- Implemented Apache HTTP capture using recvfrom syscall (model identical to nginx)
- Added sys_enter_recvfrom + kretprobe __x64_sys_recvfrom approach
- Renamed Apache BPF maps (apache_http_pid_map, apache_http_recv_args_map) to avoid conflicts with nginx
- Added support for recvfrom and recvmsg syscalls (recvmsg support incomplete)
Test results:
- Rocky 9 (kernel 5.14): nginx HTTP capture works perfectly with full headers
- Rocky 10 (kernel 6.12): Apache HTTP capture NOT working (headers=0)
- CentOS 8 (kernel 4.18): Apache HTTP capture NOT working (headers=0)
Root cause: Apache event MPM uses async epoll model that doesn't trigger
recvfrom syscalls the same way as nginx. Further investigation needed
for Apache-specific capture methods.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
4d30d9a7cb