Skip to content

Commit

Permalink
in_ebpf: initial version of the plugin
Browse files Browse the repository at this point in the history
This is an initial proposal of a POC of an ebpf ingestor
plugin. This adds capabilities to load and attach to
an existing ebpf program and consume events from a fixed-sized
ring buffer, subsequently those events are ingested in the log
ingestion buffer.

Events types are known and defined in the fluent-bit codebase and
those has to be implemented by the ebpf program to follow when submitted
into the ring buffer, this in the future must be serialized and
be an extensible part of the project as we possibly make progress towards
compability with other ebpf collectors.

Also, i've implemented a fallback to allow strings to be passed as the
payload of the event, without following a specific event type.

Signed-off-by: Jorge Niedbalski <[email protected]>
  • Loading branch information
niedbalski committed Nov 2, 2024
1 parent 41b90b7 commit aa699b0
Show file tree
Hide file tree
Showing 10 changed files with 814 additions and 24 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/unit-tests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ jobs:
- name: Setup environment
run: |
sudo apt-get update
sudo apt-get install -y gcc-7 g++-7 clang-6.0 libsystemd-dev gcovr libyaml-dev
sudo apt-get install -y gcc-7 g++-7 clang-6.0 libsystemd-dev gcovr libyaml-dev libbpf-dev
sudo ln -s /usr/bin/llvm-symbolizer-6.0 /usr/bin/llvm-symbolizer || true
- uses: actions/checkout@v4
Expand Down Expand Up @@ -140,7 +140,7 @@ jobs:
- name: Setup environment
run: |
sudo apt-get update
sudo apt-get install -y gcc-9 g++-9 clang-12 cmake flex bison libsystemd-dev gcovr libyaml-dev
sudo apt-get install -y gcc-9 g++-9 clang-12 cmake flex bison libsystemd-dev gcovr libyaml-dev libbpf-dev
sudo ln -s /usr/bin/llvm-symbolizer-12 /usr/bin/llvm-symbolizer || true
- name: Build and test with actuated runners
Expand Down Expand Up @@ -193,7 +193,7 @@ jobs:
--volume "/etc/machine-id:/etc/machine-id"
install: |
apt-get update
apt-get install -y gcc-7 g++-7 clang-6.0 libyaml-dev cmake flex bison libssl-dev #libsystemd-dev
apt-get install -y gcc-7 g++-7 clang-6.0 libyaml-dev cmake flex bison libssl-dev libbpf-dev #libsystemd-dev
ln -s /usr/bin/llvm-symbolizer-6.0 /usr/bin/llvm-symbolizer || true
update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-7 90
Expand Down
30 changes: 30 additions & 0 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -1032,6 +1032,36 @@ else()
set(FLB_ARROW OFF)
endif()

# EBPF Support
# ============
if (FLB_IN_EBPF)
find_package(PkgConfig)

# Check for libbpf with pkg-config
pkg_check_modules(LIBBPF libbpf>=0.5.0)

if (LIBBPF_FOUND)
message(STATUS "libbpf found: ${LIBBPF_LIBRARIES}")
include_directories(${LIBBPF_INCLUDE_DIRS})
list(APPEND EXTRA_LIBS ${LIBBPF_LIBRARIES})
else()
# Manually find the library if pkg-config fails
find_library(LIBBPF_LIBRARY NAMES bpf REQUIRED)
if (LIBBPF_LIBRARY)
message(STATUS "Found libbpf: ${LIBBPF_LIBRARY}")
list(APPEND EXTRA_LIBS ${LIBBPF_LIBRARY})
else()
if (FLB_SYSTEM_LINUX)
message(FATAL_ERROR "libbpf is required on Linux. Please install libbpf or ensure it is in your library path.")
else()
message(STATUS "libbpf is not found. Disabling eBPF support.")
set(FLB_IN_EBPF OFF)
endif()
endif()
endif()

endif()

# Pthread Local Storage
# =====================
# By default we expect the compiler already support thread local storage
Expand Down
1 change: 1 addition & 0 deletions cmake/plugins_options.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ DEFINE_OPTION(FLB_IN_WINLOG "Enable Windows Log input plugin"
DEFINE_OPTION(FLB_IN_WINDOWS_EXPORTER_METRICS "Enable windows exporter metrics input plugin" ON)
DEFINE_OPTION(FLB_IN_WINEVTLOG "Enable Windows EvtLog input plugin" OFF)
DEFINE_OPTION(FLB_IN_WINSTAT "Enable Windows Stat input plugin" OFF)
DEFINE_OPTION(FLB_IN_EBPF "Enable Linux eBPF input plugin" OFF)

# Processors
# ==========
Expand Down
1 change: 1 addition & 0 deletions cmake/windows-setup.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ if(FLB_WINDOWS_DEFAULTS)
set(FLB_IN_STORAGE_BACKLOG Yes)
set(FLB_IN_EMITTER Yes)
set(FLB_IN_PODMAN_METRICS No)
set(FLB_IN_EBPF No)
set(FLB_IN_ELASTICSEARCH Yes)
set(FLB_IN_SPLUNK Yes)
set(FLB_IN_PROMETHEUS_REMOTE_WRITE Yes)
Expand Down
1 change: 1 addition & 0 deletions plugins/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -207,6 +207,7 @@ if(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
REGISTER_IN_PLUGIN("in_docker_events")
REGISTER_IN_PLUGIN("in_podman_metrics")
REGISTER_IN_PLUGIN("in_process_exporter_metrics")
REGISTER_IN_PLUGIN("in_ebpf")
endif()

if(${CMAKE_SYSTEM_NAME} MATCHES "Linux" OR ${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
Expand Down
6 changes: 6 additions & 0 deletions plugins/in_ebpf/CMakeLists.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
set(src
in_ebpf.c
)

FLB_PLUGIN(in_ebpf "${src}" "")
target_link_libraries(flb-plugin-in_ebpf -lbpf -lelf -lz)
Loading

0 comments on commit aa699b0

Please sign in to comment.