Skip to content

ebpf: remove detection of BPF config when running at container #127 #128

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Jul 8, 2022
Merged

ebpf: remove detection of BPF config when running at container #127 #128

merged 6 commits into from
Jul 8, 2022

Conversation

cfc4n
Copy link
Member

@cfc4n cfc4n commented Jul 7, 2022

remove detection of BPF config when running at container.

In Github Action release.yml , qemu in docker ,do not have BPF config , eCapture cant works with ecapture -h.

other issue : #117

Signed-off-by: CFC4N cfc4n.cs@gmail.com

@cfc4n
ebpf: remove detection of BPF config when running at container #127
dad9610 
remove detection of BPF config when running at container.

In Github Action release.yml , qemu in docker ,do not have BPF config , eCapture cant works with ecapture -h.

other issue : #117

Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
@cfc4n cfc4n linked an issue Jul 7, 2022 that may be closed by this pull request
remove detection of BPF config when running at container #127
Closed
@cfc4n
Copy link
Member Author

cfc4n commented Jul 7, 2022

@vincentmli Cloud you test this PR ?

@vincentmli
Copy link
Contributor

@cfc4n I will test today, I am not very familiar with docker or container runtime knowledge, I see you have if strings.Contains(string(b[:i]), "docker") {, what about other k8s environment that does not use docker? for example I use lightweight k3s environment that seems does not use docker, but use containerd, anyway, I will test and let you know how it goes

@vincentmli
Copy link
Contributor

I just tested your PR in k8s and k3s cluster, both not working

# git branch
  master
* remove-detection-bpf
  v0.1.10
  vli-dev
[root@cilium-dev ecapture]# make clean
rm -f user/bytecode/*.d
rm -f user/bytecode/*.o
rm -f assets/ebpf_probe.go
rm -f bin/ecapture
rm -f .check*

[root@cilium-dev ecapture]# make
[root@cilium-dev ecapture]# ls -l bin/ecapture 
-rwxr-xr-x 1 root root 7385088 Jul  7 14:53 bin/ecapture

# kubectl exec -it netshoot-ecap -- /bin/bash
bash-5.1# ecapture -h
2022/07/07 14:57:36 Kernel config read failed, error:KernelConfig not found.

@cfc4n
Copy link
Member Author

cfc4n commented Jul 7, 2022

Could you upload text content of /proc/1/cgroup when in k8s and. k3s ?

@cfc4n cfc4n added the enhancement New feature or request label Jul 7, 2022
@cfc4n
Copy link
Member Author

cfc4n commented Jul 7, 2022

does /.dockerenv exist?

@vincentmli
Copy link
Contributor

I previously runs the netshoot-ecap pod with hostPID: true and that would result in /proc/1/cgroup to be same as host, remove hostPID: true result in below for both k8s and k3s, I guess just searching for kubepods are going to be sufficient for k8s/k3s environment.

kubectl exec -it netshoot-ecap -- cat /proc/1/cgroup
12:cpuset:/kubepods.slice/kubepods-besteffort.slice/kubepods-besteffort-podf5bde71f_bf37_4f4f_b727_0e62e87c4405.slice/docker-82f3be4904ca9e8c5a4808741d6256c881370977b110a02a2b837d4e2dc54241.scope
11:pids:/kubepods.slice/kubepods-besteffort.slice/kubepods-besteffort-podf5bde71f_bf37_4f4f_b727_0e62e87c4405.slice/docker-82f3be4904ca9e8c5a4808741d6256c881370977b110a02a2b837d4e2dc54241.scope
10:blkio:/kubepods.slice/kubepods-besteffort.slice/kubepods-besteffort-podf5bde71f_bf37_4f4f_b727_0e62e87c4405.slice/docker-82f3be4904ca9e8c5a4808741d6256c881370977b110a02a2b837d4e2dc54241.scope
9:hugetlb:/kubepods.slice/kubepods-besteffort.slice/kubepods-besteffort-podf5bde71f_bf37_4f4f_b727_0e62e87c4405.slice/docker-82f3be4904ca9e8c5a4808741d6256c881370977b110a02a2b837d4e2dc54241.scope
8:devices:/kubepods.slice/kubepods-besteffort.slice/kubepods-besteffort-podf5bde71f_bf37_4f4f_b727_0e62e87c4405.slice/docker-82f3be4904ca9e8c5a4808741d6256c881370977b110a02a2b837d4e2dc54241.scope
7:rdma:/
6:freezer:/kubepods.slice/kubepods-besteffort.slice/kubepods-besteffort-podf5bde71f_bf37_4f4f_b727_0e62e87c4405.slice/docker-82f3be4904ca9e8c5a4808741d6256c881370977b110a02a2b837d4e2dc54241.scope
5:perf_event:/kubepods.slice/kubepods-besteffort.slice/kubepods-besteffort-podf5bde71f_bf37_4f4f_b727_0e62e87c4405.slice/docker-82f3be4904ca9e8c5a4808741d6256c881370977b110a02a2b837d4e2dc54241.scope
4:net_cls,net_prio:/kubepods.slice/kubepods-besteffort.slice/kubepods-besteffort-podf5bde71f_bf37_4f4f_b727_0e62e87c4405.slice/docker-82f3be4904ca9e8c5a4808741d6256c881370977b110a02a2b837d4e2dc54241.scope
3:memory:/kubepods.slice/kubepods-besteffort.slice/kubepods-besteffort-podf5bde71f_bf37_4f4f_b727_0e62e87c4405.slice/docker-82f3be4904ca9e8c5a4808741d6256c881370977b110a02a2b837d4e2dc54241.scope
2:cpu,cpuacct:/kubepods.slice/kubepods-besteffort.slice/kubepods-besteffort-podf5bde71f_bf37_4f4f_b727_0e62e87c4405.slice/docker-82f3be4904ca9e8c5a4808741d6256c881370977b110a02a2b837d4e2dc54241.scope
1:name=systemd:/kubepods.slice/kubepods-besteffort.slice/kubepods-besteffort-podf5bde71f_bf37_4f4f_b727_0e62e87c4405.slice/docker-82f3be4904ca9e8c5a4808741d6256c881370977b110a02a2b837d4e2dc54241.scope
0::/

cfc4n added 3 commits July 8, 2022 20:58
@cfc4n
pkg/util : add k8s/k3s container detection.
0a9a4ce 
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
@cfc4n
pkg/util : add detection
a6d3af3 
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
@cfc4n
pkg/util : turn off ecapture -v with Android version.
ba8aa06 
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
@cfc4n
Copy link
Member Author

cfc4n commented Jul 8, 2022
edited
Loading

@vincentmli Could you test it again? Thanks.

@vincentmli
Copy link
Contributor

@cfc4n works now

# kubectl exec -it netshoot-ecap -- /bin/bash
bash-5.1# ecapture -h
2022/07/08 15:05:36 Your environment is a container. We will not detect the BTF config.
NAME:
	eCapture - capture text SSL content without CA cert by ebpf hook.

@cfc4n cfc4n merged commit 6c39ce8 into master Jul 8, 2022
@cfc4n cfc4n deleted the remove-detection-bpf branch July 8, 2022 15:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

remove detection of BPF config when running at container
2 participants
@cfc4n @vincentmli