Skip to content
This repository has been archived by the owner on Oct 6, 2023. It is now read-only.

Extend libbpf-tools for Inspektor Gadget #5

Merged
merged 6 commits into from
Aug 10, 2021
Merged

Extend libbpf-tools for Inspektor Gadget #5

merged 6 commits into from
Aug 10, 2021

Conversation

mauriciovasquezbernal
Copy link
Member

@mauriciovasquezbernal mauriciovasquezbernal commented Aug 3, 2021
edited
Loading

This PR is a POC to make it possible to libbpf-based tools with Inspektor Gadget

The changes in this PR are:

  • Extend execsnoop to be able to filter by container and print container info
  • Package libbpf-tool in the BCC container image

TODO

  • It's not clear how to handle the different docker images. Currently 3 versions are pushed: core, standard and gadget that combines the first two.
  • Extend other tools used in Inspektor Gadget
  • Implement --json support?

@mauriciovasquezbernal mauriciovasquezbernal mentioned this pull request Aug 3, 2021
Merged
2 tasks
@mauriciovasquezbernal mauriciovasquezbernal force-pushed the mauricio/experiments/core branch 2 times, most recently from ea9b3e6 to 1c4dc43 Compare August 3, 2021 19:55
@mauriciovasquezbernal mauriciovasquezbernal marked this pull request as ready for review August 3, 2021 20:02
@mauriciovasquezbernal
Copy link
Member Author

mauriciovasquezbernal commented Aug 3, 2021
edited
Loading

@alban in this PR three different container image tags are created: one for the standard tools, one for libbpf-based tools and another one that combines those two. Do you have any feedback on it?

@alban
Copy link
Member

alban commented Aug 4, 2021

@alban in this PR three different container image tags are created: one for the standard tools, one for libbpf-based tools and another one that combines those two. Do you have any feedback on it?

I am not sure to understand why we need to build those 3 flavours. Couldn't we just build the one that includes both standard tools and libbpf-based tools?

@mauriciovasquezbernal
Copy link
Member Author

I am not sure to understand why we need to build those 3 flavours. Couldn't we just build the one that includes both standard tools and libbpf-based tools?

I want to build three different to optimize the deployment in case the user chooses which mode to use when deploying Inspektor Gadget. But it's also true that we could just ship everything in a single image.

alban
alban reviewed Aug 9, 2021
View reviewed changes
Dockerfile.ubuntu Outdated Show resolved Hide resolved
.github/workflows/publish.yml Outdated Show resolved Hide resolved
Dockerfile.core Outdated Show resolved Hide resolved
Dockerfile.core Outdated Show resolved Hide resolved
libbpf-tools/bindsnoop.bpf.c Show resolved Hide resolved
@mauriciovasquezbernal
Add libbpf-based tools to container image
211c469
@mauriciovasquezbernal
libbpf-tools: add containers helpers
1ec28ca 
Add a helper to get information about a Kubernetes container given
its mount ns id.
@mauriciovasquezbernal
libbpf-tools/execsnoop: extend for inspektor gadget
c0d50c2 
- add filtering by container
- print container info
- add --json parameter (not implemneted yet)

Use a map that contains the mount namespace IDs to be considered.
@mauriciovasquezbernal
libbpf-tools/bindsnoop: extend for inspektor gadget
08ddc2f 
- add filtering by container
- print container info
- add --json parameter (not implemneted yet)
@mauriciovasquezbernal
libbpf-tools/opensnoop: extend for inspektor gadget
23a1132 
- add filtering by container
- print container info
- add --json parameter (not implemneted yet)
@mauriciovasquezbernal
libbpf-tools/tpconnect: extend for inspektor gadget
e5fd339 
- add filtering by container
- print container info
- add --json parameter (not implemneted yet)
@mauriciovasquezbernal mauriciovasquezbernal mentioned this pull request Aug 9, 2021
Closed
alban
alban approved these changes Aug 10, 2021
View reviewed changes
Copy link
Member

@alban alban left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@mauriciovasquezbernal mauriciovasquezbernal merged commit fca607f into gadget Aug 10, 2021
@mauriciovasquezbernal mauriciovasquezbernal deleted the mauricio/experiments/core branch August 10, 2021 13:15
mauriciovasquezbernal pushed a commit that referenced this pull request Dec 20, 2022
@ekyooo @yonghong-song
libbpf-tools/offcputime: Add dso info and symbol offset to backtrace …
6a5c573 
…for -v option

Add additional information and change format of backtrace
- add symbol base offset, dso name, dso base offset
- symbol and dso info is included if it's available in target binary
- changed format:
INDEX ADDR [SYMBOL+OFFSET] (MODULE+OFFSET)

Print backtrace of ip if it failed to get syms.

Before:
  # offcputime -v
    psiginfo
    vscanf
    __snprintf_chk
    [unknown]
    [unknown]
    [unknown]
    [unknown]
    [unknown]
    sd_event_exit
    sd_event_dispatch
    sd_event_run
    [unknown]
    __libc_start_main
    [unknown]
    -                systemd-journal (204)
        1

    xas_load
    xas_find
    filemap_map_pages
    __handle_mm_fault
    handle_mm_fault
    do_page_fault
    do_translation_fault
    do_mem_abort
    do_el0_ia_bp_hardening
    el0_ia
    xas_load
    --
failed to get syms
      -                PmLogCtl (138757)
        1

After:
  # offcputime -v
    #0  0xffffffc01018b7e8 __arm64_sys_clock_nanosleep+0x0
    #1  0xffffffc01009a93c el0_svc_handler+0x34
    #2  0xffffffc010084a08 el0_svc+0x8
    #3  0xffffffc01018b7e8 __arm64_sys_clock_nanosleep+0x0
    --
    #4  0x0000007fa0bffd14 clock_nanosleep+0x94 (/usr/lib/libc-2.31.so+0x9ed14)
    #5  0x0000007fa0c0530c nanosleep+0x1c (/usr/lib/libc-2.31.so+0xa430c)
    #6  0x0000007fa0c051e4 sleep+0x34 (/usr/lib/libc-2.31.so+0xa41e4)
    #7  0x000000558a5a9608 flb_loop+0x28 (/usr/bin/fluent-bit+0x52608)
    #8  0x000000558a59f1c4 flb_main+0xa84 (/usr/bin/fluent-bit+0x481c4)
    #9  0x0000007fa0b85124 __libc_start_main+0xe4 (/usr/lib/libc-2.31.so+0x24124)
    #10 0x000000558a59d828 _start+0x34 (/usr/bin/fluent-bit+0x46828)
    -                fluent-bit (1238)
        1

    #0  0xffffffc01027daa4 generic_copy_file_checks+0x334
    #1  0xffffffc0102ba634 __handle_mm_fault+0x8dc
    #2  0xffffffc0102baa20 handle_mm_fault+0x168
    #3  0xffffffc010ad23c0 do_page_fault+0x148
    #4  0xffffffc010ad27c0 do_translation_fault+0xb0
    #5  0xffffffc0100816b0 do_mem_abort+0x50
    #6  0xffffffc0100843b0 el0_da+0x1c
    #7  0xffffffc01027daa4 generic_copy_file_checks+0x334
    --
    #8  0x0000007f8dc12648 [unknown]
    #9  0x0000007f8dc0aef8 [unknown]
    #10 0x0000007f8dc1c990 [unknown]
    #11 0x0000007f8dc08b0c [unknown]
    #12 0x0000007f8dc08e48 [unknown]
    #13 0x0000007f8dc081c8 [unknown]
    -                PmLogCtl (2412)
        1

Fixed: iovisor#3884
Signed-off-by: Eunseon Lee <es.lee@lge.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@alban alban alban approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mauriciovasquezbernal @alban