diff options
| author | thiagoftsm <thiagoftsm@gmail.com> | 2020-12-04 08:39:24 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-12-04 11:39:24 +0300 |
| commit | c195837dfeeda2832b499cf77f0928054e39ace7 (patch) | |
| tree | 870c4efc41cddb8f2ae40c12f0d1facfa704e87c | |
| parent | f5af54e03bdb710839e5befe51af7cf551a1762e (diff) | |
eBPF synchronization (#10299)
Co-authored-by: Joel Hans <joel.g.hans@gmail.com>
| -rw-r--r-- | collectors/ebpf.plugin/README.md | 18 | ||||
| -rw-r--r-- | collectors/ebpf.plugin/ebpf.c | 57 | ||||
| -rw-r--r-- | collectors/ebpf.plugin/ebpf.conf | 36 | ||||
| -rw-r--r-- | collectors/ebpf.plugin/ebpf.h | 2 | ||||
| -rw-r--r-- | collectors/ebpf.plugin/ebpf_apps.h | 4 | ||||
| -rw-r--r-- | collectors/ebpf.plugin/ebpf_process.c | 28 | ||||
| -rw-r--r-- | web/gui/dashboard_info.js | 37 |
7 files changed, 106 insertions, 76 deletions
diff --git a/collectors/ebpf.plugin/README.md b/collectors/ebpf.plugin/README.md index 30156c761a..0e8ceada43 100644 --- a/collectors/ebpf.plugin/README.md +++ b/collectors/ebpf.plugin/README.md @@ -175,12 +175,12 @@ When the integration is enabled, your dashboard will also show the following cha - eBPF net - Number of bytes transmited per seconds. -If you want to _disable_ the integration with `apps.plugin` along with the above charts, change the setting `disable -apps` to `yes`. +If you want to _disable_ the integration with `apps.plugin` along with the above charts, change the setting `apps` to +`no`. ```conf [global] - disable apps = yes + apps = yes ``` ### `[ebpf programs]` @@ -192,12 +192,12 @@ The eBPF collector enables and runs the following eBPF programs by default: - `network viewer`: This eBPF program creates charts with information about `TCP` and `UDP` functions, including the bandwidth consumed by each. -### `[network viewer]` +### `[network connections]` You can configure the information shown on `outbound` and `inbound` charts with the settings in this section. ```conf -[network viewer] +[network connections] maximum dimensions = 500 resolve hostname ips = no ports = 1-1024 !145 !domain @@ -221,8 +221,8 @@ The following options are available: range of IPs, or use CIDR values. The default behavior is to only collect data for private IP addresess, but this can be changed with the `ips` setting. -By default, Netdata displays up to 500 dimensions on network viewer charts. If there are more possible dimensions, they -will be bundled into the `other` dimension. You can increase the number of shown dimensions by changing the `maximum +By default, Netdata displays up to 500 dimensions on network connection charts. If there are more possible dimensions, +they will be bundled into the `other` dimension. You can increase the number of shown dimensions by changing the `maximum dimensions` setting. The dimensions for the traffic charts are created using the destination IPs of the sockets by default. This can be @@ -231,11 +231,11 @@ the `hostnames` every time that is possible to resolve IPs to their hostnames. ### `[service name]` -Netdata uses the list of services in `/etc/services` to plot network viewer charts. If this file does not contain the +Netdata uses the list of services in `/etc/services` to plot network connection charts. If this file does not contain the name for a particular service you use in your infrastructure, you will need to add it to the `[service name]` section. For example, Netdata's default port (`19999`) is not listed in `/etc/services`. To associate that port with the Netdata -service in network viewer charts, and thus see the name of the service instead of its port, define it: +service in network connection charts, and thus see the name of the service instead of its port, define it: ```conf [service name] diff --git a/collectors/ebpf.plugin/ebpf.c b/collectors/ebpf.plugin/ebpf.c index 51ec7d9846..dba20598e2 100644 --- a/collectors/ebpf.plugin/ebpf.c +++ b/collectors/ebpf.plugin/ebpf.c @@ -107,7 +107,7 @@ ebpf_module_t ebpf_modules[] = { { .thread_name = "process", .config_name = "process", .enabled = 0, .start_routine = ebpf_process_thread, .update_time = 1, .global_charts = 1, .apps_charts = 1, .mode = MODE_ENTRY, .probes = process_probes, .optional = 0 }, - { .thread_name = "socket", .config_name = "network viewer", .enabled = 0, .start_routine = ebpf_socket_thread, + { .thread_name = "socket", .config_name = "socket", .enabled = 0, .start_routine = ebpf_socket_thread, .update_time = 1, .global_charts = 1, .apps_charts = 1, .mode = MODE_ENTRY, .probes = socket_probes, .optional = 0 }, { .thread_name = NULL, .enabled = 0, .start_routine = NULL, .update_time = 1, @@ -863,25 +863,6 @@ static inline void how_to_load(char *ptr) } /** - * Parse disable apps option - * - * @param ptr the option given by users - * - * @return It returns 1 to disable the charts or 0 otherwise. - */ -static inline int parse_disable_apps(char *ptr) -{ - if (!strcasecmp(ptr, "yes")) { - ebpf_disable_apps(); - return 1; - } else if (strcasecmp(ptr, "no") != 0) { - error("The option %s for \"disable apps\" is not a valid option.", ptr); - } - - return 0; -} - -/** * Fill Port list * * @param out a pointer to the link list. @@ -1556,12 +1537,12 @@ static void parse_network_viewer_section() network_viewer_opt.hostname_resolution_enabled = appconfig_get_boolean(&collector_config, EBPF_NETWORK_VIEWER_SECTION, "resolve hostnames", - 0); + CONFIG_BOOLEAN_NO); network_viewer_opt.service_resolution_enabled = appconfig_get_boolean(&collector_config, EBPF_NETWORK_VIEWER_SECTION, "resolve service names", - 0); + CONFIG_BOOLEAN_NO); char *value = appconfig_get(&collector_config, EBPF_NETWORK_VIEWER_SECTION, "ports", NULL); @@ -1575,7 +1556,7 @@ static void parse_network_viewer_section() } value = appconfig_get(&collector_config, EBPF_NETWORK_VIEWER_SECTION, - "ips", "!127.0.0.1/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 fc00::/7"); + "ips", "!127.0.0.1/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 fc00::/7 !::1/128"); parse_ips(value); } @@ -1674,19 +1655,33 @@ static void read_collector_values(int *disable_apps) how_to_load(value); - value = appconfig_get(&collector_config, EBPF_GLOBAL_SECTION, "disable apps", "no"); - *disable_apps = parse_disable_apps(value); + // This is kept to keep compatibility + uint32_t enabled = appconfig_get_boolean(&collector_config, EBPF_GLOBAL_SECTION, "disable apps", + CONFIG_BOOLEAN_NO); + if (!enabled) { + // Apps is a positive sentence, so we need to invert the values to disable apps. + enabled = appconfig_get_boolean(&collector_config, EBPF_GLOBAL_SECTION, "apps", + CONFIG_BOOLEAN_YES); + enabled = (enabled == CONFIG_BOOLEAN_NO)?CONFIG_BOOLEAN_YES:CONFIG_BOOLEAN_NO; + } + *disable_apps = (int)enabled; // Read ebpf programs section - uint32_t enabled = appconfig_get_boolean(&collector_config, EBPF_PROGRAMS_SECTION, ebpf_modules[0].config_name, - 1); + enabled = appconfig_get_boolean(&collector_config, EBPF_PROGRAMS_SECTION, + ebpf_modules[0].config_name, CONFIG_BOOLEAN_YES); int started = 0; if (enabled) { ebpf_enable_chart(EBPF_MODULE_PROCESS_IDX, *disable_apps); started++; } - enabled = appconfig_get_boolean(&collector_config, EBPF_PROGRAMS_SECTION, ebpf_modules[1].config_name, 1); + // This is kept to keep compatibility + enabled = appconfig_get_boolean(&collector_config, EBPF_PROGRAMS_SECTION, "network viewer", + CONFIG_BOOLEAN_NO); + if (!enabled) + enabled = appconfig_get_boolean(&collector_config, EBPF_PROGRAMS_SECTION, ebpf_modules[1].config_name, + CONFIG_BOOLEAN_NO); + if (enabled) { ebpf_enable_chart(EBPF_MODULE_SOCKET_IDX, *disable_apps); // Read network viewer section if network viewer is enabled @@ -1695,8 +1690,12 @@ static void read_collector_values(int *disable_apps) started++; } + // This is kept to keep compatibility enabled = appconfig_get_boolean(&collector_config, EBPF_PROGRAMS_SECTION, "network connection monitoring", - 0); + CONFIG_BOOLEAN_NO); + if (!enabled) + enabled = appconfig_get_boolean(&collector_config, EBPF_PROGRAMS_SECTION, "network connections", + CONFIG_BOOLEAN_NO); ebpf_modules[1].optional = enabled; if (!started){ diff --git a/collectors/ebpf.plugin/ebpf.conf b/collectors/ebpf.plugin/ebpf.conf index 4e935700fa..3a5b77395d 100644 --- a/collectors/ebpf.plugin/ebpf.conf +++ b/collectors/ebpf.plugin/ebpf.conf @@ -1,18 +1,44 @@ +# +# Global options +# +# The `ebpf load mode` option accepts the following values : +# `entry` : The eBPF collector only monitors calls for the functions, and does not show charts related to errors. +# `return : In the `return` mode, the eBPF collector monitors the same kernel functions as `entry`, but also creates +# new charts for the return of these functions, such as errors. +# +# The eBPF collector also creates charts for each running application through an integration with the `apps plugin`. +# If you want to disable the integration with `apps.plugin` along with the above charts, change the setting `apps` to +# 'no'. +# [global] ebpf load mode = entry - disable apps = no + apps = yes +# +# eBPF Programs +# +# The eBPF collector enables and runs the following eBPF programs by default: +# +# `process` : This eBPF program creates charts that show information about process creation, VFS IO, and +# files removed. +# `socket` : This eBPF program creates charts with information about `TCP` and `UDP` functions, including the +# bandwidth consumed by each. [ebpf programs] process = yes - network viewer = yes - network connection monitoring = no + socket = yes + network connections = no -[network viewer] +# +# Network Connection +# +# This is a feature with status WIP(Work in Progress) +# +[network connections] maximum dimensions = 50 resolve hostnames = no resolve service names = no ports = * - ips = !127.0.0.1/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 fc00::/7 + ips = !127.0.0.1/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 fc00::/7 !::1/128 hostnames = * [service name] diff --git a/collectors/ebpf.plugin/ebpf.h b/collectors/ebpf.plugin/ebpf.h index ebf6a4292a..a492b8b3fb 100644 --- a/collectors/ebpf.plugin/ebpf.h +++ b/collectors/ebpf.plugin/ebpf.h @@ -167,7 +167,7 @@ extern void write_end_chart(); #define EBPF_GLOBAL_SECTION "global" #define EBPF_PROGRAMS_SECTION "ebpf programs" -#define EBPF_NETWORK_VIEWER_SECTION "network viewer" +#define EBPF_NETWORK_VIEWER_SECTION "network connections" #define EBPF_SERVICE_NAME_SECTION "service name" #define EBPF_COMMON_DIMENSION_CALL "calls" diff --git a/collectors/ebpf.plugin/ebpf_apps.h b/collectors/ebpf.plugin/ebpf_apps.h index 24b0ab7c21..47741c9041 100644 --- a/collectors/ebpf.plugin/ebpf_apps.h +++ b/collectors/ebpf.plugin/ebpf_apps.h @@ -11,7 +11,9 @@ #include "libnetdata/ebpf/ebpf.h" #define NETDATA_APPS_FAMILY "apps" -#define NETDATA_APPS_SYSCALL_GROUP "ebpf syscall" +#define NETDATA_APPS_FILE_GROUP "ebpf file" +#define NETDATA_APPS_VFS_GROUP "ebpf vfs" +#define NETDATA_APPS_PROCESS_GROUP "ebpf process" #define NETDATA_APPS_NET_GROUP "ebpf net" #include "ebpf_process.h" diff --git a/collectors/ebpf.plugin/ebpf_process.c b/collectors/ebpf.plugin/ebpf_process.c index b9d431d10f..a6a4d38a0b 100644 --- a/collectors/ebpf.plugin/ebpf_process.c +++ b/collectors/ebpf.plugin/ebpf_process.c @@ -659,7 +659,7 @@ static void ebpf_process_create_apps_charts(ebpf_module_t *em, struct target *ro ebpf_create_charts_on_apps(NETDATA_SYSCALL_APPS_FILE_OPEN, "Number of open files", EBPF_COMMON_DIMENSION_CALL, - NETDATA_APPS_SYSCALL_GROUP, + NETDATA_APPS_FILE_GROUP, 20061, root); @@ -667,7 +667,7 @@ static void ebpf_process_create_apps_charts(ebpf_module_t *em, struct target *ro ebpf_create_charts_on_apps(NETDATA_SYSCALL_APPS_FILE_OPEN_ERROR, "Fails to open files", EBPF_COMMON_DIMENSION_CALL, - NETDATA_APPS_SYSCALL_GROUP, + NETDATA_APPS_FILE_GROUP, 20062, root); } @@ -675,7 +675,7 @@ static void ebpf_process_create_apps_charts(ebpf_module_t *em, struct target *ro ebpf_create_charts_on_apps(NETDATA_SYSCALL_APPS_FILE_CLOSED, "Files closed", EBPF_COMMON_DIMENSION_CALL, - NETDATA_APPS_SYSCALL_GROUP, + NETDATA_APPS_FILE_GROUP, 20063, root); @@ -683,7 +683,7 @@ static void ebpf_process_create_apps_charts(ebpf_module_t *em, struct target *ro ebpf_create_charts_on_apps(NETDATA_SYSCALL_APPS_FILE_CLOSE_ERROR, "Fails to close files", EBPF_COMMON_DIMENSION_CALL, - NETDATA_APPS_SYSCALL_GROUP, + NETDATA_APPS_FILE_GROUP, 20064, root); } @@ -691,14 +691,14 @@ static void ebpf_process_create_apps_charts(ebpf_module_t *em, struct target *ro ebpf_create_charts_on_apps(NETDATA_SYSCALL_APPS_FILE_DELETED, "Files deleted", EBPF_COMMON_DIMENSION_CALL, - NETDATA_APPS_SYSCALL_GROUP, + NETDATA_APPS_VFS_GROUP, 20065, root); ebpf_create_charts_on_apps(NETDATA_SYSCALL_APPS_VFS_WRITE_CALLS, "Write to disk", EBPF_COMMON_DIMENSION_CALL, - NETDATA_APPS_SYSCALL_GROUP, + NETDATA_APPS_VFS_GROUP, 20066, apps_groups_root_target); @@ -706,7 +706,7 @@ static void ebpf_process_create_apps_charts(ebpf_module_t *em, struct target *ro ebpf_create_charts_on_apps(NETDATA_SYSCALL_APPS_VFS_WRITE_CALLS_ERROR, "Fails to write", EBPF_COMMON_DIMENSION_CALL, - NETDATA_APPS_SYSCALL_GROUP, + NETDATA_APPS_VFS_GROUP, 20067, root); } @@ -714,7 +714,7 @@ static void ebpf_process_create_apps_charts(ebpf_module_t *em, struct target *ro ebpf_create_charts_on_apps(NETDATA_SYSCALL_APPS_VFS_READ_CALLS, "Read from disk", EBPF_COMMON_DIMENSION_CALL, - NETDATA_APPS_SYSCALL_GROUP, + NETDATA_APPS_VFS_GROUP, 20068, root); @@ -722,7 +722,7 @@ static void ebpf_process_create_apps_charts(ebpf_module_t *em, struct target *ro ebpf_create_charts_on_apps(NETDATA_SYSCALL_APPS_VFS_READ_CALLS_ERROR, "Fails to read", EBPF_COMMON_DIMENSION_CALL, - NETDATA_APPS_SYSCALL_GROUP, + NETDATA_APPS_VFS_GROUP, 20069, root); } @@ -730,35 +730,35 @@ static void ebpf_process_create_apps_charts(ebpf_module_t *em, struct target *ro ebpf_create_charts_on_apps(NETDATA_SYSCALL_APPS_VFS_WRITE_BYTES, "Bytes written on disk", EBPF_COMMON_DIMENSION_BYTESS, - NETDATA_APPS_SYSCALL_GROUP, + NETDATA_APPS_VFS_GROUP, 20070, root); ebpf_create_charts_on_apps(NETDATA_SYSCALL_APPS_VFS_READ_BYTES, "Bytes read from disk", EBPF_COMMON_DIMENSION_BYTESS, - NETDATA_APPS_SYSCALL_GROUP, + NETDATA_APPS_VFS_GROUP, 20071, root); ebpf_create_charts_on_apps(NETDATA_SYSCALL_APPS_TASK_PROCESS, "Process started", EBPF_COMMON_DIMENSION_CALL, - NETDATA_APPS_SYSCALL_GROUP, + NETDATA_APPS_PROCESS_GROUP, 20072, root); ebpf_create_charts_on_apps(NETDATA_SYSCALL_APPS_TASK_THREAD, "Threads started", EBPF_COMMON_DIMENSION_CALL, - NETDATA_APPS_SYSCALL_GROUP, + NETDATA_APPS_PROCESS_GROUP, 20073, root); ebpf_create_charts_on_apps(NETDATA_SYSCALL_APPS_TASK_CLOSE, "Tasks closed", EBPF_COMMON_DIMENSION_CALL, - NETDATA_APPS_SYSCALL_GROUP, + NETDATA_APPS_PROCESS_GROUP, 20074, root); } diff --git a/web/gui/dashboard_info.js b/web/gui/dashboard_info.js index 0e9def1ca3..16d409cd69 100644 --- a/web/gui/dashboard_info.js +++ b/web/gui/dashboard_info.js @@ -1105,67 +1105,70 @@ netdataDashboard.context = { }, 'apps.file_open': { - height: 2.0 + info: 'Calls to the internal function <code>do_sys_open</code>, which is the common function called from' + + ' <a href="https://www.man7.org/linux/man-pages/man2/open.2.html" target="_blank">open(2)</a> ' + + ' and <a href="https://www.man7.org/linux/man-pages/man2/openat.2.html" target="_blank">openat(2)</a>. ' }, 'apps.file_open_error': { - height: 2.0 + info: 'Failed calls to the internal function <code>do_sys_open</code>.' }, 'apps.file_closed': { - height: 2.0 + info: 'Calls to the internal function <code>__close_fd</code>, which is called from' + + ' <a href="https://www.man7.org/linux/man-pages/man2/close.2.html" target="_blank">close(2)</a>. ' }, 'apps.file_close_error': { - height: 2.0 + info: 'Failed calls to the internal function <code>__close_fd</code>.' }, 'apps.file_deleted': { - height: 2.0 + info: 'Calls to the function <code>vfs_unlink</code>. This chart does not show all events that remove files from the filesystem, because filesystems can create their own functions to remove files.' }, 'apps.vfs_write_call': { - height: 2.0 + info: 'Successful calls to the function <code>vfs_write</code>. This chart may not show all filesystem events if it uses other functions to store data on disk.' }, 'apps.vfs_write_error': { - height: 2.0 + info: 'Failed calls to the function <code>vfs_write</code>. This chart may not show all filesystem events if it uses other functions to store data on disk.' }, 'apps.vfs_read_call': { - height: 2.0 + info: 'Successful calls to the function <code>vfs_read</code>. This chart may not show all filesystem events if it uses other functions to store data on disk.' }, 'apps.vfs_read_error': { - height: 2.0 + info: 'Failed calls to the function <code>vfs_read</code>. This chart may not show all filesystem events if it uses other functions to store data on disk.' }, 'apps.vfs_write_bytes': { - height: 2.0 + info: 'Total of bytes successfully written using the function <code>vfs_write</code>.' }, 'apps.vfs_read_bytes': { - height: 2.0 + info: 'Total of bytes successfully read using the function <code>vfs_read</code>.' }, 'apps.process_create': { - height: 2.0 + info: 'Calls to the function <code>do_fork</code> to create a new task, which is the common name used to define process and tasks inside the kernel. Netdata identifies the process by counting the number of calls to <code>sys_clone</code> that do not have the flag <code>CLONE_THREAD</code> set.' }, 'apps.thread_create': { - height: 2.0 + info: 'Calls to the function <code>do_fork</code> to create a new task, which is the common name used to define process and tasks inside the kernel. Netdata identifies the threads by counting the number of calls to <code>sys_clone</code> that have the flag <code>CLONE_THREAD</code> set.' }, 'apps.task_close': { - height: 2.0 + info: 'Calls to the functions responsible for closing (<code>do_exit</code>) and releasing (<code>release_task</code>) tasks.' }, 'apps.bandwidth_sent': { - height: 2.0 + info: 'Bytes sent by functions <code>tcp_sendmsg</code> and <code>udp_sendmsg</code>.' }, 'apps.bandwidth_recv': { - height: 2.0 + info: 'Bytes received by functions <code>tcp_cleanup_rbuf</code> and <code>udp_recvmsg</code>.' }, // ------------------------------------------------------------------------ @@ -3302,7 +3305,7 @@ netdataDashboard.context = { 'ebpf.io_bytes': { title : 'VFS bytes written', - info: 'Total of bytes read or written with success using the functions <code>vfs_read</code> and <code>vfs_write</code>.' + info: 'Total of bytes read or written with success using the functions <code>vfs_read</code> and <code>vfs_write</code>.' }, 'ebpf.io_error': { |