kinvolk/traceloop kinvolk/traceloop

  • This repository has been archived on 03/May/2023
  • Stars
    star
    191
  • Rank 202,877 (Top 4 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created over 5 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
kinvolk/traceloop
github

kinvolk

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Now moved into `github.com/inspektor-gadget/inspektor-gadget/pkg/gadget-collection/gadgets/traceloop`. Tracing system calls in cgroups using BPF and overwritable ring buffers

traceloop

traceloop is a command line tool to trace system calls in a similar way to strace but with some differences:

  • traceloop uses BPF instead of ptrace
  • traceloop's tracing granularity is the control group (cgroup) instead of a process
  • traceloop's traces are recorded in a fast, in-memory, overwritable ring buffer like a flight recorder. The tracing could be permanently enabled and inspected in case of crash.

traceloop can be used directly on the command line or via an HTTP interface.

traceloop has been written to trace Kubernetes Pods with Inspektor Gadget, but it can as easily be used with systemd services that are in their own control groups (look for .service and .scope directories inside /sys/fs/cgroup/unified/).

On the command line

Example with an existing systemd service:

sudo -E ./traceloop cgroups /sys/fs/cgroup/unified/system.slice/sshd.service

Example with a custom command:

sudo systemd-run -t  --unit=test42.service  /bin/sh -c 'for i in $(seq 1 1000) ; do sleep 4 ; echo 2*3*7 | bc > /dev/null ; echo Multiplication $i done. ; done'
...
sudo -E ./traceloop cgroups /sys/fs/cgroup/unified/system.slice/test42.service
...
00:04.022260640 cpu#0 pid 23981 [bc] brk(brk=0) = 94045092683776
00:04.022346588 cpu#0 pid 23981 [bc] ioctl(fd=0, cmd=21505, arg=140721805741680) = 18446744073709551591
00:04.022361201 cpu#0 pid 23981 [bc] read(fd=0, buf=94045092586128 "2*3*7\n", count=8192) = 6
00:04.022401517 cpu#0 pid 23981 [bc] fstat() = 0
00:04.022414650 cpu#0 pid 23981 [bc] ioctl(fd=1, cmd=21505, arg=140721805741312) = 18446744073709551591
00:04.022440173 cpu#0 pid 23981 [bc] write(fd=1, buf=94045092602832 "42\n", count=3) = 3
00:04.022460351 cpu#0 pid 23981 [bc] read(fd=0, buf=94045092586128 "", count=8192) = 0
00:04.022475888 cpu#0 pid 23981 [bc] ioctl(fd=0, cmd=21505, arg=140721805741616) = 18446744073709551591
00:04.022525326 cpu#0 pid 23981 [bc] exit_group(error_code=0)...
00:04.022833827 cpu#2 pid 23961 [sh] ...wait4() = 23981

With Docker

docker run --rm -v /sys/kernel/debug:/sys/kernel/debug -v /sys/fs/cgroup:/sys/fs/cgroup -v /sys/fs/bpf:/sys/fs/bpf -v /run:/run --privileged kinvolk/traceloop

With HTTP interface

sudo -E ./traceloop serve
...

$ sudo curl --unix-socket /run/traceloop.socket 'http://localhost/add?name=sshd&cgrouppath=/sys/fs/cgroup/unified/system.slice/sshd.service'
added as id 0
$ sudo curl --unix-socket /run/traceloop.socket 'http://localhost/list'
0: [sshd] /sys/fs/cgroup/unified/system.slice/sshd.service
$ sudo curl --unix-socket /run/traceloop.socket 'http://localhost/dump-by-cgroup?cgroup=/sys/fs/cgroup/unified/system.slice/sshd.service'
...

Talk at Linux Plumbers Conference 2020

A comprehensive presentation was held at LPC 2020 in the Networking and BPF Summit. See the slides here.

After feedback to include a comparison to perf trace we reran the benchmark but omitted the synchronous write syscall case that logs the buffer contents because dumping the buffers is not implemented in perf trace. Here the results:

benchmark graph

More Repositories

1

headlamp

An easy-to-use and extensible web UI for Kubernetes.
TypeScript
869
star
2

kube-spawn

A tool for creating multi-node Kubernetes clusters on a Linux machine using kubeadm & systemd-nspawn. Brought to you by the Kinvolk team.
Go
445
star
3

lokomotive

đŸĒĻ DISCONTINUED Further Lokomotive development has been discontinued. Lokomotive is a 100% open-source, easy to use and secure Kubernetes distribution from the volks at Kinvolk
Go
322
star
4

service-mesh-benchmark

Shell
136
star
5

cloud-native-bpf-workshop

Shell
96
star
6

seccompagent

agent for handling seccomp descriptors for container runtimes
Go
38
star
7

go-shamir

A small CLI tool for Shamir's Secret Sharing written in Go, using Vault's Shamir implementation
Go
38
star
8

bpf-exercises

C
25
star
9

egress-filtering-benchmark

Go
23
star
10

benchmark-containers

Benchmark container build files for a variety of cloud-native benchmarks.
Shell
19
star
11

nomad-on-flatcar

Shell
15
star
12

racker

rack provisioning utility for Kinvolk projects
Shell
14
star
13

btfgen

C
9
star
14

container-escape-bounty

Shell
8
star
15

azure-cvm-tooling

Libraries and tools for Confidential Computing on Azure
Rust
7
star
16

demo

Assorted demos by the Kinvolk team
Shell
7
star
17

lerobot

A simple robot managing Let's Encrypt certificates.
Go
6
star
18

manifest

The build manifest for Flatcar releases
5
star
19

netcost

use BPF to calculate network ingress/egress for specified CIDRs
Go
4
star
20

nswatch

Go
3
star
21

test-odcds

demo of Envoy lazy config loading
Go
3
star
22

calico-hostendpoint-controller

Shell
2
star
23

eslint-config

Lint rules for all Kinvolk's Js/Ts projects
JavaScript
2
star
24

lokomotive-web-ui

A branded build of Headlamp with L8e related plugins.
TypeScript
1
star
25

dev-utils

Development utilities that are common to the company's projects.
Shell
1
star
26

docker

Go
1
star
27

contribution

Start here for contributing to Kinvolk projects
1
star
28

container-exercises

Training material, container exercises
Shell
1
star
29

awesome-virtual-cloud-native-events

Get an overview of all the virtual events happening related to cloud-native technologies
1
star
30

gangway-theme

Lokomotive theme for the gangway
HTML
1
star
31

downloads-tracker

A Github downloads tracker
Go
1
star
32

etcd

Go
1
star
33

tdx-demo-v2

Python
1
star