Fixed #TASK_GK-2944 java横向串联

containers/container.go

@@ -2,6 +2,7 @@ package containers
 
 import (
 	"os"
+	"strconv"
 	"strings"
 	"sync"
 	"time"
@@ -145,8 +146,8 @@ type Container struct {
 
 	done chan struct{}
 
-	traceMap   map[uint64]*tracing.Trace
-	instanceID utils.ID
+	traceMap      map[uint64]*tracing.Trace
+	instanceID    utils.ID
 	goEventStack  map[uint64]uint64
 	goEvents      map[uint64][]ebpftracer.StackFunEvent
 	goEventStacks map[uint64]map[uint64][]ebpftracer.StackFunEvent
@@ -1105,12 +1106,21 @@ func (c *Container) attachTlsUprobes(tracer *ebpftracer.Tracer, pid uint32) {
 }
 
 func (c *Container) attachJVMUprobes(tracer *ebpftracer.Tracer, pid uint32) {
+	ENV_PID := os.Getenv("FILTER_PID")
+	if ENV_PID != "" {
+		filterPid, _ := strconv.ParseInt(ENV_PID, 10, 64)
+		if filterPid != int64(pid) {
+			return
+		}
+	}
 	p := c.processes[pid]
 	if p == nil {
 		return
 	}
 	if !p.jvmUprobesChecked {
+		tracer.InitKProcInfo(pid, c.instanceID)
 		p.uprobes = append(p.uprobes, tracer.AttachJavaNioReadUprobes(pid, c.instanceID)...)
+		p.uprobes = append(p.uprobes, tracer.AttachJavaNetReadUprobes(pid, c.instanceID)...)
 		p.jvmUprobesChecked = true
 	}
 }

containers/registry.go

@@ -242,7 +242,7 @@ func (r *Registry) handleEvents(ch <-chan ebpftracer.Event) {
 				if c := r.getOrCreateContainer(e.Pid); c != nil {
 					c.onListenOpen(e.Pid, e.SrcAddr, false)
 					c.buildInstanceID()
-					// c.attachTlsUprobes(r.tracer, e.Pid)
+					c.attachTlsUprobes(r.tracer, e.Pid)
 				} else {
 					klog.Infoln("TCP listen open from unknown container", e)
 				}
@@ -255,7 +255,7 @@ func (r *Registry) handleEvents(ch <-chan ebpftracer.Event) {
 				//fmt.Println("ebpftracer.EventTypeConnectionOpen==================", e.Pid)
 				if c := r.getOrCreateContainer(e.Pid); c != nil {
 					c.onConnectionOpen(e.Pid, e.Fd, e.SrcAddr, e.DstAddr, e.Timestamp, false)
-					// c.attachTlsUprobes(r.tracer, e.Pid)
+					c.attachTlsUprobes(r.tracer, e.Pid)
 					c.attachJVMUprobes(r.tracer, e.Pid)
 				} else {
 					klog.Infoln("TCP connection from unknown container", e)

ebpftracer/ebpf/ebpf.c

@@ -53,6 +53,8 @@
 //#include "l7/openssl.c"
 #include "utrace/go/net/server.probe.bpf.c"
 #include "utrace/go/net/client.probe.bpf.c"
-#include "utrace/java/net/server.probe.bpf.c"
 #include "utrace/go/net/stack.probe.bpf.c"
+
+#include "utrace/java/net/server.probe.bpf.c"
+#include "utrace/java/net/client.probe.bpf.c"
 char _license[] SEC("license") = "GPL";

ebpftracer/ebpf/include/apm_trace.h

@@ -26,6 +26,8 @@
 #define APM_ASSUMED_APP_ID_SIZE 8
 #define APM_SPAN_ID_SIZE 8
 
+// cwtrace
+#define CW_HEADER_KEY_LENGTH 7
 #define CW_HEADER_LENGTH 123
 #define CW_HEADER_LENGTH2 122
 

ebpftracer/ebpf/include/bpf_base.h

@@ -103,11 +103,13 @@ static long (*bpf_probe_read_user_str)(void *dst, __u32 size, const void *unsafe
 #define PT_REGS_PARM3(x) ((x)->rdx)
 #define PT_REGS_PARM4(x) ((x)->rcx)
 #define PT_REGS_PARM5(x) ((x)->r8)
+#define PT_REGS_PARM6(x) ((x)->r9)
 #define PT_REGS_RET(x) ((x)->rsp)
 #define PT_REGS_FP(x) ((x)->rbp)
 #define PT_REGS_RC(x) ((x)->rax)
 #define PT_REGS_SP(x) ((x)->rsp)
 #define PT_REGS_IP(x) ((x)->rip)
+#define PT_REGS_RBP(x) ((x)->rbp)
 #endif
 #endif
 #elif defined(__aarch64__)

ebpftracer/ebpf/utrace/java/include/java_common.h

@@ -0,0 +1,133 @@
+//
+// Created by Carl.Guo on 2024/6/28.
+//
+
+#ifndef EUSPACES_JAVA_COMMON_H
+#define EUSPACES_JAVA_COMMON_H
+
+
+
+#define MIN_LEN 13
+#define MAX_LEN 1022
+//#define MAX_BUFFER_SIZE 65536
+
+/**
+ * key  :  7
+ * ': ' :  2
+ * val  : 123
+ * \r\n :  2
+ */
+#define HEADER_LEN 134
+
+
+struct sock_t {
+	int size;
+	int header_offset_idx;
+	char payload[MAX_LEN];
+};
+
+struct {
+	__uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
+	__type(key, int);
+	__type(value, struct sock_t);
+	__uint(max_entries, 1);
+} socket_heap SEC(".maps");
+
+// 定义一个大小为 65536 字节的 Map
+struct {
+	__uint(type, BPF_MAP_TYPE_ARRAY);
+	__type(key, int); // 键类型为int
+	__uint(value_size, MAX_BUFFER_SIZE); // 数组的每个值的大小
+	__uint(max_entries, 2); // 最大条目数为2
+} large_array_map SEC(".maps");
+
+struct {
+	__uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
+	__type(key, int);
+	__type(value, struct sock_t);
+	__uint(max_entries, 1);
+} socket_res SEC(".maps");
+
+
+static __always_inline void span_context_to_cw_string_stream(struct apm_span_context *ctx, char *buff, char type_from) {
+	// W3C format: version (2 chars) - trace id (32 chars) - span id (16 chars) - sampled (2 chars)
+	//	[type_from]:[sample]:[host_id]:[app_id]:[instance_id]:[trace_id]:[assumed_app_i d]:[span_id]
+	//	2           2         16        16      16            32         16                16
+	char *out = buff;
+	*out++ = 'c';
+	*out++ = 'w';
+	*out++ = 't';
+	*out++ = 'r';
+	*out++ = 'a';
+	*out++ = 'c';
+	*out++ = 'e';
+	*out++ = ':';
+	*out++ = ' ';
+
+	// Write type_from
+	*out++ = '0';
+	*out++ = type_from;
+	*out++ = ':';
+
+	// Write sample
+	*out++ = '0';
+	*out++ = '0';
+	*out++ = ':';
+
+	// Write host_id
+	bytes_to_hex_string(ctx->host_id, APM_HOST_ID_SIZE, out);
+	out += APM_HOST_ID_STRING_SIZE;
+	*out++ = ':';
+
+	// Write app_id
+	bytes_to_hex_string(ctx->app_id, APM_APP_ID_SIZE, out);
+	out += APM_APP_ID_STRING_SIZE;
+	*out++ = ':';
+
+
+	// Write instance_id
+	bytes_to_hex_string(ctx->instance_id, APM_INSTANCE_ID_SIZE, out);
+	out += APM_INSTANCE_ID_STRING_SIZE;
+	*out++ = ':';
+
+	// Write trace_id
+	bytes_to_hex_string(ctx->trace_id, APM_TRACE_ID_SIZE, out);
+	out += APM_TRACE_ID_STRING_SIZE;
+	*out++ = ':';
+	// Write assumed_app_id
+	bytes_to_hex_string(ctx->assumed_app_id, APM_ASSUMED_APP_ID_SIZE, out);
+	out += APM_ASSUMED_APP_ID_STRING_SIZE;
+	*out++ = ':';
+
+	// Write span_id
+	bytes_to_hex_string(ctx->span_id, APM_SPAN_ID_SIZE, out);
+	out += APM_SPAN_ID_STRING_SIZE;
+
+	*out++ = '\r';
+	*out++ = '\n';
+	out += 2;
+
+//	// Write trace id
+//	bytes_to_hex_string(ctx->TraceID, TRACE_ID_SIZE, out);
+//	out += TRACE_ID_STRING_SIZE;
+//	*out++ = '-';
+//	// Write trace id
+//	bytes_to_hex_string(ctx->TraceID, TRACE_ID_SIZE, out);
+//	out += TRACE_ID_STRING_SIZE;
+//	*out++ = '-';
+//	// Write trace id
+//	bytes_to_hex_string(ctx->TraceID, TRACE_ID_SIZE, out);
+//	out += TRACE_ID_STRING_SIZE;
+//	*out++ = '-';
+//
+//	// Write span id
+//	bytes_to_hex_string(ctx->SpanID, SPAN_ID_SIZE, out);
+//	out += SPAN_ID_STRING_SIZE;
+//	*out++ = '-';
+
+	// Write sampled
+//	*out++ = '0';
+//	*out = '1';
+}
+
+#endif //EUSPACES_JAVA_COMMON_H

ebpftracer/ebpf/utrace/java/net/client.probe.bpf.c

@@ -0,0 +1,356 @@
+// Copyright The CW Authors
+
+
+#include "java_common.h"
+static __inline int updataSocket2(struct sock_t *map_data_res, char * payload,int len,void * jbytechar_ptr,void * len_from_rbp_ptr) {
+
+	long res = bpf_probe_write_user((void *) jbytechar_ptr,  &map_data_res->payload, sizeof(map_data_res->payload));
+	bpf_printk("sizeof(map_data_res->payload) %d\n", sizeof(map_data_res->payload));
+	bpf_printk("sizeof(payload) %d\n", sizeof(payload));
+	bpf_printk("&payload 0x%lx\n", &payload);
+
+	if (res == 0) {
+		bpf_printk("Successfully wrote value to user address: 0x%lx\n", jbytechar_ptr);
+	} else {
+		bpf_printk("Failed to write value to user address: %p, error: %ld\n", jbytechar_ptr, res);
+	}
+
+	unsigned long new_val;
+	new_val = len;
+	res = bpf_probe_write_user((void *) len_from_rbp_ptr, &new_val, sizeof(new_val));
+	if (res == 0) {
+		bpf_printk("Successfully wrote value to user address: 0x%lx\n", len_from_rbp_ptr);
+	} else {
+		bpf_printk("Failed to write value to user address: %p, error: %ld\n", len_from_rbp_ptr, res);
+	}
+
+	bpf_printk("len %d\n", len);
+
+//	bpf_printk("payload %s\n", payload);
+//	for (int i = 270; i < len; ++i) {
+//		bpf_printk("data[%d]=%c", i,payload[i]);
+//		if(payload[i]=='\0'){
+//			break;
+//		}
+//	}
+	return 0;
+}
+
+static __inline int updataSocket(struct sock_t *map_data_res,void * jbytechar_ptr,void * len_from_rbp_ptr) {
+
+	long res = bpf_probe_write_user((void *) jbytechar_ptr, &map_data_res->payload, sizeof(map_data_res->payload));
+	if (res == 0) {
+		bpf_printk("Successfully wrote value to user address: 0x%lx\n", jbytechar_ptr);
+	} else {
+		bpf_printk("Failed to write value to user address: %p, error: %ld\n", jbytechar_ptr, res);
+	}
+
+	unsigned long new_val;
+	new_val = map_data_res->size;
+	res = bpf_probe_write_user((void *) len_from_rbp_ptr, &new_val, sizeof(new_val));
+	if (res == 0) {
+		bpf_printk("Successfully wrote value to user address: 0x%lx\n", len_from_rbp_ptr);
+	} else {
+		bpf_printk("Failed to write value to user address: %p, error: %ld\n", len_from_rbp_ptr, res);
+	}
+
+	bpf_printk("Successfully %d\n", map_data_res->size);
+
+	bpf_printk("Successfully %s\n", map_data_res->payload);
+//	for (int i = 270; i < 290; ++i) {
+//		bpf_printk("data[%d]=%c", i,map_data_res->payload[i]);
+//		if(map_data_res->payload[i]=='\0'){
+//			break;
+//		}
+//	}
+	return 0;
+}
+
+static __inline struct sock_t* buildHeader(struct sock_t *map_data) {
+
+	int key = 0;
+	struct sock_t *map_data_res = bpf_map_lookup_elem(&socket_res, &key);
+
+	if (!map_data_res) {
+		bpf_printk("Failed to lookup socket_heap");
+		return NULL;
+	}
+
+//	__builtin_memset(map_data_res, 0, sizeof(struct sock_t));
+//	char header[5] = "cwt\r\n";
+
+//	char header[HEADER_LEN] = "cwtrace: 00:00:1015481350055581:5450531005555981:5610250100539899:304775019cd3218a304775019cd3218a:1001025098564810:140acc88cde8773f\r\n";
+	struct apm_span_context *cw_span_context = bpf_map_lookup_elem(&apm_span_context_heap, &key);
+
+	if (cw_span_context == NULL){
+		return NULL;
+	}
+
+	struct apm_span_context *cw_psc = cw_get_parent_tracking_span();
+	if(cw_psc){
+		copy_byte_arrays(cw_psc->trace_id, cw_span_context->trace_id, APM_TRACE_ID_SIZE);
+		// new spanid
+		generate_random_bytes(cw_span_context->span_id, APM_SPAN_ID_SIZE);
+	}
+
+	// set host_id/appid
+	u32 k0 = 0;
+	struct trace_conf_t *trace_conf = trace_conf_map__lookup(&k0);
+	if (trace_conf) {
+		for (int i = 0; i < 8; ++i) {
+//			cw_bpf_debug("[Client] host_id:%02x", trace_conf->host_id[i]);
+		}
+		copy_byte_arrays(trace_conf->host_id, cw_span_context->host_id, APM_HOST_ID_SIZE);
+		copy_byte_arrays(trace_conf->app_id, cw_span_context->app_id, APM_APP_ID_SIZE);
+	}
+
+	__u64 pid_tgid = bpf_get_current_pid_tgid();
+	__u32 tgid = pid_tgid >> 32;
+	struct ebpf_proc_info *proc_info =
+			bpf_map_lookup_elem(&proc_info_map, &tgid);
+	if (proc_info) {
+		for (int i = 0; i < 8; ++i) {
+//			cw_bpf_debug("[Client] instance_id:%02x", proc_info->instance_id[i]);
+		}
+		copy_byte_arrays(proc_info->instance_id, cw_span_context->instance_id, APM_APP_ID_SIZE);
+	}
+
+	// set assumed_app_id
+	set_assumed_app_id_arrays("111", cw_span_context->assumed_app_id, APM_ASSUMED_APP_ID_STRING_SIZE);
+	cw_save_current_tracking_span(cw_span_context);
+
+	char header[HEADER_LEN];
+	span_context_to_cw_string_stream(cw_span_context, header, '1');
+	bpf_printk("Successfully HEADER  %s\n", header);
+
+//	bpf_probe_read(map_data_res->payload, map_data->header_offset_idx, map_data->payload);
+//	bpf_printk("Successfully %s\n", data);
+//	return 1;
+#pragma unroll
+	for (int i = 0; i < MAX_LEN; i++) {
+		if (i < map_data->header_offset_idx) {
+			map_data_res->payload[i] = map_data->payload[i];
+		} else {
+			if (i == map_data->header_offset_idx) {
+#pragma unroll
+				for (int k = 0; k < HEADER_LEN; k++) {
+					int tmp_len = i + k;
+					if (tmp_len < MAX_LEN) {
+						map_data_res->payload[tmp_len] = header[k];
+					}
+				}
+			}
+			int tmp_len = i + HEADER_LEN;
+			if (tmp_len < MAX_LEN) {
+				map_data_res->payload[tmp_len] = map_data->payload[i];
+				if (map_data->payload[i] == '\0')
+					break;
+//				bpf_printk("map_data->payload: %c->i=%d, offindex %d", map_data_res->payload[i], i, map_data->header_offset_idx);
+			}
+		}
+	}
+	map_data_res->size = map_data->size + HEADER_LEN;
+
+	return map_data_res;
+}
+
+static __inline int insertHeader(struct sock_t *map_data,void * jbytechar_ptr,void * len_from_rbp_ptr) {
+
+	struct sock_t *map_data_res= buildHeader(map_data);
+	if (map_data_res == NULL) {
+		bpf_printk("Failed to lookup socket_heap");
+		return -1;
+	}
+
+	/*修改部分*/
+	return updataSocket2(map_data_res, map_data_res->payload, map_data_res->size, jbytechar_ptr, len_from_rbp_ptr);
+}
+
+
+SEC("uprobe/Java_java_net_SocketOutputStream_socketWrite0")
+int uprobe_Java_java_net_SocketOutputStream_socketWrite0(struct pt_regs *ctx) {
+
+	// 捕获第六个参数 data_count
+	int data_count = PT_REGS_PARM6(ctx);
+
+	if (data_count < MIN_LEN) {
+		return 0;
+	}
+
+	bpf_printk("--------");
+
+
+//	void *len_from_rsp_ptr = (void *) PT_REGS_RSP(ctx) - 65640 +8 ;
+	void *len_from_rbp_ptr = (void *) (PT_REGS_RBP(ctx)) - 0x10058;
+//	void *jbytearray_from_rbp_p_p_p = (void *) (PT_REGS_RBP(ctx)) - 0x10050;
+
+//	long res;
+	void *len_ptr = 0;
+	bpf_printk("address: len_from_rbp_ptr<0x%lx>\n", len_from_rbp_ptr);
+//	bpf_printk("len_from_rsp_ptr address: 0x%lx\n", len_from_rsp_ptr);
+
+	bpf_probe_read(&len_ptr, sizeof(len_ptr), (void *) len_from_rbp_ptr);
+	bpf_printk("[len_ptr] before addr<0x%lx>, %d \n", len_from_rbp_ptr, len_ptr);
+
+	bpf_probe_read(&len_ptr, sizeof(len_ptr), (void *) len_from_rbp_ptr);
+	bpf_printk("[len_ptr]after  addr<0x%lx>, %d \n", len_from_rbp_ptr, len_ptr);
+
+	// 获取jbytearray
+	void *jbytearray_ptr = (void *) PT_REGS_PARM4(ctx);
+	bpf_printk("jbytechar_ptr_from_rcx <0x%lx>", jbytearray_ptr);
+
+	unsigned long jbytechar_head_ptr;
+	// 读取一级指针
+	long ret = bpf_probe_read_user(&jbytechar_head_ptr, sizeof(unsigned long), (void *) jbytearray_ptr);
+	bpf_printk("[jbytechar_head_ptr] <0x%lx>", jbytechar_head_ptr);
+
+	if (ret != 0) {
+		bpf_printk("Failed to read first level ptr: %d\n", ret);
+		return 0;
+	}
+
+	// 检查一级指针是否有效
+	if (!jbytechar_head_ptr) {
+		bpf_printk("First level pointer is null.\n");
+		return 0;
+	}
+
+	// 定义 Map 键值和 Map 数据结构
+	int key = 0;
+	struct sock_t *map_data = bpf_map_lookup_elem(&socket_heap, &key);
+	if (!map_data) {
+		bpf_printk("Failed to lookup socket_heap\n");
+		return 1;
+	}
+//	__builtin_memset(map_data, 0, sizeof(struct sock_t));
+	// 读取用户空间数据到 map_data->payload
+	void *jbytechar_ptr = (void *) (jbytechar_head_ptr + 16);
+	bpf_printk("[jbytechar_ptr] <0x%lx>", jbytechar_ptr);
+	long err = bpf_probe_read_user_str(map_data->payload, sizeof(map_data->payload), jbytechar_ptr);
+
+	if (err < 0) {
+		bpf_printk("bpf_probe_read_user failed with return code: %d\n", err);
+		return 0;
+	}
+	map_data->size = data_count;
+
+
+	// 查找 Header 开始位置
+	for (int i = 0; i < MAX_LEN - 9; i++) {
+		if (map_data->payload[i] == '1' &&
+		    map_data->payload[i + 1] == '.' &&
+		    map_data->payload[i + 2] == '1' &&
+		    map_data->payload[i + 3] == '\r' &&
+		    map_data->payload[i + 4] == '\n') {
+			map_data->header_offset_idx = i + 5;
+			break;
+		}
+	}
+
+	if (map_data->header_offset_idx == 0) {
+		return -1;
+	}
+
+	// http协议过滤
+	if (!is_http_request2(map_data->payload, map_data->size)) {
+		return -1;
+	}
+//	char syscall_infer_buf[100];
+///*实现2*/
+/*实现2
+//	int key = 0;
+	char *data;
+	data = bpf_map_lookup_elem(&large_array_map, &key);
+	if (!data)
+		return -1;
+	// 读取完整http
+	long aaa = bpf_probe_read_user_str(data, MAX_BUFFER_SIZE, jbytechar_ptr);
+	bpf_printk("data %s\n", data);
+
+	char *data2;
+	int key2 = 1;
+	data2 = bpf_map_lookup_elem(&large_array_map, &key2);
+	if (!data2) {
+		bpf_printk("data2 %s\n", data2);
+		return -1;
+	}
+
+	long end_str_len = bpf_probe_read_user_str(data2, MAX_BUFFER_SIZE, (void *) (jbytechar_ptr + map_data->header_offset_idx));
+	bpf_printk("end_str_len %d\n", end_str_len);
+
+	// 挪动数据以腾出空间插入子串
+	int insert_pos = map_data->header_offset_idx;
+
+	char subs[HEADER_LEN+1] = "cwtrace: 00:00:1015481350055581:5450531005555981:5610250100539899:304775019cd3218a304775019cd3218a:1001025098564810:140acc88cde8773f\r\n\0";
+	if (insert_pos >= 0 && insert_pos <= MAX_BUFFER_SIZE - sizeof(subs)) {
+		__builtin_memcpy(data + insert_pos, subs, sizeof(subs));
+	}
+
+	int insert_pos2 = insert_pos + sizeof(subs) - 1;
+	bpf_printk("sizeof(data2) %d\n", sizeof(data2));
+
+
+	int copy_size = 375;
+	int max_chunk = 40;
+//	if (end_str_len > copy_size) {
+//		int chunk = end_str_len / copy_size ; // 除以常量10
+//#pragma unroll
+//		for (int i = 0; i < max_chunk; i++) {
+//			if (i <= chunk) {
+//				insert_pos2 = insert_pos + sizeof(subs) - 1 + i*copy_size;
+//				bpf_printk("insert_pos2:%d\n", insert_pos2);
+//				bpf_printk("chunk i:%i %d\n", i, chunk);
+//				if (insert_pos2 >= 0 && insert_pos2 <= MAX_BUFFER_SIZE - copy_size) {
+//					__builtin_memcpy(data + insert_pos2, data2 + i*copy_size, copy_size);
+//				}
+//			}
+//		}
+//	}
+
+	if (end_str_len <= copy_size) {
+		if (insert_pos2 >= 0 && insert_pos2 <= MAX_BUFFER_SIZE - copy_size){
+			bpf_printk("nochunk %d\n", end_str_len);
+			__builtin_memcpy(data + insert_pos2, data2, copy_size);
+		}
+	}
+	bpf_printk("Successfully %s\n", data);
+	for (int i = 270; i < 290; ++i) {
+		bpf_printk("data[%d]=%c", i,data[i]);
+		if(data[i]=='\0'){
+			break;
+		}
+	}
+
+	res = bpf_probe_write_user((void *) jbytechar_ptr, &data, sizeof(data[MAX_BUFFER_SIZE]));
+	if (res == 0) {
+		bpf_printk("Successfully wrote value to user address: 0x%lx\n", jbytechar_ptr);
+	} else {
+		bpf_printk("Failed to write value to user address: %p, error: %ld\n", jbytechar_ptr, res);
+	}
+
+	unsigned long new_val2;
+	new_val2 = map_data->size + HEADER_LEN;
+	bpf_printk("Successfully %d\n", new_val2);
+
+	res = bpf_probe_write_user((void *) len_from_rbp_ptr, &new_val2, sizeof(new_val2));
+	if (res == 0) {
+		bpf_printk("Successfully wrote value to user address: 0x%lx\n", len_from_rbp_ptr);
+	} else {
+		bpf_printk("Failed to write value to user address: %p, error: %ld\n", len_from_rbp_ptr, res);
+	}
+
+
+	return 2;
+
+	实现2-end */
+///*实现2-end*/
+
+/*实现1*/
+
+	insertHeader(map_data,jbytechar_ptr,len_from_rbp_ptr);
+
+
+//	updataSocket(map_data_res,jbytechar_ptr,len_from_rbp_ptr);
+
+	return 0;
+}

ebpftracer/ebpf/utrace/java/net/server.probe.bpf.c

@@ -1,5 +1,5 @@
 
-// #include "common.h"
+ #include "java_common.h"
 
 // #include "bpf_tracing.h"
 // #include "bpf_helpers.h"
@@ -9,18 +9,18 @@
 
 #define ROCK_MAX_LEN 1022
 
-struct sock_t {
-	int size;
-	int header_offset_idx;
-	char payload[ROCK_MAX_LEN];
-};
-
-struct {
-	__uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
-	__type(key, int);
-	__type(value, struct sock_t);
-	__uint(max_entries, 1);
-} socket_heap SEC(".maps");
+//struct sock_t {
+//	int size;
+//	int header_offset_idx;
+//	char payload[ROCK_MAX_LEN];
+//};
+//
+//struct {
+//	__uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
+//	__type(key, int);
+//	__type(value, struct sock_t);
+//	__uint(max_entries, 1);
+//} socket_heap SEC(".maps");
 
 struct {
 	__uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
@@ -29,51 +29,38 @@ struct {
 	__uint(max_entries, 1);
 } apm_span_context_heap SEC(".maps");
 
-struct {
-    __uint(type, BPF_MAP_TYPE_ARRAY);
-    __type(key, int); // 键类型为int
-    __uint(value_size, 124); // 数组的值的大小
-    __uint(max_entries, 1);
-} large_array_map SEC(".maps");
+//struct {
+//	__uint(type, BPF_MAP_TYPE_ARRAY);
+//	__type(key, int); // 键类型为int
+//	__uint(value_size, 124); // 数组的值的大小
+//	__uint(max_entries, 1);
+//} large_array_map SEC(".maps");
 
 static __inline int is_http_header(const char *data)
 {
-	int header_off = 0 ;
-	for (int i = 0; i < 512; i++) 
+	for (int i = 0; i < 512; i++)
 	{
-		if (data[i] == 'H' &&
-		data[i+1] == 'T' &&
-		data[i+2] == 'T' &&
-		data[i+3] == 'P' &&
-		data[i+4] == '/' &&
-		data[i+5] == '1' &&
-		data[i+6] == '.'&&
-		data[i+7] == '1'&& data[i+8] == '\r' && data[i + 9] == '\n')
-		{
-			header_off = i+10;
-			if(data[header_off] == 'c' &&
-				data[header_off+1] == 'w' &&
-				data[header_off+2] == 't' &&
-				data[header_off+3] == 'r' &&
-				data[header_off+4] == 'a' &&
-				data[header_off+5] == 'c' &&
-				data[header_off+6] == 'e')
-				{
-					return header_off + 9;
-				}
-			else
-			{
-				return 0;
-			}
+		if (data[i] == '\r' &&
+		    data[i + 1] == '\n' &&
+		    data[i + 2] == 'c' &&
+		    data[i + 3] == 'w' &&
+		    data[i + 4] == 't' &&
+		    data[i + 5] == 'r' &&
+		    data[i + 6] == 'a' &&
+		    data[i + 7] == 'c' &&
+		    data[i + 8] == 'e' &&
+			data[i + 9] == ':' &&
+			data[i + 10] == ' ') {
+			return i + 11;
 		}
 	}
-	return header_off;
+	return 0;
 }
 
 SEC("uprobe/Java_sun_nio_ch_FileDispatcherImpl_read0")
 int uprobe_Java_sun_nio_ch_FileDispatcherImpl_read0(struct pt_regs *ctx) {
 	//计算 rbp-0x30
-    // bpf_printk("enter the uprobe_Java_sun_nio_ch_FileDispatcherImpl_read0\n");
+	bpf_printk("enter the uprobe_Java_sun_nio_ch_FileDispatcherImpl_read0\n");
 	unsigned long jhttpdata_ptr;
 	jhttpdata_ptr = (ctx)->rbp;
 	jhttpdata_ptr = jhttpdata_ptr - 0x70;
@@ -86,17 +73,17 @@ int uprobe_Java_sun_nio_ch_FileDispatcherImpl_read0(struct pt_regs *ctx) {
 	unsigned long jbytechar_ptr;
 	long ret = bpf_probe_read_user(&jbytechar_ptr, sizeof(unsigned long), (void *) jhttpdata_ptr);
 	// bpf_printk("x/1gx (p rbp-0x30) value is %llx.\n", jbytechar_ptr);
-    // bpf_printk("enter the uprobe_Java_sun_nio_ch_FileDispatcherImpl_read0 ------22222222\n");
+	// bpf_printk("enter the uprobe_Java_sun_nio_ch_FileDispatcherImpl_read0 ------22222222\n");
 	if (ret != 0) {
-		// bpf_printk("Failed to read first level ptr: %d\n", ret);
+		bpf_printk("Failed to read first level ptr: %d\n", ret);
 		return 0;
 	}
 	if (!jbytechar_ptr) {
 		// bpf_printk("First level pointer is null.\n");
 		return 0;
 	}
-    // bpf_printk("enter the uprobe_Java_sun_nio_ch_FileDispatcherImpl_read0 ----111111111\n");
-	
+	// bpf_printk("enter the uprobe_Java_sun_nio_ch_FileDispatcherImpl_read0 ----111111111\n");
+
 	//x/s addr
 	int key = 0;
 	struct sock_t *map_data = bpf_map_lookup_elem(&socket_heap, &key);
@@ -109,16 +96,17 @@ int uprobe_Java_sun_nio_ch_FileDispatcherImpl_read0(struct pt_regs *ctx) {
 		return 0;
 	}
 
-	// bpf_printk("read data is : %s\n", map_data->payload);
-	// if (!is_http_request2(httpdata, 1024))
-	// {
-	// 	bpf_printk("not a http request\n");
-	// 	return 0;
-	// }
+	bpf_printk("read data is : %s\n", map_data->payload);
+
+//	 if (!is_http_request2(map_data->payload, 14))
+//	 {
+//	 	bpf_printk("not a http request\n");
+//	 	return 0;
+//	 }
 
 
 	int offset = is_http_header(map_data->payload);
-	// bpf_printk("found the header, %d\n", offset);
+	bpf_printk("found the header, %d\n", offset);
 	char *data;
 	data = bpf_map_lookup_elem(&large_array_map, &key);
 	if (!data)
@@ -128,19 +116,19 @@ int uprobe_Java_sun_nio_ch_FileDispatcherImpl_read0(struct pt_regs *ctx) {
 	if (cw_parent_span_context == NULL){
 		return -1;
 	}
-    if(offset > 0 && offset < 512 - 123)
+	if(offset > 0 && offset < 512 - 123)
 	{
-        __builtin_memcpy(data, &(map_data->payload[offset]), 123);
+		__builtin_memcpy(data, &(map_data->payload[offset]), 123);
 		// bpf_printk("found the data, %s\n", data);
 
 		cw_string_to_span_context(data, cw_parent_span_context);
 	}
-    else
-    {
-        generate_random_bytes(cw_parent_span_context->trace_id, TRACE_ID_SIZE);
-    }
+	else
+	{
+		generate_random_bytes(cw_parent_span_context->trace_id, TRACE_ID_SIZE);
+	}
 	// 保存 trace_id 到psc
-    cw_save_parent_tracking_span(cw_parent_span_context);
+	cw_save_parent_tracking_span(cw_parent_span_context);
 	return 0;
 }
 

ebpftracer/jvm.go

@@ -10,7 +10,7 @@ import (
 
 const (
 	// goServeHTTP           = "net/http.serverHandler.ServeHTTP"
-	binPath           = "/home/cloudwise/rock/code/jdk8u/build/linux-x86_64-normal-server-slowdebug/jdk/lib/amd64/libnio.so"
+	binPath           = "/opt/github/jdk8u/build/linux-x86_64-normal-server-slowdebug/jdk/lib/amd64/libnio.so"
 	symbolsocketRead0 = "Java_sun_nio_ch_FileDispatcherImpl_read0"
 )
 
@@ -25,6 +25,7 @@ func (t *Tracer) AttachJavaNioReadUprobes(pid uint32, insID utils.ID) []link.Lin
 	}
 	opt := link.UprobeOptions{
 		Offset: 103,
+		//PID:    int(pid),
 	}
 	upread02, err := ex.Uprobe(symbolsocketRead0, t.uprobes["uprobe_Java_sun_nio_ch_FileDispatcherImpl_read0"], &opt)
 	if err != nil {
@@ -38,3 +39,37 @@ func (t *Tracer) AttachJavaNioReadUprobes(pid uint32, insID utils.ID) []link.Lin
 	fmt.Println("jvm uprobes attached")
 	return links
 }
+
+func (t *Tracer) AttachJavaNetReadUprobes(pid uint32, insID utils.ID) []link.Link {
+	if t.disableL7Tracing {
+		return nil
+	}
+	//
+	//if pid != 251719 {
+	//	return nil
+	//}
+
+	var libnetSo = "/opt/github/jdk8u/build/linux-x86_64-normal-server-slowdebug/jdk/lib/amd64/libnet.so"
+	var sys = "Java_java_net_SocketOutputStream_socketWrite0"
+	var links []link.Link
+	ex, err := link.OpenExecutable(libnetSo)
+	if err != nil {
+		return nil
+	}
+	opt := link.UprobeOptions{
+		Offset: 66,
+		PID:    int(pid),
+	}
+	upread02, err := ex.Uprobe(sys, t.uprobes["uprobe_Java_java_net_SocketOutputStream_socketWrite0"], &opt)
+	if err != nil {
+		return nil
+	}
+	links = append(links, upread02)
+
+	if len(links) == 0 {
+		return nil
+	}
+	fmt.Println("jvm client uprobes attached", pid)
+
+	return links
+}

ebpftracer/tracer.go

@@ -712,3 +712,26 @@ func ipPort(ip [16]byte, port uint16) netaddr.IPPort {
 	i, _ := netaddr.FromStdIP(ip[:])
 	return netaddr.IPPortFrom(i, port)
 }
+
+func (t *Tracer) InitKProcInfo(pid uint32, insID utils.ID) error {
+
+	info := tracer.EbpfProcInfo{}
+	info.InstanceId = insID.HashtVal
+	// 获取内存地址
+	allocDetails, err := tracer.Allocate(int(pid))
+	if err == nil && allocDetails != nil {
+		info.StartAddr = allocDetails.StartAddr
+		info.EndAddr = allocDetails.EndAddr
+	}
+	//klog.Infoln("Major:", major)
+	//klog.Infoln("Minor:", minor)
+	//klog.Infoln("Revision:", revision)
+	//klog.Infoln("goVersion", goVersion)
+	//klog.Infoln("info.StartAddr", info.StartAddr)
+	//klog.Infoln("info.EndAddr", info.EndAddr)
+	_, err = tracer.UpdateProcInfoToMap(t.collection, pid, info)
+	if err != nil {
+		klog.Error("failed to update program info", err)
+	}
+	return err
+}

pkg/go.opentelemetry.io/otel/exporters/otlp/otlptrace/apm_exporter.go

@@ -2,6 +2,7 @@ package otlptrace
 
 import (
 	"crypto/md5"
+	"encoding/json"
 	"fmt"
 	"strconv"
 	"strings"
@@ -112,7 +113,7 @@ func init() {
 	TraceRootMap = make(map[string]*TraceMapT)
 	go func() {
 		for {
-			fmt.Println(G_sdl)
+			//fmt.Println(G_sdl)
 			time.Sleep(5 * time.Second)
 		}
 	}()
@@ -150,11 +151,11 @@ func tracetransformData(sdl []tracesdk.ReadOnlySpan) []RootDataT {
 	}
 
 	// Transform the categorized map into a slice
-	//aa, err := json.Marshal(sendData)
-	//fmt.Println(err)
-	//fmt.Println(string(aa))
-	//fmt.Println(len(sendData))
-	//fmt.Println(len(sdl))
+	aa, err := json.Marshal(sendData)
+	fmt.Println(err)
+	fmt.Println(string(aa))
+	fmt.Println(len(sendData))
+	fmt.Println(len(sdl))
 	return sendData
 }