Skip to content

Feature: synchronize cgroup id with ebpf program via shared map #531

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Feature: synchronize cgroup id with ebpf program via shared map #531

wants to merge 4 commits into from

Conversation

dqminh
Copy link
Contributor

@dqminh dqminh commented Mar 3, 2025

For some usecases, it's useful for ebpf programs to filter their metrics based on cgroups. It's generally hard to ebpf program to be able to filter cgroup at runtime. This make it easier by allowing ebpf exporter to update known interesting cgroup id at runtime via a shared BPF map.

This requires cgroup fanotify support in kernel to work.

@bobrik
Copy link
Contributor

bobrik commented Mar 4, 2025

LGTM, except for the linter errors.

@dqminh
add a negative cache to ebpf exporter
8b8d605 
Often, some decoders such as regexp can run repeatedly on the same input and skip them
with regexp filter. An common example is matching cgroup path in a chain like so:

```
- name: cgroup
- name: regexp
  regexps:
  - ^.*(system.slice).*$
```

Anything that is not in system.slice cgroup will be skipped. When only a small
subset of inputs is matched, the overhead of regexp matching can often be noticable.

We add a skip cache here to test for input that would produce ErrSkipLabelSet and
skip regex matching on them to reduce the work done on regexp matching.
The cache size is customizable with the flag `config.skip-cache-size`

Signed-off-by: Daniel Dao <dqminh@cloudflare.com>
@simosund simosund mentioned this pull request Jun 5, 2025
Open
dqminh added 2 commits June 6, 2025 14:07
@dqminh
lift cgroup monitor to exporter
b55d051 
Cgroup monitor can be shared with other interested parties, i.e. cgroup
id synchronisation with bpf programs, so lift it from cgroup decoder to
the exporter itself.
@dqminh
add ability to subscribe to cgroup change
c409de2 
In order to prepare for synchronisation of interested cgroup id with bpf
programs, this adds a way to subscribe to cgroup change via a channel
share with cgroup monitor.
@dqminh dqminh force-pushed the cgroup_id branch 2 times, most recently from 9ebabfc to f348a0c Compare June 6, 2025 13:30
@dqminh
add cgroup_id_map config to sync cgroup id to ebpf programs
b916542 
For some usecases, it's useful for ebpf programs to filter their metrics
based on cgroups. It's generally hard to ebpf program to be able to
filter cgroup at runtime. This make it easier by allowing ebpf exporter
to update known interesting cgroup id at runtime via a shared BPF map.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dqminh @bobrik