Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Conntrack fails if net.netfilter.nf_conntrack_acct = 1 #2117

Closed
iaguis opened this issue Jan 6, 2017 · 4 comments · Fixed by #2118
Closed

Conntrack fails if net.netfilter.nf_conntrack_acct = 1 #2117

iaguis opened this issue Jan 6, 2017 · 4 comments · Fixed by #2118
Assignees
@alban
Labels
bug Broken end user or developer functionality; not working as the developers intended it
Milestone
EOY 2016

Comments

@iaguis
Copy link
Contributor

iaguis commented Jan 6, 2017

This adds more information to the conntrack lines ("packets" and "bytes") which breaks the line parser introduced in #2095:

Error parsing dumped flow "tcp      6 9 CLOSE src=127.0.0.1 dst=127.0.0.2 sport=45294 dport=9091 packets=3 bytes=164 src=127.0.0.2 dst=127.0.0.1 sport=9091 dport=45294 packets=2 bytes=112 mark=0 use=1 id=305795136": input does not match format
@rade rade added the bug Broken end user or developer functionality; not working as the developers intended it label Jan 6, 2017
@rade
Copy link
Member

rade commented Jan 6, 2017

Well spotted! PR?

@alban
Copy link
Contributor

alban commented Jan 6, 2017

It also fails on Fedora because of SELinux being enabled:

Error parsing dumped flow "tcp 6 116 TIME_WAIT src=192.168.35.122 dst=172.217.18.211 sport=40748 dport=443 src=172.217.18.211 dst=192.168.35.122 sport=443 dport=40748 mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1 id=3032703296": input does not match format

@rade
Copy link
Member

rade commented Jan 6, 2017

All these just seem to add some stuff to the end. Is our parser really so sensitive to trip over that?

@alban
Copy link
Contributor

alban commented Jan 6, 2017

After #2095, the parser is 3 different Sscanf():
https://github.com/weaveworks/scope/pull/2095/files#diff-fdef364be5b01b6b4b78a0eaa1d0a241R269

But unfortunately, we need the last field (id=), that's why the Sscanf() is sensitive to additions in the middle of the line.

I could try to parse differently (with strings.Split, etc.) and check if the performance does not regress to how it was before with xml.

@alban alban mentioned this issue Jan 6, 2017
Merged
alban added a commit to kinvolk-archives/scope that referenced this issue Jan 6, 2017
@alban
[WIP] probe: conntrack: fix output parsing
8b82a9d 
TODO:
- [ ] don't recompile the regexp for each line
- [ ] test under different configuration (SELinux, nf_conntrack_acct)
- [ ] check performances compared to sscanf and xml

Fixes weaveworks#2117
@alban alban mentioned this issue Jan 6, 2017
Merged
2 tasks
@rade rade added this to the EOY 2016 milestone Jan 10, 2017
@rade rade assigned rade and unassigned rade Jan 10, 2017
alban added a commit to kinvolk-archives/scope that referenced this issue Jan 11, 2017
@alban
[WIP] probe: conntrack: fix output parsing
a57360a 
TODO:
- [ ] test under different configuration (SELinux, nf_conntrack_acct)
- [ ] check performances compared to sscanf and xml

Fixes weaveworks#2117
alban added a commit to kinvolk-archives/scope that referenced this issue Jan 13, 2017
@alban
probe: conntrack: fix output parsing
e640d2b 
With net.netfilter.nf_conntrack_acct = 1, conntrack adds the following
fields in the output: packets=3 bytes=164

And with SELinux (e.g. Fedora), conntrack adds: secctx=...

The parsing with fmt.Sscanf introduced in weaveworks#2095 was unfortunately
rejecting lines with those fields. This patch fixes that by adding more
complicated parsing in decodeTwoTuples() with FieldsFunc and SplitN.

Fixes weaveworks#2117
Regression from weaveworks#2095
alban added a commit to kinvolk-archives/scope that referenced this issue Jan 17, 2017
@alban
probe: conntrack: fix output parsing
f1e2b5d 
With net.netfilter.nf_conntrack_acct = 1, conntrack adds the following
fields in the output: packets=3 bytes=164

And with SELinux (e.g. Fedora), conntrack adds: secctx=...

The parsing with fmt.Sscanf introduced in weaveworks#2095 was unfortunately
rejecting lines with those fields. This patch fixes that by adding more
complicated parsing in decodeFlowKeyValues() with FieldsFunc and SplitN.

Fixes weaveworks#2117
Regression from weaveworks#2095
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alban alban

Labels
bug Broken end user or developer functionality; not working as the developers intended it
Projects
None yet
Milestone
EOY 2016
Development

Successfully merging a pull request may close this issue.

probe: conntrack: fix output parsing kinvolk-archives/scope
3 participants
@alban @rade @iaguis