diff --git a/agent/agent_test.go b/agent/agent_test.go index ecb0dbc..9ad79f5 100644 --- a/agent/agent_test.go +++ b/agent/agent_test.go @@ -206,7 +206,7 @@ func TestRead(t *testing.T) { conn := connManager.FindConnection4Exactly(syscallEvent.SyscallEvent.Ke.ConnIdS.TgidFd) AssertSyscallEventData(t, syscallEvent, SyscallDataEventAssertConditions{ KernDataEventAssertConditions: KernDataEventAssertConditions{ - connIdDirect: bpf.AgentTrafficDirectionTKIngress, + direct: Ingress, pid: uint64(os.Getpid()), fd: uint32(conn.TgidFd), funcName: "syscall", @@ -267,7 +267,7 @@ func TestRecvFrom(t *testing.T) { conn := connManager.FindConnection4Exactly(syscallEvent.SyscallEvent.Ke.ConnIdS.TgidFd) AssertSyscallEventData(t, syscallEvent, SyscallDataEventAssertConditions{ KernDataEventAssertConditions: KernDataEventAssertConditions{ - connIdDirect: bpf.AgentTrafficDirectionTKIngress, + direct: Ingress, pid: uint64(os.Getpid()), fd: uint32(conn.TgidFd), funcName: "syscall", @@ -332,7 +332,7 @@ func TestReadv(t *testing.T) { for index, syscallEvent := range syscallEvents { AssertSyscallEventData(t, syscallEvent, SyscallDataEventAssertConditions{ KernDataEventAssertConditions: KernDataEventAssertConditions{ - connIdDirect: bpf.AgentTrafficDirectionTKIngress, + direct: Ingress, pid: uint64(os.Getpid()), fd: uint32(conn.TgidFd), funcName: "syscall", @@ -399,7 +399,7 @@ func TestRecvmsg(t *testing.T) { for index, syscallEvent := range syscallEvents { AssertSyscallEventData(t, syscallEvent, SyscallDataEventAssertConditions{ KernDataEventAssertConditions: KernDataEventAssertConditions{ - connIdDirect: bpf.AgentTrafficDirectionTKIngress, + direct: Ingress, pid: uint64(os.Getpid()), fd: uint32(conn.TgidFd), ignoreFuncName: true, @@ -462,7 +462,7 @@ func TestWrite(t *testing.T) { conn := connManager.FindConnection4Exactly(syscallEvent.SyscallEvent.Ke.ConnIdS.TgidFd) AssertSyscallEventData(t, syscallEvent, SyscallDataEventAssertConditions{ KernDataEventAssertConditions: KernDataEventAssertConditions{ - connIdDirect: bpf.AgentTrafficDirectionTKEgress, + direct: Egress, pid: uint64(os.Getpid()), fd: uint32(conn.TgidFd), funcName: "syscall", @@ -523,7 +523,7 @@ func TestSendto(t *testing.T) { conn := connManager.FindConnection4Exactly(syscallEvent.SyscallEvent.Ke.ConnIdS.TgidFd) AssertSyscallEventData(t, syscallEvent, SyscallDataEventAssertConditions{ KernDataEventAssertConditions: KernDataEventAssertConditions{ - connIdDirect: bpf.AgentTrafficDirectionTKEgress, + direct: Egress, pid: uint64(os.Getpid()), fd: uint32(conn.TgidFd), funcName: "syscall", @@ -586,7 +586,7 @@ func TestWritev(t *testing.T) { for index, syscallEvent := range syscallEvents { AssertSyscallEventData(t, syscallEvent, SyscallDataEventAssertConditions{ KernDataEventAssertConditions: KernDataEventAssertConditions{ - connIdDirect: bpf.AgentTrafficDirectionTKEgress, + direct: Egress, pid: uint64(os.Getpid()), fd: uint32(conn.TgidFd), funcName: "syscall", @@ -650,7 +650,7 @@ func TestSendMsg(t *testing.T) { seq := uint64(1) for index, syscallEvent := range syscallEvents { AssertSyscallEventData(t, syscallEvent, SyscallDataEventAssertConditions{ - KernDataEventAssertConditions: KernDataEventAssertConditions{connIdDirect: bpf.AgentTrafficDirectionTKEgress, + KernDataEventAssertConditions: KernDataEventAssertConditions{direct: Egress, pid: uint64(os.Getpid()), fd: uint32(conn.TgidFd), ignoreFuncName: true, @@ -762,10 +762,10 @@ func TestIpXmit(t *testing.T) { FindInterestedKernEventOptions{ findDataLenGtZeroEvent: true, findByDirect: true, - direct: bpf.AgentTrafficDirectionTKEgress, + direct: Egress, }, KernDataEventAssertConditions{ - connIdDirect: bpf.AgentTrafficDirectionTKEgress, + direct: Egress, pid: uint64(os.Getpid()), funcName: "ip_queue_xmit", ignoreFuncName: true, @@ -792,12 +792,12 @@ func TestDevQueueXmit(t *testing.T) { FindInterestedKernEventOptions{ findDataLenGtZeroEvent: true, findByDirect: true, - direct: bpf.AgentTrafficDirectionTKEgress, + direct: Egress, findByStep: true, step: bpf.AgentStepTQDISC_OUT, }, KernDataEventAssertConditions{ - connIdDirect: bpf.AgentTrafficDirectionTKEgress, + direct: Egress, pid: uint64(os.Getpid()), funcName: "dev_queue_xmit", ignoreFuncName: true, @@ -824,12 +824,12 @@ func TestDevHardStartXmit(t *testing.T) { FindInterestedKernEventOptions{ findDataLenGtZeroEvent: true, findByDirect: true, - direct: bpf.AgentTrafficDirectionTKEgress, + direct: Egress, findByStep: true, step: bpf.AgentStepTDEV_OUT, }, KernDataEventAssertConditions{ - connIdDirect: bpf.AgentTrafficDirectionTKEgress, + direct: Egress, pid: uint64(os.Getpid()), funcName: "dev_hard_start", ignoreFuncName: true, @@ -860,12 +860,12 @@ func TestTracepointNetifReceiveSkb(t *testing.T) { FindInterestedKernEventOptions{ findDataLenGtZeroEvent: true, findByDirect: true, - direct: bpf.AgentTrafficDirectionTKIngress, + direct: Ingress, findByStep: true, step: bpf.AgentStepTDEV_IN, }, KernDataEventAssertConditions{ - connIdDirect: bpf.AgentTrafficDirectionTKIngress, + direct: Ingress, pid: uint64(os.Getpid()), funcName: "netif_receive_skb", ignoreFuncName: true, @@ -903,12 +903,12 @@ func TestIpRcvCore(t *testing.T) { FindInterestedKernEventOptions{ findDataLenGtZeroEvent: true, findByDirect: true, - direct: bpf.AgentTrafficDirectionTKIngress, + direct: Ingress, findByStep: true, step: bpf.AgentStepTIP_IN, }, KernDataEventAssertConditions{ - connIdDirect: bpf.AgentTrafficDirectionTKIngress, + direct: Ingress, pid: uint64(os.Getpid()), funcName: "ip_rcv_core", ignoreFuncName: true, @@ -943,12 +943,12 @@ func TestTcpV4DoRcv(t *testing.T) { FindInterestedKernEventOptions{ findDataLenGtZeroEvent: true, findByDirect: true, - direct: bpf.AgentTrafficDirectionTKIngress, + direct: Ingress, findByStep: true, step: bpf.AgentStepTTCP_IN, }, KernDataEventAssertConditions{ - connIdDirect: bpf.AgentTrafficDirectionTKIngress, + direct: Ingress, pid: uint64(os.Getpid()), funcName: "tcp_v4_do_rcv", ignoreFuncName: true, @@ -983,12 +983,12 @@ func TestSkbCopyDatagramIter(t *testing.T) { FindInterestedKernEventOptions{ findDataLenGtZeroEvent: true, findByDirect: true, - direct: bpf.AgentTrafficDirectionTKIngress, + direct: Ingress, findByStep: true, step: bpf.AgentStepTUSER_COPY, }, KernDataEventAssertConditions{ - connIdDirect: bpf.AgentTrafficDirectionTKIngress, + direct: Ingress, pid: uint64(os.Getpid()), funcName: "skb_copy_datagr", ignoreFuncName: true, diff --git a/agent/agent_utils_test.go b/agent/agent_utils_test.go index 59ae802..d1a7ba8 100644 --- a/agent/agent_utils_test.go +++ b/agent/agent_utils_test.go @@ -41,6 +41,7 @@ func StartAgent(bpfAttachFunctions []bpf.AttachBpfProgFunction, cmd.FilterPid = int64(pid) cmd.DefaultLogLevel = int32(logrus.DebugLevel) cmd.Debug = true + cmd.InitLog() agent.SetupAgent(agent.AgentOptions{ Stopper: agentStopper, LoadBpfProgramFunction: func(objs interface{}) *list.List { @@ -165,7 +166,7 @@ func AssertConnEvent(t *testing.T, connectEvent bpf.AgentConnEvtT, assert ConnEv type KernDataEventAssertConditions struct { ignoreConnIdDirect bool - connIdDirect bpf.AgentTrafficDirectionT + direct int ignorePid bool pid uint64 ignoreFd bool @@ -190,9 +191,8 @@ type SyscallDataEventAssertConditions struct { func AssertKernEvent(t *testing.T, kernEvt *bpf.AgentKernEvt, conditions KernDataEventAssertConditions) { connId := kernEvt.ConnIdS - direct := connId.Direct if !conditions.ignoreConnIdDirect { - assert.Equal(t, conditions.connIdDirect, direct) + assert.Equal(t, conditions.direct == Egress, kernEvt.Step <= bpf.AgentStepTNIC_IN) } pid := connId.TgidFd >> 32 if !conditions.ignorePid { @@ -264,6 +264,9 @@ type FindInterestedSyscallEventOptions struct { connEventList []bpf.AgentConnEvtT } +var Egress int = 0 +var Ingress int = 1 + type FindInterestedKernEventOptions struct { findByRemotePort bool remotePort uint16 @@ -271,7 +274,7 @@ type FindInterestedKernEventOptions struct { localPort uint16 findDataLenGtZeroEvent bool findByDirect bool - direct bpf.AgentTrafficDirectionT + direct int // 0-出 1-入 findByFuncName bool funcName string throw bool @@ -360,7 +363,7 @@ func findInterestedKernEvents(t *testing.T, kernEventList []bpf.AgentKernEvt, op if options.findDataLenGtZeroEvent && each.Len == 0 { continue } - if options.findByDirect && options.direct != each.ConnIdS.Direct { + if options.findByDirect && (options.direct == 0) != (each.Step <= bpf.AgentStepTNIC_OUT) { continue } eventFuncName := common.Int8ToStr(each.FuncName[:]) diff --git a/agent/analysis/stat.go b/agent/analysis/stat.go index f4df058..abfd258 100644 --- a/agent/analysis/stat.go +++ b/agent/analysis/stat.go @@ -169,8 +169,8 @@ func (s *StatRecorder) ReceiveRecord(r protocol.Record, connection *conn.Connect } var writeSyscallEvents, readSyscallEvents, devOutSyscallEvents, nicIngressEvents, userCopyEvents, tcpInEvents []conn.KernEvent - egressMessage := getParsedMessageBySide(r, connection.IsServerSide(), bpf.AgentTrafficDirectionTKEgress) - ingressMessage := getParsedMessageBySide(r, connection.IsServerSide(), bpf.AgentTrafficDirectionTKIngress) + egressMessage := getParsedMessageBySide(r, connection.IsServerSide(), DirectEgress) + ingressMessage := getParsedMessageBySide(r, connection.IsServerSide(), DirectIngress) writeSyscallEvents = streamEvents.FindAndRemoveEventsBySeqAndLen(bpf.AgentStepTSYSCALL_OUT, egressMessage.Seq(), egressMessage.ByteSize()) readSyscallEvents = streamEvents.FindAndRemoveEventsBySeqAndLen(bpf.AgentStepTSYSCALL_IN, ingressMessage.Seq(), ingressMessage.ByteSize()) devOutSyscallEvents = streamEvents.FindAndRemoveEventsBySeqAndLen(bpf.AgentStepTDEV_OUT, egressMessage.Seq(), egressMessage.ByteSize()) @@ -279,15 +279,15 @@ func KernEventsToEventDetails[k PacketEventDetail | SyscallEventDetail | NicEven return result } -func getParsedMessageBySide(r protocol.Record, IsServerSide bool, direct bpf.AgentTrafficDirectionT) protocol.ParsedMessage { +func getParsedMessageBySide(r protocol.Record, IsServerSide bool, direct DirectEnum) protocol.ParsedMessage { if !IsServerSide { - if direct == bpf.AgentTrafficDirectionTKEgress { + if direct == DirectEgress { return r.Request() } else { return r.Response() } } else { - if direct == bpf.AgentTrafficDirectionTKEgress { + if direct == DirectEgress { return r.Response() } else { return r.Request() diff --git a/agent/conn/conntrack.go b/agent/conn/conntrack.go index f79f5fb..1881f0f 100644 --- a/agent/conn/conntrack.go +++ b/agent/conn/conntrack.go @@ -439,9 +439,9 @@ func isReq(conn *Connection4, event *bpf.AgentKernEvt) (bool, bool) { } var isReq bool if !conn.IsServerSide() { - isReq = event.ConnIdS.Direct == bpf.AgentTrafficDirectionTKEgress + isReq = event.Step <= bpf.AgentStepTNIC_OUT } else { - isReq = event.ConnIdS.Direct == bpf.AgentTrafficDirectionTKIngress + isReq = event.Step >= bpf.AgentStepTNIC_IN } return isReq, true } diff --git a/agent/conn/processor.go b/agent/conn/processor.go index 09edf3e..4ea1a21 100644 --- a/agent/conn/processor.go +++ b/agent/conn/processor.go @@ -226,8 +226,8 @@ func (p *Processor) run() { conn.ToString(), event.Seq, event.Len, common.DisplayTcpFlags(event.Flags)) } else { - common.BPFEventLog.Debugf("[data no conn][func=%s][ts=%d][%s]%s | %d:%d flags:%s\n", common.Int8ToStr(event.FuncName[:]), event.Ts, bpf.StepCNNames[event.Step], - conn.ToString(), event.Seq, event.Len, + common.BPFEventLog.Debugf("[data no conn][func=%s][ts=%d][%s] | %d:%d flags:%s\n", common.Int8ToStr(event.FuncName[:]), event.Ts, bpf.StepCNNames[event.Step], + event.Seq, event.Len, common.DisplayTcpFlags(event.Flags)) } if event.Len > 0 && conn != nil && conn.Protocol != bpf.AgentTrafficProtocolTKProtocolUnknown { diff --git a/bpf/agent_x86_bpfel.go b/bpf/agent_x86_bpfel.go index 3dccdba..21f1eca 100644 --- a/bpf/agent_x86_bpfel.go +++ b/bpf/agent_x86_bpfel.go @@ -21,9 +21,8 @@ type AgentConnEvtT struct { type AgentConnIdS_t struct { TgidFd uint64 - Direct AgentTrafficDirectionT NoTrace bool - _ [3]byte + _ [7]byte } type AgentConnInfoT struct { diff --git a/bpf/agentold_x86_bpfel.go b/bpf/agentold_x86_bpfel.go index 26f2dc8..0dbd81b 100644 --- a/bpf/agentold_x86_bpfel.go +++ b/bpf/agentold_x86_bpfel.go @@ -21,9 +21,8 @@ type AgentOldConnEvtT struct { type AgentOldConnIdS_t struct { TgidFd uint64 - Direct AgentOldTrafficDirectionT NoTrace bool - _ [3]byte + _ [7]byte } type AgentOldConnInfoT struct { diff --git a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-23-generic.btf b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-23-generic.btf index 9d5c174..4c95413 100644 Binary files a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-23-generic.btf and b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-23-generic.btf differ diff --git a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-25-generic.btf b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-25-generic.btf index 9d5c174..4c95413 100644 Binary files a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-25-generic.btf and b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-25-generic.btf differ diff --git a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-28-generic.btf b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-28-generic.btf index 9d5c174..4c95413 100644 Binary files a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-28-generic.btf and b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-28-generic.btf differ diff --git a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-29-generic.btf b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-29-generic.btf index 9d5c174..4c95413 100644 Binary files a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-29-generic.btf and b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-29-generic.btf differ diff --git a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-33-generic.btf b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-33-generic.btf index 9d5c174..4c95413 100644 Binary files a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-33-generic.btf and b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-33-generic.btf differ diff --git a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-34-generic.btf b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-34-generic.btf index 9d5c174..4c95413 100644 Binary files a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-34-generic.btf and b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-34-generic.btf differ diff --git a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-36-generic.btf b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-36-generic.btf index 9d5c174..4c95413 100644 Binary files a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-36-generic.btf and b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-36-generic.btf differ diff --git a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-38-generic.btf b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-38-generic.btf index 9d5c174..4c95413 100644 Binary files a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-38-generic.btf and b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-38-generic.btf differ diff --git a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-40-generic.btf b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-40-generic.btf index 9d5c174..4c95413 100644 Binary files a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-40-generic.btf and b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-40-generic.btf differ diff --git a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-41-generic.btf b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-41-generic.btf index 9d5c174..4c95413 100644 Binary files a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-41-generic.btf and b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-41-generic.btf differ diff --git a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-43-generic.btf b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-43-generic.btf index 9d5c174..4c95413 100644 Binary files a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-43-generic.btf and b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-43-generic.btf differ diff --git a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-44-generic.btf b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-44-generic.btf index 9d5c174..4c95413 100644 Binary files a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-44-generic.btf and b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-44-generic.btf differ diff --git a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-45-generic.btf b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-45-generic.btf index 9d5c174..4c95413 100644 Binary files a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-45-generic.btf and b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-45-generic.btf differ diff --git a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-48-generic.btf b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-48-generic.btf index 9d5c174..4c95413 100644 Binary files a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-48-generic.btf and b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-48-generic.btf differ diff --git a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-49-generic.btf b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-49-generic.btf index 132666b..8bc3601 100644 Binary files a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-49-generic.btf and b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-49-generic.btf differ diff --git a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-50-generic.btf b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-50-generic.btf index 132666b..8bc3601 100644 Binary files a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-50-generic.btf and b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-50-generic.btf differ diff --git a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-53-generic.btf b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-53-generic.btf index 132666b..8bc3601 100644 Binary files a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-53-generic.btf and b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-53-generic.btf differ diff --git a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-55-generic.btf b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-55-generic.btf index 132666b..8bc3601 100644 Binary files a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-55-generic.btf and b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-55-generic.btf differ diff --git a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-59-generic.btf b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-59-generic.btf index 132666b..8bc3601 100644 Binary files a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-59-generic.btf and b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-59-generic.btf differ diff --git a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-63-generic.btf b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-63-generic.btf index 132666b..8bc3601 100644 Binary files a/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-63-generic.btf and b/bpf/custom-archive/ubuntu/20.04/x86_64/5.8.0-63-generic.btf differ diff --git a/bpf/pktlatency.bpf.c b/bpf/pktlatency.bpf.c index d118b56..5a318c4 100644 --- a/bpf/pktlatency.bpf.c +++ b/bpf/pktlatency.bpf.c @@ -200,6 +200,14 @@ static __always_inline struct sock_key reverse_sock_key(struct sock_key* key) { copy.family = _(key->family); return copy; } +static __always_inline void reverse_sock_key_no_copy(struct sock_key* key) { + key->sip = key->sip ^ key->dip; + key->dip = key->sip ^ key->dip; + key->sip = key->sip ^ key->dip; + key->sport = key->sport ^ key->dport; + key->dport = key->sport ^ key->dport; + key->sport = key->sport ^ key->dport; +} static void __always_inline parse_kern_evt_body(struct parse_kern_evt_body *param) { void* ctx = param->ctx; u32 inital_seq = param->inital_seq; @@ -651,6 +659,9 @@ static __always_inline int parse_skb(void* ctx, struct sk_buff *skb, bool sk_not body.len = len - ip_hdr_len; // body.func_name = func_name; body.step = step; + if (step >= NIC_IN){ + reverse_sock_key_no_copy(&key); + } report_kern_evt(&body); return 1; } else { @@ -664,70 +675,7 @@ static __always_inline int parse_skb(void* ctx, struct sk_buff *skb, bool sk_not // #ifndef KERNEL_VERSION_BELOW_58 SEC("xdp") int xdp_proxy(struct xdp_md *ctx){ - // bpf_printk("xdp"); - void *data = (void *)(long)ctx->data; - void *data_end = (void *)(long)ctx->data_end; - - struct ethhdr *eth = data; - if (data + sizeof(struct ethhdr) > data_end) { - // pr_bpf_debug("xdp2 data + sizeof(struct ethhdr) > data_end"); - return XDP_PASS; - } - u16 l3_proto = _(eth->h_proto); - // bpf_printk("xdp, l3_proto: %x", l3_proto); - struct iphdr *iph = data + sizeof(struct ethhdr); - if (data + sizeof(struct ethhdr) + sizeof(struct iphdr) > data_end) - { - // pr_bpf_debug("xdp2 data + sizeof(struct ethhdr) + sizeof(struct iphdr) > data_end"); - return XDP_ABORTED; - } - if (iph->protocol != IPPROTO_TCP) - { - // bpf_printk("xdp2 iph->protocol != IPPROTO_TCP, %x", iph->protocol); - return XDP_PASS; - } - struct tcphdr* th = data + sizeof(struct ethhdr) + sizeof(struct iphdr); - if (data + sizeof(struct ethhdr) + sizeof(struct iphdr) + sizeof(struct tcphdr) > data_end) { - // pr_bpf_debug("xdp2 data + sizeof(struct ethhdr) + sizeof(struct iphdr) + sizeof(struct tcphdr) > data_end"); - return XDP_ABORTED; - } - - struct sock_key key = {0}; - key.sip = _C(iph,saddr); - key.dip = _C(iph,daddr); - key.sport = bpf_ntohs(_C(th,source)); - key.dport = bpf_ntohs(_C(th,dest)); - key.family = AF_INET; - // bpf_printk("xdp, not found!, sport:%d, dport:%d, family:%d", key.sport, key.dport,key.family); - int *found = bpf_map_lookup_elem(&sock_xmit_map, &key); - if (found == NULL && !should_trace_sock_key(&key)) { - // pr_bpf_debug("xdp key.dport != target_port, %u,%u,should_trace_sock_key:%d", key.dport, key.sport,should_trace_sock_key(&key)); - return XDP_PASS; - } - u32 inital_seq; - if (found == NULL) { - inital_seq = bpf_ntohl(th->seq); - bpf_map_update_elem(&sock_xmit_map, &key,&inital_seq, BPF_NOEXIST); - // bpf_printk("xdp not found!, seq: %u", inital_seq); - // bpf_printk("xdp, not found!, sip: %u, dip:%u", bpf_ntohl(key.sip), bpf_ntohl(key.dip)); - // bpf_printk("xdp, not found!, sport:%d, dport:%d, family:%d", key.sport, key.dport,key.family); - } else { - bpf_probe_read_kernel(&inital_seq, sizeof(inital_seq), found); - // bpf_printk("xdp found!, seq: %u", inital_seq); - } - u32 len = data_end - data - (sizeof(struct ethhdr) + sizeof(struct iphdr)); - // bpf_printk("xdp, skb: %x", data); - struct parse_kern_evt_body body = {0}; - body.ctx = ctx; - body.inital_seq = inital_seq; - body.key = &key; - body.tcp = th; - body.len = len; - // body.func_name = XDP_FUNC_NAME; - body.step = NIC_IN; - report_kern_evt(&body); - // KERN_EVENT_HANDLE(&evt, "xdp"); - return XDP_PASS; + return XDP_PASS; } // #else // #endif @@ -754,6 +702,8 @@ static __always_inline int handle_skb_data_copy(void *ctx, struct sk_buff *skb, struct tcp_skb_cb *cb = (struct tcp_skb_cb *)&p_cb[0]; u32 seq = _C(cb,seq) + offset; + reverse_sock_key_no_copy(&key); + struct parse_kern_evt_body body = {0}; body.ctx = ctx; body.inital_seq = inital_seq; @@ -930,8 +880,8 @@ int BPF_PROG(tcp_destroy_sock, struct sock *sk) } bpf_map_delete_elem(&conn_info_map, &tgid_fd); bpf_map_delete_elem(&sock_key_conn_id_map, &key); - struct sock_key rev_key = reverse_sock_key(&key); - bpf_map_delete_elem(&sock_key_conn_id_map, &rev_key); + // struct sock_key rev_key = reverse_sock_key(&key); + // bpf_map_delete_elem(&sock_key_conn_id_map, &rev_key); } if (!err) { // pr_bpf_debug("tcp_destroy_sock, sock destory, %d, %d", key.sport, key.dport); @@ -1061,15 +1011,16 @@ static __always_inline bool create_conn_info(void* ctx, struct conn_info_t *conn bpf_map_update_elem(&conn_info_map, &tgid_fd, conn_info, BPF_ANY); struct conn_id_s_t conn_id_s = {}; - conn_id_s.direct = role == kRoleClient ? kEgress : kIngress; + // conn_id_s.direct = role == kRoleClient ? kEgress : kIngress; + // conn_id_s.direct = role == kEgress; conn_id_s.tgid_fd = tgid_fd; bpf_map_update_elem(&sock_key_conn_id_map, key, &conn_id_s, BPF_NOEXIST); - struct sock_key rev = reverse_sock_key(key); - // d => s - struct conn_id_s_t conn_id_s_rev = {}; - conn_id_s_rev.direct = role == kRoleClient ? kIngress : kEgress; - conn_id_s_rev.tgid_fd = tgid_fd; - bpf_map_update_elem(&sock_key_conn_id_map, &rev, &conn_id_s_rev, BPF_NOEXIST); + // struct sock_key rev = reverse_sock_key(key); + // // d => s + // struct conn_id_s_t conn_id_s_rev = {}; + // conn_id_s_rev.direct = role == kRoleClient ? kIngress : kEgress; + // conn_id_s_rev.tgid_fd = tgid_fd; + // bpf_map_update_elem(&sock_key_conn_id_map, &rev, &conn_id_s_rev, BPF_NOEXIST); report_conn_evt(ctx, conn_info, kConnect, start_ts); return true; } else { @@ -1098,18 +1049,25 @@ enum endpoint_role_t role, uint64_t start_ts) { struct tcp_sock * tcp_sk = get_socket_from_fd(fd); // s => d struct sock_key key = {0}; - if (role == kRoleClient) { - parse_sock_key_sk((struct sock*)tcp_sk, &key); - } else { - parse_sock_key_rcv_sk((struct sock*)tcp_sk, &key); - } + parse_sock_key_sk((struct sock*)tcp_sk, &key); + // if (role == kRoleClient) { + // parse_sock_key_sk((struct sock*)tcp_sk, &key); + // } else { + // parse_sock_key_rcv_sk((struct sock*)tcp_sk, &key); + // } // print_sock_key(&key); if (socket == NULL) { - conn_info.laddr.in4.sin_addr.s_addr = role == kRoleClient ? key.sip : key.dip; - conn_info.laddr.in4.sin_port = role == kRoleClient ? key.sport : key.dport; - conn_info.raddr.in4.sin_addr.s_addr = role == kRoleClient ? key.dip : key.sip; - conn_info.raddr.in4.sin_port = role == kRoleClient ? key.dport : key.sport; + // conn_info.laddr.in4.sin_addr.s_addr = role == kRoleClient ? key.sip : key.dip; + // conn_info.laddr.in4.sin_port = role == kRoleClient ? key.sport : key.dport; + // conn_info.raddr.in4.sin_addr.s_addr = role == kRoleClient ? key.dip : key.sip; + // conn_info.raddr.in4.sin_port = role == kRoleClient ? key.dport : key.sport; + // conn_info.laddr.in4.sin_family = key.family; + // conn_info.raddr.in4.sin_family = key.family; + conn_info.laddr.in4.sin_addr.s_addr = key.sip ; + conn_info.laddr.in4.sin_port = key.sport ; + conn_info.raddr.in4.sin_addr.s_addr = key.dip; + conn_info.raddr.in4.sin_port = key.dport; conn_info.laddr.in4.sin_family = key.family; conn_info.raddr.in4.sin_family = key.family; } @@ -1319,7 +1277,7 @@ static __always_inline void process_syscall_data_vecs(void* ctx, struct data_arg uint64_t seq = (direct == kEgress ? conn_info->write_bytes : conn_info->read_bytes) + 1; struct conn_id_s_t conn_id_s; conn_id_s.tgid_fd = tgid_fd; - conn_id_s.direct = direct; + // conn_id_s.direct = direct; enum step_t step = direct == kEgress ? SYSCALL_OUT : SYSCALL_IN; if (should_trace_conn(conn_info)) { report_syscall_evt_vecs(ctx, seq, &conn_id_s, bytes_count, step, args); @@ -1386,7 +1344,7 @@ static __always_inline void process_syscall_data(void* ctx, struct data_args *ar uint64_t seq = (direct == kEgress ? conn_info->write_bytes : conn_info->read_bytes) + 1; struct conn_id_s_t conn_id_s; conn_id_s.tgid_fd = tgid_fd; - conn_id_s.direct = direct; + // conn_id_s.direct = direct; enum step_t step = direct == kEgress ? SYSCALL_OUT : SYSCALL_IN; if (should_trace_conn(conn_info)) { report_syscall_evt(ctx, seq, &conn_id_s, bytes_count, step, args); diff --git a/bpf/pktlatency.h b/bpf/pktlatency.h index 030af99..85052c2 100644 --- a/bpf/pktlatency.h +++ b/bpf/pktlatency.h @@ -157,8 +157,6 @@ struct conn_id_t { struct conn_id_s_t { uint64_t tgid_fd; - // 0-入向 1-出向 - enum traffic_direction_t direct; bool no_trace; }; diff --git a/cmd/common.go b/cmd/common.go index 42025cd..a5c817c 100644 --- a/cmd/common.go +++ b/cmd/common.go @@ -63,7 +63,7 @@ func startAgent(options agent.AgentOptions) { options.PerfEventBufferSizeForEvent = KernEvtPerfEventBufferSize options.PerfEventBufferSizeForData = DataEvtPerfEventBufferSize - initLog() + InitLog() common.AgentLog.Infoln("Kyanos starting...") if viper.GetBool(common.DaemonVarName) { cntxt := &daemon.Context{ @@ -119,7 +119,7 @@ func initSizeFilter(cmd *cobra.Command) protocol.SizeFilter { return sizeFilter } -func initLog() { +func InitLog() { if viper.GetBool("debug") { DefaultLogLevel = int32(logrus.DebugLevel) } diff --git a/common/constant.go b/common/constant.go index 58ca67a..3ca05e3 100644 --- a/common/constant.go +++ b/common/constant.go @@ -25,3 +25,8 @@ type SideEnum int8 const AllSide SideEnum = 0 const ServerSide SideEnum = 1 const ClientSide SideEnum = 2 + +type DirectEnum int + +const DirectEgress DirectEnum = 0 +const DirectIngress DirectEnum = 1