diff options
author | Stephen Wong <stephen.kf.wong@gmail.com> | 2019-01-18 01:50:08 +0000 |
---|---|---|
committer | Stephen Wong <stephen.kf.wong@gmail.com> | 2019-01-18 01:50:08 +0000 |
commit | 6aa27547b71bff174e3017f637a002546033bf39 (patch) | |
tree | b89410b7bf14d896c04686ed05d7259f01a3e43e /clover/clovisor/libclovisor/ebpf/session_tracking.c | |
parent | adf4c7d34840acbc4676d895075d7098c0064f9c (diff) |
Various changes to improve Clovisor:
1.) make clovisor work on GKE
2.) running more efficient correlation between k8s service, pods, and
service port name for the pod's container port
3.) add per session trace metrics on Clovisor's traces, including
request and response sizes, trace-id, request-id, and more HTTP header
fields
4.) improve eBPF code to account for TCP sessions which do not finish with
either FIN or RST flags
5.) tested with Clover sample app (the "SDC")
Change-Id: Ia1a6275caf31a63fb1288c93cea42b32a4606307
Signed-off-by: Stephen Wong <stephen.kf.wong@gmail.com>
Diffstat (limited to 'clover/clovisor/libclovisor/ebpf/session_tracking.c')
-rwxr-xr-x | clover/clovisor/libclovisor/ebpf/session_tracking.c | 45 |
1 files changed, 31 insertions, 14 deletions
diff --git a/clover/clovisor/libclovisor/ebpf/session_tracking.c b/clover/clovisor/libclovisor/ebpf/session_tracking.c index 99f704a..ea68788 100755 --- a/clover/clovisor/libclovisor/ebpf/session_tracking.c +++ b/clover/clovisor/libclovisor/ebpf/session_tracking.c @@ -17,6 +17,7 @@ #define MAX_SESSION_TABLE_ENTRIES 8192 typedef enum { + UNDEFINED = 0, HTTP = 1, HTTP2 = 2, TCP = 3, @@ -145,24 +146,37 @@ static inline app_proto_t ingress_tcp_parsing(struct tcphdr *tcp_hdr, unsigned short dest_port = htons(tcp_hdr->dest); egress_match_t egress_match = {}; policy_action_t *policy_ptr = NULL; + app_proto_t ret = TCP; unsigned int *proto = dports2proto.lookup(&dest_port); if (proto != NULL) { + /* if (tcp_hdr->syn && !tcp_hdr->ack) { - return TCP; + return ret; } + */ + ret = HTTP; if (tcp_hdr->fin || tcp_hdr->rst) { process_response(ntohl(ipv4_hdr->saddr), ntohl(ipv4_hdr->daddr), ntohs(tcp_hdr->source), ntohs(tcp_hdr->dest)); - return TCP; + } else { + process_request(ntohl(ipv4_hdr->saddr), + ntohl(ipv4_hdr->daddr), + ntohs(tcp_hdr->source), + ntohs(tcp_hdr->dest)); } - process_request(ntohl(ipv4_hdr->saddr), - ntohl(ipv4_hdr->daddr), - ntohs(tcp_hdr->source), - ntohs(tcp_hdr->dest)); } else { + dest_port = htons(tcp_hdr->source); + proto = dports2proto.lookup(&dest_port); + if (proto != NULL) { + // clock response receiving time + process_response(ntohl(ipv4_hdr->daddr), + ntohl(ipv4_hdr->saddr), + ntohs(tcp_hdr->dest), + ntohs(tcp_hdr->source)); + } egress_match.dst_ip = ntohl(ipv4_hdr->saddr); egress_match.dst_port = ntohs(tcp_hdr->source); policy_ptr = egress_lookup_table.lookup(&egress_match); @@ -173,6 +187,7 @@ static inline app_proto_t ingress_tcp_parsing(struct tcphdr *tcp_hdr, if (policy_ptr != NULL) { if (*policy_ptr == RECORD) { + ret = HTTP; if (tcp_hdr->fin || tcp_hdr->rst) { process_response(ntohl(ipv4_hdr->daddr), ntohl(ipv4_hdr->saddr), @@ -185,7 +200,7 @@ static inline app_proto_t ingress_tcp_parsing(struct tcphdr *tcp_hdr, // everything else drops to TCP //return ((void*)tcp_hdr); - return HTTP; + return ret; } static inline app_proto_t egress_tcp_parsing(struct tcphdr *tcp_hdr, @@ -200,12 +215,13 @@ static inline app_proto_t egress_tcp_parsing(struct tcphdr *tcp_hdr, unsigned int *proto = dports2proto.lookup(&src_port); if (proto != NULL) { - if (tcp_hdr->fin || tcp_hdr->rst) { - process_response(ntohl(ipv4_hdr->daddr), - ntohl(ipv4_hdr->saddr), - ntohs(tcp_hdr->dest), - ntohs(tcp_hdr->source)); - } + //if (tcp_hdr->fin || tcp_hdr->rst) { + process_response(ntohl(ipv4_hdr->daddr), + ntohl(ipv4_hdr->saddr), + ntohs(tcp_hdr->dest), + ntohs(tcp_hdr->source)); + //} + ret = HTTP; } else { egress_match.dst_ip = ntohl(ipv4_hdr->daddr); @@ -222,11 +238,12 @@ static inline app_proto_t egress_tcp_parsing(struct tcphdr *tcp_hdr, ntohl(ipv4_hdr->daddr), ntohs(tcp_hdr->source), ntohs(tcp_hdr->dest)); + ret = HTTP; } } } //return(ret_hdr); - return HTTP; + return ret; } static inline int handle_packet(struct __sk_buff *skb, int is_ingress) |