Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Fix] Fix local connection can't be identified issue #43

Merged
merged 2 commits into from
Sep 15, 2024
Merged

[Fix] Fix local connection can't be identified issue #43

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9446ab1
[Fix] Fix npe
hengyoush Sep 15, 2024
8bf9dc3
[Fix] fix local to local connection issue
hengyoush Sep 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 22 additions & 22 deletions agent/agent_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -206,7 +206,7 @@ func TestRead(t *testing.T) {
conn := connManager.FindConnection4Exactly(syscallEvent.SyscallEvent.Ke.ConnIdS.TgidFd)
AssertSyscallEventData(t, syscallEvent, SyscallDataEventAssertConditions{
KernDataEventAssertConditions: KernDataEventAssertConditions{
connIdDirect: bpf.AgentTrafficDirectionTKIngress,
direct: Ingress,
pid: uint64(os.Getpid()),
fd: uint32(conn.TgidFd),
funcName: "syscall",
Expand Down Expand Up @@ -267,7 +267,7 @@ func TestRecvFrom(t *testing.T) {
conn := connManager.FindConnection4Exactly(syscallEvent.SyscallEvent.Ke.ConnIdS.TgidFd)
AssertSyscallEventData(t, syscallEvent, SyscallDataEventAssertConditions{
KernDataEventAssertConditions: KernDataEventAssertConditions{
connIdDirect: bpf.AgentTrafficDirectionTKIngress,
direct: Ingress,
pid: uint64(os.Getpid()),
fd: uint32(conn.TgidFd),
funcName: "syscall",
Expand Down Expand Up @@ -332,7 +332,7 @@ func TestReadv(t *testing.T) {
for index, syscallEvent := range syscallEvents {
AssertSyscallEventData(t, syscallEvent, SyscallDataEventAssertConditions{
KernDataEventAssertConditions: KernDataEventAssertConditions{
connIdDirect: bpf.AgentTrafficDirectionTKIngress,
direct: Ingress,
pid: uint64(os.Getpid()),
fd: uint32(conn.TgidFd),
funcName: "syscall",
Expand Down Expand Up @@ -399,7 +399,7 @@ func TestRecvmsg(t *testing.T) {
for index, syscallEvent := range syscallEvents {
AssertSyscallEventData(t, syscallEvent, SyscallDataEventAssertConditions{
KernDataEventAssertConditions: KernDataEventAssertConditions{
connIdDirect: bpf.AgentTrafficDirectionTKIngress,
direct: Ingress,
pid: uint64(os.Getpid()),
fd: uint32(conn.TgidFd),
ignoreFuncName: true,
Expand Down Expand Up @@ -462,7 +462,7 @@ func TestWrite(t *testing.T) {
conn := connManager.FindConnection4Exactly(syscallEvent.SyscallEvent.Ke.ConnIdS.TgidFd)
AssertSyscallEventData(t, syscallEvent, SyscallDataEventAssertConditions{
KernDataEventAssertConditions: KernDataEventAssertConditions{
connIdDirect: bpf.AgentTrafficDirectionTKEgress,
direct: Egress,
pid: uint64(os.Getpid()),
fd: uint32(conn.TgidFd),
funcName: "syscall",
Expand Down Expand Up @@ -523,7 +523,7 @@ func TestSendto(t *testing.T) {
conn := connManager.FindConnection4Exactly(syscallEvent.SyscallEvent.Ke.ConnIdS.TgidFd)
AssertSyscallEventData(t, syscallEvent, SyscallDataEventAssertConditions{
KernDataEventAssertConditions: KernDataEventAssertConditions{
connIdDirect: bpf.AgentTrafficDirectionTKEgress,
direct: Egress,
pid: uint64(os.Getpid()),
fd: uint32(conn.TgidFd),
funcName: "syscall",
Expand Down Expand Up @@ -586,7 +586,7 @@ func TestWritev(t *testing.T) {
for index, syscallEvent := range syscallEvents {
AssertSyscallEventData(t, syscallEvent, SyscallDataEventAssertConditions{
KernDataEventAssertConditions: KernDataEventAssertConditions{
connIdDirect: bpf.AgentTrafficDirectionTKEgress,
direct: Egress,
pid: uint64(os.Getpid()),
fd: uint32(conn.TgidFd),
funcName: "syscall",
Expand Down Expand Up @@ -650,7 +650,7 @@ func TestSendMsg(t *testing.T) {
seq := uint64(1)
for index, syscallEvent := range syscallEvents {
AssertSyscallEventData(t, syscallEvent, SyscallDataEventAssertConditions{
KernDataEventAssertConditions: KernDataEventAssertConditions{connIdDirect: bpf.AgentTrafficDirectionTKEgress,
KernDataEventAssertConditions: KernDataEventAssertConditions{direct: Egress,
pid: uint64(os.Getpid()),
fd: uint32(conn.TgidFd),
ignoreFuncName: true,
Expand Down Expand Up @@ -762,10 +762,10 @@ func TestIpXmit(t *testing.T) {
FindInterestedKernEventOptions{
findDataLenGtZeroEvent: true,
findByDirect: true,
direct: bpf.AgentTrafficDirectionTKEgress,
direct: Egress,
}, KernDataEventAssertConditions{

connIdDirect: bpf.AgentTrafficDirectionTKEgress,
direct: Egress,
pid: uint64(os.Getpid()),
funcName: "ip_queue_xmit",
ignoreFuncName: true,
Expand All @@ -792,12 +792,12 @@ func TestDevQueueXmit(t *testing.T) {
FindInterestedKernEventOptions{
findDataLenGtZeroEvent: true,
findByDirect: true,
direct: bpf.AgentTrafficDirectionTKEgress,
direct: Egress,
findByStep: true,
step: bpf.AgentStepTQDISC_OUT,
}, KernDataEventAssertConditions{

connIdDirect: bpf.AgentTrafficDirectionTKEgress,
direct: Egress,
pid: uint64(os.Getpid()),
funcName: "dev_queue_xmit",
ignoreFuncName: true,
Expand All @@ -824,12 +824,12 @@ func TestDevHardStartXmit(t *testing.T) {
FindInterestedKernEventOptions{
findDataLenGtZeroEvent: true,
findByDirect: true,
direct: bpf.AgentTrafficDirectionTKEgress,
direct: Egress,
findByStep: true,
step: bpf.AgentStepTDEV_OUT,
}, KernDataEventAssertConditions{

connIdDirect: bpf.AgentTrafficDirectionTKEgress,
direct: Egress,
pid: uint64(os.Getpid()),
funcName: "dev_hard_start",
ignoreFuncName: true,
Expand Down Expand Up @@ -860,12 +860,12 @@ func TestTracepointNetifReceiveSkb(t *testing.T) {
FindInterestedKernEventOptions{
findDataLenGtZeroEvent: true,
findByDirect: true,
direct: bpf.AgentTrafficDirectionTKIngress,
direct: Ingress,
findByStep: true,
step: bpf.AgentStepTDEV_IN,
}, KernDataEventAssertConditions{

connIdDirect: bpf.AgentTrafficDirectionTKIngress,
direct: Ingress,
pid: uint64(os.Getpid()),
funcName: "netif_receive_skb",
ignoreFuncName: true,
Expand Down Expand Up @@ -903,12 +903,12 @@ func TestIpRcvCore(t *testing.T) {
FindInterestedKernEventOptions{
findDataLenGtZeroEvent: true,
findByDirect: true,
direct: bpf.AgentTrafficDirectionTKIngress,
direct: Ingress,
findByStep: true,
step: bpf.AgentStepTIP_IN,
}, KernDataEventAssertConditions{

connIdDirect: bpf.AgentTrafficDirectionTKIngress,
direct: Ingress,
pid: uint64(os.Getpid()),
funcName: "ip_rcv_core",
ignoreFuncName: true,
Expand Down Expand Up @@ -943,12 +943,12 @@ func TestTcpV4DoRcv(t *testing.T) {
FindInterestedKernEventOptions{
findDataLenGtZeroEvent: true,
findByDirect: true,
direct: bpf.AgentTrafficDirectionTKIngress,
direct: Ingress,
findByStep: true,
step: bpf.AgentStepTTCP_IN,
}, KernDataEventAssertConditions{

connIdDirect: bpf.AgentTrafficDirectionTKIngress,
direct: Ingress,
pid: uint64(os.Getpid()),
funcName: "tcp_v4_do_rcv",
ignoreFuncName: true,
Expand Down Expand Up @@ -983,12 +983,12 @@ func TestSkbCopyDatagramIter(t *testing.T) {
FindInterestedKernEventOptions{
findDataLenGtZeroEvent: true,
findByDirect: true,
direct: bpf.AgentTrafficDirectionTKIngress,
direct: Ingress,
findByStep: true,
step: bpf.AgentStepTUSER_COPY,
}, KernDataEventAssertConditions{

connIdDirect: bpf.AgentTrafficDirectionTKIngress,
direct: Ingress,
pid: uint64(os.Getpid()),
funcName: "skb_copy_datagr",
ignoreFuncName: true,
Expand Down
13 changes: 8 additions & 5 deletions agent/agent_utils_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ func StartAgent(bpfAttachFunctions []bpf.AttachBpfProgFunction,
cmd.FilterPid = int64(pid)
cmd.DefaultLogLevel = int32(logrus.DebugLevel)
cmd.Debug = true
cmd.InitLog()
agent.SetupAgent(agent.AgentOptions{
Stopper: agentStopper,
LoadBpfProgramFunction: func(objs interface{}) *list.List {
Expand Down Expand Up @@ -165,7 +166,7 @@ func AssertConnEvent(t *testing.T, connectEvent bpf.AgentConnEvtT, assert ConnEv

type KernDataEventAssertConditions struct {
ignoreConnIdDirect bool
connIdDirect bpf.AgentTrafficDirectionT
direct int
ignorePid bool
pid uint64
ignoreFd bool
Expand All @@ -190,9 +191,8 @@ type SyscallDataEventAssertConditions struct {

func AssertKernEvent(t *testing.T, kernEvt *bpf.AgentKernEvt, conditions KernDataEventAssertConditions) {
connId := kernEvt.ConnIdS
direct := connId.Direct
if !conditions.ignoreConnIdDirect {
assert.Equal(t, conditions.connIdDirect, direct)
assert.Equal(t, conditions.direct == Egress, kernEvt.Step <= bpf.AgentStepTNIC_IN)
}
pid := connId.TgidFd >> 32
if !conditions.ignorePid {
Expand Down Expand Up @@ -264,14 +264,17 @@ type FindInterestedSyscallEventOptions struct {
connEventList []bpf.AgentConnEvtT
}

var Egress int = 0
var Ingress int = 1

type FindInterestedKernEventOptions struct {
findByRemotePort bool
remotePort uint16
findByLocalPort bool
localPort uint16
findDataLenGtZeroEvent bool
findByDirect bool
direct bpf.AgentTrafficDirectionT
direct int // 0-出 1-入
findByFuncName bool
funcName string
throw bool
Expand Down Expand Up @@ -360,7 +363,7 @@ func findInterestedKernEvents(t *testing.T, kernEventList []bpf.AgentKernEvt, op
if options.findDataLenGtZeroEvent && each.Len == 0 {
continue
}
if options.findByDirect && options.direct != each.ConnIdS.Direct {
if options.findByDirect && (options.direct == 0) != (each.Step <= bpf.AgentStepTNIC_OUT) {
continue
}
eventFuncName := common.Int8ToStr(each.FuncName[:])
Expand Down
10 changes: 5 additions & 5 deletions agent/analysis/stat.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -169,8 +169,8 @@ func (s *StatRecorder) ReceiveRecord(r protocol.Record, connection *conn.Connect
}

var writeSyscallEvents, readSyscallEvents, devOutSyscallEvents, nicIngressEvents, userCopyEvents, tcpInEvents []conn.KernEvent
egressMessage := getParsedMessageBySide(r, connection.IsServerSide(), bpf.AgentTrafficDirectionTKEgress)
ingressMessage := getParsedMessageBySide(r, connection.IsServerSide(), bpf.AgentTrafficDirectionTKIngress)
egressMessage := getParsedMessageBySide(r, connection.IsServerSide(), DirectEgress)
ingressMessage := getParsedMessageBySide(r, connection.IsServerSide(), DirectIngress)
writeSyscallEvents = streamEvents.FindAndRemoveEventsBySeqAndLen(bpf.AgentStepTSYSCALL_OUT, egressMessage.Seq(), egressMessage.ByteSize())
readSyscallEvents = streamEvents.FindAndRemoveEventsBySeqAndLen(bpf.AgentStepTSYSCALL_IN, ingressMessage.Seq(), ingressMessage.ByteSize())
devOutSyscallEvents = streamEvents.FindAndRemoveEventsBySeqAndLen(bpf.AgentStepTDEV_OUT, egressMessage.Seq(), egressMessage.ByteSize())
Expand Down Expand Up @@ -279,15 +279,15 @@ func KernEventsToEventDetails[k PacketEventDetail | SyscallEventDetail | NicEven
return result
}

func getParsedMessageBySide(r protocol.Record, IsServerSide bool, direct bpf.AgentTrafficDirectionT) protocol.ParsedMessage {
func getParsedMessageBySide(r protocol.Record, IsServerSide bool, direct DirectEnum) protocol.ParsedMessage {
if !IsServerSide {
if direct == bpf.AgentTrafficDirectionTKEgress {
if direct == DirectEgress {
return r.Request()
} else {
return r.Response()
}
} else {
if direct == bpf.AgentTrafficDirectionTKEgress {
if direct == DirectEgress {
return r.Response()
} else {
return r.Request()
Expand Down
4 changes: 2 additions & 2 deletions agent/conn/conntrack.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -439,9 +439,9 @@ func isReq(conn *Connection4, event *bpf.AgentKernEvt) (bool, bool) {
}
var isReq bool
if !conn.IsServerSide() {
isReq = event.ConnIdS.Direct == bpf.AgentTrafficDirectionTKEgress
isReq = event.Step <= bpf.AgentStepTNIC_OUT
} else {
isReq = event.ConnIdS.Direct == bpf.AgentTrafficDirectionTKIngress
isReq = event.Step >= bpf.AgentStepTNIC_IN
}
return isReq, true
}
Expand Down
4 changes: 2 additions & 2 deletions agent/conn/processor.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -226,8 +226,8 @@ func (p *Processor) run() {
conn.ToString(), event.Seq, event.Len,
common.DisplayTcpFlags(event.Flags))
} else {
common.BPFEventLog.Debugf("[data no conn][func=%s][ts=%d][%s]%s | %d:%d flags:%s\n", common.Int8ToStr(event.FuncName[:]), event.Ts, bpf.StepCNNames[event.Step],
conn.ToString(), event.Seq, event.Len,
common.BPFEventLog.Debugf("[data no conn][func=%s][ts=%d][%s] | %d:%d flags:%s\n", common.Int8ToStr(event.FuncName[:]), event.Ts, bpf.StepCNNames[event.Step],
event.Seq, event.Len,
common.DisplayTcpFlags(event.Flags))
}
if event.Len > 0 && conn != nil && conn.Protocol != bpf.AgentTrafficProtocolTKProtocolUnknown {
Expand Down
3 changes: 1 addition & 2 deletions bpf/agent_x86_bpfel.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 1 addition & 2 deletions bpf/agentold_x86_bpfel.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Binary file modified bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-23-generic.btf
View file
Open in desktop
Binary file not shown.
Binary file modified bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-25-generic.btf
View file
Open in desktop
Binary file not shown.
Binary file modified bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-28-generic.btf
View file
Open in desktop
Binary file not shown.
Binary file modified bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-29-generic.btf
View file
Open in desktop
Binary file not shown.
Binary file modified bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-33-generic.btf
View file
Open in desktop
Binary file not shown.
Binary file modified bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-34-generic.btf
View file
Open in desktop
Binary file not shown.
Binary file modified bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-36-generic.btf
View file
Open in desktop
Binary file not shown.
Binary file modified bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-38-generic.btf
View file
Open in desktop
Binary file not shown.
Binary file modified bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-40-generic.btf
View file
Open in desktop
Binary file not shown.
Binary file modified bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-41-generic.btf
View file
Open in desktop
Binary file not shown.
Binary file modified bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-43-generic.btf
View file
Open in desktop
Binary file not shown.
Binary file modified bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-44-generic.btf
View file
Open in desktop
Binary file not shown.
Binary file modified bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-45-generic.btf
View file
Open in desktop
Binary file not shown.
Binary file modified bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-48-generic.btf
View file
Open in desktop
Binary file not shown.
Binary file modified bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-49-generic.btf
View file
Open in desktop
Binary file not shown.
Binary file modified bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-50-generic.btf
View file
Open in desktop
Binary file not shown.
Binary file modified bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-53-generic.btf
View file
Open in desktop
Binary file not shown.
Binary file modified bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-55-generic.btf
View file
Open in desktop
Binary file not shown.
Binary file modified bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-59-generic.btf
View file
Open in desktop
Binary file not shown.
Binary file modified bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-63-generic.btf
View file
Open in desktop
Binary file not shown.
Loading
Loading