debug

Author: mmat11

.github/workflows/cx-internal-build-push.yml

@@ -0,0 +1,69 @@
+name: CX build and push
+
+on:
+  push:
+    branches: [ 'main', 'matt/bpf-loop-fallback' ]
+  pull_request:
+    branches: [ 'matt/bpf-loop-fallback' ]
+
+env:
+  AWS_REGION: eu-west-1
+  AWS_ACCOUNT_ID: 897729105761 # tacotaco-research
+  AWS_ROLE_TO_ASSUME: arn:aws:iam::897729105761:role/AnemiaAgentRole
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    if: github.repository == 'coralogix/opentelemetry-ebpf-instrumentation'
+    permissions:
+      id-token: write
+      packages: write
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }}
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        run: |
+          aws ecr get-login-password --region ${{ env.AWS_REGION }} | docker login --username AWS --password-stdin ${{ env.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com
+
+      - name: Create ECR Repositories
+        run: |
+          aws ecr create-repository --repository-name "obi-internal" --region ${{ env.AWS_REGION }} || echo "Repository obi-internal already exists."
+
+      - name: Set up buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          driver: docker-container
+
+      - name: Cache images
+        uses: actions/cache@v3
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - name: Set Git Commit Hash
+        run: echo "COMMIT_HASH=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          platforms: linux/amd64
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: |
+            ${{ env.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/obi-internal:${{ env.COMMIT_HASH }}
+            ${{ env.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/obi-internal:latest
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache,new=true

bpf/common/trace_common.h

@@ -55,7 +55,7 @@ static __always_inline void trace_key_from_pid_tid(trace_key_t *t_key) {
     t_key->extra_id = extra_id;
 }
 
-static __hidden int tp_match(u32 index, void *data) {
+static int tp_match(u32 index, void *data) {
     if (index >= (TRACE_BUF_SIZE - TRACE_PARENT_HEADER_LEN)) {
         return 1;
     }
@@ -89,14 +89,15 @@ static __always_inline unsigned char *bpf_strstr_tp_loop(unsigned char *buf, int
     return NULL;
 }
 
-static __always_inline unsigned char *bpf_strstr_tp_loop__legacy(unsigned char *buf) {
+static __always_inline unsigned char *bpf_strstr_tp_loop__legacy(unsigned char *buf, int buf_len) {
+    (void)buf_len;
+
     if (!k_bpf_traceparent_enabled) {
         return NULL;
     }
 
-    const u16 k_besteffort_max_loops = 450; // Limit search to avoid burning too many instructions
+    const u16 k_besteffort_max_loops = 450; // Limited best-effort search to stay within insns limit
     for (u16 i = 0; i + TRACE_PARENT_HEADER_LEN < k_besteffort_max_loops; i++) {
-        // Only check at offset=0 or after '\n' to save instructions
         if (i != 0 && buf[i - 1] != '\n') {
             continue;
         }

bpf/generictracer/protocol_http.h

@@ -47,7 +47,8 @@ static __always_inline void http_get_or_create_trace_info(http_connection_metada
                                                           int bytes_len,
                                                           s32 capture_header_buffer,
                                                           u8 ssl,
-                                                          u16 orig_dport) {
+                                                          u16 orig_dport,
+                                                          unsigned char *(*tp_loop_fn)(unsigned char *, int)) {
     //TODO use make_key
     egress_key_t e_key = {
         .d_port = conn->d_port,
@@ -148,13 +149,7 @@ static __always_inline void http_get_or_create_trace_info(http_connection_metada
 
             bpf_probe_read(buf, buf_len, u_buf);
 
-            unsigned char *res = NULL;
-            if (bpf_core_enum_value_exists(enum bpf_func_id, BPF_FUNC_loop)) {
-                res = bpf_strstr_tp_loop(buf, buf_len);
-            } else {
-                res = bpf_strstr_tp_loop__legacy(buf);
-            }
-
+            unsigned char *res = tp_loop_fn(buf, buf_len);
             if (res) {
                 bpf_dbg_printk("Found traceparent in headers [%s] overriding what was before", res);
                 unsigned char *t_id = extract_trace_id(res);
@@ -392,13 +387,8 @@ static __always_inline void handle_http_response(unsigned char *small_buf,
     cleanup_http_request_data(pid_conn, info);
 }
 
-// k_tail_protocol_http
-SEC("kprobe/http")
-int obi_protocol_http(void *ctx) {
-    (void)ctx;
-
+static __always_inline int __obi_protocol_http(unsigned char *(*tp_loop_fn)(unsigned char *, int)) {
     call_protocol_args_t *args = protocol_args();
-
     if (!args) {
         return 0;
     }
@@ -450,7 +440,8 @@ int obi_protocol_http(void *ctx) {
                                       args->bytes_len,
                                       capture_header_buffer,
                                       args->ssl,
-                                      args->orig_dport);
+                                      args->orig_dport,
+                                      tp_loop_fn);
 
         if (meta) {
             u32 type = trace_type_from_meta(meta);
@@ -483,3 +474,17 @@ int obi_protocol_http(void *ctx) {
 
     return 0;
 }
+
+// k_tail_protocol_http
+SEC("kprobe/http")
+static int obi_protocol_http(void *ctx) {
+    (void)ctx;
+    return __obi_protocol_http(bpf_strstr_tp_loop);
+}
+
+// k_tail_protocol_http
+SEC("kprobe/http")
+static int obi_protocol_http_legacy(void *ctx) {
+    (void)ctx;
+    return __obi_protocol_http(bpf_strstr_tp_loop__legacy);
+}

pkg/components/ebpf/common/common.go

@@ -17,6 +17,7 @@ import (
 	"unsafe"
 
 	"github.com/cilium/ebpf"
+	"github.com/cilium/ebpf/asm"
 	"github.com/cilium/ebpf/link"
 	lru "github.com/hashicorp/golang-lru/v2"
 	"github.com/hashicorp/golang-lru/v2/expirable"
@@ -301,6 +302,7 @@ func SupportsContextPropagationWithProbe(log *slog.Logger) bool {
 	return false
 }
 
+// TODO(matt): probe for BPF_FUNC_loop instead of relying on kernel version?
 func SupportsEBPFLoops(log *slog.Logger, overrideKernelVersion bool) bool {
 	if overrideKernelVersion {
 		log.Debug("Skipping kernel version check for bpf_loop functionality: user supplied confirmation of support")
@@ -310,6 +312,26 @@ func SupportsEBPFLoops(log *slog.Logger, overrideKernelVersion bool) bool {
 	return kernelMajor > 5 || (kernelMajor == 5 && kernelMinor >= 17)
 }
 
+func FixupSpec(spec *ebpf.CollectionSpec, overrideKernelVersion bool) {
+	if !SupportsEBPFLoops(ptlog(), overrideKernelVersion) {
+		// Hack: instead of redefining bpf2go generated struct for mutually exclusive conditional programs,
+		// use one predefined field name to store either of them.
+		spec.Programs["obi_protocol_http"] = spec.Programs["obi_protocol_http_legacy"]
+		spec.Programs["obi_protocol_http"].Name = "obi_protocol_http"
+	}
+	// Hack: insert a dummy unused program in order to be able to use bpf2go generated struct to load
+	// the collection.
+	spec.Programs["obi_protocol_http_legacy"] = &ebpf.ProgramSpec{
+		Name: "obi_dummy",
+		Type: ebpf.Kprobe,
+		Instructions: asm.Instructions{
+			asm.Mov.Imm(asm.R0, 0),
+			asm.Return(),
+		},
+		License: "MIT",
+	}
+}
+
 // Injectable for tests
 var lockdownPath = "/sys/kernel/security/lockdown"
 

pkg/components/ebpf/generictracer/generictracer.go

@@ -149,7 +149,14 @@ func (p *Tracer) Load() (*ebpf.CollectionSpec, error) {
 		p.log.Info("Enabling trace information parsing", "bpf_loop_enabled", ebpfcommon.SupportsEBPFLoops(p.log, p.cfg.EBPF.OverrideBPFLoopEnabled))
 	}
 
-	return loader()
+	spec, err := loader()
+	if err != nil {
+		return nil, fmt.Errorf("can't load bpf collection from reader: %v", err)
+	}
+
+	ebpfcommon.FixupSpec(spec, p.cfg.EBPF.OverrideBPFLoopEnabled)
+
+	return spec, err
 }
 
 func (p *Tracer) SetupTailCalls() {