feat: support NATS

[mannkafai]

This will close #206

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
kyanos	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jan 18, 2025 3:05pm

[mannkafai]

@hengyoush All the tests are stuck in Test filter by l3/l4 info. There are multiple IPs returned when executing dig example.com +short. Can you help me take a look?

+ test_filter_by_remote_ip
++ dig example.com +short
+ remote_ip='23.192.228.84
23.215.0.136
23.215.0.138
96.7.128.175
96.7.128.198
23.192.228.80'

[hengyoush]

According to the NATS protocol, not all requests necessarily have responses (https://docs.nats.io/reference/reference-protocols/nats-protocol#ok-err). Is it possible that solely using MatchByTimestamp might result in losing records?

[mannkafai]

Yes, you are right. Only [H]PUB or [H]MSG with reply-to and PING/PONG are matching request/response. Both NATS server and client could start with PING, I'm not sure it's possible to distinguish which side starts with PING.

[hengyoush]

I'm not sure it's possible to distinguish which side starts with PING.

I wonder if it is really necessary to distinguish which side initiated the ping. For ping/pong, can we match them using the MatchByTimestamp logic?

For other types of messages, we can traverse both respStream and reqStream simultaneously. If the respMessage is ok/err, then it forms a record with the reqMessage.
If the respMessage is not ok/err, then we need to output a record based on the timestamps of the current reqMessage and respMessage. If reqMessage.Ts < respMessage.Ts, output a record with only the req (resp is empty); otherwise, output a record with only the resp.

[hengyoush]

Maybe we can determine the boundary based on the message type (nats protocol messages) (actually what you did in protocol_inference.h)

[mannkafai]

ok, I will fix this

[hengyoush]

typo here: prasedLen => parsedLen

[hengyoush]

Do we need to check slice bound here?(len(payload) < packetLen-len(_CRLF_))

[mannkafai]

It's no necessary. packetLen means the first line length in payload(if contains \r\n), len(payload) >= packetLen always true.

[hengyoush]

Is this check for less than 6 redundant, since 20 bytes will be read below?

[hengyoush]

also here

[hengyoush]

Can this loop check be omitted? If so, we can determine nats message type with just one bpf_probe_read_user call to reduce the num of instructions.

[mannkafai]

I'm not sure is other protocols start whit INFO or CONNECT as NATS did, if not I think this loop can be omitted.

[hengyoush]

@hengyoush All the tests are stuck in Test filter by l3/l4 info. There are multiple IPs returned when executing dig example.com +short. Can you help me take a look?

Indeed, this need to be fixed with adding a tail/head -n 1, I have fixed in main branch.

[ccoVeille]

I TBI k I could continue but it's a good start

[ccoVeille]

Suggested change

	"kyanos/agent/protocol"
	"kyanos/bpf"
	"kyanos/common"
	"slices"
	"slices"
	"kyanos/agent/protocol"
	"kyanos/bpf"
	"kyanos/common"

[ccoVeille]

Please fix import orders

[ccoVeille]

We don't use uppercase constant in Go

[ccoVeille]

This could be a switch

[ccoVeille]

Commented code is always suspicious.

Either it could have been removed, or something was temporarily commented for debug and it was left commented while it shouldn't

[ccoVeille]

parsedLen

[ccoVeille]

Again

[ccoVeille]

Suggested change

	natsCmd.Flags().StringSlice("protocols", []string{}, "Specify the nats protocol to monitor(PUB, SUB, MSG), seperate by ','")
	natsCmd.Flags().StringSlice("protocols", []string{}, "Specify the NATS protocol to monitor (PUB, SUB, MSG), seperate by ','")

[ccoVeille]

Suggested change

	natsCmd.Flags().StringSlice("subjects", []string{}, "Specify the nats subject to monitor, seperate by ','")
	natsCmd.Flags().StringSlice("subjects", []string{}, "Specify the NATS subject to monitor, seperate by ','")

[ccoVeille]

Please use plain English comments