deepflowio / deepflow

eBPF Observability - Distributed Tracing and Profiling
https://deepflow.io
Apache License 2.0
2.98k stars 333 forks source link

feat: agent - eBPF Set the full path for file reading and writing #8486

Closed yinjiping closed 4 days ago

yinjiping commented 2 weeks ago

This PR is for:

Affected branches

yinjiping commented 4 days ago

下面是测试数据:

+ --------------------------------- +
2024-11-18 15:37:48.855783 [datadump] SEQ 5925 <Unknown> DIR out TYPE unknown(7) PID 12558 THREAD_ID 12558 COROUTINE_ID 0 ROLE unknown CONTAINER_ID null SOURCE 4 COMM find Unknow 0.0.0.0.0 > 0.0.0.0.0 LEN 47 SYSCALL_LEN 1044 SOCKET_ID 0 TRACE_ID 0 TCP_SEQ 0 DATA_SEQ 0 TLS false KernCapTime 2024-11-18 15:37:48.799092 KernMonoTime 706700657153 us
bytes_count=[2502]
operation=[1]
latency=[6199]
filename=[/usr/share/locale/locale.alias](len 31)
+ --------------------------------- +
+ --------------------------------- +
2024-11-18 15:37:48.855808 [datadump] SEQ 5926 <Unknown> DIR out TYPE unknown(7) PID 12087 THREAD_ID 8416 COROUTINE_ID 0 ROLE unknown CONTAINER_ID 2318ad9aceb72217a082ad91cd5c4636dfa2acea80131716d785f10d8df10d7a SOURCE 4 COMM PyroscopeProfil Unknow 0.0.0.0.0 > 0.0.0.0.0 LEN 24 SYSCALL_LEN 1044 SOCKET_ID 0 TRACE_ID 0 TCP_SEQ 0 DATA_SEQ 0 TLS false KernCapTime 2024-11-18 15:37:48.793553 KernMonoTime 706700651614 us
bytes_count=[328]
operation=[1]
latency=[13705]
filename=[/1/stat](len 8)
+ --------------------------------- +
+ --------------------------------- +
2024-11-18 15:38:00.236242 [datadump] SEQ 217799 <Unknown> DIR out TYPE unknown(7) PID 12884 THREAD_ID 14051 COROUTINE_ID 0 ROLE unknown CONTAINER_ID 08bf33cd05447b0ee7272154b7e6cb513f91c6a3ba7ba2902bb93598844a1726 SOURCE 4 COMM java Unknow 0.0.0.0.0 > 0.0.0.0.0 LEN 227 SYSCALL_LEN 1044 SOCKET_ID 0 TRACE_ID 0 TCP_SEQ 0 DATA_SEQ 0 TLS false KernCapTime 2024-11-18 15:38:00.235315 KernMonoTime 706712093377 us
bytes_count=[3]
operation=[1]
latency=[2715]
filename=[/prockubepods-besteffort.slice/kubepods-besteffort-podcb6e8f65_00e6_4dc7_aed7_4c7b98ade79a.slice/cri-containerd-08bf33cd05447b0ee7272154b7e6cb513f91c6a3ba7ba2902bb93598844a1726.scope/cpu.cfs_quota_us](len 211)
+ --------------------------------- +

有几点说明:

目前获取挂载点比较麻烦,内核结构偏移量是变化的不确定,适配内核太麻烦, 这个PR没有把挂载点拿到稍有遗憾,如果不是HOST节点的挂载点,需要自行确认下访问路径。