Hacker News new | past | comments | ask | show | jobs | submit login

Would love to see intrumentation without any code changes. Is it possible to write EBPF based tracers for JVM and Node/Python interpreters?

Co-founder/CEO of Pixie here.

EBPF allows you to access static tracepoints that are defined in many runtime, and can be used to capture information about the state of the runtime.

Since most VM’s/runtimes allow monkey patching you can usually get to the same level of information without using EBPF. We plan to add support for this in Pixie in the future and provide a seamless experience regardless of what underlying tracing technology is used.

Lots of good stuff from Brendan Gregg here: http://www.brendangregg.com/Slides/Velocity2017_BPF_superpow...

Great to see that zasgar. Monkey patching is pretty gnarly to replace functions at load time or in JVM/.NET CLR. Python is easier. Every version change, the monkey patch has to be updated. But you can get a lot of good value from it in the form of performance charts and call graphs of an application. It would be great value if you could reduce the gnarliness of the monkey patching work and possibly replace it with a simple configuration file. Have to look into eBPF in more detail.

Founding engineer at Pixie here.

To add to what zasgar mentioned, I just wanted to point out that our instrumentation-free approach does apply to JVM and Node/Python applications for many of the traces we gather. For example, we use EBPF to trace protocols like HTTP as the data passes through the kernel. By gathering the data in the kernel, these EBPF tracers are completely language agnostic.

What do you do for HTTPS which would be encrypted as it passes through the kernel and is only decrypted in the application process?

Great question. You're right that tracing in the kernel doesn't work for encrypted traffic (that means anything over TLS, including HTTPS). For encrypted connections, we still want to give the no-manual-instrumentation-required experience to our users, so what we do is trace the SSL/TLS library to capture the traffic. Right now, for example, we trace traffic going through OpenSSL. This has the benefit of covering a wide array of programs in different languages, including any dynamic languages that use OpenSSL. And we plan on adding more TLS libraries soon (e.g. GoTLS) to fill in the gaps.

We'll be publishing a blog post on this soon, so please stay tuned. In the meanwhile, this other post (https://docs.pixielabs.ai/tutorials/simple-go-tracing/) gives an idea of how one can use EBPF user-space probes to trace applications and system libraries.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact