Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bpf: Fix veth tracing + --track-by-stackid #401

Closed
wants to merge 1 commit into from
Closed

bpf: Fix veth tracing + --track-by-stackid #401

wants to merge 1 commit into from

Conversation

jschwinger233
Copy link
Member

#391 allows --track-skb to track new skb on veth, it relies on a map lookup to decide whether to track or not:

SEC("kprobe/veth_convert_skb_to_xdp_buff")
int kprobe_veth_convert_skb_to_xdp_buff(struct pt_regs *ctx) {
[...]
	u64 skb_head = (u64) BPF_CORE_READ(skb, head);
	if (bpf_map_lookup_elem(&skb_heads, &skb_head)) {
[...]
	}
	return BPF_OK;
}

However, when --track-skb-by-stackid is used along with --track-skb, the tracked skbs have risks not being recorded in skb_heads map.

This is because:

  1. bpf: Differentiate skb tracking reasons #384 no more updates skb_heads map when track reason is "by_stackid".
  2. Support tracing XDP #339 changes --track-skb from using &skb to skb->head.

So imagine an skb whose original skb->head = 0xa, the value is updated to 0xb after a while. The first time pwru sees this skb, skb_heads map will insert 0xa entry, this is correct. However, after skb->head being set to 0xb, pwru will verdict the skb of being tracked due to "by_stackid", we end up not inserting 0xb entry into skb_heads map.

Then the skb reaches veth, pwru can't find an entry by looking up 0xb from skb_heads map, we are losing track of veth skb again.

This patch fixes the issue by raising the priority of track_by_filter: if an skb can be defined as both tracked_by_filter and tracked_by_stackid, use tracked_by_filter over tracked_by_stackid.

Another issue #339 brings about is, an skb can have multiple skb->head stored in skb_heads map during its lifetime, but we only clean the latest value at
kprobe_skb_lifetime_termination. This issue is beyond this patch.

@jschwinger233
bpf: Fix veth tracing + --track-by-stackid
3cda7b9 
cilium#391 allows --track-skb to track new
skb on veth, it relies on a map lookup to decide whether to track or
not:

```
SEC("kprobe/veth_convert_skb_to_xdp_buff")
int kprobe_veth_convert_skb_to_xdp_buff(struct pt_regs *ctx) {
[...]
	u64 skb_head = (u64) BPF_CORE_READ(skb, head);
	if (bpf_map_lookup_elem(&skb_heads, &skb_head)) {
[...]
	}
	return BPF_OK;
}
```

However, when --track-skb-by-stackid is used along with --track-skb, the
tracked skbs have risks not being recorded in skb_heads map.

This is because:
1. cilium#384 no more updates skb_heads
map when track reason is "by_stackid".
2. cilium#339 changes --track-skb from
   using &skb to skb->head.

So imagine an skb whose original skb->head = 0xa, the value is updated
to 0xb after a while. The first time pwru sees this skb, skb_heads map
will insert 0xa entry, this is correct. However, after skb->head being
set to 0xb, pwru will verdict the skb of being tracked due to
"by_stackid", we end up not inserting 0xb entry into skb_heads map.

Then the skb reaches veth, pwru can't find an entry by looking up 0xb
from skb_heads map, we are losing track of veth skb again.

This patch fixes the issue by raising the priority of track_by_filter:
if an skb can be defined as both tracked_by_filter and
tracked_by_stackid, use tracked_by_filter over tracked_by_stackid.

Another issue cilium#339 brings about is,
an skb can have multiple skb->head stored in skb_heads map during its
lifetime, but we only clean the latest value at
kprobe_skb_lifetime_termination. This issue is beyond this patch.

Signed-off-by: gray <[email protected]>
@jschwinger233 jschwinger233 marked this pull request as ready for review July 12, 2024 13:54
@jschwinger233 jschwinger233 requested a review from a team as a code owner July 12, 2024 13:54
@jschwinger233 jschwinger233 requested review from brb and removed request for a team July 12, 2024 13:54
@jschwinger233
Copy link
Member Author

Closed in favor of a better solution.

jschwinger233 added a commit to jschwinger233/pwru that referenced this pull request Aug 6, 2024
@jschwinger233
bpf: Use &skb for --filter-track-skb again
75c3e4d 
cilium#339 changed how pwru tracks skb from
using &skb to skb->head for xdp tracing. We found it causing problems
such as:
1. An skb can have multiple different skb->head values during its
   lifetime, especically after (e.g. IPsec) encryption. Pwru now is
   likely to lose track of skb after encryption.
2. Some subtle issues like cilium#401. This
   is because some other tracking mechanism relies on &skb.

This commit brings back tracking &skb instead of skb->head. As for XDP
tracing, I'll introduce a new solution in the following patches.

Signed-off-by: gray <[email protected]>
brb pushed a commit that referenced this pull request Aug 30, 2024
@jschwinger233 @brb
bpf: Use &skb for --filter-track-skb again
3824944 
#339 changed how pwru tracks skb from
using &skb to skb->head for xdp tracing. We found it causing problems
such as:
1. An skb can have multiple different skb->head values during its
   lifetime, especically after (e.g. IPsec) encryption. Pwru now is
   likely to lose track of skb after encryption.
2. Some subtle issues like #401. This
   is because some other tracking mechanism relies on &skb.

This commit brings back tracking &skb instead of skb->head. As for XDP
tracing, I'll introduce a new solution in the following patches.

Signed-off-by: gray <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brb brb Awaiting requested review from brb brb is a code owner automatically assigned from cilium/pwru

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jschwinger233