[eBPF] Fix container id acquisition failure (#4495)

Co-authored-by: XIANG Yang <[email protected]>

agent/src/ebpf/test/Makefile

@@ -24,7 +24,7 @@ ARCH ?= $(shell uname -m)
 CC ?= gcc
 CFLAGS ?= -std=gnu99 --static -g -O2 -ffunction-sections -fdata-sections -fPIC -fno-omit-frame-pointer -Wall -Wno-sign-compare -Wno-unused-parameter -Wno-missing-field-initializers
 
-EXECS := test_symbol test_offset test_insns_cnt test_bihash test_vec
+EXECS := test_symbol test_offset test_insns_cnt test_bihash test_vec test_fetch_container_id
 ifeq ($(ARCH), x86_64)
 #-lbcc -lstdc++
         LDLIBS += ../libtrace.a -ljattach -lbcc_bpf -lGoReSym -lbddisasm -ldwarf -lelf -lz -lpthread -lbcc -lstdc++ -ldl

agent/src/ebpf/test/test_fetch_container_id.c

@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2022 Yunshan Networks
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "../user/common.h"
+#include "../user/mem.h"
+#include "../user/log.h"
+#include "../user/types.h"
+
+static const char *cgroup_str_0 =
+    "8:cpuset:/docker/3386444dafd452389a80af5e5c1dc92fda06e4064770d945ea0eb3d242642bcc";
+static const char *cgroup_str_1 =
+    "6:pids:/kubepods.slice/kubepods-besteffort.slice/kubepods-besteffort-pod55263d4e_9ca4_4f08_ac8e_5df9de111281.slice/cri-containerd-de8109b1bb55c08b50a9d4d3c17cffe3fc7b85b1c25b0b41dbe45e1d386bc6ba.scope";
+static const char *cgroup_str_2 =
+    "10:pids:/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-pod804d9406_ab49_4e7c_a7f1_bfddfb186df2.clice/docker-3386444dafd452389a80af5e5c1dc92fda06e4064770d945ea0eb3d242642aaa.scope";
+static const char *cgroup_str_3 =
+    "5:devices:/kubepods/burstable/pod599a0779-5f40-4779-9d11-82ecce3e6662/3386444dafd452389a80af5e5c1dc92fda06e4064770d945ea0eb3d242642bbb";
+static const char *cgroup_str_err =
+    "6:devices:/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxsystem.slice/containerd.service";
+
+static int test_cgr_str(const char *cgr_str)
+{
+	char c_id[65];
+	char test_str[2048];
+	memset(test_str, 0, sizeof(test_str));
+	memcpy(test_str, cgr_str, strlen(cgr_str));
+	if (fetch_container_id_from_str(test_str, c_id, sizeof(c_id)))
+		return -1;
+	if (!(strlen(c_id) == 64 && strstr(test_str, c_id)))
+		return -1;
+	printf("\nsource : %s \n fetch : %s\n", cgr_str, c_id);
+	return 0;
+}
+
+int main(void)
+{
+	int ret;
+	ret = test_cgr_str(cgroup_str_0);
+	if (ret != 0)
+		return ret;
+	ret = test_cgr_str(cgroup_str_1);
+	if (ret != 0)
+		return ret;
+	ret = test_cgr_str(cgroup_str_2);
+	if (ret != 0)
+		return ret;
+	ret = test_cgr_str(cgroup_str_3);
+	if (ret != 0)
+		return ret;
+	ret = test_cgr_str(cgroup_str_err);
+	if (ret == 0)
+		return -1;
+
+	return 0;
+}

agent/src/ebpf/user/common.c

@@ -43,6 +43,8 @@
 #include "log.h"
 #include "string.h"
 
+#define MAXLINE 1024
+
 static u64 g_sys_btime_msecs;
 
 bool is_core_kernel(void)
@@ -164,7 +166,6 @@ uint32_t get_sys_uptime(void)
 static void exec_clear_residual_probes(const char *events_file,
 				       const char *type_name)
 {
-#define MAXLINE 1024
 	struct probe_elem {
 		struct list_head list;
 		char event[MAXLINE];
@@ -979,50 +980,60 @@ int exec_command(const char *cmd, const char *args)
 	return -1;
 }
 
-int fetch_container_id(pid_t pid, char *id, int copy_bytes)
+int fetch_container_id_from_str(char *buff, char *id, int copy_bytes)
 {
-	static const int scope_len = 5;
 	static const int cid_len = 64;
-	char file[PATH_MAX], buff[4096];
-	int fd;
-	memset(buff, 0, sizeof(buff));
-	snprintf(file, sizeof(file), "/proc/%d/cgroup", pid);
-	if (access(file, F_OK))
+	char *p;
+
+	if ((p = strstr(buff, ".scope")))
+		*p = '\0';
+	else
+		p = buff + strlen(buff);
+
+	if (strlen(buff) < cid_len)
 		return -1;
 
-	fd = open(file, O_RDONLY);
-	if (fd <= 2)
+	p -= cid_len;
+
+	if (strchr(p, '.') || strchr(p, '-') || strchr(p, '/'))
 		return -1;
 
-	read(fd, buff, sizeof(buff));
-	close(fd);
+	if (strlen(p) != cid_len)
+		return -1;
 
-	char *p;
-	if ((p = strchr(buff, '\n')) == NULL)
+	memset(id, 0, copy_bytes);
+	memcpy_s_inline((void *)id, copy_bytes, (void *)p, cid_len);
+
+	return 0;
+}
+
+int fetch_container_id(pid_t pid, char *id, int copy_bytes)
+{
+	char file[PATH_MAX], buff[MAXLINE];
+	memset(buff, 0, sizeof(buff));
+	snprintf(file, sizeof(file), "/proc/%d/cgroup", pid);
+	if (access(file, F_OK))
 		return -1;
 
-	*p = '\0';
-	if (strlen(buff) < (scope_len + 1 + cid_len)) {
+	FILE *fp;
+	char *lf;
+	if ((fp = fopen(file, "r")) == NULL) {
 		return -1;
 	}
 
-	if ((p = strstr(buff, ".scope"))) {
-		*p = '\0';
-		p = strstr(buff, "containerd-");
-		if (p == NULL)
-			return -1;
-		p += strlen("containerd-");
-		goto done;
+	while ((fgets(buff, sizeof(buff), fp)) != NULL) {
+		if ((lf = strchr(buff, '\n')))
+			*lf = '\0';
+		// includes "pids" | "cpuset" | "devices" | "memory" | "cpu"
+		if (strstr(buff, "pids") || strstr(buff, "cpuset")
+		    || strstr(buff, "devices") || strstr(buff, "memory")
+		    || strstr(buff, "cpu")) {
+			break;
+		}
 
-	} else if ((p = strstr(buff, "/docker/"))) {
-		p += strlen("/docker/");
-		goto done;
 	}
 
-	return -1;
-done:
-	if (strlen(p) != cid_len)
-		return -1;
-	memcpy_s_inline((void *)id, copy_bytes, (void *)p, cid_len);
-	return 0;
+	fclose(fp);
+
+	return fetch_container_id_from_str(buff, id, copy_bytes);
 }

agent/src/ebpf/user/common.h

@@ -276,5 +276,6 @@ void df_exit_ns(int fd);
 int gen_file_from_mem(const char *mem_ptr, int write_bytes, const char *path);
 int exec_command(const char *cmd, const char *args);
 u64 current_sys_time_secs(void);
+int fetch_container_id_from_str(char *buff, char *id, int copy_bytes);
 int fetch_container_id(pid_t pid, char *id, int copy_bytes);
 #endif /* DF_COMMON_H */