tmp

Signed-off-by: lec-bit <glfhzmy@126.com>

Author: lec-bit

bpf/include/bpf_common.h

@@ -100,6 +100,14 @@ struct {
     __uint(map_flags, BPF_F_NO_PREALLOC);
 } map_of_orig_dst SEC(".maps");
 
+struct {
+    __uint(type, BPF_MAP_TYPE_HASH);
+    __type(key, __u64);
+    __type(value, struct bpf_sock);
+    __uint(max_entries, MAP_SIZE_OF_DSTINFO);
+    __uint(map_flags, BPF_F_NO_PREALLOC);
+} map_of_pid_dst SEC(".maps");
+
 /*
  * From v5.4, bpf_get_netns_cookie can be called for bpf cgroup hooks, from v5.15, it can be called for bpf sockops
  * hook. Therefore, ensure that function is correctly used.

bpf/include/map_config.h

@@ -12,5 +12,6 @@
 #define map_of_nodeinfo     km_nodeinfo
 #define map_of_tcp_probe    km_tcp_probe
 #define map_of_orig_dst     km_orig_dst
+#define map_of_pid_dst      km_pid_dst
 
 #endif // _MAP_CONFIG_H_

bpf/kmesh/ads/cgroup_sock.c

@@ -59,6 +59,15 @@ static inline int sock4_traffic_control(struct bpf_sock_addr *ctx)
     return 0;
 }
 
+void manage_pid_sk(struct bpf_sock *sk){
+    int pid_tgid = bpf_get_current_pid_tgid();
+    bpf_printk("pid_tgid:%d\n", pid_tgid);
+    int ret = bpf_map_update_elem(&map_of_pid_dst, &pid_tgid, sk, BPF_ANY);
+    if (ret != 0) {
+        BPF_LOG(ERR, KMESH, "manage_pid_sk failed\n");
+    }
+}
+
 SEC("cgroup/connect4")
 int cgroup_connect4_prog(struct bpf_sock_addr *ctx)
 {
@@ -71,6 +80,7 @@ int cgroup_connect4_prog(struct bpf_sock_addr *ctx)
     if (handle_kmesh_manage_process(&kmesh_ctx) || !is_kmesh_enabled(ctx)) {
         return CGROUP_SOCK_OK;
     }
+    manage_pid_sk(ctx->sk);
     observe_on_pre_connect(ctx->sk);
     int ret = sock4_traffic_control(ctx);
 

bpf/kmesh/ads/sockops.c

@@ -10,6 +10,30 @@
 #if KMESH_ENABLE_IPV4
 #if KMESH_ENABLE_HTTP
 
+void delete_manage_pid_sk(struct bpf_sock *sk){
+    if (!is_monitoring_enable()) {
+        return;
+    }
+
+    struct bpf_tcp_sock *tcp_sock = NULL;
+    struct sock_storage_data *storage = NULL;
+
+    if (!sk)
+        return;
+    storage = bpf_sk_storage_get(&map_of_sock_storage, sk, 0, BPF_LOCAL_STORAGE_GET_F_CREATE);
+    if (!storage) {
+        BPF_LOG(ERR, PROBE, "on connect: bpf_sk_storage_get failed\n");
+        return;
+    }
+
+    int pid_tgid = storage->pid_tgid;
+    bpf_printk("pid_tgid:%d\n", pid_tgid);
+    int ret = bpf_map_delete_elem(&map_of_pid_dst, &pid_tgid);
+    if (ret != 0) {
+        BPF_LOG(ERR, KMESH, "manage_pid_sk failed\n");
+    }
+}
+
 SEC("sockops")
 int sockops_prog(struct bpf_sock_ops *skops)
 {
@@ -43,6 +67,7 @@ int sockops_prog(struct bpf_sock_ops *skops)
         break;
     case BPF_SOCK_OPS_STATE_CB:
         if (skops->args[1] == BPF_TCP_CLOSE) {
+            delete_manage_pid_sk(skops->sk);
             observe_on_close(skops->sk);
             on_cluster_sock_close(skops);
         }

bpf/kmesh/ads/tracepoint.c

@@ -0,0 +1,154 @@
+#include "bpf_log.h"
+#include "bpf_common.h"
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+#include <bpf/bpf_core_read.h>
+
+#define MAX_IOVEC 4
+#define __MAX_CONCURRENCY   1000
+#define INT_LEN                 32
+
+// direction
+enum {
+    INVALID_DIRECTION = 0,
+    INBOUND = 1,
+    OUTBOUND = 2,
+};
+
+typedef __u64 conn_ctx_t;         // pid & tgid
+
+struct user_msghdr {
+	void *msg_name;
+	int msg_namelen;
+	struct iovec *msg_iov;
+	__kernel_size_t msg_iovlen;
+	void *msg_control;
+	__kernel_size_t msg_controllen;
+	unsigned int msg_flags;
+};
+
+struct sys_enter_sendmsg_args {
+    unsigned long long __unused__;
+    long __syscall_nr;
+    int fd;
+    struct user_msghdr *msg;
+    unsigned int flags;
+};
+
+struct sys_connect_args_s {
+    int fd;
+    const struct sockaddr* addr;
+};
+
+struct {
+    __uint(type, BPF_MAP_TYPE_RINGBUF);
+    __uint(max_entries, 256 * 1024 /* 256 KB */);
+} map_of_http_probe SEC(".maps");
+
+struct http_probe_info {
+    // For sendmsg()/recvmsg()/writev()/readv().
+    __u32 type;
+    struct bpf_sock_tuple tuple;
+    uintptr_t iov;
+    char dst_svc_name[BPF_DATA_MAX_LEN];
+
+    // unsigned int iovlen;
+    // unsigned int iovlen2;
+};
+
+static inline void construct_tuple(struct bpf_sock *sk, struct bpf_sock_tuple *tuple, __u8 direction)
+{
+    if (direction == OUTBOUND) {
+        if (sk->family == AF_INET) {
+            tuple->ipv4.saddr = sk->src_ip4;
+            tuple->ipv4.daddr = sk->dst_ip4;
+            tuple->ipv4.sport = sk->src_port;
+            tuple->ipv4.dport = bpf_ntohs(sk->dst_port);
+        }
+        if (sk->family == AF_INET6) {
+            bpf_memcpy(tuple->ipv6.saddr, sk->src_ip6, IPV6_ADDR_LEN);
+            bpf_memcpy(tuple->ipv6.daddr, sk->dst_ip6, IPV6_ADDR_LEN);
+            tuple->ipv6.sport = sk->src_port;
+            tuple->ipv6.dport = bpf_ntohs(sk->dst_port);
+        }
+    }
+    if (direction == INBOUND) {
+        if (sk->family == AF_INET) {
+            tuple->ipv4.daddr = sk->src_ip4;
+            tuple->ipv4.saddr = sk->dst_ip4;
+            tuple->ipv4.dport = sk->src_port;
+            tuple->ipv4.sport = bpf_ntohs(sk->dst_port);
+        }
+        if (sk->family == AF_INET6) {
+            bpf_memcpy(tuple->ipv6.saddr, sk->dst_ip6, IPV6_ADDR_LEN);
+            bpf_memcpy(tuple->ipv6.daddr, sk->src_ip6, IPV6_ADDR_LEN);
+            tuple->ipv6.dport = sk->src_port;
+            tuple->ipv6.sport = bpf_ntohs(sk->dst_port);
+        }
+    }
+
+    if (is_ipv4_mapped_addr(tuple->ipv6.daddr)) {
+        tuple->ipv4.saddr = tuple->ipv6.saddr[3];
+        tuple->ipv4.daddr = tuple->ipv6.daddr[3];
+        tuple->ipv4.sport = tuple->ipv6.sport;
+        tuple->ipv4.dport = tuple->ipv6.dport;
+    }
+
+    return;
+}
+
+// 1.根据pid_tgid查找map，获得sk
+// 2.根据sk查找map，获得其他信息
+// 3.将信息整合上报
+SEC("tracepoint/syscalls/sys_enter_sendmsg")
+int sendmsg_entry(struct sys_enter_sendmsg_args *ctx) {
+
+    struct bpf_tcp_sock *tcp_sock = NULL;
+    struct sock_storage_data *storage = NULL;
+    conn_ctx_t id = bpf_get_current_pid_tgid();
+    int proc_id = (int)(id >> INT_LEN);
+
+    struct bpf_sock *sk = bpf_map_lookup_elem(&map_of_pid_dst, &id);
+    if (sk == NULL) {
+        bpf_printk("bpf_map_lookup_elem map_of_pid_dst failed!\n");
+        return 1;
+        //BPF_LOG(ERR, TRACEPOINT, "bpf_map_lookup_elem map_of_pid_dst failed!\n");
+    }
+
+    storage = bpf_sk_storage_get(&map_of_sock_storage, sk, 0, BPF_LOCAL_STORAGE_GET_F_CREATE);
+    if (!storage) {
+        bpf_printk("sendmsg_entry bpf_sk_storage_get failed!\n");
+        //BPF_LOG(ERR, PROBE, "pre_connect bpf_sk_storage_get failed\n");
+        return 1;
+    }
+
+    struct http_probe_info *info = bpf_ringbuf_reserve(&map_of_http_probe, sizeof(struct http_probe_info), 0);
+    tcp_sock = bpf_tcp_sock(sk);
+    if (!tcp_sock)
+        return 1;
+    construct_tuple(sk, &info->tuple, storage->direction);
+    bpf_strncpy(storage->dst_svc_name, sizeof(storage->dst_svc_name), info->dst_svc_name);
+
+    int fd = ctx->fd;
+    struct user_msghdr *msg = ctx->msg;
+    void * msg_name = BPF_CORE_READ_USER(msg, msg_name);
+    struct iovec* iov = BPF_CORE_READ_USER(msg, msg_iov);
+    size_t iovlen = BPF_CORE_READ_USER(msg, msg_iovlen);
+    bpf_printk("sys_enter_sendmsg\n");
+
+    if (msg_name) {
+        struct sys_connect_args_s args = {0};
+        args.fd = fd;
+        args.addr = msg_name;
+        bpf_printk("SENDMSG msg_name =%s \n", args.addr->sa_data);
+    }
+
+    info->iov = (uintptr_t)iov;
+
+    // bpf_ringbuf_submit
+    bpf_ringbuf_submit(info, 0);
+    bpf_printk("SENDMSG msg_name =%s iov_len:%u\n", msg_name, iovlen);
+    return 0;
+}
+
+char _license[] SEC("license") = "GPL";

bpf/kmesh/bpf2go/bpf2go.go

@@ -21,6 +21,7 @@ package bpf2go
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir kernelnative/$ENHANCED_KERNEL --go-package $ENHANCED_KERNEL -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshCgroupSock ../ads/cgroup_sock.c -- -I../ads/include -I../../include -I../../../api/v2-c -I../probes -DCGROUP_SOCK_MANAGE -DKERNEL_VERSION_HIGHER_5_13_0=1
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir dualengine --go-package dualengine -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshCgroupSockWorkload ../workload/cgroup_sock.c -- -I../workload/include -I../../include -I../probes -DKERNEL_VERSION_HIGHER_5_13_0=1
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir kernelnative/$ENHANCED_KERNEL --go-package $ENHANCED_KERNEL -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshSockops ../ads/sockops.c -- -I../ads/include -I../../include -I../../../api/v2-c -I../probes -DKERNEL_VERSION_HIGHER_5_13_0=1
+//go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir kernelnative/$ENHANCED_KERNEL --go-package $ENHANCED_KERNEL -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshTracepoint ../ads/tracepoint.c -- -I../ads/include -I../../include -I../../../api/v2-c -I../probes -DKERNEL_VERSION_HIGHER_5_13_0=1
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir dualengine --go-package dualengine -cc clang --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshSockopsWorkload ../workload/sockops.c -- -I../workload/include -I../../include -I../probes -DKERNEL_VERSION_HIGHER_5_13_0=1
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir dualengine --go-package dualengine -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshXDPAuth ../workload/xdp.c -- -I../workload/include -I../../include -I../../../api/v2-c -DKERNEL_VERSION_HIGHER_5_13_0=1
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir dualengine --go-package dualengine -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshSendmsg ../workload/sendmsg.c -- -I../workload/include -I../../include -DKERNEL_VERSION_HIGHER_5_13_0=1
@@ -30,6 +31,7 @@ package bpf2go
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir kernelnative/$ENHANCED_KERNEL --go-package $ENHANCED_KERNEL -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshCgroupSockCompat ../ads/cgroup_sock.c -- -I../ads/include -I../../include -I../../../api/v2-c -I../probes -DCGROUP_SOCK_MANAGE -DKERNEL_VERSION_HIGHER_5_13_0=0
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir dualengine --go-package dualengine -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshCgroupSockWorkloadCompat ../workload/cgroup_sock.c -- -I../workload/include -I../../include -I../probes -DKERNEL_VERSION_HIGHER_5_13_0=0
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir kernelnative/$ENHANCED_KERNEL --go-package $ENHANCED_KERNEL -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshSockopsCompat ../ads/sockops.c -- -I../ads/include -I../../include -I../../../api/v2-c -I../probes -DKERNEL_VERSION_HIGHER_5_13_0=0
+//go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir kernelnative/$ENHANCED_KERNEL --go-package $ENHANCED_KERNEL -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshTracepoint ../ads/tracepoint.c -- -I../ads/include -I../../include -I../../../api/v2-c -I../probes -DKERNEL_VERSION_HIGHER_5_13_0=0
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir dualengine --go-package dualengine  -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshSockopsWorkloadCompat ../workload/sockops.c -- -I../workload/include -I../../include -I../probes -DKERNEL_VERSION_HIGHER_5_13_0=0
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir dualengine --go-package dualengine -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshXDPAuthCompat ../workload/xdp.c -- -I../workload/include -I../../include -I../../../api/v2-c -DKERNEL_VERSION_HIGHER_5_13_0=0
 //go:generate go run github.com/cilium/ebpf/cmd/bpf2go --output-dir dualengine --go-package dualengine -cc clang  --cflags $EXTRA_CFLAGS --cflags $EXTRA_CDEFINE KmeshSendmsgCompat ../workload/sendmsg.c -- -I../workload/include -I../../include -DKERNEL_VERSION_HIGHER_5_13_0=0