debug: add new trace endpoint with packet capture

Change-Id: I769fface8029336d4ffba0717a2362492502cb86

Author: zeebo

debug/endpoint.go

@@ -5,9 +5,17 @@ package debug
 
 import (
 	"context"
+	"net"
+	"reflect"
 	"runtime"
 	"runtime/trace"
+	"sync"
+	"syscall"
+	"time"
 
+	"github.com/google/gopacket"
+	"github.com/google/gopacket/layers"
+	"github.com/google/gopacket/pcapgo"
 	"github.com/zeebo/errs"
 
 	"storj.io/common/pb"
@@ -18,6 +26,8 @@ import (
 type Endpoint struct {
 	pb.DRPCDebugUnimplementedServer
 
+	mu sync.Mutex
+
 	Auth func(ctx context.Context) error
 }
 
@@ -33,11 +43,13 @@ func (f *Endpoint) CollectRuntimeTraces(_ *pb.CollectRuntimeTracesRequest, strea
 	if err := f.Auth(stream.Context()); err != nil {
 		return rpcstatus.Wrap(rpcstatus.Unauthenticated, err)
 	}
-
 	if !traceEnabled {
 		return rpcstatus.Wrap(rpcstatus.FailedPrecondition, errs.New("trace is not enabled: %v", runtime.Version()))
 	}
 
+	f.mu.Lock()
+	defer f.mu.Unlock()
+
 	if err := trace.Start(&streamWriter{stream: stream}); err != nil {
 		return rpcstatus.Wrap(rpcstatus.FailedPrecondition, errs.New("trace failed to start: %w", err))
 	}
@@ -48,6 +60,164 @@ func (f *Endpoint) CollectRuntimeTraces(_ *pb.CollectRuntimeTracesRequest, strea
 	return nil
 }
 
+// CollectRuntimeTraces2 will stream trace data to the client until the client sends a done message
+// some error happens, and it then flushes the trace data and captured packet data.
+func (f *Endpoint) CollectRuntimeTraces2(stream pb.DRPCDebug_CollectRuntimeTraces2Stream) error {
+	if err := f.Auth(stream.Context()); err != nil {
+		return rpcstatus.Wrap(rpcstatus.Unauthenticated, err)
+	}
+	if !traceEnabled {
+		return rpcstatus.Wrap(rpcstatus.FailedPrecondition, errs.New("trace is not enabled: %v", runtime.Version()))
+	}
+
+	f.mu.Lock()
+	defer f.mu.Unlock()
+
+	var done sync.WaitGroup
+	defer done.Wait()
+
+	type Handle struct {
+		eh    *pcapgo.EthernetHandle
+		iface net.Interface
+	}
+
+	if err := trace.Start(&streamWriter{stream: stream}); err != nil {
+		return rpcstatus.Wrap(rpcstatus.FailedPrecondition, errs.New("trace failed to start: %w", err))
+	}
+	stopped := false
+	defer func() {
+		if !stopped {
+			trace.Stop()
+		}
+	}()
+
+	// start the packet capture
+	var handles []Handle
+	ifaces, err := net.Interfaces() // ignore errors because pcap is supplemental
+	trace.Logf(stream.Context(), "trace-debug", "found %d interfaces (err:%v)", len(ifaces), err)
+	for _, iface := range ifaces {
+		trace.Logf(stream.Context(), "trace-debug", "checking interface %q", iface.Name)
+
+		if iface.Flags&net.FlagLoopback != 0 {
+			continue
+		}
+		if iface.Flags&(net.FlagUp|net.FlagRunning) != net.FlagUp|net.FlagRunning {
+			continue
+		}
+		if len(iface.HardwareAddr) == 0 {
+			continue
+		}
+		addrs, err := iface.Addrs()
+		if err != nil {
+			continue
+		}
+		hasIPv4 := false
+		for _, addr := range addrs {
+			ip, _ := addr.(*net.IPNet)
+			hasIPv4 = hasIPv4 || len(ip.IP.To4()) == net.IPv4len
+		}
+		if !hasIPv4 {
+			continue
+		}
+
+		eh, err := pcapgo.NewEthernetHandle(iface.Name)
+		if err != nil {
+			trace.Logf(stream.Context(), "trace-debug", "could not open handle for %q: %v", iface.Name, err)
+			continue
+		}
+		trace.Logf(stream.Context(), "trace-debug", "opened handle for %q", iface.Name)
+		defer eh.Close()
+
+		handles = append(handles, Handle{
+			eh:    eh,
+			iface: iface,
+		})
+	}
+
+	for _, handle := range handles {
+		handle := handle // avoid loop capture bug
+
+		done.Add(1)
+		go func() {
+			defer done.Done()
+
+			src := gopacket.NewPacketSource(handle.eh, layers.LinkTypeEthernet)
+			for {
+				packet, err := src.NextPacket()
+				if err != nil || !trace.IsEnabled() {
+					return
+				}
+
+				tcp, _ := packet.Layer(layers.LayerTypeTCP).(*layers.TCP)
+				ip, _ := packet.Layer(layers.LayerTypeIPv4).(*layers.IPv4)
+				if tcp == nil || ip == nil {
+					continue
+				}
+
+				trace.Logf(stream.Context(), "tcp-packet",
+					"if:%s local:%s:%d remote:%s:%d seq:%d ack:%d flags:%d window:%d payload:%d fragoff:%d ts:%d",
+					handle.iface.Name,
+					ip.SrcIP,
+					tcp.SrcPort,
+					ip.DstIP,
+					tcp.DstPort,
+					tcp.Seq,
+					tcp.Ack,
+					makeTCPFlags(tcp),
+					tcp.Window,
+					len(tcp.Payload),
+					ip.FragOffset,
+					packet.Metadata().Timestamp.UnixNano(),
+				)
+			}
+		}()
+	}
+
+	// wait for a done message or error from caller
+	for {
+		msg, err := stream.Recv()
+		if err != nil {
+			return err
+		}
+		if msg.Done {
+			break
+		}
+	}
+
+	stopped = true
+	trace.Stop()
+
+	// wait for all of the handles to be done and send a signal when they are
+	doneWaiting := make(chan struct{})
+	go func() {
+		done.Wait()
+		close(doneWaiting)
+	}()
+
+	select {
+	case <-doneWaiting:
+		// all of the handles are not being used anymore, so we can do clean
+		// close calls
+		for _, handle := range handles {
+			handle.eh.Close()
+		}
+
+	case <-time.After(10 * time.Second):
+		// at least one handle is still being used and so after 10 seconds is
+		// almost certainly blocked in the syscall, so we can safely interrupt
+		// it with a close call on the fd and be reasonably sure that no reads
+		// will happen on a new socket that got the same fd.
+		for _, handle := range handles {
+			fd := reflect.ValueOf(handle.eh).Elem().FieldByName("fd").Int()
+			_ = syscall.Close(int(fd))
+		}
+
+		<-doneWaiting
+	}
+
+	return nil
+}
+
 type streamWriter struct {
 	stream pb.DRPCDebug_CollectRuntimeTracesStream
 }
@@ -59,3 +229,34 @@ func (s *streamWriter) Write(p []byte) (int, error) {
 	}
 	return len(p), nil
 }
+
+func makeTCPFlags(t *layers.TCP) (f uint32) {
+	if t.FIN {
+		f |= 0x0001
+	}
+	if t.SYN {
+		f |= 0x0002
+	}
+	if t.RST {
+		f |= 0x0004
+	}
+	if t.PSH {
+		f |= 0x0008
+	}
+	if t.ACK {
+		f |= 0x0010
+	}
+	if t.URG {
+		f |= 0x0020
+	}
+	if t.ECE {
+		f |= 0x0040
+	}
+	if t.CWR {
+		f |= 0x0080
+	}
+	if t.NS {
+		f |= 0x0100
+	}
+	return f
+}

debug/endpoint_test.go

@@ -6,6 +6,7 @@ package debug
 import (
 	"context"
 	"errors"
+	"io"
 	"runtime/trace"
 	"testing"
 
@@ -17,7 +18,7 @@ import (
 	"storj.io/drpc"
 )
 
-func TestRemoteDebugServer_Unauthenticated(t *testing.T) {
+func TestRemoteDebugServer_CollectRuntimeTraces_Unauthenticated(t *testing.T) {
 	endpoint := NewEndpoint(func(ctx context.Context) error {
 		return errors.New("unauthenticated")
 	})
@@ -26,7 +27,7 @@ func TestRemoteDebugServer_Unauthenticated(t *testing.T) {
 	require.Error(t, endpoint.CollectRuntimeTraces(nil, stream), "unauthenticated")
 }
 
-func TestRemoteDebugServer_SomeData(t *testing.T) {
+func TestRemoteDebugServer_CollectRuntimeTraces_SomeData(t *testing.T) {
 	if trace.IsEnabled() {
 		t.Skip("tracing already enabled")
 	} else if !traceEnabled {
@@ -54,15 +55,57 @@ func TestRemoteDebugServer_SomeData(t *testing.T) {
 	require.NotZero(t, len(stream.data))
 }
 
+func TestRemoteDebugServer_CollectRuntimeTraces2_Unauthenticated(t *testing.T) {
+	endpoint := NewEndpoint(func(ctx context.Context) error {
+		return errors.New("unauthenticated")
+	})
+
+	stream := newFakeStream(context.Background())
+	require.Error(t, endpoint.CollectRuntimeTraces2(stream), "unauthenticated")
+}
+
+func TestRemoteDebugServer_CollectRuntimeTraces2_SomeData(t *testing.T) {
+	if trace.IsEnabled() {
+		t.Skip("tracing already enabled")
+	} else if !traceEnabled {
+		t.Skip("tracing not enabled")
+	}
+
+	endpoint := NewEndpoint(func(ctx context.Context) error { return nil })
+
+	stream := newFakeStream(context.Background())
+
+	var group errgroup.Group
+	group.Go(func() error {
+		return endpoint.CollectRuntimeTraces2(stream)
+	})
+	group.Go(func() error {
+		<-stream.written.Done()
+		stream.InjectDone(true)
+		return nil
+	})
+	require.NoError(t, group.Wait())
+
+	require.NotZero(t, len(stream.data))
+}
+
 type fakeStream struct {
 	drpc.Stream // expected nil but just implements interface
 
 	ctx     context.Context
 	written sync2.Fence
 	data    []byte
+	reqs    chan bool
+}
+
+func newFakeStream(ctx context.Context) *fakeStream {
+	return &fakeStream{
+		ctx:  ctx,
+		reqs: make(chan bool),
+	}
 }
 
-func newFakeStream(ctx context.Context) *fakeStream { return &fakeStream{ctx: ctx} }
+func (f *fakeStream) InjectDone(done bool) { f.reqs <- done }
 
 func (f *fakeStream) Context() context.Context { return f.ctx }
 func (f *fakeStream) Send(m *pb.CollectRuntimeTracesResponse) error {
@@ -72,3 +115,10 @@ func (f *fakeStream) Send(m *pb.CollectRuntimeTracesResponse) error {
 	}
 	return nil
 }
+func (f *fakeStream) Recv() (*pb.CollectRuntimeTracesRequest, error) {
+	done, ok := <-f.reqs
+	if !ok {
+		return nil, io.EOF
+	}
+	return &pb.CollectRuntimeTracesRequest{Done: done}, nil
+}

go.mod

@@ -9,6 +9,7 @@ require (
 	github.com/calebcase/tmpfile v1.0.3
 	github.com/flynn/noise v1.0.0
 	github.com/gogo/protobuf v1.3.2
+	github.com/google/gopacket v1.1.19
 	github.com/google/pprof v0.0.0-20230602150820-91b7bce49751
 	github.com/jtolds/tracetagger/v2 v2.0.0-rc5
 	github.com/jtolio/crawlspace v0.0.0-20231116162947-3ec5cc6b36c5

go.sum

@@ -125,6 +125,8 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
+github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
+github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
 github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw=

pb/debug.pb.go

@@ -8,9 +8,11 @@ package debug;
 
 service Debug {
     rpc CollectRuntimeTraces(CollectRuntimeTracesRequest) returns (stream CollectRuntimeTracesResponse);
+    rpc CollectRuntimeTraces2(stream CollectRuntimeTracesRequest) returns (stream CollectRuntimeTracesResponse);
 }
 
 message CollectRuntimeTracesRequest {
+    bool done = 1;
 }
 
 message CollectRuntimeTracesResponse {