add-bpf-capability (#1)
1) add-bpf-capability 2) Not so clean but for now it's okay to start with Co-authored-by: Harshavardhan Musanalli <harshavmb@gmail.com> Reviewed-on: #1
This commit was merged in pull request #1.
This commit is contained in:
141
demo_ebpf_integration.sh
Executable file
141
demo_ebpf_integration.sh
Executable file
@@ -0,0 +1,141 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Test the eBPF-enhanced NannyAgent
|
||||
# This script demonstrates the new eBPF integration capabilities
|
||||
|
||||
set -e
|
||||
|
||||
echo "🔬 Testing eBPF-Enhanced NannyAgent"
|
||||
echo "=================================="
|
||||
echo ""
|
||||
|
||||
AGENT="./nannyagent-ebpf"
|
||||
|
||||
if [ ! -f "$AGENT" ]; then
|
||||
echo "Building agent..."
|
||||
go build -o nannyagent-ebpf .
|
||||
fi
|
||||
|
||||
echo "1. Checking eBPF Capabilities"
|
||||
echo "-----------------------------"
|
||||
./ebpf_helper.sh check
|
||||
echo ""
|
||||
|
||||
echo "2. Testing eBPF Manager Initialization"
|
||||
echo "-------------------------------------"
|
||||
echo "Starting agent in test mode..."
|
||||
echo ""
|
||||
|
||||
# Create a test script that will send a predefined issue to test eBPF
|
||||
cat > /tmp/test_ebpf_issue.txt << 'EOF'
|
||||
Network connection timeouts to external services. Applications report intermittent failures when trying to connect to remote APIs. The issue occurs randomly and affects multiple processes.
|
||||
EOF
|
||||
|
||||
echo "Test Issue: Network connection timeouts"
|
||||
echo "Expected eBPF Programs: Network tracing, syscall monitoring"
|
||||
echo ""
|
||||
|
||||
echo "3. Demonstration of eBPF Program Suggestions"
|
||||
echo "-------------------------------------------"
|
||||
|
||||
# Show what eBPF programs would be suggested for different issues
|
||||
echo "For NETWORK issues - Expected eBPF programs:"
|
||||
echo "- tracepoint:syscalls/sys_enter_connect (network connections)"
|
||||
echo "- kprobe:tcp_connect (TCP connection attempts)"
|
||||
echo "- kprobe:tcp_sendmsg (network send operations)"
|
||||
echo ""
|
||||
|
||||
echo "For PROCESS issues - Expected eBPF programs:"
|
||||
echo "- tracepoint:syscalls/sys_enter_execve (process execution)"
|
||||
echo "- tracepoint:sched/sched_process_exit (process termination)"
|
||||
echo "- kprobe:do_fork (process creation)"
|
||||
echo ""
|
||||
|
||||
echo "For FILE issues - Expected eBPF programs:"
|
||||
echo "- tracepoint:syscalls/sys_enter_openat (file opens)"
|
||||
echo "- kprobe:vfs_read (file reads)"
|
||||
echo "- kprobe:vfs_write (file writes)"
|
||||
echo ""
|
||||
|
||||
echo "For PERFORMANCE issues - Expected eBPF programs:"
|
||||
echo "- tracepoint:syscalls/sys_enter_* (syscall frequency analysis)"
|
||||
echo "- kprobe:schedule (CPU scheduling events)"
|
||||
echo ""
|
||||
|
||||
echo "4. eBPF Integration Features"
|
||||
echo "---------------------------"
|
||||
echo "✓ Cilium eBPF library integration"
|
||||
echo "✓ bpftrace-based program execution"
|
||||
echo "✓ Dynamic program generation based on issue type"
|
||||
echo "✓ Parallel execution with regular diagnostic commands"
|
||||
echo "✓ Structured JSON event collection"
|
||||
echo "✓ AI-driven eBPF program selection"
|
||||
echo ""
|
||||
|
||||
echo "5. Example AI Response with eBPF"
|
||||
echo "-------------------------------"
|
||||
cat << 'EOF'
|
||||
{
|
||||
"response_type": "diagnostic",
|
||||
"reasoning": "Network timeout issues require monitoring TCP connections and system calls to identify bottlenecks",
|
||||
"commands": [
|
||||
{"id": "net_status", "command": "ss -tulpn", "description": "Current network connections"},
|
||||
{"id": "net_config", "command": "ip route show", "description": "Network configuration"}
|
||||
],
|
||||
"ebpf_programs": [
|
||||
{
|
||||
"name": "tcp_connect_monitor",
|
||||
"type": "kprobe",
|
||||
"target": "tcp_connect",
|
||||
"duration": 15,
|
||||
"description": "Monitor TCP connection attempts"
|
||||
},
|
||||
{
|
||||
"name": "syscall_network",
|
||||
"type": "tracepoint",
|
||||
"target": "syscalls/sys_enter_connect",
|
||||
"duration": 15,
|
||||
"filters": {"comm": "curl"},
|
||||
"description": "Monitor network-related system calls"
|
||||
}
|
||||
]
|
||||
}
|
||||
EOF
|
||||
echo ""
|
||||
|
||||
echo "6. Security and Safety"
|
||||
echo "--------------------"
|
||||
echo "✓ eBPF programs are read-only and time-limited"
|
||||
echo "✓ No system modification capabilities"
|
||||
echo "✓ Automatic cleanup after execution"
|
||||
echo "✓ Safe execution in containers and restricted environments"
|
||||
echo "✓ Graceful fallback when eBPF is not available"
|
||||
echo ""
|
||||
|
||||
echo "7. Next Steps"
|
||||
echo "------------"
|
||||
echo "To test the full eBPF integration:"
|
||||
echo ""
|
||||
echo "a) Run with root privileges for full eBPF access:"
|
||||
echo " sudo $AGENT"
|
||||
echo ""
|
||||
echo "b) Try these test scenarios:"
|
||||
echo " - 'Network connection timeouts'"
|
||||
echo " - 'High CPU usage and slow performance'"
|
||||
echo " - 'File permission errors'"
|
||||
echo " - 'Process hanging or not responding'"
|
||||
echo ""
|
||||
echo "c) Install additional eBPF tools:"
|
||||
echo " sudo ./ebpf_helper.sh install"
|
||||
echo ""
|
||||
|
||||
echo "🎯 eBPF Integration Complete!"
|
||||
echo ""
|
||||
echo "The agent now supports:"
|
||||
echo "- Dynamic eBPF program compilation and execution"
|
||||
echo "- AI-driven selection of appropriate tracepoints and kprobes"
|
||||
echo "- Real-time system event monitoring during diagnosis"
|
||||
echo "- Integration with Cilium eBPF library for professional-grade monitoring"
|
||||
echo ""
|
||||
echo "This provides unprecedented visibility into system behavior"
|
||||
echo "for accurate root cause analysis and issue resolution."
|
||||
Reference in New Issue
Block a user