USMAgent.jar

DataDog · Dec 7, 2022 · 79d18da · 79d18da
1 parent d578b68
commit 79d18da
Show file tree

Hide file tree

Showing 12 changed files with 51 additions and 1 deletion.
diff --git a/omnibus/config/software/system-probe.rb b/omnibus/config/software/system-probe.rb
@@ -15,9 +15,12 @@
   mkdir "#{install_dir}/embedded/share/system-probe/ebpf/runtime"
   mkdir "#{install_dir}/embedded/share/system-probe/ebpf/co-re"
   mkdir "#{install_dir}/embedded/share/system-probe/ebpf/co-re/btf"
+  mkdir "#{install_dir}/embedded/share/system-probe/java"
   mkdir "#{install_dir}/embedded/nikos/embedded/bin"
   mkdir "#{install_dir}/embedded/nikos/embedded/lib"
 
+  copy 'pkg/network/java/USMAgent.jar', "#{install_dir}/embedded/share/system-probe/java/"
+
   if ENV.has_key?('SYSTEM_PROBE_BIN') and not ENV['SYSTEM_PROBE_BIN'].empty?
     copy "#{ENV['SYSTEM_PROBE_BIN']}/system-probe", "#{install_dir}/embedded/bin/system-probe"
     copy "#{ENV['SYSTEM_PROBE_BIN']}/http.o", "#{install_dir}/embedded/share/system-probe/ebpf/"

diff --git a/omnibus/package-scripts/agent-deb/postinst b/omnibus/package-scripts/agent-deb/postinst
@@ -94,6 +94,7 @@ fi
 chown root:root ${INSTALL_DIR}/embedded/bin/system-probe
 chown root:root ${INSTALL_DIR}/embedded/bin/security-agent
 chown -R root:root ${INSTALL_DIR}/embedded/share/system-probe/ebpf
+chown -R root:root ${INSTALL_DIR}/embedded/share/system-probe/java
 
 # Enable and restart the agent service here on Debian platforms
 # On RHEL, this is done in the posttrans script

diff --git a/omnibus/package-scripts/agent-rpm/postinst b/omnibus/package-scripts/agent-rpm/postinst
@@ -38,5 +38,6 @@ fi
 chown root:root ${INSTALL_DIR}/embedded/bin/system-probe
 chown root:root ${INSTALL_DIR}/embedded/bin/security-agent
 chown -R root:root ${INSTALL_DIR}/embedded/share/system-probe/ebpf
+chown -R root:root ${INSTALL_DIR}/embedded/share/system-probe/java
 
 exit 0
diff --git a/pkg/config/system_probe.go b/pkg/config/system_probe.go
@@ -25,6 +25,9 @@ const (
 	// defaultSystemProbeBPFDir is the default path for eBPF programs
 	defaultSystemProbeBPFDir = "/opt/datadog-agent/embedded/share/system-probe/ebpf"
 
+	// defaultSystemProbeJavaDir is the default path for java agent program
+	defaultSystemProbeJavaDir = "/opt/datadog-agent/embedded/share/system-probe/java"
+
 	// defaultRuntimeCompilerOutputDir is the default path for output from the system-probe runtime compiler
 	defaultRuntimeCompilerOutputDir = "/var/tmp/datadog-agent/system-probe/build"
 
@@ -92,6 +95,7 @@ func InitSystemProbeConfig(cfg Config) {
 	// ebpf general settings
 	cfg.BindEnvAndSetDefault(join(spNS, "bpf_debug"), false)
 	cfg.BindEnvAndSetDefault(join(spNS, "bpf_dir"), defaultSystemProbeBPFDir, "DD_SYSTEM_PROBE_BPF_DIR")
+	cfg.BindEnvAndSetDefault(join(spNS, "java_dir"), defaultSystemProbeJavaDir, "DD_SYSTEM_PROBE_JAVA_DIR")
 	cfg.BindEnvAndSetDefault(join(spNS, "excluded_linux_versions"), []string{})
 	cfg.BindEnvAndSetDefault(join(spNS, "enable_tracepoints"), false)
 	cfg.BindEnvAndSetDefault(join(spNS, "enable_co_re"), true, "DD_ENABLE_CO_RE")

diff --git a/pkg/ebpf/config.go b/pkg/ebpf/config.go
@@ -24,6 +24,9 @@ type Config struct {
 	// BPFDir is the directory to load the eBPF program from
 	BPFDir string
 
+	// JavaDir is the directory to load the java agent program from
+	JavaDir string
+
 	// ExcludedBPFLinuxVersions lists Linux kernel versions that should not use BPF features
 	ExcludedBPFLinuxVersions []string
 
@@ -85,6 +88,7 @@ func NewConfig() *Config {
 	return &Config{
 		BPFDebug:                 cfg.GetBool(key(spNS, "bpf_debug")),
 		BPFDir:                   cfg.GetString(key(spNS, "bpf_dir")),
+		JavaDir:                  cfg.GetString(key(spNS, "java_dir")),
 		ExcludedBPFLinuxVersions: cfg.GetStringSlice(key(spNS, "excluded_linux_versions")),
 		EnableTracepoints:        cfg.GetBool(key(spNS, "enable_tracepoints")),
 		ProcRoot:                 util.GetProcRoot(),

diff --git a/pkg/network/java/META-INF/MANIFEST.MF b/pkg/network/java/META-INF/MANIFEST.MF
@@ -0,0 +1,6 @@
+Manifest-Version: 1.0
+Can-Redefine-Classes: true
+Can-Retransform-Classes: true
+Agent-Class: TestUSMAgent
+Premain-Class: TestUSMAgent
+Created-By: 7.42 (Private Build)
diff --git a/pkg/network/java/TestUSMAgent.class b/pkg/network/java/TestUSMAgent.class
diff --git a/pkg/network/java/TestUSMAgent.java b/pkg/network/java/TestUSMAgent.java
@@ -0,0 +1,16 @@
+/*
+Need to be compiled with java7
+
+javac TestUSMAgent.java
+jar cvmf META-INF/MANIFEST.MF USMAgent.jar TestUSMAgent.class
+ */
+
+import java.lang.instrument.Instrumentation;
+
+public class TestUSMAgent {
+
+    public static void agentmain(String agentArgs, Instrumentation inst) {
+        System.out.println("loading TestUSMAgent.agentmain("+agentArgs+")");
+    }
+
+}
diff --git a/pkg/network/java/USMAgent.jar b/pkg/network/java/USMAgent.jar
diff --git a/pkg/network/protocols/http/ebpf_javatls.go b/pkg/network/protocols/http/ebpf_javatls.go
@@ -9,7 +9,12 @@
 package http
 
 import (
+	"math/rand"
+	"os"
+	"path/filepath"
 	"regexp"
+	"strconv"
+	"time"
 
 	"github.com/DataDog/datadog-agent/pkg/network/config"
 	"github.com/DataDog/datadog-agent/pkg/network/java"
@@ -19,6 +24,11 @@ import (
 	manager "github.com/DataDog/ebpf-manager"
 )
 
+var (
+	javaUSMAgentJarPath = "/opt/datadog-agent/embedded/share/system-probe/java/USMAgent.jar"
+	randomID            = int64(0)
+)
+
 type JavaTLSProgram struct {
 	processMonitor *monitor.ProcessMonitor
 	cleanupExec    func()
@@ -35,6 +45,7 @@ func newJavaTLSProgram(c *config.Config) *JavaTLSProgram {
 		log.Errorf("goTLS support requires runtime-compilation to be enabled")
 		return nil
 	}
+	javaUSMAgentJarPath = filepath.Join(c.JavaDir, "USMAgent.jar")
 
 	pm := monitor.GetProcessMonitor(c)
 	if pm == nil {
@@ -50,6 +61,8 @@ func (p *JavaTLSProgram) ConfigureManager(m *nettelemetry.Manager) {
 		return
 	}
 
+	rand.Seed(int64(os.Getpid()) + time.Now().UnixMicro())
+	randomID = rand.Int63()
 	//TODO setup the random id here
 }
 
@@ -60,7 +73,7 @@ func (p *JavaTLSProgram) GetAllUndefinedProbes() (probeList []manager.ProbeIdent
 }
 
 func newJavaProcess(pid uint32) {
-	if err := java.InjectAgent(int(pid), "/opt/datadog-agent/embedded/share/system-probe/ebpf/java.agent.jar", ""); err != nil {
+	if err := java.InjectAgent(int(pid), javaUSMAgentJarPath, strconv.FormatInt(randomID, 10)); err != nil {
 		log.Errorf("%v", err)
 	}
 }

diff --git a/tasks/process_agent.py b/tasks/process_agent.py
@@ -131,6 +131,7 @@ def build_dev_image(ctx, image=None, push=False, base_image="datadog/agent:lates
         ctx.run(f"chmod 0444 {docker_context}/*.o {docker_context}/*.c")
         ctx.run(f"cp /opt/datadog-agent/embedded/bin/clang-bpf {docker_context}")
         ctx.run(f"cp /opt/datadog-agent/embedded/bin/llc-bpf {docker_context}")
+        ctx.run(f"cp pkg/network/java/USMAgent.jar {docker_context}")
 
         with ctx.cd(docker_context):
             # --pull in the build will force docker to grab the latest base image

diff --git a/tools/ebpf/Dockerfiles/Dockerfile-process-agent-dev b/tools/ebpf/Dockerfiles/Dockerfile-process-agent-dev
@@ -22,3 +22,4 @@ COPY agent $CORE_AGENT_DEST
 
 COPY *.o /opt/datadog-agent/embedded/share/system-probe/ebpf/
 COPY *.c /opt/datadog-agent/embedded/share/system-probe/ebpf/runtime/
+COPY USMAgent.jar /opt/datadog-agent/embedded/share/system-probe/java/
Original file line number	Diff line number	Diff line change
Expand Up		@@ -22,3 +22,4 @@ COPY agent $CORE_AGENT_DEST

		COPY *.o /opt/datadog-agent/embedded/share/system-probe/ebpf/
		COPY *.c /opt/datadog-agent/embedded/share/system-probe/ebpf/runtime/
		COPY USMAgent.jar /opt/datadog-agent/embedded/share/system-probe/java/