feat: add PID namespace translation support for sidecar deployments

This change introduces the ability for the eBPF profiler to translate
host-level PIDs and TGIDs into their corresponding values within a
target PID namespace.

In sidecar scenarios, the profiler often runs in a different PID
namespace than the target application, leading to a mismatch between
the PIDs reported in profiles (host view) and the PIDs seen by
operators inside the container (typically PID 1).

Changes:
- Integrated the `bpf_get_ns_current_pid_tgid` BPF helper to resolve
  namespaced IDs.
- Added `EnableNamespacePID` configuration options to control
  the translation logic.
- Implemented automatic PID namespace metadata retrieval in the
  Go component to feed the BPF RODATA variables.
- Added safety checks to fallback to host PIDs if the namespace
  translation fails (e.g., on older kernels or invalid namespace).

Author: fferrandis

collector/config/config.go

@@ -40,6 +40,7 @@ type Config struct {
 	NoKernelVersionCheck   bool          `mapstructure:"no_kernel_version_check"`
 	MaxGRPCRetries         uint32        `mapstructure:"max_grpc_retries"`
 	MaxRPCMsgSize          int           `mapstructure:"max_rpc_msg_size"`
+	EnableNamespacePID     bool          `mapstructure:"enable_namespace_pid"`
 }
 
 // Validate validates the config.

internal/controller/controller.go

@@ -94,6 +94,7 @@ func (c *Controller) Start(ctx context.Context) error {
 		ProbeLinks:             c.config.ProbeLinks,
 		LoadProbe:              c.config.LoadProbe,
 		ExecutableReporter:     c.config.ExecutableReporter,
+		EnableNamespacePID:     c.config.EnableNamespacePID,
 	})
 	if err != nil {
 		return fmt.Errorf("failed to load eBPF tracer: %w", err)

support/ebpf/bpfdefs.h

@@ -59,6 +59,11 @@ static inline u64 bpf_get_current_pid_tgid(void)
   return __cgo_ctx->id;
 }
 
+static inline u64 bpf_get_ns_current_pid_tgid(u64 dev, u64 ino, void *info, u32 size)
+{
+  return __cgo_ctx->id;
+}
+
 static inline void *bpf_map_lookup_elem(void *map, const void *key)
 {
   void *__bpf_map_lookup_elem(u64, void *, const void *);
@@ -106,7 +111,9 @@ static int (*bpf_probe_read)(void *dst, int size, const void *unsafe_ptr) = (voi
   BPF_FUNC_probe_read;
 static unsigned long long (*bpf_ktime_get_ns)(void)         = (void *)BPF_FUNC_ktime_get_ns;
 static unsigned long long (*bpf_get_current_pid_tgid)(void) = (void *)BPF_FUNC_get_current_pid_tgid;
-static int (*bpf_get_current_comm)(void *buf, int buf_size) = (void *)BPF_FUNC_get_current_comm;
+static unsigned long long (*bpf_get_ns_current_pid_tgid)(u64 dev, u64 ino, void *info, u32 size) =
+  (void *)BPF_FUNC_get_ns_current_pid_tgid;
+static int (*bpf_get_current_comm)(void *buf, int buf_size)   = (void *)BPF_FUNC_get_current_comm;
 static void (*bpf_tail_call)(void *ctx, void *map, int index) = (void *)BPF_FUNC_tail_call;
 static unsigned long long (*bpf_get_current_task)(void)       = (void *)BPF_FUNC_get_current_task;
 static int (*bpf_perf_event_output)(

support/ebpf/native_stack_trace.ebpf.c

@@ -25,6 +25,32 @@ BPF_RODATA_VAR(u32, task_stack_offset, 0)
 // The offset of struct pt_regs within the kernel entry stack.
 BPF_RODATA_VAR(u32, stack_ptregs_offset, 0)
 
+// If enabled, the profiler translates host-level PIDs/TGIDs into the
+// corresponding IDs within a specific PID namespace. This is essential
+// for sidecar deployments to report PIDs consistent with the container's
+// internal view (e.g., reporting PID 1 instead of the host PID).
+BPF_RODATA_VAR(bool, pid_ns_translation_enabled, false)
+
+// The inode number of the target PID namespace.
+// Obtained by calling stat() on /proc/[pid]/ns/pid.
+BPF_RODATA_VAR(u64, target_pid_ns_inode, 0)
+
+// The device ID (st_dev) of the target PID namespace inode.
+// Required by the bpf_get_ns_current_pid_tgid helper to uniquely
+// identify the namespace filesystem (nsfs) instance.
+BPF_RODATA_VAR(u64, target_pid_ns_dev, 0)
+
+// Target PID namespace process identifiers.
+// pid:  The process ID as seen within the target PID namespace.
+// tgid: The thread group ID (effectively the process ID in userspace)
+// within the target PID namespace.
+// This structure must match the kernel's definition for use with the
+// bpf_get_ns_current_pid_tgid() helper.
+struct bpf_pidns_info {
+  u32 pid;
+  u32 tgid;
+};
+
 // Macro to create a map named exe_id_to_X_stack_deltas that is a nested maps with a fileID for the
 // outer map and an array as inner map that holds up to 2^X stack delta entries for the given
 // fileID.
@@ -610,10 +636,24 @@ static EBPF_INLINE int unwind_native(struct pt_regs *ctx)
 SEC("perf_event/native_tracer_entry")
 int native_tracer_entry(struct bpf_perf_event_data *ctx)
 {
-  // Get the PID and TGID register.
-  u64 id  = bpf_get_current_pid_tgid();
-  u32 pid = id >> 32;
-  u32 tid = id & 0xFFFFFFFF;
+  u32 pid = 0;
+  u32 tid = 0;
+  if (pid_ns_translation_enabled) {
+    struct bpf_pidns_info ns_info = {0};
+    long ret                      = bpf_get_ns_current_pid_tgid(
+      target_pid_ns_dev, target_pid_ns_inode, &ns_info, sizeof(ns_info));
+    if (ret < 0) {
+      DEBUG_PRINT(
+        "failed to get namespace PID/TGID (%llu, %llu)", target_pid_ns_dev, target_pid_ns_inode);
+      return 0;
+    }
+    pid = ns_info.pid;
+    tid = ns_info.tgid;
+  } else {
+    u64 id = bpf_get_current_pid_tgid();
+    pid    = id >> 32;
+    tid    = id & 0xFFFFFFFF;
+  }
 
   if (pid == 0 && filter_idle_frames) {
     return 0;

support/ebpf/tracer.ebpf.amd64

@@ -10,6 +10,7 @@ import (
 	"os"
 	"runtime"
 	"strings"
+	"syscall"
 	"unsafe"
 
 	"go.opentelemetry.io/ebpf-profiler/kallsyms"
@@ -259,6 +260,19 @@ func prepareAnalysis(orig *cebpf.CollectionSpec) (*cebpf.CollectionSpec, map[str
 	return new, maps, nil
 }
 
+func getCurrentNS(filename string) (uint64, uint64, error) {
+	info, err := os.Stat(filename)
+	if err != nil {
+		return 0, 0, err
+	}
+
+	stat, ok := info.Sys().(*syscall.Stat_t)
+	if !ok {
+		return 0, 0, fmt.Errorf("not a syscall.Stat_t")
+	}
+	return uint64(stat.Dev), uint64(stat.Ino), nil
+}
+
 func determineSysConfig(coll *cebpf.CollectionSpec, maps map[string]*cebpf.Map,
 	kmod *kallsyms.Module, includeTracers types.IncludedTracers, vars *sysConfigVars,
 ) error {
@@ -303,6 +317,21 @@ func loadRodataVars(coll *cebpf.CollectionSpec, kmod *kallsyms.Module, cfg *Conf
 			return fmt.Errorf("failed to set debug output: %v", err)
 		}
 	}
+	if cfg.EnableNamespacePID {
+		if err := coll.Variables["pid_ns_translation_enabled"].Set(uint8(1)); err != nil {
+			return fmt.Errorf("failed to set pid_ns_translation_enabled: %v", err)
+		}
+		dev, ns, err := getCurrentNS("/proc/self/ns/pid")
+		if err != nil {
+			return fmt.Errorf("failed to read my namespace: %v", err)
+		}
+		if err := coll.Variables["target_pid_ns_inode"].Set(ns); err != nil {
+			return fmt.Errorf("failed to set target_pid_ns_inode: %v", err)
+		}
+		if err := coll.Variables["target_pid_ns_dev"].Set(dev); err != nil {
+			return fmt.Errorf("failed to set target_pid_ns_dev: %v", err)
+		}
+	}
 
 	if err := coll.Variables["off_cpu_threshold"].Set(cfg.OffCPUThreshold); err != nil {
 		return fmt.Errorf("failed to set off_cpu_threshold: %v", err)

tracer/systemconfig.go

@@ -164,6 +164,9 @@ type Config struct {
 	// LoadProbe indicates whether the generic eBPF program should be loaded
 	// without being attached to something.
 	LoadProbe bool
+	// EnableNamespacePID toggles the translation of host-level PIDs into their
+	// container-specific equivalents using the PID namespace of the profiler.
+	EnableNamespacePID bool
 }
 
 // hookPoint specifies the group and name of the hooked point in the kernel.