Socket tracker for L7 context propagation

[grcevski]

This PR adds L7 context propagation by leveraging a socket map. The code runs as follows:

1. We add a sock_ops program which monitors for new sockets established. These sockets are stored in a sockhash map, using our connection info as a key. We mitigate finding already established sockets in TC by using the fact that sockmaps can also be manipulated directly with bpf_map_update_elem. See patch https://lore.kernel.org/bpf/[email protected]/.
2. We add a sock_msg program which detects ongoing outgoing http requests and extends the packet to add the missing header space. This program cannot write BPF memory (unless we use the undesirable bpf_probe_write_mem), so we only extend the packet and record metadata. This is the recommended approach based on the BPF docs.
3. In TC we look up the metadata and write the 'traceparent' value.

The writing of the memory in TC is very complex and I'm not certain it needs to be. Essentially, in all my experiments the adding of extra memory in sock_msg results in separate unique empty TCP packet of the exact size. We cover this case in the "fast path". If we can confirm by reading the kernel code that this will always be the case we can remove the written accounting and the custom memcpy I added.

I hit issues with the verifier about the handling of IPv6. It worked on my small prototype, but not when I merged the code in Beyla. We need to fix this.

Note: BEYLA_BPF_TC_CP enables now both L4 and L7 context propagation.

TODO:

• Fix support for IPv6
• Understand if we can safely rely on separate TCP packet for the newly added space and remove the memory write complexity.
• Document the code
• Tests (we now should be able to enable the skipped test with Docker compose)

[codecov]

Codecov Report

Attention: Patch coverage is 64.55696% with 28 lines in your changes missing coverage. Please review.

Project coverage is 72.28%. Comparing base (5998c47) to head (c8ede64).
Report is 11 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/internal/ebpf/instrumenter.go	71.42%	8 Missing and 4 partials ⚠️
pkg/internal/ebpf/common/common_linux.go	0.00%	8 Missing ⚠️
pkg/internal/ebpf/tracer_linux.go	0.00%	6 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1377      +/-   ##
==========================================
+ Coverage   72.09%   72.28%   +0.19%     
==========================================
  Files         144      146       +2     
  Lines       14586    14832     +246     
==========================================
+ Hits        10516    10722     +206     
- Misses       3373     3398      +25     
- Partials      697      712      +15     

Flag	Coverage Δ
integration-test	58.32% <12.65%> (-0.69%)	⬇️
k8s-integration-test	59.95% <64.55%> (+0.63%)	⬆️
oats-test	33.96% <10.12%> (-0.45%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

---

🚨 Try these New Features:

• Flaky Tests Detection - Detect and resolve failed and flaky tests
• JS Bundle Analysis - Avoid shipping oversized bundles