-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
conntrack: handle TCP flags #391
Conversation
0585d4c
to
1a0fa34
Compare
go get github.com/netobserv/netobserv-ebpf-agent@latest go get github.com/netobserv/flowlogs-pipeline/pkg/pipeline go mod vendor
Subjects() has been deprecated in Go 1.18: golang/go#46287
4e2d06f
to
60245a3
Compare
@@ -34,7 +34,7 @@ func (m GenericMap) Copy() GenericMap { | |||
|
|||
func (m GenericMap) IsDuplicate() bool { | |||
if duplicate, hasKey := m["Duplicate"]; hasKey { | |||
if isDuplicate, err := utils.ConvertToBool(duplicate); err != nil { | |||
if isDuplicate, err := utils.ConvertToBool(duplicate); err == nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While testing this PR I noticed I've made a mistake here 👼
Sorry about that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the fix! I missed that too...
detectEndConnection: detect end connections by FIN_ACK flag | ||
swapAB: swap source and destination when the first flowlog contains the SYN_ACK flag |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if these two should be the default behavior as it's more reliable & convenient than the timeouts
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The swapAB
feature isn't related to the timeouts.
The detectEndConnection
feature is in addition to the timeouts. It can't replace the timeouts because it's not guaranteed that will receive a flowlog with FIN_ACK
flag for every TCP connection (either because of sampling or because of SYN attack). But, it may allow us to increase the endConnectionTimeout
for TCP.
pkg/api/conntrack.go
Outdated
OutputFields []OutputField `yaml:"outputFields,omitempty" json:"outputFields,omitempty" doc:"list of output fields"` | ||
Scheduling []ConnTrackSchedulingGroup `yaml:"scheduling,omitempty" json:"scheduling,omitempty" doc:"list of timeouts and intervals to apply per selector"` | ||
MaxConnectionsTracked int `yaml:"maxConnectionsTracked,omitempty" json:"maxConnectionsTracked,omitempty" doc:"maximum number of connections we keep in our cache (0 means no limit)"` | ||
TCPFlags ConnTrackTCPFlags `yaml:"tcpFlags,omitempty" json:"tcpFlags" doc:"settings for handling TCP flags"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing ",omitempty" for json:
TCPFlags ConnTrackTCPFlags `yaml:"tcpFlags,omitempty" json:"tcpFlags,omitempty" doc:"settings for handling TCP flags"`
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! good catch
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Codecov Report
📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more @@ Coverage Diff @@
## main #391 +/- ##
==========================================
+ Coverage 60.98% 61.51% +0.53%
==========================================
Files 91 91
Lines 6297 6390 +93
==========================================
+ Hits 3840 3931 +91
Misses 2223 2223
- Partials 234 236 +2
Flags with carried forward coverage won't be shown. Click here to find out more.
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
This PR adds the ability to read the TCP flags field and perform the following actions:
FIN_ACK
flag is set and avoid waiting theEndConnectionTimeout
.SYN_ACK
is set on the first flowlog.Each action can be enabled/disabled by a feature flag in the conntrack config:
An operational metric was added to track how many of these actions were performed:
Additional changes:
go.mod
to 1.18 to be able to updatenetobserv-ebpf-agent
netobserv-ebpf-agent
dependency to get theFlags
field in the flow protobufjson
tag to the conntrack APISolves #299