Página inicial Explorar Ajuda
Registrar Entrar
root
/
ebpf
1
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Branch: dev-stack
Branches Tags
ebpf
/
ebpftracer
/
tracer_test.go

tracer_test.go 9.5 KB
Link permanente Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351 
  1. //go:build amd64
    2. 

  2. 

  3. package ebpftracer
    4. 

  4. 

  5. import (
    6. 

  6. 	"bytes"
    7. 

  7. 	"fmt"
    8. 

  8. 	"net"
    9. 

  9. 	"os"
    10. 

  10. 	"os/exec"
    11. 

  11. 	"path"
    12. 

  12. 	"strconv"
    13. 

  13. 	"strings"
    14. 

  14. 	"syscall"
    15. 

  15. 	"testing"
    16. 

  16. 	"time"
    17. 

  17. 

  18. 	"github.com/containerd/cgroups"
    19. 

  19. 	cgroupsV2 "github.com/containerd/cgroups/v2"
    20. 

  20. 	"github.com/opencontainers/runtime-spec/specs-go"
    21. 

  21. 	"github.com/stretchr/testify/assert"
    22. 

  22. 	"github.com/stretchr/testify/require"
    23. 

  23. 	"golang.org/x/sys/unix"
    24. 

  24. )
    25. 

  25. 

  26. func skipIfNotVM(t *testing.T) {
    27. 

  27. 	if os.Getenv("VM") == "" {
    28. 

  28. 		t.SkipNow()
    29. 

  29. 	}
    30. 

  30. }
    31. 

  31. 

  32. func TestProcessEvents(t *testing.T) {
    33. 

  33. 	skipIfNotVM(t)
    34. 

  34. 	src := `
    35. 

  35. 		package main
    36. 

  36. 		
    37. 

  37. 		import (
    38. 

  38. 			"bytes"
    39. 

  39. 			"os"
    40. 

  40. 			"strconv"
    41. 

  41. 			"time"
    42. 

  42. 		)
    43. 

  43. 		
    44. 

  44. 		func main() {
    45. 

  45. 			mb, _ := strconv.Atoi(os.Args[1])
    46. 

  46. 			sleep, _ := time.ParseDuration(os.Args[2])
    47. 

  47. 			bytes.Repeat([]byte("x"), mb*1024*1024)
    48. 

  48. 			time.Sleep(sleep)
    49. 

  49. 		}
    50. 

  50. 	`
    51. 

  51. 	program := path.Join(t.TempDir(), "program")
    52. 

  52. 	require.NoError(t, os.WriteFile(program+".go", []byte(src), 0644))
    53. 

  53. 	require.NoError(t, exec.Command("go", "build", "-o", program, program+".go").Run())
    54. 

  54. 

  55. 	getEvent, stop := runTracer(t, false)
    56. 

  56. 	defer stop()
    57. 

  57. 	for {
    58. 

  58. 		if e := getEvent(); e == nil {
    59. 

  59. 			break
    60. 

  60. 		}
    61. 

  61. 	}
    62. 

  62. 

  63. 	p1 := exec.Command(program, "600", "10s")
    64. 

  64. 	require.NoError(t, p1.Start())
    65. 

  65. 	time.Sleep(time.Second)
    66. 

  66. 	assert.Equal(t, Event{Type: EventTypeProcessStart, Pid: uint32(p1.Process.Pid)}, *getEvent())
    67. 

  67. 

  68. 	// p1 should be killed by the OOM killer, because VM have only 1 GB of memory total
    69. 

  69. 	p2 := exec.Command(program, "400", "1s")
    70. 

  70. 	require.NoError(t, p2.Run())
    71. 

  71. 	assert.Equal(t, Event{Type: EventTypeProcessStart, Pid: uint32(p2.Process.Pid)}, *getEvent())
    72. 

  72. 

  73. 	require.Error(t, p1.Wait())
    74. 

  74. 	assert.Equal(t, Event{Type: EventTypeProcessExit, Reason: EventReasonOOMKill, Pid: uint32(p1.Process.Pid)}, *getEvent())
    75. 

  75. 	assert.Equal(t, Event{Type: EventTypeProcessExit, Pid: uint32(p2.Process.Pid)}, *getEvent())
    76. 

  76. 

  77. 	var limit int64 = 200 * 1024 * 1024
    78. 

  78. 	// p3 should be killed by the OOM killer, because 300 MB > 200 MB cgroup limit
    79. 

  79. 	p3 := exec.Command(program, "300", "3s")
    80. 

  80. 	require.NoError(t, p3.Start())
    81. 

  81. 	switch cgroups.Mode() {
    82. 

  82. 	case cgroups.Legacy, cgroups.Hybrid:
    83. 

  83. 		control, err := cgroups.New(cgroups.V1, cgroups.StaticPath("/program"), &specs.LinuxResources{
    84. 

  84. 			Memory: &specs.LinuxMemory{Limit: &limit},
    85. 

  85. 		})
    86. 

  86. 		require.NoError(t, err)
    87. 

  87. 		defer control.Delete()
    88. 

  88. 		require.NoError(t, control.Add(cgroups.Process{Pid: p3.Process.Pid}))
    89. 

  89. 	case cgroups.Unified:
    90. 

  90. 		control, err := cgroupsV2.NewManager("/sys/fs/cgroup", "/program", &cgroupsV2.Resources{Memory: &cgroupsV2.Memory{Max: &limit}})
    91. 

  91. 		require.NoError(t, err)
    92. 

  92. 		defer control.Delete()
    93. 

  93. 		require.NoError(t, control.AddProc(uint64(p3.Process.Pid)))
    94. 

  94. 	}
    95. 

  95. 	require.Error(t, p3.Wait())
    96. 

  96. 	assert.Equal(t, Event{Type: EventTypeProcessStart, Pid: uint32(p3.Process.Pid)}, *getEvent())
    97. 

  97. 	assert.Equal(t, Event{Type: EventTypeProcessExit, Reason: EventReasonOOMKill, Pid: uint32(p3.Process.Pid)}, *getEvent())
    98. 

  98. 

  99. 	for {
    100. 

  100. 		e := getEvent()
    101. 

  101. 		if e == nil {
    102. 

  102. 			break
    103. 

  103. 		}
    104. 

  104. 		t.Errorf("unexpected event %+v", e)
    105. 

  105. 	}
    106. 

  106. }
    107. 

  107. 

  108. func TestTcpEvents(t *testing.T) {
    109. 

  109. 	skipIfNotVM(t)
    110. 

  110. 	l, err := net.Listen("tcp", "127.0.0.1:8080")
    111. 

  111. 	require.NoError(t, err)
    112. 

  112. 	listenAddr := l.Addr().String()
    113. 

  113. 	remoteAddr := "127.0.0.1:8080"
    114. 

  114. 	c, err := net.DialTimeout("tcp", remoteAddr, 100*time.Millisecond)
    115. 

  115. 	require.NoError(t, err)
    116. 

  116. 	localAddr := c.LocalAddr().String()
    117. 

  117. 	time.Sleep(100 * time.Millisecond)
    118. 

  118. 

  119. 	getEvent, stop := runTracer(t, false)
    120. 

  120. 	defer stop()
    121. 

  121. 

  122. 	pid := uint32(os.Getpid())
    123. 

  123. 

  124. 	is := func(e *Event, typ EventType, sAddr string, dAddr string, pid uint32) bool {
    125. 

  125. 		if e == nil {
    126. 

  126. 			return false
    127. 

  127. 		}
    128. 

  128. 		sa := e.SrcAddr.String()
    129. 

  129. 		if strings.HasSuffix(sAddr, ":") {
    130. 

  130. 			sa = fmt.Sprintf("%s:", e.SrcAddr.IP())
    131. 

  131. 		}
    132. 

  132. 		da := e.DstAddr.String()
    133. 

  133. 		return e.Type == typ && e.Pid == pid && sa == sAddr && da == dAddr
    134. 

  134. 	}
    135. 

  135. 

  136. 	listenFound := false
    137. 

  137. 	connectFound := false
    138. 

  138. 	for {
    139. 

  139. 		e := getEvent()
    140. 

  140. 		if e == nil {
    141. 

  141. 			break
    142. 

  142. 		}
    143. 

  143. 		if is(e, EventTypeListenOpen, listenAddr, "0.0.0.0:0", pid) {
    144. 

  144. 			listenFound = true
    145. 

  145. 		}
    146. 

  146. 		if is(e, EventTypeConnectionOpen, localAddr, remoteAddr, pid) {
    147. 

  147. 			connectFound = true
    148. 

  148. 		}
    149. 

  149. 	}
    150. 

  150. 	if !listenFound {
    151. 

  151. 		t.Errorf("expected %s on %s", EventTypeListenOpen, l.Addr())
    152. 

  152. 	}
    153. 

  153. 	if !connectFound {
    154. 

  154. 		t.Errorf("expected %s to %s", EventTypeConnectionOpen, l.Addr())
    155. 

  155. 	}
    156. 

  156. 

  157. 	nextIs := func(typ EventType, sAddr string, dAddr string, pid uint32) {
    158. 

  158. 		e := getEvent()
    159. 

  159. 		if !is(e, typ, sAddr, dAddr, pid) {
    160. 

  160. 			expected := fmt.Sprintf("%-20s %6d: %s -> %s", typ, pid, sAddr, dAddr)
    161. 

  161. 			actual := "nil"
    162. 

  162. 			if e != nil {
    163. 

  163. 				actual = fmt.Sprintf("%-20s %6d: %s -> %s", e.Type, e.Pid, e.SrcAddr, e.DstAddr)
    164. 

  164. 			}
    165. 

  165. 			assert.Equal(t, expected, actual)
    166. 

  166. 		}
    167. 

  167. 	}
    168. 

  168. 

  169. 	require.NoError(t, c.Close())
    170. 

  170. 	nextIs(EventTypeConnectionClose, localAddr, listenAddr, 0)
    171. 

  171. 	nextIs(EventTypeConnectionClose, listenAddr, localAddr, 0)
    172. 

  172. 

  173. 	require.NoError(t, l.Close())
    174. 

  174. 	nextIs(EventTypeListenClose, listenAddr, "0.0.0.0:0", pid)
    175. 

  175. 

  176. 	c, err = net.DialTimeout("tcp", listenAddr, 100*time.Millisecond)
    177. 

  177. 	require.Error(t, err)
    178. 

  178. 	nextIs(EventTypeConnectionError, "127.0.0.1:", listenAddr, pid)
    179. 

  179. 

  180. 	l, err = net.Listen("tcp4", ":8080")
    181. 

  181. 	require.NoError(t, err)
    182. 

  182. 	listenAddr = l.Addr().String()
    183. 

  183. 	nextIs(EventTypeListenOpen, listenAddr, "0.0.0.0:0", pid)
    184. 

  184. 

  185. 	c, err = net.DialTimeout("tcp", remoteAddr, 100*time.Millisecond)
    186. 

  186. 	require.NoError(t, err)
    187. 

  187. 	localAddr = c.LocalAddr().String()
    188. 

  188. 	nextIs(EventTypeConnectionOpen, localAddr, remoteAddr, pid)
    189. 

  189. 

  190. 	require.NoError(t, exec.Command("tc", "qdisc", "add", "dev", "lo", "root", "netem", "loss", "100%").Run())
    191. 

  191. 	getEvent()
    192. 

  192. 	getEvent()
    193. 

  193. 	c.Write([]byte("hello"))
    194. 

  194. 	nextIs(EventTypeTCPRetransmit, localAddr, remoteAddr, 0)
    195. 

  195. 	require.NoError(t, exec.Command("tc", "qdisc", "del", "dev", "lo", "root", "netem").Run())
    196. 

  196. 	getEvent()
    197. 

  197. 	getEvent()
    198. 

  198. 	func() {
    199. 

  199. 		timer := time.NewTimer(time.Second)
    200. 

  200. 		for {
    201. 

  201. 			select {
    202. 

  202. 			case <-timer.C:
    203. 

  203. 				return
    204. 

  204. 			default:
    205. 

  205. 				e := getEvent()
    206. 

  206. 				require.True(t, e == nil || e.Type == EventTypeTCPRetransmit)
    207. 

  207. 			}
    208. 

  208. 		}
    209. 

  209. 	}()
    210. 

  210. 

  211. 	require.NoError(t, c.Close())
    212. 

  212. 	nextIs(EventTypeConnectionClose, localAddr, remoteAddr, 0)
    213. 

  213. 	nextIs(EventTypeConnectionClose, remoteAddr, localAddr, 0)
    214. 

  214. 

  215. 	require.NoError(t, l.Close())
    216. 

  216. 	nextIs(EventTypeListenClose, listenAddr, "0.0.0.0:0", pid)
    217. 

  217. 

  218. 	for {
    219. 

  219. 		e := getEvent()
    220. 

  220. 		if e == nil {
    221. 

  221. 			break
    222. 

  222. 		}
    223. 

  223. 		t.Errorf("unexpected event %+v", e)
    224. 

  224. 	}
    225. 

  225. }
    226. 

  226. 

  227. func TestFileEvents(t *testing.T) {
    228. 

  228. 	skipIfNotVM(t)
    229. 

  229. 	src := `
    230. 

  230. 		package main
    231. 

  231. 		
    232. 

  232. 		import (
    233. 

  233. 			"os"
    234. 

  234. 			"strconv"
    235. 

  235. 			"syscall"
    236. 

  236. 			"unsafe"
    237. 

  237. 			"time"
    238. 

  238. 		)
    239. 

  239. 		
    240. 

  240. 		func main() {
    241. 

  241. 			call, _ := strconv.Atoi(os.Args[1])
    242. 

  242. 			path := os.Args[2]
    243. 

  243. 			flags, _ := strconv.Atoi(os.Args[3])
    244. 

  244. 			filename, _ := syscall.BytePtrFromString(path)
    245. 

  245. 			var err syscall.Errno
    246. 

  246. 			switch call {
    247. 

  247. 			case syscall.SYS_OPEN:
    248. 

  248. 				_, _, err = syscall.Syscall6(syscall.SYS_OPEN, uintptr(unsafe.Pointer(filename)), uintptr(flags), 0, 0, 0, 0)
    249. 

  249. 			case syscall.SYS_OPENAT:
    250. 

  250. 				AT_FDCWD := -100
    251. 

  251. 				_, _, err = syscall.Syscall6(syscall.SYS_OPENAT, uintptr(AT_FDCWD), uintptr(unsafe.Pointer(filename)), uintptr(flags), 0, 0, 0)
    252. 

  252. 			}
    253. 

  253. 			time.Sleep(100 * time.Millisecond)
    254. 

  254. 			os.Exit(int(err))
    255. 

  255. 		}
    256. 

  256. 	`
    257. 

  257. 	require.NoError(t, os.Chdir(t.TempDir()))
    258. 

  258. 	require.NoError(t, os.WriteFile("program.go", []byte(src), 0644))
    259. 

  259. 	out, err := exec.Command("go", "build", "-o", "program", "program.go").CombinedOutput()
    260. 

  260. 	require.Equal(t, "", string(out))
    261. 

  261. 	require.NoError(t, err)
    262. 

  262. 

  263. 	getEvent, stop := runTracer(t, false)
    264. 

  264. 	defer stop()
    265. 

  265. 	for {
    266. 

  266. 		if e := getEvent(); e == nil {
    267. 

  267. 			break
    268. 

  268. 		}
    269. 

  269. 	}
    270. 

  270. 

  271. 	for _, call := range []int{syscall.SYS_OPEN, syscall.SYS_OPENAT} {
    272. 

  272. 		run := func(file string, flag int) (uint32, error) {
    273. 

  273. 			p := exec.Command("./program", strconv.Itoa(call), file, strconv.Itoa(flag))
    274. 

  274. 			err := p.Run()
    275. 

  275. 			return uint32(p.Process.Pid), err
    276. 

  276. 		}
    277. 

  277. 

  278. 		pid, err := run("program.go", os.O_RDONLY)
    279. 

  279. 		assert.NoError(t, err)
    280. 

  280. 		assert.Equal(t, Event{Type: EventTypeProcessStart, Pid: pid}, *getEvent())
    281. 

  281. 		assert.Equal(t, Event{Type: EventTypeProcessExit, Pid: pid}, *getEvent())
    282. 

  282. 

  283. 		pid, err = run("program.go", os.O_WRONLY)
    284. 

  284. 		assert.NoError(t, err)
    285. 

  285. 		assert.Equal(t, Event{Type: EventTypeProcessStart, Pid: pid}, *getEvent())
    286. 

  286. 		assert.Equal(t, Event{Type: EventTypeFileOpen, Pid: pid, Fd: 3}, *getEvent())
    287. 

  287. 		assert.Equal(t, Event{Type: EventTypeProcessExit, Pid: pid}, *getEvent())
    288. 

  288. 

  289. 		pid, err = run("program.go", os.O_RDWR)
    290. 

  290. 		assert.NoError(t, err)
    291. 

  291. 		assert.Equal(t, Event{Type: EventTypeProcessStart, Pid: pid}, *getEvent())
    292. 

  292. 		assert.Equal(t, Event{Type: EventTypeFileOpen, Pid: pid, Fd: 3}, *getEvent())
    293. 

  293. 		assert.Equal(t, Event{Type: EventTypeProcessExit, Pid: pid}, *getEvent())
    294. 

  294. 

  295. 		// open error: text file busy
    296. 

  296. 		pid, err = run("program", os.O_RDWR)
    297. 

  297. 		assert.Error(t, err)
    298. 

  298. 		assert.Equal(t, Event{Type: EventTypeProcessStart, Pid: pid}, *getEvent())
    299. 

  299. 		assert.Equal(t, Event{Type: EventTypeProcessExit, Pid: pid}, *getEvent())
    300. 

  300. 

  301. 		// ignoring /proc/*, /dev/*, /sys/*
    302. 

  302. 		for _, f := range []string{"/proc/sys/fs/file-max", "/dev/null", "/sys/kernel/profiling"} {
    303. 

  303. 			pid, err = run(f, os.O_RDWR)
    304. 

  304. 			assert.NoError(t, err)
    305. 

  305. 			assert.Equal(t, Event{Type: EventTypeProcessStart, Pid: pid}, *getEvent())
    306. 

  306. 			assert.Equal(t, Event{Type: EventTypeProcessExit, Pid: pid}, *getEvent())
    307. 

  307. 		}
    308. 

  308. 

  309. 		for {
    310. 

  310. 			e := getEvent()
    311. 

  311. 			if e == nil {
    312. 

  312. 				break
    313. 

  313. 			}
    314. 

  314. 			t.Errorf("unexpected event %+v", e)
    315. 

  315. 		}
    316. 

  316. 	}
    317. 

  317. }
    318. 

  318. 

  319. func runTracer(t *testing.T, verbose bool) (func() *Event, func()) {
    320. 

  320. 	events := make(chan Event, 1000)
    321. 

  321. 	done := make(chan bool, 1)
    322. 

  322. 

  323. 	var uname unix.Utsname
    324. 

  324. 	assert.NoError(t, unix.Uname(&uname))
    325. 

  325. 

  326. 	go func() {
    327. 

  327. 		tt := NewTracer(string(bytes.Split(uname.Release[:], []byte{0})[0]), false)
    328. 

  328. 		err := tt.Run(events)
    329. 

  329. 		require.NoError(t, err)
    330. 

  330. 		<-done
    331. 

  331. 		tt.Close()
    332. 

  332. 	}()
    333. 

  333. 

  334. 	stop := func() {
    335. 

  335. 		done <- true
    336. 

  336. 	}
    337. 

  337. 

  338. 	get := func() *Event {
    339. 

  339. 		select {
    340. 

  340. 		case e := <-events:
    341. 

  341. 			if verbose {
    342. 

  342. 				fmt.Printf("%+v\n", e)
    343. 

  343. 			}
    344. 

  344. 			return &e
    345. 

  345. 		case <-time.NewTimer(time.Second).C:
    346. 

  346. 			return nil
    347. 

  347. 		}
    348. 

  348. 	}
    349. 

  349. 

  350. 	return get, stop
    351. 

  351. }
    352.