-
Notifications
You must be signed in to change notification settings - Fork 96
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch to sys_bind to support more platforms #615
Conversation
@@ -82,6 +82,10 @@ func (p *Tracer) UProbes() map[string]map[string]ebpfcommon.FunctionPrograms { | |||
return nil | |||
} | |||
|
|||
func (p *Tracer) Tracepoints() map[string]ebpfcommon.FunctionPrograms { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added support for tracepoints too. I had forgotten that the old helper I used was reading kernel memory only and it was useful to confirm what the addresses of the values were with a tracepoint. I've had to do this a few times in the past, so I keep adding and removing tracepoint support. I decided to add it and keep it for now. We have no tracepoints yet, but it might be useful again in the future.
We also have this outstanding issue where kretprobes can be unreliable, so maybe switching to a tracepoint exit on those would be better.
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #615 +/- ##
==========================================
- Coverage 79.83% 79.32% -0.51%
==========================================
Files 70 70
Lines 5946 5989 +43
==========================================
+ Hits 4747 4751 +4
- Misses 976 1008 +32
- Partials 223 230 +7
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I gave a try with Colima on M1 MacOS and worked perfectly.
Amazing job!
Thanks Mario! |
We used to tap into
security_socket_bind
for tracking new opened sockets. It was more convenient, since it required one less dereference of memory, e.g. trackingsys_bind
directly requires unwrapping the register context for the syscall.However, some vendors seem to build with more aggressive compiler options, e.g. WSL2 and Docker VM images and this security_socket_bind call appears to be inlined sometimes.
This PR switches the kprobe to run on
sys_bind
.Closes #590
@mariomac if would be great if you see if this works properly on your setup too. I tested only on Windows Subsystem for Linux Ubuntu.