142 lines
4.5 KiB
Bash
Executable File
142 lines
4.5 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Test the eBPF-enhanced NannyAgent
|
|
# This script demonstrates the new eBPF integration capabilities
|
|
|
|
set -e
|
|
|
|
echo "🔬 Testing eBPF-Enhanced NannyAgent"
|
|
echo "=================================="
|
|
echo ""
|
|
|
|
AGENT="./nannyagent-ebpf"
|
|
|
|
if [ ! -f "$AGENT" ]; then
|
|
echo "Building agent..."
|
|
go build -o nannyagent-ebpf .
|
|
fi
|
|
|
|
echo "1. Checking eBPF Capabilities"
|
|
echo "-----------------------------"
|
|
./ebpf_helper.sh check
|
|
echo ""
|
|
|
|
echo "2. Testing eBPF Manager Initialization"
|
|
echo "-------------------------------------"
|
|
echo "Starting agent in test mode..."
|
|
echo ""
|
|
|
|
# Create a test script that will send a predefined issue to test eBPF
|
|
cat > /tmp/test_ebpf_issue.txt << 'EOF'
|
|
Network connection timeouts to external services. Applications report intermittent failures when trying to connect to remote APIs. The issue occurs randomly and affects multiple processes.
|
|
EOF
|
|
|
|
echo "Test Issue: Network connection timeouts"
|
|
echo "Expected eBPF Programs: Network tracing, syscall monitoring"
|
|
echo ""
|
|
|
|
echo "3. Demonstration of eBPF Program Suggestions"
|
|
echo "-------------------------------------------"
|
|
|
|
# Show what eBPF programs would be suggested for different issues
|
|
echo "For NETWORK issues - Expected eBPF programs:"
|
|
echo "- tracepoint:syscalls/sys_enter_connect (network connections)"
|
|
echo "- kprobe:tcp_connect (TCP connection attempts)"
|
|
echo "- kprobe:tcp_sendmsg (network send operations)"
|
|
echo ""
|
|
|
|
echo "For PROCESS issues - Expected eBPF programs:"
|
|
echo "- tracepoint:syscalls/sys_enter_execve (process execution)"
|
|
echo "- tracepoint:sched/sched_process_exit (process termination)"
|
|
echo "- kprobe:do_fork (process creation)"
|
|
echo ""
|
|
|
|
echo "For FILE issues - Expected eBPF programs:"
|
|
echo "- tracepoint:syscalls/sys_enter_openat (file opens)"
|
|
echo "- kprobe:vfs_read (file reads)"
|
|
echo "- kprobe:vfs_write (file writes)"
|
|
echo ""
|
|
|
|
echo "For PERFORMANCE issues - Expected eBPF programs:"
|
|
echo "- tracepoint:syscalls/sys_enter_* (syscall frequency analysis)"
|
|
echo "- kprobe:schedule (CPU scheduling events)"
|
|
echo ""
|
|
|
|
echo "4. eBPF Integration Features"
|
|
echo "---------------------------"
|
|
echo "✓ Cilium eBPF library integration"
|
|
echo "✓ bpftrace-based program execution"
|
|
echo "✓ Dynamic program generation based on issue type"
|
|
echo "✓ Parallel execution with regular diagnostic commands"
|
|
echo "✓ Structured JSON event collection"
|
|
echo "✓ AI-driven eBPF program selection"
|
|
echo ""
|
|
|
|
echo "5. Example AI Response with eBPF"
|
|
echo "-------------------------------"
|
|
cat << 'EOF'
|
|
{
|
|
"response_type": "diagnostic",
|
|
"reasoning": "Network timeout issues require monitoring TCP connections and system calls to identify bottlenecks",
|
|
"commands": [
|
|
{"id": "net_status", "command": "ss -tulpn", "description": "Current network connections"},
|
|
{"id": "net_config", "command": "ip route show", "description": "Network configuration"}
|
|
],
|
|
"ebpf_programs": [
|
|
{
|
|
"name": "tcp_connect_monitor",
|
|
"type": "kprobe",
|
|
"target": "tcp_connect",
|
|
"duration": 15,
|
|
"description": "Monitor TCP connection attempts"
|
|
},
|
|
{
|
|
"name": "syscall_network",
|
|
"type": "tracepoint",
|
|
"target": "syscalls/sys_enter_connect",
|
|
"duration": 15,
|
|
"filters": {"comm": "curl"},
|
|
"description": "Monitor network-related system calls"
|
|
}
|
|
]
|
|
}
|
|
EOF
|
|
echo ""
|
|
|
|
echo "6. Security and Safety"
|
|
echo "--------------------"
|
|
echo "✓ eBPF programs are read-only and time-limited"
|
|
echo "✓ No system modification capabilities"
|
|
echo "✓ Automatic cleanup after execution"
|
|
echo "✓ Safe execution in containers and restricted environments"
|
|
echo "✓ Graceful fallback when eBPF is not available"
|
|
echo ""
|
|
|
|
echo "7. Next Steps"
|
|
echo "------------"
|
|
echo "To test the full eBPF integration:"
|
|
echo ""
|
|
echo "a) Run with root privileges for full eBPF access:"
|
|
echo " sudo $AGENT"
|
|
echo ""
|
|
echo "b) Try these test scenarios:"
|
|
echo " - 'Network connection timeouts'"
|
|
echo " - 'High CPU usage and slow performance'"
|
|
echo " - 'File permission errors'"
|
|
echo " - 'Process hanging or not responding'"
|
|
echo ""
|
|
echo "c) Install additional eBPF tools:"
|
|
echo " sudo ./ebpf_helper.sh install"
|
|
echo ""
|
|
|
|
echo "🎯 eBPF Integration Complete!"
|
|
echo ""
|
|
echo "The agent now supports:"
|
|
echo "- Dynamic eBPF program compilation and execution"
|
|
echo "- AI-driven selection of appropriate tracepoints and kprobes"
|
|
echo "- Real-time system event monitoring during diagnosis"
|
|
echo "- Integration with Cilium eBPF library for professional-grade monitoring"
|
|
echo ""
|
|
echo "This provides unprecedented visibility into system behavior"
|
|
echo "for accurate root cause analysis and issue resolution."
|