Add bidirectional packet capture #6882
Conversation
Signed-off-by: Aryan Bakliwal <[email protected]>
Signed-off-by: Aryan Bakliwal <[email protected]>
|
@hangyan please let me know what you think about this |
…antrea-io#6877) Bumps the golang-org-x group with 1 update: [golang.org/x/net](https://github.com/golang/net). Updates `golang.org/x/net` from 0.32.0 to 0.33.0 - [Commits](golang/net@v0.32.0...v0.33.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-org-x ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…oup (antrea-io#6880) Bumps the ginkgo group with 1 update: [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo). Updates `github.com/onsi/ginkgo/v2` from 2.22.0 to 2.22.1 - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](onsi/ginkgo@v2.22.0...v2.22.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ginkgo ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Aryan Bakliwal <[email protected]>
|
Hey @hangyan @antoninbas, I made the changes in the bpf code according to the one generated by tcpdump. When I try to test the bidirectional packet capture, it fails with this log Could you please take a look and help me identify what might be going wrong? Also, golangci-lint is giving me this error even though I have changed the |
this error was reported by golangci on windows, we have a |
Signed-off-by: Aryan Bakliwal <[email protected]>
|
I’ve added the Please let me know if any adjustments are needed or if there's anything else I should update or add. Captured packetsICMP (SourceToDestination) ICMP (DestinationToSource) ICMP (Both) TCP (SourceToDestination) TCP (DestinationToSource) TCP (Both) |
| // (006) ld [30] # Load 4B at 30 (dest address) | ||
| // (007) jeq #0xaf40103 jt 8 jf 26 # If bytes match(10.244.0.3), goto #8, else #26 | ||
| // (008) ldh [20] # Load 2B at 20 (13b Fragment Offset) | ||
| // (009) jset #0x1fff jt 26 jf 10 # Use 0x1fff as a mask for fragment offset; If fragment offset != 0, #10, else #26 |
There was a problem hiding this comment.
maybe align the comments after #.
| @@ -134,18 +122,96 @@ func compilePacketFilter(packetSpec *crdv1alpha1.Packet, srcIP, dstIP net.IP) [] | |||
| } | |||
| } | |||
|
|
|||
| // source ip | |||
There was a problem hiding this comment.
In the future we may also support tcp flags and other layer4 configs, if that happens, we should consider make the current code structure more modularized, or it would be extremely hard to extend this function . This won't be easy but i suggest to review this part and see if we can do better.
not sure if we can separate the ip section and ports section apart, call sub functions to calculate their instruments size and sums up.
There was a problem hiding this comment.
I'll try my best to improve the code structure and explore separating the IP and port sections as suggested
| }, | ||
| { | ||
| name: "with-proto-port-and-Both", | ||
| srcIP: net.ParseIP("127.0.0.1"), |
There was a problem hiding this comment.
better to add a test case for only have dstPort and Both, that's the real world case as client port is always random.
There was a problem hiding this comment.
makes sense, will add this test case
| srcAddrVal := binary.BigEndian.Uint32(srcIP[len(srcIP)-4:]) | ||
| dstAddrVal := binary.BigEndian.Uint32(dstIP[len(dstIP)-4:]) |
There was a problem hiding this comment.
I am not sure I understand this change. Isn't it possible for srcIP and dstIP to be nil?
There was a problem hiding this comment.
I think the current spec enforced srcIP and dstIP both cannot be nil, because either Pod or IP will present. It cloud be pretty easy to remove the restrictions in the crd spec and do a little tweak to make this work.(no the target of the PR)
| const ( | ||
| SourceToDestination CaptureDirection = "SourceToDestination" | ||
| DestinationToSource CaptureDirection = "DestinationToSource" | ||
| Both CaptureDirection = "Both" | ||
| ) |
There was a problem hiding this comment.
| const ( | |
| SourceToDestination CaptureDirection = "SourceToDestination" | |
| DestinationToSource CaptureDirection = "DestinationToSource" | |
| Both CaptureDirection = "Both" | |
| ) | |
| const ( | |
| CaptureDirectionSourceToDestination CaptureDirection = "SourceToDestination" | |
| CaptureDirectionDestinationToSource CaptureDirection = "DestinationToSource" | |
| CaptureDirectionBoth CaptureDirection = "Both" | |
| ) |
| direction: | ||
| type: string | ||
| enum: ["SourceToDestination", "DestinationToSource", "Both"] | ||
| default: "SourceToDestination" |
There was a problem hiding this comment.
you seem to have made that change manually, which is not correct
the source of truth is build/charts/antrea/crds/packetcapture.yaml. You need to edit that file and run make manifest.
There was a problem hiding this comment.
Thanks for the clarification, I'll make the changes in the correct files and regenerate the manifests.
fixes: #6862
Added
bidirectionalfield in packet capture CR spec.For testing, I created two pods and pinged one from the other.
Screenshot of the
.pcapngoutput file.