add file retry events and adjust lock structure to fix eBPF file data loss #2292
+1,797
−237
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Merge file_security into local
* feat: add instance labels into host monitor metrics
* feat: support send multivalue metrics to sls * fix * fix * fix * fix * fix
…g reading. (alibaba#2246) * fix and add ut * polish * polish
* add e2e framework code for eBPF process collection * e2e support ssh to host by private key * fix: formatting errors
* feat: provide common cache for system information
* trim meaningless \0 when reading file * remove redundant code
… function. (alibaba#2256) * fix container path format * fix lint * fix commentf
* Disable process security local container meta * add btf search path * set logger for any bpf program * stop process manager if not inited successfully
* upgrade go version from 1.19.10 to 1.23.10 * update dev image * fix license * remove goc * update build script * update go lint * update go lint * fix lint * fix e2e * speedup ci * fix static check * fix go version
…" (alibaba#2260) * Revert "Feat: upgrade go version from 1.19.10 to 1.23.10 (alibaba#2254)" This reverts commit f1712da. * update workflow
* feat: windows build * feat: add windows workflows * fix: windows build script --------- Co-authored-by: linrunqi08 <[email protected]> Co-authored-by: Takuka0311 <[email protected]>
Fix crash caused by pointer moved to nullptr when camel concurrent queue is full Use eBPF Server's polling thread to run process cache management Use eBPF Server's handling thread to run plugin's aggregation and send Refine eBPF Server's start and stop routine
* feat: windows build * feat: add windows workflows * fix: windows build script --------- Co-authored-by: linrunqi08 <[email protected]> Co-authored-by: Takuka0311 <[email protected]>
merge eBPF thread structure modifications
merge new commit
xiongyunn
changed the title
|
|
yyuuttaaoo
reviewed
Jul 17, 2025
core/ebpf/Config.cpp
Outdated
| @@ -14,6 +14,7 @@ | |||
|
|
|||
| #include "ebpf/Config.h" | |||
|
|
|||
| #include <set> | |||
| size_t originalSize = thisFileFilter.mFilePathList.size(); | ||
| std::unordered_set<std::string> uniquePaths; | ||
| std::vector<std::string> deduplicatedPaths; | ||
| deduplicatedPaths.reserve(originalSize); |
There was a problem hiding this comment.
在InputFileSecurityUnittest里面有一个
core/ebpf/EBPFServer.cpp
Outdated
| default: | ||
| LOG_ERROR(sLogger, ("unknown plugin type", int(type))); | ||
| return false; | ||
| } | ||
|
|
||
| if (pluginMgr->Init(options) != 0) { | ||
| LOG_ERROR(sLogger, ("plugin manager init failed", "")); | ||
| if ((type == PluginType::NETWORK_SECURITY || type == PluginType::PROCESS_SECURITY |
There was a problem hiding this comment.
这里条件要个上面Init的地方保持一致。最好就上面判断一下后写一个flag,都通过这个flag决定要不要init和stop processcachemanager
|
|
||
| int processCacheEvents = mProcessCacheManager->PollPerfBuffers(); | ||
|
|
||
| int currentMaxWaitTime = kDefaultMaxWaitTimeMS; |
There was a problem hiding this comment.
这好像不怎么符合预期,应该是这样的逻辑
maxWaitTimeMs=kDefaultMaxWaitTimeMs
endtime = now()
starttime = endtime
pollperfbuffer(maxWaitTimeMs)
endtime = now()
maxWaitTimeMs -= (endtime - starttime)
if (maxWaitTimeMs < 0) maxWaitTimeMs = 1
starttime = endtime
……
There was a problem hiding this comment.
查了一下接下来确实可以改为嵌套epoll的逻辑
core/ebpf/EBPFServer.h
Outdated
| @@ -60,6 +66,8 @@ struct PluginState { | |||
| // (PollPerfBuffers/HandlerEvents/GetAllProjects), allowing them to safely interleave. | |||
| mutable std::atomic_bool mValid; | |||
| mutable std::shared_mutex mMtx; | |||
| std::atomic<LifecycleState> mLifecycleState{LifecycleState::STOPPED}; | |||
There was a problem hiding this comment.
通过框架保证type变更后stop(true)是不是这些逻辑就可以不要了
core/ebpf/driver/eBPFDriver.cpp
Outdated
| for (auto* pb : pbs) { | ||
| auto* perfbuffer = static_cast<perf_buffer*>(pb); | ||
| if (perfbuffer) { | ||
| perf_buffer__free(perfbuffer); |
core/ebpf/plugin/RetryableEvent.h
Outdated
| @@ -59,7 +59,7 @@ class RetryableEvent { | |||
| * @brief Checks if the event can be retried. | |||
| * @return true if there are retry attempts left, false otherwise. | |||
| */ | |||
| [[nodiscard]] bool CanRetry() const { return mRetryLeft > 0; } | |||
| [[nodiscard]] virtual bool CanRetry() const { return mRetryLeft > 0; } | |||
| @@ -228,7 +229,29 @@ void InitSecurityFileFilter(const Json::Value& config, | |||
| } else if (!GetOptionalListFilterParam<std::string>( | |||
| config, "FilePathFilter", thisFileFilter.mFilePathList, errorMsg)) { | |||
| // FilePathFilter has element of wrong type | |||
| } else { | |||
| // FilePathFilter succeeded, deduplication | |||
| size_t originalSize = thisFileFilter.mFilePathList.size(); | |||
There was a problem hiding this comment.
这里验证一下配置,应该有个filter数量上限或者总长度上限,与ebpf程序上限对应
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.