid_connection_info_t *pid_conn, u8 direction, u8 packet_type) { + http_connection_metadata_t *meta = empty_connection_meta(); if (!meta) { return 0; } @@ -373,25 +402,40 @@ static __always_inline http_connection_metadata_t *connection_meta(pid_connectio return meta; } +static __always_inline http_connection_metadata_t *connection_meta(pid_connection_info_t *pid_conn, u8 direction, u8 packet_type) { + http_connection_metadata_t *meta = bpf_map_lookup_elem(&filtered_connections, pid_conn); + if (meta) { + return meta; + } + + return connection_meta_by_direction(pid_conn, direction, packet_type); +} + static __always_inline void handle_http_response(unsigned char *small_buf, pid_connection_info_t *pid_conn, http_info_t *info, int orig_len, u8 direction, u8 ssl) { process_http_response(info, small_buf, orig_len); if ((direction != TCP_SEND) /*|| (ssl != NO_SSL) || (orig_len < KPROBES_LARGE_RESPONSE_LEN)*/) { - finish_http(info); + finish_http(info, pid_conn); } else { if (ssl && (pid_conn->conn.s_port == 0) && (pid_conn->conn.d_port == 0)) { bpf_dbg_printk("Fake connection info, finishing request"); - finish_http(info); + finish_http(info, pid_conn); } else { bpf_dbg_printk("Delaying finish http for large request, orig_len %d", orig_len); } } } -static __always_inline void http2_grpc_start(http2_conn_stream_t *s_key, void *u_buf, int len, u8 direction, u8 ssl) { +static __always_inline void http2_grpc_start(http2_conn_stream_t *s_key, void *u_buf, int len, u8 direction, u8 ssl, u16 orig_dport) { + http2_grpc_request_t *existing = bpf_map_lookup_elem(&ongoing_http2_grpc, s_key); + if (existing) { + bpf_dbg_printk("already found existing grpcstart, ignoring this exchange"); + return; + } http2_grpc_request_t *h2g_info = empty_http2_info(); + bpf_dbg_printk("http2/grpc start direction=%d", direction); if (h2g_info) { - http_connection_metadata_t *meta = connection_meta(&s_key->pid_conn, direction, PACKET_TYPE_REQUEST); + http_connection_metadata_t *meta = connection_meta_by_direction(&s_key->pid_conn, direction, PACKET_TYPE_REQUEST); if (!meta) { bpf_dbg_printk("Can't get meta memory or connection not found"); return; @@ -406,6 +450,7 @@ static __always_inline void http2_grpc_start(http2_conn_stream_t *s_key, void *u h2g_info->pid = meta->pid; h2g_info->type = meta->type; } + fixup_connection_info(&h2g_info->conn_info, h2g_info->type == EVENT_HTTP_CLIENT, orig_dport); bpf_probe_read(h2g_info->data, KPROBES_HTTP2_BUF_SIZE, u_buf); bpf_map_update_elem(&ongoing_http2_grpc, s_key, h2g_info, BPF_ANY); @@ -413,7 +458,7 @@ static __always_inline void http2_grpc_start(http2_conn_stream_t *s_key, void *u } static __always_inline void http2_grpc_end(http2_conn_stream_t *stream, http2_grpc_request_t *prev_info, void *u_buf) { - //bpf_dbg_printk("http2/grpc end prev_info=%llx", prev_info); + bpf_dbg_printk("http2/grpc end prev_info=%llx", prev_info); if (prev_info) { prev_info->end_monotime_ns = bpf_ktime_get_ns(); @@ -428,7 +473,7 @@ static __always_inline void http2_grpc_end(http2_conn_stream_t *stream, http2_gr bpf_map_delete_elem(&ongoing_http2_grpc, stream); } -static __always_inline void process_http2_grpc_frames(pid_connection_info_t *pid_conn, void *u_buf, int bytes_len, u8 direction, u8 ssl) { +static __always_inline void process_http2_grpc_frames(pid_connection_info_t *pid_conn, void *u_buf, int bytes_len, u8 direction, u8 ssl, u16 orig_dport) { int pos = 0; u8 found_start_frame = 0; u8 found_end_frame = 0; @@ -450,7 +495,7 @@ static __always_inline void process_http2_grpc_frames(pid_connection_info_t *pid bpf_probe_read(&frame_buf, FRAME_HEADER_LEN, (void *)((u8 *)u_buf + pos)); read_http2_grpc_frame_header(&frame, frame_buf, FRAME_HEADER_LEN); - //bpf_dbg_printk("http2 frame type = %d, len = %d, stream_id = %d, flags = %d", frame.type, frame.length, frame.stream_id, frame.flags); + bpf_dbg_printk("http2 frame type = %d, len = %d, stream_id = %d, flags = %d", frame.type, frame.length, frame.stream_id, frame.flags); if (is_headers_frame(&frame)) { stream.pid_conn = *pid_conn; @@ -493,7 +538,7 @@ static __always_inline void process_http2_grpc_frames(pid_connection_info_t *pid } if (found_start_frame) { - http2_grpc_start(&stream, (void *)((u8 *)u_buf + pos), bytes_len, direction, ssl); + http2_grpc_start(&stream, (void *)((u8 *)u_buf + pos), bytes_len, direction, ssl, orig_dport); } else { // We only loop 6 times looking for the stream termination. If the data packed is large we'll miss the // frame saying the stream closed. In that case we try this backup path. @@ -508,11 +553,12 @@ static __always_inline void process_http2_grpc_frames(pid_connection_info_t *pid } if (found_end_frame) { http2_grpc_end(&stream, prev_info, (void *)((u8 *)u_buf + saved_buf_pos)); + bpf_map_delete_elem(&active_ssl_connections, pid_conn); } } } -static __always_inline void handle_unknown_tcp_connection(pid_connection_info_t *pid_conn, void *u_buf, int bytes_len, u8 direction, u8 ssl) { +static __always_inline void handle_unknown_tcp_connection(pid_connection_info_t *pid_conn, void *u_buf, int bytes_len, u8 direction, u8 ssl, u16 orig_dport) { // SSL requests will see both TCP traffic and text traffic, ignore the TCP if // we are processing SSL request. HTTP2 is already checked in handle_buf_with_connection. http_info_t *http_info = bpf_map_lookup_elem(&ongoing_http, pid_conn); @@ -526,6 +572,7 @@ static __always_inline void handle_unknown_tcp_connection(pid_connection_info_t if (req) { req->flags = EVENT_TCP_REQUEST; req->conn_info = pid_conn->conn; + fixup_connection_info(&req->conn_info, direction, orig_dport); req->ssl = ssl; req->direction = direction; req->start_monotime_ns = bpf_ktime_get_ns(); @@ -569,7 +616,7 @@ static __always_inline void handle_unknown_tcp_connection(pid_connection_info_t } } -static __always_inline void handle_buf_with_connection(pid_connection_info_t *pid_conn, void *u_buf, int bytes_len, u8 ssl, u8 direction) { +static __always_inline void handle_buf_with_connection(pid_connection_info_t *pid_conn, void *u_buf, int bytes_len, u8 ssl, u8 direction, u16 orig_dport) { unsigned char small_buf[MIN_HTTP2_SIZE] = {0}; // MIN_HTTP2_SIZE > MIN_HTTP_SIZE bpf_probe_read(small_buf, MIN_HTTP2_SIZE, u_buf); @@ -629,7 +676,7 @@ static __always_inline void handle_buf_with_connection(pid_connection_info_t *pi // we copy some small part of the buffer to the info trace event, so that we can process an event even with // incomplete trace info in user space. bpf_probe_read(info->buf, FULL_BUF_SIZE, u_buf); - process_http_request(info, bytes_len, meta, direction); + process_http_request(info, bytes_len, meta, direction, orig_dport); } else if ((packet_type == PACKET_TYPE_RESPONSE) && (info->status == 0)) { handle_http_response(small_buf, pid_conn, info, bytes_len, direction, ssl); } else if (still_reading(info)) { @@ -644,14 +691,14 @@ static __always_inline void handle_buf_with_connection(pid_connection_info_t *pi } else { u8 *h2g = bpf_map_lookup_elem(&ongoing_http2_connections, pid_conn); if (h2g && *h2g == ssl) { - process_http2_grpc_frames(pid_conn, u_buf, bytes_len, direction, ssl); + process_http2_grpc_frames(pid_conn, u_buf, bytes_len, direction, ssl, orig_dport); } else { // large request tracking http_info_t *info = bpf_map_lookup_elem(&ongoing_http, pid_conn); if (info && still_responding(info)) { info->end_monotime_ns = bpf_ktime_get_ns(); } else if (!info) { - handle_unknown_tcp_connection(pid_conn, u_buf, bytes_len, direction, ssl); + handle_unknown_tcp_connection(pid_conn, u_buf, bytes_len, direction, ssl, orig_dport); } } } diff --git a/bpf/http_ssl.c b/bpf/http_ssl.c index 16bacb8b9..9a5952a52 100644 --- a/bpf/http_ssl.c +++ b/bpf/http_ssl.c @@ -56,9 +56,9 @@ int BPF_UPROBE(uprobe_ssl_read, void *ssl, const void *buf, int num) { bpf_dbg_printk("=== uprobe SSL_read id=%d ssl=%llx ===", id, ssl); - pid_connection_info_t *conn = bpf_map_lookup_elem(&ssl_to_conn, &ssl); + ssl_pid_connection_info_t *conn = bpf_map_lookup_elem(&ssl_to_conn, &ssl); if (conn) { - finish_possible_delayed_http_request(conn); + finish_possible_delayed_tls_http_request(&conn->conn, ssl); } ssl_args_t args = {}; @@ -67,7 +67,12 @@ int BPF_UPROBE(uprobe_ssl_read, void *ssl, const void *buf, int num) { args.len_ptr = 0; bpf_map_update_elem(&active_ssl_read_args, &id, &args, BPF_ANY); - bpf_map_update_elem(&ssl_to_pid_tid, &args.ssl, &id, BPF_NOEXIST); // we must not overwrite here, remember the original thread + + ssl_pid_info_t pid_info = { + .id = id, + }; + task_tid(&pid_info.c_tid); + bpf_map_update_elem(&ssl_to_pid_tid, &args.ssl, &pid_info, BPF_NOEXIST); // we must not overwrite here, remember the original thread return 0; } @@ -99,9 +104,9 @@ int BPF_UPROBE(uprobe_ssl_read_ex, void *ssl, const void *buf, int num, size_t * bpf_dbg_printk("=== SSL_read_ex id=%d ===", id); - pid_connection_info_t *conn = bpf_map_lookup_elem(&ssl_to_conn, &ssl); + ssl_pid_connection_info_t *conn = bpf_map_lookup_elem(&ssl_to_conn, &ssl); if (conn) { - finish_possible_delayed_http_request(conn); + finish_possible_delayed_tls_http_request(&conn->conn, ssl); } ssl_args_t args = {}; @@ -110,8 +115,13 @@ int BPF_UPROBE(uprobe_ssl_read_ex, void *ssl, const void *buf, int num, size_t * args.len_ptr = (u64)readbytes; bpf_map_update_elem(&active_ssl_read_args, &id, &args, BPF_ANY); - bpf_map_update_elem(&ssl_to_pid_tid, &args.ssl, &id, BPF_NOEXIST); // we must not overwrite here, remember the original thread - + + ssl_pid_info_t pid_info = { + .id = id, + }; + task_tid(&pid_info.c_tid); + bpf_map_update_elem(&ssl_to_pid_tid, &args.ssl, &pid_info, BPF_NOEXIST); // we must not overwrite here, remember the original thread + return 0; } @@ -235,12 +245,15 @@ int BPF_UPROBE(uprobe_ssl_shutdown, void *s) { bpf_dbg_printk("=== SSL_shutdown id=%d ssl=%llx ===", id, s); - pid_connection_info_t *conn = bpf_map_lookup_elem(&ssl_to_conn, &s); + ssl_pid_connection_info_t *conn = bpf_map_lookup_elem(&ssl_to_conn, &s); if (conn) { - finish_possible_delayed_http_request(conn); + finish_possible_delayed_tls_http_request(&conn->conn, s); + bpf_map_delete_elem(&active_ssl_connections, &conn->conn); } bpf_map_delete_elem(&ssl_to_conn, &s); + bpf_map_delete_elem(&ssl_to_pid_tid, &s); + bpf_map_delete_elem(&pid_tid_to_conn, &id); return 0; diff --git a/bpf/http_ssl.h b/bpf/http_ssl.h index 30bac1e50..29411a23f 100644 --- a/bpf/http_ssl.h +++ b/bpf/http_ssl.h @@ -23,7 +23,7 @@ struct { struct { __uint(type, BPF_MAP_TYPE_LRU_HASH); __type(key, u64); // the SSL struct pointer - __type(value, pid_connection_info_t); // the pointer to the file descriptor matching ssl + __type(value, ssl_pid_connection_info_t); // the pointer to the file descriptor matching ssl __uint(max_entries, MAX_CONCURRENT_SHARED_REQUESTS); __uint(pinning, LIBBPF_PIN_BY_NAME); } ssl_to_conn SEC(".maps"); @@ -34,18 +34,23 @@ struct { struct { __uint(type, BPF_MAP_TYPE_LRU_HASH); __type(key, u64); // the pid-tid pair - __type(value, pid_connection_info_t); // the pointer to the file descriptor matching ssl + __type(value, ssl_pid_connection_info_t); // the pointer to the file descriptor matching ssl __uint(max_entries, MAX_CONCURRENT_SHARED_REQUESTS); __uint(pinning, LIBBPF_PIN_BY_NAME); } pid_tid_to_conn SEC(".maps"); +typedef struct ssl_pid_info { + u64 id; + pid_key_t c_tid; +} __attribute__((packed)) ssl_pid_info_t; + // LRU map which holds onto the mapping of an ssl pointer to pid-tid, // we clean-it up when we lookup by ssl. It's setup by SSL_read for cases where frameworks // process SSL requests on separate thread pools, e.g. Ruby on Rails struct { __uint(type, BPF_MAP_TYPE_LRU_HASH); __type(key, u64); // the ssl pointer - __type(value, u64); // the pid tid of the thread in ssl read + __type(value, ssl_pid_info_t); // the pid tid of the thread in ssl read __uint(max_entries, MAX_CONCURRENT_REQUESTS); } ssl_to_pid_tid SEC(".maps"); @@ -75,12 +80,30 @@ struct { __uint(pinning, LIBBPF_PIN_BY_NAME); } active_ssl_write_args SEC(".maps"); +static __always_inline void cleanup_ssl_trace(void *ssl) { + ssl_pid_info_t *ssl_info = bpf_map_lookup_elem(&ssl_to_pid_tid, &ssl); + + if (ssl_info) { + delete_server_trace_tid(&ssl_info->c_tid); + } +} + +static __always_inline void finish_possible_delayed_tls_http_request(pid_connection_info_t *pid_conn, void *ssl) { + http_info_t *info = bpf_map_lookup_elem(&ongoing_http, pid_conn); + if (info) { + if (http_info_complete(info)) { + cleanup_ssl_trace(ssl); + } + finish_http(info, pid_conn); + } +} + static __always_inline void handle_ssl_buf(u64 id, ssl_args_t *args, int bytes_len, u8 direction) { if (args && bytes_len > 0) { void *ssl = ((void *)args->ssl); u64 ssl_ptr = (u64)ssl; bpf_dbg_printk("SSL_buf id=%d ssl=%llx", id, ssl); - pid_connection_info_t *conn = bpf_map_lookup_elem(&ssl_to_conn, &ssl); + ssl_pid_connection_info_t *conn = bpf_map_lookup_elem(&ssl_to_conn, &ssl); if (!conn) { conn = bpf_map_lookup_elem(&pid_tid_to_conn, &id); @@ -91,11 +114,10 @@ static __always_inline void handle_ssl_buf(u64 id, ssl_args_t *args, int bytes_l // First we look up a pid_tid by the ssl pointer, which might've been established // by a prior SSL_read on another thread, then we look up in the same map. // Clean-up here we are done trying if we don't succeed - void *pid_tid_ptr = bpf_map_lookup_elem(&ssl_to_pid_tid, &ssl_ptr); + ssl_pid_info_t *pid_tid_ptr = bpf_map_lookup_elem(&ssl_to_pid_tid, &ssl_ptr); if (pid_tid_ptr) { - u64 pid_tid; - bpf_probe_read(&pid_tid, sizeof(pid_tid), pid_tid_ptr); + u64 pid_tid = pid_tid_ptr->id; conn = bpf_map_lookup_elem(&pid_tid_to_conn, &pid_tid); bpf_dbg_printk("Separate pool lookup ssl=%llx, pid=%d, conn=%llx", ssl_ptr, pid_tid, conn); @@ -110,23 +132,21 @@ static __always_inline void handle_ssl_buf(u64 id, ssl_args_t *args, int bytes_l // being on the same thread as the SSL_read. if (conn) { bpf_map_delete_elem(&pid_tid_to_conn, &id); - pid_connection_info_t c; - bpf_probe_read(&c, sizeof(pid_connection_info_t), conn); + ssl_pid_connection_info_t c; + bpf_probe_read(&c, sizeof(ssl_pid_connection_info_t), conn); bpf_map_update_elem(&ssl_to_conn, &ssl, &c, BPF_ANY); } } - bpf_map_delete_elem(&ssl_to_pid_tid, &ssl_ptr); - if (!conn) { // At this point the threading in the language doesn't allow us to properly match the SSL* with // the connection info. We send partial event, at least we can find the path, timing and response. // even though we won't have peer information. - pid_connection_info_t p_c = {}; + ssl_pid_connection_info_t p_c = {}; bpf_dbg_printk("setting fake connection info ssl=%llx", ssl); - bpf_memcpy(&p_c.conn.s_addr, &ssl, sizeof(void *)); - p_c.conn.d_port = p_c.conn.s_port = 0; - p_c.pid = pid_from_pid_tgid(id); + bpf_memcpy(&p_c.conn.conn.s_addr, &ssl, sizeof(void *)); + p_c.conn.conn.d_port = p_c.conn.conn.s_port = p_c.orig_dport = 0; + p_c.conn.pid = pid_from_pid_tgid(id); bpf_map_update_elem(&ssl_to_conn, &ssl, &p_c, BPF_ANY); conn = bpf_map_lookup_elem(&ssl_to_conn, &ssl); @@ -141,13 +161,12 @@ static __always_inline void handle_ssl_buf(u64 id, ssl_args_t *args, int bytes_l // for (int i=0; i < 48; i++) { // bpf_dbg_printk("%x ", buf[i]); // } - - handle_buf_with_connection(conn, (void *)args->buf, bytes_len, WITH_SSL, direction); + bpf_map_update_elem(&active_ssl_connections, &conn->conn, &ssl_ptr, BPF_ANY); + handle_buf_with_connection(&conn->conn, (void *)args->buf, bytes_len, WITH_SSL, direction, conn->orig_dport); } else { bpf_dbg_printk("No connection info! This is a bug."); } } } - #endif diff --git a/bpf/http_types.h b/bpf/http_types.h index 1b01a97a2..c0d3b9538 100644 --- a/bpf/http_types.h +++ b/bpf/http_types.h @@ -57,6 +57,11 @@ typedef struct http_pid_connection_info { u32 pid; } pid_connection_info_t; +typedef struct ssl_pid_connection_info { + pid_connection_info_t conn; + u16 orig_dport; +} ssl_pid_connection_info_t; + typedef struct tp_info { unsigned char trace_id[TRACE_ID_SIZE_BYTES]; unsigned char span_id[SPAN_ID_SIZE_BYTES]; @@ -177,6 +182,14 @@ static __always_inline bool likely_ephemeral_port(u16 port) { y = TMP; \ } +static __always_inline void swap_connection_info_order(connection_info_t *info) { + __SWAP(u16, info->s_port, info->d_port); + u8 tmp_addr[IP_V6_ADDR_LEN]; + __builtin_memcpy(tmp_addr, info->s_addr, sizeof(tmp_addr)); + __builtin_memcpy(info->s_addr, info->d_addr, sizeof(info->s_addr)); + __builtin_memcpy(info->d_addr, tmp_addr, sizeof(info->d_addr)); +} + // Since we track both send and receive connections, we need to sort the source and destination // pairs in a standardized way, we choose the server way of sorting, such that the ephemeral port // on the client is first. @@ -189,11 +202,7 @@ static __always_inline void sort_connection_info(connection_info_t *info) { (info->d_port > info->s_port)) { // Only sort if they are explicitly reversed, otherwise always sort source to be the larger // of the two ports - __SWAP(u16, info->s_port, info->d_port); - u8 tmp_addr[IP_V6_ADDR_LEN]; - __builtin_memcpy(tmp_addr, info->s_addr, sizeof(tmp_addr)); - __builtin_memcpy(info->s_addr, info->d_addr, sizeof(info->s_addr)); - __builtin_memcpy(info->d_addr, tmp_addr, sizeof(info->d_addr)); + swap_connection_info_order(info); } } diff --git a/bpf/trace_common.h b/bpf/trace_common.h index af0295790..2168d0fdc 100644 --- a/bpf/trace_common.h +++ b/bpf/trace_common.h @@ -132,11 +132,16 @@ static __always_inline unsigned char *extract_flags(unsigned char *tp_start) { return tp_start + 13 + 2 + 1 + 32 + 1 + 16 + 1; // strlen("Traceparent: ") + strlen(ver) + strlen("-") + strlen(trace_id) + strlen("-") + strlen(span_id) + strlen("-") } +static __always_inline void delete_server_trace_tid(pid_key_t *c_tid) { + bpf_map_delete_elem(&server_traces, c_tid); + //bpf_printk("Deleting server span for id=%llx, pid=%d, ns=%d, res = %d", bpf_get_current_pid_tgid(), c_tid->pid, c_tid->ns, res); +} + static __always_inline void delete_server_trace() { pid_key_t c_tid = {0}; task_tid(&c_tid); - bpf_map_delete_elem(&server_traces, &c_tid); + delete_server_trace_tid(&c_tid); } static __always_inline void server_or_client_trace(http_connection_metadata_t *meta, connection_info_t *conn, tp_info_pid_t *tp_p) { @@ -155,7 +160,7 @@ static __always_inline void server_or_client_trace(http_connection_metadata_t *m return; } - bpf_dbg_printk("Saving server span for id=%llx", bpf_get_current_pid_tgid()); + bpf_dbg_printk("Saving server span for id=%llx, pid=%d, ns=%d", bpf_get_current_pid_tgid(), c_tid.pid, c_tid.ns); bpf_map_update_elem(&server_traces, &c_tid, tp_p, BPF_ANY); } } diff --git a/bpf/tracing.h b/bpf/tracing.h index 2366e2a20..d7c2cdb16 100644 --- a/bpf/tracing.h +++ b/bpf/tracing.h @@ -37,10 +37,6 @@ static __always_inline tp_info_pid_t *trace_info_for_connection(connection_info_ return (tp_info_pid_t *)bpf_map_lookup_elem(&trace_map, conn); } -static __always_inline void delete_trace_info_for_connection(connection_info_t *conn) { - bpf_map_delete_elem(&trace_map, conn); -} - static __always_inline u64 current_epoch(u64 ts) { u64 temp = ts / NANOSECONDS_PER_EPOCH; return temp * NANOSECONDS_PER_EPOCH; diff --git a/pkg/internal/ebpf/bhpack/hpack.go b/pkg/internal/ebpf/bhpack/hpack.go index 60fec0b6d..6534c62a6 100644 --- a/pkg/internal/ebpf/bhpack/hpack.go +++ b/pkg/internal/ebpf/bhpack/hpack.go @@ -365,9 +365,10 @@ func (d *Decoder) parseFieldLiteral(n uint8, it indexType) error { if nameIdx > 0 { ihf, ok := d.at(nameIdx) if !ok { - return DecodingError{InvalidIndexError(nameIdx)} + hf.Name = "" + } else { + hf.Name = ihf.Name } - hf.Name = ihf.Name } else { undecodedName, buf, err = d.readString(buf) if err != nil { diff --git a/pkg/internal/ebpf/common/http2grpc_transform.go b/pkg/internal/ebpf/common/http2grpc_transform.go index 9a983d078..ee2c94ad2 100644 --- a/pkg/internal/ebpf/common/http2grpc_transform.go +++ b/pkg/internal/ebpf/common/http2grpc_transform.go @@ -177,10 +177,10 @@ var genericServiceID = svc.ID{SDKLanguage: svc.InstrumentableGeneric} func http2InfoToSpan(info *BPFHTTP2Info, method, path, peer, host string, status int, protocol Protocol) request.Span { return request.Span{ Type: info.eventType(protocol), - ID: 0, Method: method, Path: removeQuery(path), Peer: peer, + PeerPort: int(info.ConnInfo.S_port), Host: host, HostPort: int(info.ConnInfo.D_port), ContentLength: int64(info.Len), @@ -244,7 +244,12 @@ func ReadHTTP2InfoIntoSpan(record *ringbuf.Record, filter ServiceFilter) (reques return request.Span{}, true, nil } - framer := byteFramer(event.Data[:]) + bLen := len(event.Data) + if event.Len < int32(bLen) { + bLen = int(event.Len) + } + + framer := byteFramer(event.Data[:bLen]) retFramer := byteFramer(event.RetData[:]) // We don't set the framer.ReadMetaHeaders function to hpack.NewDecoder because // the http2.MetaHeadersFrame code wants a full grpc buffer with all the fields, @@ -266,6 +271,10 @@ func ReadHTTP2InfoIntoSpan(record *ringbuf.Record, filter ServiceFilter) (reques if ff, ok := f.(*http2.HeadersFrame); ok { method, path, contentType := readMetaFrame((*BPFConnInfo)(&event.ConnInfo), framer, ff) + if path == "" { + path = "*" + } + grpcInStatus := false for { diff --git a/pkg/internal/ebpf/common/http2grpc_transform_test.go b/pkg/internal/ebpf/common/http2grpc_transform_test.go index 0c12aff02..cc9f16877 100644 --- a/pkg/internal/ebpf/common/http2grpc_transform_test.go +++ b/pkg/internal/ebpf/common/http2grpc_transform_test.go @@ -4,6 +4,7 @@ import ( "testing" "github.com/stretchr/testify/assert" + "golang.org/x/net/http2" ) func TestHTTP2QuickDetection(t *testing.T) { @@ -37,6 +38,12 @@ func TestHTTP2QuickDetection(t *testing.T) { inputLen: 10000, expected: true, }, + { + name: "Too short of input len, but enough to parse the reset frame", + input: []byte{0, 0, 4, 3, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 70, 1, 4, 0, 0, 0, 21, 205, 131, 4, 147, 96, 233, 45, 18, 22, 147, 175, 12, 155, 139, 103, 115, 16, 172, 98, 42, 97, 145, 31, 134, 126, 167, 0, 22, 44, 99, 27, 33, 124, 174, 72, 228, 109, 129, 233, 27, 125, 246, 133, 44, 101, 28, 111, 70, 32, 178, 85, 163, 108, 97, 149, 199, 99, 121, 169, 90, 149, 225, 188, 176, 3, 204, 203, 202, 201, 200, 0, 0, 5, 0, 0, 0, 0, 0, 21, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 21, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, + inputLen: frameHeaderLen + 2, + expected: false, + }, { name: "Kafka frame instead of HTTP2", input: []byte{0, 0, 0, 1, 0, 0, 0, 7, 0, 0, 0, 2, 0, 6, 115, 97, 114, 97, 109, 97, 255, 255, 255, 255, 0, 0, 39, 16, 0, 0, 0, 1, 0, 9, 105, 109, 112, 111, 114, 116, 97, 110, 116, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 72}, @@ -64,3 +71,52 @@ func TestHTTP2QuickDetection(t *testing.T) { }) } } + +func TestHTTP2Parsing(t *testing.T) { + tests := []struct { + name string + input []byte + inputLen int + method string + path string + contentType string + }{ + { + name: "One", + input: []byte{0, 0, 88, 1, 4, 0, 0, 6, 237, 208, 131, 4, 164, 96, 233, 45, 18, 22, 147, 175, 180, 164, 61, 52, 150, 169, 6, 147, 30, 173, 197, 179, 37, 2, 0, 0, 0, 0, 0, 0, 187, 70, 76, 66, 163, 126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 213, 255, 255, 255, 255, 255, 255, 255, 1, 105, 108, 100, 108, 105, 102, 101, 0, 0, 0, 0, 0, 0, 0, 0, 64, 183, 2, 212, 164, 126, 0, 0, 64, 183, 2, 212, 164, 126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0, 0, 0, 0, 60, 103, 110, 32, 119, 105, 108, 108, 32, 119, 105, 116, 104, 115, 116, 97, 110, 100, 32, 96, 32, 0, 196, 164, 126, 0, 0, 60, 0, 0, 0, 0, 0, 0, 0, 112, 32, 0, 196, 164, 126, 0, 0, 137, 42, 109, 81, 165, 126, 0, 0, 97, 115, 104, 108, 105, 103, 104, 116, 46, 106, 112, 103, 42, 12, 10, 3, 85, 83, 68, 16, 57, 24, 128, 232, 146, 38, 50, 11, 97, 99, 99, 101, 115, 115, 111, 114, 105, 101, 115, 50, 11, 102, 108, 97, 115, 104, 108, 105, 103, 104, 116, 115, 10, 165, 5, 10}, + inputLen: 32, + method: "POST", + path: "", + contentType: "", + }, + { + name: "Two", + input: []byte{0, 0, 77, 1, 4, 0, 0, 0, 37, 195, 194, 131, 134, 193, 192, 191, 190, 0, 11, 116, 114, 97, 99, 0, 0, 0, 0, 0, 0, 0, 0, 8, 101, 112, 97, 114, 101, 110, 116, 55, 0, 8, 6, 0, 0, 0, 0, 0, 36, 42, 35, 123, 242, 89, 199, 0, 7, 1, 240, 184, 117, 0, 0, 55, 0, 0, 0, 0, 0, 0, 0, 16, 7, 1, 240, 184, 117, 0, 0, 137, 218, 220, 116, 185, 117, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 23, 0, 0, 4, 8, 0, 0, 0, 0, 37, 0, 0, 0, 5, 0, 0, 5, 0, 1, 0, 0, 0, 37, 0, 0, 0, 0, 0, 0, 0, 0, 0, 17, 0, 0, 0, 0, 0, 0, 4, 8, 0, 0, 0, 0, 0, 0, 0, 20, 12, 0, 240, 184, 117, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 10, 0, 0, 0, 0, 0, 0, 0, 210, 202, 123, 115, 185, 117, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 31, 0, 240, 184, 117, 0, 0, 174, 233, 21, 115, 185, 117, 0, 0, 5, 0, 0, 0, 0, 0, 0, 0, 96, 65, 0, 240, 184, 117, 0, 0, 31, 0, 0, 0, 0, 0, 0, 0, 112, 65, 0, 240, 184, 117, 0, 0, 208, 201, 127, 3, 185, 117, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4}, + inputLen: 126, + method: "POST", + path: "", + contentType: "", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + framer := byteFramer(tt.input[:tt.inputLen]) + for { + f, err := framer.ReadFrame() + + if err != nil { + break + } + + if ff, ok := f.(*http2.HeadersFrame); ok { + connInfo := BPFConnInfo{} + method, path, contentType := readMetaFrame(&connInfo, framer, ff) + assert.Equal(t, method, tt.method) + assert.Equal(t, path, tt.path) + assert.Equal(t, contentType, tt.contentType) + } + } + }) + } +} diff --git a/pkg/internal/ebpf/common/httpfltr_transform.go b/pkg/internal/ebpf/common/httpfltr_transform.go index 5e0453ce4..3fd1ee7d9 100644 --- a/pkg/internal/ebpf/common/httpfltr_transform.go +++ b/pkg/internal/ebpf/common/httpfltr_transform.go @@ -19,10 +19,10 @@ import ( func httpInfoToSpan(info *HTTPInfo) request.Span { return request.Span{ Type: request.EventType(info.Type), - ID: 0, Method: info.Method, Path: removeQuery(info.URL), Peer: info.Peer, + PeerPort: int(info.ConnInfo.S_port), Host: info.Host, HostPort: int(info.ConnInfo.D_port), ContentLength: int64(info.Len), diff --git a/pkg/internal/ebpf/common/kafka_detect_transform.go b/pkg/internal/ebpf/common/kafka_detect_transform.go index 700fb3708..4094ccaf7 100644 --- a/pkg/internal/ebpf/common/kafka_detect_transform.go +++ b/pkg/internal/ebpf/common/kafka_detect_transform.go @@ -332,6 +332,7 @@ func TCPToKafkaToSpan(trace *TCPRequestInfo, data *KafkaInfo) request.Span { OtherNamespace: data.ClientID, Path: data.Topic, Peer: peer, + PeerPort: int(trace.ConnInfo.S_port), Host: hostname, HostPort: hostPort, ContentLength: 0, diff --git a/pkg/internal/ebpf/common/redis_detect_transform.go b/pkg/internal/ebpf/common/redis_detect_transform.go index 62356ca94..687a33d5d 100644 --- a/pkg/internal/ebpf/common/redis_detect_transform.go +++ b/pkg/internal/ebpf/common/redis_detect_transform.go @@ -78,6 +78,13 @@ func crlfTerminatedMatch(buf []uint8, matches func(c uint8) bool) bool { return buf[i+1] == '\n' } +func isValidRedisChar(c byte) bool { + return (c >= 'a' && c <= 'z') || + (c >= 'A' && c <= 'Z') || + (c >= '0' && c <= '9') || + c == '.' || c == ' ' || c == '-' || c == '_' +} + func parseRedisRequest(buf string) (string, string, bool) { lines := strings.Split(buf, "\r\n") @@ -110,6 +117,9 @@ func parseRedisRequest(buf string) (string, string, bool) { text += "; " continue } + if !isValidRedisChar(l[0]) { + break + } if op == "" { op = l } @@ -136,6 +146,7 @@ func TCPToRedisToSpan(trace *TCPRequestInfo, op, text string, status int) reques Method: op, Path: text, Peer: peer, + PeerPort: int(trace.ConnInfo.S_port), Host: hostname, HostPort: hostPort, ContentLength: 0, diff --git a/pkg/internal/ebpf/common/redis_detect_transform_test.go b/pkg/internal/ebpf/common/redis_detect_transform_test.go index 308d31e0b..1160d754d 100644 --- a/pkg/internal/ebpf/common/redis_detect_transform_test.go +++ b/pkg/internal/ebpf/common/redis_detect_transform_test.go @@ -1,6 +1,7 @@ package ebpfcommon import ( + "fmt" "testing" "github.com/stretchr/testify/assert" @@ -27,3 +28,42 @@ func TestCRLFMatching(t *testing.T) { assert.Equal(t, res, ts.result) } } + +func TestRedisParsing(t *testing.T) { + proper := fmt.Sprintf("*2\r\n$3\r\nGET\r\n$5\r\n%s", "beyla") + + op, text, ok := parseRedisRequest(proper) + assert.True(t, ok) + assert.Equal(t, "GET", op) + assert.Equal(t, "GET beyla ", text) + + weird := fmt.Sprintf("*2\r\nGET\r\n%s", "beyla") + op, text, ok = parseRedisRequest(weird) + assert.True(t, ok) + assert.Equal(t, "", op) + assert.Equal(t, "", text) + + unknown := fmt.Sprintf("2\r\nGET\r\n%s", "beyla") + op, text, ok = parseRedisRequest(unknown) + assert.True(t, ok) + assert.Equal(t, "", op) + assert.Equal(t, "", text) + + op, text, ok = parseRedisRequest("2") + assert.False(t, ok) + assert.Equal(t, "", op) + assert.Equal(t, "", text) + + multi := fmt.Sprintf("*4\r\n$6\r\nclient\r\n$7\r\nsetinfo\r\n$8\r\nLIB-NAME\r\n$19\r\n%s(,go1.22.2)\r\n*4\r\n$6\r\nclient\r\n$7\r\nsetinfo\r\n$7\r\nLIB-VER\r\n$5\r\n9.5.1\r\n", "go-redis") + op, text, ok = parseRedisRequest(multi) + assert.True(t, ok) + assert.Equal(t, "client", op) + assert.Equal(t, "client setinfo LIB-NAME go-redis(,go1.22.2) ; client setinfo LIB-VER 9.5.1 ", text) + + hmset := []byte{42, 52, 13, 10, 36, 53, 13, 10, 72, 77, 83, 69, 84, 13, 10, 36, 51, 54, 13, 10, 48, 99, 57, 102, 97, 56, 97, 97, 45, 50, 56, 49, 102, 45, 49, 49, 101, 102, 45, 57, 55, 98, 57, 45, 98, 101, 57, 54, 48, 48, 99, 97, 48, 102, 50, 55, 13, 10, 36, 52, 13, 10, 99, 97, 114, 116, 13, 10, 36, 53, 52, 13, 10, 10, 36, 48, 99, 57, 102, 97, 56, 97, 97, 45, 50, 56, 49, 102, 45, 49, 49, 101, 102, 45, 57, 55, 98, 57, 45, 98, 101, 57, 54, 48, 48, 99, 97, 48, 102, 50, 55, 18, 14, 10, 10, 79, 76, 74, 67, 69, 83, 80, 67, 55, 90, 16, 5, 13, 10, 0, 10, 72, 81, 84, 71, 87, 71, 80, 78, 72, 52, 16, 1, 13, 10, 0, 10, 49, 89, 77, 87, 87, 78, 49, 78, 52, 79, 16, 5, 13, 10, 0, 10, 10, 57, 83, 73, 81, 84, 56, 84, 79, 74, 79, 16, 5, 13, 10, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} + op, text, ok = parseRedisRequest(string(hmset)) + + assert.True(t, ok) + assert.Equal(t, "HMSET", op) + assert.Equal(t, "HMSET 0c9fa8aa-281f-11ef-97b9-be9600ca0f27 cart ", text) +} diff --git a/pkg/internal/ebpf/common/spanner.go b/pkg/internal/ebpf/common/spanner.go index d73db3432..0b4f5f778 100644 --- a/pkg/internal/ebpf/common/spanner.go +++ b/pkg/internal/ebpf/common/spanner.go @@ -40,6 +40,7 @@ func HTTPRequestTraceToSpan(trace *HTTPRequestTrace) request.Span { Method: method, Path: path, Peer: peer, + PeerPort: int(trace.Conn.S_port), Host: hostname, HostPort: hostPort, ContentLength: trace.ContentLength, @@ -88,6 +89,7 @@ func SQLRequestTraceToSpan(trace *SQLRequestTrace) request.Span { Method: method, Path: path, Peer: "", + PeerPort: 0, Host: "", HostPort: 0, ContentLength: 0, diff --git a/pkg/internal/ebpf/common/sql_detect_transform.go b/pkg/internal/ebpf/common/sql_detect_transform.go index 1dd4b6abe..d1f0af40c 100644 --- a/pkg/internal/ebpf/common/sql_detect_transform.go +++ b/pkg/internal/ebpf/common/sql_detect_transform.go @@ -59,6 +59,7 @@ func TCPToSQLToSpan(trace *TCPRequestInfo, op, table, sql string) request.Span { Method: op, Path: table, Peer: peer, + PeerPort: int(trace.ConnInfo.S_port), Host: hostname, HostPort: hostPort, ContentLength: 0, diff --git a/pkg/internal/ebpf/common/tcp_detect_transform.go b/pkg/internal/ebpf/common/tcp_detect_transform.go index 27b1a1702..058ce3a76 100644 --- a/pkg/internal/ebpf/common/tcp_detect_transform.go +++ b/pkg/internal/ebpf/common/tcp_detect_transform.go @@ -3,7 +3,9 @@ package ebpfcommon import ( "bytes" "encoding/binary" + "fmt" "net" + "strings" "github.com/cilium/ebpf/ringbuf" @@ -23,24 +25,29 @@ func ReadTCPRequestIntoSpan(record *ringbuf.Record, filter ServiceFilter) (reque return request.Span{}, true, nil } - b := event.Buf[:] - l := int(event.Len) - if l < 0 || len(b) < l { - l = len(b) + if l < 0 || len(event.Buf) < l { + l = len(event.Buf) } - buf := string(event.Buf[:l]) + b := event.Buf[:l] + + buf := string(b) // Check if we have a SQL statement op, table, sql := detectSQL(buf) switch { case validSQL(op, table): return TCPToSQLToSpan(&event, op, table, sql), false, nil - case isRedis(event.Buf[:l]) && isRedis(event.Rbuf[:]): + case isRedis(b) && isRedis(event.Rbuf[:]): op, text, ok := parseRedisRequest(buf) if ok { + + if strings.Contains(text, "$") { + fmt.Printf("** BAD ** %s %v\n", text, event.Buf[:]) + } + status := 0 if isErr := isRedisError(event.Rbuf[:]); isErr { status = 1 @@ -52,7 +59,7 @@ func ReadTCPRequestIntoSpan(record *ringbuf.Record, filter ServiceFilter) (reque k, err := ProcessPossibleKafkaEvent(b, event.Rbuf[:]) if err == nil { return TCPToKafkaToSpan(&event, k), false, nil - } else if isHTTP2(b, &event) { + } else if isHTTP2(b, &event) || isHTTP2(event.Rbuf[:], &event) { MisclassifiedEvents <- MisclassifiedEvent{EventType: EventTypeKHTTP2, TCPInfo: &event} } } diff --git a/pkg/internal/ebpf/common/tcp_detect_transform_test.go b/pkg/internal/ebpf/common/tcp_detect_transform_test.go index fb3513dce..e5588c031 100644 --- a/pkg/internal/ebpf/common/tcp_detect_transform_test.go +++ b/pkg/internal/ebpf/common/tcp_detect_transform_test.go @@ -140,39 +140,6 @@ func TestRedisDetection(t *testing.T) { } } -func TestRedisParsing(t *testing.T) { - proper := fmt.Sprintf("*2\r\n$3\r\nGET\r\n$5\r\n%s", "beyla") - - op, text, ok := parseRedisRequest(proper) - assert.True(t, ok) - assert.Equal(t, "GET", op) - assert.Equal(t, "GET beyla ", text) - - weird := fmt.Sprintf("*2\r\nGET\r\n%s", "beyla") - op, text, ok = parseRedisRequest(weird) - assert.True(t, ok) - assert.Equal(t, "", op) - assert.Equal(t, "", text) - - unknown := fmt.Sprintf("2\r\nGET\r\n%s", "beyla") - op, text, ok = parseRedisRequest(unknown) - assert.True(t, ok) - assert.Equal(t, "", op) - assert.Equal(t, "", text) - - op, text, ok = parseRedisRequest("2") - assert.False(t, ok) - assert.Equal(t, "", op) - assert.Equal(t, "", text) - - multi := fmt.Sprintf("*4\r\n$6\r\nclient\r\n$7\r\nsetinfo\r\n$8\r\nLIB-NAME\r\n$19\r\n%s(,go1.22.2)\r\n*4\r\n$6\r\nclient\r\n$7\r\nsetinfo\r\n$7\r\nLIB-VER\r\n$5\r\n9.5.1\r\n", "go-redis") - op, text, ok = parseRedisRequest(multi) - assert.True(t, ok) - assert.Equal(t, "client", op) - assert.Equal(t, "client setinfo LIB-NAME go-redis(,go1.22.2) ; client setinfo LIB-VER 9.5.1 ", text) - -} - func TestTCPReqKafkaParsing(t *testing.T) { // kafka message b := []byte{0, 0, 0, 94, 0, 1, 0, 11, 0, 0, 0, 224, 0, 6, 115, 97, 114, 97, 109, 97, 255, 255, 255, 255, 0, 0, 1, 244, 0, 0, 0, 1, 6, 64, 0, 0, 0, 0, 0, 0, 0, 255, 255, 255, 255, 0, 0, 0, 1, 0, 9, 105, 109, 112, 111, 114, 116, 97, 110, 116, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 16, 0, 0, 0, 0, 0, 0, 0, 0} diff --git a/pkg/internal/ebpf/gokafka/bpf_bpfel_arm64.o b/pkg/internal/ebpf/gokafka/bpf_bpfel_arm64.o index 5b6feedc1..0b6783792 100644 Binary files a/pkg/internal/ebpf/gokafka/bpf_bpfel_arm64.o and b/pkg/internal/ebpf/gokafka/bpf_bpfel_arm64.o differ diff --git a/pkg/internal/ebpf/gokafka/bpf_bpfel_x86.o b/pkg/internal/ebpf/gokafka/bpf_bpfel_x86.o index 9091eeff7..3509ea2f4 100644 Binary files a/pkg/internal/ebpf/gokafka/bpf_bpfel_x86.o and b/pkg/internal/ebpf/gokafka/bpf_bpfel_x86.o differ diff --git a/pkg/internal/ebpf/gokafka/bpf_debug_bpfel_arm64.o b/pkg/internal/ebpf/gokafka/bpf_debug_bpfel_arm64.o index a1ef9f370..9bc505130 100644 Binary files a/pkg/internal/ebpf/gokafka/bpf_debug_bpfel_arm64.o and b/pkg/internal/ebpf/gokafka/bpf_debug_bpfel_arm64.o differ diff --git a/pkg/internal/ebpf/gokafka/bpf_debug_bpfel_x86.o b/pkg/internal/ebpf/gokafka/bpf_debug_bpfel_x86.o index 0ff129977..b1ee7081c 100644 Binary files a/pkg/internal/ebpf/gokafka/bpf_debug_bpfel_x86.o and b/pkg/internal/ebpf/gokafka/bpf_debug_bpfel_x86.o differ diff --git a/pkg/internal/ebpf/goredis/bpf_bpfel_arm64.o b/pkg/internal/ebpf/goredis/bpf_bpfel_arm64.o index 60b873fae..bbf3a9a6e 100644 Binary files a/pkg/internal/ebpf/goredis/bpf_bpfel_arm64.o and b/pkg/internal/ebpf/goredis/bpf_bpfel_arm64.o differ diff --git a/pkg/internal/ebpf/goredis/bpf_bpfel_x86.o b/pkg/internal/ebpf/goredis/bpf_bpfel_x86.o index d9be9161f..ed9fa2f17 100644 Binary files a/pkg/internal/ebpf/goredis/bpf_bpfel_x86.o and b/pkg/internal/ebpf/goredis/bpf_bpfel_x86.o differ diff --git a/pkg/internal/ebpf/goredis/bpf_debug_bpfel_arm64.o b/pkg/internal/ebpf/goredis/bpf_debug_bpfel_arm64.o index 123d305e6..4c19583f5 100644 Binary files a/pkg/internal/ebpf/goredis/bpf_debug_bpfel_arm64.o and b/pkg/internal/ebpf/goredis/bpf_debug_bpfel_arm64.o differ diff --git a/pkg/internal/ebpf/goredis/bpf_debug_bpfel_x86.o b/pkg/internal/ebpf/goredis/bpf_debug_bpfel_x86.o index b4818bf14..ece8ff3ec 100644 Binary files a/pkg/internal/ebpf/goredis/bpf_debug_bpfel_x86.o and b/pkg/internal/ebpf/goredis/bpf_debug_bpfel_x86.o differ diff --git a/pkg/internal/ebpf/grpc/bpf_bpfel_arm64.o b/pkg/internal/ebpf/grpc/bpf_bpfel_arm64.o index 599c3a18f..d06e27f29 100644 Binary files a/pkg/internal/ebpf/grpc/bpf_bpfel_arm64.o and b/pkg/internal/ebpf/grpc/bpf_bpfel_arm64.o differ diff --git a/pkg/internal/ebpf/grpc/bpf_bpfel_x86.o b/pkg/internal/ebpf/grpc/bpf_bpfel_x86.o index c6f97b209..692d20ded 100644 Binary files a/pkg/internal/ebpf/grpc/bpf_bpfel_x86.o and b/pkg/internal/ebpf/grpc/bpf_bpfel_x86.o differ diff --git a/pkg/internal/ebpf/grpc/bpf_debug_bpfel_arm64.o b/pkg/internal/ebpf/grpc/bpf_debug_bpfel_arm64.o index d72a319bd..41dae4511 100644 Binary files a/pkg/internal/ebpf/grpc/bpf_debug_bpfel_arm64.o and b/pkg/internal/ebpf/grpc/bpf_debug_bpfel_arm64.o differ diff --git a/pkg/internal/ebpf/grpc/bpf_debug_bpfel_x86.o b/pkg/internal/ebpf/grpc/bpf_debug_bpfel_x86.o index 2d4075d70..3f9eae0e4 100644 Binary files a/pkg/internal/ebpf/grpc/bpf_debug_bpfel_x86.o and b/pkg/internal/ebpf/grpc/bpf_debug_bpfel_x86.o differ diff --git a/pkg/internal/ebpf/grpc/bpf_tp_bpfel_arm64.o b/pkg/internal/ebpf/grpc/bpf_tp_bpfel_arm64.o index 4aff3f078..281f404ed 100644 Binary files a/pkg/internal/ebpf/grpc/bpf_tp_bpfel_arm64.o and b/pkg/internal/ebpf/grpc/bpf_tp_bpfel_arm64.o differ diff --git a/pkg/internal/ebpf/grpc/bpf_tp_bpfel_x86.o b/pkg/internal/ebpf/grpc/bpf_tp_bpfel_x86.o index fc1ad42ff..14de1119b 100644 Binary files a/pkg/internal/ebpf/grpc/bpf_tp_bpfel_x86.o and b/pkg/internal/ebpf/grpc/bpf_tp_bpfel_x86.o differ diff --git a/pkg/internal/ebpf/grpc/bpf_tp_debug_bpfel_arm64.o b/pkg/internal/ebpf/grpc/bpf_tp_debug_bpfel_arm64.o index ee944dd0f..77b7aeb53 100644 Binary files a/pkg/internal/ebpf/grpc/bpf_tp_debug_bpfel_arm64.o and b/pkg/internal/ebpf/grpc/bpf_tp_debug_bpfel_arm64.o differ diff --git a/pkg/internal/ebpf/grpc/bpf_tp_debug_bpfel_x86.o b/pkg/internal/ebpf/grpc/bpf_tp_debug_bpfel_x86.o index 19273fb50..4ec7f6e87 100644 Binary files a/pkg/internal/ebpf/grpc/bpf_tp_debug_bpfel_x86.o and b/pkg/internal/ebpf/grpc/bpf_tp_debug_bpfel_x86.o differ diff --git a/pkg/internal/ebpf/httpfltr/bpf_bpfel_arm64.go b/pkg/internal/ebpf/httpfltr/bpf_bpfel_arm64.go index 7c3ad1361..eac304863 100644 --- a/pkg/internal/ebpf/httpfltr/bpf_bpfel_arm64.go +++ b/pkg/internal/ebpf/httpfltr/bpf_bpfel_arm64.go @@ -128,6 +128,17 @@ type bpfSslArgsT struct { LenPtr uint64 } +type bpfSslPidConnectionInfoT struct { + Conn bpfPidConnectionInfoT + OrigDport uint16 + _ [2]byte +} + +type bpfSslPidInfoT struct { + Id uint64 + C_tid bpfPidKeyT +} + type bpfTcpReqT struct { Flags uint8 _ [1]byte @@ -236,6 +247,7 @@ type bpfMapSpecs struct { ActiveRecvArgs *ebpf.MapSpec `ebpf:"active_recv_args"` ActiveSendArgs *ebpf.MapSpec `ebpf:"active_send_args"` ActiveSendSockArgs *ebpf.MapSpec `ebpf:"active_send_sock_args"` + ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.MapSpec `ebpf:"active_ssl_write_args"` @@ -287,6 +299,7 @@ type bpfMaps struct { ActiveRecvArgs *ebpf.Map `ebpf:"active_recv_args"` ActiveSendArgs *ebpf.Map `ebpf:"active_send_args"` ActiveSendSockArgs *ebpf.Map `ebpf:"active_send_sock_args"` + ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.Map `ebpf:"active_ssl_write_args"` @@ -321,6 +334,7 @@ func (m *bpfMaps) Close() error { m.ActiveRecvArgs, m.ActiveSendArgs, m.ActiveSendSockArgs, + m.ActiveSslConnections, m.ActiveSslHandshakes, m.ActiveSslReadArgs, m.ActiveSslWriteArgs, diff --git a/pkg/internal/ebpf/httpfltr/bpf_bpfel_arm64.o b/pkg/internal/ebpf/httpfltr/bpf_bpfel_arm64.o index d70cfac0b..e3f729c37 100644 Binary files a/pkg/internal/ebpf/httpfltr/bpf_bpfel_arm64.o and b/pkg/internal/ebpf/httpfltr/bpf_bpfel_arm64.o differ diff --git a/pkg/internal/ebpf/httpfltr/bpf_bpfel_x86.go b/pkg/internal/ebpf/httpfltr/bpf_bpfel_x86.go index 1f23bc508..5e855197c 100644 --- a/pkg/internal/ebpf/httpfltr/bpf_bpfel_x86.go +++ b/pkg/internal/ebpf/httpfltr/bpf_bpfel_x86.go @@ -128,6 +128,17 @@ type bpfSslArgsT struct { LenPtr uint64 } +type bpfSslPidConnectionInfoT struct { + Conn bpfPidConnectionInfoT + OrigDport uint16 + _ [2]byte +} + +type bpfSslPidInfoT struct { + Id uint64 + C_tid bpfPidKeyT +} + type bpfTcpReqT struct { Flags uint8 _ [1]byte @@ -236,6 +247,7 @@ type bpfMapSpecs struct { ActiveRecvArgs *ebpf.MapSpec `ebpf:"active_recv_args"` ActiveSendArgs *ebpf.MapSpec `ebpf:"active_send_args"` ActiveSendSockArgs *ebpf.MapSpec `ebpf:"active_send_sock_args"` + ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.MapSpec `ebpf:"active_ssl_write_args"` @@ -287,6 +299,7 @@ type bpfMaps struct { ActiveRecvArgs *ebpf.Map `ebpf:"active_recv_args"` ActiveSendArgs *ebpf.Map `ebpf:"active_send_args"` ActiveSendSockArgs *ebpf.Map `ebpf:"active_send_sock_args"` + ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.Map `ebpf:"active_ssl_write_args"` @@ -321,6 +334,7 @@ func (m *bpfMaps) Close() error { m.ActiveRecvArgs, m.ActiveSendArgs, m.ActiveSendSockArgs, + m.ActiveSslConnections, m.ActiveSslHandshakes, m.ActiveSslReadArgs, m.ActiveSslWriteArgs, diff --git a/pkg/internal/ebpf/httpfltr/bpf_bpfel_x86.o b/pkg/internal/ebpf/httpfltr/bpf_bpfel_x86.o index 6998ef807..185fd3f56 100644 Binary files a/pkg/internal/ebpf/httpfltr/bpf_bpfel_x86.o and b/pkg/internal/ebpf/httpfltr/bpf_bpfel_x86.o differ diff --git a/pkg/internal/ebpf/httpfltr/bpf_debug_bpfel_arm64.go b/pkg/internal/ebpf/httpfltr/bpf_debug_bpfel_arm64.go index c709ffc38..152f663d7 100644 --- a/pkg/internal/ebpf/httpfltr/bpf_debug_bpfel_arm64.go +++ b/pkg/internal/ebpf/httpfltr/bpf_debug_bpfel_arm64.go @@ -128,6 +128,17 @@ type bpf_debugSslArgsT struct { LenPtr uint64 } +type bpf_debugSslPidConnectionInfoT struct { + Conn bpf_debugPidConnectionInfoT + OrigDport uint16 + _ [2]byte +} + +type bpf_debugSslPidInfoT struct { + Id uint64 + C_tid bpf_debugPidKeyT +} + type bpf_debugTcpReqT struct { Flags uint8 _ [1]byte @@ -236,6 +247,7 @@ type bpf_debugMapSpecs struct { ActiveRecvArgs *ebpf.MapSpec `ebpf:"active_recv_args"` ActiveSendArgs *ebpf.MapSpec `ebpf:"active_send_args"` ActiveSendSockArgs *ebpf.MapSpec `ebpf:"active_send_sock_args"` + ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.MapSpec `ebpf:"active_ssl_write_args"` @@ -287,6 +299,7 @@ type bpf_debugMaps struct { ActiveRecvArgs *ebpf.Map `ebpf:"active_recv_args"` ActiveSendArgs *ebpf.Map `ebpf:"active_send_args"` ActiveSendSockArgs *ebpf.Map `ebpf:"active_send_sock_args"` + ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.Map `ebpf:"active_ssl_write_args"` @@ -321,6 +334,7 @@ func (m *bpf_debugMaps) Close() error { m.ActiveRecvArgs, m.ActiveSendArgs, m.ActiveSendSockArgs, + m.ActiveSslConnections, m.ActiveSslHandshakes, m.ActiveSslReadArgs, m.ActiveSslWriteArgs, diff --git a/pkg/internal/ebpf/httpfltr/bpf_debug_bpfel_arm64.o b/pkg/internal/ebpf/httpfltr/bpf_debug_bpfel_arm64.o index a2a11588b..4bf0028f2 100644 Binary files a/pkg/internal/ebpf/httpfltr/bpf_debug_bpfel_arm64.o and b/pkg/internal/ebpf/httpfltr/bpf_debug_bpfel_arm64.o differ diff --git a/pkg/internal/ebpf/httpfltr/bpf_debug_bpfel_x86.go b/pkg/internal/ebpf/httpfltr/bpf_debug_bpfel_x86.go index 9584ce8b9..02f13588f 100644 --- a/pkg/internal/ebpf/httpfltr/bpf_debug_bpfel_x86.go +++ b/pkg/internal/ebpf/httpfltr/bpf_debug_bpfel_x86.go @@ -128,6 +128,17 @@ type bpf_debugSslArgsT struct { LenPtr uint64 } +type bpf_debugSslPidConnectionInfoT struct { + Conn bpf_debugPidConnectionInfoT + OrigDport uint16 + _ [2]byte +} + +type bpf_debugSslPidInfoT struct { + Id uint64 + C_tid bpf_debugPidKeyT +} + type bpf_debugTcpReqT struct { Flags uint8 _ [1]byte @@ -236,6 +247,7 @@ type bpf_debugMapSpecs struct { ActiveRecvArgs *ebpf.MapSpec `ebpf:"active_recv_args"` ActiveSendArgs *ebpf.MapSpec `ebpf:"active_send_args"` ActiveSendSockArgs *ebpf.MapSpec `ebpf:"active_send_sock_args"` + ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.MapSpec `ebpf:"active_ssl_write_args"` @@ -287,6 +299,7 @@ type bpf_debugMaps struct { ActiveRecvArgs *ebpf.Map `ebpf:"active_recv_args"` ActiveSendArgs *ebpf.Map `ebpf:"active_send_args"` ActiveSendSockArgs *ebpf.Map `ebpf:"active_send_sock_args"` + ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.Map `ebpf:"active_ssl_write_args"` @@ -321,6 +334,7 @@ func (m *bpf_debugMaps) Close() error { m.ActiveRecvArgs, m.ActiveSendArgs, m.ActiveSendSockArgs, + m.ActiveSslConnections, m.ActiveSslHandshakes, m.ActiveSslReadArgs, m.ActiveSslWriteArgs, diff --git a/pkg/internal/ebpf/httpfltr/bpf_debug_bpfel_x86.o b/pkg/internal/ebpf/httpfltr/bpf_debug_bpfel_x86.o index ceeb6444b..4a057f26e 100644 Binary files a/pkg/internal/ebpf/httpfltr/bpf_debug_bpfel_x86.o and b/pkg/internal/ebpf/httpfltr/bpf_debug_bpfel_x86.o differ diff --git a/pkg/internal/ebpf/httpfltr/bpf_tp_bpfel_arm64.go b/pkg/internal/ebpf/httpfltr/bpf_tp_bpfel_arm64.go index 51aeb7dc2..b0d2f0ed8 100644 --- a/pkg/internal/ebpf/httpfltr/bpf_tp_bpfel_arm64.go +++ b/pkg/internal/ebpf/httpfltr/bpf_tp_bpfel_arm64.go @@ -128,6 +128,17 @@ type bpf_tpSslArgsT struct { LenPtr uint64 } +type bpf_tpSslPidConnectionInfoT struct { + Conn bpf_tpPidConnectionInfoT + OrigDport uint16 + _ [2]byte +} + +type bpf_tpSslPidInfoT struct { + Id uint64 + C_tid bpf_tpPidKeyT +} + type bpf_tpTcpReqT struct { Flags uint8 _ [1]byte @@ -236,6 +247,7 @@ type bpf_tpMapSpecs struct { ActiveRecvArgs *ebpf.MapSpec `ebpf:"active_recv_args"` ActiveSendArgs *ebpf.MapSpec `ebpf:"active_send_args"` ActiveSendSockArgs *ebpf.MapSpec `ebpf:"active_send_sock_args"` + ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.MapSpec `ebpf:"active_ssl_write_args"` @@ -287,6 +299,7 @@ type bpf_tpMaps struct { ActiveRecvArgs *ebpf.Map `ebpf:"active_recv_args"` ActiveSendArgs *ebpf.Map `ebpf:"active_send_args"` ActiveSendSockArgs *ebpf.Map `ebpf:"active_send_sock_args"` + ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.Map `ebpf:"active_ssl_write_args"` @@ -321,6 +334,7 @@ func (m *bpf_tpMaps) Close() error { m.ActiveRecvArgs, m.ActiveSendArgs, m.ActiveSendSockArgs, + m.ActiveSslConnections, m.ActiveSslHandshakes, m.ActiveSslReadArgs, m.ActiveSslWriteArgs, diff --git a/pkg/internal/ebpf/httpfltr/bpf_tp_bpfel_arm64.o b/pkg/internal/ebpf/httpfltr/bpf_tp_bpfel_arm64.o index 2d24f7e35..e0cf3e34c 100644 Binary files a/pkg/internal/ebpf/httpfltr/bpf_tp_bpfel_arm64.o and b/pkg/internal/ebpf/httpfltr/bpf_tp_bpfel_arm64.o differ diff --git a/pkg/internal/ebpf/httpfltr/bpf_tp_bpfel_x86.go b/pkg/internal/ebpf/httpfltr/bpf_tp_bpfel_x86.go index 7f73cf426..f0a1beb39 100644 --- a/pkg/internal/ebpf/httpfltr/bpf_tp_bpfel_x86.go +++ b/pkg/internal/ebpf/httpfltr/bpf_tp_bpfel_x86.go @@ -128,6 +128,17 @@ type bpf_tpSslArgsT struct { LenPtr uint64 } +type bpf_tpSslPidConnectionInfoT struct { + Conn bpf_tpPidConnectionInfoT + OrigDport uint16 + _ [2]byte +} + +type bpf_tpSslPidInfoT struct { + Id uint64 + C_tid bpf_tpPidKeyT +} + type bpf_tpTcpReqT struct { Flags uint8 _ [1]byte @@ -236,6 +247,7 @@ type bpf_tpMapSpecs struct { ActiveRecvArgs *ebpf.MapSpec `ebpf:"active_recv_args"` ActiveSendArgs *ebpf.MapSpec `ebpf:"active_send_args"` ActiveSendSockArgs *ebpf.MapSpec `ebpf:"active_send_sock_args"` + ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.MapSpec `ebpf:"active_ssl_write_args"` @@ -287,6 +299,7 @@ type bpf_tpMaps struct { ActiveRecvArgs *ebpf.Map `ebpf:"active_recv_args"` ActiveSendArgs *ebpf.Map `ebpf:"active_send_args"` ActiveSendSockArgs *ebpf.Map `ebpf:"active_send_sock_args"` + ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.Map `ebpf:"active_ssl_write_args"` @@ -321,6 +334,7 @@ func (m *bpf_tpMaps) Close() error { m.ActiveRecvArgs, m.ActiveSendArgs, m.ActiveSendSockArgs, + m.ActiveSslConnections, m.ActiveSslHandshakes, m.ActiveSslReadArgs, m.ActiveSslWriteArgs, diff --git a/pkg/internal/ebpf/httpfltr/bpf_tp_bpfel_x86.o b/pkg/internal/ebpf/httpfltr/bpf_tp_bpfel_x86.o index e3089794f..345b3be1d 100644 Binary files a/pkg/internal/ebpf/httpfltr/bpf_tp_bpfel_x86.o and b/pkg/internal/ebpf/httpfltr/bpf_tp_bpfel_x86.o differ diff --git a/pkg/internal/ebpf/httpfltr/bpf_tp_debug_bpfel_arm64.go b/pkg/internal/ebpf/httpfltr/bpf_tp_debug_bpfel_arm64.go index 4714b91dd..de0133e2b 100644 --- a/pkg/internal/ebpf/httpfltr/bpf_tp_debug_bpfel_arm64.go +++ b/pkg/internal/ebpf/httpfltr/bpf_tp_debug_bpfel_arm64.go @@ -128,6 +128,17 @@ type bpf_tp_debugSslArgsT struct { LenPtr uint64 } +type bpf_tp_debugSslPidConnectionInfoT struct { + Conn bpf_tp_debugPidConnectionInfoT + OrigDport uint16 + _ [2]byte +} + +type bpf_tp_debugSslPidInfoT struct { + Id uint64 + C_tid bpf_tp_debugPidKeyT +} + type bpf_tp_debugTcpReqT struct { Flags uint8 _ [1]byte @@ -236,6 +247,7 @@ type bpf_tp_debugMapSpecs struct { ActiveRecvArgs *ebpf.MapSpec `ebpf:"active_recv_args"` ActiveSendArgs *ebpf.MapSpec `ebpf:"active_send_args"` ActiveSendSockArgs *ebpf.MapSpec `ebpf:"active_send_sock_args"` + ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.MapSpec `ebpf:"active_ssl_write_args"` @@ -287,6 +299,7 @@ type bpf_tp_debugMaps struct { ActiveRecvArgs *ebpf.Map `ebpf:"active_recv_args"` ActiveSendArgs *ebpf.Map `ebpf:"active_send_args"` ActiveSendSockArgs *ebpf.Map `ebpf:"active_send_sock_args"` + ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.Map `ebpf:"active_ssl_write_args"` @@ -321,6 +334,7 @@ func (m *bpf_tp_debugMaps) Close() error { m.ActiveRecvArgs, m.ActiveSendArgs, m.ActiveSendSockArgs, + m.ActiveSslConnections, m.ActiveSslHandshakes, m.ActiveSslReadArgs, m.ActiveSslWriteArgs, diff --git a/pkg/internal/ebpf/httpfltr/bpf_tp_debug_bpfel_arm64.o b/pkg/internal/ebpf/httpfltr/bpf_tp_debug_bpfel_arm64.o index cc6b4a76d..3451f1a08 100644 Binary files a/pkg/internal/ebpf/httpfltr/bpf_tp_debug_bpfel_arm64.o and b/pkg/internal/ebpf/httpfltr/bpf_tp_debug_bpfel_arm64.o differ diff --git a/pkg/internal/ebpf/httpfltr/bpf_tp_debug_bpfel_x86.go b/pkg/internal/ebpf/httpfltr/bpf_tp_debug_bpfel_x86.go index 69309a73c..e7d31fcc0 100644 --- a/pkg/internal/ebpf/httpfltr/bpf_tp_debug_bpfel_x86.go +++ b/pkg/internal/ebpf/httpfltr/bpf_tp_debug_bpfel_x86.go @@ -128,6 +128,17 @@ type bpf_tp_debugSslArgsT struct { LenPtr uint64 } +type bpf_tp_debugSslPidConnectionInfoT struct { + Conn bpf_tp_debugPidConnectionInfoT + OrigDport uint16 + _ [2]byte +} + +type bpf_tp_debugSslPidInfoT struct { + Id uint64 + C_tid bpf_tp_debugPidKeyT +} + type bpf_tp_debugTcpReqT struct { Flags uint8 _ [1]byte @@ -236,6 +247,7 @@ type bpf_tp_debugMapSpecs struct { ActiveRecvArgs *ebpf.MapSpec `ebpf:"active_recv_args"` ActiveSendArgs *ebpf.MapSpec `ebpf:"active_send_args"` ActiveSendSockArgs *ebpf.MapSpec `ebpf:"active_send_sock_args"` + ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.MapSpec `ebpf:"active_ssl_write_args"` @@ -287,6 +299,7 @@ type bpf_tp_debugMaps struct { ActiveRecvArgs *ebpf.Map `ebpf:"active_recv_args"` ActiveSendArgs *ebpf.Map `ebpf:"active_send_args"` ActiveSendSockArgs *ebpf.Map `ebpf:"active_send_sock_args"` + ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.Map `ebpf:"active_ssl_write_args"` @@ -321,6 +334,7 @@ func (m *bpf_tp_debugMaps) Close() error { m.ActiveRecvArgs, m.ActiveSendArgs, m.ActiveSendSockArgs, + m.ActiveSslConnections, m.ActiveSslHandshakes, m.ActiveSslReadArgs, m.ActiveSslWriteArgs, diff --git a/pkg/internal/ebpf/httpfltr/bpf_tp_debug_bpfel_x86.o b/pkg/internal/ebpf/httpfltr/bpf_tp_debug_bpfel_x86.o index 5262801ca..9812ecac8 100644 Binary files a/pkg/internal/ebpf/httpfltr/bpf_tp_debug_bpfel_x86.o and b/pkg/internal/ebpf/httpfltr/bpf_tp_debug_bpfel_x86.o differ diff --git a/pkg/internal/ebpf/httpssl/bpf_bpfel_arm64.go b/pkg/internal/ebpf/httpssl/bpf_bpfel_arm64.go index 0e53768d5..1c74c3e69 100644 --- a/pkg/internal/ebpf/httpssl/bpf_bpfel_arm64.go +++ b/pkg/internal/ebpf/httpssl/bpf_bpfel_arm64.go @@ -106,6 +106,17 @@ type bpfSslArgsT struct { LenPtr uint64 } +type bpfSslPidConnectionInfoT struct { + Conn bpfPidConnectionInfoT + OrigDport uint16 + _ [2]byte +} + +type bpfSslPidInfoT struct { + Id uint64 + C_tid bpfPidKeyT +} + type bpfTcpReqT struct { Flags uint8 _ [1]byte @@ -207,6 +218,7 @@ type bpfProgramSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpfMapSpecs struct { + ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.MapSpec `ebpf:"active_ssl_write_args"` @@ -252,6 +264,7 @@ func (o *bpfObjects) Close() error { // // It can be passed to loadBpfObjects or ebpf.CollectionSpec.LoadAndAssign. type bpfMaps struct { + ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.Map `ebpf:"active_ssl_write_args"` @@ -280,6 +293,7 @@ type bpfMaps struct { func (m *bpfMaps) Close() error { return _BpfClose( + m.ActiveSslConnections, m.ActiveSslHandshakes, m.ActiveSslReadArgs, m.ActiveSslWriteArgs, diff --git a/pkg/internal/ebpf/httpssl/bpf_bpfel_arm64.o b/pkg/internal/ebpf/httpssl/bpf_bpfel_arm64.o index 54a081c0d..61e471d4a 100644 Binary files a/pkg/internal/ebpf/httpssl/bpf_bpfel_arm64.o and b/pkg/internal/ebpf/httpssl/bpf_bpfel_arm64.o differ diff --git a/pkg/internal/ebpf/httpssl/bpf_bpfel_x86.go b/pkg/internal/ebpf/httpssl/bpf_bpfel_x86.go index 441f37e7f..b24e13b10 100644 --- a/pkg/internal/ebpf/httpssl/bpf_bpfel_x86.go +++ b/pkg/internal/ebpf/httpssl/bpf_bpfel_x86.go @@ -106,6 +106,17 @@ type bpfSslArgsT struct { LenPtr uint64 } +type bpfSslPidConnectionInfoT struct { + Conn bpfPidConnectionInfoT + OrigDport uint16 + _ [2]byte +} + +type bpfSslPidInfoT struct { + Id uint64 + C_tid bpfPidKeyT +} + type bpfTcpReqT struct { Flags uint8 _ [1]byte @@ -207,6 +218,7 @@ type bpfProgramSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpfMapSpecs struct { + ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.MapSpec `ebpf:"active_ssl_write_args"` @@ -252,6 +264,7 @@ func (o *bpfObjects) Close() error { // // It can be passed to loadBpfObjects or ebpf.CollectionSpec.LoadAndAssign. type bpfMaps struct { + ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.Map `ebpf:"active_ssl_write_args"` @@ -280,6 +293,7 @@ type bpfMaps struct { func (m *bpfMaps) Close() error { return _BpfClose( + m.ActiveSslConnections, m.ActiveSslHandshakes, m.ActiveSslReadArgs, m.ActiveSslWriteArgs, diff --git a/pkg/internal/ebpf/httpssl/bpf_bpfel_x86.o b/pkg/internal/ebpf/httpssl/bpf_bpfel_x86.o index 9b8976669..afb592b1b 100644 Binary files a/pkg/internal/ebpf/httpssl/bpf_bpfel_x86.o and b/pkg/internal/ebpf/httpssl/bpf_bpfel_x86.o differ diff --git a/pkg/internal/ebpf/httpssl/bpf_debug_bpfel_arm64.go b/pkg/internal/ebpf/httpssl/bpf_debug_bpfel_arm64.go index 208bd8b67..d00c324a7 100644 --- a/pkg/internal/ebpf/httpssl/bpf_debug_bpfel_arm64.go +++ b/pkg/internal/ebpf/httpssl/bpf_debug_bpfel_arm64.go @@ -106,6 +106,17 @@ type bpf_debugSslArgsT struct { LenPtr uint64 } +type bpf_debugSslPidConnectionInfoT struct { + Conn bpf_debugPidConnectionInfoT + OrigDport uint16 + _ [2]byte +} + +type bpf_debugSslPidInfoT struct { + Id uint64 + C_tid bpf_debugPidKeyT +} + type bpf_debugTcpReqT struct { Flags uint8 _ [1]byte @@ -207,6 +218,7 @@ type bpf_debugProgramSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpf_debugMapSpecs struct { + ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.MapSpec `ebpf:"active_ssl_write_args"` @@ -252,6 +264,7 @@ func (o *bpf_debugObjects) Close() error { // // It can be passed to loadBpf_debugObjects or ebpf.CollectionSpec.LoadAndAssign. type bpf_debugMaps struct { + ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.Map `ebpf:"active_ssl_write_args"` @@ -280,6 +293,7 @@ type bpf_debugMaps struct { func (m *bpf_debugMaps) Close() error { return _Bpf_debugClose( + m.ActiveSslConnections, m.ActiveSslHandshakes, m.ActiveSslReadArgs, m.ActiveSslWriteArgs, diff --git a/pkg/internal/ebpf/httpssl/bpf_debug_bpfel_arm64.o b/pkg/internal/ebpf/httpssl/bpf_debug_bpfel_arm64.o index 7d3c134cb..6d9e85606 100644 Binary files a/pkg/internal/ebpf/httpssl/bpf_debug_bpfel_arm64.o and b/pkg/internal/ebpf/httpssl/bpf_debug_bpfel_arm64.o differ diff --git a/pkg/internal/ebpf/httpssl/bpf_debug_bpfel_x86.go b/pkg/internal/ebpf/httpssl/bpf_debug_bpfel_x86.go index e70b76e2b..3286a3e82 100644 --- a/pkg/internal/ebpf/httpssl/bpf_debug_bpfel_x86.go +++ b/pkg/internal/ebpf/httpssl/bpf_debug_bpfel_x86.go @@ -106,6 +106,17 @@ type bpf_debugSslArgsT struct { LenPtr uint64 } +type bpf_debugSslPidConnectionInfoT struct { + Conn bpf_debugPidConnectionInfoT + OrigDport uint16 + _ [2]byte +} + +type bpf_debugSslPidInfoT struct { + Id uint64 + C_tid bpf_debugPidKeyT +} + type bpf_debugTcpReqT struct { Flags uint8 _ [1]byte @@ -207,6 +218,7 @@ type bpf_debugProgramSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpf_debugMapSpecs struct { + ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.MapSpec `ebpf:"active_ssl_write_args"` @@ -252,6 +264,7 @@ func (o *bpf_debugObjects) Close() error { // // It can be passed to loadBpf_debugObjects or ebpf.CollectionSpec.LoadAndAssign. type bpf_debugMaps struct { + ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.Map `ebpf:"active_ssl_write_args"` @@ -280,6 +293,7 @@ type bpf_debugMaps struct { func (m *bpf_debugMaps) Close() error { return _Bpf_debugClose( + m.ActiveSslConnections, m.ActiveSslHandshakes, m.ActiveSslReadArgs, m.ActiveSslWriteArgs, diff --git a/pkg/internal/ebpf/httpssl/bpf_debug_bpfel_x86.o b/pkg/internal/ebpf/httpssl/bpf_debug_bpfel_x86.o index 1dffdaba8..0be8320e4 100644 Binary files a/pkg/internal/ebpf/httpssl/bpf_debug_bpfel_x86.o and b/pkg/internal/ebpf/httpssl/bpf_debug_bpfel_x86.o differ diff --git a/pkg/internal/ebpf/httpssl/bpf_tp_bpfel_arm64.go b/pkg/internal/ebpf/httpssl/bpf_tp_bpfel_arm64.go index 2c4d3d58f..1a2f83326 100644 --- a/pkg/internal/ebpf/httpssl/bpf_tp_bpfel_arm64.go +++ b/pkg/internal/ebpf/httpssl/bpf_tp_bpfel_arm64.go @@ -106,6 +106,17 @@ type bpf_tpSslArgsT struct { LenPtr uint64 } +type bpf_tpSslPidConnectionInfoT struct { + Conn bpf_tpPidConnectionInfoT + OrigDport uint16 + _ [2]byte +} + +type bpf_tpSslPidInfoT struct { + Id uint64 + C_tid bpf_tpPidKeyT +} + type bpf_tpTcpReqT struct { Flags uint8 _ [1]byte @@ -207,6 +218,7 @@ type bpf_tpProgramSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpf_tpMapSpecs struct { + ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.MapSpec `ebpf:"active_ssl_write_args"` @@ -252,6 +264,7 @@ func (o *bpf_tpObjects) Close() error { // // It can be passed to loadBpf_tpObjects or ebpf.CollectionSpec.LoadAndAssign. type bpf_tpMaps struct { + ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.Map `ebpf:"active_ssl_write_args"` @@ -280,6 +293,7 @@ type bpf_tpMaps struct { func (m *bpf_tpMaps) Close() error { return _Bpf_tpClose( + m.ActiveSslConnections, m.ActiveSslHandshakes, m.ActiveSslReadArgs, m.ActiveSslWriteArgs, diff --git a/pkg/internal/ebpf/httpssl/bpf_tp_bpfel_arm64.o b/pkg/internal/ebpf/httpssl/bpf_tp_bpfel_arm64.o index be1e63e0b..9fa1988bd 100644 Binary files a/pkg/internal/ebpf/httpssl/bpf_tp_bpfel_arm64.o and b/pkg/internal/ebpf/httpssl/bpf_tp_bpfel_arm64.o differ diff --git a/pkg/internal/ebpf/httpssl/bpf_tp_bpfel_x86.go b/pkg/internal/ebpf/httpssl/bpf_tp_bpfel_x86.go index ac9938d52..7d0fa9001 100644 --- a/pkg/internal/ebpf/httpssl/bpf_tp_bpfel_x86.go +++ b/pkg/internal/ebpf/httpssl/bpf_tp_bpfel_x86.go @@ -106,6 +106,17 @@ type bpf_tpSslArgsT struct { LenPtr uint64 } +type bpf_tpSslPidConnectionInfoT struct { + Conn bpf_tpPidConnectionInfoT + OrigDport uint16 + _ [2]byte +} + +type bpf_tpSslPidInfoT struct { + Id uint64 + C_tid bpf_tpPidKeyT +} + type bpf_tpTcpReqT struct { Flags uint8 _ [1]byte @@ -207,6 +218,7 @@ type bpf_tpProgramSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpf_tpMapSpecs struct { + ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.MapSpec `ebpf:"active_ssl_write_args"` @@ -252,6 +264,7 @@ func (o *bpf_tpObjects) Close() error { // // It can be passed to loadBpf_tpObjects or ebpf.CollectionSpec.LoadAndAssign. type bpf_tpMaps struct { + ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.Map `ebpf:"active_ssl_write_args"` @@ -280,6 +293,7 @@ type bpf_tpMaps struct { func (m *bpf_tpMaps) Close() error { return _Bpf_tpClose( + m.ActiveSslConnections, m.ActiveSslHandshakes, m.ActiveSslReadArgs, m.ActiveSslWriteArgs, diff --git a/pkg/internal/ebpf/httpssl/bpf_tp_bpfel_x86.o b/pkg/internal/ebpf/httpssl/bpf_tp_bpfel_x86.o index 596a462f0..c44858b14 100644 Binary files a/pkg/internal/ebpf/httpssl/bpf_tp_bpfel_x86.o and b/pkg/internal/ebpf/httpssl/bpf_tp_bpfel_x86.o differ diff --git a/pkg/internal/ebpf/httpssl/bpf_tp_debug_bpfel_arm64.go b/pkg/internal/ebpf/httpssl/bpf_tp_debug_bpfel_arm64.go index ddf5126e1..eac1f2003 100644 --- a/pkg/internal/ebpf/httpssl/bpf_tp_debug_bpfel_arm64.go +++ b/pkg/internal/ebpf/httpssl/bpf_tp_debug_bpfel_arm64.go @@ -106,6 +106,17 @@ type bpf_tp_debugSslArgsT struct { LenPtr uint64 } +type bpf_tp_debugSslPidConnectionInfoT struct { + Conn bpf_tp_debugPidConnectionInfoT + OrigDport uint16 + _ [2]byte +} + +type bpf_tp_debugSslPidInfoT struct { + Id uint64 + C_tid bpf_tp_debugPidKeyT +} + type bpf_tp_debugTcpReqT struct { Flags uint8 _ [1]byte @@ -207,6 +218,7 @@ type bpf_tp_debugProgramSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpf_tp_debugMapSpecs struct { + ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.MapSpec `ebpf:"active_ssl_write_args"` @@ -252,6 +264,7 @@ func (o *bpf_tp_debugObjects) Close() error { // // It can be passed to loadBpf_tp_debugObjects or ebpf.CollectionSpec.LoadAndAssign. type bpf_tp_debugMaps struct { + ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.Map `ebpf:"active_ssl_write_args"` @@ -280,6 +293,7 @@ type bpf_tp_debugMaps struct { func (m *bpf_tp_debugMaps) Close() error { return _Bpf_tp_debugClose( + m.ActiveSslConnections, m.ActiveSslHandshakes, m.ActiveSslReadArgs, m.ActiveSslWriteArgs, diff --git a/pkg/internal/ebpf/httpssl/bpf_tp_debug_bpfel_arm64.o b/pkg/internal/ebpf/httpssl/bpf_tp_debug_bpfel_arm64.o index 6af224e9d..f2fa29927 100644 Binary files a/pkg/internal/ebpf/httpssl/bpf_tp_debug_bpfel_arm64.o and b/pkg/internal/ebpf/httpssl/bpf_tp_debug_bpfel_arm64.o differ diff --git a/pkg/internal/ebpf/httpssl/bpf_tp_debug_bpfel_x86.go b/pkg/internal/ebpf/httpssl/bpf_tp_debug_bpfel_x86.go index 22bf69131..f97a16d25 100644 --- a/pkg/internal/ebpf/httpssl/bpf_tp_debug_bpfel_x86.go +++ b/pkg/internal/ebpf/httpssl/bpf_tp_debug_bpfel_x86.go @@ -106,6 +106,17 @@ type bpf_tp_debugSslArgsT struct { LenPtr uint64 } +type bpf_tp_debugSslPidConnectionInfoT struct { + Conn bpf_tp_debugPidConnectionInfoT + OrigDport uint16 + _ [2]byte +} + +type bpf_tp_debugSslPidInfoT struct { + Id uint64 + C_tid bpf_tp_debugPidKeyT +} + type bpf_tp_debugTcpReqT struct { Flags uint8 _ [1]byte @@ -207,6 +218,7 @@ type bpf_tp_debugProgramSpecs struct { // // It can be passed ebpf.CollectionSpec.Assign. type bpf_tp_debugMapSpecs struct { + ActiveSslConnections *ebpf.MapSpec `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.MapSpec `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.MapSpec `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.MapSpec `ebpf:"active_ssl_write_args"` @@ -252,6 +264,7 @@ func (o *bpf_tp_debugObjects) Close() error { // // It can be passed to loadBpf_tp_debugObjects or ebpf.CollectionSpec.LoadAndAssign. type bpf_tp_debugMaps struct { + ActiveSslConnections *ebpf.Map `ebpf:"active_ssl_connections"` ActiveSslHandshakes *ebpf.Map `ebpf:"active_ssl_handshakes"` ActiveSslReadArgs *ebpf.Map `ebpf:"active_ssl_read_args"` ActiveSslWriteArgs *ebpf.Map `ebpf:"active_ssl_write_args"` @@ -280,6 +293,7 @@ type bpf_tp_debugMaps struct { func (m *bpf_tp_debugMaps) Close() error { return _Bpf_tp_debugClose( + m.ActiveSslConnections, m.ActiveSslHandshakes, m.ActiveSslReadArgs, m.ActiveSslWriteArgs, diff --git a/pkg/internal/ebpf/httpssl/bpf_tp_debug_bpfel_x86.o b/pkg/internal/ebpf/httpssl/bpf_tp_debug_bpfel_x86.o index c6990ef53..40ab392eb 100644 Binary files a/pkg/internal/ebpf/httpssl/bpf_tp_debug_bpfel_x86.o and b/pkg/internal/ebpf/httpssl/bpf_tp_debug_bpfel_x86.o differ diff --git a/pkg/internal/ebpf/nethttp/bpf_bpfel_arm64.o b/pkg/internal/ebpf/nethttp/bpf_bpfel_arm64.o index 1fd3ea76d..723040ce5 100644 Binary files a/pkg/internal/ebpf/nethttp/bpf_bpfel_arm64.o and b/pkg/internal/ebpf/nethttp/bpf_bpfel_arm64.o differ diff --git a/pkg/internal/ebpf/nethttp/bpf_bpfel_x86.o b/pkg/internal/ebpf/nethttp/bpf_bpfel_x86.o index 3497625bc..1849c2a82 100644 Binary files a/pkg/internal/ebpf/nethttp/bpf_bpfel_x86.o and b/pkg/internal/ebpf/nethttp/bpf_bpfel_x86.o differ diff --git a/pkg/internal/ebpf/nethttp/bpf_debug_bpfel_arm64.o b/pkg/internal/ebpf/nethttp/bpf_debug_bpfel_arm64.o index 1140ee9fa..97bf36a47 100644 Binary files a/pkg/internal/ebpf/nethttp/bpf_debug_bpfel_arm64.o and b/pkg/internal/ebpf/nethttp/bpf_debug_bpfel_arm64.o differ diff --git a/pkg/internal/ebpf/nethttp/bpf_debug_bpfel_x86.o b/pkg/internal/ebpf/nethttp/bpf_debug_bpfel_x86.o index aa2becbaf..e1e80be5c 100644 Binary files a/pkg/internal/ebpf/nethttp/bpf_debug_bpfel_x86.o and b/pkg/internal/ebpf/nethttp/bpf_debug_bpfel_x86.o differ diff --git a/pkg/internal/ebpf/nethttp/bpf_tp_bpfel_arm64.o b/pkg/internal/ebpf/nethttp/bpf_tp_bpfel_arm64.o index 4ac1fff69..596741acf 100644 Binary files a/pkg/internal/ebpf/nethttp/bpf_tp_bpfel_arm64.o and b/pkg/internal/ebpf/nethttp/bpf_tp_bpfel_arm64.o differ diff --git a/pkg/internal/ebpf/nethttp/bpf_tp_bpfel_x86.o b/pkg/internal/ebpf/nethttp/bpf_tp_bpfel_x86.o index 1062b4013..016359fa1 100644 Binary files a/pkg/internal/ebpf/nethttp/bpf_tp_bpfel_x86.o and b/pkg/internal/ebpf/nethttp/bpf_tp_bpfel_x86.o differ diff --git a/pkg/internal/ebpf/nethttp/bpf_tp_debug_bpfel_arm64.o b/pkg/internal/ebpf/nethttp/bpf_tp_debug_bpfel_arm64.o index 903d45907..71bced5d5 100644 Binary files a/pkg/internal/ebpf/nethttp/bpf_tp_debug_bpfel_arm64.o and b/pkg/internal/ebpf/nethttp/bpf_tp_debug_bpfel_arm64.o differ diff --git a/pkg/internal/ebpf/nethttp/bpf_tp_debug_bpfel_x86.o b/pkg/internal/ebpf/nethttp/bpf_tp_debug_bpfel_x86.o index a6e297c35..180afbbe5 100644 Binary files a/pkg/internal/ebpf/nethttp/bpf_tp_debug_bpfel_x86.o and b/pkg/internal/ebpf/nethttp/bpf_tp_debug_bpfel_x86.o differ diff --git a/pkg/internal/export/debug/debug.go b/pkg/internal/export/debug/debug.go index df99d72c9..a2483f76e 100644 --- a/pkg/internal/export/debug/debug.go +++ b/pkg/internal/export/debug/debug.go @@ -30,7 +30,7 @@ func printFunc() (pipe.FinalFunc[[]request.Span], error) { for spans := range input { for i := range spans { t := spans[i].Timings() - fmt.Printf("%s (%s[%s]) %s %v %s %s [%s]->[%s:%d] size:%dB svc=[%s %s] traceparent=[%s]\n", + fmt.Printf("%s (%s[%s]) %s %v %s %s [%s:%d]->[%s:%d] size:%dB svc=[%s %s] traceparent=[%s]\n", t.Start.Format("2006-01-02 15:04:05.12345"), t.End.Sub(t.RequestStart), t.End.Sub(t.Start), @@ -39,6 +39,7 @@ func printFunc() (pipe.FinalFunc[[]request.Span], error) { spans[i].Method, spans[i].Path, spans[i].Peer+" as "+spans[i].PeerName, + spans[i].PeerPort, spans[i].Host+" as "+spans[i].HostName, spans[i].HostPort, spans[i].ContentLength, diff --git a/pkg/internal/pipe/instrumenter_test.go b/pkg/internal/pipe/instrumenter_test.go index 304a38d4a..b0d020931 100644 --- a/pkg/internal/pipe/instrumenter_test.go +++ b/pkg/internal/pipe/instrumenter_test.go @@ -70,7 +70,7 @@ func TestBasicPipeline(t *testing.T) { // Override eBPF tracer to send some fake data pipe.AddStart(gb.builder, tracesReader, func(out chan<- []request.Span) { - out <- newRequest("foo-svc", 1, "GET", "/foo/bar", "1.1.1.1:3456", 404) + out <- newRequest("foo-svc", "GET", "/foo/bar", "1.1.1.1:3456", 404) // closing prematurely the input node would finish the whole graph processing // and OTEL exporters could be closed, so we wait. time.Sleep(testTimeout) @@ -121,7 +121,7 @@ func TestTracerPipeline(t *testing.T) { // Override eBPF tracer to send some fake data pipe.AddStart(gb.builder, tracesReader, func(out chan<- []request.Span) { - out <- newRequest("bar-svc", 1, "GET", "/foo/bar", "1.1.1.1:3456", 404) + out <- newRequest("bar-svc", "GET", "/foo/bar", "1.1.1.1:3456", 404) // closing prematurely the input node would finish the whole graph processing // and OTEL exporters could be closed, so we wait. time.Sleep(testTimeout) @@ -156,7 +156,7 @@ func TestTracerReceiverPipeline(t *testing.T) { // Override eBPF tracer to send some fake data pipe.AddStart(gb.builder, tracesReader, func(out chan<- []request.Span) { - out <- newRequest("bar-svc", 1, "GET", "/foo/bar", "1.1.1.1:3456", 404) + out <- newRequest("bar-svc", "GET", "/foo/bar", "1.1.1.1:3456", 404) // closing prematurely the input node would finish the whole graph processing // and OTEL exporters could be closed, so we wait. time.Sleep(testTimeout) @@ -191,7 +191,7 @@ func BenchmarkTestTracerPipeline(b *testing.B) { // Override eBPF tracer to send some fake data pipe.AddStart(gb.builder, tracesReader, func(out chan<- []request.Span) { - out <- newRequest("bar-svc", 1, "GET", "/foo/bar", "1.1.1.1:3456", 404) + out <- newRequest("bar-svc", "GET", "/foo/bar", "1.1.1.1:3456", 404) // closing prematurely the input node would finish the whole graph processing // and OTEL exporters could be closed, so we wait. time.Sleep(testTimeout) @@ -223,7 +223,7 @@ func TestTracerPipelineBadTimestamps(t *testing.T) { // Override eBPF tracer to send some fake data pipe.AddStart(gb.builder, tracesReader, func(out chan<- []request.Span) { - out <- newRequestWithTiming("svc1", 1, request.EventTypeHTTP, "GET", "/attach", "2.2.2.2:1234", 200, 60000, 59999, 70000) + out <- newRequestWithTiming("svc1", request.EventTypeHTTP, "GET", "/attach", "2.2.2.2:1234", 200, 60000, 59999, 70000) // closing prematurely the input node would finish the whole graph processing // and OTEL exporters could be closed, so we wait. time.Sleep(testTimeout) @@ -256,9 +256,9 @@ func TestRouteConsolidation(t *testing.T) { // Override eBPF tracer to send some fake data pipe.AddStart(gb.builder, tracesReader, func(out chan<- []request.Span) { - out <- newRequest("svc-1", 1, "GET", "/user/1234", "1.1.1.1:3456", 200) - out <- newRequest("svc-1", 2, "GET", "/products/3210/push", "1.1.1.1:3456", 200) - out <- newRequest("svc-1", 3, "GET", "/attach", "1.1.1.1:3456", 200) + out <- newRequest("svc-1", "GET", "/user/1234", "1.1.1.1:3456", 200) + out <- newRequest("svc-1", "GET", "/products/3210/push", "1.1.1.1:3456", 200) + out <- newRequest("svc-1", "GET", "/attach", "1.1.1.1:3456", 200) // closing prematurely the input node would finish the whole graph processing // and OTEL exporters could be closed, so we wait. time.Sleep(testTimeout) @@ -348,7 +348,7 @@ func TestGRPCPipeline(t *testing.T) { // Override eBPF tracer to send some fake data pipe.AddStart(gb.builder, tracesReader, func(out chan<- []request.Span) { - out <- newGRPCRequest("grpc-svc", 1, "/foo/bar", 3) + out <- newGRPCRequest("grpc-svc", "/foo/bar", 3) // closing prematurely the input node would finish the whole graph processing // and OTEL exporters could be closed, so we wait. time.Sleep(testTimeout) @@ -396,7 +396,7 @@ func TestTraceGRPCPipeline(t *testing.T) { // Override eBPF tracer to send some fake data pipe.AddStart(gb.builder, tracesReader, func(out chan<- []request.Span) { - out <- newGRPCRequest("svc", 1, "foo.bar", 3) + out <- newGRPCRequest("svc", "foo.bar", 3) // closing prematurely the input node would finish the whole graph processing // and OTEL exporters could be closed, so we wait. time.Sleep(testTimeout) @@ -505,10 +505,10 @@ func TestSpanAttributeFilterNode(t *testing.T) { // Override eBPF tracer to send some fake data pipe.AddStart(gb.builder, tracesReader, func(out chan<- []request.Span) { - out <- newRequest("svc-0", 0, "GET", "/products/3210/push", "1.1.1.1:3456", 200) - out <- newRequest("svc-1", 1, "GET", "/user/1234", "1.1.1.1:3456", 201) - out <- newRequest("svc-2", 2, "GET", "/products/3210/push", "1.1.1.1:3456", 202) - out <- newRequest("svc-3", 3, "GET", "/user/4321", "1.1.1.1:3456", 203) + out <- newRequest("svc-0", "GET", "/products/3210/push", "1.1.1.1:3456", 200) + out <- newRequest("svc-1", "GET", "/user/1234", "1.1.1.1:3456", 201) + out <- newRequest("svc-2", "GET", "/products/3210/push", "1.1.1.1:3456", 202) + out <- newRequest("svc-3", "GET", "/user/4321", "1.1.1.1:3456", 203) // closing prematurely the input node would finish the whole graph processing // and OTEL exporters could be closed, so we wait. time.Sleep(testTimeout) @@ -545,7 +545,7 @@ func TestSpanAttributeFilterNode(t *testing.T) { }, events) } -func newRequest(serviceName string, id uint64, method, path, peer string, status int) []request.Span { +func newRequest(serviceName string, method, path, peer string, status int) []request.Span { return []request.Span{{ Path: path, Method: method, @@ -554,7 +554,6 @@ func newRequest(serviceName string, id uint64, method, path, peer string, status HostPort: 8080, Status: status, Type: request.EventTypeHTTP, - ID: id, Start: 2, RequestStart: 1, End: 3, @@ -562,7 +561,7 @@ func newRequest(serviceName string, id uint64, method, path, peer string, status }} } -func newRequestWithTiming(svcName string, id uint64, kind request.EventType, method, path, peer string, status int, goStart, start, end uint64) []request.Span { +func newRequestWithTiming(svcName string, kind request.EventType, method, path, peer string, status int, goStart, start, end uint64) []request.Span { return []request.Span{{ Path: path, Method: method, @@ -571,7 +570,6 @@ func newRequestWithTiming(svcName string, id uint64, kind request.EventType, met HostPort: 8080, Type: kind, Status: status, - ID: id, RequestStart: int64(goStart), Start: int64(start), End: int64(end), @@ -579,7 +577,7 @@ func newRequestWithTiming(svcName string, id uint64, kind request.EventType, met }} } -func newGRPCRequest(svcName string, id uint64, path string, status int) []request.Span { +func newGRPCRequest(svcName string, path string, status int) []request.Span { return []request.Span{{ Path: path, Peer: "1.1.1.1", @@ -587,7 +585,6 @@ func newGRPCRequest(svcName string, id uint64, path string, status int) []reques HostPort: 8080, Status: status, Type: request.EventTypeGRPC, - ID: id, Start: 2, RequestStart: 1, End: 3, diff --git a/pkg/internal/request/span.go b/pkg/internal/request/span.go index 8f77c650b..6dc9e0a37 100644 --- a/pkg/internal/request/span.go +++ b/pkg/internal/request/span.go @@ -63,11 +63,11 @@ type PidInfo struct { type Span struct { Type EventType IgnoreSpan IgnoreMode - ID uint64 Method string Path string Route string Peer string + PeerPort int Host string HostPort int Status int diff --git a/test/integration/components/elixir/.formatter.exs b/test/integration/components/elixir/.formatter.exs new file mode 100644 index 000000000..d2cda26ed --- /dev/null +++ b/test/integration/components/elixir/.formatter.exs @@ -0,0 +1,4 @@ +# Used by "mix format" +[ + inputs: ["{mix,.formatter}.exs", "{config,lib,test}/**/*.{ex,exs}"] +] diff --git a/test/integration/components/elixir/Dockerfile b/test/integration/components/elixir/Dockerfile new file mode 100644 index 000000000..33420c9b9 --- /dev/null +++ b/test/integration/components/elixir/Dockerfile @@ -0,0 +1,16 @@ +## Adopted from https://github.com/wbotelhos/how-to-create-a-http-server-with-elixir + +FROM elixir:1.17.0-slim + +WORKDIR /app + +# Copy the source code into the image for building +COPY test/integration/components/elixir . + +# Install dependencies +RUN mix do deps.get, compile + +EXPOSE 4000 + +# Run the node app +CMD [ "mix", "run", "--no-halt" ] diff --git a/test/integration/components/elixir/lib/http_server.ex b/test/integration/components/elixir/lib/http_server.ex new file mode 100644 index 000000000..b0efce669 --- /dev/null +++ b/test/integration/components/elixir/lib/http_server.ex @@ -0,0 +1,66 @@ +defmodule HttpServer do + use Application + + def start(_type, _args) do + {:ok, listen_socket} = :gen_tcp.listen(4000, [:binary, packet: :raw, active: false, reuseaddr: true]) + + IO.puts("[#{inspect(self())}] Server running on #{4000}...\n") + + accept_connection(listen_socket) + end + + def accept_connection(listen_socket) do + IO.puts("[#{inspect(self())}] Waiting for connection...\n") + + {:ok, client_socket} = :gen_tcp.accept(listen_socket) + + IO.puts("[#{inspect(self())}] Connection accepted!\n") + + pid = spawn(fn -> process_request(client_socket) end) + + IO.puts("Processing at PID: #{inspect(pid)}\n") + + :ok = :gen_tcp.controlling_process(client_socket, pid) + + accept_connection(listen_socket) + end + + def process_request(client_socket) do + IO.puts("[#{inspect(self())}] Processing request...\n") + + client_socket + |> read_request + |> create_response() + |> write_response(client_socket) + end + + def create_response(request) do + if String.match?(request, ~r{GET /error}) do + raise(request) + end + + body = "Hello HTTP Server!" + + """ + HTTP/1.1 200 OK\r + Content-Type: text/html\r + Content-Length: #{byte_size(body)}\r + \r + #{body} + """ + end + + def read_request(client_socket) do + {:ok, request} = :gen_tcp.recv(client_socket, 0) + + request + end + + def write_response(response, client_socket) do + :ok = :gen_tcp.send(client_socket, response) + + IO.puts("[#{inspect(self())}] Response:\n\n#{response}\n") + + :gen_tcp.close(client_socket) + end +end diff --git a/test/integration/components/elixir/mix.exs b/test/integration/components/elixir/mix.exs new file mode 100644 index 000000000..5b616b5da --- /dev/null +++ b/test/integration/components/elixir/mix.exs @@ -0,0 +1,29 @@ +defmodule HowToCreateAHttpServerWithElixir.MixProject do + use Mix.Project + + def project do + [ + app: :how_to_create_a_http_server_with_elixir, + version: "0.1.0", + elixir: "~> 1.15", + start_permanent: Mix.env() == :prod, + deps: deps() + ] + end + + # Run "mix help compile.app" to learn about applications. + def application do + [ + extra_applications: [:logger], + mod: {HttpServer, []} + ] + end + + # Run "mix help deps" to learn about dependencies. + defp deps do + [ + # {:dep_from_hexpm, "~> 0.3.0"}, + # {:dep_from_git, git: "https://github.com/elixir-lang/my_dep.git", tag: "0.1.0"} + ] + end +end diff --git a/test/integration/components/nodejsserver/app_tls.js b/test/integration/components/nodejsserver/app_tls.js index 7f0d61299..620e2f7e7 100644 --- a/test/integration/components/nodejsserver/app_tls.js +++ b/test/integration/components/nodejsserver/app_tls.js @@ -20,7 +20,7 @@ app.get("/smoke", (req, res, next) => { }); app.get("/traceme", (req, res, next) => { - https.get('https://pytestserverssl:8380/tracemetoo', {rejectUnauthorized: false}, (r) => { + https.get('https://localhost:8380/tracemetoo', {rejectUnauthorized: false}, (r) => { if (r.statusCode !== 200) { console.error(`Did not get an OK from the server. Code: ${r.statusCode}`); res.sendStatus(500)