Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/rlaisqls/ebpf-monitoring
https://github.com/rlaisqls/ebpf-monitoring
Last synced: about 10 hours ago
JSON representation
- Host: GitHub
- URL: https://github.com/rlaisqls/ebpf-monitoring
- Owner: rlaisqls
- Created: 2024-03-20T03:15:38.000Z (10 months ago)
- Default Branch: main
- Last Pushed: 2024-04-14T11:05:46.000Z (9 months ago)
- Last Synced: 2024-04-14T12:24:39.183Z (9 months ago)
- Language: C
- Homepage:
- Size: 15.5 MB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# IWM
A project to implement the [Grafana Pyroscope](https://github.com/grafana/pyroscope) eBPF Agent in Rust.
This project can collect profiling data instead Grafana Agent that using eBPF component only.
The project structure was referenced from the following repository:
- https://github.com/grafana/pyroscope
- https://github.com/grafana/alloy/tree/main
### Architecture
1. **Register target process**: Register the process to be profiled as the target based on the PID.
2. **Detect process execution event and determine**: type Insert eBPF code into the kprobe of the execve and execveat system calls to detect process execution events. Look up the process path to determine if it is a Python or FramePointer type, and store this information in an eBPF map.
3. **Collect stack information when instructions are executed on the CPU**: When the eBPF code is executed by the `PERF_COUNT_SW_CPU_CLOCK` event, execute the appropriate eBPF code based on whether it is a target process and its type. If it is a FramePointer type, collect stack information using bpf_get_stackid and store it in a count map.
4. **Interpret stack information and convert symbols**: Look up `/proc/{PID}/maps` to find the file path mapped to the executed instructions. Obtain the symbol (function name) corresponding to the instruction address from the ELF section of the file, and convert the instruction addresses in the stack information to the corresponding symbols.
5. **Convert data to pprof format and transmit**: Convert the stack information with symbols to the pprof format, and create a pprof message containing profile samples, locations, and function information. Send the generated pprof message to the Pyroscope server.
