diff --git a/pkg/plugin/conntrack/_cprog/conntrack.c b/pkg/plugin/conntrack/_cprog/conntrack.c index dc05f1c64e..ad17ebb90b 100644 --- a/pkg/plugin/conntrack/_cprog/conntrack.c +++ b/pkg/plugin/conntrack/_cprog/conntrack.c @@ -7,6 +7,7 @@ #include "compiler.h" #include "bpf_helpers.h" #include "conntrack.h" +#include "string.h" struct tcpmetadata { __u32 seq; // TCP sequence number @@ -16,19 +17,23 @@ struct tcpmetadata { }; struct conntrackmetadata { - __u8 traffic_direction; // This is the inital direction of the connection. It is set to egress if the connection is initiated from the host and ingress otherwise. /* bytes_*_count indicates the number of bytes sent and received in the forward and reply direction. - These will be reset to 0 every time an event is reported. + These values will be based on the conntrack entry. */ __u64 bytes_forward_count; __u64 bytes_reply_count; /* packets_*_count indicates the number of packets sent and received in the forward and reply direction. - These will be reset to 0 every time an event is reported. + These values will be based on the conntrack entry. */ __u64 packets_forward_count; __u64 packets_reply_count; + /* + This is the inital direction of the connection. + It is set to egress if the connection is initiated from the host and ingress otherwise. + */ + __u8 traffic_direction; }; struct packet @@ -84,18 +89,7 @@ struct ct_entry { * before retina deployment and the SYN packet was not captured. */ bool is_direction_unknown; - /* - bytes_*_count indicates the number of bytes sent and received in the forward and reply direction. - These will be reset to 0 every time an event is reported. - */ - __u64 bytes_forward_count; - __u64 bytes_reply_count; - /* - packets_*_count indicates the number of packets sent and received in the forward and reply direction. - These will be reset to 0 every time an event is reported. - */ - __u64 packets_forward_count; - __u64 packets_reply_count; + struct conntrackmetadata conntrack_metadata; }; struct { @@ -154,19 +148,18 @@ static __always_inline bool _ct_create_new_tcp_connection(struct packet *p, stru new_value.flags_seen_tx_dir = p->flags; new_value.is_direction_unknown = false; new_value.traffic_direction = _ct_get_traffic_direction(observation_point); - new_value.packets_forward_count = 1; - new_value.bytes_forward_count = p->bytes; + new_value.conntrack_metadata.packets_forward_count = 1; + new_value.conntrack_metadata.bytes_forward_count = p->bytes; + // The initial SYN is captured. Set the traffic direction of the connection. + // This is important for the case where the SYN packet is not captured + // and the connection is created with unknown direction. + new_value.conntrack_metadata.traffic_direction = new_value.traffic_direction; bpf_map_update_elem(&retina_conntrack, &key, &new_value, BPF_ANY); // Update packet p->is_reply = false; p->traffic_direction = new_value.traffic_direction; // Update initial conntrack metadata for the connection. - p->conntrack_metadata.bytes_forward_count = new_value.packets_forward_count; - p->conntrack_metadata.packets_forward_count = new_value.bytes_forward_count; - // The initial SYN is captured. Set the traffic direction of the connection. - // This is important for the case where the SYN packet is not captured - // and the connection is created with unknown direction. - p->conntrack_metadata.traffic_direction = new_value.traffic_direction; + memcpy(&p->conntrack_metadata, &new_value.conntrack_metadata, sizeof(struct conntrackmetadata)); return true; } @@ -188,16 +181,14 @@ static __always_inline bool _ct_handle_udp_connection(struct packet *p, struct c new_value.flags_seen_tx_dir = p->flags; new_value.last_report_tx_dir = now; new_value.traffic_direction = _ct_get_traffic_direction(observation_point); - new_value.packets_forward_count = 1; - new_value.bytes_forward_count = p->bytes; + new_value.conntrack_metadata.packets_forward_count = 1; + new_value.conntrack_metadata.bytes_forward_count = p->bytes; bpf_map_update_elem(&retina_conntrack, &key, &new_value, BPF_ANY); // Update packet p->is_reply = false; p->traffic_direction = new_value.traffic_direction; // Update packet's conntrack metadata. - p->conntrack_metadata.bytes_forward_count = new_value.bytes_forward_count; - p->conntrack_metadata.packets_forward_count = new_value.packets_forward_count; - p->conntrack_metadata.traffic_direction = new_value.traffic_direction; + memcpy(&p->conntrack_metadata, &new_value.conntrack_metadata, sizeof(struct conntrackmetadata));; return true; } @@ -236,22 +227,19 @@ static __always_inline bool _ct_handle_tcp_connection(struct packet *p, struct c p->is_reply = true; new_value.flags_seen_rx_dir = p->flags; new_value.last_report_rx_dir = now; - new_value.bytes_reply_count = p->bytes; - new_value.packets_reply_count = 1; + new_value.conntrack_metadata.bytes_reply_count = p->bytes; + new_value.conntrack_metadata.packets_reply_count = 1; bpf_map_update_elem(&retina_conntrack, &reverse_key, &new_value, BPF_ANY); } else { // Otherwise, the packet is considered as a packet in the send direction. p->is_reply = false; new_value.flags_seen_tx_dir = p->flags; new_value.last_report_tx_dir = now; - new_value.bytes_forward_count = p->bytes; - new_value.packets_forward_count = 1; + new_value.conntrack_metadata.bytes_forward_count = p->bytes; + new_value.conntrack_metadata.packets_forward_count = 1; bpf_map_update_elem(&retina_conntrack, &key, &new_value, BPF_ANY); } // Update packet's conntrack metadata. - p->conntrack_metadata.bytes_forward_count = new_value.bytes_forward_count; - p->conntrack_metadata.bytes_reply_count = new_value.bytes_reply_count; - p->conntrack_metadata.packets_forward_count = new_value.packets_forward_count; - p->conntrack_metadata.packets_reply_count = new_value.packets_reply_count; + memcpy(&p->conntrack_metadata, &new_value.conntrack_metadata, sizeof(struct conntrackmetadata)); return true; } @@ -371,11 +359,10 @@ static __always_inline __attribute__((unused)) bool ct_process_packet(struct pac p->is_reply = false; p->traffic_direction = entry->traffic_direction; // Update packet count and bytes count on conntrack entry. - WRITE_ONCE(entry->packets_forward_count, READ_ONCE(entry->packets_forward_count) + 1); - WRITE_ONCE(entry->bytes_forward_count, READ_ONCE(entry->bytes_forward_count) + p->bytes); + WRITE_ONCE(entry->conntrack_metadata.packets_forward_count, READ_ONCE(entry->conntrack_metadata.packets_forward_count) + 1); + WRITE_ONCE(entry->conntrack_metadata.bytes_forward_count, READ_ONCE(entry->conntrack_metadata.bytes_forward_count) + p->bytes); // Update packet's conntract metadata. - p->conntrack_metadata.bytes_forward_count = entry->bytes_forward_count; - p->conntrack_metadata.packets_forward_count = entry->packets_forward_count; + memcpy(&p->conntrack_metadata, &entry->conntrack_metadata, sizeof(struct conntrackmetadata)); return _ct_should_report_packet(entry, p->flags, CT_PACKET_DIR_TX, &key); } @@ -392,11 +379,10 @@ static __always_inline __attribute__((unused)) bool ct_process_packet(struct pac p->is_reply = true; p->traffic_direction = entry->traffic_direction; // Update packet count and bytes count on conntrack entry. - WRITE_ONCE(entry->packets_reply_count, READ_ONCE(entry->packets_reply_count) + 1); - WRITE_ONCE(entry->bytes_reply_count, READ_ONCE(entry->bytes_reply_count) + p->bytes); + WRITE_ONCE(entry->conntrack_metadata.packets_reply_count, READ_ONCE(entry->conntrack_metadata.packets_reply_count) + 1); + WRITE_ONCE(entry->conntrack_metadata.bytes_reply_count, READ_ONCE(entry->conntrack_metadata.bytes_reply_count) + p->bytes); // Update packet's conntract metadata. - p->conntrack_metadata.bytes_reply_count = entry->bytes_reply_count; - p->conntrack_metadata.packets_reply_count = entry->packets_reply_count; + memcpy(&p->conntrack_metadata, &entry->conntrack_metadata, sizeof(struct conntrackmetadata)); return _ct_should_report_packet(entry, p->flags, CT_PACKET_DIR_RX, &reverse_key); } diff --git a/pkg/plugin/conntrack/conntrack_bpfel_x86.go b/pkg/plugin/conntrack/conntrack_bpfel_x86.go index 7fe4957c18..a3a3a07951 100644 --- a/pkg/plugin/conntrack/conntrack_bpfel_x86.go +++ b/pkg/plugin/conntrack/conntrack_bpfel_x86.go @@ -13,17 +13,21 @@ import ( ) type conntrackCtEntry struct { - EvictionTime uint32 - LastReportTxDir uint32 - LastReportRxDir uint32 - TrafficDirection uint8 - FlagsSeenTxDir uint8 - FlagsSeenRxDir uint8 - IsDirectionUnknown bool - BytesForwardCount uint64 - BytesReplyCount uint64 - PacketsForwardCount uint64 - PacketsReplyCount uint64 + EvictionTime uint32 + LastReportTxDir uint32 + LastReportRxDir uint32 + TrafficDirection uint8 + FlagsSeenTxDir uint8 + FlagsSeenRxDir uint8 + IsDirectionUnknown bool + ConntrackMetadata struct { + BytesForwardCount uint64 + BytesReplyCount uint64 + PacketsForwardCount uint64 + PacketsReplyCount uint64 + TrafficDirection uint8 + _ [7]byte + } } type conntrackCtV4Key struct { diff --git a/pkg/plugin/conntrack/conntrack_bpfel_x86.o b/pkg/plugin/conntrack/conntrack_bpfel_x86.o index 4a2afcd828..ebe86751b0 100644 Binary files a/pkg/plugin/conntrack/conntrack_bpfel_x86.o and b/pkg/plugin/conntrack/conntrack_bpfel_x86.o differ diff --git a/pkg/plugin/dropreason/kprobe_bpfel_x86.o b/pkg/plugin/dropreason/kprobe_bpfel_x86.o index e69de29bb2..a0098ede38 100644 Binary files a/pkg/plugin/dropreason/kprobe_bpfel_x86.o and b/pkg/plugin/dropreason/kprobe_bpfel_x86.o differ diff --git a/pkg/plugin/filter/filter_bpfel_x86.o b/pkg/plugin/filter/filter_bpfel_x86.o index e69de29bb2..bf6c879c81 100644 Binary files a/pkg/plugin/filter/filter_bpfel_x86.o and b/pkg/plugin/filter/filter_bpfel_x86.o differ diff --git a/pkg/plugin/mock/plugin.go b/pkg/plugin/mock/plugin.go index 888d9267dd..403a472c3c 100644 --- a/pkg/plugin/mock/plugin.go +++ b/pkg/plugin/mock/plugin.go @@ -5,11 +5,11 @@ // // Code generated by MockGen. DO NOT EDIT. -// Source: github.com/microsoft/retina/pkg/plugin/ (interfaces: Plugin) +// Source: github.com/microsoft/retina/pkg/plugin (interfaces: Plugin) // // Generated by this command: // -// mockgen -destination=mock/plugin.go -copyright_file=../lib/ignore_headers.txt -package=plugin github.com/microsoft/retina/pkg/plugin/ Plugin +// mockgen -destination=mock/plugin.go -copyright_file=../lib/ignore_headers.txt -package=plugin github.com/microsoft/retina/pkg/plugin Plugin // // Package plugin is a generated GoMock package. @@ -27,7 +27,6 @@ import ( type MockPlugin struct { ctrl *gomock.Controller recorder *MockPluginMockRecorder - isgomock struct{} } // MockPluginMockRecorder is the mock recorder for MockPlugin. @@ -48,31 +47,31 @@ func (m *MockPlugin) EXPECT() *MockPluginMockRecorder { } // Compile mocks base method. -func (m *MockPlugin) Compile(ctx context.Context) error { +func (m *MockPlugin) Compile(arg0 context.Context) error { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "Compile", ctx) + ret := m.ctrl.Call(m, "Compile", arg0) ret0, _ := ret[0].(error) return ret0 } // Compile indicates an expected call of Compile. -func (mr *MockPluginMockRecorder) Compile(ctx any) *gomock.Call { +func (mr *MockPluginMockRecorder) Compile(arg0 any) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Compile", reflect.TypeOf((*MockPlugin)(nil).Compile), ctx) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Compile", reflect.TypeOf((*MockPlugin)(nil).Compile), arg0) } // Generate mocks base method. -func (m *MockPlugin) Generate(ctx context.Context) error { +func (m *MockPlugin) Generate(arg0 context.Context) error { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "Generate", ctx) + ret := m.ctrl.Call(m, "Generate", arg0) ret0, _ := ret[0].(error) return ret0 } // Generate indicates an expected call of Generate. -func (mr *MockPluginMockRecorder) Generate(ctx any) *gomock.Call { +func (mr *MockPluginMockRecorder) Generate(arg0 any) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Generate", reflect.TypeOf((*MockPlugin)(nil).Generate), ctx) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Generate", reflect.TypeOf((*MockPlugin)(nil).Generate), arg0) } // Init mocks base method. @@ -118,17 +117,17 @@ func (mr *MockPluginMockRecorder) SetupChannel(arg0 any) *gomock.Call { } // Start mocks base method. -func (m *MockPlugin) Start(ctx context.Context) error { +func (m *MockPlugin) Start(arg0 context.Context) error { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "Start", ctx) + ret := m.ctrl.Call(m, "Start", arg0) ret0, _ := ret[0].(error) return ret0 } // Start indicates an expected call of Start. -func (mr *MockPluginMockRecorder) Start(ctx any) *gomock.Call { +func (mr *MockPluginMockRecorder) Start(arg0 any) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Start", reflect.TypeOf((*MockPlugin)(nil).Start), ctx) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Start", reflect.TypeOf((*MockPlugin)(nil).Start), arg0) } // Stop mocks base method. diff --git a/pkg/plugin/packetforward/packetforward_bpfel_x86.o b/pkg/plugin/packetforward/packetforward_bpfel_x86.o index e69de29bb2..5f17550026 100644 Binary files a/pkg/plugin/packetforward/packetforward_bpfel_x86.o and b/pkg/plugin/packetforward/packetforward_bpfel_x86.o differ diff --git a/pkg/plugin/packetparser/packetparser_bpfel_x86.go b/pkg/plugin/packetparser/packetparser_bpfel_x86.go index 92cbd5cd4d..440a4ccc59 100644 --- a/pkg/plugin/packetparser/packetparser_bpfel_x86.go +++ b/pkg/plugin/packetparser/packetparser_bpfel_x86.go @@ -13,17 +13,21 @@ import ( ) type packetparserCtEntry struct { - EvictionTime uint32 - LastReportTxDir uint32 - LastReportRxDir uint32 - TrafficDirection uint8 - FlagsSeenTxDir uint8 - FlagsSeenRxDir uint8 - IsDirectionUnknown bool - BytesForwardCount uint64 - BytesReplyCount uint64 - PacketsForwardCount uint64 - PacketsReplyCount uint64 + EvictionTime uint32 + LastReportTxDir uint32 + LastReportRxDir uint32 + TrafficDirection uint8 + FlagsSeenTxDir uint8 + FlagsSeenRxDir uint8 + IsDirectionUnknown bool + ConntrackMetadata struct { + BytesForwardCount uint64 + BytesReplyCount uint64 + PacketsForwardCount uint64 + PacketsReplyCount uint64 + TrafficDirection uint8 + _ [7]byte + } } type packetparserCtV4Key struct { @@ -60,12 +64,12 @@ type packetparserPacket struct { IsReply bool _ [3]byte ConntrackMetadata struct { - TrafficDirection uint8 - _ [7]byte BytesForwardCount uint64 BytesReplyCount uint64 PacketsForwardCount uint64 PacketsReplyCount uint64 + TrafficDirection uint8 + _ [7]byte } } diff --git a/pkg/plugin/packetparser/packetparser_bpfel_x86.o b/pkg/plugin/packetparser/packetparser_bpfel_x86.o index 2002b5e4f3..d57a7d4a51 100644 Binary files a/pkg/plugin/packetparser/packetparser_bpfel_x86.o and b/pkg/plugin/packetparser/packetparser_bpfel_x86.o differ