aboutsummaryrefslogtreecommitdiff
path: root/contrib/tracing/log_raw_p2p_msgs.py
diff options
context:
space:
mode:
author0xb10c <0xb10c@gmail.com>2021-05-20 16:54:54 +0200
committer0xb10c <0xb10c@gmail.com>2021-07-27 17:12:16 +0200
commit4224dec22baa66547303840707cf1d4f15a49b20 (patch)
tree467d8bc70b3a3d3ada1fc4a2281ff2725031f09d /contrib/tracing/log_raw_p2p_msgs.py
parent469b71ae629228b2591a55831817a0e5fad89360 (diff)
tracing: Tracepoints for in- and outbound P2P msgs
Can be used to monitor in- and outbound node traffic. Based on ealier work by jb55. Co-authored-by: William Casarin <jb55@jb55.com>
Diffstat (limited to 'contrib/tracing/log_raw_p2p_msgs.py')
-rwxr-xr-xcontrib/tracing/log_raw_p2p_msgs.py180
1 files changed, 180 insertions, 0 deletions
diff --git a/contrib/tracing/log_raw_p2p_msgs.py b/contrib/tracing/log_raw_p2p_msgs.py
new file mode 100755
index 0000000000..b5b5755632
--- /dev/null
+++ b/contrib/tracing/log_raw_p2p_msgs.py
@@ -0,0 +1,180 @@
+#!/usr/bin/env python3
+
+""" Demonstration of eBPF limitations and the effect on USDT with the
+ net:inbound_message and net:outbound_message tracepoints. """
+
+# This script shows a limitation of eBPF when data larger than 32kb is passed to
+# user-space. It uses BCC (https://github.com/iovisor/bcc) to load a sandboxed
+# eBPF program into the Linux kernel (root privileges are required). The eBPF
+# program attaches to two statically defined tracepoints. The tracepoint
+# 'net:inbound_message' is called when a new P2P message is received, and
+# 'net:outbound_message' is called on outbound P2P messages. The eBPF program
+# submits the P2P messages to this script via a BPF ring buffer. The submitted
+# messages are printed.
+
+# eBPF Limitations:
+#
+# Bitcoin P2P messages can be larger than 32kb (e.g. tx, block, ...). The eBPF
+# VM's stack is limited to 512 bytes, and we can't allocate more than about 32kb
+# for a P2P message in the eBPF VM. The message data is cut off when the message
+# is larger than MAX_MSG_DATA_LENGTH (see definition below). This can be detected
+# in user-space by comparing the data length to the message length variable. The
+# message is cut off when the data length is smaller than the message length.
+# A warning is included with the printed message data.
+#
+# Data is submitted to user-space (i.e. to this script) via a ring buffer. The
+# throughput of the ring buffer is limited. Each p2p_message is about 32kb in
+# size. In- or outbound messages submitted to the ring buffer in rapid
+# succession fill the ring buffer faster than it can be read. Some messages are
+# lost.
+#
+# BCC prints: "Possibly lost 2 samples" on lost messages.
+
+import sys
+from bcc import BPF, USDT
+
+# BCC: The C program to be compiled to an eBPF program (by BCC) and loaded into
+# a sandboxed Linux kernel VM.
+program = """
+#include <uapi/linux/ptrace.h>
+
+#define MIN(a,b) ({ __typeof__ (a) _a = (a); __typeof__ (b) _b = (b); _a < _b ? _a : _b; })
+
+// Maximum possible allocation size
+// from include/linux/percpu.h in the Linux kernel
+#define PCPU_MIN_UNIT_SIZE (32 << 10)
+
+// Tor v3 addresses are 62 chars + 6 chars for the port (':12345').
+#define MAX_PEER_ADDR_LENGTH 62 + 6
+#define MAX_PEER_CONN_TYPE_LENGTH 20
+#define MAX_MSG_TYPE_LENGTH 20
+#define MAX_MSG_DATA_LENGTH PCPU_MIN_UNIT_SIZE - 200
+
+struct p2p_message
+{
+ u64 peer_id;
+ char peer_addr[MAX_PEER_ADDR_LENGTH];
+ char peer_conn_type[MAX_PEER_CONN_TYPE_LENGTH];
+ char msg_type[MAX_MSG_TYPE_LENGTH];
+ u64 msg_size;
+ u8 msg[MAX_MSG_DATA_LENGTH];
+};
+
+// We can't store the p2p_message struct on the eBPF stack as it is limited to
+// 512 bytes and P2P message can be bigger than 512 bytes. However, we can use
+// an BPF-array with a length of 1 to allocate up to 32768 bytes (this is
+// defined by PCPU_MIN_UNIT_SIZE in include/linux/percpu.h in the Linux kernel).
+// Also see https://github.com/iovisor/bcc/issues/2306
+BPF_ARRAY(msg_arr, struct p2p_message, 1);
+
+// Two BPF perf buffers for pushing data (here P2P messages) to user-space.
+BPF_PERF_OUTPUT(inbound_messages);
+BPF_PERF_OUTPUT(outbound_messages);
+
+int trace_inbound_message(struct pt_regs *ctx) {
+ int idx = 0;
+ struct p2p_message *msg = msg_arr.lookup(&idx);
+
+ // lookup() does not return a NULL pointer. However, the BPF verifier
+ // requires an explicit check that that the `msg` pointer isn't a NULL
+ // pointer. See https://github.com/iovisor/bcc/issues/2595
+ if (msg == NULL) return 1;
+
+ bpf_usdt_readarg(1, ctx, &msg->peer_id);
+ bpf_usdt_readarg_p(2, ctx, &msg->peer_addr, MAX_PEER_ADDR_LENGTH);
+ bpf_usdt_readarg_p(3, ctx, &msg->peer_conn_type, MAX_PEER_CONN_TYPE_LENGTH);
+ bpf_usdt_readarg_p(4, ctx, &msg->msg_type, MAX_MSG_TYPE_LENGTH);
+ bpf_usdt_readarg(5, ctx, &msg->msg_size);
+ bpf_usdt_readarg_p(6, ctx, &msg->msg, MIN(msg->msg_size, MAX_MSG_DATA_LENGTH));
+
+ inbound_messages.perf_submit(ctx, msg, sizeof(*msg));
+ return 0;
+};
+
+int trace_outbound_message(struct pt_regs *ctx) {
+ int idx = 0;
+ struct p2p_message *msg = msg_arr.lookup(&idx);
+
+ // lookup() does not return a NULL pointer. However, the BPF verifier
+ // requires an explicit check that that the `msg` pointer isn't a NULL
+ // pointer. See https://github.com/iovisor/bcc/issues/2595
+ if (msg == NULL) return 1;
+
+ bpf_usdt_readarg(1, ctx, &msg->peer_id);
+ bpf_usdt_readarg_p(2, ctx, &msg->peer_addr, MAX_PEER_ADDR_LENGTH);
+ bpf_usdt_readarg_p(3, ctx, &msg->peer_conn_type, MAX_PEER_CONN_TYPE_LENGTH);
+ bpf_usdt_readarg_p(4, ctx, &msg->msg_type, MAX_MSG_TYPE_LENGTH);
+ bpf_usdt_readarg(5, ctx, &msg->msg_size);
+ bpf_usdt_readarg_p(6, ctx, &msg->msg, MIN(msg->msg_size, MAX_MSG_DATA_LENGTH));
+
+ outbound_messages.perf_submit(ctx, msg, sizeof(*msg));
+ return 0;
+};
+"""
+
+
+def print_message(event, inbound):
+ print(f"%s %s msg '%s' from peer %d (%s, %s) with %d bytes: %s" %
+ (
+ f"Warning: incomplete message (only %d out of %d bytes)!" % (
+ len(event.msg), event.msg_size) if len(event.msg) < event.msg_size else "",
+ "inbound" if inbound else "outbound",
+ event.msg_type.decode("utf-8"),
+ event.peer_id,
+ event.peer_conn_type.decode("utf-8"),
+ event.peer_addr.decode("utf-8"),
+ event.msg_size,
+ bytes(event.msg[:event.msg_size]).hex(),
+ )
+ )
+
+
+def main(bitcoind_path):
+ bitcoind_with_usdts = USDT(path=str(bitcoind_path))
+
+ # attaching the trace functions defined in the BPF program to the tracepoints
+ bitcoind_with_usdts.enable_probe(
+ probe="inbound_message", fn_name="trace_inbound_message")
+ bitcoind_with_usdts.enable_probe(
+ probe="outbound_message", fn_name="trace_outbound_message")
+ bpf = BPF(text=program, usdt_contexts=[bitcoind_with_usdts])
+
+ # BCC: perf buffer handle function for inbound_messages
+ def handle_inbound(_, data, size):
+ """ Inbound message handler.
+
+ Called each time a message is submitted to the inbound_messages BPF table."""
+
+ event = bpf["inbound_messages"].event(data)
+ print_message(event, True)
+
+ # BCC: perf buffer handle function for outbound_messages
+
+ def handle_outbound(_, data, size):
+ """ Outbound message handler.
+
+ Called each time a message is submitted to the outbound_messages BPF table."""
+
+ event = bpf["outbound_messages"].event(data)
+ print_message(event, False)
+
+ # BCC: add handlers to the inbound and outbound perf buffers
+ bpf["inbound_messages"].open_perf_buffer(handle_inbound)
+ bpf["outbound_messages"].open_perf_buffer(handle_outbound)
+
+ print("Logging raw P2P messages.")
+ print("Messages larger that about 32kb will be cut off!")
+ print("Some messages might be lost!")
+ while True:
+ try:
+ bpf.perf_buffer_poll()
+ except KeyboardInterrupt:
+ exit()
+
+
+if __name__ == "__main__":
+ if len(sys.argv) < 2:
+ print("USAGE:", sys.argv[0], "path/to/bitcoind")
+ exit()
+ path = sys.argv[1]
+ main(path)