enhance the access log (#110)

.github/workflows/compatibility.yaml

@@ -45,10 +45,10 @@ jobs:
       - uses: actions/checkout@v3
         with:
           submodules: true
-      - name: Set up Go 1.18
+      - name: Set up Go 1.20
         uses: actions/setup-go@v2
         with:
-          go-version: 1.18
+          go-version: "1.20"
       - id: 'auth'
         uses: 'google-github-actions/auth@v1'
         with:

.github/workflows/rover.yaml

@@ -25,10 +25,10 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 60
     steps:
-      - name: Set up Go 1.18
+      - name: Set up Go 1.20
         uses: actions/setup-go@v2
         with:
-          go-version: 1.18
+          go-version: "1.20"
       - name: Check out code into the Go module directory
         uses: actions/checkout@v2
         with:

CHANGES.md

@@ -12,6 +12,8 @@ Release Notes.
 * Improve the stability of Off CPU Profiling.
 * Support collecting the access log from Kubernetes.
 * Remove the scanner mode in the process discovery module.
+* Upgrade Go library to `1.20`.
+* Support using `make docker.debug` to building the debug docker image.
 
 #### Bug Fixes
 

bpf/accesslog/common/connection.h

@@ -95,16 +95,16 @@ struct socket_connect_event_t {
 
     // upstream
     __u32 remote_addr_v4;
-    __u8 remote_addr_v6[16];
     __u32 remote_port;
+    __u8 remote_addr_v6[16];
     // downstream
     __u32 local_addr_v4;
-    __u8 local_addr_v6[16];
     __u32 local_port;
+    __u8 local_addr_v6[16];
 
-    __u32 conntrack_upstream_port;
-    __u64 conntrack_upstream_iph;
     __u64 conntrack_upstream_ipl;
+    __u64 conntrack_upstream_iph;
+    __u32 conntrack_upstream_port;
 };
 struct {
 	__uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
@@ -209,8 +209,8 @@ static __always_inline void submit_new_connection(void* ctx, bool success, __u32
     event->conntrack_upstream_ipl = 0;
     event->conntrack_upstream_port = 0;
     if (conntrack != NULL) {
-        event->conntrack_upstream_iph = conntrack->iph;
-        event->conntrack_upstream_ipl = conntrack->ipl;
+        event->conntrack_upstream_iph = (__u64)conntrack->iph;
+        event->conntrack_upstream_ipl = (__u64)conntrack->ipl;
         event->conntrack_upstream_port = conntrack->port;
     }
     event->success = success;

bpf/accesslog/l24/l24.h

@@ -38,7 +38,7 @@ struct skb_receive_detail {
 
 struct {
 	__uint(type, BPF_MAP_TYPE_HASH);
-	__uint(max_entries, 10000);
+	__uint(max_entries, 100000);
 	__type(key, struct sk_buff *);
 	__type(value, struct skb_receive_detail);
 } sk_buff_receive_detail_map SEC(".maps");

bpf/accesslog/process/process.c

@@ -27,11 +27,14 @@ struct process_execute_event {
 };
 
 struct sched_comm_fork_ctx {
-	__u64 __pad_0;
+    unsigned short common_type;
+    unsigned char common_flags;
+    unsigned char common_preempt_count;
+    int common_pid;
 	char parent_comm[16];
-	__u32 parent_pid;
+	pid_t parent_pid;
 	char child_comm[16];
-	__u32 child_pid;
+	pid_t child_pid;
 };
 
 SEC("tracepoint/sched/sched_process_fork")

bpf/accesslog/syscalls/connect_conntrack.c

@@ -19,9 +19,10 @@
 #include "../common/data_args.h"
 
 static __always_inline void nf_conntrack_read_in6_addr(__u64 *addr_h, __u64 *addr_l, const struct in6_addr *in6) {
-    BPF_CORE_READ_INTO(addr_h, in6, s6_addr32[0]);
-    BPF_CORE_READ_INTO(addr_l, in6, s6_addr32[2]);
+    bpf_probe_read(addr_h, sizeof(*addr_h), &in6->s6_addr32[0]);
+    bpf_probe_read(addr_l, sizeof(*addr_l), &in6->s6_addr32[2]);
 }
+
 static __always_inline int nf_conntrack_tuple_to_conntrack_tuple(conntrack_tuple_t *t, const struct nf_conntrack_tuple *ct) {
     __builtin_memset(t, 0, sizeof(conntrack_tuple_t));
 
@@ -51,13 +52,13 @@ static __always_inline int nf_conntrack_tuple_to_conntrack_tuple(conntrack_tuple
         if (!t->saddr_l || !t->daddr_l) {
             return 0;
         }
-//    } else if (ct->src.l3num == AF_INET6) {
-//        nf_conntrack_read_in6_addr(&t->saddr_h, &t->saddr_l, &ct->src.u3.in6);
-//        nf_conntrack_read_in6_addr(&t->daddr_h, &t->daddr_l, &ct->dst.u3.in6);
-//
-//        if (!t->saddr_h || !t->saddr_l || !t->daddr_h || !t->daddr_l) {
-//            return 0;
-//        }
+    } else if (ct->src.l3num == AF_INET6) {
+        nf_conntrack_read_in6_addr(&t->saddr_h, &t->saddr_l, &ct->src.u3.in6);
+        nf_conntrack_read_in6_addr(&t->daddr_h, &t->daddr_l, &ct->dst.u3.in6);
+
+        if (!t->saddr_h || !t->saddr_l || !t->daddr_h || !t->daddr_l) {
+            return 0;
+        }
     }
     return 1;
 }

bpf/accesslog/syscalls/transfer.c

@@ -565,12 +565,21 @@ int tracepoint_exit_recvmmsg(struct trace_point_common_exit *ctx) {
 SEC("tracepoint/skb/skb_copy_datagram_iovec")
 int tracepoint_skb_copy_datagram_iovec(struct trace_point_skb_copy_datagram_iovec* ctx) {
     __u64 id = bpf_get_current_pid_tgid();
+    struct sk_buff *buff = ctx->skb;
     struct sock_data_args_t *data_args = bpf_map_lookup_elem(&socket_data_args, &id);
     if (data_args == NULL) {
+        bpf_map_delete_elem(&sk_buff_receive_detail_map, &buff);
         return 0;
     }
 
-    struct sk_buff *buff = ctx->skb;
+    struct sock *sock = _(buff->sk);
+    if (sock != NULL) {
+        data_args->sk_role = get_sock_role(data_args->sk_role, sock);
+    }
+
+    data_args->package_count++;
+    data_args->total_package_size += _(buff->len);
+
     struct skb_receive_detail *detail = bpf_map_lookup_elem(&sk_buff_receive_detail_map, &buff);
     if (detail == NULL) {
         return 0;
@@ -596,20 +605,13 @@ int tracepoint_skb_copy_datagram_iovec(struct trace_point_skb_copy_datagram_iove
 
     // l2
     data_args->ifindex = detail->ifindex;
-    data_args->package_count++;
-    data_args->total_package_size += _(buff->len);
     if (detail->netif_receive_time > 0 && detail->ip_local_time > 0) {
         data_args->total_package_to_queue_time += detail->ip_local_time - detail->netif_receive_time;
     }
     if (detail->ip_local_time > 0) {
         data_args->total_package_receive_from_queue_time += bpf_ktime_get_ns() - detail->ip_local_time;
     }
 
-    struct sock *sock = _(buff->sk);
-    if (sock != NULL) {
-        data_args->sk_role = get_sock_role(data_args->sk_role, sock);
-    }
-
     return 0;
 }
 

bpf/accesslog/syscalls/transfer.h

@@ -321,6 +321,12 @@ static __always_inline void process_write_data(void *ctx, __u64 id, struct sock_
         conn->ssl = true;
     }
 
+    // if the cannot getting the package size and count, then try to get it from the data args
+    if (args->total_package_size == 0 && args->package_count == 0) {
+        args->total_package_size = bytes_count;
+        args->package_count = 1;
+    }
+
     // if the protocol or role is unknown in the connection and the current data content is plaintext
     // then try to use protocol analyzer to analyze request or response and protocol type
     __u32 msg_type = 0;

configs/rover_configs.yaml

@@ -20,6 +20,8 @@ logger:
   level: ${ROVER_LOGGER_LEVEL:INFO}
 
 core:
+  # The name of the cluster.
+  cluster_name: ${ROVER_CORE_CLUSTER_NAME:}
   backend:
     # The backend server address
     addr: ${ROVER_BACKEND_ADDR:localhost:11800}
@@ -56,7 +58,7 @@ process_discovery:
           - ${ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_ISTIO_ENVOY_HAS_ENVOY:.Pod.HasContainer "istio-proxy"}
           - ${ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_ISTIO_ENVOY_CONTAINER_IS_ENVOY:eq .Container.Name "istio-proxy"}
         layer: ${ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_ISTIO_ENVOY_LAYER:MESH_DP}
-        service_name: ${ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_ISTIO_ENVOY_SERVICE_NAME:{{.Pod.Namespace}}::{{.Pod.LabelValue "service.istio.io/canonical-name,app.kubernetes.io/name,app" ""}}}
+        service_name: ${ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_ISTIO_ENVOY_SERVICE_NAME:{{.Pod.LabelValue "service.istio.io/canonical-name,app.kubernetes.io/name,app" ""}}.{{.Pod.Namespace}}}
         instance_name: ${ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_ISTIO_ENVOY_INSTANCE_NAME:{{.Pod.Name}}}
         process_name: ${ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_ISTIO_ENVOY_PROCESS_NAME:{{.Process.ExeName}}}
         labels: ${ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_ISTIO_ENVOY_LABELS:mesh-envoy}
@@ -65,15 +67,15 @@ process_discovery:
           - ${ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_ISTIO_APPLICATION_HAS_ENVOY:.Pod.HasContainer "istio-proxy"}
           - ${ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_ISTIO_APPLICATION_CONTAINER_NOT_ENVOY:ne .Container.Name "istio-proxy"}
         layer: ${ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_ISTIO_APPLICATION_LAYER:MESH}
-        service_name: ${ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_ISTIO_APPLICATION_SERVICE_NAME:{{.Pod.Namespace}}::{{.Pod.LabelValue "service.istio.io/canonical-name,app.kubernetes.io/name,app" ""}}}
+        service_name: ${ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_ISTIO_APPLICATION_SERVICE_NAME:{{.Pod.LabelValue "service.istio.io/canonical-name,app.kubernetes.io/name,app" ""}}.{{.Pod.Namespace}}}
         instance_name: ${ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_ISTIO_APPLICATION_INSTANCE_NAME:{{.Pod.Name}}}
         process_name: ${ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_ISTIO_APPLICATION_PROCESS_NAME:{{.Process.ExeName}}}
         labels: ${ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_ISTIO_APPLICATION_LABELS:mesh-application}
       - active: ${ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_K8S_SERVICE_ACTIVE:true}
         filters:
           - ${ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_K8S_SERVICE_HAS_SERVICE:.Pod.HasServiceName}
         layer: ${ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_K8S_SERVICE_LAYER:K8S_SERVICE}
-        service_name: ${ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_K8S_SERVICE_NAME:{{.Pod.Namespace}}::{{.Pod.ServiceName}}}
+        service_name: ${ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_K8S_SERVICE_NAME:{{.Pod.ServiceName}}.{{.Pod.Namespace}}}
         instance_name: ${ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_K8S_SERVICE_INSTANCE_NAME:{{.Pod.Name}}}
         process_name: ${ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_K8S_SERVICE_PROCESS_NAME:{{.Process.ExeName}}}
         labels: ${ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_K8S_SERVICE_LABLES:k8s-service}
@@ -129,9 +131,10 @@ profiling:
 access_log:
   # Is active the access log monitoring
   active: ${ROVER_ACCESS_LOG_ACTIVE:false}
+  exclude_namespaces: ${ROVER_ACCESS_LOG_EXCLUDE_NAMESPACES:istio-system,cert-manager,kube-system}
   flush:
     # The max count of access log when flush to the backend
-    max_count: ${ROVER_ACCESS_LOG_FLUSH_MAX_COUNT:2000}
+    max_count: ${ROVER_ACCESS_LOG_FLUSH_MAX_COUNT:10000}
     # The period of flush access log to the backend
     period: ${ROVER_ACCESS_LOG_FLUSH_PERIOD:5s}
   protocol_analyze:

docker/Dockerfile.base

@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.18
+FROM golang:1.20
 
 RUN apt update && \
     git clone --depth 1 --branch v1.1.0 https://github.com/libbpf/libbpf.git && \

docker/Dockerfile.debug

@@ -0,0 +1,45 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG BASE_IMAGE=apache/skywalking-rover:latest
+FROM $BASE_IMAGE as build
+
+ARG VERSION="latest"
+
+WORKDIR /src
+
+COPY . .
+
+ENV CGO_ENABLED=0
+
+RUN go install github.com/go-delve/delve/cmd/dlv@latest
+
+RUN VERSION=$VERSION make generate && make linux
+RUN mv /src/bin/skywalking-rover-${VERSION}-linux-* /src/bin/skywalking-rover
+
+FROM ubuntu:22.04
+
+VOLUME /skywalking/configs
+
+WORKDIR /skywalking
+
+COPY --from=build /go/bin/dlv /dlv
+COPY --from=build /src/bin/skywalking-rover /
+COPY --from=build /src/configs /skywalking/configs
+
+EXPOSE 40000
+
+CMD ["/dlv", "--listen=:40000", "--headless=true", "--api-version=2", "--log", "--accept-multiclient", "exec", "/skywalking-rover", "--", "start", "--config", "/skywalking/configs/rover_configs.yaml"]

docs/en/setup/configuration/core.md

@@ -7,6 +7,7 @@ It provides APIs for other modules to establish connections with the backend.
 
 | Name                              | Default         | Environment Key                    | Description                                                                                         |
 |-----------------------------------|-----------------|------------------------------------|-----------------------------------------------------------------------------------------------------|
+| core.cluster_name                 |                 | ROVER_CORE_CLUSTER_NAME            | The name of the cluster.                                                                            |
 | core.backend.addr                 | localhost:11800 | ROVER_BACKEND_ADDR                 | The backend server address.                                                                         |
 | core.backend.enable_TLS           | false           | ROVER_BACKEND_ENABLE_TLS           | The TLS switch.                                                                                     |
 | core.backend.client_pem_path      | client.pem      | ROVER_BACKEND_PEM_PATH             | The file path of client.pem. The config only works when opening the TLS switch.                     |

docs/en/setup/examples/deploy/kubernetes/rover-daemonset.yml

@@ -72,6 +72,9 @@ spec:
             - name: host
               mountPath: /host
               readOnly: true
+            - name: sys
+              mountPath: /sys
+              readOnly: true
           env:
             - name: ROVER_PROCESS_DISCOVERY_KUBERNETES_ACTIVE
               value: "true"
@@ -92,3 +95,7 @@ spec:
           hostPath:
             path: /
             type: Directory
+        - name: sys
+          hostPath:
+            path: /sys
+            type: Directory

go.mod

@@ -1,11 +1,12 @@
 module github.com/apache/skywalking-rover
 
-go 1.18
+go 1.20
 
 require (
 	github.com/agiledragon/gomonkey/v2 v2.9.0
 	github.com/cilium/ebpf v0.9.3
 	github.com/docker/go-units v0.5.0
+	github.com/florianl/go-conntrack v0.4.0
 	github.com/google/uuid v1.3.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/golang-lru v0.5.4
@@ -25,10 +26,11 @@ require (
 	k8s.io/apimachinery v0.23.5
 	k8s.io/client-go v0.23.5
 	k8s.io/utils v0.0.0-20211116205334-6203023598ed
-	skywalking.apache.org/repo/goapi v0.0.0-20231225085619-53f5be6739c4
+	skywalking.apache.org/repo/goapi v0.0.0-20240104145220-ba7202308dd4
 )
 
 require (
+	github.com/BurntSushi/toml v0.4.1 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/fsnotify/fsnotify v1.5.1 // indirect
 	github.com/go-logr/logr v1.2.0 // indirect
@@ -41,8 +43,11 @@ require (
 	github.com/hashicorp/errwrap v1.0.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/josharian/native v0.0.0-20200817173448-b6b71def0850 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/magiconair/properties v1.8.5 // indirect
+	github.com/mdlayher/netlink v1.5.0 // indirect
+	github.com/mdlayher/socket v0.1.0 // indirect
 	github.com/mitchellh/mapstructure v1.4.3 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
@@ -56,17 +61,21 @@ require (
 	github.com/tklauser/go-sysconf v0.3.9 // indirect
 	github.com/tklauser/numcpus v0.3.0 // indirect
 	github.com/yusufpapurcu/wmi v1.2.2 // indirect
+	golang.org/x/mod v0.8.0 // indirect
 	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
+	golang.org/x/sync v0.1.0 // indirect
 	golang.org/x/term v0.13.0 // indirect
 	golang.org/x/text v0.13.0 // indirect
 	golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
+	golang.org/x/tools v0.6.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.66.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
+	honnef.co/go/tools v0.2.2 // indirect
 	k8s.io/klog/v2 v2.30.0 // indirect
 	k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect
 	sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 // indirect