grafana · grcevski · Jun 8, 2023 · Jun 7, 2023 · Jun 7, 2023 · Jun 7, 2023
@@ -62,6 +62,36 @@ int BPF_KRETPROBE(kretprobe_sock_alloc, struct socket *sock) {
     return 0;
 }
 
+// We tap into accept and connect to figure out if a request is inbound or
+// outbound. However, in some cases servers can optimise the accept path if
+// the same request is sent over and over. For that reason, in case we miss the
+// initial accept, we establish an active filtered connection here. By default
+// sets the type to be server HTTP, in client mode we'll overwrite the 
+// data in the map, since those cannot be optimised.
+SEC("kprobe/tcp_rcv_established")
+int BPF_KPROBE(kprobe_tcp_rcv_established, struct sock *sk, struct sk_buff *skb) {
+    u64 id = bpf_get_current_pid_tgid();
+
+    if (!valid_pid(id)) {
+        return 0;
+    }
+
+    connection_info_t info = {};
+
+    if (parse_sock_info(sk, &info)) {
+        sort_connection_info(&info);
+        //dbg_print_http_connection_info(&info);
+
+        http_connection_metadata_t meta = {};
+        meta.id = id;
+        meta.type = EVENT_HTTP_REQUEST;
+        bpf_map_update_elem(&filtered_connections, &info, &meta, BPF_NOEXIST); // On purpose BPF_NOEXIST, we don't want to overwrite data by accept or connect
+    }
+
+
+    return 0;
+}
+
 // We tap into both sys_accept and sys_accept4.
 // We don't care about the accept entry arguments, since we get only peer information
 // we don't have the full picture for the socket.

@@ -102,6 +102,10 @@ func (p *Tracer) KProbes() map[string]ebpfcommon.FunctionPrograms {
 			Required: true,
 			End:      p.bpfObjects.KretprobeSockAlloc,
 		},
+		"tcp_rcv_established": {
+			Required: true,
+			Start:    p.bpfObjects.KprobeTcpRcvEstablished,
+		},
 		// Tracking of HTTP client calls, by tapping into connect
 		"sys_connect": {
 			Required: true,

@@ -14,8 +14,12 @@ RUN cargo build --release
 # The App Image
 FROM ubuntu:latest
 
+#RUN apt update
+#RUN apt install strace -y
+
 EXPOSE 8090
 
 # Copy the native executable into the containers
 COPY --from=rustbuilder /build/test/integration/components/rusttestserver/target/release/greetings ./greetings
-ENTRYPOINT ["/greetings"]
+ENTRYPOINT ["/greetings"]
+#CMD [ "strace", "-f", "/greetings" ]
@@ -1,5 +1,4 @@
 use actix_web::{middleware, web, App, HttpResponse, HttpServer};
-use actix_web::http::header::ContentType;
 use serde::{Deserialize, Serialize};
 
 #[derive(Debug, Serialize, Deserialize)]
@@ -15,7 +14,7 @@ async fn greeting(item: web::Json<MyObj>) -> HttpResponse {
 }
 
 async fn smoke() -> HttpResponse {
-    HttpResponse::Ok().content_type(ContentType::plaintext()).body("hello")
+    HttpResponse::Ok().into()
 }
 
 #[actix_web::main]

@@ -1,14 +1,14 @@
 version: '3.8'
 
 services:
-  javatestserver:
+  testserver:
     image: grcevski/tests:greeting${JAVA_TEST_MODE}
     ports:
       - "8086:8085"
     environment:
       LOG_LEVEL: DEBUG
 
-  javaautoinstrumenter:
+  autoinstrumenter:
     build:
       context: ../..
       dockerfile: ./test/integration/components/otelauto/Dockerfile
@@ -58,7 +58,7 @@ services:
       - "9464"          # Prometheus exporter
       - "8888"          # metrics endpoint
     depends_on:
-      javaautoinstrumenter:
+      autoinstrumenter:
         condition: service_started
       prometheus:
         condition: service_started

@@ -1,14 +1,14 @@
 version: '3.8'
 
 services:
-  javatestserver:
+  testserver:
     image: grcevski/tests:greeting${JAVA_TEST_MODE}
     ports:
       - "8086:8085"
     environment:
       LOG_LEVEL: DEBUG
 
-  javaautoinstrumenter:
+  autoinstrumenter:
     build:
       context: ../..
       dockerfile: ./test/integration/components/otelauto/Dockerfile
@@ -21,8 +21,8 @@ services:
       - ../../testoutput/run:/var/run/otelauto
     image: hatest-javaautoinstrumenter
     privileged: true # in some environments (not GH Pull Requests) you can set it to false and then cap_add: [ SYS_ADMIN ]
-    network_mode: "service:javatestserver"
-    pid: "service:javatestserver"
+    network_mode: "service:testserver"
+    pid: "service:testserver"
     environment:
       GOCOVERDIR: "/coverage"
       PRINT_TRACES: "true"
@@ -38,7 +38,7 @@ services:
       METRICS_REPORT_TARGET: "true"
       METRICS_REPORT_PEER: "true"
     depends_on:
-      javatestserver:
+      testserver:
         condition: service_started
 
   # OpenTelemetry Collector
@@ -59,7 +59,7 @@ services:
       - "9464"          # Prometheus exporter
       - "8888"          # metrics endpoint
     depends_on:
-      javaautoinstrumenter:
+      autoinstrumenter:
         condition: service_started
       prometheus:
         condition: service_started

@@ -1,14 +1,14 @@
 version: '3.8'
 
 services:
-  javatestserver:
+  testserver:
     image: grcevski/tests:greeting${JAVA_TEST_MODE}
     ports:
       - "8086:8085"
     environment:
       LOG_LEVEL: DEBUG
 
-  javaautoinstrumenter:
+  autoinstrumenter:
     build:
       context: ../..
       dockerfile: ./test/integration/components/otelauto/Dockerfile
@@ -21,7 +21,7 @@ services:
       - ../../testoutput/run:/var/run/otelauto
     image: hatest-javaautoinstrumenter
     privileged: true # in some environments (not GH Pull Requests) you can set it to false and then cap_add: [ SYS_ADMIN ]
-    network_mode: "service:javatestserver"
+    network_mode: "service:testserver"
     pid: "host"
     environment:
       GOCOVERDIR: "/coverage"
@@ -38,7 +38,7 @@ services:
       METRICS_REPORT_TARGET: "true"
       METRICS_REPORT_PEER: "true"
     depends_on:
-      javatestserver:
+      testserver:
         condition: service_started
 
   # OpenTelemetry Collector
@@ -59,7 +59,7 @@ services:
       - "9464"          # Prometheus exporter
       - "8888"          # metrics endpoint
     depends_on:
-      javaautoinstrumenter:
+      autoinstrumenter:
         condition: service_started
       prometheus:
         condition: service_started