diff --git a/.clang-format b/.clang-format index 1837c4bd21..02599e9017 100644 --- a/.clang-format +++ b/.clang-format @@ -51,7 +51,7 @@ DisableFormat: false IndentWrappedFunctionNames: false MacroBlockBegin: '' MacroBlockEnd: '' -NamespaceIndentation: Inner +NamespaceIndentation: None PenaltyBreakBeforeFirstCallParameter: 19 PenaltyBreakComment: 300 PenaltyBreakFirstLessLess: 120 diff --git a/core/ebpf/config.cpp b/core/ebpf/Config.cpp similarity index 91% rename from core/ebpf/config.cpp rename to core/ebpf/Config.cpp index bc97f64133..58f664e51d 100644 --- a/core/ebpf/config.cpp +++ b/core/ebpf/Config.cpp @@ -12,13 +12,14 @@ // See the License for the specific language governing permissions and // limitations under the License. +#include "ebpf/Config.h" + #include #include -#include "logger/Logger.h" -#include "ebpf/config.h" -#include "common/ParamExtractor.h" #include "common/Flags.h" +#include "common/ParamExtractor.h" +#include "logger/Logger.h" DEFINE_FLAG_INT32(ebpf_receive_event_chan_cap, "ebpf receive kernel event queue size", 4096); DEFINE_FLAG_BOOL(ebpf_admin_config_debug_mode, "ebpf admin config debug mode", false); @@ -46,9 +47,9 @@ static const std::unordered_mapGetRegion()); } // MeterHandlerType (Optional) - if (!GetOptionalStringParam(probeConfig, "MeterHandlerType", thisObserverNetworkOption.mMeterHandlerType, errorMsg)) { + if (!GetOptionalStringParam( + probeConfig, "MeterHandlerType", thisObserverNetworkOption.mMeterHandlerType, errorMsg)) { PARAM_WARNING_IGNORE(mContext->GetLogger(), mContext->GetAlarm(), errorMsg, @@ -158,7 +160,10 @@ bool InitObserverNetworkOptionInner(const Json::Value& probeConfig, return true; } -bool ExtractProbeConfig(const Json::Value& config, const PipelineContext* mContext, const std::string& sName, Json::Value& probeConfig) { +bool ExtractProbeConfig(const Json::Value& config, + const PipelineContext* mContext, + const std::string& sName, + Json::Value& probeConfig) { std::string errorMsg; if (!IsValidMap(config, "ProbeConfig", errorMsg)) { PARAM_ERROR_RETURN(mContext->GetLogger(), @@ -174,7 +179,7 @@ bool ExtractProbeConfig(const Json::Value& config, const PipelineContext* mConte return true; } -bool InitObserverNetworkOption(const Json::Value& config, +bool InitObserverNetworkOption(const Json::Value& config, nami::ObserverNetworkOption& thisObserverNetworkOption, const PipelineContext* mContext, const std::string& sName) { @@ -393,13 +398,13 @@ bool SecurityOptions::Init(SecurityProbeType probeType, } default: PARAM_WARNING_IGNORE(mContext->GetLogger(), - mContext->GetAlarm(), - "Unknown security eBPF probe type", - sName, - mContext->GetConfigName(), - mContext->GetProjectName(), - mContext->GetLogstoreName(), - mContext->GetRegion()); + mContext->GetAlarm(), + "Unknown security eBPF probe type", + sName, + mContext->GetConfigName(), + mContext->GetProjectName(), + mContext->GetLogstoreName(), + mContext->GetRegion()); } thisSecurityOption.filter_ = thisFilter; GetSecurityProbeDefaultCallName(probeType, thisSecurityOption.call_names_); @@ -413,20 +418,27 @@ void eBPFAdminConfig::LoadEbpfConfig(const Json::Value& confJson) { // receive_event_chan_cap (Optional) mReceiveEventChanCap = INT32_FLAG(ebpf_receive_event_chan_cap); // admin_config (Optional) - mAdminConfig = AdminConfig{BOOL_FLAG(ebpf_admin_config_debug_mode), STRING_FLAG(ebpf_admin_config_log_level), BOOL_FLAG(ebpf_admin_config_push_all_span)}; + mAdminConfig = AdminConfig{BOOL_FLAG(ebpf_admin_config_debug_mode), + STRING_FLAG(ebpf_admin_config_log_level), + BOOL_FLAG(ebpf_admin_config_push_all_span)}; // aggregation_config (Optional) mAggregationConfig = AggregationConfig{INT32_FLAG(ebpf_aggregation_config_agg_window_second)}; // converage_config (Optional) mConverageConfig = ConverageConfig{STRING_FLAG(ebpf_converage_config_strategy)}; // sample_config (Optional) - mSampleConfig = SampleConfig{STRING_FLAG(ebpf_sample_config_strategy), {DOUBLE_FLAG(ebpf_sample_config_config_rate)}}; + mSampleConfig + = SampleConfig{STRING_FLAG(ebpf_sample_config_strategy), {DOUBLE_FLAG(ebpf_sample_config_config_rate)}}; // socket_probe_config (Optional) - mSocketProbeConfig = SocketProbeConfig{INT32_FLAG(ebpf_socket_probe_config_slow_request_threshold_ms), INT32_FLAG(ebpf_socket_probe_config_max_conn_trackers), INT32_FLAG(ebpf_socket_probe_config_max_band_width_mb_per_sec), INT32_FLAG(ebpf_socket_probe_config_max_raw_record_per_sec)}; + mSocketProbeConfig = SocketProbeConfig{INT32_FLAG(ebpf_socket_probe_config_slow_request_threshold_ms), + INT32_FLAG(ebpf_socket_probe_config_max_conn_trackers), + INT32_FLAG(ebpf_socket_probe_config_max_band_width_mb_per_sec), + INT32_FLAG(ebpf_socket_probe_config_max_raw_record_per_sec)}; // profile_probe_config (Optional) - mProfileProbeConfig = ProfileProbeConfig{INT32_FLAG(ebpf_profile_probe_config_profile_sample_rate), INT32_FLAG(ebpf_profile_probe_config_profile_upload_duration)}; + mProfileProbeConfig = ProfileProbeConfig{INT32_FLAG(ebpf_profile_probe_config_profile_sample_rate), + INT32_FLAG(ebpf_profile_probe_config_profile_upload_duration)}; // process_probe_config (Optional) mProcessProbeConfig = ProcessProbeConfig{BOOL_FLAG(ebpf_process_probe_config_enable_oom_detect)}; } -} // ebpf -} // logtail +} // namespace ebpf +} // namespace logtail diff --git a/core/ebpf/config.h b/core/ebpf/Config.h similarity index 97% rename from core/ebpf/config.h rename to core/ebpf/Config.h index b892433151..d760b96637 100644 --- a/core/ebpf/config.h +++ b/core/ebpf/Config.h @@ -14,13 +14,14 @@ #pragma once -#include #include + +#include #include #include -#include "pipeline/PipelineContext.h" #include "ebpf/include/export.h" +#include "pipeline/PipelineContext.h" namespace logtail { @@ -29,7 +30,7 @@ namespace ebpf { ///////////////////// ///////////////////// enum class ObserverType { PROCESS, FILE, NETWORK }; -bool InitObserverNetworkOption(const Json::Value& config, +bool InitObserverNetworkOption(const Json::Value& config, nami::ObserverNetworkOption& thisObserverNetworkOption, const PipelineContext* mContext, const std::string& sName); @@ -129,8 +130,7 @@ class eBPFAdminConfig { #ifdef APSARA_UNIT_TEST_MAIN friend class eBPFServerUnittest; #endif - }; -} // ebpf -} // logtail +} // namespace ebpf +} // namespace logtail diff --git a/core/ebpf/SelfMonitor.cpp b/core/ebpf/SelfMonitor.cpp index f04692262a..f09a467bd6 100644 --- a/core/ebpf/SelfMonitor.cpp +++ b/core/ebpf/SelfMonitor.cpp @@ -13,24 +13,28 @@ // limitations under the License. #include "ebpf/SelfMonitor.h" + #include "logger/Logger.h" namespace logtail { namespace ebpf { void BaseBPFMonitor::HandleStatistic(nami::eBPFStatistics& stats) { - if (!stats.updated_) return; + if (!stats.updated_) + return; UpdateMetricInner(stats); } void BaseBPFMonitor::InitMetric() { - if (mMetricInited) return; + if (mMetricInited) + return; mMetricInited = true; InitMetricInner(); } void BaseBPFMonitor::ReleaseMetric() { - if (!mMetricInited) return; + if (!mMetricInited) + return; for (auto& item : mRefAndLabels) { auto labels = item.second; if (mPluginMetricMgr) { @@ -44,9 +48,8 @@ void BaseBPFMonitor::ReleaseMetric() { void BaseBPFMonitor::InitMetricInner() { // init base metrics, only plugin relative // poll kernel events - MetricLabels pollKernelEventsLabels = { - {METRIC_LABEL_KEY_RECV_EVENT_STAGE, METRIC_LABEL_VALUE_RECV_EVENT_STAGE_POLL_KERNEL} - }; + MetricLabels pollKernelEventsLabels + = {{METRIC_LABEL_KEY_RECV_EVENT_STAGE, METRIC_LABEL_VALUE_RECV_EVENT_STAGE_POLL_KERNEL}}; auto ref = mPluginMetricMgr->GetOrCreateReentrantMetricsRecordRef(pollKernelEventsLabels); mRecvKernelEventsTotal = ref->GetCounter(METRIC_PLUGIN_IN_EVENTS_TOTAL); // loss kernel events @@ -56,33 +59,31 @@ void BaseBPFMonitor::InitMetricInner() { mRefAndLabels.emplace_back(std::make_pair<>(ref, pollKernelEventsLabels)); // push logs/spans/metrics - MetricLabels pushLogsLabels = { - {METRIC_LABEL_KEY_RECV_EVENT_STAGE, METRIC_LABEL_VALUE_RECV_EVENT_STAGE_REPORT_TO_LC}, - {METRIC_LABEL_KEY_EVENT_TYPE, METRIC_LABEL_VALUE_EVENT_TYPE_LOG} - }; + MetricLabels pushLogsLabels + = {{METRIC_LABEL_KEY_RECV_EVENT_STAGE, METRIC_LABEL_VALUE_RECV_EVENT_STAGE_REPORT_TO_LC}, + {METRIC_LABEL_KEY_EVENT_TYPE, METRIC_LABEL_VALUE_EVENT_TYPE_LOG}}; ref = mPluginMetricMgr->GetOrCreateReentrantMetricsRecordRef(pushLogsLabels); mPushEventsTotal = ref->GetCounter(METRIC_PLUGIN_IN_EVENTS_TOTAL); mRefAndLabels.emplace_back(std::make_pair<>(ref, pushLogsLabels)); - MetricLabels pushMetricsLabels = { - {METRIC_LABEL_KEY_RECV_EVENT_STAGE, METRIC_LABEL_VALUE_RECV_EVENT_STAGE_REPORT_TO_LC}, - {METRIC_LABEL_KEY_EVENT_TYPE, METRIC_LABEL_VALUE_EVENT_TYPE_METRIC} - }; + MetricLabels pushMetricsLabels + = {{METRIC_LABEL_KEY_RECV_EVENT_STAGE, METRIC_LABEL_VALUE_RECV_EVENT_STAGE_REPORT_TO_LC}, + {METRIC_LABEL_KEY_EVENT_TYPE, METRIC_LABEL_VALUE_EVENT_TYPE_METRIC}}; ref = mPluginMetricMgr->GetOrCreateReentrantMetricsRecordRef(pushMetricsLabels); mPushMetricsTotal = ref->GetCounter(METRIC_PLUGIN_IN_EVENTS_TOTAL); mRefAndLabels.emplace_back(std::make_pair<>(ref, pushMetricsLabels)); - MetricLabels pushSpansLabels = { - {METRIC_LABEL_KEY_RECV_EVENT_STAGE, METRIC_LABEL_VALUE_RECV_EVENT_STAGE_REPORT_TO_LC}, - {METRIC_LABEL_KEY_EVENT_TYPE, METRIC_LABEL_VALUE_EVENT_TYPE_TRACE} - }; + MetricLabels pushSpansLabels + = {{METRIC_LABEL_KEY_RECV_EVENT_STAGE, METRIC_LABEL_VALUE_RECV_EVENT_STAGE_REPORT_TO_LC}, + {METRIC_LABEL_KEY_EVENT_TYPE, METRIC_LABEL_VALUE_EVENT_TYPE_TRACE}}; ref = mPluginMetricMgr->GetOrCreateReentrantMetricsRecordRef(pushSpansLabels); mPushSpansTotal = ref->GetCounter(METRIC_PLUGIN_IN_EVENTS_TOTAL); mRefAndLabels.emplace_back(std::make_pair<>(ref, pushSpansLabels)); } void BaseBPFMonitor::UpdateMetricInner(nami::eBPFStatistics& currStat) { - if (!currStat.updated_) return; + if (!currStat.updated_) + return; mProcessCacheEntitiesNum->Set(currStat.process_cache_entities_num_); mRecvKernelEventsTotal->Add(currStat.recv_kernel_events_total_); mLossKernelEventsTotal->Add(currStat.loss_kernel_events_total_); @@ -94,12 +95,13 @@ void BaseBPFMonitor::UpdateMetricInner(nami::eBPFStatistics& currStat) { /////////////////////////// NetworkObserverSelfMonitor /////////////////////////// void NetworkObserverSelfMonitor::InitMetric() { - if (mMetricInited) return; + if (mMetricInited) + return; mMetricInited = true; InitMetricInner(); - // use default labels ... + // use default labels ... MetricLabels recvEventLabels = { {METRIC_LABEL_KEY_RECV_EVENT_STAGE, METRIC_LABEL_VALUE_RECV_EVENT_STAGE_AFTER_PERF_WORKER}, }; @@ -109,24 +111,21 @@ void NetworkObserverSelfMonitor::InitMetric() { mAggMapEntitiesNum = ref->GetIntGauge(METRIC_PLUGIN_EBPF_NETWORK_OBSERVER_AGGREGATE_KEY_NUM); mRefAndLabels.emplace_back(std::make_pair<>(ref, recvEventLabels)); - // event type relative labels ... - MetricLabels eventTypeLabels = { - {METRIC_LABEL_KEY_RECV_EVENT_STAGE, METRIC_LABEL_VALUE_RECV_EVENT_STAGE_AFTER_PERF_WORKER}, - {METRIC_LABEL_KEY_EVENT_TYPE, METRIC_LABEL_VALUE_EVENT_TYPE_CONN_STATS} - }; + // event type relative labels ... + MetricLabels eventTypeLabels + = {{METRIC_LABEL_KEY_RECV_EVENT_STAGE, METRIC_LABEL_VALUE_RECV_EVENT_STAGE_AFTER_PERF_WORKER}, + {METRIC_LABEL_KEY_EVENT_TYPE, METRIC_LABEL_VALUE_EVENT_TYPE_CONN_STATS}}; ref = mPluginMetricMgr->GetOrCreateReentrantMetricsRecordRef(eventTypeLabels); mRecvConnStatsTotal = ref->GetCounter(METRIC_PLUGIN_EBPF_NETWORK_OBSERVER_WORKER_HANDLE_EVENTS_TOTAL); mRefAndLabels.emplace_back(std::make_pair<>(ref, eventTypeLabels)); - eventTypeLabels = { - {METRIC_LABEL_KEY_RECV_EVENT_STAGE, METRIC_LABEL_VALUE_RECV_EVENT_STAGE_AFTER_PERF_WORKER}, - {METRIC_LABEL_KEY_EVENT_TYPE, METRIC_LABEL_VALUE_EVENT_TYPE_CTRL_EVENT} - }; + eventTypeLabels = {{METRIC_LABEL_KEY_RECV_EVENT_STAGE, METRIC_LABEL_VALUE_RECV_EVENT_STAGE_AFTER_PERF_WORKER}, + {METRIC_LABEL_KEY_EVENT_TYPE, METRIC_LABEL_VALUE_EVENT_TYPE_CTRL_EVENT}}; ref = mPluginMetricMgr->GetOrCreateReentrantMetricsRecordRef(eventTypeLabels); mRecvCtrlEventsTotal = ref->GetCounter(METRIC_PLUGIN_EBPF_NETWORK_OBSERVER_WORKER_HANDLE_EVENTS_TOTAL); mRefAndLabels.emplace_back(std::make_pair<>(ref, eventTypeLabels)); - // + // MetricLabels eventTypeAndProtocolLbales = { {METRIC_LABEL_KEY_RECV_EVENT_STAGE, METRIC_LABEL_VALUE_RECV_EVENT_STAGE_AFTER_PERF_WORKER}, {METRIC_LABEL_KEY_EVENT_TYPE, METRIC_LABEL_VALUE_EVENT_TYPE_DATA_EVENT}, @@ -137,29 +136,28 @@ void NetworkObserverSelfMonitor::InitMetric() { mRefAndLabels.emplace_back(std::make_pair<>(ref, eventTypeAndProtocolLbales)); // protocol relative labels ... - MetricLabels httpSuccessLabels = { - {METRIC_LABEL_KEY_RECV_EVENT_STAGE, METRIC_LABEL_VALUE_RECV_EVENT_STAGE_AFTER_PERF_WORKER}, - {METRIC_LABEL_KEY_EVENT_TYPE, METRIC_LABEL_VALUE_EVENT_TYPE_DATA_EVENT}, - {METRIC_LABEL_KEY_PARSER_PROTOCOL, METRIC_LABEL_VALUE_PARSER_PROTOCOL_HTTP}, - {METRIC_LABEL_KEY_PARSE_STATUS, METRIC_LABEL_VALUE_PARSE_STATUS_SUCCESS} - }; + MetricLabels httpSuccessLabels + = {{METRIC_LABEL_KEY_RECV_EVENT_STAGE, METRIC_LABEL_VALUE_RECV_EVENT_STAGE_AFTER_PERF_WORKER}, + {METRIC_LABEL_KEY_EVENT_TYPE, METRIC_LABEL_VALUE_EVENT_TYPE_DATA_EVENT}, + {METRIC_LABEL_KEY_PARSER_PROTOCOL, METRIC_LABEL_VALUE_PARSER_PROTOCOL_HTTP}, + {METRIC_LABEL_KEY_PARSE_STATUS, METRIC_LABEL_VALUE_PARSE_STATUS_SUCCESS}}; ref = mPluginMetricMgr->GetOrCreateReentrantMetricsRecordRef(httpSuccessLabels); mParseHTTPEventsSuccessTotal = ref->GetCounter(METRIC_PLUGIN_EBPF_NETWORK_OBSERVER_PROTOCOL_PARSE_RECORDS_TOTAL); mRefAndLabels.emplace_back(std::make_pair<>(ref, httpSuccessLabels)); - MetricLabels httpFailLabels = { - {METRIC_LABEL_KEY_RECV_EVENT_STAGE, METRIC_LABEL_VALUE_RECV_EVENT_STAGE_AFTER_PERF_WORKER}, - {METRIC_LABEL_KEY_EVENT_TYPE, METRIC_LABEL_VALUE_EVENT_TYPE_DATA_EVENT}, - {METRIC_LABEL_KEY_PARSER_PROTOCOL, METRIC_LABEL_VALUE_PARSER_PROTOCOL_HTTP}, - {METRIC_LABEL_KEY_PARSE_STATUS, METRIC_LABEL_VALUE_PARSE_STATUS_FAILED} - }; + MetricLabels httpFailLabels + = {{METRIC_LABEL_KEY_RECV_EVENT_STAGE, METRIC_LABEL_VALUE_RECV_EVENT_STAGE_AFTER_PERF_WORKER}, + {METRIC_LABEL_KEY_EVENT_TYPE, METRIC_LABEL_VALUE_EVENT_TYPE_DATA_EVENT}, + {METRIC_LABEL_KEY_PARSER_PROTOCOL, METRIC_LABEL_VALUE_PARSER_PROTOCOL_HTTP}, + {METRIC_LABEL_KEY_PARSE_STATUS, METRIC_LABEL_VALUE_PARSE_STATUS_FAILED}}; ref = mPluginMetricMgr->GetOrCreateReentrantMetricsRecordRef(httpFailLabels); mParseHTTPEventsFailTotal = ref->GetCounter(METRIC_PLUGIN_EBPF_NETWORK_OBSERVER_PROTOCOL_PARSE_RECORDS_TOTAL); mRefAndLabels.emplace_back(std::make_pair<>(ref, httpFailLabels)); } void NetworkObserverSelfMonitor::HandleStatistic(nami::eBPFStatistics& stats) { - if (!stats.updated_) return; + if (!stats.updated_) + return; UpdateMetricInner(stats); // recv kernel events metric assert(stats.plugin_type_ == nami::PluginType::NETWORK_OBSERVE); @@ -177,47 +175,53 @@ void NetworkObserverSelfMonitor::HandleStatistic(nami::eBPFStatistics& stats) { mAggMapEntitiesNum->Set(currNetworkStatsPtr->agg_map_entities_num_); } -eBPFSelfMonitorMgr::eBPFSelfMonitorMgr() : mSelfMonitors({}), mInited({}) {} +eBPFSelfMonitorMgr::eBPFSelfMonitorMgr() = default; -void eBPFSelfMonitorMgr::Init(const nami::PluginType type, PluginMetricManagerPtr mgr, const std::string& name, const std::string& logstore) { - if (mInited[int(type)]) return; +void eBPFSelfMonitorMgr::Init(const nami::PluginType type, + PluginMetricManagerPtr mgr, + const std::string& name, + const std::string& logstore) { + if (mInited[int(type)]) + return; WriteLock lk(mLock); // double check - if (mInited[int(type)]) return; + if (mInited[int(type)]) + return; - switch (type) - { - case nami::PluginType::NETWORK_OBSERVE: { - mSelfMonitors[int(type)] = std::make_unique(name, mgr); - break; - } - case nami::PluginType::NETWORK_SECURITY: { - mSelfMonitors[int(type)] = std::make_unique(name, mgr); - break; - } - case nami::PluginType::FILE_SECURITY: { - mSelfMonitors[int(type)] = std::make_unique(name, mgr); - break; - } - case nami::PluginType::PROCESS_SECURITY: { - mSelfMonitors[int(type)] = std::make_unique(name, mgr); - break; - } - default: - break; + switch (type) { + case nami::PluginType::NETWORK_OBSERVE: { + mSelfMonitors[int(type)] = std::make_unique(name, mgr); + break; + } + case nami::PluginType::NETWORK_SECURITY: { + mSelfMonitors[int(type)] = std::make_unique(name, mgr); + break; + } + case nami::PluginType::FILE_SECURITY: { + mSelfMonitors[int(type)] = std::make_unique(name, mgr); + break; + } + case nami::PluginType::PROCESS_SECURITY: { + mSelfMonitors[int(type)] = std::make_unique(name, mgr); + break; + } + default: + break; } mSelfMonitors[int(type)]->InitMetric(); mInited[int(type)] = true; } void eBPFSelfMonitorMgr::Release(const nami::PluginType type) { - if (!mInited[int(type)]) return; + if (!mInited[int(type)]) + return; WriteLock lk(mLock); // double check - if (!mInited[int(type)]) return; + if (!mInited[int(type)]) + return; if (mSelfMonitors[int(type)]) { mSelfMonitors[int(type)]->ReleaseMetric(); mSelfMonitors[int(type)].reset(); @@ -247,5 +251,5 @@ void eBPFSelfMonitorMgr::HandleStatistic(std::vector& stat } } -} -} +} // namespace ebpf +} // namespace logtail diff --git a/core/ebpf/SelfMonitor.h b/core/ebpf/SelfMonitor.h index 9d31f96550..2e41a7d4f2 100644 --- a/core/ebpf/SelfMonitor.h +++ b/core/ebpf/SelfMonitor.h @@ -14,15 +14,15 @@ #pragma once -#include #include #include +#include -#include "ebpf/include/export.h" -#include "monitor/metric_models/ReentrantMetricsRecord.h" #include "common/Lock.h" -#include "monitor/metric_models/MetricTypes.h" +#include "ebpf/include/export.h" #include "monitor/metric_constants/MetricConstants.h" +#include "monitor/metric_models/MetricTypes.h" +#include "monitor/metric_models/ReentrantMetricsRecord.h" namespace logtail { namespace ebpf { @@ -33,9 +33,9 @@ class BaseBPFMonitor { virtual void InitMetric(); virtual void ReleaseMetric(); virtual ~BaseBPFMonitor() = default; + protected: - BaseBPFMonitor(const std::string& name, PluginMetricManagerPtr mgr) - : mPipelineName(name), mPluginMetricMgr(mgr) {} + BaseBPFMonitor(const std::string& name, PluginMetricManagerPtr mgr) : mPipelineName(name), mPluginMetricMgr(mgr) {} // attention: not thread safe!! void InitMetricInner(); @@ -65,15 +65,13 @@ class BaseBPFMonitor { class NetworkObserverSelfMonitor : public BaseBPFMonitor { public: - NetworkObserverSelfMonitor(const std::string& name, PluginMetricManagerPtr mgr/**/) - : BaseBPFMonitor(name, mgr) {} + NetworkObserverSelfMonitor(const std::string& name, PluginMetricManagerPtr mgr /**/) : BaseBPFMonitor(name, mgr) {} void InitMetric() override; void HandleStatistic(nami::eBPFStatistics& stats) override; private: - // recv kernel events metric CounterPtr mRecvConnStatsTotal; CounterPtr mRecvCtrlEventsTotal; @@ -95,47 +93,48 @@ class NetworkObserverSelfMonitor : public BaseBPFMonitor { class NetworkSecuritySelfMonitor : public BaseBPFMonitor { public: - NetworkSecuritySelfMonitor(const std::string& name, PluginMetricManagerPtr mgr) - : BaseBPFMonitor(name, mgr) {} + NetworkSecuritySelfMonitor(const std::string& name, PluginMetricManagerPtr mgr) : BaseBPFMonitor(name, mgr) {} void HandleStatistic(nami::eBPFStatistics& stats) override { - if (!stats.updated_) return; + if (!stats.updated_) + return; UpdateMetricInner(stats); } }; class ProcessSecuritySelfMonitor : public BaseBPFMonitor { public: - ProcessSecuritySelfMonitor(const std::string& name, PluginMetricManagerPtr mgr) - : BaseBPFMonitor(name, mgr) {} + ProcessSecuritySelfMonitor(const std::string& name, PluginMetricManagerPtr mgr) : BaseBPFMonitor(name, mgr) {} }; class FileSecuritySelfMonitor : public BaseBPFMonitor { public: - FileSecuritySelfMonitor(const std::string& name, PluginMetricManagerPtr mgr) - : BaseBPFMonitor(name, mgr) {} + FileSecuritySelfMonitor(const std::string& name, PluginMetricManagerPtr mgr) : BaseBPFMonitor(name, mgr) {} }; /** - * eBPFSelfMonitorMgr is only used to manage the self-monitoring data in libnetwork_observer.so, updating the statistics through callbacks. + * eBPFSelfMonitorMgr is only used to manage the self-monitoring data in libnetwork_observer.so, updating the + * statistics through callbacks. */ class eBPFSelfMonitorMgr { public: eBPFSelfMonitorMgr(); - void Init(const nami::PluginType type, PluginMetricManagerPtr mgr, const std::string& name, const std::string& project); + void + Init(const nami::PluginType type, PluginMetricManagerPtr mgr, const std::string& name, const std::string& project); void Release(const nami::PluginType type); void Suspend(const nami::PluginType type); void HandleStatistic(std::vector& stats); + private: // `mLock` is used to protect mSelfMonitors ReadWriteLock mLock; - std::array, int(nami::PluginType::MAX)> mSelfMonitors; - std::array mInited; - + std::array, int(nami::PluginType::MAX)> mSelfMonitors = {}; + std::array mInited = {}; + #ifdef APSARA_UNIT_TEST_MAIN friend class eBPFServerUnittest; #endif }; -} // ebpf -} // logtail \ No newline at end of file +} // namespace ebpf +} // namespace logtail \ No newline at end of file diff --git a/core/ebpf/SourceManager.cpp b/core/ebpf/SourceManager.cpp index caa15f374d..bec73cffeb 100644 --- a/core/ebpf/SourceManager.cpp +++ b/core/ebpf/SourceManager.cpp @@ -13,26 +13,29 @@ // limitations under the License. #include "ebpf/SourceManager.h" -#include "common/RuntimeUtil.h" -#include "logger/Logger.h" -#include "ebpf/include/SysAkApi.h" -#include "common/MachineInfoUtil.h" -#include "common/LogtailCommonFlags.h" -#include "app_config/AppConfig.h" -#include +#include + #include #include -#include +#include + +#include "app_config/AppConfig.h" +#include "common/LogtailCommonFlags.h" +#include "common/MachineInfoUtil.h" +#include "common/RuntimeUtil.h" +#include "ebpf/include/SysAkApi.h" +#include "logger/Logger.h" -namespace logtail{ +namespace logtail { namespace ebpf { #define LOAD_EBPF_FUNC_ADDR(funcName) \ ({ \ void* funcPtr = tmp_lib->LoadMethod(#funcName, loadErr); \ if (funcPtr == NULL) { \ - LOG_ERROR(sLogger, ("[source_manager] load ebpf method", "failed")("method", #funcName)("error", loadErr)); \ + LOG_ERROR(sLogger, \ + ("[source_manager] load ebpf method", "failed")("method", #funcName)("error", loadErr)); \ } \ funcPtr; \ }) @@ -61,184 +64,190 @@ SourceManager::~SourceManager() { return; } - for (size_t i = 0; i < mRunning.size(); i++) { - auto& x = mRunning[i]; - if (!x) { - continue; + for (size_t i = 0; i < mRunning.size(); i++) { + auto& x = mRunning[i]; + if (!x) { + continue; + } + // stop plugin + StopPlugin(static_cast(i)); } - // stop plugin - StopPlugin(static_cast(i)); - } #ifdef APSARA_UNIT_TEST_MAIN - return; + return; #endif - // call deinit - void* f = mFuncs[(int)ebpf_func::EBPF_DEINIT]; - if (!f) { - return; - } + // call deinit + void* f = mFuncs[(int)ebpf_func::EBPF_DEINIT]; + if (!f) { + return; + } - auto deinit_f = (deinit_func)f; - deinit_f(); + auto deinit_f = (deinit_func)f; + deinit_f(); } void SourceManager::Init() { - mHostIp = GetHostIp(); - mHostName = GetHostName(); - - // read host path prefix - if (AppConfig::GetInstance()->IsPurageContainerMode()) { - mHostPathPrefix = STRING_FLAG(default_container_host_path); - LOG_DEBUG(sLogger, ("running in container mode, would set host path prefix to ", mHostPathPrefix)); - } else { - LOG_DEBUG(sLogger, ("running in host mode", "would not set host path prefix ...")); - } - - mBinaryPath = GetProcessExecutionDir(); - mFullLibName = "lib" + m_lib_name_ + ".so"; - for (auto& x : mRunning) { - x = false; - } + mHostIp = GetHostIp(); + mHostName = GetHostName(); + + // read host path prefix + if (AppConfig::GetInstance()->IsPurageContainerMode()) { + mHostPathPrefix = STRING_FLAG(default_container_host_path); + LOG_DEBUG(sLogger, ("running in container mode, would set host path prefix to ", mHostPathPrefix)); + } else { + LOG_DEBUG(sLogger, ("running in host mode", "would not set host path prefix ...")); + } + + mBinaryPath = GetProcessExecutionDir(); + mFullLibName = "lib" + m_lib_name_ + ".so"; + for (auto& x : mRunning) { + x = false; + } } bool SourceManager::LoadDynamicLib(const std::string& lib_name) { - if (DynamicLibSuccess()) { - // already load - return true; - } + if (DynamicLibSuccess()) { + // already load + return true; + } #ifdef APSARA_UNIT_TEST_MAIN return true; #endif - std::shared_ptr tmp_lib = std::make_shared(); - LOG_INFO(sLogger, ("[SourceManager] begin load ebpf dylib, path:", mBinaryPath)); - std::string loadErr; - if (!tmp_lib->LoadDynLib(lib_name, loadErr, mBinaryPath)) { - LOG_ERROR(sLogger, ("failed to load ebpf dynamic library, path", mBinaryPath)("error", loadErr)); - return false; - } - // init funcs - // set offset configs - // init config - // this memory will be managed by plugin - - mFuncs[(int)ebpf_func::EBPF_INIT] = LOAD_EBPF_FUNC_ADDR(init); - mFuncs[(int)ebpf_func::EBPF_UPDATE] = LOAD_EBPF_FUNC_ADDR(update); - mFuncs[(int)ebpf_func::EBPF_SUSPEND] = LOAD_EBPF_FUNC_ADDR(suspend); - mFuncs[(int)ebpf_func::EBPF_DEINIT] = LOAD_EBPF_FUNC_ADDR(deinit); - mFuncs[(int)ebpf_func::EBPF_REMOVE] = LOAD_EBPF_FUNC_ADDR(removep); - mFuncs[(int)ebpf_func::EBPF_SOCKET_TRACE_CLEAN_UP_DOG] = LOAD_EBPF_FUNC_ADDR(ebpf_cleanup_dog); - mFuncs[(int)ebpf_func::EBPF_SOCKET_TRACE_UPDATE_CONN_ROLE] = LOAD_EBPF_FUNC_ADDR(ebpf_update_conn_role); - mFuncs[(int)ebpf_func::EBPF_SOCKET_TRACE_DISABLE_PROCESS] = LOAD_EBPF_FUNC_ADDR(ebpf_disable_process); - mFuncs[(int)ebpf_func::EBPF_SOCKET_TRACE_UPDATE_CONN_ADDR] = LOAD_EBPF_FUNC_ADDR(ebpf_update_conn_addr); - - mOffsets[(int)ebpf_func::EBPF_INIT] = LOAD_UPROBE_OFFSET(mFuncs[(int)ebpf_func::EBPF_INIT]); - mOffsets[(int)ebpf_func::EBPF_UPDATE] = LOAD_UPROBE_OFFSET(mFuncs[(int)ebpf_func::EBPF_UPDATE]); - mOffsets[(int)ebpf_func::EBPF_SUSPEND] = LOAD_UPROBE_OFFSET(mFuncs[(int)ebpf_func::EBPF_SUSPEND]); - mOffsets[(int)ebpf_func::EBPF_DEINIT] = LOAD_UPROBE_OFFSET(mFuncs[(int)ebpf_func::EBPF_DEINIT]); - mOffsets[(int)ebpf_func::EBPF_REMOVE] = LOAD_UPROBE_OFFSET(mFuncs[(int)ebpf_func::EBPF_REMOVE]); - mOffsets[(int)ebpf_func::EBPF_SOCKET_TRACE_CLEAN_UP_DOG] = LOAD_UPROBE_OFFSET(mFuncs[(int)ebpf_func::EBPF_SOCKET_TRACE_CLEAN_UP_DOG]); - mOffsets[(int)ebpf_func::EBPF_SOCKET_TRACE_UPDATE_CONN_ROLE] = LOAD_UPROBE_OFFSET(mFuncs[(int)ebpf_func::EBPF_SOCKET_TRACE_UPDATE_CONN_ROLE]); - mOffsets[(int)ebpf_func::EBPF_SOCKET_TRACE_DISABLE_PROCESS] = LOAD_UPROBE_OFFSET(mFuncs[(int)ebpf_func::EBPF_SOCKET_TRACE_DISABLE_PROCESS]); - mOffsets[(int)ebpf_func::EBPF_SOCKET_TRACE_UPDATE_CONN_ADDR] = LOAD_UPROBE_OFFSET(mFuncs[(int)ebpf_func::EBPF_SOCKET_TRACE_UPDATE_CONN_ADDR]); - - // check function load success - if (std::any_of(mFuncs.begin(), mFuncs.end(), [](auto* x) { return x == nullptr; })) { - return false; - } - - // update meta - mLib = std::move(tmp_lib); - - return true; + std::shared_ptr tmp_lib = std::make_shared(); + LOG_INFO(sLogger, ("[SourceManager] begin load ebpf dylib, path:", mBinaryPath)); + std::string loadErr; + if (!tmp_lib->LoadDynLib(lib_name, loadErr, mBinaryPath)) { + LOG_ERROR(sLogger, ("failed to load ebpf dynamic library, path", mBinaryPath)("error", loadErr)); + return false; + } + // init funcs + // set offset configs + // init config + // this memory will be managed by plugin + + mFuncs[(int)ebpf_func::EBPF_INIT] = LOAD_EBPF_FUNC_ADDR(init); + mFuncs[(int)ebpf_func::EBPF_UPDATE] = LOAD_EBPF_FUNC_ADDR(update); + mFuncs[(int)ebpf_func::EBPF_SUSPEND] = LOAD_EBPF_FUNC_ADDR(suspend); + mFuncs[(int)ebpf_func::EBPF_DEINIT] = LOAD_EBPF_FUNC_ADDR(deinit); + mFuncs[(int)ebpf_func::EBPF_REMOVE] = LOAD_EBPF_FUNC_ADDR(removep); + mFuncs[(int)ebpf_func::EBPF_SOCKET_TRACE_CLEAN_UP_DOG] = LOAD_EBPF_FUNC_ADDR(ebpf_cleanup_dog); + mFuncs[(int)ebpf_func::EBPF_SOCKET_TRACE_UPDATE_CONN_ROLE] = LOAD_EBPF_FUNC_ADDR(ebpf_update_conn_role); + mFuncs[(int)ebpf_func::EBPF_SOCKET_TRACE_DISABLE_PROCESS] = LOAD_EBPF_FUNC_ADDR(ebpf_disable_process); + mFuncs[(int)ebpf_func::EBPF_SOCKET_TRACE_UPDATE_CONN_ADDR] = LOAD_EBPF_FUNC_ADDR(ebpf_update_conn_addr); + + mOffsets[(int)ebpf_func::EBPF_INIT] = LOAD_UPROBE_OFFSET(mFuncs[(int)ebpf_func::EBPF_INIT]); + mOffsets[(int)ebpf_func::EBPF_UPDATE] = LOAD_UPROBE_OFFSET(mFuncs[(int)ebpf_func::EBPF_UPDATE]); + mOffsets[(int)ebpf_func::EBPF_SUSPEND] = LOAD_UPROBE_OFFSET(mFuncs[(int)ebpf_func::EBPF_SUSPEND]); + mOffsets[(int)ebpf_func::EBPF_DEINIT] = LOAD_UPROBE_OFFSET(mFuncs[(int)ebpf_func::EBPF_DEINIT]); + mOffsets[(int)ebpf_func::EBPF_REMOVE] = LOAD_UPROBE_OFFSET(mFuncs[(int)ebpf_func::EBPF_REMOVE]); + mOffsets[(int)ebpf_func::EBPF_SOCKET_TRACE_CLEAN_UP_DOG] + = LOAD_UPROBE_OFFSET(mFuncs[(int)ebpf_func::EBPF_SOCKET_TRACE_CLEAN_UP_DOG]); + mOffsets[(int)ebpf_func::EBPF_SOCKET_TRACE_UPDATE_CONN_ROLE] + = LOAD_UPROBE_OFFSET(mFuncs[(int)ebpf_func::EBPF_SOCKET_TRACE_UPDATE_CONN_ROLE]); + mOffsets[(int)ebpf_func::EBPF_SOCKET_TRACE_DISABLE_PROCESS] + = LOAD_UPROBE_OFFSET(mFuncs[(int)ebpf_func::EBPF_SOCKET_TRACE_DISABLE_PROCESS]); + mOffsets[(int)ebpf_func::EBPF_SOCKET_TRACE_UPDATE_CONN_ADDR] + = LOAD_UPROBE_OFFSET(mFuncs[(int)ebpf_func::EBPF_SOCKET_TRACE_UPDATE_CONN_ADDR]); + + // check function load success + if (std::any_of(mFuncs.begin(), mFuncs.end(), [](auto* x) { return x == nullptr; })) { + return false; + } + + // update meta + mLib = std::move(tmp_lib); + + return true; } bool SourceManager::DynamicLibSuccess() { #ifdef APSARA_UNIT_TEST_MAIN return true; #endif - if (!mLib) return false; - if (!std::all_of(mFuncs.begin(), mFuncs.end(), [](auto* x) { return x != nullptr; })) { - return false; - } - return true; + if (!mLib) + return false; + if (!std::all_of(mFuncs.begin(), mFuncs.end(), [](auto* x) { return x != nullptr; })) { + return false; + } + return true; } void SourceManager::FillCommonConf(std::unique_ptr& conf) { - conf->host_ip_ = mHostIp; - conf->host_name_ = mHostName; - conf->host_path_prefix_ = mHostPathPrefix; - if (conf->plugin_type_ == nami::PluginType::NETWORK_OBSERVE) { - auto cc = std::get(conf->config_); - // set so addr - cc.so_ = std::filesystem::path(mBinaryPath) / mFullLibName; - cc.so_size_ = cc.so_.length(); - cc.uprobe_offset_ = mOffsets[(int)ebpf_func::EBPF_SOCKET_TRACE_CLEAN_UP_DOG]; - cc.upcr_offset_ = mOffsets[(int)ebpf_func::EBPF_SOCKET_TRACE_UPDATE_CONN_ROLE]; - cc.upps_offset_ = mOffsets[(int)ebpf_func::EBPF_SOCKET_TRACE_DISABLE_PROCESS]; - cc.upca_offset_ = mOffsets[(int)ebpf_func::EBPF_SOCKET_TRACE_UPDATE_CONN_ADDR]; - conf->config_ = cc; - } + conf->host_ip_ = mHostIp; + conf->host_name_ = mHostName; + conf->host_path_prefix_ = mHostPathPrefix; + if (conf->plugin_type_ == nami::PluginType::NETWORK_OBSERVE) { + auto cc = std::get(conf->config_); + // set so addr + cc.so_ = std::filesystem::path(mBinaryPath) / mFullLibName; + cc.so_size_ = cc.so_.length(); + cc.uprobe_offset_ = mOffsets[(int)ebpf_func::EBPF_SOCKET_TRACE_CLEAN_UP_DOG]; + cc.upcr_offset_ = mOffsets[(int)ebpf_func::EBPF_SOCKET_TRACE_UPDATE_CONN_ROLE]; + cc.upps_offset_ = mOffsets[(int)ebpf_func::EBPF_SOCKET_TRACE_DISABLE_PROCESS]; + cc.upca_offset_ = mOffsets[(int)ebpf_func::EBPF_SOCKET_TRACE_UPDATE_CONN_ADDR]; + conf->config_ = cc; + } } bool SourceManager::CheckPluginRunning(nami::PluginType plugin_type) { - if (!LoadDynamicLib(m_lib_name_)) { - LOG_ERROR(sLogger, ("dynamic lib not load, plugin type:", int(plugin_type))); - return false; - } + if (!LoadDynamicLib(m_lib_name_)) { + LOG_ERROR(sLogger, ("dynamic lib not load, plugin type:", int(plugin_type))); + return false; + } - return mRunning[int(plugin_type)]; + return mRunning[int(plugin_type)]; } bool SourceManager::StartPlugin(nami::PluginType plugin_type, std::unique_ptr conf) { - if (CheckPluginRunning(plugin_type)) { - // plugin update ... - return UpdatePlugin(plugin_type, std::move(conf)); - } - - // plugin not started ... - LOG_INFO(sLogger, ("begin to start plugin, type", int(plugin_type))); - conf->type = UpdataType::SECURE_UPDATE_TYPE_ENABLE_PROBE; - FillCommonConf(conf); + if (CheckPluginRunning(plugin_type)) { + // plugin update ... + return UpdatePlugin(plugin_type, std::move(conf)); + } + + // plugin not started ... + LOG_INFO(sLogger, ("begin to start plugin, type", int(plugin_type))); + conf->type = UpdataType::SECURE_UPDATE_TYPE_ENABLE_PROBE; + FillCommonConf(conf); #ifdef APSARA_UNIT_TEST_MAIN mConfig = std::move(conf); mRunning[int(plugin_type)] = true; return true; #endif - void* f = mFuncs[(int)ebpf_func::EBPF_INIT]; - if (!f) { - LOG_ERROR(sLogger, ("failed to load dynamic lib, init func ptr is null", int(plugin_type))); - return false; - } - auto init_f = (init_func)f; - int res = init_f(conf.get()); - if (!res) mRunning[int(plugin_type)] = true; - return !res; + void* f = mFuncs[(int)ebpf_func::EBPF_INIT]; + if (!f) { + LOG_ERROR(sLogger, ("failed to load dynamic lib, init func ptr is null", int(plugin_type))); + return false; + } + auto init_f = (init_func)f; + int res = init_f(conf.get()); + if (!res) + mRunning[int(plugin_type)] = true; + return !res; } bool SourceManager::UpdatePlugin(nami::PluginType plugin_type, std::unique_ptr conf) { - if (!CheckPluginRunning(plugin_type)) { - LOG_ERROR(sLogger, ("plugin not started, type", int(plugin_type))); - return false; - } - - LOG_INFO(sLogger, ("begin to update plugin, type", int(plugin_type))); - conf->type = UpdataType::SECURE_UPDATE_TYPE_CONFIG_CHAGE; - FillCommonConf(conf); + if (!CheckPluginRunning(plugin_type)) { + LOG_ERROR(sLogger, ("plugin not started, type", int(plugin_type))); + return false; + } + + LOG_INFO(sLogger, ("begin to update plugin, type", int(plugin_type))); + conf->type = UpdataType::SECURE_UPDATE_TYPE_CONFIG_CHAGE; + FillCommonConf(conf); #ifdef APSARA_UNIT_TEST_MAIN - mConfig = std::move(conf); - return true; + mConfig = std::move(conf); + return true; #endif - void* f = mFuncs[(int)ebpf_func::EBPF_UPDATE]; - if (!f) { - LOG_ERROR(sLogger, ("failed to load dynamic lib, update func ptr is null", int(plugin_type))); - return false; - } - - auto update_f = (update_func)f; - int res = update_f(conf.get()); - return !res; + void* f = mFuncs[(int)ebpf_func::EBPF_UPDATE]; + if (!f) { + LOG_ERROR(sLogger, ("failed to load dynamic lib, update func ptr is null", int(plugin_type))); + return false; + } + + auto update_f = (update_func)f; + int res = update_f(conf.get()); + return !res; } bool SourceManager::SuspendPlugin(nami::PluginType plugin_type) { @@ -250,49 +259,50 @@ bool SourceManager::SuspendPlugin(nami::PluginType plugin_type) { config->plugin_type_ = plugin_type; config->type = UpdataType::SECURE_UPDATE_TYPE_SUSPEND_PROBE; #ifdef APSARA_UNIT_TEST_MAIN - mConfig = std::move(config); - return true; + mConfig = std::move(config); + return true; #endif - // ensure that sysak would not call handle() - void* f = mFuncs[(int)ebpf_func::EBPF_SUSPEND]; - if (!f) { - LOG_ERROR(sLogger, ("failed to load dynamic lib, suspend func ptr is null", int(plugin_type))); - return false; - } + // ensure that sysak would not call handle() + void* f = mFuncs[(int)ebpf_func::EBPF_SUSPEND]; + if (!f) { + LOG_ERROR(sLogger, ("failed to load dynamic lib, suspend func ptr is null", int(plugin_type))); + return false; + } - auto suspend_f = (suspend_func)f; - int res = suspend_f(config.get()); + auto suspend_f = (suspend_func)f; + int res = suspend_f(config.get()); - return !res; + return !res; } bool SourceManager::StopPlugin(nami::PluginType plugin_type) { - if (!CheckPluginRunning(plugin_type)) { - LOG_WARNING(sLogger, ("plugin not started, do nothing. type", int(plugin_type))); - return true; - } + if (!CheckPluginRunning(plugin_type)) { + LOG_WARNING(sLogger, ("plugin not started, do nothing. type", int(plugin_type))); + return true; + } - auto config = std::make_unique(); - config->plugin_type_ = plugin_type; - config->type = UpdataType::SECURE_UPDATE_TYPE_DISABLE_PROBE; + auto config = std::make_unique(); + config->plugin_type_ = plugin_type; + config->type = UpdataType::SECURE_UPDATE_TYPE_DISABLE_PROBE; #ifdef APSARA_UNIT_TEST_MAIN - mConfig = std::move(config); - mRunning[int(plugin_type)] = false; - return true; + mConfig = std::move(config); + mRunning[int(plugin_type)] = false; + return true; #endif - void* f = mFuncs[(int)ebpf_func::EBPF_REMOVE]; - if (!f) { - LOG_ERROR(sLogger, ("failed to load dynamic lib, remove func ptr is null", int(plugin_type))); - return false; - } + void* f = mFuncs[(int)ebpf_func::EBPF_REMOVE]; + if (!f) { + LOG_ERROR(sLogger, ("failed to load dynamic lib, remove func ptr is null", int(plugin_type))); + return false; + } - auto remove_f = (remove_func)f; - int res = remove_f(config.get()); - if (!res) mRunning[int(plugin_type)] = false; - return !res; + auto remove_f = (remove_func)f; + int res = remove_f(config.get()); + if (!res) + mRunning[int(plugin_type)] = false; + return !res; } -} -} +} // namespace ebpf +} // namespace logtail diff --git a/core/ebpf/SourceManager.h b/core/ebpf/SourceManager.h index 77784da6f7..d659f165f9 100644 --- a/core/ebpf/SourceManager.h +++ b/core/ebpf/SourceManager.h @@ -15,46 +15,47 @@ #pragma once #include + +#include +#include +#include +#include #include -#include -#include #include +#include #include -#include -#include -#include -#include +#include -#include "ebpf/include/export.h" -#include "ebpf/include/SysAkApi.h" #include "common/DynamicLibHelper.h" +#include "ebpf/include/SysAkApi.h" +#include "ebpf/include/export.h" namespace logtail { namespace ebpf { enum class eBPFPluginType { - SOCKETTRACE = 0, - PROCESS = 1, - MAX = 2, + SOCKETTRACE = 0, + PROCESS = 1, + MAX = 2, }; class SourceManager { public: const std::string m_lib_name_ = "network_observer"; - + SourceManager(const SourceManager&) = delete; SourceManager& operator=(const SourceManager&) = delete; void Init(); bool StartPlugin(nami::PluginType plugin_type, std::unique_ptr conf); - + bool StopPlugin(nami::PluginType plugin_type); bool SuspendPlugin(nami::PluginType plugin_type); bool CheckPluginRunning(nami::PluginType plugin_type); - + SourceManager(); ~SourceManager(); @@ -93,5 +94,5 @@ class SourceManager { #endif }; -} -} +} // namespace ebpf +} // namespace logtail diff --git a/core/ebpf/eBPFServer.cpp b/core/ebpf/eBPFServer.cpp index 0654a7f6a3..4106c80271 100644 --- a/core/ebpf/eBPFServer.cpp +++ b/core/ebpf/eBPFServer.cpp @@ -12,21 +12,23 @@ // See the License for the specific language governing permissions and // limitations under the License. -#include +#include "ebpf/eBPFServer.h" + +#include + +#include #include #include -#include -#include +#include #include "app_config/AppConfig.h" -#include "ebpf/config.h" -#include "ebpf/eBPFServer.h" -#include "logger/Logger.h" -#include "ebpf/include/export.h" +#include "common/Lock.h" #include "common/LogtailCommonFlags.h" #include "common/MachineInfoUtil.h" +#include "ebpf/Config.h" +#include "ebpf/include/export.h" +#include "logger/Logger.h" #include "monitor/metric_models/ReentrantMetricsRecord.h" -#include "common/Lock.h" DEFINE_FLAG_INT64(kernel_min_version_for_ebpf, "the minimum kernel version that supported eBPF normal running, 4.19.0.0 -> 4019000000", @@ -45,23 +47,23 @@ bool EnvManager::IsSupportedEnv(nami::PluginType type) { return false; } bool status = false; - switch (type) - { - case nami::PluginType::NETWORK_OBSERVE: - status = mArchSupport && (mBTFSupport || m310Support); - break; - case nami::PluginType::FILE_SECURITY: - case nami::PluginType::NETWORK_SECURITY: - case nami::PluginType::PROCESS_SECURITY: { - status = mArchSupport && mBTFSupport; - break; - } - default: - status = false; + switch (type) { + case nami::PluginType::NETWORK_OBSERVE: + status = mArchSupport && (mBTFSupport || m310Support); + break; + case nami::PluginType::FILE_SECURITY: + case nami::PluginType::NETWORK_SECURITY: + case nami::PluginType::PROCESS_SECURITY: { + status = mArchSupport && mBTFSupport; + break; + } + default: + status = false; } if (!status) { - LOG_WARNING(sLogger, ("runtime env not supported, plugin type: ", int(type)) - ("arch support is ", mArchSupport) ("btf support is ", mBTFSupport) ("310 support is ", m310Support)); + LOG_WARNING(sLogger, + ("runtime env not supported, plugin type: ", int(type))("arch support is ", mArchSupport)( + "btf support is ", mBTFSupport)("310 support is ", m310Support)); } return status; } @@ -71,7 +73,8 @@ bool EnvManager::AbleToLoadDyLib() { } void EnvManager::InitEnvInfo() { - if (mInited) return; + if (mInited) + return; mInited = true; #ifdef _MSC_VER @@ -95,7 +98,7 @@ void EnvManager::InitEnvInfo() { std::string release; int64_t version; GetKernelInfo(release, version); - LOG_INFO(sLogger, ("ebpf kernel release", release) ("kernel version", version)); + LOG_INFO(sLogger, ("ebpf kernel release", release)("kernel version", version)); if (release.empty()) { LOG_WARNING(sLogger, ("cannot find kernel release", "")); mBTFSupport = false; @@ -106,8 +109,7 @@ void EnvManager::InitEnvInfo() { return; } if (version / 1000000 != KERNEL_VERSION_310) { - LOG_WARNING(sLogger, - ("unsupported kernel version, will not start eBPF plugin ... version", version)); + LOG_WARNING(sLogger, ("unsupported kernel version, will not start eBPF plugin ... version", version)); m310Support = false; return; } @@ -116,19 +118,18 @@ void EnvManager::InitEnvInfo() { int64_t osVersion; if (GetRedHatReleaseInfo(os, osVersion, STRING_FLAG(default_container_host_path)) || GetRedHatReleaseInfo(os, osVersion)) { - if(os == KERNEL_NAME_CENTOS && osVersion >= KERNEL_CENTOS_MIN_VERSION) { + if (os == KERNEL_NAME_CENTOS && osVersion >= KERNEL_CENTOS_MIN_VERSION) { m310Support = true; return; } else { - LOG_WARNING(sLogger, - ("unsupported os for 310 kernel, will not start eBPF plugin ...", "") - ("os", os)("version", osVersion)); + LOG_WARNING( + sLogger, + ("unsupported os for 310 kernel, will not start eBPF plugin ...", "")("os", os)("version", osVersion)); m310Support = false; return; } } - LOG_WARNING(sLogger, - ("not redhat release, will not start eBPF plugin ...", "")); + LOG_WARNING(sLogger, ("not redhat release, will not start eBPF plugin ...", "")); m310Support = false; } @@ -150,10 +151,11 @@ void eBPFServer::Init() { mMonitorMgr = std::make_unique(); DynamicMetricLabels dynamicLabels; dynamicLabels.emplace_back(METRIC_LABEL_KEY_PROJECT, [this]() -> std::string { return this->GetAllProjects(); }); - WriteMetrics::GetInstance()->PrepareMetricsRecordRef(mRef, - MetricCategory::METRIC_CATEGORY_RUNNER, - {{METRIC_LABEL_KEY_RUNNER_NAME, METRIC_LABEL_VALUE_RUNNER_NAME_EBPF_SERVER}}, - std::move(dynamicLabels)); + WriteMetrics::GetInstance()->PrepareMetricsRecordRef( + mRef, + MetricCategory::METRIC_CATEGORY_RUNNER, + {{METRIC_LABEL_KEY_RUNNER_NAME, METRIC_LABEL_VALUE_RUNNER_NAME_EBPF_SERVER}}, + std::move(dynamicLabels)); mStartPluginTotal = mRef.CreateCounter(METRIC_RUNNER_EBPF_START_PLUGIN_TOTAL); mStopPluginTotal = mRef.CreateCounter(METRIC_RUNNER_EBPF_STOP_PLUGIN_TOTAL); @@ -179,22 +181,29 @@ void eBPFServer::Init() { } void eBPFServer::Stop() { - if (!mInited) return; + if (!mInited) + return; mInited = false; LOG_INFO(sLogger, ("begin to stop all plugins", "")); - // destroy source manager + // destroy source manager mSourceManager.reset(); - for (int i = 0; i < int(nami::PluginType::MAX); i ++) { + for (int i = 0; i < int(nami::PluginType::MAX); i++) { UpdatePipelineName(static_cast(i), "", ""); } // UpdateContext must after than StopPlugin - if (mEventCB) mEventCB->UpdateContext(nullptr, -1, -1); - if (mMeterCB) mMeterCB->UpdateContext(nullptr, -1, -1); - if (mSpanCB) mSpanCB->UpdateContext(nullptr,-1, -1); - if (mNetworkSecureCB) mNetworkSecureCB->UpdateContext(nullptr,-1, -1); - if (mProcessSecureCB) mProcessSecureCB->UpdateContext(nullptr,-1, -1); - if (mFileSecureCB) mFileSecureCB->UpdateContext(nullptr, -1, -1); + if (mEventCB) + mEventCB->UpdateContext(nullptr, -1, -1); + if (mMeterCB) + mMeterCB->UpdateContext(nullptr, -1, -1); + if (mSpanCB) + mSpanCB->UpdateContext(nullptr, -1, -1); + if (mNetworkSecureCB) + mNetworkSecureCB->UpdateContext(nullptr, -1, -1); + if (mProcessSecureCB) + mProcessSecureCB->UpdateContext(nullptr, -1, -1); + if (mFileSecureCB) + mFileSecureCB->UpdateContext(nullptr, -1, -1); } bool eBPFServer::StartPluginInternal(const std::string& pipeline_name, @@ -205,8 +214,9 @@ bool eBPFServer::StartPluginInternal(const std::string& pipeline_name, PluginMetricManagerPtr mgr) { std::string prev_pipeline_name = CheckLoadedPipelineName(type); if (prev_pipeline_name.size() && prev_pipeline_name != pipeline_name) { - LOG_WARNING(sLogger, ("pipeline already loaded, plugin type", int(type)) - ("prev pipeline", prev_pipeline_name)("curr pipeline", pipeline_name)); + LOG_WARNING(sLogger, + ("pipeline already loaded, plugin type", + int(type))("prev pipeline", prev_pipeline_name)("curr pipeline", pipeline_name)); return false; } @@ -219,76 +229,88 @@ bool eBPFServer::StartPluginInternal(const std::string& pipeline_name, bool ret = false; auto eBPFConfig = std::make_unique(); eBPFConfig->plugin_type_ = type; - eBPFConfig->stats_handler_ = [this](auto& stats){ return mMonitorMgr->HandleStatistic(stats); }; + eBPFConfig->stats_handler_ = [this](auto& stats) { return mMonitorMgr->HandleStatistic(stats); }; // call update function // step2: call init function - switch(type) { - case nami::PluginType::PROCESS_SECURITY: { - nami::ProcessConfig pconfig; - pconfig.process_security_cb_ = [this](std::vector>& events) { return mProcessSecureCB->handle(events); }; - SecurityOptions* opts = std::get(options); - pconfig.options_ = opts->mOptionList; - // UpdateContext must ahead of StartPlugin - mProcessSecureCB->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index); - eBPFConfig->config_ = std::move(pconfig); - ret = mSourceManager->StartPlugin(type, std::move(eBPFConfig)); - break; - } - - case nami::PluginType::NETWORK_OBSERVE:{ - nami::NetworkObserveConfig nconfig; - nconfig.enable_cid_filter = false; - nami::ObserverNetworkOption* opts = std::get(options); - if (opts->mEnableMetric) { - nconfig.enable_metric_ = true; - nconfig.measure_cb_ = [this](std::vector>& events, auto ts) { return mMeterCB->handle(events, ts); }; - nconfig.enable_metric_ = true; - mMeterCB->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index); - } - if (opts->mEnableSpan) { - nconfig.enable_span_ = true; - nconfig.span_cb_ = [this](std::vector>& events) { return mSpanCB->handle(events); }; - nconfig.enable_span_ = true; - mSpanCB->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index); - } - if (opts->mEnableLog) { - nconfig.enable_event_ = true; - nconfig.event_cb_ = [this](std::vector>& events) { return mEventCB->handle(events); }; - nconfig.enable_event_ = true; - mEventCB->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index); + switch (type) { + case nami::PluginType::PROCESS_SECURITY: { + nami::ProcessConfig pconfig; + pconfig.process_security_cb_ = [this](std::vector>& events) { + return mProcessSecureCB->handle(events); + }; + SecurityOptions* opts = std::get(options); + pconfig.options_ = opts->mOptionList; + // UpdateContext must ahead of StartPlugin + mProcessSecureCB->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index); + eBPFConfig->config_ = std::move(pconfig); + ret = mSourceManager->StartPlugin(type, std::move(eBPFConfig)); + break; } - eBPFConfig->config_ = std::move(nconfig); - ret = mSourceManager->StartPlugin(type, std::move(eBPFConfig)); - break; - } + case nami::PluginType::NETWORK_OBSERVE: { + nami::NetworkObserveConfig nconfig; + nconfig.enable_cid_filter = false; + nami::ObserverNetworkOption* opts = std::get(options); + if (opts->mEnableMetric) { + nconfig.enable_metric_ = true; + nconfig.measure_cb_ = [this](std::vector>& events, auto ts) { + return mMeterCB->handle(events, ts); + }; + nconfig.enable_metric_ = true; + mMeterCB->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index); + } + if (opts->mEnableSpan) { + nconfig.enable_span_ = true; + nconfig.span_cb_ = [this](std::vector>& events) { + return mSpanCB->handle(events); + }; + nconfig.enable_span_ = true; + mSpanCB->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index); + } + if (opts->mEnableLog) { + nconfig.enable_event_ = true; + nconfig.event_cb_ = [this](std::vector>& events) { + return mEventCB->handle(events); + }; + nconfig.enable_event_ = true; + mEventCB->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index); + } + + eBPFConfig->config_ = std::move(nconfig); + ret = mSourceManager->StartPlugin(type, std::move(eBPFConfig)); + break; + } - case nami::PluginType::NETWORK_SECURITY:{ - nami::NetworkSecurityConfig nconfig; - nconfig.network_security_cb_ = [this](std::vector>& events) { return mNetworkSecureCB->handle(events); }; - SecurityOptions* opts = std::get(options); - nconfig.options_ = opts->mOptionList; - eBPFConfig->config_ = std::move(nconfig); - // UpdateContext must ahead of StartPlugin - mNetworkSecureCB->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index); - ret = mSourceManager->StartPlugin(type, std::move(eBPFConfig)); - break; - } + case nami::PluginType::NETWORK_SECURITY: { + nami::NetworkSecurityConfig nconfig; + nconfig.network_security_cb_ = [this](std::vector>& events) { + return mNetworkSecureCB->handle(events); + }; + SecurityOptions* opts = std::get(options); + nconfig.options_ = opts->mOptionList; + eBPFConfig->config_ = std::move(nconfig); + // UpdateContext must ahead of StartPlugin + mNetworkSecureCB->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index); + ret = mSourceManager->StartPlugin(type, std::move(eBPFConfig)); + break; + } - case nami::PluginType::FILE_SECURITY:{ - nami::FileSecurityConfig fconfig; - fconfig.file_security_cb_ = [this](std::vector>& events) { return mFileSecureCB->handle(events); }; - SecurityOptions* opts = std::get(options); - fconfig.options_ = opts->mOptionList; - eBPFConfig->config_ = std::move(fconfig); - // UpdateContext must ahead of StartPlugin - mFileSecureCB->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index); - ret = mSourceManager->StartPlugin(type, std::move(eBPFConfig)); - break; - } - default: - LOG_ERROR(sLogger, ("unknown plugin type", int(type))); - return false; + case nami::PluginType::FILE_SECURITY: { + nami::FileSecurityConfig fconfig; + fconfig.file_security_cb_ = [this](std::vector>& events) { + return mFileSecureCB->handle(events); + }; + SecurityOptions* opts = std::get(options); + fconfig.options_ = opts->mOptionList; + eBPFConfig->config_ = std::move(fconfig); + // UpdateContext must ahead of StartPlugin + mFileSecureCB->UpdateContext(ctx, ctx->GetProcessQueueKey(), plugin_index); + ret = mSourceManager->StartPlugin(type, std::move(eBPFConfig)); + break; + } + default: + LOG_ERROR(sLogger, ("unknown plugin type", int(type))); + return false; } if (ret) { @@ -301,15 +323,18 @@ bool eBPFServer::StartPluginInternal(const std::string& pipeline_name, bool eBPFServer::HasRegisteredPlugins() const { std::lock_guard lk(mMtx); for (auto& pipeline : mLoadedPipeline) { - if (!pipeline.empty()) return true; + if (!pipeline.empty()) + return true; } return false; } -bool eBPFServer::EnablePlugin(const std::string& pipeline_name, uint32_t plugin_index, - nami::PluginType type, - const PipelineContext* ctx, - const std::variant options, PluginMetricManagerPtr mgr) { +bool eBPFServer::EnablePlugin(const std::string& pipeline_name, + uint32_t plugin_index, + nami::PluginType type, + const PipelineContext* ctx, + const std::variant options, + PluginMetricManagerPtr mgr) { if (!IsSupportedEnv(type)) { return false; } @@ -344,7 +369,7 @@ std::string eBPFServer::CheckLoadedPipelineName(nami::PluginType type) { std::string eBPFServer::GetAllProjects() { std::lock_guard lk(mMtx); std::string res; - for (int i = 0; i < int(nami::PluginType::MAX); i ++) { + for (int i = 0; i < int(nami::PluginType::MAX); i++) { if (mPluginProject[i] != "") { res += mPluginProject[i]; res += " "; @@ -373,30 +398,39 @@ bool eBPFServer::SuspendPlugin(const std::string& pipeline_name, nami::PluginTyp return ret; } -void eBPFServer::UpdateCBContext(nami::PluginType type, const logtail::PipelineContext* ctx, logtail::QueueKey key, int idx) { +void eBPFServer::UpdateCBContext(nami::PluginType type, + const logtail::PipelineContext* ctx, + logtail::QueueKey key, + int idx) { switch (type) { - case nami::PluginType::PROCESS_SECURITY:{ - if (mProcessSecureCB) mProcessSecureCB->UpdateContext(ctx, key, idx); - return; - } - case nami::PluginType::NETWORK_OBSERVE:{ - if (mMeterCB) mMeterCB->UpdateContext(ctx, key, idx); - if (mSpanCB) mSpanCB->UpdateContext(ctx, key, idx); - if (mEventCB) mEventCB->UpdateContext(ctx, key, idx); - return; - } - case nami::PluginType::NETWORK_SECURITY:{ - if (mNetworkSecureCB) mNetworkSecureCB->UpdateContext(ctx, key, idx); - return; - } - case nami::PluginType::FILE_SECURITY:{ - if (mFileSecureCB) mFileSecureCB->UpdateContext(ctx, key, idx); - return; - } - default: - return; + case nami::PluginType::PROCESS_SECURITY: { + if (mProcessSecureCB) + mProcessSecureCB->UpdateContext(ctx, key, idx); + return; + } + case nami::PluginType::NETWORK_OBSERVE: { + if (mMeterCB) + mMeterCB->UpdateContext(ctx, key, idx); + if (mSpanCB) + mSpanCB->UpdateContext(ctx, key, idx); + if (mEventCB) + mEventCB->UpdateContext(ctx, key, idx); + return; + } + case nami::PluginType::NETWORK_SECURITY: { + if (mNetworkSecureCB) + mNetworkSecureCB->UpdateContext(ctx, key, idx); + return; + } + case nami::PluginType::FILE_SECURITY: { + if (mFileSecureCB) + mFileSecureCB->UpdateContext(ctx, key, idx); + return; + } + default: + return; } } } // namespace ebpf -} +} // namespace logtail diff --git a/core/ebpf/eBPFServer.h b/core/ebpf/eBPFServer.h index 0f21fcdf07..297c789db1 100644 --- a/core/ebpf/eBPFServer.h +++ b/core/ebpf/eBPFServer.h @@ -14,23 +14,23 @@ #pragma once -#include +#include #include #include -#include #include #include +#include -#include "runner/InputRunner.h" -#include "pipeline/PipelineContext.h" +#include "ebpf/Config.h" +#include "ebpf/SelfMonitor.h" #include "ebpf/SourceManager.h" -#include "ebpf/config.h" -#include "ebpf/include/export.h" #include "ebpf/handler/AbstractHandler.h" #include "ebpf/handler/ObserveHandler.h" #include "ebpf/handler/SecurityHandler.h" +#include "ebpf/include/export.h" #include "monitor/metric_models/MetricTypes.h" -#include "ebpf/SelfMonitor.h" +#include "pipeline/PipelineContext.h" +#include "runner/InputRunner.h" namespace logtail { namespace ebpf { @@ -40,6 +40,7 @@ class EnvManager { void InitEnvInfo(); bool IsSupportedEnv(nami::PluginType type); bool AbleToLoadDyLib(); + private: volatile bool mInited = false; @@ -69,10 +70,12 @@ class eBPFServer : public InputRunner { void UpdatePipelineName(nami::PluginType type, const std::string& name, const std::string& project); - bool EnablePlugin(const std::string& pipeline_name, uint32_t plugin_index, - nami::PluginType type, - const logtail::PipelineContext* ctx, - const std::variant options, PluginMetricManagerPtr mgr); + bool EnablePlugin(const std::string& pipeline_name, + uint32_t plugin_index, + nami::PluginType type, + const logtail::PipelineContext* ctx, + const std::variant options, + PluginMetricManagerPtr mgr); bool DisablePlugin(const std::string& pipeline_name, nami::PluginType type); @@ -85,10 +88,12 @@ class eBPFServer : public InputRunner { std::string GetAllProjects(); private: - bool StartPluginInternal(const std::string& pipeline_name, uint32_t plugin_index, - nami::PluginType type, - const logtail::PipelineContext* ctx, - const std::variant options, PluginMetricManagerPtr mgr); + bool StartPluginInternal(const std::string& pipeline_name, + uint32_t plugin_index, + nami::PluginType type, + const logtail::PipelineContext* ctx, + const std::variant options, + PluginMetricManagerPtr mgr); eBPFServer() = default; ~eBPFServer() = default; diff --git a/core/ebpf/handler/AbstractHandler.h b/core/ebpf/handler/AbstractHandler.h index 140efb83c5..03ff7b9959 100644 --- a/core/ebpf/handler/AbstractHandler.h +++ b/core/ebpf/handler/AbstractHandler.h @@ -16,23 +16,24 @@ #include -#include "pipeline/PipelineContext.h" -#include "monitor/metric_models/MetricTypes.h" #include "monitor/MetricManager.h" +#include "monitor/metric_models/MetricTypes.h" +#include "pipeline/PipelineContext.h" -namespace logtail{ +namespace logtail { namespace ebpf { class AbstractHandler { public: AbstractHandler() {} - AbstractHandler(const logtail::PipelineContext* ctx, logtail::QueueKey key, uint32_t idx) + AbstractHandler(const logtail::PipelineContext* ctx, logtail::QueueKey key, uint32_t idx) : mCtx(ctx), mQueueKey(key), mPluginIdx(idx) {} - void UpdateContext(const logtail::PipelineContext* ctx, logtail::QueueKey key, uint32_t index) { + void UpdateContext(const logtail::PipelineContext* ctx, logtail::QueueKey key, uint32_t index) { mCtx = ctx; mQueueKey = key; mPluginIdx = index; } + protected: const logtail::PipelineContext* mCtx = nullptr; logtail::QueueKey mQueueKey = 0; @@ -44,5 +45,5 @@ class AbstractHandler { #endif }; -} -} +} // namespace ebpf +} // namespace logtail diff --git a/core/ebpf/handler/ObserveHandler.cpp b/core/ebpf/handler/ObserveHandler.cpp index 695568f873..43b271b8f2 100644 --- a/core/ebpf/handler/ObserveHandler.cpp +++ b/core/ebpf/handler/ObserveHandler.cpp @@ -12,20 +12,21 @@ // See the License for the specific language governing permissions and // limitations under the License. -#include -#include +#include "ebpf/handler/ObserveHandler.h" + #include +#include +#include -#include "ebpf/handler/ObserveHandler.h" -#include "pipeline/PipelineContext.h" #include "common/RuntimeUtil.h" #include "ebpf/SourceManager.h" -#include "models/SpanEvent.h" -#include "models/PipelineEventGroup.h" -#include "models/PipelineEvent.h" #include "logger/Logger.h" -#include "pipeline/queue/ProcessQueueManager.h" +#include "models/PipelineEvent.h" +#include "models/PipelineEventGroup.h" +#include "models/SpanEvent.h" +#include "pipeline/PipelineContext.h" #include "pipeline/queue/ProcessQueueItem.h" +#include "pipeline/queue/ProcessQueueManager.h" namespace logtail { namespace ebpf { @@ -63,27 +64,27 @@ namespace ebpf { event->SetValue(UntypedSingleValue{(double)inner->FIELD_NAME}); \ } - void OtelMeterHandler::handle(const std::vector>& measures, - uint64_t timestamp) { - if (measures.empty()) { - return; - } - for (const auto& appBatchMeasures : measures) { - PipelineEventGroup eventGroup(std::make_shared()); - for (const auto& measure : appBatchMeasures->measures_) { - auto type = measure->type_; - if (type == MeasureType::MEASURE_TYPE_APP) { - auto* inner = static_cast(measure->inner_measure_.get()); - auto* event = eventGroup.AddMetricEvent(); - for (const auto& tag : measure->tags_) { - event->SetTag(tag.first, tag.second); - } - event->SetName("service_requests_total"); - event->SetTimestamp(timestamp); - event->SetValue(UntypedSingleValue{(double)inner->request_total_}); +void OtelMeterHandler::handle(const std::vector>& measures, + uint64_t timestamp) { + if (measures.empty()) { + return; + } + for (const auto& appBatchMeasures : measures) { + PipelineEventGroup eventGroup(std::make_shared()); + for (const auto& measure : appBatchMeasures->measures_) { + auto type = measure->type_; + if (type == MeasureType::MEASURE_TYPE_APP) { + auto* inner = static_cast(measure->inner_measure_.get()); + auto* event = eventGroup.AddMetricEvent(); + for (const auto& tag : measure->tags_) { + event->SetTag(tag.first, tag.second); } - mProcessTotalCnt++; + event->SetName("service_requests_total"); + event->SetTimestamp(timestamp); + event->SetValue(UntypedSingleValue{(double)inner->request_total_}); } + mProcessTotalCnt++; + } #ifdef APSARA_UNIT_TEST_MAIN continue; #endif @@ -94,7 +95,7 @@ namespace ebpf { mPluginIdx)("[Otel Metrics] push queue failed!", "")); } } - } +} void OtelSpanHandler::handle(const std::vector>& spans) { if (spans.empty()) { @@ -159,7 +160,9 @@ void EventHandler::handle(const std::vector item = std::make_unique(std::move(eventGroup), mPluginIdx); if (ProcessQueueManager::GetInstance()->PushQueue(mQueueKey, std::move(item))) { - LOG_WARNING(sLogger, ("configName", mCtx->GetConfigName())("pluginIdx",mPluginIdx)("[Event] push queue failed!", "")); + LOG_WARNING( + sLogger, + ("configName", mCtx->GetConfigName())("pluginIdx", mPluginIdx)("[Event] push queue failed!", "")); } } } @@ -180,10 +183,20 @@ static const std::string status_4xx_key = "2xx"; static const std::string status_5xx_key = "2xx"; // FOR APP METRICS -GENERATE_METRICS(GenerateRequestsTotalMetrics, MeasureType::MEASURE_TYPE_APP, AppSingleMeasure, rpc_request_total_count, request_total_) -GENERATE_METRICS(GenerateRequestsSlowMetrics, MeasureType::MEASURE_TYPE_APP, AppSingleMeasure, rpc_request_slow_count, slow_total_) -GENERATE_METRICS(GenerateRequestsErrorMetrics, MeasureType::MEASURE_TYPE_APP, AppSingleMeasure, rpc_request_err_count, error_total_) -GENERATE_METRICS(GenerateRequestsDurationSumMetrics, MeasureType::MEASURE_TYPE_APP, AppSingleMeasure, rpc_request_status_count, duration_ms_sum_) +GENERATE_METRICS(GenerateRequestsTotalMetrics, + MeasureType::MEASURE_TYPE_APP, + AppSingleMeasure, + rpc_request_total_count, + request_total_) +GENERATE_METRICS( + GenerateRequestsSlowMetrics, MeasureType::MEASURE_TYPE_APP, AppSingleMeasure, rpc_request_slow_count, slow_total_) +GENERATE_METRICS( + GenerateRequestsErrorMetrics, MeasureType::MEASURE_TYPE_APP, AppSingleMeasure, rpc_request_err_count, error_total_) +GENERATE_METRICS(GenerateRequestsDurationSumMetrics, + MeasureType::MEASURE_TYPE_APP, + AppSingleMeasure, + rpc_request_status_count, + duration_ms_sum_) void GenerateRequestsStatusMetrics(PipelineEventGroup& group, const std::unique_ptr& measure, uint64_t ts) { if (measure->type_ != MeasureType::MEASURE_TYPE_APP) { @@ -205,13 +218,38 @@ const static std::string npm_send_pkt_total = "arms_npm_sent_packets_total"; const static std::string npm_send_byte_total = "arms_npm_sent_bytes_total"; // FOR NET METRICS -GENERATE_METRICS(GenerateTcpDropTotalMetrics, MeasureType::MEASURE_TYPE_NET, NetSingleMeasure, npm_tcp_drop_total, tcp_drop_total_) -GENERATE_METRICS(GenerateTcpRetransTotalMetrics, MeasureType::MEASURE_TYPE_NET, NetSingleMeasure, npm_tcp_retrans_total, tcp_retran_total_) -GENERATE_METRICS(GenerateTcpConnectionTotalMetrics, MeasureType::MEASURE_TYPE_NET, NetSingleMeasure, npm_tcp_count_total, tcp_connect_total_) -GENERATE_METRICS(GenerateTcpRecvPktsTotalMetrics, MeasureType::MEASURE_TYPE_NET, NetSingleMeasure, npm_recv_pkt_total, recv_pkt_total_) -GENERATE_METRICS(GenerateTcpRecvBytesTotalMetrics, MeasureType::MEASURE_TYPE_NET, NetSingleMeasure, npm_recv_byte_total, recv_byte_total_) -GENERATE_METRICS(GenerateTcpSendPktsTotalMetrics, MeasureType::MEASURE_TYPE_NET, NetSingleMeasure, npm_send_pkt_total, send_pkt_total_) -GENERATE_METRICS(GenerateTcpSendBytesTotalMetrics, MeasureType::MEASURE_TYPE_NET, NetSingleMeasure, npm_send_byte_total, send_byte_total_) +GENERATE_METRICS( + GenerateTcpDropTotalMetrics, MeasureType::MEASURE_TYPE_NET, NetSingleMeasure, npm_tcp_drop_total, tcp_drop_total_) +GENERATE_METRICS(GenerateTcpRetransTotalMetrics, + MeasureType::MEASURE_TYPE_NET, + NetSingleMeasure, + npm_tcp_retrans_total, + tcp_retran_total_) +GENERATE_METRICS(GenerateTcpConnectionTotalMetrics, + MeasureType::MEASURE_TYPE_NET, + NetSingleMeasure, + npm_tcp_count_total, + tcp_connect_total_) +GENERATE_METRICS(GenerateTcpRecvPktsTotalMetrics, + MeasureType::MEASURE_TYPE_NET, + NetSingleMeasure, + npm_recv_pkt_total, + recv_pkt_total_) +GENERATE_METRICS(GenerateTcpRecvBytesTotalMetrics, + MeasureType::MEASURE_TYPE_NET, + NetSingleMeasure, + npm_recv_byte_total, + recv_byte_total_) +GENERATE_METRICS(GenerateTcpSendPktsTotalMetrics, + MeasureType::MEASURE_TYPE_NET, + NetSingleMeasure, + npm_send_pkt_total, + send_pkt_total_) +GENERATE_METRICS(GenerateTcpSendBytesTotalMetrics, + MeasureType::MEASURE_TYPE_NET, + NetSingleMeasure, + npm_send_byte_total, + send_byte_total_) void ArmsSpanHandler::handle(const std::vector>& spans) { if (spans.empty()) { @@ -239,7 +277,9 @@ void ArmsSpanHandler::handle(const std::vector item = std::make_unique(std::move(eventGroup), mPluginIdx); if (ProcessQueueManager::GetInstance()->PushQueue(mQueueKey, std::move(item))) { - LOG_WARNING(sLogger, ("configName", mCtx->GetConfigName())("pluginIdx",mPluginIdx)("[Span] push queue failed!", "")); + LOG_WARNING( + sLogger, + ("configName", mCtx->GetConfigName())("pluginIdx", mPluginIdx)("[Span] push queue failed!", "")); } } } @@ -250,9 +290,10 @@ void ArmsMeterHandler::handle(const std::vector sourceBuffer = std::make_shared();; + std::shared_ptr sourceBuffer = std::make_shared(); + ; PipelineEventGroup eventGroup(sourceBuffer); - + // source_ip eventGroup.SetTag(std::string(app_id_key), appBatchMeasures->app_id_); eventGroup.SetTag(std::string(ip_key), appBatchMeasures->ip_); @@ -275,18 +316,20 @@ void ArmsMeterHandler::handle(const std::vector item = std::make_unique(std::move(eventGroup), mPluginIdx); if (ProcessQueueManager::GetInstance()->PushQueue(mQueueKey, std::move(item))) { - LOG_WARNING(sLogger, ("configName", mCtx->GetConfigName())("pluginIdx",mPluginIdx)("[Metrics] push queue failed!", "")); + LOG_WARNING( + sLogger, + ("configName", mCtx->GetConfigName())("pluginIdx", mPluginIdx)("[Metrics] push queue failed!", "")); } } } #endif -} -} +} // namespace ebpf +} // namespace logtail diff --git a/core/ebpf/handler/ObserveHandler.h b/core/ebpf/handler/ObserveHandler.h index a1cc53f711..609b86225b 100644 --- a/core/ebpf/handler/ObserveHandler.h +++ b/core/ebpf/handler/ObserveHandler.h @@ -69,5 +69,5 @@ class ArmsSpanHandler : public SpanHandler { #endif -} -} +} // namespace ebpf +} // namespace logtail diff --git a/core/ebpf/handler/SecurityHandler.cpp b/core/ebpf/handler/SecurityHandler.cpp index ee6ea0acd6..cdde030e7a 100644 --- a/core/ebpf/handler/SecurityHandler.cpp +++ b/core/ebpf/handler/SecurityHandler.cpp @@ -13,22 +13,22 @@ // limitations under the License. #include "ebpf/handler/SecurityHandler.h" -#include "logger/Logger.h" -#include "pipeline/PipelineContext.h" + +#include "common/MachineInfoUtil.h" #include "common/RuntimeUtil.h" #include "ebpf/SourceManager.h" -#include "models/SpanEvent.h" -#include "models/PipelineEventGroup.h" -#include "models/PipelineEvent.h" #include "logger/Logger.h" -#include "pipeline/queue/ProcessQueueManager.h" +#include "models/PipelineEvent.h" +#include "models/PipelineEventGroup.h" +#include "models/SpanEvent.h" +#include "pipeline/PipelineContext.h" #include "pipeline/queue/ProcessQueueItem.h" -#include "common/MachineInfoUtil.h" +#include "pipeline/queue/ProcessQueueManager.h" namespace logtail { namespace ebpf { -SecurityHandler::SecurityHandler(const logtail::PipelineContext* ctx, logtail::QueueKey key, uint32_t idx) +SecurityHandler::SecurityHandler(const logtail::PipelineContext* ctx, logtail::QueueKey key, uint32_t idx) : AbstractHandler(ctx, key, idx) { mHostName = GetHostName(); mHostIp = GetHostIp(); @@ -36,10 +36,11 @@ SecurityHandler::SecurityHandler(const logtail::PipelineContext* ctx, logtail::Q void SecurityHandler::handle(std::vector>& events) { if (events.empty()) { - return ; + return; } - std::shared_ptr source_buffer = std::make_shared();; + std::shared_ptr source_buffer = std::make_shared(); + ; PipelineEventGroup event_group(source_buffer); // aggregate to pipeline event group // set host ips @@ -56,17 +57,19 @@ void SecurityHandler::handle(std::vector> auto seconds = std::chrono::duration_cast(std::chrono::nanoseconds(x->GetTimestamp())); event->SetTimestamp(seconds.count(), x->GetTimestamp()); } - mProcessTotalCnt+= events.size(); + mProcessTotalCnt += events.size(); #ifdef APSARA_UNIT_TEST_MAIN return; #endif - std::unique_ptr item = - std::unique_ptr(new ProcessQueueItem(std::move(event_group), mPluginIdx)); - + std::unique_ptr item + = std::unique_ptr(new ProcessQueueItem(std::move(event_group), mPluginIdx)); + if (ProcessQueueManager::GetInstance()->PushQueue(mQueueKey, std::move(item))) { - LOG_WARNING(sLogger, ("configName", mCtx->GetConfigName())("pluginIdx",mPluginIdx)("Push queue failed!", events.size())); + LOG_WARNING( + sLogger, + ("configName", mCtx->GetConfigName())("pluginIdx", mPluginIdx)("Push queue failed!", events.size())); } } -} -} +} // namespace ebpf +} // namespace logtail diff --git a/core/ebpf/handler/SecurityHandler.h b/core/ebpf/handler/SecurityHandler.h index f3a6e2642d..64c431733d 100644 --- a/core/ebpf/handler/SecurityHandler.h +++ b/core/ebpf/handler/SecurityHandler.h @@ -14,8 +14,8 @@ #pragma once -#include #include +#include #include "ebpf/handler/AbstractHandler.h" #include "ebpf/include/export.h" @@ -27,11 +27,12 @@ class SecurityHandler : public AbstractHandler { public: SecurityHandler(const logtail::PipelineContext* ctx, logtail::QueueKey key, uint32_t idx); void handle(std::vector>& events); + private: // TODO 后续这两个 key 需要移到 group 的 metadata 里,在 processortagnative 中转成tag std::string mHostIp; std::string mHostName; }; -} -} +} // namespace ebpf +} // namespace logtail diff --git a/core/ebpf/include/export.h b/core/ebpf/include/export.h index 716367f7f5..96b46ed4fd 100644 --- a/core/ebpf/include/export.h +++ b/core/ebpf/include/export.h @@ -5,62 +5,61 @@ #pragma once #include +#include #include #include #include #include #include #include -#include enum class SecureEventType { - SECURE_EVENT_TYPE_SOCKET_SECURE, - SECURE_EVENT_TYPE_FILE_SECURE, - SECURE_EVENT_TYPE_PROCESS_SECURE, - SECURE_EVENT_TYPE_MAX, + SECURE_EVENT_TYPE_SOCKET_SECURE, + SECURE_EVENT_TYPE_FILE_SECURE, + SECURE_EVENT_TYPE_PROCESS_SECURE, + SECURE_EVENT_TYPE_MAX, }; class AbstractSecurityEvent { public: - AbstractSecurityEvent(std::vector>&& tags, SecureEventType type, uint64_t ts) - : tags_(tags), type_(type), timestamp_(ts) {} - SecureEventType GetEventType() {return type_;} - std::vector> GetAllTags() { return tags_; } - uint64_t GetTimestamp() { return timestamp_; } - void SetEventType(SecureEventType type) { type_ = type; } - void SetTimestamp(uint64_t ts) { timestamp_ = ts; } - void AppendTags(std::pair&& tag) { - tags_.emplace_back(std::move(tag)); - } + AbstractSecurityEvent(std::vector>&& tags, SecureEventType type, uint64_t ts) + : tags_(tags), type_(type), timestamp_(ts) {} + SecureEventType GetEventType() { return type_; } + std::vector> GetAllTags() { return tags_; } + uint64_t GetTimestamp() { return timestamp_; } + void SetEventType(SecureEventType type) { type_ = type; } + void SetTimestamp(uint64_t ts) { timestamp_ = ts; } + void AppendTags(std::pair&& tag) { tags_.emplace_back(std::move(tag)); } private: - std::vector> tags_; - SecureEventType type_; - uint64_t timestamp_; + std::vector> tags_; + SecureEventType type_; + uint64_t timestamp_; }; class BatchAbstractSecurityEvent { public: - BatchAbstractSecurityEvent(){} - std::vector> GetAllTags() { return tags_; } - uint64_t GetTimestamp() { return timestamp_; } + BatchAbstractSecurityEvent() {} + std::vector> GetAllTags() { return tags_; } + uint64_t GetTimestamp() { return timestamp_; } + private: - std::vector> tags_; - uint64_t timestamp_; - std::vector> events; + std::vector> tags_; + uint64_t timestamp_; + std::vector> events; }; using HandleSingleDataEventFn = std::function& event)>; using HandleBatchDataEventFn = std::function>& events)>; enum class UpdataType { - SECURE_UPDATE_TYPE_ENABLE_PROBE, - SECURE_UPDATE_TYPE_CONFIG_CHAGE, - SECURE_UPDATE_TYPE_SUSPEND_PROBE, - SECURE_UPDATE_TYPE_DISABLE_PROBE, - OBSERVER_UPDATE_TYPE_CHANGE_WHITELIST, - OBSERVER_UPDATE_TYPE_UPDATE_PROBE, - SECURE_UPDATE_TYPE_MAX, + SECURE_UPDATE_TYPE_ENABLE_PROBE, + SECURE_UPDATE_TYPE_CONFIG_CHAGE, + SECURE_UPDATE_TYPE_SUSPEND_PROBE, + SECURE_UPDATE_TYPE_DISABLE_PROBE, + OBSERVER_UPDATE_TYPE_CHANGE_WHITELIST, + OBSERVER_UPDATE_TYPE_UPDATE_PROBE, + SECURE_UPDATE_TYPE_MAX, }; @@ -68,105 +67,109 @@ enum class UpdataType { // Metrics Data -enum MeasureType {MEASURE_TYPE_APP, MEASURE_TYPE_NET, MEASURE_TYPE_PROCESS, MEASURE_TYPE_MAX}; +enum MeasureType { MEASURE_TYPE_APP, MEASURE_TYPE_NET, MEASURE_TYPE_PROCESS, MEASURE_TYPE_MAX }; struct AbstractSingleMeasure { - virtual ~AbstractSingleMeasure() = default; + virtual ~AbstractSingleMeasure() = default; }; struct NetSingleMeasure : public AbstractSingleMeasure { - uint64_t tcp_drop_total_; - uint64_t tcp_retran_total_; - uint64_t tcp_connect_total_; - uint64_t tcp_rtt_; - uint64_t tcp_rtt_var_; - - uint64_t recv_pkt_total_; - uint64_t send_pkt_total_; - uint64_t recv_byte_total_; - uint64_t send_byte_total_; + uint64_t tcp_drop_total_; + uint64_t tcp_retran_total_; + uint64_t tcp_connect_total_; + uint64_t tcp_rtt_; + uint64_t tcp_rtt_var_; + + uint64_t recv_pkt_total_; + uint64_t send_pkt_total_; + uint64_t recv_byte_total_; + uint64_t send_byte_total_; }; struct AppSingleMeasure : public AbstractSingleMeasure { - uint64_t request_total_; - uint64_t slow_total_; - uint64_t error_total_; - uint64_t duration_ms_sum_; - uint64_t status_2xx_count_; - uint64_t status_3xx_count_; - uint64_t status_4xx_count_; - uint64_t status_5xx_count_; + uint64_t request_total_; + uint64_t slow_total_; + uint64_t error_total_; + uint64_t duration_ms_sum_; + uint64_t status_2xx_count_; + uint64_t status_3xx_count_; + uint64_t status_4xx_count_; + uint64_t status_5xx_count_; }; struct Measure { - // ip/rpc/rpc - std::map tags_; - MeasureType type_; - std::unique_ptr inner_measure_; + // ip/rpc/rpc + std::map tags_; + MeasureType type_; + std::unique_ptr inner_measure_; }; // process struct ApplicationBatchMeasure { - std::string app_id_; - std::string app_name_; - std::string ip_; - std::string host_; - std::vector> measures_; + std::string app_id_; + std::string app_name_; + std::string ip_; + std::string host_; + std::vector> measures_; }; enum SpanKindInner { Unspecified, Internal, Server, Client, Producer, Consumer }; struct SingleSpan { - std::map tags_; - std::string trace_id_; - std::string span_id_; - std::string span_name_; - SpanKindInner span_kind_; - - uint64_t start_timestamp_; - uint64_t end_timestamp_; + std::map tags_; + std::string trace_id_; + std::string span_id_; + std::string span_name_; + SpanKindInner span_kind_; + + uint64_t start_timestamp_; + uint64_t end_timestamp_; }; struct ApplicationBatchSpan { - std::string app_id_; - std::string app_name_; - std::string host_ip_; - std::string host_name_; - std::vector> single_spans_; + std::string app_id_; + std::string app_name_; + std::string host_ip_; + std::string host_name_; + std::vector> single_spans_; }; class SingleEvent { public: - explicit __attribute__((visibility("default"))) SingleEvent(){} - explicit __attribute__((visibility("default"))) SingleEvent(std::vector>&& tags, uint64_t ts) - : tags_(tags), timestamp_(ts) {} - std::vector> GetAllTags() { return tags_; } - uint64_t GetTimestamp() { return timestamp_; } - void SetTimestamp(uint64_t ts) { timestamp_ = ts; } - void AppendTags(std::pair&& tag) { - tags_.emplace_back(std::move(tag)); - } + explicit __attribute__((visibility("default"))) SingleEvent() {} + explicit __attribute__((visibility("default"))) SingleEvent(std::vector>&& tags, + uint64_t ts) + : tags_(tags), timestamp_(ts) {} + std::vector> GetAllTags() { return tags_; } + uint64_t GetTimestamp() { return timestamp_; } + void SetTimestamp(uint64_t ts) { timestamp_ = ts; } + void AppendTags(std::pair&& tag) { tags_.emplace_back(std::move(tag)); } private: - std::vector> tags_; - uint64_t timestamp_; + std::vector> tags_; + uint64_t timestamp_; }; class ApplicationBatchEvent { public: - explicit __attribute__((visibility("default"))) ApplicationBatchEvent(){} - explicit __attribute__((visibility("default"))) ApplicationBatchEvent(const std::string& app_id, std::vector>&& tags) : app_id_(app_id), tags_(tags) {} - explicit __attribute__((visibility("default"))) ApplicationBatchEvent(const std::string& app_id, std::vector>&& tags, std::vector>&& events) - : app_id_(app_id), tags_(std::move(tags)), events_(std::move(events)) {} - void SetEvents(std::vector>&& events) { events_ = std::move(events); } - void AppendEvent(std::unique_ptr&& event) { events_.emplace_back(std::move(event)); } - void AppendEvents(std::vector>&& events) { - for (auto& x : events) { - events_.emplace_back(std::move(x)); + explicit __attribute__((visibility("default"))) ApplicationBatchEvent() {} + explicit __attribute__((visibility("default"))) + ApplicationBatchEvent(const std::string& app_id, std::vector>&& tags) + : app_id_(app_id), tags_(tags) {} + explicit __attribute__((visibility("default"))) + ApplicationBatchEvent(const std::string& app_id, + std::vector>&& tags, + std::vector>&& events) + : app_id_(app_id), tags_(std::move(tags)), events_(std::move(events)) {} + void SetEvents(std::vector>&& events) { events_ = std::move(events); } + void AppendEvent(std::unique_ptr&& event) { events_.emplace_back(std::move(event)); } + void AppendEvents(std::vector>&& events) { + for (auto& x : events) { + events_.emplace_back(std::move(x)); + } } - } - std::string app_id_; // pid - std::vector> tags_; // container.id - std::vector> events_; + std::string app_id_; // pid + std::vector> tags_; // container.id + std::vector> events_; }; /////// merged config ///////// @@ -174,17 +177,18 @@ class ApplicationBatchEvent { namespace nami { enum class PluginType { - NETWORK_OBSERVE, - PROCESS_OBSERVE, - FILE_OBSERVE, - PROCESS_SECURITY, - FILE_SECURITY, - NETWORK_SECURITY, - MAX, + NETWORK_OBSERVE, + PROCESS_OBSERVE, + FILE_OBSERVE, + PROCESS_SECURITY, + FILE_SECURITY, + NETWORK_SECURITY, + MAX, }; // observe metrics -using NamiHandleBatchMeasureFunc = std::function>& measures, uint64_t timestamp)>; +using NamiHandleBatchMeasureFunc + = std::function>& measures, uint64_t timestamp)>; // observe spans using NamiHandleBatchSpanFunc = std::function>&)>; // observe events @@ -224,165 +228,155 @@ struct SecurityNetworkFilter { std::vector mSourceAddrBlackList; std::vector mSourcePortBlackList; bool operator==(const SecurityNetworkFilter& other) const { - return mDestAddrList == other.mDestAddrList && - mDestPortList == other.mDestPortList && - mDestAddrBlackList == other.mDestAddrBlackList && - mDestPortBlackList == other.mDestPortBlackList && - mSourceAddrList == other.mSourceAddrList && - mSourcePortList == other.mSourcePortList && - mSourceAddrBlackList == other.mSourceAddrBlackList && - mSourcePortBlackList == other.mSourcePortBlackList; + return mDestAddrList == other.mDestAddrList && mDestPortList == other.mDestPortList + && mDestAddrBlackList == other.mDestAddrBlackList && mDestPortBlackList == other.mDestPortBlackList + && mSourceAddrList == other.mSourceAddrList && mSourcePortList == other.mSourcePortList + && mSourceAddrBlackList == other.mSourceAddrBlackList && mSourcePortBlackList == other.mSourcePortBlackList; } }; struct SecurityOption { - std::vector call_names_; - std::variant filter_; - bool operator==(const SecurityOption& other) const { - return call_names_ == other.call_names_ && - filter_ == other.filter_; - } + std::vector call_names_; + std::variant filter_; + bool operator==(const SecurityOption& other) const { + return call_names_ == other.call_names_ && filter_ == other.filter_; + } }; class PodMeta { public: - PodMeta(const std::string& app_id, const std::string& app_name, - const std::string& ns, - const std::string& workload_name, - const std::string& workload_kind, - const std::string& pod_name, const std::string& pod_ip, const std::string& service_name) - : app_id_(app_id), app_name_(app_name), namespace_(ns), workload_name_(workload_name), workload_kind_(workload_kind), pod_name_(pod_name), pod_ip_(pod_ip), service_name_(service_name){} - std::string app_id_; - std::string app_name_; - std::string namespace_; - std::string workload_name_; - std::string workload_kind_; - std::string pod_name_; - std::string pod_ip_; - std::string service_name_; + PodMeta(const std::string& app_id, + const std::string& app_name, + const std::string& ns, + const std::string& workload_name, + const std::string& workload_kind, + const std::string& pod_name, + const std::string& pod_ip, + const std::string& service_name) + : app_id_(app_id), + app_name_(app_name), + namespace_(ns), + workload_name_(workload_name), + workload_kind_(workload_kind), + pod_name_(pod_name), + pod_ip_(pod_ip), + service_name_(service_name) {} + std::string app_id_; + std::string app_name_; + std::string namespace_; + std::string workload_name_; + std::string workload_kind_; + std::string pod_name_; + std::string pod_ip_; + std::string service_name_; }; using K8sMetadataCacheCallback = std::function(const std::string&)>; using K8sMetadataCallback = std::function&, std::vector>&)>; -using AsyncK8sMetadataCallback = std::function(std::vector&, std::vector>&)>; +using AsyncK8sMetadataCallback + = std::function(std::vector&, std::vector>&)>; struct NetworkObserveConfig { - bool enable_libbpf_debug_ = false; - bool enable_so_ = false; - std::string btf_; - int32_t btf_size; - std::string so_; - int32_t so_size_; - long uprobe_offset_; - long upca_offset_; - long upps_offset_; - long upcr_offset_; - bool enable_span_ = false; - bool enable_metric_ = false; - bool enable_event_ = false; - bool enable_cid_filter = false; - NamiHandleBatchMeasureFunc measure_cb_ = nullptr; - NamiHandleBatchSpanFunc span_cb_ = nullptr; - NamiHandleBatchEventFunc event_cb_ = nullptr; - K8sMetadataCallback metadata_by_cid_cb_ = nullptr; - K8sMetadataCallback metadata_by_ip_cb_ = nullptr; - AsyncK8sMetadataCallback async_metadata_by_cid_cb_ = nullptr; - AsyncK8sMetadataCallback async_metadata_by_ip_cb_ = nullptr; - K8sMetadataCacheCallback metadata_by_cid_cache_ = nullptr; - K8sMetadataCacheCallback metadata_by_ip_cache_ = nullptr; - std::vector enable_container_ids_; - std::vector disable_container_ids_; - - bool operator==(const NetworkObserveConfig& other) const { - return enable_libbpf_debug_ == other.enable_libbpf_debug_ && - enable_so_ == other.enable_so_ && - btf_ == other.btf_ && - btf_size == other.btf_size && - so_ == other.so_ && - so_size_ == other.so_size_ && - uprobe_offset_ == other.uprobe_offset_ && - upca_offset_ == other.upca_offset_ && - upps_offset_ == other.upps_offset_ && - upcr_offset_ == other.upcr_offset_; - } + bool enable_libbpf_debug_ = false; + bool enable_so_ = false; + std::string btf_; + int32_t btf_size; + std::string so_; + int32_t so_size_; + long uprobe_offset_; + long upca_offset_; + long upps_offset_; + long upcr_offset_; + bool enable_span_ = false; + bool enable_metric_ = false; + bool enable_event_ = false; + bool enable_cid_filter = false; + NamiHandleBatchMeasureFunc measure_cb_ = nullptr; + NamiHandleBatchSpanFunc span_cb_ = nullptr; + NamiHandleBatchEventFunc event_cb_ = nullptr; + K8sMetadataCallback metadata_by_cid_cb_ = nullptr; + K8sMetadataCallback metadata_by_ip_cb_ = nullptr; + AsyncK8sMetadataCallback async_metadata_by_cid_cb_ = nullptr; + AsyncK8sMetadataCallback async_metadata_by_ip_cb_ = nullptr; + K8sMetadataCacheCallback metadata_by_cid_cache_ = nullptr; + K8sMetadataCacheCallback metadata_by_ip_cache_ = nullptr; + std::vector enable_container_ids_; + std::vector disable_container_ids_; + + bool operator==(const NetworkObserveConfig& other) const { + return enable_libbpf_debug_ == other.enable_libbpf_debug_ && enable_so_ == other.enable_so_ + && btf_ == other.btf_ && btf_size == other.btf_size && so_ == other.so_ && so_size_ == other.so_size_ + && uprobe_offset_ == other.uprobe_offset_ && upca_offset_ == other.upca_offset_ + && upps_offset_ == other.upps_offset_ && upcr_offset_ == other.upcr_offset_; + } }; struct ProcessConfig { - - bool enable_libbpf_debug_ = false; - - std::vector options_; - NamiHandleBatchDataEventFn process_security_cb_; - bool operator==(const ProcessConfig& other) const { - return enable_libbpf_debug_ == other.enable_libbpf_debug_ && - options_ == other.options_; - } + bool enable_libbpf_debug_ = false; + + std::vector options_; + NamiHandleBatchDataEventFn process_security_cb_; + bool operator==(const ProcessConfig& other) const { + return enable_libbpf_debug_ == other.enable_libbpf_debug_ && options_ == other.options_; + } }; struct NetworkSecurityConfig { - std::vector options_; - NamiHandleBatchDataEventFn network_security_cb_; - bool operator==(const NetworkSecurityConfig& other) const { - return options_ == other.options_; - } + std::vector options_; + NamiHandleBatchDataEventFn network_security_cb_; + bool operator==(const NetworkSecurityConfig& other) const { return options_ == other.options_; } }; struct FileSecurityConfig { - std::vector options_; - NamiHandleBatchDataEventFn file_security_cb_; - bool operator==(const FileSecurityConfig& other) const { - return options_ == other.options_; - } + std::vector options_; + NamiHandleBatchDataEventFn file_security_cb_; + bool operator==(const FileSecurityConfig& other) const { return options_ == other.options_; } }; // for self monitor class eBPFStatistics { public: - virtual ~eBPFStatistics() = default; - PluginType plugin_type_; - bool updated_ = false; - uint64_t loss_kernel_events_total_ = 0; // kernel events loss - uint64_t recv_kernel_events_total_ = 0; // receive events from kernel - uint64_t push_events_total_ = 0; // push events to loongcollector - uint64_t push_metrics_total_ = 0; // push metrics to loongcollector - uint64_t push_spans_total_ = 0; // push spans to loongcollector - uint64_t process_cache_entities_num_ = 0; // process cache size - uint64_t miss_process_cache_total_ = 0; // cache miss + virtual ~eBPFStatistics() = default; + PluginType plugin_type_; + bool updated_ = false; + uint64_t loss_kernel_events_total_ = 0; // kernel events loss + uint64_t recv_kernel_events_total_ = 0; // receive events from kernel + uint64_t push_events_total_ = 0; // push events to loongcollector + uint64_t push_metrics_total_ = 0; // push metrics to loongcollector + uint64_t push_spans_total_ = 0; // push spans to loongcollector + uint64_t process_cache_entities_num_ = 0; // process cache size + uint64_t miss_process_cache_total_ = 0; // cache miss }; class NetworkObserverStatistics : public eBPFStatistics { public: - uint64_t conntracker_num_ = 0; - uint64_t recv_conn_stat_events_total_ = 0; - uint64_t recv_ctrl_events_total_ = 0; - uint64_t recv_http_data_events_total_ = 0; - // for protocol ... - uint64_t parse_http_records_success_total_ = 0; - uint64_t parse_http_records_failed_total_ = 0; - // for agg - uint64_t agg_map_entities_num_ = 0; + uint64_t conntracker_num_ = 0; + uint64_t recv_conn_stat_events_total_ = 0; + uint64_t recv_ctrl_events_total_ = 0; + uint64_t recv_http_data_events_total_ = 0; + // for protocol ... + uint64_t parse_http_records_success_total_ = 0; + uint64_t parse_http_records_failed_total_ = 0; + // for agg + uint64_t agg_map_entities_num_ = 0; }; using NamiStatisticsHandler = std::function&)>; struct eBPFConfig { - PluginType plugin_type_; - UpdataType type = UpdataType::SECURE_UPDATE_TYPE_ENABLE_PROBE; - // common config - std::string host_name_; - std::string host_ip_; - std::string host_path_prefix_; - // specific config - std::variant config_; - NamiStatisticsHandler stats_handler_; - bool operator==(const eBPFConfig& other) const { - return plugin_type_ == other.plugin_type_ && - type == other.type && - host_name_ == other.host_name_ && - host_ip_ == other.host_ip_ && - host_path_prefix_ == other.host_path_prefix_ && - config_ == other.config_; - } + PluginType plugin_type_; + UpdataType type = UpdataType::SECURE_UPDATE_TYPE_ENABLE_PROBE; + // common config + std::string host_name_; + std::string host_ip_; + std::string host_path_prefix_; + // specific config + std::variant config_; + NamiStatisticsHandler stats_handler_; + bool operator==(const eBPFConfig& other) const { + return plugin_type_ == other.plugin_type_ && type == other.type && host_name_ == other.host_name_ + && host_ip_ == other.host_ip_ && host_path_prefix_ == other.host_path_prefix_ && config_ == other.config_; + } }; }; // namespace nami diff --git a/core/plugin/input/InputFileSecurity.h b/core/plugin/input/InputFileSecurity.h index ebff74842f..68d398bd4e 100644 --- a/core/plugin/input/InputFileSecurity.h +++ b/core/plugin/input/InputFileSecurity.h @@ -18,10 +18,10 @@ #include -#include "ebpf/config.h" -#include "pipeline/plugin/interface/Input.h" +#include "ebpf/Config.h" #include "ebpf/eBPFServer.h" #include "monitor/metric_models/ReentrantMetricsRecord.h" +#include "pipeline/plugin/interface/Input.h" namespace logtail { @@ -34,7 +34,7 @@ class InputFileSecurity : public Input { bool Start() override; bool Stop(bool isPipelineRemoving) override; bool SupportAck() const override { return false; } - + ebpf::SecurityOptions mSecurityOptions; PluginMetricManagerPtr mPluginMgr; }; diff --git a/core/plugin/input/InputNetworkObserver.cpp b/core/plugin/input/InputNetworkObserver.cpp index 564d2244f0..22b1358302 100644 --- a/core/plugin/input/InputNetworkObserver.cpp +++ b/core/plugin/input/InputNetworkObserver.cpp @@ -14,9 +14,9 @@ #include "plugin/input/InputNetworkObserver.h" -#include "ebpf/include/export.h" +#include "ebpf/Config.h" #include "ebpf/eBPFServer.h" -#include "ebpf/config.h" +#include "ebpf/include/export.h" #include "logger/Logger.h" #include "monitor/metric_models/ReentrantMetricsRecord.h" diff --git a/core/plugin/input/InputNetworkObserver.h b/core/plugin/input/InputNetworkObserver.h index 33bf4ab0cc..26f08d0c22 100644 --- a/core/plugin/input/InputNetworkObserver.h +++ b/core/plugin/input/InputNetworkObserver.h @@ -18,10 +18,10 @@ #include -#include "ebpf/config.h" -#include "pipeline/plugin/interface/Input.h" +#include "ebpf/Config.h" #include "ebpf/include/export.h" #include "monitor/metric_models/ReentrantMetricsRecord.h" +#include "pipeline/plugin/interface/Input.h" namespace logtail { diff --git a/core/plugin/input/InputNetworkSecurity.h b/core/plugin/input/InputNetworkSecurity.h index 18023fc28e..d888a168ca 100644 --- a/core/plugin/input/InputNetworkSecurity.h +++ b/core/plugin/input/InputNetworkSecurity.h @@ -18,9 +18,9 @@ #include -#include "ebpf/config.h" -#include "pipeline/plugin/interface/Input.h" +#include "ebpf/Config.h" #include "monitor/metric_models/ReentrantMetricsRecord.h" +#include "pipeline/plugin/interface/Input.h" namespace logtail { diff --git a/core/plugin/input/InputProcessSecurity.h b/core/plugin/input/InputProcessSecurity.h index d731b2b8fb..3d7eaa1e2f 100644 --- a/core/plugin/input/InputProcessSecurity.h +++ b/core/plugin/input/InputProcessSecurity.h @@ -18,9 +18,9 @@ #include -#include "ebpf/config.h" -#include "pipeline/plugin/interface/Input.h" +#include "ebpf/Config.h" #include "monitor/metric_models/ReentrantMetricsRecord.h" +#include "pipeline/plugin/interface/Input.h" namespace logtail { diff --git a/core/unittest/ebpf/eBPFServerUnittest.cpp b/core/unittest/ebpf/eBPFServerUnittest.cpp index 53838ba3f9..5fb3a98bcd 100644 --- a/core/unittest/ebpf/eBPFServerUnittest.cpp +++ b/core/unittest/ebpf/eBPFServerUnittest.cpp @@ -1,24 +1,24 @@ #include + +#include #include #include -#include +#include "app_config/AppConfig.h" #include "common/FileSystemUtil.h" -#include "unittest/Unittest.h" +#include "common/JsonUtil.h" +#include "ebpf/Config.h" +#include "ebpf/SourceManager.h" +#include "ebpf/eBPFServer.h" #include "ebpf/include/export.h" +#include "logger/Logger.h" #include "pipeline/Pipeline.h" #include "pipeline/PipelineContext.h" -#include "ebpf/eBPFServer.h" -#include "ebpf/SourceManager.h" -#include "logger/Logger.h" -#include "ebpf/config.h" -#include "app_config/AppConfig.h" -#include "common/JsonUtil.h" -#include "ebpf/config.h" +#include "plugin/input/InputFileSecurity.h" #include "plugin/input/InputNetworkObserver.h" -#include "plugin/input/InputProcessSecurity.h" #include "plugin/input/InputNetworkSecurity.h" -#include "plugin/input/InputFileSecurity.h" +#include "plugin/input/InputProcessSecurity.h" +#include "unittest/Unittest.h" DECLARE_FLAG_BOOL(logtail_mode); @@ -26,9 +26,7 @@ namespace logtail { namespace ebpf { class eBPFServerUnittest : public testing::Test { public: - eBPFServerUnittest() { - ebpf::eBPFServer::GetInstance()->Init(); - } + eBPFServerUnittest() { ebpf::eBPFServer::GetInstance()->Init(); } void TestInit(); void TestEnableNetworkPlugin(); @@ -74,6 +72,7 @@ class eBPFServerUnittest : public testing::Test { config_->mProcessProbeConfig.mEnableOOMDetect = false; } void TearDown() override { delete config_; } + private: template void setJSON(Json::Value& v, const std::string& key, const T& value) { @@ -92,7 +91,7 @@ class eBPFServerUnittest : public testing::Test { OverwriteFile(STRING_FLAG(ilogtail_config), v.toStyledString()); } else { CreateAgentDir(); - std::string conf = GetAgentConfDir() + "/instance_config/local/loongcollector_config.json"; + std::string conf = GetAgentConfDir() + "/instance_config/local/loongcollector_config.json"; AppConfig::GetInstance()->LoadAppConfig(conf); OverwriteFile(conf, v.toStyledString()); } @@ -104,10 +103,10 @@ class eBPFServerUnittest : public testing::Test { }; static int generateRandomInt(int bound) { - std::random_device rd; - std::mt19937 generator(rd()); - std::uniform_int_distribution<> dist(0, bound); - return dist(generator); + std::random_device rd; + std::mt19937 generator(rd()); + std::uniform_int_distribution<> dist(0, bound); + return dist(generator); } @@ -276,28 +275,31 @@ void eBPFServerUnittest::TestEbpfParameters() { } void eBPFServerUnittest::GenerateBatchMeasure(nami::NamiHandleBatchMeasureFunc cb) { - const std::vector app_ids = {"60d360af9bb426c8a9c5aad4b0b21c06", // apm-http-server - "16466f6d0782d6ae16d7ac1ccb673ca7" // apm-http-client + const std::vector app_ids = { + "60d360af9bb426c8a9c5aad4b0b21c06", // apm-http-server + "16466f6d0782d6ae16d7ac1ccb673ca7" // apm-http-client }; const std::vector ips = {"172.16.0.207", "172.16.0.210", "172.16.0.209"}; - const std::vector server_app_ids = {"60d360af9bb426c8a9c5aad4b0b21c06", // apm-http-server + const std::vector server_app_ids = { + "60d360af9bb426c8a9c5aad4b0b21c06", // apm-http-server }; - const std::vector client_app_ids = {"16466f6d0782d6ae16d7ac1ccb673ca7" // apm-http-client + const std::vector client_app_ids = { + "16466f6d0782d6ae16d7ac1ccb673ca7" // apm-http-client }; const std::vector client_ips = {"172.16.0.207", "172.16.0.210"}; const std::vector server_ips = {"172.16.0.209"}; - std::vector> batch_app_measures; + std::vector> batch_app_measures; auto now = std::chrono::system_clock::now(); auto duration = now.time_since_epoch(); auto millis = std::chrono::duration_cast(duration).count(); // client side - for (size_t i = 0 ; i < client_app_ids.size(); i ++ ) { // 1 - for (size_t j = 0; j < client_ips.size(); j ++) { // 2 * 6 = 12 + for (size_t i = 0; i < client_app_ids.size(); i++) { // 1 + for (size_t j = 0; j < client_ips.size(); j++) { // 2 * 6 = 12 std::unique_ptr app_measure_ptr = std::make_unique(); app_measure_ptr->app_id_ = client_app_ids[i]; app_measure_ptr->ip_ = client_ips[j]; // generate app metrics - for (size_t z = 0 ; z < 5; z ++ ) { // 5 + for (size_t z = 0; z < 5; z++) { // 5 std::unique_ptr measure_ptr = std::make_unique(); measure_ptr->type_ = MEASURE_TYPE_APP; measure_ptr->tags_ = { @@ -309,11 +311,11 @@ void eBPFServerUnittest::GenerateBatchMeasure(nami::NamiHandleBatchMeasureFunc c {"rpc", "/shoes/" + std::to_string(z)}, {"rpcType", "25"}, {"callType", "http_client"}, - // {"statusCode", "200"}, + // {"statusCode", "200"}, {"version", "HTTP1.1"}, {"source", "ebpf"}, - {"endpoint","/shoes/" + std::to_string(z)}, - {"destId","apm-http-server"}, + {"endpoint", "/shoes/" + std::to_string(z)}, + {"destId", "apm-http-server"}, }; AppSingleMeasure* sm = new AppSingleMeasure; sm->request_total_ = 40 + generateRandomInt(20); @@ -362,45 +364,45 @@ void eBPFServerUnittest::GenerateBatchMeasure(nami::NamiHandleBatchMeasureFunc c } } // server side - for (size_t i = 0 ; i < server_app_ids.size(); i ++ ) { // 1 - for (size_t j = 0; j < server_ips.size(); j ++) { // 1 * 7 + for (size_t i = 0; i < server_app_ids.size(); i++) { // 1 + for (size_t j = 0; j < server_ips.size(); j++) { // 1 * 7 std::unique_ptr app_measure_ptr = std::make_unique(); app_measure_ptr->app_id_ = server_app_ids[i]; app_measure_ptr->ip_ = server_ips[j]; // generate app metrics - for (size_t z = 0 ; z < 5; z ++ ) { // 5 - std::unique_ptr measure_ptr = std::make_unique(); - measure_ptr->type_ = MEASURE_TYPE_APP; - measure_ptr->tags_ = { - {"workloadName", "apm-http-server"}, - {"workloadKind", "deployment"}, - {"namespace", "default"}, - {"source_ip", server_ips[j]}, - {"host", server_ips[j]}, - {"rpc", "/shoes/" + std::to_string(z)}, - {"rpcType", "0"}, - {"callType", "http"}, - {"destId","/shoes/" + std::to_string(z)}, - {"endpoint","apm-http-client"}, - // {"statusCode", "200"}, - {"version", "HTTP1.1"}, - {"source", "ebpf"}, - }; - AppSingleMeasure* sm = new AppSingleMeasure; - sm->request_total_ = 70 + generateRandomInt(20); - sm->error_total_ = 8; - sm->slow_total_ = 2; - sm->duration_ms_sum_ = 25000 + generateRandomInt(2000); - sm->status_2xx_count_ = sm->request_total_ - sm->error_total_; - sm->status_3xx_count_ = 0; - sm->status_4xx_count_ = 0; - sm->status_5xx_count_ = 8; - std::unique_ptr sm_ptr(sm); - measure_ptr->inner_measure_ = std::move(sm_ptr); - app_measure_ptr->measures_.emplace_back(std::move(measure_ptr)); + for (size_t z = 0; z < 5; z++) { // 5 + std::unique_ptr measure_ptr = std::make_unique(); + measure_ptr->type_ = MEASURE_TYPE_APP; + measure_ptr->tags_ = { + {"workloadName", "apm-http-server"}, + {"workloadKind", "deployment"}, + {"namespace", "default"}, + {"source_ip", server_ips[j]}, + {"host", server_ips[j]}, + {"rpc", "/shoes/" + std::to_string(z)}, + {"rpcType", "0"}, + {"callType", "http"}, + {"destId", "/shoes/" + std::to_string(z)}, + {"endpoint", "apm-http-client"}, + // {"statusCode", "200"}, + {"version", "HTTP1.1"}, + {"source", "ebpf"}, + }; + AppSingleMeasure* sm = new AppSingleMeasure; + sm->request_total_ = 70 + generateRandomInt(20); + sm->error_total_ = 8; + sm->slow_total_ = 2; + sm->duration_ms_sum_ = 25000 + generateRandomInt(2000); + sm->status_2xx_count_ = sm->request_total_ - sm->error_total_; + sm->status_3xx_count_ = 0; + sm->status_4xx_count_ = 0; + sm->status_5xx_count_ = 8; + std::unique_ptr sm_ptr(sm); + measure_ptr->inner_measure_ = std::move(sm_ptr); + app_measure_ptr->measures_.emplace_back(std::move(measure_ptr)); } // generate tcp metrics - for (size_t z = 0; z < client_ips.size(); z ++ ) { // 2 + for (size_t z = 0; z < client_ips.size(); z++) { // 2 std::unique_ptr measure_ptr = std::make_unique(); measure_ptr->type_ = MEASURE_TYPE_NET; measure_ptr->tags_ = { @@ -439,20 +441,23 @@ void eBPFServerUnittest::GenerateBatchMeasure(nami::NamiHandleBatchMeasureFunc c void eBPFServerUnittest::GenerateBatchAppEvent(nami::NamiHandleBatchEventFunc cb) { std::vector> batch_app_events; - std::vector apps = {"a6rx69e8me@582846f37273cf8", "a6rx69e8me@582846f37273cf9", "a6rx69e8me@582846f37273c10"}; - - for (int i = 0 ; i < apps.size(); i ++) { // 3 apps + std::vector apps + = {"a6rx69e8me@582846f37273cf8", "a6rx69e8me@582846f37273cf9", "a6rx69e8me@582846f37273c10"}; + + for (int i = 0; i < apps.size(); i++) { // 3 apps std::vector> appTags = {{"hh", "hh"}, {"e", "e"}, {"f", std::to_string(i)}}; - std::unique_ptr appEvent = std::make_unique(apps[i], std::move(appTags)); - for (int j = 0; j < 1000; j ++) { - std::vector> tags = {{"1", "1"}, {"2", "2"}, {"3",std::to_string(j)}}; + std::unique_ptr appEvent + = std::make_unique(apps[i], std::move(appTags)); + for (int j = 0; j < 1000; j++) { + std::vector> tags = {{"1", "1"}, {"2", "2"}, {"3", std::to_string(j)}}; std::unique_ptr se = std::make_unique(std::move(tags), 0); appEvent->AppendEvent(std::move(se)); } batch_app_events.emplace_back(std::move(appEvent)); } - if (cb) cb(batch_app_events); + if (cb) + cb(batch_app_events); return; } @@ -469,7 +474,7 @@ void eBPFServerUnittest::HandleStats(nami::NamiStatisticsHandler cb, int plus) { ebpfStat.push_spans_total_ = 12 + plus; ebpfStat.process_cache_entities_num_ = 400 + plus; ebpfStat.miss_process_cache_total_ = 20 + plus; - + nami::eBPFStatistics networkSecurityStat = ebpfStat; networkSecurityStat.plugin_type_ = nami::PluginType::NETWORK_SECURITY; nami::eBPFStatistics processSecurityStat = ebpfStat; @@ -501,14 +506,15 @@ void eBPFServerUnittest::HandleStats(nami::NamiStatisticsHandler cb, int plus) { stats.emplace_back(std::move(networkSecurityStat)); stats.emplace_back(std::move(processSecurityStat)); stats.emplace_back(std::move(fileSecurityStat)); - if (cb) cb(stats); + if (cb) + cb(stats); } void eBPFServerUnittest::GenerateBatchSpan(nami::NamiHandleBatchSpanFunc cb) { std::vector> batch_app_spans; // agg for app level std::unique_ptr batch_spans = std::make_unique(); - for (int i = 0 ; i < 5; i ++) { // 5 + for (int i = 0; i < 5; i++) { // 5 auto now = std::chrono::system_clock::now(); auto duration = now.time_since_epoch(); auto nano = std::chrono::duration_cast(duration).count(); @@ -544,7 +550,7 @@ void eBPFServerUnittest::GenerateBatchSpan(nami::NamiHandleBatchSpanFunc cb) { void eBPFServerUnittest::GenerateBatchEvent(nami::NamiHandleBatchDataEventFn cb, SecureEventType type) { std::vector> events; - for (int i = 0 ; i< 1000; i ++ ) { + for (int i = 0; i < 1000; i++) { std::vector> tags; tags.push_back({"hh", "hh"}); tags.push_back({"ee", "hh"}); @@ -552,18 +558,16 @@ void eBPFServerUnittest::GenerateBatchEvent(nami::NamiHandleBatchDataEventFn cb, tags.push_back({"tt", "hh"}); tags.push_back({"aa", "hh"}); - auto event = std::make_unique (std::move(tags), type, 1000); + auto event = std::make_unique(std::move(tags), type, 1000); events.emplace_back(std::move(event)); } cb(events); } void eBPFServerUnittest::InitSecurityOpts() { - } void eBPFServerUnittest::InitObserverOpts() { - } void eBPFServerUnittest::TestInit() { @@ -596,21 +600,18 @@ void eBPFServerUnittest::TestEnableNetworkPlugin() { std::string errorMsg; Json::Value configJson, optionalGoPipeline; APSARA_TEST_TRUE(ParseJsonTable(configStr, configJson, errorMsg)); - + nami::ObserverNetworkOption network_option; bool res = ebpf::InitObserverNetworkOption(configJson, network_option, &ctx, "test"); EXPECT_TRUE(res); // observer_options.Init(ObserverType::NETWORK, configJson, &ctx, "test"); std::shared_ptr input(new InputNetworkObserver()); input->SetContext(ctx); - input->SetMetricsRecordRef("test", "1"); + input->SetMetricsRecordRef("test", "1"); auto initStatus = input->Init(configJson, optionalGoPipeline); EXPECT_TRUE(initStatus); res = ebpf::eBPFServer::GetInstance()->EnablePlugin( - "test", 1, - nami::PluginType::NETWORK_OBSERVE, - &ctx, - &network_option, input->mPluginMgr); + "test", 1, nami::PluginType::NETWORK_OBSERVE, &ctx, &network_option, input->mPluginMgr); EXPECT_EQ(ebpf::eBPFServer::GetInstance()->mMonitorMgr->mInited[int(nami::PluginType::NETWORK_OBSERVE)], true); auto& mgr = ebpf::eBPFServer::GetInstance()->mMonitorMgr->mSelfMonitors[int(nami::PluginType::NETWORK_OBSERVE)]; @@ -650,10 +651,7 @@ void eBPFServerUnittest::TestEnableNetworkPlugin() { // do update input->SetMetricsRecordRef("test", "2"); res = ebpf::eBPFServer::GetInstance()->EnablePlugin( - "test", 8, - nami::PluginType::NETWORK_OBSERVE, - &ctx, - &network_option, input->mPluginMgr); + "test", 8, nami::PluginType::NETWORK_OBSERVE, &ctx, &network_option, input->mPluginMgr); EXPECT_TRUE(res); conf = ebpf::eBPFServer::GetInstance()->mSourceManager->mConfig.get(); EXPECT_EQ(conf->plugin_type_, nami::PluginType::NETWORK_OBSERVE); @@ -676,7 +674,7 @@ void eBPFServerUnittest::TestEnableNetworkPlugin() { // do stop ebpf::eBPFServer::GetInstance()->DisablePlugin("test", nami::PluginType::NETWORK_OBSERVE); - EXPECT_EQ(ebpf::eBPFServer::GetInstance()->mSpanCB->mQueueKey,-1); + EXPECT_EQ(ebpf::eBPFServer::GetInstance()->mSpanCB->mQueueKey, -1); EXPECT_TRUE(!ebpf::eBPFServer::GetInstance()->mSourceManager->mRunning[int(nami::PluginType::NETWORK_OBSERVE)]); } @@ -697,10 +695,7 @@ void eBPFServerUnittest::TestEnableProcessPlugin() { input->SetMetricsRecordRef("test", "1"); input->Init(configJson, optionalGoPipeline); bool res = ebpf::eBPFServer::GetInstance()->EnablePlugin( - "test", 0, - nami::PluginType::PROCESS_SECURITY, - &ctx, - &security_options, input->mPluginMgr); + "test", 0, nami::PluginType::PROCESS_SECURITY, &ctx, &security_options, input->mPluginMgr); EXPECT_TRUE(res); auto conf = ebpf::eBPFServer::GetInstance()->mSourceManager->mConfig.get(); EXPECT_EQ(conf->plugin_type_, nami::PluginType::PROCESS_SECURITY); @@ -719,10 +714,7 @@ void eBPFServerUnittest::TestEnableProcessPlugin() { input->SetMetricsRecordRef("test", "2"); res = ebpf::eBPFServer::GetInstance()->EnablePlugin( - "test", 0, - nami::PluginType::PROCESS_SECURITY, - &ctx, - &security_options, input->mPluginMgr); + "test", 0, nami::PluginType::PROCESS_SECURITY, &ctx, &security_options, input->mPluginMgr); EXPECT_TRUE(res); EXPECT_TRUE(ebpf::eBPFServer::GetInstance()->mStartPluginTotal->GetValue() > 0); conf = ebpf::eBPFServer::GetInstance()->mSourceManager->mConfig.get(); @@ -753,18 +745,16 @@ void eBPFServerUnittest::TestEnableNetworkSecurePlugin() { std::shared_ptr input(new InputNetworkSecurity()); input->SetContext(ctx); input->SetMetricsRecordRef("test", "1"); - + std::string errorMsg; - Json::Value configJson, optionalGoPipeline;; + Json::Value configJson, optionalGoPipeline; + ; APSARA_TEST_TRUE(ParseJsonTable(configStr, configJson, errorMsg)); SecurityOptions security_options; security_options.Init(SecurityProbeType::NETWORK, configJson, &ctx, "input_network_security"); input->Init(configJson, optionalGoPipeline); bool res = ebpf::eBPFServer::GetInstance()->EnablePlugin( - "input_network_security", 5, - nami::PluginType::NETWORK_SECURITY, - &ctx, - &security_options, input->mPluginMgr); + "input_network_security", 5, nami::PluginType::NETWORK_SECURITY, &ctx, &security_options, input->mPluginMgr); EXPECT_TRUE(res); auto conf = ebpf::eBPFServer::GetInstance()->mSourceManager->mConfig.get(); EXPECT_EQ(conf->plugin_type_, nami::PluginType::NETWORK_SECURITY); @@ -788,10 +778,7 @@ void eBPFServerUnittest::TestEnableNetworkSecurePlugin() { input->SetContext(ctx); input->SetMetricsRecordRef("test", "2"); res = ebpf::eBPFServer::GetInstance()->EnablePlugin( - "input_network_security", 0, - nami::PluginType::NETWORK_SECURITY, - &ctx, - &security_options, input->mPluginMgr); + "input_network_security", 0, nami::PluginType::NETWORK_SECURITY, &ctx, &security_options, input->mPluginMgr); EXPECT_TRUE(res); conf = ebpf::eBPFServer::GetInstance()->mSourceManager->mConfig.get(); EXPECT_EQ(conf->plugin_type_, nami::PluginType::NETWORK_SECURITY); @@ -805,7 +792,6 @@ void eBPFServerUnittest::TestEnableNetworkSecurePlugin() { } - void eBPFServerUnittest::TestEnableFileSecurePlugin() { std::string configStr = R"( { @@ -826,16 +812,14 @@ void eBPFServerUnittest::TestEnableFileSecurePlugin() { input->SetMetricsRecordRef("test", "1"); std::string errorMsg; - Json::Value configJson, optionalGoPipeline;; + Json::Value configJson, optionalGoPipeline; + ; APSARA_TEST_TRUE(ParseJsonTable(configStr, configJson, errorMsg)); SecurityOptions security_options; security_options.Init(SecurityProbeType::FILE, configJson, &ctx, "input_file_security"); input->Init(configJson, optionalGoPipeline); bool res = ebpf::eBPFServer::GetInstance()->EnablePlugin( - "input_file_security", 0, - nami::PluginType::FILE_SECURITY, - &ctx, - &security_options, input->mPluginMgr); + "input_file_security", 0, nami::PluginType::FILE_SECURITY, &ctx, &security_options, input->mPluginMgr); EXPECT_EQ(std::get(security_options.mOptionList[0].filter_).mFilePathList.size(), 3); EXPECT_TRUE(res); auto conf = ebpf::eBPFServer::GetInstance()->mSourceManager->mConfig.get(); @@ -858,10 +842,7 @@ void eBPFServerUnittest::TestEnableFileSecurePlugin() { input->SetMetricsRecordRef("test", "2"); res = ebpf::eBPFServer::GetInstance()->EnablePlugin( - "input_file_security", 0, - nami::PluginType::FILE_SECURITY, - &ctx, - &security_options, input->mPluginMgr); + "input_file_security", 0, nami::PluginType::FILE_SECURITY, &ctx, &security_options, input->mPluginMgr); EXPECT_TRUE(res); conf = ebpf::eBPFServer::GetInstance()->mSourceManager->mConfig.get(); EXPECT_EQ(conf->plugin_type_, nami::PluginType::FILE_SECURITY); @@ -934,7 +915,7 @@ UNIT_TEST_CASE(eBPFServerUnittest, TestEnableNetworkSecurePlugin) UNIT_TEST_CASE(eBPFServerUnittest, TestEnableFileSecurePlugin) UNIT_TEST_CASE(eBPFServerUnittest, TestInitAndStop) UNIT_TEST_CASE(eBPFServerUnittest, TestEnvManager) -} -} +} // namespace ebpf +} // namespace logtail UNIT_TEST_MAIN diff --git a/core/unittest/input/InputFileSecurityUnittest.cpp b/core/unittest/input/InputFileSecurityUnittest.cpp index 5debaa7409..a9acb471df 100644 --- a/core/unittest/input/InputFileSecurityUnittest.cpp +++ b/core/unittest/input/InputFileSecurityUnittest.cpp @@ -18,12 +18,12 @@ #include "app_config/AppConfig.h" #include "common/JsonUtil.h" -#include "ebpf/config.h" -#include "plugin/input/InputFileSecurity.h" +#include "ebpf/Config.h" +#include "ebpf/eBPFServer.h" #include "pipeline/Pipeline.h" #include "pipeline/PipelineContext.h" +#include "plugin/input/InputFileSecurity.h" #include "unittest/Unittest.h" -#include "ebpf/eBPFServer.h" using namespace std; @@ -88,7 +88,8 @@ void InputFileSecurityUnittest::OnSuccessfulInit() { input->SetMetricsRecordRef("test", "1"); APSARA_TEST_TRUE(input->Init(configJson, optionalGoPipeline)); APSARA_TEST_EQUAL(input->sName, "input_file_security"); - nami::SecurityFileFilter thisFilter1 = std::get(input->mSecurityOptions.mOptionList[0].filter_); + nami::SecurityFileFilter thisFilter1 + = std::get(input->mSecurityOptions.mOptionList[0].filter_); APSARA_TEST_EQUAL("/etc", thisFilter1.mFilePathList[0]); APSARA_TEST_EQUAL("/bin", thisFilter1.mFilePathList[1]); @@ -112,7 +113,8 @@ void InputFileSecurityUnittest::OnSuccessfulInit() { input->SetMetricsRecordRef("test", "1"); APSARA_TEST_TRUE(input->Init(configJson, optionalGoPipeline)); APSARA_TEST_EQUAL(input->sName, "input_file_security"); - nami::SecurityFileFilter thisFilter2 = std::get(input->mSecurityOptions.mOptionList[0].filter_); + nami::SecurityFileFilter thisFilter2 + = std::get(input->mSecurityOptions.mOptionList[0].filter_); APSARA_TEST_EQUAL("/etc/passwd", thisFilter2.mFilePathList[0]); APSARA_TEST_EQUAL("/etc/shadow", thisFilter2.mFilePathList[1]); APSARA_TEST_EQUAL("/bin", thisFilter2.mFilePathList[2]); @@ -139,7 +141,8 @@ void InputFileSecurityUnittest::OnFailedInit() { input->SetMetricsRecordRef("test", "1"); APSARA_TEST_TRUE(input->Init(configJson, optionalGoPipeline)); APSARA_TEST_EQUAL(input->sName, "input_file_security"); - nami::SecurityFileFilter thisFilter = std::get(input->mSecurityOptions.mOptionList[0].filter_); + nami::SecurityFileFilter thisFilter + = std::get(input->mSecurityOptions.mOptionList[0].filter_); APSARA_TEST_EQUAL(0, thisFilter.mFilePathList.size()); // invalid optional param @@ -161,7 +164,8 @@ void InputFileSecurityUnittest::OnFailedInit() { input->SetMetricsRecordRef("test", "1"); APSARA_TEST_TRUE(input->Init(configJson, optionalGoPipeline)); APSARA_TEST_EQUAL(input->sName, "input_file_security"); - nami::SecurityFileFilter thisFilter1 = std::get(input->mSecurityOptions.mOptionList[0].filter_); + nami::SecurityFileFilter thisFilter1 + = std::get(input->mSecurityOptions.mOptionList[0].filter_); APSARA_TEST_EQUAL(0, thisFilter1.mFilePathList.size()); // lose mandatory param @@ -206,7 +210,8 @@ void InputFileSecurityUnittest::OnSuccessfulStart() { input->SetMetricsRecordRef("test", "1"); APSARA_TEST_TRUE(input->Init(configJson, optionalGoPipeline)); APSARA_TEST_TRUE(input->Start()); - string serverPipelineName = ebpf::eBPFServer::GetInstance()->CheckLoadedPipelineName(nami::PluginType::FILE_SECURITY); + string serverPipelineName + = ebpf::eBPFServer::GetInstance()->CheckLoadedPipelineName(nami::PluginType::FILE_SECURITY); string pipelineName = input->GetContext().GetConfigName(); APSARA_TEST_TRUE(serverPipelineName.size() && serverPipelineName == pipelineName); } @@ -234,7 +239,8 @@ void InputFileSecurityUnittest::OnSuccessfulStop() { input->SetMetricsRecordRef("test", "1"); APSARA_TEST_TRUE(input->Init(configJson, optionalGoPipeline)); APSARA_TEST_TRUE(input->Start()); - string serverPipelineName = ebpf::eBPFServer::GetInstance()->CheckLoadedPipelineName(nami::PluginType::FILE_SECURITY); + string serverPipelineName + = ebpf::eBPFServer::GetInstance()->CheckLoadedPipelineName(nami::PluginType::FILE_SECURITY); string pipelineName = input->GetContext().GetConfigName(); APSARA_TEST_TRUE(serverPipelineName.size() && serverPipelineName == pipelineName); APSARA_TEST_TRUE(input->Stop(false)); @@ -246,7 +252,7 @@ void InputFileSecurityUnittest::OnSuccessfulStop() { } UNIT_TEST_CASE(InputFileSecurityUnittest, TestName) -UNIT_TEST_CASE(InputFileSecurityUnittest, TestSupportAck) +UNIT_TEST_CASE(InputFileSecurityUnittest, TestSupportAck) UNIT_TEST_CASE(InputFileSecurityUnittest, OnSuccessfulInit) UNIT_TEST_CASE(InputFileSecurityUnittest, OnFailedInit) UNIT_TEST_CASE(InputFileSecurityUnittest, OnSuccessfulStart) diff --git a/core/unittest/input/InputNetworkObserverUnittest.cpp b/core/unittest/input/InputNetworkObserverUnittest.cpp index f6e4c7b6ef..1ec6688984 100644 --- a/core/unittest/input/InputNetworkObserverUnittest.cpp +++ b/core/unittest/input/InputNetworkObserverUnittest.cpp @@ -16,12 +16,12 @@ #include "app_config/AppConfig.h" #include "common/JsonUtil.h" -#include "ebpf/config.h" -#include "plugin/input/InputNetworkObserver.h" +#include "ebpf/Config.h" +#include "ebpf/eBPFServer.h" #include "pipeline/Pipeline.h" #include "pipeline/PipelineContext.h" +#include "plugin/input/InputNetworkObserver.h" #include "unittest/Unittest.h" -#include "ebpf/eBPFServer.h" using namespace std; @@ -173,7 +173,8 @@ void InputNetworkObserverUnittest::OnSuccessfulStart() { input->SetMetricsRecordRef("test", "1"); APSARA_TEST_TRUE(input->Init(configJson, optionalGoPipeline)); APSARA_TEST_TRUE(input->Start()); - string serverPipelineName = ebpf::eBPFServer::GetInstance()->CheckLoadedPipelineName(nami::PluginType::NETWORK_OBSERVE); + string serverPipelineName + = ebpf::eBPFServer::GetInstance()->CheckLoadedPipelineName(nami::PluginType::NETWORK_OBSERVE); string pipelineName = input->GetContext().GetConfigName(); APSARA_TEST_TRUE(serverPipelineName.size() && serverPipelineName == pipelineName); } @@ -203,7 +204,8 @@ void InputNetworkObserverUnittest::OnSuccessfulStop() { input->SetMetricsRecordRef("test", "1"); APSARA_TEST_TRUE(input->Init(configJson, optionalGoPipeline)); APSARA_TEST_TRUE(input->Start()); - string serverPipelineName = ebpf::eBPFServer::GetInstance()->CheckLoadedPipelineName(nami::PluginType::NETWORK_OBSERVE); + string serverPipelineName + = ebpf::eBPFServer::GetInstance()->CheckLoadedPipelineName(nami::PluginType::NETWORK_OBSERVE); string pipelineName = input->GetContext().GetConfigName(); APSARA_TEST_TRUE(serverPipelineName.size() && serverPipelineName == pipelineName); APSARA_TEST_TRUE(input->Stop(false)); diff --git a/core/unittest/input/InputNetworkSecurityUnittest.cpp b/core/unittest/input/InputNetworkSecurityUnittest.cpp index 9fc34416b6..23e264ba55 100644 --- a/core/unittest/input/InputNetworkSecurityUnittest.cpp +++ b/core/unittest/input/InputNetworkSecurityUnittest.cpp @@ -16,12 +16,12 @@ #include "app_config/AppConfig.h" #include "common/JsonUtil.h" -#include "ebpf/config.h" -#include "plugin/input/InputNetworkSecurity.h" +#include "ebpf/Config.h" +#include "ebpf/eBPFServer.h" #include "pipeline/Pipeline.h" #include "pipeline/PipelineContext.h" +#include "plugin/input/InputNetworkSecurity.h" #include "unittest/Unittest.h" -#include "ebpf/eBPFServer.h" using namespace std; diff --git a/core/unittest/input/InputProcessSecurityUnittest.cpp b/core/unittest/input/InputProcessSecurityUnittest.cpp index c7be48b031..4fd25d65dc 100644 --- a/core/unittest/input/InputProcessSecurityUnittest.cpp +++ b/core/unittest/input/InputProcessSecurityUnittest.cpp @@ -16,12 +16,12 @@ #include "app_config/AppConfig.h" #include "common/JsonUtil.h" -#include "ebpf/config.h" -#include "plugin/input/InputProcessSecurity.h" +#include "ebpf/Config.h" +#include "ebpf/eBPFServer.h" #include "pipeline/Pipeline.h" #include "pipeline/PipelineContext.h" +#include "plugin/input/InputProcessSecurity.h" #include "unittest/Unittest.h" -#include "ebpf/eBPFServer.h" using namespace std;