add ebpf test program

Signed-off-by: vsoch <[email protected]>

Author: vsoch

README.md

@@ -44,10 +44,32 @@ This example will walk through running lammps. Other example runs are [also prov
 
 ### 1. Setup the Cluster
 
+For simple local development:
+
 ```bash
 # Create the cluster
 kind create cluster --config ./kind-config.yaml
+```
+
+For ebpf (that requires mounting the host) I recommend a cloud:
+
+```bash
+NODES=2
+GOOGLE_PROJECT=myproject
+INSTANCE=h3-standard-88
+
+time gcloud container clusters create test-cluster  \
+   --threads-per-core=1  \   
+   --num-nodes=$NODES  \   
+   --machine-type=$INSTANCE  \
+   --placement-type=COMPACT  \   
+   --image-type=UBUNTU_CONTAINERD \
+   --region=us-central1-a     --project=${GOOGLE_PROJECT}
+```
+
+Finally, install the Flux Operator
 
+```bash
 # Install the Flux Operator
 kubectl apply -f https://raw.githubusercontent.com/flux-framework/flux-operator/refs/heads/main/examples/dist/flux-operator.yaml
 ```
@@ -115,9 +137,10 @@ helm install lammps lammps-reax/ --debug --dry-run
 Then install the chart. This will deploy the Flux MiniCluster and run lammps for some number of iterations. All variables are technically defined so you don't need any `--set`.
 
 ```bash
+container=$(ocifit ghcr.io/converged-computing/lammps-reax --instance)
 helm install \
   --set minicluster.size=1 \
-  --set minicluster.image=ghcr.io/converged-computing/metric-lammps-cpu:zen4-reax \
+  --set minicluster.image= \
   --set minicluster.addFlux=true \
   lammps ./lammps-reax
 ```
@@ -534,6 +557,21 @@ helm install \
   lammps ./lammps-reax
 ```
 
+You'll need to look at the logs to see the sidecar vs. lammps.
+
+```bash
+kubeclt lo
+```
+
+Try changing the command:
+
+```bash
+helm install \
+  --set experiment.monitor=true \
+  --set minicluster.save_logs=true \
+  --set minicluster.monitor_command="tcplife-bpfcc -stT" \
+  lammps ./lammps-reax
+```
 
 ##### 4. Recording
 

base-template/docker/bcc-sidecar/Dockerfile

@@ -1,5 +1,4 @@
-FROM ubuntu:22.04
-
+FROM ubuntu:24.04
 ENV DEBIAN_FRONTEND=noninteractive
 
 RUN apt-get update && \
@@ -11,19 +10,15 @@ RUN apt-get update && \
         cmake \
         flex \
         libedit-dev \
-        libllvm15 \
-        llvm-15-dev \
-        llvm-15-tools \
-        libclang-15-dev \
-        clang-15 \
+        libllvm-18-ocaml-dev libpolly-18-dev libllvm18 llvm-18-dev llvm-18-tools \
+        libclang-18-dev clang-18 \        
         zlib1g-dev \
         libelf-dev \
         libfl-dev \
         pkg-config \
         python3 \
         python3-pip \
         python3-setuptools \
-        python3-distutils \
         netcat-openbsd \
         iperf3 \
         netperf \

base-template/docker/bcc-sidecar/programs/open-close/ebpf-collect.c

@@ -0,0 +1,117 @@
+#include <uapi/linux/ptrace.h>
+#include <linux/sched.h>
+
+#define MAX_FILENAME_LEN_EBPF 256
+#define TASK_COMM_LEN_EBPF 16
+
+enum event_type { EVENT_OPEN = 0, EVENT_CLOSE = 1 };
+
+struct data_t {
+    u64 timestamp_ns; u32 pid; char comm[TASK_COMM_LEN_EBPF];
+    enum event_type type; char filename[MAX_FILENAME_LEN_EBPF];
+    int fd; int ret_val;
+};
+BPF_RINGBUF_OUTPUT(events, 8);
+
+struct temp_filename_t { char fname[MAX_FILENAME_LEN_EBPF]; };
+BPF_HASH(open_filenames_map, u64, struct temp_filename_t);
+
+enum debug_stage {
+    DBG_OPEN_ENTRY_START = 100, DBG_OPEN_ENTRY_READ_DONE = 101,
+    DBG_OPEN_RETURN_START = 200, DBG_OPEN_RETURN_LOOKUP_DONE = 201,
+};
+struct debug_event_t { u64 id; enum debug_stage stage; long val1; long val2; };
+BPF_RINGBUF_OUTPUT(debug_events_rb, 4);
+
+TRACEPOINT_PROBE(syscalls, sys_enter_openat) {
+    u64 id = bpf_get_current_pid_tgid();
+    struct temp_filename_t temp_fn_data = {};
+    long read_res = 0;
+    const char __user *filename_ptr_from_args = (const char __user *)args->filename;
+
+    struct debug_event_t *dbg_evt = debug_events_rb.ringbuf_reserve(sizeof(struct debug_event_t));
+    if (dbg_evt) {
+        dbg_evt->id = id; dbg_evt->stage = DBG_OPEN_ENTRY_START;
+        dbg_evt->val1 = 0; dbg_evt->val2 = 0;
+        debug_events_rb.ringbuf_submit(dbg_evt, 0);
+    }
+
+    read_res = bpf_probe_read_user_str(&temp_fn_data.fname, sizeof(temp_fn_data.fname), (void *)filename_ptr_from_args);
+
+    dbg_evt = debug_events_rb.ringbuf_reserve(sizeof(struct debug_event_t));
+    if (dbg_evt) {
+        dbg_evt->id = id; dbg_evt->stage = DBG_OPEN_ENTRY_READ_DONE;
+        dbg_evt->val1 = read_res; dbg_evt->val2 = (read_res > 0) ? 1 : 0;
+        debug_events_rb.ringbuf_submit(dbg_evt, 0);
+    }
+    
+    if (read_res <= 0) { return 0; }
+    temp_fn_data.fname[MAX_FILENAME_LEN_EBPF - 1] = '\0'; // CORRECTED
+    open_filenames_map.update(&id, &temp_fn_data);
+    return 0;
+}
+
+int trace_openat_return_kretprobe(struct pt_regs *ctx) {
+    u64 id = bpf_get_current_pid_tgid();
+    int ret_fd = PT_REGS_RC(ctx);
+    struct temp_filename_t *temp_fn_ptr = NULL;
+    long lookup_success = 0;
+
+    struct debug_event_t *dbg_evt = debug_events_rb.ringbuf_reserve(sizeof(struct debug_event_t));
+    if (dbg_evt) {
+        dbg_evt->id = id; dbg_evt->stage = DBG_OPEN_RETURN_START;
+        dbg_evt->val1 = ret_fd; dbg_evt->val2 = 0;
+        debug_events_rb.ringbuf_submit(dbg_evt, 0);
+    }
+
+    if (ret_fd < 0) {
+        open_filenames_map.delete(&id);
+        return 0;
+    }
+
+    temp_fn_ptr = open_filenames_map.lookup(&id);
+    lookup_success = (temp_fn_ptr != NULL) ? 1 : 0;
+
+    dbg_evt = debug_events_rb.ringbuf_reserve(sizeof(struct debug_event_t));
+    if (dbg_evt) {
+        dbg_evt->id = id; dbg_evt->stage = DBG_OPEN_RETURN_LOOKUP_DONE;
+        dbg_evt->val1 = ret_fd; dbg_evt->val2 = lookup_success;
+        debug_events_rb.ringbuf_submit(dbg_evt, 0);
+    }
+
+    if (!temp_fn_ptr) { return 0; }
+
+    struct data_t *event_data_ptr = events.ringbuf_reserve(sizeof(struct data_t));
+    if (!event_data_ptr) {
+        open_filenames_map.delete(&id);
+        return 0;
+    }
+    event_data_ptr->timestamp_ns = bpf_ktime_get_ns();
+    event_data_ptr->pid = id >> 32;
+    bpf_get_current_comm(&event_data_ptr->comm, sizeof(event_data_ptr->comm));
+    event_data_ptr->comm[TASK_COMM_LEN_EBPF - 1] = '\0'; // CORRECTED
+    event_data_ptr->type = EVENT_OPEN;
+    event_data_ptr->fd = ret_fd;
+    event_data_ptr->ret_val = ret_fd;
+    __builtin_memcpy(event_data_ptr->filename, temp_fn_ptr->fname, MAX_FILENAME_LEN_EBPF);
+    event_data_ptr->filename[MAX_FILENAME_LEN_EBPF - 1] = '\0'; // CORRECTED
+    events.ringbuf_submit(event_data_ptr, 0);
+    open_filenames_map.delete(&id);
+    return 0;
+}
+
+int trace_close_entry_kprobe(struct pt_regs *ctx, int fd_to_close) {
+    u64 id = bpf_get_current_pid_tgid();
+    struct data_t *event_data_ptr = events.ringbuf_reserve(sizeof(struct data_t));
+    if (!event_data_ptr) { return 0; }
+    event_data_ptr->timestamp_ns = bpf_ktime_get_ns();
+    event_data_ptr->pid = id >> 32;
+    bpf_get_current_comm(&event_data_ptr->comm, sizeof(event_data_ptr->comm));
+    event_data_ptr->comm[TASK_COMM_LEN_EBPF - 1] = '\0'; // CORRECTED
+    event_data_ptr->type = EVENT_CLOSE;
+    event_data_ptr->fd = fd_to_close;
+    event_data_ptr->filename[0] = '\0'; // CORRECTED
+    event_data_ptr->ret_val = 0;
+    events.ringbuf_submit(event_data_ptr, 0);
+    return 0;
+}