Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] eBPF backend #34

Closed
kxxt opened this issue Aug 5, 2024 · 1 comment
Closed

[Feature] eBPF backend #34

kxxt opened this issue Aug 5, 2024 · 1 comment
Assignees
@kxxt
Labels
difficulty-hard enhancement New feature or request log Log mode perf Performance related priority-normal tracer Core tracer component tui TUI
Milestone
0.6

Comments

@kxxt
Copy link
Owner

kxxt commented Aug 5, 2024
edited
Loading

Add an eBPF backend for

Benefits

  • We can have gdb session nested since we no longer need ptrace.
  • Detaching a tracee. This can cause some trouble for the detached tracee when seccomp-bpf is enabled(default) under ptrace mode.

Down Sides

  • eBPF usually requires root
  • Needs to check for kernel support and portability.
  • Probably no performance improvement. Ptrace + seccomp-bpf already offers nearly zero performance overhead.

Implementation

This should be fairly easy because we only need to attach to execve{,at}_sys{enter,exit} tracepoints/(fentry/fexit) and listen for events then passing them back to userspace.

Some changes are required at TUI layer to remove Breakpoint Manager and Hit Manager for this mode.

  • Emulating old follow-fork behavior to provide a mostly compatible interface like the old one

✔️ Use a map to hold all tracees and follow fork in sched_process_fork.

Or alternatively maybe create a new pidns and only do tracing in that pid namespace.
@kxxt kxxt added enhancement New feature or request priority-normal tui TUI log Log mode tracer Core tracer component difficulty-hard perf Performance related labels Aug 5, 2024
@kxxt kxxt self-assigned this Aug 5, 2024
@kxxt kxxt added this to the 0.6 milestone Sep 16, 2024
@kxxt
Copy link
Owner Author

kxxt commented Sep 17, 2024

Available in 0.6

@kxxt kxxt closed this as completed Sep 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kxxt kxxt

Labels
difficulty-hard enhancement New feature or request log Log mode perf Performance related priority-normal tracer Core tracer component tui TUI
Projects
None yet
Milestone
0.6
Development

No branches or pull requests
1 participant
@kxxt