Skip to content

Commit

Permalink
feat: Add TCP stream reader using gopacket (#62)
Browse files Browse the repository at this point in the history 
## Which problem is this PR solving?
Adds an alternative source of packet discovery using gopacket. This is
an experimental thing and may be able to replace our kprobes that peice
packets together using kprobes.

- Closes #59

## Short description of the changes
- Add http/httputils.go which is the TCP stream reader using gopacket,
will nee renaming / moving to be better discoverable
- Add libcap-dev package to Dockerfile's (gopacket reads pcap files)
- Enable CGO compilation in Makefile targets
- Move tcp_probe.c to source sub directory as CGO doesn't like go and c
files in same directory
- Introduce manager struct for TCP probe to hold references for things
we need to clean up, plus add New, Start and Close funcs
- Add hostnetwork and NET_RAW cap to deployment.yaml
- Update main.go to setup and configure both probes and tcp stream
reader then clean up resources when detecting interrupt and term signals
- Updates go version to 1.20.7 in .tools-versions

## How to verify that this has the expected result
Can continue to build and deploy the agent. Events are delivered for
both probe and tcp stream reader sources to Honeycomb (provided
HONEYCOMB_API_KEY is set).

PS We should no longer require `mac-*` makefile targets once the
following is merged
-  #61

---------

Co-authored-by: JamieDanielson <jamieedanielson@gmail.com>
Co-authored-by: Purvi Kanal <kanal.purvi@gmail.com>
Co-authored-by: Purvi Kanal <purvikanal@honeycomb.io>
Co-authored-by: Jamie Danielson <JamieDanielson@users.noreply.github.com>
Co-authored-by: Robb Kidd <robb@thekidds.org>
Co-authored-by: Vera Reynolds <verareynolds@honeycomb.io>
  • Loading branch information
@MikeGoldsmith @JamieDanielson
@pkanal @robbkidd @vreynolds
7 people committed Aug 14, 2023
1 parent bffeeef commit 78ac240
Show file tree
Hide file tree
Showing 11 changed files with 720 additions and 31 deletions.
2 changes: 1 addition & 1 deletion .tool-versions
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
golang 1.20.5
golang 1.20.7
6 changes: 3 additions & 3 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
FROM golang:1.20 as builder
RUN apt update -yq && apt install -yq clang llvm make
RUN apt update -yq && apt install -yq clang llvm make libpcap-dev
WORKDIR /src
COPY go.* .
RUN go mod download
COPY . .
RUN make build

FROM ubuntu:22.04
RUN apt-get update -yq && apt-get install -yq ca-certificates
RUN apt-get update -yq && apt-get install -yq ca-certificates libpcap-dev
COPY --from=builder /src/hny-ebpf-agent /bin/hny-ebpf-agent
CMD [ "/bin/hny-ebpf-agent" ]
ENTRYPOINT [ "/bin/hny-ebpf-agent" ]
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ docker-generate:

.PHONY: build
build: generate
CGO_ENABLED=0 GOOS=linux go build -o hny-ebpf-agent main.go
CGO_ENABLED=1 GOOS=linux go build -o hny-ebpf-agent main.go

.PHONY: docker-build
docker-build:
Expand Down
33 changes: 28 additions & 5 deletions bpf/probes/manager.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,18 @@ import (
"k8s.io/client-go/kubernetes"
)

//go:generate go run github.com/cilium/ebpf/cmd/bpf2go -target amd64,arm64 -cc clang -cflags $CFLAGS bpf tcp_probe.c
//go:generate go run github.com/cilium/ebpf/cmd/bpf2go -target amd64,arm64 -cc clang -cflags $CFLAGS bpf source/tcp_probe.c

const mapKey uint32 = 0

func Setup(client *kubernetes.Clientset) {
type manager struct {
bpfObjects bpfObjects
probes []link.Link
reader *perf.Reader
client *kubernetes.Clientset
}

func New(client *kubernetes.Clientset) manager {
// Load pre-compiled programs and maps into the kernel.
objs := bpfObjects{}
if err := loadBpfObjects(&objs, nil); err != nil {
Expand Down Expand Up @@ -53,11 +60,19 @@ func Setup(client *kubernetes.Clientset) {
log.Fatalf("failed creating perf reader: %v", err)
}

log.Println("Agent is ready!")
return manager{
bpfObjects: objs,
probes: []link.Link{ kprobeTcpConnect, kprobeTcpClose },
reader: reader,
client: client,
}
}

func (m *manager) Start() {
// bpfTcpEvent is generated by bpf2go from tcp_event struct in tcp_probe.c
var event bpfTcpEvent
for {
record, err := reader.Read()
record, err := m.reader.Read()
if err != nil {
if errors.Is(err, perf.ErrClosed) {
return
Expand All @@ -76,8 +91,16 @@ func Setup(client *kubernetes.Clientset) {

// log.Printf("event: %+v\n", event)

sendEvent(event, client)
sendEvent(event, m.client)
}
}

func (m *manager) Stop() {
for _, probe := range m.probes {
probe.Close()
}
m.bpfObjects.Close()
m.reader.Close()
}

func getPodByIPAddr(client *kubernetes.Clientset, ipAddr string) v1.Pod {
Expand Down
0 bpf/probes/tcp_probe.c → bpf/probes/source/tcp_probe.c
View file
File renamed without changes.
8 changes: 4 additions & 4 deletions deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,10 +74,10 @@ spec:
name: hny-ebpf-agent
spec:
serviceAccountName: honeycomb-sa
hostNetwork: true
containers:
- name: hny-ebpf-agent
image: hny/ebpf-agent:local
# image: ghcr.io/honeycombio/ebpf-agent:dev
imagePullPolicy: IfNotPresent
env:
- name: HONEYCOMB_API_KEY
Expand All @@ -87,14 +87,14 @@ spec:
key: api-key
- name: HONEYCOMB_DATASET
value: ebpf-agent-go
# set to another endpoint if desired
- name: HONEYCOMB_API_ENDPOINT
value: $HONEYCOMB_API_ENDPOINT
args:
- --verbose
securityContext:
capabilities:
add:
- BPF
- PERFMON
- NET_RAW
# for local debugging
privileged: true
imagePullSecrets:
Expand Down
8 changes: 3 additions & 5 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@ go 1.20

require (
github.com/cilium/ebpf v0.11.0
github.com/google/gopacket v1.1.19
github.com/honeycombio/libhoney-go v1.20.0
go.opentelemetry.io/otel v1.16.0
k8s.io/api v0.27.4
k8s.io/apimachinery v0.27.4
k8s.io/client-go v0.27.4
Expand All @@ -17,7 +19,6 @@ require (
github.com/facebookgo/limitgroup v0.0.0-20150612190941-6abd8d71ec01 // indirect
github.com/facebookgo/muster v0.0.0-20150708232844-fd3d7953fd52 // indirect
github.com/go-logr/logr v1.2.4 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/jsonpointer v0.19.6 // indirect
github.com/go-openapi/jsonreference v0.20.1 // indirect
github.com/go-openapi/swag v0.22.3 // indirect
Expand All @@ -36,13 +37,10 @@ require (
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect
github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
go.opentelemetry.io/otel v1.16.0 // indirect
go.opentelemetry.io/otel/metric v1.16.0 // indirect
go.opentelemetry.io/otel/trace v1.16.0 // indirect
golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 // indirect
golang.org/x/net v0.8.0 // indirect
golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect
golang.org/x/sys v0.6.0 // indirect
golang.org/x/sys v0.11.0 // indirect
golang.org/x/term v0.6.0 // indirect
golang.org/x/text v0.8.0 // indirect
golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
Expand Down
15 changes: 4 additions & 11 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,13 +71,8 @@ github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8=
Expand Down Expand Up @@ -132,6 +127,8 @@ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
Expand Down Expand Up @@ -215,10 +212,6 @@ go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.opentelemetry.io/otel v1.16.0 h1:Z7GVAX/UkAXPKsy94IU+i6thsQS4nb7LviLpnaNeW8s=
go.opentelemetry.io/otel v1.16.0/go.mod h1:vl0h9NUa1D5s1nv3A5vZOYWn8av4K8Ml6JDeHrT/bx4=
go.opentelemetry.io/otel/metric v1.16.0 h1:RbrpwVG1Hfv85LgnZ7+txXioPDoh6EdbZHo26Q3hqOo=
go.opentelemetry.io/otel/metric v1.16.0/go.mod h1:QE47cpOmkwipPiefDwo2wDzwJrlfxxNYodqc4xnGCo4=
go.opentelemetry.io/otel/trace v1.16.0 h1:8JRpaObFoW0pxuVPapkgH8UhHQj+bJW8jJsCZEu5MQs=
go.opentelemetry.io/otel/trace v1.16.0/go.mod h1:Yt9vYq1SdNz3xdjZZK7wcXv1qv2pwLkqr2QVwea0ef0=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
Expand Down Expand Up @@ -330,8 +323,8 @@ golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
Expand Down
Loading

0 comments on commit 78ac240

Please sign in to comment.