@dglaubman found that recent versions of Docker for Mac (Docker version
18.03.0-ce, build 0520e24) don't write out
${HOME}/Library/Containers/com.docker.docker/Data/database any more.
@foot confirmed this. A fresh installation of Docker for Mac (Version
18.03.0-ce-mac60 (23751), Channel: stable) did not create the file.
The result was that installations which had this leftover file could start
scope, whereas newer couldn't. The fix simply changes this check to a path
which actually exists.
Thanks @dglaubman and @foot for the analysis and confirmation.
Fixes#3064
and not all the help, version, etc, etc docker runs.
In particular this allows passing `--restart=...` in
WEAVESCOPE_DOCKER_ARGS. Previously that would break since the
non-probe/app docker runs supply `--rm` (as they should) which is
incompatible with restart settings.
when app.http.address is specified. Instead just tell the user that
scope is reachable where they said.
Also, complain when the address is specified on D4M since there are
a bunch of hard-coded port 4040 in place for that.
Fixes#1190.
`launch` first does a `scope --dry-run` to parse and validate Scope
cmdline arguments before starting the main Scope container and
processes. Use the same Docker args for the dry run to make sure the
container has the same privileges and mount points. Otherwise valid
`$WEAVESCOPE_DOCKER_ARGS` might fail here.
Based on work from Lorenzo, updated by Iago, Alban, Alessandro and
Michael.
This PR adds connection tracking using eBPF. This feature is not enabled by default.
For now, you can enable it by launching scope with the following command:
```
sudo ./scope launch --probe.ebpf.connections=true
```
This patch allows scope to get notified of every connection event,
without relying on the parsing of /proc/$pid/net/tcp{,6} and
/proc/$pid/fd/*, and therefore improve performance.
We vendor https://github.com/iovisor/gobpf in Scope to load the
pre-compiled ebpf program and https://github.com/weaveworks/tcptracer-bpf
to guess the offsets of the structures we need in the kernel. In this
way we don't need a different pre-compiled ebpf object file per kernel.
The pre-compiled ebpf program is included in the vendoring of
tcptracer-bpf.
The ebpf program uses kprobes/kretprobes on the following kernel functions:
- tcp_v4_connect
- tcp_v6_connect
- tcp_set_state
- inet_csk_accept
- tcp_close
It generates "connect", "accept" and "close" events containing the
connection tuple but also pid and netns.
Note: the IPv6 events are not supported in Scope and thus not passed on.
probe/endpoint/ebpf.go maintains the list of connections. Similarly to
conntrack, it also keeps the dead connections for one iteration in order
to report short-lived connections.
The code for parsing /proc/$pid/net/tcp{,6} and /proc/$pid/fd/* is still
there and still used at start-up because eBPF only brings us the events
and not the initial state. However, the /proc parsing for the initial
state is now done in foreground instead of background, via
newForegroundReader().
NAT resolution on connections from eBPF works in the same way as it did
on connections from /proc: by using conntrack. One of the two conntrack
instances is only started to get the initial state and then it is
stopped since eBPF detects short-lived connections.
The Scope Docker image size comparison:
- weaveworks/scope in current master: 22 MB (compressed), 68 MB
(uncompressed)
- weaveworks/scope with this patchset: 23 MB (compressed), 69 MB
(uncompressed)
Fixes#1168 (walking /proc to obtain connections is very expensive)
Fixes#1260 (Short-lived connections not tracked for containers in
shared networking namespaces)
Fixes#1962 (Port ebpf tracker to Go)
Fixes#1961 (Remove runtime kernel header dependency from ebpf tracker)
Symptoms: the Scope URL are printed this way:
```
Weave Scope is reachable at the following URL(s):
* http://10.2.2.1
172.16.28.1
172.16.28.1
192.168.99.1
192.168.35.117
172.16.28.1
172.16.28.1
192.168.122.1:4040/
```
Regression from https://github.com/weaveworks/scope/pull/2068
Instead of different usage info for "scope help", show the same always.
Also correct it for what the script actually does,
and always display the scope binary args.
As indicated by the TODO, any args passed into the command do not get escaped
when output, so for example:
scope command "foo bar"
would output results like:
foo bar
instead of
"foo bar"
or
foo\ bar
The "right" way to do this seems to be printf %q, which prints a quoted version of the string.
However this format specifier is not available in POSIX sh (though it does work in many
implementations of it, such as the ones provided by bash which make up the likely majority of
real-world usage).
This code is a compromise that uses the added functionality where available,
while still falling back to the old behaviour when it isn't.
By far the majority of these were variables which were not quoted.
While, yes, right now we can guarentee most of these variables will never contain spaces,
this could someday change and applying quoting as a universal rule prevents future mistakes.
The ARGS="$@" -> "$*" change is purely stylistic and mainly is used to indicate the intent that
we actually wanted to concatenate all the args by spaces, not keep them seperated as "$@" would
in many situations, but not this one.
Several warnings remain, in places where we intentionally want to split a variable on whitespace,
or otherwise do what shellcheck is warning us against.
Of note is shellcheck warning SC2166, which says to prefer [ foo ] || [ bar ] over [ foo -o bar ]
as the -a and -o flags have differing behaviour on some systems.
I've opted to keep these for now, since the version check test command would need to be replaced by
a LOT of subshells to achieve the same effect, which feels dirtier.
