-
Notifications
You must be signed in to change notification settings - Fork 376
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add bidirectional packet capture #6882
base: main
Are you sure you want to change the base?
Conversation
Signed-off-by: Aryan Bakliwal <[email protected]>
Signed-off-by: Aryan Bakliwal <[email protected]>
@hangyan please let me know what you think about this |
…antrea-io#6877) Bumps the golang-org-x group with 1 update: [golang.org/x/net](https://github.com/golang/net). Updates `golang.org/x/net` from 0.32.0 to 0.33.0 - [Commits](golang/net@v0.32.0...v0.33.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-org-x ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…oup (antrea-io#6880) Bumps the ginkgo group with 1 update: [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo). Updates `github.com/onsi/ginkgo/v2` from 2.22.0 to 2.22.1 - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](onsi/ginkgo@v2.22.0...v2.22.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ginkgo ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Aryan Bakliwal <[email protected]>
Hey @hangyan @antoninbas, I made the changes in the bpf code according to the one generated by tcpdump. When I try to test the bidirectional packet capture, it fails with this log
Could you please take a look and help me identify what might be going wrong? Also, golangci-lint is giving me this error even though I have changed the
|
this error was reported by golangci on windows, we have a |
Signed-off-by: Aryan Bakliwal <[email protected]>
I’ve added the Please let me know if any adjustments are needed or if there's anything else I should update or add. Captured packets |
// (006) ld [30] # Load 4B at 30 (dest address) | ||
// (007) jeq #0xaf40103 jt 8 jf 26 # If bytes match(10.244.0.3), goto #8, else #26 | ||
// (008) ldh [20] # Load 2B at 20 (13b Fragment Offset) | ||
// (009) jset #0x1fff jt 26 jf 10 # Use 0x1fff as a mask for fragment offset; If fragment offset != 0, #10, else #26 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe align the comments after #
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sure
@@ -134,18 +122,96 @@ func compilePacketFilter(packetSpec *crdv1alpha1.Packet, srcIP, dstIP net.IP) [] | |||
} | |||
} | |||
|
|||
// source ip |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the future we may also support tcp flags and other layer4 configs, if that happens, we should consider make the current code structure more modularized, or it would be extremely hard to extend this function . This won't be easy but i suggest to review this part and see if we can do better.
not sure if we can separate the ip section and ports section apart, call sub functions to calculate their instruments size and sums up.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll try my best to improve the code structure and explore separating the IP and port sections as suggested
}, | ||
{ | ||
name: "with-proto-port-and-Both", | ||
srcIP: net.ParseIP("127.0.0.1"), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
better to add a test case for only have dstPort
and Both
, that's the real world case as client port is always random.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
makes sense, will add this test case
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could we add an e2e test with the Both
direction?
srcAddrVal := binary.BigEndian.Uint32(srcIP[len(srcIP)-4:]) | ||
dstAddrVal := binary.BigEndian.Uint32(dstIP[len(dstIP)-4:]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure I understand this change. Isn't it possible for srcIP
and dstIP
to be nil?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the current spec enforced srcIP
and dstIP
both cannot be nil, because either Pod or IP will present. It cloud be pretty easy to remove the restrictions in the crd spec and do a little tweak to make this work.(no the target of the PR)
const ( | ||
SourceToDestination CaptureDirection = "SourceToDestination" | ||
DestinationToSource CaptureDirection = "DestinationToSource" | ||
Both CaptureDirection = "Both" | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
const ( | |
SourceToDestination CaptureDirection = "SourceToDestination" | |
DestinationToSource CaptureDirection = "DestinationToSource" | |
Both CaptureDirection = "Both" | |
) | |
const ( | |
CaptureDirectionSourceToDestination CaptureDirection = "SourceToDestination" | |
CaptureDirectionDestinationToSource CaptureDirection = "DestinationToSource" | |
CaptureDirectionBoth CaptureDirection = "Both" | |
) |
direction: | ||
type: string | ||
enum: ["SourceToDestination", "DestinationToSource", "Both"] | ||
default: "SourceToDestination" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you seem to have made that change manually, which is not correct
the source of truth is build/charts/antrea/crds/packetcapture.yaml
. You need to edit that file and run make manifest
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the clarification, I'll make the changes in the correct files and regenerate the manifests.
fixes: #6862
Added
bidirectional
field in packet capture CR spec.For testing, I created two pods and pinged one from the other.
Screenshot of the
.pcapng
output file.