From 29ea4a84ec8efbd856289b6f07c3f5805a2eb127 Mon Sep 17 00:00:00 2001 From: Jiping Yin Date: Mon, 16 Oct 2023 21:50:56 +0800 Subject: [PATCH 1/2] [eBPF] Support debian 10.6 - 4.19.0-25-amd64 (#4483) --- agent/src/ebpf/kernel/include/task_struct_utils.h | 13 +++++++------ agent/src/ebpf/user/common.c | 9 +++++++++ 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/agent/src/ebpf/kernel/include/task_struct_utils.h b/agent/src/ebpf/kernel/include/task_struct_utils.h index 82721c366c3..a411edb29c4 100644 --- a/agent/src/ebpf/kernel/include/task_struct_utils.h +++ b/agent/src/ebpf/kernel/include/task_struct_utils.h @@ -127,10 +127,9 @@ static __inline void *infer_and_get_socket_from_fd(int fd_num, // TAG: STRUCT_TASK_FILES_OFFSET // 成员 files 在 struct task_struct 中的偏移量 - // 0xd08 for kernel-devel-4.19.91-26.6.al7 +#ifdef LINUX_VER_5_2_PLUS // 0xa48 for 5.10.0-60.18.0.50.h322_1.hce2.aarch64 // 0xc60 for 5.10.0-106.18.0.68.oe2209.x86_64 -#ifdef LINUX_VER_5_2_PLUS int files_offset_array[] = { 0x790, 0xa80, 0xa88, 0xa90, 0xa98, 0xaa0, 0xaa8, 0xab0, 0xab8, 0xac0, 0xac8, 0xad0, 0xad8, 0xae0, 0xae8, 0xaf0, 0xaf8, 0xb00, 0xb08, 0xb10, @@ -140,12 +139,14 @@ static __inline void *infer_and_get_socket_from_fd(int fd_num, 0xcc8, 0xa48, 0xc60 }; #else + // 0xd08 for kernel-devel-4.19.91-26.6.al7 // 0x740 for 4.19.113-300.el7.x86_64 + // 0x6c0 for 4.19.0-25-amd64 #1 SMP Debian 4.19.289-2 (2023-08-08) int files_offset_array[] = { - 0x790, 0xa80, 0xa88, 0xa90, 0xa98, 0xaa0, 0xaa8, 0xab0, 0xab8, 0xac0, - 0xac8, 0xad0, 0xad8, 0xae0, 0xae8, 0xaf0, 0xaf8, 0xb00, 0xb08, 0xb10, - 0xb18, 0xb20, 0xb28, 0xb48, 0xb50, 0xb58, 0xb60, 0xb68, 0xb70, 0xb78, - 0xb80, 0xb88, 0xb90, 0xb98, 0xba0, 0x740, 0xbb8, 0xbc0, 0xbc8, 0xbd0, + 0x6c0, 0x790, 0xa80, 0xa88, 0xa90, 0xa98, 0xaa0, 0xaa8, 0xab0, 0xab8, + 0xac0, 0xac8, 0xad0, 0xad8, 0xae0, 0xae8, 0xaf0, 0xaf8, 0xb00, 0xb08, + 0xb10, 0xb18, 0xb20, 0xb28, 0xb48, 0xb50, 0xb58, 0xb60, 0xb68, 0xb70, + 0xb78, 0xb88, 0xb90, 0xb98, 0xba0, 0x740, 0xbb8, 0xbc0, 0xbc8, 0xbd0, 0xbd8, 0xbe0, 0xbe8, 0xbf0, 0xbf8, 0xc00, 0xc08, 0xc10, 0xcc8, 0xd08, }; #endif diff --git a/agent/src/ebpf/user/common.c b/agent/src/ebpf/user/common.c index ee7fbe266aa..678740bbf2a 100644 --- a/agent/src/ebpf/user/common.c +++ b/agent/src/ebpf/user/common.c @@ -523,6 +523,15 @@ int fetch_kernel_version(int *major, int *minor, int *patch) if (sscanf(sys_info.release, "%u.%u.%u", major, minor, patch) != 3) return ETR_INVAL; + // Get the real version of Debian + //#1 SMP Debian 4.19.289-2 (2023-08-08) + if (strstr(sys_info.version, "Debian")) { + int num; + if (sscanf(sys_info.version, "%*s %*s %*s %u.%u.%u-%u %*s", + major, minor, patch, &num) != 4) + return ETR_INVAL; + } + return ETR_OK; } From 6f5bf8b58721bee627c90813242530a8b1119c34 Mon Sep 17 00:00:00 2001 From: Jiping Yin Date: Tue, 17 Oct 2023 00:53:19 +0800 Subject: [PATCH 2/2] [eBPF] Fix container id acquisition failure (#4495) Co-authored-by: XIANG Yang --- agent/src/ebpf/test/Makefile | 2 +- agent/src/ebpf/test/test_fetch_container_id.c | 67 +++++++++++++++++ agent/src/ebpf/user/common.c | 75 +++++++++++-------- agent/src/ebpf/user/common.h | 1 + 4 files changed, 112 insertions(+), 33 deletions(-) create mode 100644 agent/src/ebpf/test/test_fetch_container_id.c diff --git a/agent/src/ebpf/test/Makefile b/agent/src/ebpf/test/Makefile index 26694943f12..7ac379a856d 100644 --- a/agent/src/ebpf/test/Makefile +++ b/agent/src/ebpf/test/Makefile @@ -24,7 +24,7 @@ ARCH ?= $(shell uname -m) CC ?= gcc CFLAGS ?= -std=gnu99 --static -g -O2 -ffunction-sections -fdata-sections -fPIC -fno-omit-frame-pointer -Wall -Wno-sign-compare -Wno-unused-parameter -Wno-missing-field-initializers -EXECS := test_symbol test_offset test_insns_cnt test_bihash test_vec +EXECS := test_symbol test_offset test_insns_cnt test_bihash test_vec test_fetch_container_id ifeq ($(ARCH), x86_64) #-lbcc -lstdc++ LDLIBS += ../libtrace.a -ljattach -lbcc_bpf -lGoReSym -lbddisasm -ldwarf -lelf -lz -lpthread -lbcc -lstdc++ -ldl diff --git a/agent/src/ebpf/test/test_fetch_container_id.c b/agent/src/ebpf/test/test_fetch_container_id.c new file mode 100644 index 00000000000..14d6257d359 --- /dev/null +++ b/agent/src/ebpf/test/test_fetch_container_id.c @@ -0,0 +1,67 @@ +/* + * Copyright (c) 2022 Yunshan Networks + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "../user/common.h" +#include "../user/mem.h" +#include "../user/log.h" +#include "../user/types.h" + +static const char *cgroup_str_0 = + "8:cpuset:/docker/3386444dafd452389a80af5e5c1dc92fda06e4064770d945ea0eb3d242642bcc"; +static const char *cgroup_str_1 = + "6:pids:/kubepods.slice/kubepods-besteffort.slice/kubepods-besteffort-pod55263d4e_9ca4_4f08_ac8e_5df9de111281.slice/cri-containerd-de8109b1bb55c08b50a9d4d3c17cffe3fc7b85b1c25b0b41dbe45e1d386bc6ba.scope"; +static const char *cgroup_str_2 = + "10:pids:/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-pod804d9406_ab49_4e7c_a7f1_bfddfb186df2.clice/docker-3386444dafd452389a80af5e5c1dc92fda06e4064770d945ea0eb3d242642aaa.scope"; +static const char *cgroup_str_3 = + "5:devices:/kubepods/burstable/pod599a0779-5f40-4779-9d11-82ecce3e6662/3386444dafd452389a80af5e5c1dc92fda06e4064770d945ea0eb3d242642bbb"; +static const char *cgroup_str_err = + "6:devices:/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxsystem.slice/containerd.service"; + +static int test_cgr_str(const char *cgr_str) +{ + char c_id[65]; + char test_str[2048]; + memset(test_str, 0, sizeof(test_str)); + memcpy(test_str, cgr_str, strlen(cgr_str)); + if (fetch_container_id_from_str(test_str, c_id, sizeof(c_id))) + return -1; + if (!(strlen(c_id) == 64 && strstr(test_str, c_id))) + return -1; + printf("\nsource : %s \n fetch : %s\n", cgr_str, c_id); + return 0; +} + +int main(void) +{ + int ret; + ret = test_cgr_str(cgroup_str_0); + if (ret != 0) + return ret; + ret = test_cgr_str(cgroup_str_1); + if (ret != 0) + return ret; + ret = test_cgr_str(cgroup_str_2); + if (ret != 0) + return ret; + ret = test_cgr_str(cgroup_str_3); + if (ret != 0) + return ret; + ret = test_cgr_str(cgroup_str_err); + if (ret == 0) + return -1; + + return 0; +} diff --git a/agent/src/ebpf/user/common.c b/agent/src/ebpf/user/common.c index 678740bbf2a..337de1248cf 100644 --- a/agent/src/ebpf/user/common.c +++ b/agent/src/ebpf/user/common.c @@ -43,6 +43,8 @@ #include "log.h" #include "string.h" +#define MAXLINE 1024 + static u64 g_sys_btime_msecs; bool is_core_kernel(void) @@ -164,7 +166,6 @@ uint32_t get_sys_uptime(void) static void exec_clear_residual_probes(const char *events_file, const char *type_name) { -#define MAXLINE 1024 struct probe_elem { struct list_head list; char event[MAXLINE]; @@ -979,50 +980,60 @@ int exec_command(const char *cmd, const char *args) return -1; } -int fetch_container_id(pid_t pid, char *id, int copy_bytes) +int fetch_container_id_from_str(char *buff, char *id, int copy_bytes) { - static const int scope_len = 5; static const int cid_len = 64; - char file[PATH_MAX], buff[4096]; - int fd; - memset(buff, 0, sizeof(buff)); - snprintf(file, sizeof(file), "/proc/%d/cgroup", pid); - if (access(file, F_OK)) + char *p; + + if ((p = strstr(buff, ".scope"))) + *p = '\0'; + else + p = buff + strlen(buff); + + if (strlen(buff) < cid_len) return -1; - fd = open(file, O_RDONLY); - if (fd <= 2) + p -= cid_len; + + if (strchr(p, '.') || strchr(p, '-') || strchr(p, '/')) return -1; - read(fd, buff, sizeof(buff)); - close(fd); + if (strlen(p) != cid_len) + return -1; - char *p; - if ((p = strchr(buff, '\n')) == NULL) + memset(id, 0, copy_bytes); + memcpy_s_inline((void *)id, copy_bytes, (void *)p, cid_len); + + return 0; +} + +int fetch_container_id(pid_t pid, char *id, int copy_bytes) +{ + char file[PATH_MAX], buff[MAXLINE]; + memset(buff, 0, sizeof(buff)); + snprintf(file, sizeof(file), "/proc/%d/cgroup", pid); + if (access(file, F_OK)) return -1; - *p = '\0'; - if (strlen(buff) < (scope_len + 1 + cid_len)) { + FILE *fp; + char *lf; + if ((fp = fopen(file, "r")) == NULL) { return -1; } - if ((p = strstr(buff, ".scope"))) { - *p = '\0'; - p = strstr(buff, "containerd-"); - if (p == NULL) - return -1; - p += strlen("containerd-"); - goto done; + while ((fgets(buff, sizeof(buff), fp)) != NULL) { + if ((lf = strchr(buff, '\n'))) + *lf = '\0'; + // includes "pids" | "cpuset" | "devices" | "memory" | "cpu" + if (strstr(buff, "pids") || strstr(buff, "cpuset") + || strstr(buff, "devices") || strstr(buff, "memory") + || strstr(buff, "cpu")) { + break; + } - } else if ((p = strstr(buff, "/docker/"))) { - p += strlen("/docker/"); - goto done; } - return -1; -done: - if (strlen(p) != cid_len) - return -1; - memcpy_s_inline((void *)id, copy_bytes, (void *)p, cid_len); - return 0; + fclose(fp); + + return fetch_container_id_from_str(buff, id, copy_bytes); } diff --git a/agent/src/ebpf/user/common.h b/agent/src/ebpf/user/common.h index c0ab7ef716b..1bbf96ca907 100644 --- a/agent/src/ebpf/user/common.h +++ b/agent/src/ebpf/user/common.h @@ -276,5 +276,6 @@ void df_exit_ns(int fd); int gen_file_from_mem(const char *mem_ptr, int write_bytes, const char *path); int exec_command(const char *cmd, const char *args); u64 current_sys_time_secs(void); +int fetch_container_id_from_str(char *buff, char *id, int copy_bytes); int fetch_container_id(pid_t pid, char *id, int copy_bytes); #endif /* DF_COMMON_H */