Thanks to visit codestin.com
Credit goes to github.com

Skip to content

engine: support running ebpf programs at engine start #11548

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sipsma merged 1 commit into from
Jan 16, 2026
Merged

engine: support running ebpf programs at engine start #11548

sipsma merged 1 commit into from
Jan 16, 2026

Conversation

@sipsma
Copy link
Contributor

@sipsma sipsma commented Dec 10, 2025
edited
Loading

eBPF was crucial in debugging #11545 and #11556. It also has quite a bit of potential for future debugging, monitoring, performance analysis, and possibly even user facing features in terms of tracing (?)

Running it as a sidecar on my machine was very tedious, it's much nicer to have it in the engine itself and part of its logs. For the previous debugging I was shelling out to bpftrace, but getting that to build for wolfi was a nightmare and extremely slow, so trying out cilium/ebpf as a library directly.

  • Downside is that rather than the higher-level bpftrace script, we gotta write some C code (that compiles to ebpf, no CGo or anything needed)
  • Potential upsides in the long term are more flexibility and fine-grain control

LLMs (claude code + codex) seem to be consistently very good at converting "here's what I want to trace" into working ebpf programs. The two programs checked in here (ovl_inuse for debugging overlay in-use warnings + filetracer for tracing all file syscalls) were entirely written by them.

  • Included a engine/ebpf/AGENTS.md to help out more here
  • The idea generally speaking is that when debugging we can ask an LLM to update one of the existing progs or add a new one. On a case-by-case basis we can decide to check one in if it seems re-usable; but if the prog is one-off that's fine to just never merge.

We obviously don't want to always run these programs, currently they can be configured by:

  1. explicitly setting an env var on the engine DAGGER_EBPF_PROG_<prog name>=y (e.g. DAGGER_EBPF_PROG_FILETRACER=y)
    • names are defined and mapped to impl at top of cmd/engine/main.go
  2. If ExtraDebug is on, progs can be enabled by default by uncommenting entries in the defaultEbpfPrograms map at the top of cmd/engine/main.go
    • this is a little more convenient for local debugging since you're often changing code around anyways

Also added the ability to selectively enable progs per test workflow (add name of progs to new arg added in toolchains/test-split/engine-tests.gen.dang), which is useful when trying to debug CI-only flakes.

Overall the overhead of tracing seems to be extremely low. The filetracer prog that logs every file create/rename/delete/etc. doesn't seem to have much noticeable impact on test runtime (though the engine logs do have over 1 million lines)

@sipsma sipsma mentioned this pull request Dec 10, 2025
Merged
2 tasks
@sipsma sipsma force-pushed the ebpf-support branch 3 times, most recently from 51bc489 to b936616 Compare December 11, 2025 03:02
@github-actions
Copy link
Contributor

github-actions bot commented Dec 26, 2025

This PR is stale because it has been open 14 days with no activity. Remove stale label or comment or this will be closed in 7 days.

@sipsma sipsma removed the kind/stale label Dec 29, 2025
@sipsma sipsma force-pushed the ebpf-support branch 4 times, most recently from 30804f7 to baadbd7 Compare December 30, 2025 21:47
@sipsma sipsma marked this pull request as ready for review December 30, 2025 22:01
sipsma
sipsma commented Dec 30, 2025
View reviewed changes
modules/alpine/main.go
"glibc=2.42-r0",
"ld-linux=2.42-r0",
"libcrypt1=2.42-r0",
"busybox",
Copy link
Contributor Author

@sipsma sipsma Dec 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is technically tangential, but I needed it at various times to install some packages successfully. The workaround was added prior to when we bumped our go-apk dependency which fixed a ton of bugs. Won't be sure until we try but I'm hoping we may now longer need this workaround 🤞

@sipsma sipsma requested a review from a team December 30, 2025 22:04
@sipsma sipsma mentioned this pull request Dec 30, 2025
Closed
@sipsma sipsma force-pushed the ebpf-support branch 3 times, most recently from c7347e9 to 20782ba Compare January 15, 2026 22:01
alexcb
alexcb approved these changes Jan 15, 2026
View reviewed changes
Copy link
Collaborator

@alexcb alexcb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks pretty useful! I'm not that familar with eBPFs, so take my +1 with a grain of salt :)

@sipsma sipsma force-pushed the ebpf-support branch 3 times, most recently from 91bd4c5 to 7e38d01 Compare January 15, 2026 23:51
@sipsma sipsma merged commit e397a64 into dagger:main Jan 16, 2026
50 of 51 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexcb alexcb alexcb approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sipsma @alexcb